分散式金鑰管理機制在群組金鑰管理之中是一種新的構想。在這類架構中,一個群組不需要任何管理者,且金鑰由個別群組成員產生。Adusumilli et al.學者提出了這類架構中的第一個機制,稱分散式群組金鑰散佈機制,簡稱DGKD。在DGKD之中,群組成員可能扮演兩種角色。一為志願者,負責產生金鑰,二為協助者,以幫助志願者散佈金鑰。當有新群組成員加入,或舊群組成員離開時,各個成員須重新決定角色,因此每個成員須在本地端儲存一個共同的組群樹。 在 DGKD 機制中,我們發現了兩個儲存空間上的問題。一是多餘的金鑰,一是多餘的群組資訊。這樣的問題使得儲存空間無法有效運用。基於DGKD 機制,我們提出了一個新的分散式金鑰管理機制,利用部份群組結構資訊達到高效率分散式群組金鑰管理,簡稱 EDGE。每個成員僅須儲存部份的群組資訊。在不失去安全性的前提下,EDGE的群組資訊結構比DGKD有彈性,而我們更進一步地證明了 EDGE 比 DGKD 需要較少的儲存空間,以及較短的更新金鑰時間。
Distributed group key management scheme (DGMS) is a new class of group key management protocols. In DGMS, there is no group controller and keys are generated by members individually. Adusumilli et al. proposed the first DGMS scheme, distributed group key distribution (DGKD). In DGKD, members play roles of sponsors to generate keys, or co-distributors to help distribute keys. Sponsors and co-distributors are re-determined when members join or leave. So every member stores a common group tree locally. We observe two storage problems in DGKD, redundant keys and group information. This disadvantage makes storage extremely unscalable when membership changes. Based on DGKD, we propose a new DGMS scheme, EDGE. Each member stores only partial group information individually. Structure of EDGE is more flexible than the structure of DGKD without losing security. Furthermore, we prove that EDGE is more efficient than DGKD in storage and re-keying time.