Group communication enables Internet of Things (IoT) devices to communicate in an efficient and fast manner. In most instances, a group message needs to be encrypted using a cryptographic key that only devices in the group know. In this paper, we address the problem of establishing such a key using a lattice-based one-way function, which can easily be inverted using a suitably designed lattice trapdoor. Using the notion of a bad/good basis, we present a new method of coupling multiple private

more »

... ys into a single public key, which is then used for encrypting a group message. The protocol has the apparent advantage of having a conjectured resistance against potential quantum-computer-based attacks. All functions—key establishment, session key update, node addition, encryption, and decryption—are effected in constant time, using simple linear-algebra operations, making the protocol suitable for resource-constrained IoT networks. We show how a cryptographic session group key can be constructed on the fly by a user with legitimate credentials, making node-capture-type attacks impractical. The protocol also incorporates a mechanism for node addition and session-key generation in a forward- and backward-secrecy-preserving manner.