Abstract
A standard method to establish secure comms between two or more parties is to encrypt a common session key via a key encapsulation mechanism (or KEM). In this document, we propose compression techniques that allow, when the number of parties is large (10 or more), to divide by an order of magnitude the cost of this approach when used with post-quantum KEMs.
This has several potential applications to secure group messaging (e.g. Signal, WhatsApp, etc.). In particular, we show that it can be used inside the draft IETF standard MLS to reduce its bandwidth footprint by about a factor 2.
The companion article to this white paper is available at https://ia.cr/2020/1107.
