Functional Principle

Warning: this does NOT REFER to the reset of group encryption keys - these are device groups. Someone needs to fix the terminology so there isn’t a conflict.

A Group Key Reset is being initiated i.e. when a device is leaving a device group. Then all remaining devices need to agree for new group keys.

While a Group Key Reset devices are generating new keys and sending them to each other so all Group Identities have new keys.


  • The Group Key Reset is initiated by one device sending InitGroupKeyReset to the group.
  • When a device is reading InitGroupKeyReset it is:
    1. Generating new Keys and Revocations for the then Default Keys of all Own Identities
    2. Sending GroupKeyReset attaching these Keys and Revocations, adding its Challenge
  • When a device is reading GroupKeyReset it is:
    1. Importing all Keys and Revocations
    2. If the Challenge of the GroupKeyReset is greater than the Challenge of the device then it is reworking its Own Keys:
      1. If an Own Key already exists it is replacing it by the received Own Key
      2. If an Own Key does not already exist it is creating an Own Identity with this Key