posted on 2023-11-29, 18:08authored byKatriel Cohn-Gordon, Cas CremersCas Cremers, Luke Garratt, Jon Millican, Kevin Milnber
In the past few years secure messaging has become mainstream, with over a billion active users of end-to-end encryption protocols such as Signal. The Signal Protocol provides a strong property called post-compromise security to its users. However, it turns out that many of its implementations provide, without notification, a weaker property for group messaging: an adversary who compromises a single group member can read and inject messages indefinitely.
We show for the first time that post-compromise security can be achieved in realistic, asynchronous group messaging systems. We present a design called Asynchronous Ratcheting Trees (ART), which uses tree-based Diffie-Hellman key exchange to allow a group of users to derive a shared symmetric key even if no two are ever online at the same time. ART scales to groups containing thousands of members, while still providing provable security guarantees. It has seen significant interest from industry, and forms the basis for two draft IETF RFCs and a chartered working group. Our results show that strong security guarantees for group messaging are practically achievable in a modern setting.
History
Preferred Citation
Katriel Cohn-Gordon, Cas Cremers, Luke Garratt, Jon Millican and Kevin Milnber. On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees. In: ACM Conference on Computer and Communications Security (CCS). 2018.
Primary Research Area
Reliable Security Guarantees
Name of Conference
ACM Conference on Computer and Communications Security (CCS)
Legacy Posted Date
2018-07-25
Open Access Type
Unknown
BibTeX
@inproceedings{cispa_all_2636,
title = "On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees",
author = "Cohn-Gordon, Katriel and Cremers, Cas and Garratt, Luke and Millican, Jon and Milnber, Kevin",
booktitle="{ACM Conference on Computer and Communications Security (CCS)}",
year="2018",
}