Improving Signal's Sealed Sender

Martiny, Ian; Kaptchuk, Gabriel; Aviv, Adam J.; Roche, Daniel S.; Wustrow, Eric

doi:10.14722/ndss.2021.24180

“…3 Basically, the original key update procedure is not mod- 1 As a remark, although basically group-size hiding is not considered in [18], they insisted that it can be hidden by adding dummy group members. 2 Martiny et al [20] analyzed the sealed sender functionality (See Section 2.2) and showed that it can be broken by identifying the sender. They assumed that most messages receive a quick response, i.e., when a user device receives a message, the device will automatically send back a delivery receipt to the sender.…”

Section: Our Contributionmentioning

confidence: 99%

“…Thus, a function called "sealed sender" has been implemented, where an encrypted message contains sender information. Martiny et al [20] extended the sealed sender functionality to hide receiver information by introducing an additional mailbox. In a two-party communication, hiding both sender and receiver information matches our goal.…”

Section: Sealed Sender In the Signal Protocolmentioning

confidence: 99%

Providing Membership Privacy to the Asynchronous Ratcheting Trees Protocol without losing Scalability

Emura¹,

Kajita²,

Nojima³

et al. 2022

JOWUA

0

View full text Add to dashboard Cite

A secure messaging protocol, such as the Signal protocol, provides end-to-end encrypted asynchronous communication. This paper focuses on a secure group messaging (SGM) protocol, and proposes a method capable of hiding membership information from the viewpoint of non group members, which we call “membership privacy”. In this work, we add membership privacy to the Asynchronous Ratcheting Trees (ART) protocol (proposed by Cohn-Gordon et al., (ACM CCS 2018)). For hiding membership-related values in the setup phase, we employ a key-private and robust publickey encryption (Abdalla et al., TCC2010/JoC2018). Moreover, we introduce a group common key to encrypt membership information in the key update phase. Our modification achieves asymptotically the same efficiency of the ART protocol in the setup phase. Any additional cost for key update does not depend on the number of group members. Therefore, the proposed protocol can add membership privacy to the ART protocol with a quite small overhead. Specifically, one encryption and decryption of a symmetric-key encryption scheme and one execution of a key-derivation function for each key update are employed. Finally, we discuss how to extend our protocol to provide sender-specific authentication, dynamic groups, group-size hiding, and how to adopt our technique to the Messaging Layer Security (MLS) protocol. We note that, although Chase et al. (ACM CCS 2020) have considered the same notion, their proposal is an extension of Signal so called “Pairwise Signal” where a group message is repeatedly sent over individual Signal channels. Thus their protocol is not scalable.

show abstract

“…However, note that recent work [31] has shown that some timing attacks are still possible under sealed sender, and the same attacks would apply just as well to FACTS. But the solutions proposed in [31] might also be deployed alongside FACTS to prevent such leakage; we leave the investigation of this question for future work.…”

Section: Alternative Factsmentioning

confidence: 99%

Fighting Fake News in Encrypted Messaging with the Fuzzy Anonymous Complaint Tally System (FACTS)

Liu

¹

,

Roche

²

,

Theriault

³

et al. 2022

Proceedings 2022 Network and Distributed System Security Symposium

5

0

View full text Add to dashboard Cite

Recent years have seen a strong uptick in both the prevalence and real-world consequences of false information spread through online platforms. At the same time, encrypted messaging systems such as WhatsApp, Signal, and Telegram, are rapidly gaining popularity as users seek increased privacy in their digital lives. The challenge we address is how to combat the viral spread of misinformation without compromising privacy. Our FACTS system tracks user complaints on messages obliviously, only revealing the message's contents and originator once sufficiently many complaints have been lodged. Our system is private, meaning it does not reveal anything about the senders or contents of messages which have received few or no complaints; secure, meaning there is no way for a malicious user to evade the system or gain an outsized impact over the complaint system; and scalable, as we demonstrate excellent practical efficiency for up to millions of complaints per day. Our main technical contribution is a new collaborative counting Bloom filter, a simple construction with difficult probabilistic analysis, which may have independent interest as a privacy-preserving randomized count sketch data structure. Compared to prior work on message flagging and tracing in end-to-end encrypted messaging, our novel contribution is the addition of a high threshold of multiple complaints that are needed before a message is audited or flagged. We present and carefully analyze the probabilistic performance of our data structure, provide a precise security definition and proof, and then measure the accuracy and scalability of our scheme via experimentation.

show abstract

“…However, note that recent work [30] has shown that some timing attacks are still possible under sealed sender, and the same attacks would apply just as well to FACTS. But the solutions proposed in [30] might also be deployed alongside FACTS to prevent such leakage; we leave the investigation of this question for future work.…”

Section: Alternative Factsmentioning

confidence: 99%

Fighting Fake News in Encrypted Messaging with the Fuzzy Anonymous Complaint Tally System (FACTS)

Liu¹,

Roche²,

Theriault³

et al. 2021

Preprint

View full text Add to dashboard Cite

Recent years have seen a strong uptick in both the prevalence and real-world consequences of false information spread through online platforms. At the same time, encrypted messaging systems such as WhatsApp, Signal, and Telegram, are rapidly gaining popularity as users seek increased privacy in their digital lives. The challenge we address is how to combat the viral spread of misinformation without compromising privacy. Our FACTS system tracks user complaints on messages obliviously, only revealing the message's contents and originator once sufficiently many complaints have been lodged. Our system is private, meaning it does not reveal anything about the senders or contents of messages which have received few or no complaints; secure, meaning there is no way for a malicious user to evade the system or gain an outsized impact over the complaint system; and scalable, as we demonstrate excellent practical efficiency for up to millions of complaints per day. Our main technical contribution is a new collaborative counting Bloom filter, a simple construction with difficult probabilistic analysis, which may have independent interest as a privacy-preserving randomized count sketch data structure. Compared to prior work on message flagging and tracing in end-to-end encrypted messaging, our novel contribution is the addition of a high threshold of multiple complaints that are needed before a message is audited or flagged. We present and carefully analyze the probabilistic performance of our data structure, provide a precise security definition and proof, and then measure the accuracy and scalability of our scheme via experimentation.

show abstract

Improving Signal's Sealed Sender

Cited by 8 publications

References 31 publications

Providing Membership Privacy to the Asynchronous Ratcheting Trees Protocol without losing Scalability

Providing Membership Privacy to the Asynchronous Ratcheting Trees Protocol without losing Scalability

Fighting Fake News in Encrypted Messaging with the Fuzzy Anonymous Complaint Tally System (FACTS)

Fighting Fake News in Encrypted Messaging with the Fuzzy Anonymous Complaint Tally System (FACTS)

Contact Info

Product

Resources

About