Abstract
Double ratchet protocol was first proposed and used in Signal’s end to end encryption and later widely applied by WhatsApp, Facebook and other popular applications. Asynchronous Ratchet Tree (ART) is the new group messaging protocol based on ratchet and is the first protocol that applied forward secrecy (FS) and post-compromised-security (PCS) in group key exchange. However, anonymity is not considered which is crucial for privacy preserving solutions. Thus, it is meaningful to provide anonymous features while applying FS and PCS. In this paper we propose “Anonymous Asynchronous Ratchet Tree (AART)” to improve the structure of ART to achieve anonymity in group messaging while retaining FS and PCS. Also, we formalize the definitions of anonymity as Internal Group Anonymity (IGA) and External Group Anonymity (EGA). We prove that our AART satisfies IGA and EGA as well as FS and PCS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Apple: iOS Security Guide. White Paper, January 2018. https://www.apple.com/ca/business-docs/iOS_Security_Guide.pdf
Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_41
Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use PGP. In: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, pp. 77–84 (2004)
Brendel, J., Fischlin, M., Günther, F., Janson, C.: PRF-ODH: relations, instantiations, and impossibility results. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 651–681. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63697-9_22
Cohn-Gordon, K., Cremers, C., Garratt, L.: On Post-compromise security. In: 2016 IEEE 29th Computer Security Foundations Symposium (CSF), Computer Security Foundations Symposium (CSF), pp. 164–178 (2016)
Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 451–466. IEEE (2017)
Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1802–1819 (2018)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. Technical report, Naval Research Lab Washington DC (2004)
Emura, K., Kanaoka, A., Ohta, S., Takahashi, T.: Building secure and anonymous communication channel: formal model and its prototype implementation. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1641–1648 (2014)
Emura, K., Kanaoka, A., Ohta, S., Takahashi, T.: Establishing secure and anonymous communication channel: KEM/DEM-based construction and its implementation. J. Inf. Secur. Appl. 34, 84–91 (2017)
Garman, C., Green, M., Kaptchuk, G., Miers, I., Rushanan, M.: Dancing on the lip of the volcano: chosen ciphertext attacks on apple imessage. In: 25th USENIX Security Symposium, pp. 655–672 (2016)
Isobe, T., Minematsu, K.: Breaking message integrity of an end-to-end encryption scheme of LINE. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 249–268. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_13
LINE: Encryption whitepaper. White Paper, September 2016. https://scdn.line-apps.com/stf/linecorp/en/csr/line-encryption-whitepaper-ver1.0.pdf
Menezes, A.J., Katz, J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Naor, M., Yung, M.: Public-key cryptosystems provably secure against chosen ciphertext attacks. In: Ortiz, H. (ed.) Proceedings of the 22nd Annual ACM Symposium on Theory of Computing, 13–17 May 1990, Baltimore, Maryland, USA, pp. 427–437. ACM (1990)
Sun, S.-F., Au, M.H., Liu, J.K., Yuen, T.H.: RingCT 2.0: a compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 456–474. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_25
Tencent Privacy Protection Platform (2019). https://privacy.qq.com/
Tok: Tok white paper v1.1. White Paper, March 2020. https://www.tok.life/static/d/TOK_WP_en.pdf
Turton, W., Scigliuzzo, D.: Facebook sues Israel’s NSO on alleged WhatsApp malware hack (2019). Bloomberg.com
Weixin Privacy Protection Guidelines (2019). https://weixin.qq.com/cgi-bin/readtemplate?lang=en&t=weixin_agreement&s=privacy&cc=CN
Acknowledgements
This work has been partly supported by the National Natural Science Foundation of China under Grant No. 61702212 and the Fundamental Research Funds for the Central Universities under Grand No. CCNU19TS017.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
1.1 A.1 Create Algorithm
The inputs of Create algorithm are long-term secret key of group creator \(ik_A\), the long-term public key set IK, the short-term public key set EK and the group size n. A denotes the index of group creator. Creator first generates his and random node’s leaf secret key randomly, and uses AKE function KeyExchange to derive leaf secret key for each other member. Then, creator runs CreateTree to create group tree using all leaf secret key. Each user leaf keys is located in odd position of group tree. For each two node, their parent node is generated by the DH key of the children leaf secret key. Using the new parent nodes as new leaf nodes, CreateTree will recursively call itself until there is only one node, which is the root of the group tree. The algorithm is shown in Algorithm 1.
1.2 A.2 Update Algorithm
The inputs of Update for sender are user i, group key \(gpk_j\), anonymous type \(type_j\) and user leaf node[j] in stage j. When \(type_j=0\), the position of the updated node is user leaf. When \(type_j=1\), the updated node is chosen from even position of group tree by secure PRG. Then, the one time leaf secret key will be replaced as a new one, and it will be used to generate the ancestor node. The algorithm is shown in Algorithm 2.
pop is to extract the first public key from path according to ||. When running UpdateGpk, user first uses the old chain key to verify the integrity, which is to satisfy the correctness. Then, he updates the leaf node and its ancestor node with the position pos. Notice that if the pos and path of j stage is correct, all group members will update the same public part of group tree. The correctness of stage \(j+1\) will be held.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, K., Chen, J. (2020). Anonymous End to End Encryption Group Messaging Protocol Based on Asynchronous Ratchet Tree. In: Meng, W., Gollmann, D., Jensen, C.D., Zhou, J. (eds) Information and Communications Security. ICICS 2020. Lecture Notes in Computer Science(), vol 12282. Springer, Cham. https://doi.org/10.1007/978-3-030-61078-4_33
Download citation
DOI: https://doi.org/10.1007/978-3-030-61078-4_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61077-7
Online ISBN: 978-3-030-61078-4
eBook Packages: Computer ScienceComputer Science (R0)