Skip to main content
Springer Nature Link
Log in

The Key Lattice Framework for Concurrent Group Messaging

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14584))

Included in the following conference series:

  • 702 Accesses

Abstract

Today, two-party secure messaging is well-understood and widely adopted, e.g., Signal and WhatsApp. Multiparty protocols for secure group messaging are less mature and many protocols with different tradeoffs exist. Generally, such protocols require parties to first agree on a shared secret group key and then periodically update it while preserving forward secrecy (FS) and post compromise security (PCS).

We present a new framework, called a key lattice, for managing keys in concurrent group messaging. Our framework can be seen as a “key management” layer that enables concurrent group messaging when secure pairwise channels are available. Security of group messaging protocols defined using the key lattice incorporates both FS and PCS simply and naturally. Our framework combines both FS and PCS into directional variants of the same abstraction, and additionally avoids dependence on time-based epochs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://messaginglayersecurity.rocks/.

  2. 2.

    This approach bears some resemblance to the analysis of Fuchsbauer et al. [24] for public key re-encryption.

  3. 3.

    This tradeoff was similarly explored by [28]; our asynchronous security model specifically accounts for the attacks they describe by withholding some ciphertexts and corrupting a party days later to recover the messages.

  4. 4.

    Some authentication schemes require parties to sign messages with their long-term keys [23] but adapting this to concurrent group messaging is non-trivial, and not the focus of this work.

  5. 5.

    In practice we cannot use the PRF construction because it is not commutative.

  6. 6.

    We remark that the standard definition of one-wayness requires the adversary to find an equivalent pre-image of the function, and not the exact same pre-image.

  7. 7.

    In this work, every graph is a directed acyclic graph.

  8. 8.

    If verification fails due to trying the wrong key from multiple concurrent sessions, return \(\perp \) and process the incoming message via \(\textsf{Recv}\) of a different session.

  9. 9.

    For our construction, this adds all of the edges in \(E_{U,i}\) to \(E^{\textsf{rev}}_{\textsf{sid}}\).

  10. 10.

    This hash function’s purpose is semantic to convert between types. We only require (informally) that if the adversary does not know k then it does not know \(\textsf{H}(k)\). We elide discussion of \(\textsf{H}\) in the proof.

References

  1. Alwen, J., Auerbach, B., Noval, M.C., Klein, K., Pascual-Perez, G., Pietrzak, K.: DeCAF: decentralizable continuous group key agreement with fast healing. Cryptology ePrint Archive, Report 2022/559 (2022). https://eprint.iacr.org/2022/559

  2. Alwen, J., et al.: CoCoA: concurrent continuous group key agreement. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part II. LNCS, May–June 2022, vol. 13276, pp. 815–844. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-07085-3_28

  3. Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 129–158. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_5

    Chapter  Google Scholar 

  4. Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Security analysis and improvements for the IETF MLS standard for group messaging. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part I. LNCS, vol. 12170, pp. 248–277. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_9

    Chapter  Google Scholar 

  5. Alwen, J., Coretti, S., Jost, D., Mularczyk, M.: Continuous group key agreement with active security. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 261–290. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64378-2_10

    Chapter  Google Scholar 

  6. Alwen, J., Hartmann, D., Kiltz, E., Mularczyk, M.: Server-aided continuous group key agreement. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) ACM CCS 2022, November 2022, pp. 69–82. ACM Press (2022). https://doi.org/10.1145/3548606.3560632

  7. Bienstock, A., Dodis, Y., Rösler, P.: On the price of concurrency in group ratcheting protocols. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 198–228. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64378-2_8

    Chapter  Google Scholar 

  8. Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use PGP. In: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, pp. 77–84 (2004)

    Google Scholar 

  9. Boyd, C., Mathuria, A., Stebila, D.: Protocols for Authentication and Key Establishment. Information Security and Cryptography. Springer, Heidelberg (2020). https://doi.org/10.1007/978-3-662-58146-9

  10. Bresson, E., Chevassut, O., Pointcheval, D.: Provably authenticated group Diffie-Hellman key exchange—the dynamic case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290–309. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_18

    Chapter  Google Scholar 

  11. Bresson, E., Chevassut, O., Pointcheval, D.: Dynamic group Diffie-Hellman key exchange under standard assumptions. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 321–336. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_21

    Chapter  Google Scholar 

  12. Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.J.: Provably authenticated group Diffie-Hellman key exchange. In: Reiter, M.K., Samarati, P. (eds.) ACM CCS 2001, November 2001, pp. 255–264. ACM Press (2001). https://doi.org/10.1145/501983.502018

  13. Bresson, E., Manulis, M.: Securing group key exchange against strong corruptions. In: Abe, M., Gligor, V. (eds.) ASIACCS 2008, March 2008. pp. 249–260. ACM Press (2008)

    Google Scholar 

  14. Bresson, E., Manulis, M., Schwenk, J.: On security models and compilers for group key exchange protocols. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 292–307. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75651-4_20

    Chapter  Google Scholar 

  15. Brzuska, C., Fischlin, M., Smart, N.P., Warinschi, B., Williams, S.C.: Less is more: relaxed yet composable security notions for key exchange. Int. J. Inf. Sec. 12(4), 267–297 (2013). https://doi.org/10.1007/s10207-013-0192-y

    Article  Google Scholar 

  16. Brzuska, C., Fischlin, M., Warinschi, B., Williams, S.C.: Composability of Bellare-Rogaway key exchange protocols. In: Chen, Y., Danezis, G., Shmatikov, V. (eds.) ACM CCS 2011, October 2011, pp. 51–62. ACM Press (2011). https://doi.org/10.1145/2046707.2046716

  17. Cachin, C., Guerraoui, R., Rodrigues, L.: Introduction to Reliable and Secure Distributed Programming, 2nd edn. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-15260-3

  18. Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. J. Cryptol. 33(4), 1914–1983 (2020). https://doi.org/10.1007/s00145-020-09360-1

    Article  MathSciNet  Google Scholar 

  19. Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, October 2018, pp. 1802–1819. ACM Press (2018). https://doi.org/10.1145/3243734.3243747

  20. Cohn-Gordon, K., Cremers, C.J.F., Garratt, L.: On post-compromise security. In: Hicks, M., Köpf, B. (eds.) Computer Security Foundations Symposium, CSF 2016, pp. 164–178. IEEE Computer Society Press (2016). https://doi.org/10.1109/CSF.2016.19

  21. Cong, K., Eldefrawy, K., Smart, N.P., Terner, B.: The key lattice framework for concurrent group messaging. Cryptology ePrint Archive, Report 2022/1531 (2022). https://eprint.iacr.org/2022/1531

  22. Cremers, C., Hale, B., Kohbrok, K.: The complexities of healing in secure group messaging: why cross-group effects matter. In: Bailey, M., Greenstadt, R. (eds.) USENIX Security 2021, August 2021, pp. 1847–1864. USENIX Association (2021)

    Google Scholar 

  23. Dowling, B., Günther, F., Poirrier, A.: Continuous authentication in secure messaging. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS 2022, Part II. LNCS, September 2022, vol. 13555, pp. 361–381. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-17146-8_18

  24. Fuchsbauer, G., Kamath, C., Klein, K., Pietrzak, K.: Adaptively secure proxy re-encryption. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11443, pp. 317–346. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17259-6_11

    Chapter  Google Scholar 

  25. Ingemarsson, I., Tang, D.T., Wong, C.K.: A conference key distribution system. IEEE Trans. Inf. Theor. 28(5), 714–719 (1982). https://doi.org/10.1109/TIT.1982.1056542

    Article  MathSciNet  Google Scholar 

  26. Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: 2017 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 435–450. IEEE (2017)

    Google Scholar 

  27. Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978). https://doi.org/10.1145/359545.359563

  28. Pijnenburg, J., Poettering, B.: On secure ratcheting with immediate decryption. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022, Part III. LNCS, December 2022, vol. 13793, pp. 89–118. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-22969-5_4

  29. Poettering, B., Rösler, P., Schwenk, J., Stebila, D.: SoK: game-based security models for group key exchange. In: Paterson, K.G. (ed.) CT-RSA 2021. LNCS, May 2021, vol. 12704, pp. 148–176. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-030-75539-3_7

  30. Rescorla, E.: Subject: [MLS] TreeKEM: an alternative to ART. MLS Mailing List (2019). https://mailarchive.ietf.org/arch/msg/mls/e3ZKNzPC7Gxrm3Wf0q96dsLZoD8/. Accessed 19 Jan 2022

  31. Rösler, P., Mainka, C., Schwenk, J.: More is less: on the end-to-end security of group chats in Signal, Whatsapp, and Threema. In: 2018 IEEE European Symposium on Security and Privacy, EuroS &P 2018, 24–26 April 2018, London, United Kingdom, pp. 415–429. IEEE (2018). https://doi.org/10.1109/EuroSP.2018.00036

  32. Steiner, M., Tsudik, G., Waidner, M.: Diffie-Hellman key distribution extended to group communication. In: Gong, L., Stern, J. (eds.) ACM CCS 1996, March 1996, pp. 31–37. ACM Press (1996). https://doi.org/10.1145/238168.238182

  33. Weidner, M., Kleppmann, M., Hugenroth, D., Beresford, A.R.: Key agreement for decentralized secure group messaging with strong security guarantees. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, November 2021, pp. 2024–2045. ACM Press (2021). https://doi.org/10.1145/3460120.3484542

  34. Weidner, M.A.: Group messaging for secure asynchronous collaboration. M. Phil thesis, University of Cambridge, June 2019. https://mattweidner.com/acs-dissertation.pdf

  35. WhatsApp Inc.: Whatsapp encryption overview. Online, September 2021. https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf. Accessed 19 Jan 2022

Download references

Acknowledgments

This work was supported in part by the Defense Advanced Research Projects Agency (DARPA) and Space and Naval Warfare Systems Center, Pacific (SSC Pacific) under contract No. FA8750-19-C-0502 (Approved for Public Release, Distribution Unlimited). The first and third author would also like to thank the FWO under an Odysseus project GOH9718N, and by CyberSecurity Research Flanders with reference number VR20192203.

The work of the first author was conducted whilst he was at KU Leuven, the third author whilst he was at SRI International, and the fourth author whilst he was a student at UC Irvine.

Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of any of the funders. The U.S. Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation therein.

Author information

Authors and Affiliations

  1. COSIC, KU Leuven, Leuven, Belgium

    Nigel P. Smart

  2. SRI International, Menlo Park, USA

    Karim Eldefrawy & Ben Terner

  3. Zama Inc., Paris, France

    Kelong Cong & Nigel P. Smart

Authors
  1. Kelong Cong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karim Eldefrawy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nigel P. Smart
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ben Terner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nigel P. Smart .

Editor information

Editors and Affiliations

  1. New York University Abu Dhabi, Abu Dhabi, United Arab Emirates

    Christina Pöpper

  2. Radboud University Nijmegen, Nijmegen, The Netherlands

    Lejla Batina

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cong, K., Eldefrawy, K., Smart, N.P., Terner, B. (2024). The Key Lattice Framework for Concurrent Group Messaging. In: Pöpper, C., Batina, L. (eds) Applied Cryptography and Network Security. ACNS 2024. Lecture Notes in Computer Science, vol 14584. Springer, Cham. https://doi.org/10.1007/978-3-031-54773-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54773-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54772-0

  • Online ISBN: 978-3-031-54773-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics