Efficient ratcheting: Almost-optimal guarantees for secure messaging

34Citations
Citations of this article
24Readers
Mendeley users who have this article in their library.
Get full text

Abstract

In the era of mass surveillance and information breaches, privacy of Internet communication, and messaging in particular, is a growing concern. As secure messaging protocols are executed on the not-so-secure end-user devices, and because their sessions are long-lived, they aim to guarantee strong security even if secret states and local randomness can be exposed. The most basic security properties, including forward secrecy, can be achieved using standard techniques such as authenticated encryption. Modern protocols, such as Signal, go one step further and additionally provide the so-called backward secrecy, or healing from state exposures. These additional guarantees come at the price of a moderate efficiency loss (they require public-key primitives). On the opposite side of the security spectrum are the works by Jaeger and Stepanovs and by Poettering and Rösler, which characterize the optimal security a secure-messaging scheme can achieve. However, their proof-of-concept constructions suffer from an extreme efficiency loss compared to Signal. Moreover, this caveat seems inherent. This paper explores the area in between: our starting point are the basic, efficient constructions, and then we ask how far we can go towards the optimal security without losing too much efficiency. We present a construction with guarantees much stronger than those achieved by Signal, and slightly weaker than optimal, yet its efficiency is closer to that of Signal (only standard public-key cryptography is used). On a technical level, achieving optimal guarantees inherently requires key-updating public-key primitives, where the update information is allowed to be public. We consider secret update information instead. Since a state exposure temporally breaks confidentiality, we carefully design such secretly-updatable primitives whose security degrades gracefully if the supposedly secret update information leaks.

References Powered by Scopus

Hierarchical id-based cryptography

857Citations
N/AReaders
Get full text

A forward-secure public-key encryption scheme

610Citations
N/AReaders
Get full text

Toward hierarchical identity-based encryption

498Citations
N/AReaders
Get full text

Cited by Powered by Scopus

The double ratchet: Security notions, proofs, and modularization for the signal protocol

72Citations
N/AReaders
Get full text

Security analysis and improvements for the ietf mls standard for group messaging

39Citations
N/AReaders
Get full text

Modular Design of Secure Group Messaging Protocols and the Security of MLS

30Citations
N/AReaders
Get full text

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Jost, D., Maurer, U., & Mularczyk, M. (2019). Efficient ratcheting: Almost-optimal guarantees for secure messaging. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11476 LNCS, pp. 159–188). Springer Verlag. https://doi.org/10.1007/978-3-030-17653-2_6

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 14

74%

Researcher 3

16%

Professor / Associate Prof. 1

5%

Lecturer / Post doc 1

5%

Readers' Discipline

Tooltip

Computer Science 14

70%

Physics and Astronomy 2

10%

Engineering 2

10%

Medicine and Dentistry 2

10%

Save time finding and organizing research with Mendeley

Sign up for free