On the efficiency and security of secure group messaging

Pascual Perez G. 2024. On the efficiency and security of secure group messaging. Institute of Science and Technology Austria.

Download
OA thesis_gpasper.pdf 2.73 MB [Published Version]

Thesis | PhD | Published | English

Corresponding author has ISTA affiliation

Series Title
ISTA Thesis
Abstract
Instant messaging applications like Whatsapp, Signal or Telegram have become ubiquitous in today's society. Many of them provide not only end-to-end encryption, but also security guarantees even when the key material gets compromised. These are achieved through frequent key update performed by users. In particular, the compromise of a group key should preserve confidentiality of previously exchanged messages (forward secrecy), and a subsequent key update will ensure security for future ones (post-compromise security). Though great protocols for one-on-one communication have been known for some time, the design of ones that scale efficiently for larger groups while achieving akin security guarantees is a hard problem. A great deal of research has been aimed at this topic, much of it under the umbrella of the Messaging Layer Security (MLS) working group at the IETF. Started in 2018, this joint effort by academics and industry culminated in 2023 with the publication of the first standard for secure group messaging [IETF, RFC9420]. At the core of secure group messaging is a cryptographic primitive termed Continuous Group Key Agreement, or CGKA [Alwen et al. 2021], that essentially allows a changing group of users to agree on a common key with the added functionality security against compromises is achieved by users asynchronously issuing a key update. In this thesis we contribute to the understanding of CGKA across different angles. First, we present a new technique to effect dynamic operations in groups, i.e., add or remove members, that can be more efficient that the one employed by MLS in certain settings. Considering the setting of users belonging to multiple overlapping groups, we then show lowerbounds on the communication cost of constructions that leverage said overlap, at the same time showing protocols that are asymptotically optimal and efficient for practical settings, respectively. Along the way, we show that the communication cost of key updates in MLS is average-cost optimal. An important feature in CGKA protocols, particularly for big groups, is the possibility of executing several group operations concurrently. While later versions of MLS support this, they do at the cost of worsening the communication efficiency of future group operations. In this thesis we introduce two new protocols that permit concurrency without any negative effect on efficiency. Our protocols circumvent previously existing lower bounds by satisfying a new notion of post-compromise security that only asks for security to be re-established after a certain number of key updates have taken place. While this can be slower than MLS in terms of rounds of communication, we show that it leads to more efficient overall communication. Additionally, we introduce a new technique that allows group members to decrease the information they need to store and download, which makes one of our protocols enjoy much lower download cost than any other existing CGKA constructions.
Publishing Year
Date Published
2024-09-18
Publisher
Institute of Science and Technology Austria
Page
239
ISSN
IST-REx-ID

Cite this

Pascual Perez G. On the efficiency and security of secure group messaging. 2024. doi:10.15479/at:ista:18088
Pascual Perez, G. (2024). On the efficiency and security of secure group messaging. Institute of Science and Technology Austria. https://doi.org/10.15479/at:ista:18088
Pascual Perez, Guillermo. “On the Efficiency and Security of Secure Group Messaging.” Institute of Science and Technology Austria, 2024. https://doi.org/10.15479/at:ista:18088.
G. Pascual Perez, “On the efficiency and security of secure group messaging,” Institute of Science and Technology Austria, 2024.
Pascual Perez G. 2024. On the efficiency and security of secure group messaging. Institute of Science and Technology Austria.
Pascual Perez, Guillermo. On the Efficiency and Security of Secure Group Messaging. Institute of Science and Technology Austria, 2024, doi:10.15479/at:ista:18088.
All files available under the following license(s):
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0):
Main File(s)
File Name
Access Level
OA Open Access
Date Uploaded
2024-09-19
MD5 Checksum
4a2c72e90f1a0ef2a13cff800f8d1265

Source File
File Name
Access Level
Restricted Closed Access
Date Uploaded
2024-09-19
MD5 Checksum
ce0dca715b3df48e52e2e891b6ac1bc5

Export

Marked Publications

Open Data ISTA Research Explorer

Search this title in

Google Scholar