{"date_published":"2025-01-01T00:00:00Z","ec_funded":1,"corr_author":"1","publication_status":"published","oa":1,"file_date_updated":"2025-11-24T07:44:08Z","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","type":"conference","scopus_import":"1","status":"public","ddc":["000"],"OA_place":"publisher","author":[{"full_name":"Hashimoto, Keitaro","last_name":"Hashimoto","first_name":"Keitaro"},{"last_name":"Katsumata","full_name":"Katsumata, Shuichi","first_name":"Shuichi"},{"id":"2D7ABD02-F248-11E8-B48F-1D18A9856A87","full_name":"Pascual Perez, Guillermo","last_name":"Pascual Perez","orcid":"0000-0001-8630-415X","first_name":"Guillermo"}],"abstract":[{"text":"The Message Layer Security (MLS) protocol has recently been standardized by the IETF. MLS is a scalable secure group messaging protocol expected to run more efficiently compared to the Signal protocol at scale, while offering a similar level of strong security. Even though MLS has undergone extensive examination by researchers, the majority of the works have focused on confidentiality.\r\n\r\nIn this work, we focus on the authenticity of the application messages exchanged in MLS. Currently, MLS authenticates every application message with an EdDSA signature and while manageable, the overhead is greatly amplified in the post-quantum setting as the NIST-recommended Dilithium signature results in a 40x increase in size. We view this as an invitation to explore new authentication modes that can be used instead. We start by taking a systematic view on how application messages are authenticated in MLS and categorize authenticity into four different security notions. We then propose several authentication modes, offering a range of different efficiency and security profiles. For instance, in one of our modes, COSMOS++, we replace signatures with one-time tokens and a MAC tag, offering roughly a 75x savings in the post-quantum communication overhead. While this comes at the cost of weakening security compared to the authentication mode used by MLS, the lower communication overhead seems to make it a worthwhile trade-off with security.","lang":"eng"}],"title":"Exploring how to authenticate application messages in MLS: More efficient, post-quantum, and anonymous blocklistable","month":"01","has_accepted_license":"1","publication_identifier":{"isbn":["9781939133526"]},"file":[{"file_id":"20671","creator":"dernst","file_name":"2025_Usenix_Hashimoto.pdf","file_size":710733,"success":1,"checksum":"fcfe8851aeb751af98c0b1335a0ef149","date_updated":"2025-11-24T07:44:08Z","date_created":"2025-11-24T07:44:08Z","access_level":"open_access","content_type":"application/pdf","relation":"main_file"}],"citation":{"ama":"Hashimoto K, Katsumata S, Pascual Perez G. Exploring how to authenticate application messages in MLS: More efficient, post-quantum, and anonymous blocklistable. In: <i>34th Usenix Security Symposium</i>. Usenix Association; 2025:6699-6716.","ista":"Hashimoto K, Katsumata S, Pascual Perez G. 2025. Exploring how to authenticate application messages in MLS: More efficient, post-quantum, and anonymous blocklistable. 34th Usenix Security Symposium. USENIX: Security Symposium, 6699–6716.","ieee":"K. Hashimoto, S. Katsumata, and G. Pascual Perez, “Exploring how to authenticate application messages in MLS: More efficient, post-quantum, and anonymous blocklistable,” in <i>34th Usenix Security Symposium</i>, Seattle, WA, USA, 2025, pp. 6699–6716.","chicago":"Hashimoto, Keitaro, Shuichi Katsumata, and Guillermo Pascual Perez. “Exploring How to Authenticate Application Messages in MLS: More Efficient, Post-Quantum, and Anonymous Blocklistable.” In <i>34th Usenix Security Symposium</i>, 6699–6716. Usenix Association, 2025.","short":"K. Hashimoto, S. Katsumata, G. Pascual Perez, in:, 34th Usenix Security Symposium, Usenix Association, 2025, pp. 6699–6716.","mla":"Hashimoto, Keitaro, et al. “Exploring How to Authenticate Application Messages in MLS: More Efficient, Post-Quantum, and Anonymous Blocklistable.” <i>34th Usenix Security Symposium</i>, Usenix Association, 2025, pp. 6699–716.","apa":"Hashimoto, K., Katsumata, S., &#38; Pascual Perez, G. (2025). Exploring how to authenticate application messages in MLS: More efficient, post-quantum, and anonymous blocklistable. In <i>34th Usenix Security Symposium</i> (pp. 6699–6716). Seattle, WA, USA: Usenix Association."},"main_file_link":[{"url":"https://eprint.iacr.org/2025/426","open_access":"1"}],"oa_version":"Published Version","quality_controlled":"1","date_updated":"2025-11-24T07:46:46Z","page":"6699-6716","acknowledgement":"This research was partially supported by JST CREST JPMJCR22M1, Japan and funded by the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie Grant Agreement No.665385.","day":"01","conference":{"location":"Seattle, WA, USA","end_date":"2025-08-15","name":"USENIX: Security Symposium","start_date":"2025-08-13"},"publisher":"Usenix Association","language":[{"iso":"eng"}],"year":"2025","date_created":"2025-11-23T23:01:40Z","project":[{"grant_number":"665385","_id":"2564DBCA-B435-11E9-9278-68D0E5697425","name":"International IST Doctoral Program","call_identifier":"H2020"}],"OA_type":"diamond","article_processing_charge":"No","publication":"34th Usenix Security Symposium","_id":"20668"}