Séminaire SoSySec

Sécurité des logiciels et des systèmes

Accueil     Présentation     Archives

Katriel Cohn-Gordon (University of Oxford, UK)

Signal: proofs and new designs

Signal, a new two-party key exchange protocol from Open Whisper Systems, is now enabled by default for WhatsApp's billion active users. We specify and prove its security properties, in particular "post-compromise security"; our proof shows that a Signal session can provide secrecy and authentication even when one party has been completely compromised, revealing both their long-term and ephemeral keys.

The Signal libraries also provide a mechanism called "sender keys", which allows a group of people to exchange messages. Unlike for the pairwise communication protocol, however, this does not provide post-compromise security: an adversary who compromises one group member can indefinitely eavesdrop on or impersonate them. Borrowing ideas from group Diffie-Hellman protocols, we'll build an asynchronous "ratcheting" system that provides post-compromise security to messaging groups without sacrificing the asynchronicity properties that have helped make Signal so widely used.