Analysis and Improvements of the Sender Keys Protocol for Group Messaging
Messaging between two parties and in the group setting has enjoyed widespread attention both in practice, and, more recently, from the cryptographic community. One of the main challenges in the area is constructing secure (end-to- end encrypted) and efficient messaging protocols for group conversations. The popular messaging applications WhatsApp and Signal utilise a protocol in which, instead of sharing a single group key, members have individual sender keys, which are shared with all other group members. The Sender Keys protocol is claimed to offer forward security guarantees. However, despite its broad adoption in practice, it has never been studied formally in the cryptographic literature. In this paper we present the first analysis of the Sender Keys protocol along with some prospective improvements. To this end, we introduce a new cryptographic primitive, develop a game- based security model, present a security analysis in the passive and active settings, and propose several improvements to the protocol.
Sender_Keys_RECSI2022.pdf
postprint
openaccess
n/a
103.21 KB
Adobe PDF
7373e680547a192e1e0bcb71f7f7e0d1