Abstract
The Signal protocol is a secure messaging protocol providing end-to-end encrypted asynchronous communication. In this paper, we focus on a method capable of hiding membership information from the viewpoint of non group members in a secure group messaging (SGM) protocol, which we call “membership privacy”. Although Chase et al. (ACM CCS 2020) have considered the same notion, their proposal is an extension of Signal so called “Pairwise Signal” where a group message is repeatedly sent over individual Signal channels. Thus, for the number of group users n, their protocol is not scalable where each user is required O(n) computational and communication costs for updating keys. In this work, we extend the Cohn-Gordon et al. SGM protocol (ACM CCS 2018), which we call the Asynchronous Ratcheting Trees (ART) protocol, to add membership privacy. The ART protocol is scalable where each user is required \(O(\log n)\) computational and communication costs for updating keys. We employ a key-private and robust public-key encryption (Abdalla et al., TCC2010/JoC2018) for hiding membership-related values in the setup phase. Furthermore, we concentrate on the fact that a group common key provides anonymity. This fact is used to encrypt membership information in the key update phase. Our extension does not affect the forward secrecy and post-compromise security of the original ART protocol. Our modification achieves asymptotically the same efficiency of the ART protocol in the setup phase. Any additional cost for key update does not depend on the number of group members (specifically, one encryption and decryption of a symmetric-key encryption scheme and one execution of a key-derivation function for each key update are employed). Therefore, the proposed protocol can add membership privacy to the ART protocol with a quite small overhead.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In [10], H is defined as a mapping from a group element to a \(\mathbb {Z}_p\) element that uses the corresponding DH key as the secret key of the parent node. For simplicity, we define H as a hash function.
- 2.
Cohn-Gordon et al. employed HKDF with SHA256 for key derivation.
- 3.
Such a public key encryption scheme can be constructed easily. For example, for a key private public key encryption scheme, e.g., the ElGamal encryption, a random R is contained to a public key and for encryption of M, encrypt M||R. The decryption algorithm decrypts a ciphertext, obtains \(M||R^\prime \), and outputs M if \(R^\prime =R\) and \(\bot \), otherwise.
- 4.
Here, the position j of the user i and the index of the ciphertext do not have to be the same. Here, for the sake of simplicity, we use the same j for both indexes.
References
Abdalla, M., Bellare, M., Neven, G.: Robust encryption. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 480–497. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_28
Abdalla, M., Bellare, M., Neven, G.: Robust encryption. J. Cryptol. 31(2), 307–350 (2018)
Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Security analysis and improvements for the IETF MLS standard for group messaging. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 248–277. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_9
Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Modular design of secure group messaging protocols and the security of MLS. In: ACM CCS, pp. 1463–1483 (2021)
Backes, M., Hanzlik, L., Schneider-Bensch, J.: Membership privacy for fully dynamic group signatures. In: ACM CCS, pp. 2181–2198 (2019)
Barnes, R., Beurdouche, B., Robert, R., Millican, J., Omara, E., Cohn-Gordon, K.: The messaging layer security (MLS) protocol. Internet-Draft draft-ietf-MLS-protocol-16, Internet Engineering Task Force (2022). https://datatracker.ietf.org/doc/draft-ietf-mls-protocol/16/. Work in Progress
Chase, M., Perrin, T., Zaverucha, G.: The signal private group system and anonymous credentials supporting efficient verifiable encryption. In: ACM CCS, pp. 1445–1459 (2020)
Chen, K., Chen, J.: Anonymous end to end encryption group messaging protocol based on asynchronous ratchet tree. In: ICICS, pp. 588–605 (2020)
Cohn-Gordon, K., Cremers, C., Garratt, L.: On post-compromise security. In: IEEE CSF, pp. 164–178 (2016)
Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. In: ACM CCS, pp. 1802–1819 (2018)
Libert, B., Paterson, K.G., Quaglia, E.A.: Anonymous broadcast encryption: adaptive security and efficient constructions in the standard model. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 206–224. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30057-8_13
Marlinspike, M.: The X3DH key agreement protocol, revision 1, 04 November 2016. https://signal.org/docs/specifications/x3dh/
Martiny, I., Kaptchuk, G., Aviv, A.J., Roche, D.S., Wustrow, E.: Improving signal’s sealed sender. In: NDSS (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this paper
Cite this paper
Emura, K., Kajita, K., Nojima, R., Ogawa, K., Ohtake, G. (2023). Membership Privacy for Asynchronous Group Messaging. In: You, I., Youn, TY. (eds) Information Security Applications. WISA 2022. Lecture Notes in Computer Science, vol 13720. Springer, Cham. https://doi.org/10.1007/978-3-031-25659-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-25659-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25658-5
Online ISBN: 978-3-031-25659-2
eBook Packages: Computer ScienceComputer Science (R0)