A Formal Security Analysis of the Signal Messaging Protocol
dc.contributor.author
Cohn-Gordon, Katriel
dc.contributor.author
Cremers, Cas
dc.contributor.author
Dowling, Benjamin
dc.contributor.author
Garratt, Luke
dc.contributor.author
Stebila, Douglas
dc.date.accessioned
2020-11-13T10:01:23Z
dc.date.available
2020-10-08T12:33:22Z
dc.date.available
2020-11-13T10:01:23Z
dc.date.issued
2020-10
dc.identifier.issn
1432-1378
dc.identifier.issn
0933-2790
dc.identifier.other
10.1007/s00145-020-09360-1
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/445149
dc.description.abstract
The Signal protocol is a cryptographic messaging protocol that provides end-to-end encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among many others, serving well over 1 billion active users. Signal includes several uncommon security properties (such as “future secrecy” or “post-compromise security”), enabled by a technique called ratcheting in which session keys are updated with every message sent. We conduct a formal security analysis of Signal’s initial extended triple Diffie–Hellman (X3DH) key agreement and Double Ratchet protocols as a multi-stage authenticated key exchange protocol. We extract from the implementation a formal description of the abstract protocol and define a security model which can capture the “ratcheting” key update structure as a multi-stage model where there can be a “tree” of stages, rather than just a sequence. We then prove the security of Signal’s key exchange core in our model, demonstrating several standard security properties. We have found no major flaws in the design and hope that our presentation and results can serve as a foundation for other analyses of this widely adopted protocol. © International Association for Cryptologic Research 2020.
en_US
dc.language.iso
en
en_US
dc.publisher
Springer
en_US
dc.title
A Formal Security Analysis of the Signal Messaging Protocol
en_US
dc.type
Journal Article
dc.date.published
2020-09-23
ethz.journal.title
Journal of Cryptology
ethz.journal.volume
33
en_US
ethz.journal.issue
4
en_US
ethz.journal.abbreviated
J Cryptol
ethz.pages.start
1914
en_US
ethz.pages.end
1983
en_US
ethz.identifier.wos
ethz.identifier.scopus
ethz.publication.place
New York, NY
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::09653 - Paterson, Kenneth / Paterson, Kenneth
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::09653 - Paterson, Kenneth / Paterson, Kenneth
en_US
ethz.date.deposited
2020-06-11T12:47:30Z
ethz.source
WOS
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Metadata only
en_US
ethz.rosetta.installDate
2020-11-13T10:01:35Z
ethz.rosetta.lastUpdated
2022-03-29T04:01:42Z
ethz.rosetta.versionExported
true
dc.identifier.olduri
http://hdl.handle.net/20.500.11850/444937
dc.identifier.olduri
http://hdl.handle.net/20.500.11850/419783
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=A%20Formal%20Security%20Analysis%20of%20the%20Signal%20Messaging%20Protocol&rft.jtitle=Journal%20of%20Cryptology&rft.date=2020-10&rft.volume=33&rft.issue=4&rft.spage=1914&rft.epage=1983&rft.issn=1432-1378&0933-2790&rft.au=Cohn-Gordon,%20Katriel&Cremers,%20Cas&Dowling,%20Benjamin&Garratt,%20Luke&Stebila,%20Douglas&rft.genre=article&rft_id=info:doi/10.1007/s00145-020-09360-1&
Files in this item
| Files | Size | Format | Open in viewer |
|---|---|---|---|
|
There are no files associated with this item. |
|||
Publication type
-
Journal Article [122024]