[messaging] How secure is TextSecure?

George Kadianakis desnacked at riseup.net
Thu Nov 6 07:44:09 PST 2014

David Leon Gil <coruus at gmail.com> writes:

> A new paper by Frosch et al. here: http://eprint.iacr.org/2014/904

I'm also not extremely concerned about the practical implications of
the attacks on this paper, but I really appreciated the paper because
it presented the TextSecure protocol in a way that can be analyzed and

I admit that I haven't searched too much but I haven't yet found a
document by the whispersystems team that presents the crypto protocol
in a way that can be analyzed by academics or security people (most
academics will not bother going through developer-facing protocol
documents). This paper has been the most consise description of the
protocol I know about, and if you know a better one please do tell me!

Just by skimming the paper, I learned some stuff about the textsecure
protocol that I didn't know about. For example, I didn't know about
"last resort" prekeys.

And I also didn't know that the TextSecure server encrypts messages
before sending them to the GCM server so that "Google's Cloud
Messaging servers will only be able to see the receipient [sic] but
not the sender of the message".

Furthremore, the security proof in section IV might serve as a good
start for further security proofs for the whole protocol.

More information about the Messaging mailing list