[messaging] Encrypted Group Chats

Stephen kbaegis at gmail.com
Thu Nov 27 18:37:02 PST 2014


This is a weak symmetric schema because it only requires 1 mitm per group.
Trapdoor asymmetric at least relies on endpoint security per participant.
In any event, more interlocutors relates to more insecurity. Is there a
viable alternative?
On Nov 27, 2014 6:28 PM, <steve at actor.im> wrote:

> Hi again!
>
> Private conversation seems to be solved in TextSecure. May be in future we
> will need to change basic algorithms and replace Axolotl Ratchet, but idea
> seems to be good for long term usage. But, it does'nt really useful for
> group conversations. We (in actor.im) are trying to find best way to do
> encrypted group communications.
>
> We know two different ways of encrypted group messaging:
> 1) Sharing one key sequence
> 2) Sending messages like the private one - one message for each recipient
>
> At the beginning we implemented the first type of group messaging based on
> rules:
> 1) First of all creator of group conversation generate some secret key,
> say, simple AES key and send to every participant of group like it do with
> private messages.
> 2) When someone invite participant to group it do the same: generates new
> AES key and send it to everyone in group plus new user.
> 3) When someone kick user it also change the group AES key and send it to
> everyone.
> 4) When someone leave group than someone from group must update group AES
> key before sending new message.
> 5) All messages are encrypted with current group AES key.
>
> This is not perfect and implemented just for testing our ideas. We can
> implement some kind of ratcheting like in Axolotl Ratchet for better future
> secrecy. We can add some better and more secure rules for group
> conversations, but in still looks bad. It doesn't feel to be secure to
> share one common key across all members of group. One of main plus of group
> is that we can easily check encryption key for group.
>
> In TextSecure for groups is used same technique as used for private
> messages. Any message is encrypted for every member in group and send like
> private message and marked as message as part of group. It looks better for
> security reasons because there are no single failure point as was with
> shared key. It is simple to implement if you already have encrypted private
> messages. But it is really hard to check keys - we need to check keys for
> everyone from group by every member of group. Also it is much much more
> traffic for this type of group encryption.
>
> In the end, it is much harder to detect that someone from group got
> totally compromised. If someone from group will be compromised than
> everyone will be compromised.
>
> Compromising one of user by adding maculous key to user's account (we
> support multiple device for one account) may be solved by manual
> verification by each group member on new key adding. For private
> conversations we use simple notification message about adding new device.
>
> After all it seems that there are no good solution for group messaging.
>
> Any ideas?
> --
> Steve K,
> CEO Actor.im
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141127/c5ef5fd1/attachment.html>


More information about the Messaging mailing list