[messaging] Encrypted Group Chats

Ben Harris mail at bharr.is
Thu Nov 27 19:24:41 PST 2014


There was also a pretty detailed discussion recently in this mailing list
on ensuring integrity of group transcripts.

> On 28/11/2014 10:57 am, "Jonathan Moore" <moore at eds.org> wrote:
>>
>> Have you read this blog post?
>>
>>    https://whispersystems.org/blog/private-groups/
>>
>> It has some good discussion of this topic.
>>
>> On Nov 27, 2014 7:41 PM, <steve at actor.im> wrote:
>>>
>>> But if someone perform mitm with axolotl schema than any new message
will be captured too. I can't spot any difference in this place.
>>>
>>> 28.11.2014, 05:37, "Stephen" <kbaegis at gmail.com>:
>>>>
>>>> This is a weak symmetric schema because it only requires 1 mitm per
group. Trapdoor asymmetric at least relies on endpoint security per
participant. In any event, more interlocutors relates to more insecurity.
Is there a viable alternative?
>>>>
>>>> On Nov 27, 2014 6:28 PM, <steve at actor.im> wrote:
>>>>>
>>>>> Hi again!
>>>>>
>>>>> Private conversation seems to be solved in TextSecure. May be in
future we will need to change basic algorithms and replace Axolotl Ratchet,
but idea seems to be good for long term usage. But, it does'nt really
useful for group conversations. We (in actor.im) are trying to find best
way to do encrypted group communications.
>>>>>
>>>>> We know two different ways of encrypted group messaging:
>>>>> 1) Sharing one key sequence
>>>>> 2) Sending messages like the private one - one message for each
recipient
>>>>>
>>>>> At the beginning we implemented the first type of group messaging
based on rules:
>>>>> 1) First of all creator of group conversation generate some secret
key, say, simple AES key and send to every participant of group like it do
with private messages.
>>>>> 2) When someone invite participant to group it do the same: generates
new AES key and send it to everyone in group plus new user.
>>>>> 3) When someone kick user it also change the group AES key and send
it to everyone.
>>>>> 4) When someone leave group than someone from group must update group
AES key before sending new message.
>>>>> 5) All messages are encrypted with current group AES key.
>>>>>
>>>>> This is not perfect and implemented just for testing our ideas. We
can implement some kind of ratcheting like in Axolotl Ratchet for better
future secrecy. We can add some better and more secure rules for group
conversations, but in still looks bad. It doesn't feel to be secure to
share one common key across all members of group. One of main plus of group
is that we can easily check encryption key for group.
>>>>>
>>>>> In TextSecure for groups is used same technique as used for private
messages. Any message is encrypted for every member in group and send like
private message and marked as message as part of group. It looks better for
security reasons because there are no single failure point as was with
shared key. It is simple to implement if you already have encrypted private
messages. But it is really hard to check keys - we need to check keys for
everyone from group by every member of group. Also it is much much more
traffic for this type of group encryption.
>>>>>
>>>>> In the end, it is much harder to detect that someone from group got
totally compromised. If someone from group will be compromised than
everyone will be compromised.
>>>>>
>>>>> Compromising one of user by adding maculous key to user's account (we
support multiple device for one account) may be solved by manual
verification by each group member on new key adding. For private
conversations we use simple notification message about adding new device.
>>>>>
>>>>> After all it seems that there are no good solution for group
messaging.
>>>>>
>>>>> Any ideas?
>>>>> --
>>>>> Steve K,
>>>>> CEO Actor.im
>>>>> _______________________________________________
>>>>> Messaging mailing list
>>>>> Messaging at moderncrypto.org
>>>>> https://moderncrypto.org/mailman/listinfo/messaging
>>>
>>>
>>>
>>> --
>>> Steve K,
>>> CEO Actor.im
>>>
>>>
>>> _______________________________________________
>>> Messaging mailing list
>>> Messaging at moderncrypto.org
>>> https://moderncrypto.org/mailman/listinfo/messaging
>>>
>>
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141128/816647af/attachment.html>


More information about the Messaging mailing list