[messaging] Research topics on multiparty messaging (MSc thesis)

[George Kadianakis]

Hello Trevor, Ximin, vmon, etc.

with September coming up, it's high time for me to find the topic of
my MSc thesis. Even though during the past months I haven't been
involved with secure messaging as much I would have liked, I'm still
motivated to do my thesis on the topic.

Because of the nature of my degree and the skills of my advisor (Kenny),
I think the most fitting topics would be something related to
cryptanalysis, protocol analysis, formal crypto proofs, or mathematics.

I'm mainly interested in the topic of _multiparty_ secure messaging,
and here are some ideas that I find intriguing:

a) Analysis of proposed secure multiparty messaging protocols

   This will involve analyzing and trying to break proposed multiparty
   chat protocols (like the upcoming mpCat paper).

   I find this topic interesting and it's also a topic that my
   professor is very good at, which means that something decent might
   come out of this.

   I'm mainly afraid that there won't be many such protocols to
   analyze by the time I start my thesis (probably Q3/Q4 2014). I
   could focus specifically on mpCat, but I'm not sure when the paper
   is going to be published, or how concrete the protocol is going to
   be at the time of publication (because maybe only a rough skeleton
   of the protocol will be published initially, which is hard to
   thoroughly analyze/break).

b) Other authentication methods for multiparty chat

   This would involve designing/analyzing authentication methods for
   multiparty messaging that are different to public key fingerprint
   verification.
 
   For example, this could involve designing protocols similar to PANDA
   for Pond and SMP for OTR, that would allow password-based
   authentication/rendezvous for multiparty chat users. The use case I
   would want to satisfy is
   "We are 5 strangers IRL and we want to meet securely online in a
   chat server using solely the password 'banoffeewitches'"
   
   Even though I find practical value in this use case, I'm afraid that
   I will end up spending lots of time designing a new type of chat
   server that would allow such protocols to work well (similar to
   PANDA servers in Pond), or find hacky ways to piggyback on current
   chat server protocols (like IRC/XMPP) to facilitate this use case.

   Also, even if I were to design such an authentication/rendezvous
   scheme, it might be hard or useless to impement it without having
   an actual multiparty chat protocol to make it work with.

To be honest, I think (a) is the saner and more useful option here,
but it also depends on whether mpCat etc. will have been published by
then.

The timeline of my project is Q4 2014 to Q2 2015; do you think that's
a good time period to conduct such a project?

Also, do you think that analyzing mpCat or other such protocols will
be a useful thing to do?

Any other thoughts on what kind of research the multiparty chat
community needs at this point, and could be a good MSc thesis topic?

And just for the record, here are some other research projects, that I
rejected for various reasons:
- Formal proof of multiparty chat protocols
- Ratchets (formal treatment, properties, etc.)
- Transcript consistency
- Deniability

Thanks for your thoughts!

PS: I also posted this mail to [messaging at moderncrypto.org] because why not.