[messaging] Research topics on multiparty messaging (MSc thesis)
desnacked at riseup.net
Mon Sep 1 05:06:37 PDT 2014
Hello Trevor, Ximin, vmon, etc.
with September coming up, it's high time for me to find the topic of
my MSc thesis. Even though during the past months I haven't been
involved with secure messaging as much I would have liked, I'm still
motivated to do my thesis on the topic.
Because of the nature of my degree and the skills of my advisor (Kenny),
I think the most fitting topics would be something related to
cryptanalysis, protocol analysis, formal crypto proofs, or mathematics.
I'm mainly interested in the topic of _multiparty_ secure messaging,
and here are some ideas that I find intriguing:
a) Analysis of proposed secure multiparty messaging protocols
This will involve analyzing and trying to break proposed multiparty
chat protocols (like the upcoming mpCat paper).
I find this topic interesting and it's also a topic that my
professor is very good at, which means that something decent might
come out of this.
I'm mainly afraid that there won't be many such protocols to
analyze by the time I start my thesis (probably Q3/Q4 2014). I
could focus specifically on mpCat, but I'm not sure when the paper
is going to be published, or how concrete the protocol is going to
be at the time of publication (because maybe only a rough skeleton
of the protocol will be published initially, which is hard to
b) Other authentication methods for multiparty chat
This would involve designing/analyzing authentication methods for
multiparty messaging that are different to public key fingerprint
For example, this could involve designing protocols similar to PANDA
for Pond and SMP for OTR, that would allow password-based
authentication/rendezvous for multiparty chat users. The use case I
would want to satisfy is
"We are 5 strangers IRL and we want to meet securely online in a
chat server using solely the password 'banoffeewitches'"
Even though I find practical value in this use case, I'm afraid that
I will end up spending lots of time designing a new type of chat
server that would allow such protocols to work well (similar to
PANDA servers in Pond), or find hacky ways to piggyback on current
chat server protocols (like IRC/XMPP) to facilitate this use case.
Also, even if I were to design such an authentication/rendezvous
scheme, it might be hard or useless to impement it without having
an actual multiparty chat protocol to make it work with.
To be honest, I think (a) is the saner and more useful option here,
but it also depends on whether mpCat etc. will have been published by
The timeline of my project is Q4 2014 to Q2 2015; do you think that's
a good time period to conduct such a project?
Also, do you think that analyzing mpCat or other such protocols will
be a useful thing to do?
Any other thoughts on what kind of research the multiparty chat
community needs at this point, and could be a good MSc thesis topic?
And just for the record, here are some other research projects, that I
rejected for various reasons:
- Formal proof of multiparty chat protocols
- Ratchets (formal treatment, properties, etc.)
- Transcript consistency
Thanks for your thoughts!
PS: I also posted this mail to [messaging at moderncrypto.org] because why not.
More information about the Messaging