Cryptology ePrint Archive: Report 2016/703

(In-)Secure messaging with the Silent Circle instant messaging protocol

Sebastian R. Verschoor and Tanja Lange

Abstract: Silent Text, the instant messaging application by the company Silent Circle, provides its users with end-to-end encrypted communication on the Blackphone and other smartphones. The underlying protocol, SCimp, has received many extensions during the update to version 2, but has not been subjected to critical review from the cryptographic community. In this paper, we analyze both the design and implementation of SCimp by inspection of the documentation (to the extent it exists) and code. Many of the security properties of SCimp version 1 are found to be secure, however many of the extensions contain vulnerabilities and the implementation contains bugs that affect the overall security. These problems were fed back to the SCimp maintainers and some bugs were fixed in the code base. In September 2015, Silent Circle replaced SCimp with a new protocol based on the Signal Protocol.

Category / Keywords: cryptographic protocols / SCimp, Silent Circle, instant messaging protocol

Date: received 13 Jul 2016

Contact author: srverschoor at uwaterloo ca

Available format(s): PDF | BibTeX Citation

Version: 20160718:143412 (All versions of this report)

Short URL: ia.cr/2016/703

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]