Paper 2016/703

(In-)Secure messaging with the Silent Circle instant messaging protocol

Sebastian R. Verschoor and Tanja Lange

Abstract

Silent Text, the instant messaging application by the company Silent Circle, provides its users with end-to-end encrypted communication on the Blackphone and other smartphones. The underlying protocol, SCimp, has received many extensions during the update to version 2, but has not been subjected to critical review from the cryptographic community. In this paper, we analyze both the design and implementation of SCimp by inspection of the documentation (to the extent it exists) and code. Many of the security properties of SCimp version 1 are found to be secure, however many of the extensions contain vulnerabilities and the implementation contains bugs that affect the overall security. These problems were fed back to the SCimp maintainers and some bugs were fixed in the code base. In September 2015, Silent Circle replaced SCimp with a new protocol based on the Signal Protocol.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
SCimpSilent Circleinstant messaging protocol
Contact author(s)
srverschoor @ uwaterloo ca
History
2016-07-18: received
Short URL
https://ia.cr/2016/703
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/703,
      author = {Sebastian R.  Verschoor and Tanja Lange},
      title = {(In-)Secure messaging with the Silent Circle instant messaging protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/703},
      year = {2016},
      url = {https://eprint.iacr.org/2016/703}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.