Paper 2024/887

Secret Key Recovery in a Global-Scale End-to-End Encryption System

Graeme Connell, Signal Messenger
Vivian Fang, UC Berkeley
Rolfe Schmidt, Signal Messenger
Emma Dauterman, UC Berkeley
Raluca Ada Popa, UC Berkeley
Abstract

End-to-end encrypted messaging applications ensure that an attacker cannot read a user's message history without their decryption keys. While this provides strong privacy, it creates a usability problem: if a user loses their devices and cannot access their decryption keys, they can no longer access their account. To solve this usability problem, users should be able to back up their account information with the messaging provider. For privacy, this backup should be encrypted and the provider should not have access to users' decryption keys. To solve this problem, we present Secure Value Recovery 3 (SVR3), a secret key recovery system that distributes trust across different types of hardware enclaves run by different cloud providers in order to protect users' decryption keys. SVR3 is the first deployed secret key recovery system to split trust across heterogeneous enclaves managed by different cloud providers: this design ensures that a single type of enclave does not become a central point of attack. SVR3 protects decryption keys via rollback protection and fault tolerance techniques tailored to the enclaves' security guarantees. SVR3 costs \$0.0025/user/year and takes 365ms for a user to recover their key, which is a rare operation. A part of SVR3 has been rolled out to millions of real users in a deployment with capacity for over 500 million users, demonstrating the ability to operate at scale.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
E2EEsecure messagingSignalkey recoverydistributed trust
Contact author(s)
gram @ signal org
v fang @ berkeley edu
rolfe @ signal org
edauterman @ berkeley edu
raluca popa @ berkeley edu
History
2024-07-02: last of 2 revisions
2024-06-03: received
See all versions
Short URL
https://ia.cr/2024/887
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX 

@misc{cryptoeprint:2024/887,
      author = {Graeme Connell and Vivian Fang and Rolfe Schmidt and Emma Dauterman and Raluca Ada Popa},
      title = {Secret Key Recovery in a Global-Scale End-to-End Encryption System},
      howpublished = {Cryptology ePrint Archive, Paper 2024/887},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/887}},
      url = {https://eprint.iacr.org/2024/887}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.