Paper 2017/664

Message Franking via Committing Authenticated Encryption

Paul Grubbs, Jiahui Lu, and Thomas Ristenpart

Abstract

We initiate the study of message franking, recently introduced in Facebook’s end-to-end encrypted message system. It targets verifiable reporting of abusive messages to Facebook without compromising security guarantees. We capture the goals of message franking via a new cryptographic primitive: compactly committing authenticated encryption with associated data (AEAD). This is an AEAD scheme for which a small part of the ciphertext can be used as a cryptographic commitment to the message contents. Decryption provides, in addition to the message, a value that can be used to open the commitment. Security for franking mandates more than that required of traditional notions associated with commitment. Nevertheless, and despite the fact that AEAD schemes are in general not committing (compactly or otherwise), we prove that many in-use AEAD schemes can be used for message franking by using secret keys as openings. An implication of our results is the first proofs that several in-use symmetric encryption schemes are committing in the traditional sense. We also propose and analyze schemes that retain security even after openings are revealed to an adversary. One is a generalization of the scheme implicitly underlying Facebook’s message franking protocol, and another is a new construction that offers improved performance.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
A major revision of an IACR publication in Crypto 2017
Keywords
authenticated encryptionencrypted messaging
Contact author(s)
pag225 @ cornell edu
History
2017-07-05: received
Short URL
https://ia.cr/2017/664
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/664,
      author = {Paul Grubbs and Jiahui Lu and Thomas Ristenpart},
      title = {Message Franking via Committing Authenticated Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2017/664},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/664}},
      url = {https://eprint.iacr.org/2017/664}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.