Paper 2019/694

A Unified and Composable Take on Ratcheting

Daniel Jost, Ueli Maurer, and Marta Mularczyk

Abstract

Ratcheting, an umbrella term for certain techniques for achieving secure messaging with strong guarantees, has spurred much interest in the cryptographic community, with several novel protocols proposed as of lately. Most of them are composed from several sub-protocols, often sharing similar ideas across different protocols. Thus, one could hope to reuse the sub-protocols to build new protocols achieving different security, efficiency, and usability trade-offs. This is especially desirable in view of the community's current aim for group messaging, which has a significantly larger design space. However, the underlying ideas are usually not made explicit, but rather implicitly encoded in a (fairly complex) security game, primarily targeted at the overall security proof. This not only hinders modular protocol design, but also makes the suitability of a protocol for a particular application difficult to assess. In this work we demonstrate that ratcheting components can be modeled in a composable framework, allowing for their reuse in a modular fashion. To this end, we first propose an extension of the Constructive Cryptography framework by so-called global event histories, to allow for a clean modularization even if the component modules are not fully independent but actually subtly intertwined, as in most ratcheting protocols. Second, we model a unified, flexibly instantiable type of strong security statement for secure messaging within that framework. Third, we show that one can phrase strong guarantees for a number of sub-protocols from the existing literature in this model with only minor modifications, slightly stronger assumptions, and reasonably intuitive formalizations. When expressing existing protocols' guarantees in a simulation-based framework, one has to address the so-called commitment problem. We do so by reflecting the removal of access to certain oracles under specific conditions, appearing in game-based security definitions, in the real world of our composable statements. We also propose a novel non-committing protocol for settings where the number of messages a party can send before receiving a reply is bounded.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
ratchetingsecure messagingmodularizationcomposable security
Contact author(s)
dajost @ inf ethz ch
mumarta @ inf ethz ch
History
2019-06-12: received
Short URL
https://ia.cr/2019/694
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2019/694,
      author = {Daniel Jost and Ueli Maurer and Marta Mularczyk},
      title = {A Unified and Composable Take on Ratcheting},
      howpublished = {Cryptology ePrint Archive, Paper 2019/694},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/694}},
      url = {https://eprint.iacr.org/2019/694}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.