Paper 2020/541

There Can Be No Compromise: The Necessity of Ratcheted Authentication in Secure Messaging

Benjamin Dowling and Britta Hale


Modern messaging applications often rely on out-of-band communication to achieve entity authentication, with human users actively verifying and attesting to long-term public keys. This "user-mediated" authentication is done primarily to reduce reliance on trusted third parties by replacing that role with the user. Despite a great deal of research focusing on analyzing the confidentiality aspect of secure messaging, the authenticity aspect of it has been largely assumed away. Consequently, while many existing protocols provide some confidentiality guarantees after a compromise, such as post-compromise security (PCS), authenticity guarantees are generally lost. This leads directly to potential man-in-the-middle (MitM) attacks within the intended threat model. In this work, we address this gap by proposing a model to formally capture user-mediated entity authentication in ratcheted secure messaging protocols that can be composed with any ratcheted key exchange. Our threat model captures post-compromise entity authentication security. We demonstrate that the Signal application's user-mediated authentication protocol cannot be proven secure in this model and suggest a straightforward fix for Signal that allows the detection of an active adversary. Our results have direct implications for other existing and future ratcheted secure messaging applications.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Secure MessagingRatcheted AuthenticationSignalDouble RatchetUser-Mediated AuthenticationCeremonies
Contact author(s)
britta hale @ nps edu
benjamin dowling @ inf ethz ch
2020-06-05: revised
2020-05-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Benjamin Dowling and Britta Hale},
      title = {There Can Be No Compromise: The Necessity of Ratcheted Authentication in Secure Messaging},
      howpublished = {Cryptology ePrint Archive, Paper 2020/541},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.