Paper 2023/1243

Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements

Cas Cremers, Helmholtz Center for Information Security
Eyal Ronen, Tel Aviv University
Mang Zhao, Helmholtz Center for Information Security

Video conferencing apps like Zoom have hundreds of millions of daily users, making them a high-value target for surveillance and subversion. While such apps claim to achieve some forms of end-to-end encryption, they usually assume an incorruptible server that is able to identify and authenticate all the parties in a meeting. Concretely this means that, e.g., even when using the “end-to-end encrypted” setting, malicious Zoom servers could eavesdrop or impersonate in arbitrary groups. In this work, we show how security against malicious servers can be improved by changing the way in which such protocols use passwords (known as passcodes in Zoom) and integrating a password-authenticated key exchange (PAKE) protocol. To formally prove that our approach achieves its goals, we formalize a class of cryptographic protocols suitable for this setting, and define a basic security notion for them, in which group security can be achieved assuming the server is trusted to correctly authorize the group members. We prove that Zoom indeed meets this notion. We then propose a stronger security notion that can provide security against malicious servers, and propose a transformation that can achieve this notion. We show how we can apply our transformation to Zoom to provably achieve stronger security against malicious servers, notably without introducing new security elements.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. IEEE S&P 2024
Video conferencinggroup key distributionZoommalicious serversformal proofsPAKEpasswords
Contact author(s)
cremers @ cispa de
er @ eyalro net
mang zhao @ cispa de
2023-08-21: approved
2023-08-16: received
See all versions
Short URL
Creative Commons Attribution


      author = {Cas Cremers and Eyal Ronen and Mang Zhao},
      title = {Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1243},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.