Paper 2023/1300
Device-Oriented Group Messaging: A Formal Cryptographic Analysis of Matrix’ Core
Abstract
Focusing on its cryptographic core, we provide the first formal description of the Matrix secure group messaging protocol. Observing that no existing secure messaging model in the literature captures the relationships (and shared state) between users, their devices and the groups they are a part of, we introduce the Device-Oriented Group Messaging model to capture these key characteristics of the Matrix protocol. Utilising our new formalism, we determine that Matrix achieves the basic security notions of confidentiality and authentication, provided it introduces authenticated group membership. On the other hand, while the state sharing functionality in Matrix conflicts with advanced security notions in the literature – forward and post-compromise security – it enables features such as history sharing and account recovery, provoking broader questions about how such security notions should be conceptualised.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Major revision. 45th IEEE Symposium on Security and Privacy, S&P 2024 (to appear).
- Keywords
- secure messaginggroup messagingforward securitypost-compromise securityhistory sharingdevice management
- Contact author(s)
-
martin albrecht @ kcl ac uk
b dowling @ sheffield ac uk
dan jones @ rhul ac uk - History
- 2023-09-02: approved
- 2023-08-31: received
- See all versions
- Short URL
- https://ia.cr/2023/1300
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1300, author = {Martin R. Albrecht and Benjamin Dowling and Daniel Jones}, title = {Device-Oriented Group Messaging: A Formal Cryptographic Analysis of Matrix’ Core}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/1300}, year = {2023}, url = {https://eprint.iacr.org/2023/1300} }