Paper 2024/362

Integrating Causality in Messaging Channels

Shan Chen, Southern University of Science and Technology
Marc Fischlin, Technische Universität Darmstadt
Abstract

Causal reasoning plays an important role in the comprehension of communication, but it has been elusive so far how causality should be properly preserved by instant messaging services. To the best of our knowledge, causality preservation is not even treated as a desired security property by most (if not all) existing secure messaging protocols like Signal. This is probably due to the intuition that causality seems already preserved when all received messages are intact and displayed according to their sending order. Our starting point is to notice that this intuition is wrong. Until now, for messaging channels (where conversations take place), both the proper causality model and the provably secure constructions have been left open. Our work fills this gap, with the goal to facilitate the formal understanding of causality preservation in messaging. First, we focus on the common two-user secure messaging channels and model the desired causality preservation property. We take the popular Signal protocol as an example and analyze the causality security of its cryptographic core (the double-ratchet mechanism). We show its inadequacy with a simple causality attack, then fix it such that the resulting Signal channel is causality-preserving, even in a strong sense that guarantees post-compromise security. Our fix is actually generic: it can be applied to any bidirectional channel to gain strong causality security. Then, we model causality security for the so-called message franking channels. Such a channel additionally enables end users to report individual abusive messages to a server (e.g., the service provider), where this server relays the end-to-end-encrypted communication between users. Causality security in this setting further allows the server to retrieve the necessary causal dependencies of each reported message, essentially extending isolated reported messages to message flows. This has great security merit for dispute resolution, because a benign message may be deemed abusive when isolated from the context. As an example, we apply our model to analyze Facebook’s message franking scheme. We show that a malicious user can easily trick Facebook (i.e., the server) to accuse an innocent user. Then we fix this issue by amending the underlying message franking channel to preserve the desired causality.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
A major revision of an IACR publication in EUROCRYPT 2024
Keywords
CausalitySecure messagingSignalMessage franking
Contact author(s)
dragoncs16 @ gmail com
marc fischlin @ tu-darmstadt de
History
2024-03-01: approved
2024-02-28: received
See all versions
Short URL
https://ia.cr/2024/362
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/362,
      author = {Shan Chen and Marc Fischlin},
      title = {Integrating Causality in Messaging Channels},
      howpublished = {Cryptology ePrint Archive, Paper 2024/362},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/362}},
      url = {https://eprint.iacr.org/2024/362}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.