Paper 2024/918

Cryptographic Analysis of Delta Chat

Yuanming Song, ETH Zurich
Lenka Mareková, ETH Zurich
Kenneth G. Paterson, ETH Zurich
Abstract

We analyse the cryptographic protocols underlying Delta Chat, a decentralised messaging application which uses e-mail infrastructure for message delivery. It provides end-to-end encryption by implementing the Autocrypt standard and the SecureJoin protocols, both making use of the OpenPGP standard. Delta Chat's adoption by categories of high-risk users such as journalists and activists, but also more generally users in regions affected by Internet censorship, makes it a target for powerful adversaries. Yet, the security of its protocols has not been studied to date. We describe five new attacks on Delta Chat in its own threat model, exploiting cross-protocol interactions between its implementation of SecureJoin and Autocrypt, as well as bugs in rPGP, its OpenPGP library. The findings have been disclosed to the Delta Chat team, who implemented fixes.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. Minor revision. USENIX 2024
Keywords
OpenPGPAutocryptDelta Chatdecentralised messaging
Contact author(s)
songyu @ student ethz ch
lenka marekova @ inf ethz ch
kenny paterson @ inf ethz ch
History
2024-06-10: approved
2024-06-09: received
See all versions
Short URL
https://ia.cr/2024/918
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/918,
      author = {Yuanming Song and Lenka Mareková and Kenneth G. Paterson},
      title = {Cryptographic Analysis of Delta Chat},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/918},
      year = {2024},
      url = {https://eprint.iacr.org/2024/918}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.