The Double Ratchet: Security Notions, Proofs, and Modularization for the Signal Protocol

Signal is a famous secure messaging protocol used by billions of people, by virtue of many secure text messaging applications including Signal itself, WhatsApp, Facebook Messenger, Skype, and Google Allo. At its core it uses the concept of double ratcheting, where every message is encrypted and authenticated using a fresh symmetric key; it has many attractive properties, such as forward security, post-compromise security, and immediate (no-delay) decryption, which had never been achieved in combination by prior messaging protocols. While the formal analysis of the Signal protocol, and ratcheting in general, has attracted a lot of recent attention, we argue that none of the existing analyses is fully satisfactory. To address this problem, we give a clean and general definition of secure messaging, which clearly indicates the types of security we expect, including forward security, post-compromise security, and immediate decryption. We are the first to explicitly formalize and model the immediate decryption property, which implies (among other things) that parties seamlessly recover if a given message is permanently lost---a property not achieved by any of the recent provable alternatives to Signal. We build a modular generalized Signal protocol from the following components: (a) continuous key agreement (CKA), a clean primitive we introduce and which can be easily and generically built from public-key encryption (not just Diffie-Hellman as is done in the current Signal protocol) and roughly models public-key ratchets; (b) forward-secure authenticated encryption with associated data (FS-AEAD), which roughly captures symmetric-key ratchets; and (c) a two-input hash function that is a pseudorandom function (resp. generator with input) in its first (resp. second) input, which we term PRF-PRNG. As a result, in addition to instantiating our framework in a way resulting in the existing, widely-used Diffie-Hellman based Signal protocol, we can easily get post-quantum security and not rely on random oracles in the analysis. We further show that our design can be elegantly extended to include other forms of fine-grained state compromise recently studied at CRYPTO\u2718, but without sacrificing the immediate decryption property. However, we argue that the additional security offered by these modifications is unlikely to justify the efficiency hit of using much heavier public-key cryptography in place of symmetric-key cryptography

Scalable Multiparty Garbling

Multiparty garbling is the most popular approach for constant-round secure multiparty computation (MPC). Despite being the focus of significant research effort, instantiating prior approaches to multiparty garbling results in constant-round MPC that can not realistically accommodate large numbers of parties. In this work we present the first global-scale multiparty garbling protocol. The per-party communication complexity of our protocol decreases as the number of parties participating in the protocol increases---for the first time matching the asymptotic communication complexity of non-constant round MPC protocols. Our protocol achieves malicious security in the honest-majority setting and relies on the hardness of the Learning Party with Noise assumption

ACORN: Input Validation for Secure Aggregation

Secure aggregation enables a server to learn the sum of client-held vectors in a privacy-preserving way, and has been successfully applied to distributed statistical analysis and machine learning. In this paper, we both introduce a more efficient secure aggregation construction and extend secure aggregation by enabling input validation, in which the server can check that clients\u27 inputs satisfy required constraints such as $L_0$, $L_2$, and $L_\infty$ bounds. This prevents malicious clients from gaining disproportionate influence on the computed aggregated statistics or machine learning model. Our new secure aggregation protocol improves the computational efficiency of the state-of-the-art protocol of Bell et al. (CCS 2020) both asymptotically and concretely: we show via experimental evaluation that it results in $2$-$8$X speedups in client computation in practical scenarios. Likewise, our extended protocol with input validation improves on prior work by more than $30$X in terms of client communiation (with comparable computation costs). Compared to the base protocols without input validation, the extended protocols incur only $0.1$X additional communication, and can process binary indicator vectors of length $1$M, or 16-bit dense vectors of length $250$K, in under $80$s of computation per client

Scalable and Robust Distributed Algorithms for Privacy-Preserving Applications

We live in an era when political and commercial entities are increasingly engaging in sophisticated cyber attacks to damage, disrupt, or censor information content and to conduct mass surveillance. By compiling various patterns from user data over time, untrusted parties could create an intimate picture of sensitive personal information such as political and religious beliefs, health status, and so forth. In this dissertation, we study scalable and robust distributed algorithms that guarantee user privacy when communicating with other parties to either solely exchange information or participate in multi-party computations. We consider scalability and robustness requirements in three privacy-preserving areas: secure multi-party computation (MPC), anonymous broadcast, and blocking-resistant Tor bridge distribution. We propose decentralized algorithms for MPC that, unlike most previous work, scale well with the number of parties and tolerate malicious faults from a large fraction of the parties. Our algorithms do not require any trusted party and are fully load-balanced. Anonymity is an essential tool for achieving privacy; it enables individuals to communicate with each other without being identified as the sender or the receiver of the information being exchanged. We show that our MPC algorithms can be effectively used to design a scalable anonymous broadcast protocol. We do this by developing a multi-party shuffling protocol that can efficiently anonymize a sequence of messages in the presence of many faulty nodes. Our final approach for preserving user privacy in cyberspace is to improve Tor; the most popular anonymity network in the Internet. A current challenge with Tor is that colluding corrupt users inside a censorship territory can completely block user\u27s access to Tor by obtaining information about a large fraction of Tor bridges; a type of relay nodes used as the Tor\u27s primary mechanism for blocking-resistance. We describe a randomized bridge distribution algorithm, where all honest users are guaranteed to connect to Tor in the presence of an adversary corrupting an unknown number of users. Our simulations suggest that, with minimal resource costs, our algorithm can guarantee Tor access for all honest users after a small (logarithmic) number of rounds

LIPIcs, Volume 251, ITCS 2023, Complete Volume

LIPIcs, Volume 251, ITCS 2023, Complete Volum

An Approach to Guide Users Towards Less Revealing Internet Browsers

When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

The Discursive Construction Of Child Sexual Abuse

Currently in the English speaking world adult/child sex and knowledge about it has become firmly located within a taken-for-granted 'child sexual abuse' discourse. My argument in this thesis is that despite being commonly portrayed as a singularity, the discursive arena of adult/child sex is a site of controversy and conflict, invested with meanings that differ over time and place. Child sexual abuse cannot thus be thought of as something that exists outside of the situated knowledge through which its taken-for-granted nature is brought into being and maintained. A stated aim of this thesis is, therefore, to explore some of the complex, heterogeneous and nuanced ways in which adult/child sex is put into discourse as child sexual abuse. The analytics of Beryl Curt and Michel Foucault were applied to Q Methodology, participant observation and a range of ethnographically informed methodologies. The Q Methodological study revealed five explanatory accounts. These were explicated as a Mainstream Professional Account; Boy-Love; A Liberal Account of Child Sexual Abuse; Sexual Abuse as Paraphilia and a Feminist lnformed Account. The Q study also revealed three standpoints on child sexual abuse: Feminist/Child Protectionist; Social Constructionist/Children's Rights; and Childhood Sexuality. Three alternative viewpoints on the social policies that should be adopted in this area were also identified in this study. These were explicated as Libertarian; Control and Protect and Liberal Humanism . Also examined were the performative aspects of the phenomenon of child sexual abuse through an interrogation of the subject position that are available (to survivors of sexual abuse, convicted child sex offenders and those who advocate adult/child sexual contact), to be adopted, resisted or reformed. The thesis ends with a review of the main findings of my research in terms of theory. practice and research in the area of child sexual abuse. It also examines methodological issues and reflects upon my own experiences of conducting this work