Post-Compromise Security in Self-Encryption

In self-encryption, a device encrypts some piece of information for itself to decrypt in the future. We are interested in security of self-encryption when the state occasionally leaks. Applications that use self-encryption include cloud storage, when a client encrypts files to be stored, and in 0-RTT session resumptions, when a server encrypts a resumption key to be kept by the client. Previous works focused on forward security and resistance to replay attacks. In our work, we study post-compromise security (PCS). PCS was achieved in ratcheted instant messaging schemes, at the price of having an inflating state size. An open question was whether state inflation was necessary. In our results, we prove that post-compromise security implies a super-linear state size in terms of the number of active ciphertexts which can still be decrypted. We apply our result to self-encryption for cloud storage, 0-RTT session resumption, and secure messaging. We further show how to construct a secure scheme matching our bound on the state size up to a constant factor

Accelerating Scientific Publication in Biology

Scientific publications enable results and ideas to be transmitted throughout the scientific community. The number and type of journal publications also have become the primary criteria used in evaluating career advancement. Our analysis suggests that publication practices have changed considerably in the life sciences over the past thirty years. More experimental data is now required for publication, and the average time required for graduate students to publish their first paper has increased and is approaching the desirable duration of Ph.D. training. Since publication is generally a requirement for career progression, schemes to reduce the time of graduate student and postdoctoral training may be difficult to implement without also considering new mechanisms for accelerating communication of their work. The increasing time to publication also delays potential catalytic effects that ensue when many scientists have access to new information. The time has come for life scientists, funding agencies, and publishers to discuss how to communicate new findings in a way that best serves the interests of the public and the scientific community.Comment: 39 pages, 6 figures, 1 table, and a Q&A related to pre-print

Formal Analysis of Session-Handling in Secure Messaging: Lifting Security from Sessions to Conversations

The building blocks for secure messaging apps, such as Signal’s X3DH and Double Ratchet (DR) protocols, have received a lot of attention from the research community. They have notably been proved to meet strong security properties even in the case of compromise such as Forward Secrecy (FS) and Post-Compromise Security (PCS). However, there is a lack of formal study of these properties at the application level. Whereas the research works have studied such properties in the context of a single ratcheting chain, a conversation between two persons in a messaging application can in fact be the result of merging multiple ratcheting chains. In this work, we initiate the formal analysis of secure mes- saging taking the session-handling layer into account, and apply our approach to Sesame, Signal’s session management. We first experimentally show practical scenarios in which PCS can be violated in Signal by a clone attacker, despite its use of the Double Ratchet. We identify how this is enabled by Signal’s session-handling layer. We then design a formal model of the session-handling layer of Signal that is tractable for automated verification with the Tamarin prover, and use this model to rediscover the PCS violation and propose two provably secure mechanisms to offer stronger guarantees

Content-dependent behavior in musical practice

Individual practice is the primary context in which musicians develop their musical and technical skills and learn new repertoire. The pedagogical literature (including books, websites, articles, and treatises) has treated the subject extensively, offering advice on how musicians should practice to optimize their efficiency. A central theme in this body of literature is the need to tailor one’s approach to the specific challenges presented by the music; that is, to use different strategies to practice different kinds of problems. Prior research in musical practice seeking to explore how student musicians regulate their behaviors during practice has examined students’ knowledge and, to a limited degree, their use of specific behaviors. However, existing studies often rely on self-reporting or employ a case-study methodology. Studies that have used controlled observation to examine how and when musicians employ specific behaviors typically observe individuals working on a single example. These approaches preclude a direct comparison of whether or how musicians modify their practice behaviors in response to different types of musical material, nor do they allow for an examination of how any such modifications change as musicians develop expertise in the activity of practicing. In the present study, violinists of three experience levels (high school, collegiate music majors, and professional) practiced three excerpts characterized by distinct technical challenges (string crossings, shifts, and syncopated bowing patterns). Results show that musicians do indeed selectively employ or omit certain practice behaviors in response to the material they are learning, apparently representing the modified approaches that many pedagogues prescribe. However, the rates at which participants employed these strategic behaviors were low; whether these behaviors are potent problem-solving tools that need only be applied sparingly or whether the behaviors were under-utilized is unclear. Musicians of different experience levels choose similar locations within the music to practice, suggesting that groups do not differ in the problems within the material they identified. However, between-group differences emerged in the use of specific behaviors, suggesting that musicians’ ways of working on a particular problem changes as they gain practice experience. Less experienced participants were more likely than more experienced individuals to exhibit ratcheted practice, apparent attempts at extended or event complete performance trials interrupted by small backtracks, possibly representing in-the-moment error corrections.Musi

A Formal Security Analysis of the Signal Messaging Protocol

The Signal protocol is a cryptographic messaging protocol that provides end-to-end encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among many others, serving well over 1 billion active users. Signal includes several uncommon security properties (such as future secrecy or post-compromise security ), enabled by a novel technique called *ratcheting* in which session keys are updated with every message sent. We conduct a formal security analysis of Signal\u27s initial extended triple Diffie-Hellman (X3DH) key agreement and Double Ratchet protocols as a multi-stage authenticated key exchange protocol. We extract from the implementation a formal description of the abstract protocol, and define a security model which can capture the ratcheting key update structure as a multi-stage model where there can be a tree of stages, rather than just a sequence. We then prove the security of Signal\u27s key exchange core in our model, demonstrating several standard security properties. We have found no major flaws in the design, and hope that our presentation and results can serve as a foundation for other analyses of this widely adopted protocol