Efficient Ratcheting: Almost-Optimal Guarantees for Secure Messaging View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2019-04-18

AUTHORS

Daniel Jost , Ueli Maurer , Marta Mularczyk

ABSTRACT

In the era of mass surveillance and information breaches, privacy of Internet communication, and messaging in particular, is a growing concern. As secure messaging protocols are executed on the not-so-secure end-user devices, and because their sessions are long-lived, they aim to guarantee strong security even if secret states and local randomness can be exposed.The most basic security properties, including forward secrecy, can be achieved using standard techniques such as authenticated encryption. Modern protocols, such as Signal, go one step further and additionally provide the so-called backward secrecy, or healing from state exposures. These additional guarantees come at the price of a moderate efficiency loss (they require public-key primitives).On the opposite side of the security spectrum are the works by Jaeger and Stepanovs and by Poettering and Rösler, which characterize the optimal security a secure-messaging scheme can achieve. However, their proof-of-concept constructions suffer from an extreme efficiency loss compared to Signal. Moreover, this caveat seems inherent.This paper explores the area in between: our starting point are the basic, efficient constructions, and then we ask how far we can go towards the optimal security without losing too much efficiency. We present a construction with guarantees much stronger than those achieved by Signal, and slightly weaker than optimal, yet its efficiency is closer to that of Signal (only standard public-key cryptography is used).On a technical level, achieving optimal guarantees inherently requires key-updating public-key primitives, where the update information is allowed to be public. We consider secret update information instead. Since a state exposure temporally breaks confidentiality, we carefully design such secretly-updatable primitives whose security degrades gracefully if the supposedly secret update information leaks. More... »

PAGES

159-188

Book

TITLE

Advances in Cryptology – EUROCRYPT 2019

ISBN

978-3-030-17652-5
978-3-030-17653-2

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-17653-2_6

DOI

http://dx.doi.org/10.1007/978-3-030-17653-2_6

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1114220768


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0804", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Data Format", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.5801.c", 
          "name": [
            "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Jost", 
        "givenName": "Daniel", 
        "id": "sg:person.013356446515.02", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013356446515.02"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.5801.c", 
          "name": [
            "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Maurer", 
        "givenName": "Ueli", 
        "id": "sg:person.01316567627.91", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01316567627.91"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland", 
          "id": "http://www.grid.ac/institutes/grid.5801.c", 
          "name": [
            "Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Mularczyk", 
        "givenName": "Marta", 
        "id": "sg:person.013734432247.31", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013734432247.31"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2019-04-18", 
    "datePublishedReg": "2019-04-18", 
    "description": "In the era of mass surveillance and information breaches, privacy of Internet communication, and messaging in particular, is a growing concern. As secure messaging protocols are executed on the not-so-secure end-user devices, and because their sessions are long-lived, they aim to guarantee strong security even if secret states and local randomness can be exposed.The most basic security properties, including forward secrecy, can be achieved using standard techniques such as authenticated encryption. Modern protocols, such as Signal, go one step further and additionally provide the so-called backward secrecy, or healing from state exposures. These additional guarantees come at the price of a moderate efficiency loss (they require public-key primitives).On the opposite side of the security spectrum are the works by Jaeger and Stepanovs and by Poettering and R\u00f6sler, which characterize the optimal security a secure-messaging scheme can achieve. However, their proof-of-concept constructions suffer from an extreme efficiency loss compared to Signal. Moreover, this caveat seems inherent.This paper explores the area in between: our starting point are the basic, efficient constructions, and then we ask how far we can go towards the optimal security without losing too much efficiency. We present a construction with guarantees much stronger than those achieved by Signal, and slightly weaker than optimal, yet its efficiency is closer to that of Signal (only standard public-key cryptography is used).On a technical level, achieving optimal guarantees inherently requires key-updating public-key primitives, where the update information is allowed to be public. We consider secret update information instead. Since a state exposure temporally breaks confidentiality, we carefully design such secretly-updatable primitives whose security degrades gracefully if the supposedly secret update information leaks.", 
    "editor": [
      {
        "familyName": "Ishai", 
        "givenName": "Yuval", 
        "type": "Person"
      }, 
      {
        "familyName": "Rijmen", 
        "givenName": "Vincent", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-17653-2_6", 
    "inLanguage": "en", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-030-17652-5", 
        "978-3-030-17653-2"
      ], 
      "name": "Advances in Cryptology \u2013 EUROCRYPT 2019", 
      "type": "Book"
    }, 
    "keywords": [
      "end-user devices", 
      "update information", 
      "optimal security", 
      "secure messaging protocols", 
      "optimal guarantees", 
      "basic security properties", 
      "public-key primitives", 
      "backward secrecy", 
      "messaging protocol", 
      "moderate efficiency loss", 
      "Internet communication", 
      "strong security", 
      "security properties", 
      "forward secrecy", 
      "information leaks", 
      "information breach", 
      "security degrades", 
      "security spectrum", 
      "secure messaging", 
      "mass surveillance", 
      "secret state", 
      "guarantees", 
      "efficiency loss", 
      "security", 
      "primitives", 
      "efficient construction", 
      "technical level", 
      "secrecy", 
      "modern protocols", 
      "state exposure", 
      "protocol", 
      "signals", 
      "additional guarantees", 
      "efficiency", 
      "encryption", 
      "privacy", 
      "Poettering", 
      "devices", 
      "information", 
      "confidentiality", 
      "communication", 
      "messaging", 
      "local randomness", 
      "breach", 
      "degrades", 
      "concept construction", 
      "scheme", 
      "construction", 
      "starting point", 
      "properties", 
      "standard techniques", 
      "proof", 
      "randomness", 
      "spectra", 
      "technique", 
      "surveillance", 
      "loss", 
      "work", 
      "paper", 
      "step", 
      "era", 
      "opposite side", 
      "R\u00f6sler", 
      "area", 
      "point", 
      "concern", 
      "sessions", 
      "state", 
      "side", 
      "prices", 
      "leak", 
      "caveats", 
      "healing", 
      "exposure", 
      "levels", 
      "Stepanov", 
      "Jaeger"
    ], 
    "name": "Efficient Ratcheting: Almost-Optimal Guarantees for Secure Messaging", 
    "pagination": "159-188", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1114220768"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-17653-2_6"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-17653-2_6", 
      "https://app.dimensions.ai/details/publication/pub.1114220768"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-05-20T07:44", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220519/entities/gbq_results/chapter/chapter_265.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-030-17653-2_6"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-17653-2_6'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-17653-2_6'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-17653-2_6'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-17653-2_6'


 

This table displays all metadata directly associated to this object as RDF triples.

156 TRIPLES      23 PREDICATES      102 URIs      95 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-17653-2_6 schema:about anzsrc-for:08
2 anzsrc-for:0804
3 schema:author N1acc022b071c4b8da58fc7c7d18e9cf3
4 schema:datePublished 2019-04-18
5 schema:datePublishedReg 2019-04-18
6 schema:description In the era of mass surveillance and information breaches, privacy of Internet communication, and messaging in particular, is a growing concern. As secure messaging protocols are executed on the not-so-secure end-user devices, and because their sessions are long-lived, they aim to guarantee strong security even if secret states and local randomness can be exposed.The most basic security properties, including forward secrecy, can be achieved using standard techniques such as authenticated encryption. Modern protocols, such as Signal, go one step further and additionally provide the so-called backward secrecy, or healing from state exposures. These additional guarantees come at the price of a moderate efficiency loss (they require public-key primitives).On the opposite side of the security spectrum are the works by Jaeger and Stepanovs and by Poettering and Rösler, which characterize the optimal security a secure-messaging scheme can achieve. However, their proof-of-concept constructions suffer from an extreme efficiency loss compared to Signal. Moreover, this caveat seems inherent.This paper explores the area in between: our starting point are the basic, efficient constructions, and then we ask how far we can go towards the optimal security without losing too much efficiency. We present a construction with guarantees much stronger than those achieved by Signal, and slightly weaker than optimal, yet its efficiency is closer to that of Signal (only standard public-key cryptography is used).On a technical level, achieving optimal guarantees inherently requires key-updating public-key primitives, where the update information is allowed to be public. We consider secret update information instead. Since a state exposure temporally breaks confidentiality, we carefully design such secretly-updatable primitives whose security degrades gracefully if the supposedly secret update information leaks.
7 schema:editor N1bef018e34cf4861809c2f144b1638ca
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree false
11 schema:isPartOf Nf879ca9421e64abcbd606f470381a7c9
12 schema:keywords Internet communication
13 Jaeger
14 Poettering
15 Rösler
16 Stepanov
17 additional guarantees
18 area
19 backward secrecy
20 basic security properties
21 breach
22 caveats
23 communication
24 concept construction
25 concern
26 confidentiality
27 construction
28 degrades
29 devices
30 efficiency
31 efficiency loss
32 efficient construction
33 encryption
34 end-user devices
35 era
36 exposure
37 forward secrecy
38 guarantees
39 healing
40 information
41 information breach
42 information leaks
43 leak
44 levels
45 local randomness
46 loss
47 mass surveillance
48 messaging
49 messaging protocol
50 moderate efficiency loss
51 modern protocols
52 opposite side
53 optimal guarantees
54 optimal security
55 paper
56 point
57 prices
58 primitives
59 privacy
60 proof
61 properties
62 protocol
63 public-key primitives
64 randomness
65 scheme
66 secrecy
67 secret state
68 secure messaging
69 secure messaging protocols
70 security
71 security degrades
72 security properties
73 security spectrum
74 sessions
75 side
76 signals
77 spectra
78 standard techniques
79 starting point
80 state
81 state exposure
82 step
83 strong security
84 surveillance
85 technical level
86 technique
87 update information
88 work
89 schema:name Efficient Ratcheting: Almost-Optimal Guarantees for Secure Messaging
90 schema:pagination 159-188
91 schema:productId N03b8ca54aeae4fbb954740763de3e38e
92 N982c6f7b9491444d9d75bb336121a0ce
93 schema:publisher N2c1025435c4c4e3eb243bb9abd359b1f
94 schema:sameAs https://app.dimensions.ai/details/publication/pub.1114220768
95 https://doi.org/10.1007/978-3-030-17653-2_6
96 schema:sdDatePublished 2022-05-20T07:44
97 schema:sdLicense https://scigraph.springernature.com/explorer/license/
98 schema:sdPublisher N896dadc49da0411588440f1576f1503b
99 schema:url https://doi.org/10.1007/978-3-030-17653-2_6
100 sgo:license sg:explorer/license/
101 sgo:sdDataset chapters
102 rdf:type schema:Chapter
103 N03b8ca54aeae4fbb954740763de3e38e schema:name dimensions_id
104 schema:value pub.1114220768
105 rdf:type schema:PropertyValue
106 N1acc022b071c4b8da58fc7c7d18e9cf3 rdf:first sg:person.013356446515.02
107 rdf:rest N723377aacfa8410c9b708cfc2ed3b01b
108 N1bef018e34cf4861809c2f144b1638ca rdf:first N52e1b8e9ed364daba2831d544b4459ac
109 rdf:rest Ndb2077ed95954a67893bd8f482436ded
110 N2c1025435c4c4e3eb243bb9abd359b1f schema:name Springer Nature
111 rdf:type schema:Organisation
112 N50879e71a72e4616b342ade0cddac8ee rdf:first sg:person.013734432247.31
113 rdf:rest rdf:nil
114 N52e1b8e9ed364daba2831d544b4459ac schema:familyName Ishai
115 schema:givenName Yuval
116 rdf:type schema:Person
117 N723377aacfa8410c9b708cfc2ed3b01b rdf:first sg:person.01316567627.91
118 rdf:rest N50879e71a72e4616b342ade0cddac8ee
119 N896dadc49da0411588440f1576f1503b schema:name Springer Nature - SN SciGraph project
120 rdf:type schema:Organization
121 N982c6f7b9491444d9d75bb336121a0ce schema:name doi
122 schema:value 10.1007/978-3-030-17653-2_6
123 rdf:type schema:PropertyValue
124 Nbe9c613f1d0d41aa85f6194fe93b4965 schema:familyName Rijmen
125 schema:givenName Vincent
126 rdf:type schema:Person
127 Ndb2077ed95954a67893bd8f482436ded rdf:first Nbe9c613f1d0d41aa85f6194fe93b4965
128 rdf:rest rdf:nil
129 Nf879ca9421e64abcbd606f470381a7c9 schema:isbn 978-3-030-17652-5
130 978-3-030-17653-2
131 schema:name Advances in Cryptology – EUROCRYPT 2019
132 rdf:type schema:Book
133 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
134 schema:name Information and Computing Sciences
135 rdf:type schema:DefinedTerm
136 anzsrc-for:0804 schema:inDefinedTermSet anzsrc-for:
137 schema:name Data Format
138 rdf:type schema:DefinedTerm
139 sg:person.01316567627.91 schema:affiliation grid-institutes:grid.5801.c
140 schema:familyName Maurer
141 schema:givenName Ueli
142 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01316567627.91
143 rdf:type schema:Person
144 sg:person.013356446515.02 schema:affiliation grid-institutes:grid.5801.c
145 schema:familyName Jost
146 schema:givenName Daniel
147 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013356446515.02
148 rdf:type schema:Person
149 sg:person.013734432247.31 schema:affiliation grid-institutes:grid.5801.c
150 schema:familyName Mularczyk
151 schema:givenName Marta
152 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013734432247.31
153 rdf:type schema:Person
154 grid-institutes:grid.5801.c schema:alternateName Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland
155 schema:name Department of Computer Science, ETH Zurich, 8092, Zurich, Switzerland
156 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...