Some thoughts about the Signal Messaging Protocol

The Signal protocol is provides end-to-end encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among many others, serving well over 1 billion active users.

Some years ago, a team of researchers (Katriel Cohn-Gordon, Cas Cremers, Benjamin Dowling, Luke Garratt, Douglas Stebila) realized a security analysis [1] of Signal protocol, still relevant and useful:

We conduct a formal security analysis of Signal’ initial extended triple Diffie-Hellman (X3DH) key agreement and Double Ratchet protocols as a multi-stage authenticated key exchange protocol. We extract from the implementation a formal description of the abstract protocol, and define a security model which can capture the “ratcheting” key update structure as a multi-stage model where there can be a “tree” of stages, rather than just a sequence. We then prove the security of Signal’s key exchange core in our model, demonstrating several standard security properties. We have found no major flaws in the design, and hope that our presentation and results can serve as a foundation for other analyses of this widely adopted protocol.


Results

Audit’s results were really good:

Practically speaking, they imply secrecy and authentication of the message keys which Signal derives, even under a variety of adversarial compromise scenarios such as forward security (and thus “future secrecy”). If used correctly, Signal could achieve a form of post-compromise security, which has substantial advantages over forward secrecy

And also:

As with many real-world security protocols, there are no detailed security goals specified for the protocol, so it is ultimately impossible to say if Signal achieves its goals. However, our analysis proves that several standard security properties are satisfied by the protocol, and we have found no major flaws in its design, which is very encouraging.

For technical details, you can refer to the research paper.


References

  1. A Formal Security Analysis of the Signal Messaging Protocol

Related posts

  1. Anomaly Six LLC: collecting and selling mobile phone location data using an SDK
  2. Why Huawei USB stick setup on linux adds a strange “Huawei Autorun” script in system start?
  3. Weekly Tech Roundup #14
  4. How secure and privacy-oriented is iOS?
  5. Sara Morrison: how SDKs, hidden trackers in your phone, work