Wickr’s Cryptographer, Joël Alwen, recently spoke at Real World Crypto 2020. In the talk, Joël discusses his project which is a formal security analysis of the core part of the MLS protocol called TreeKEM. The project (entitled Security Analysis and Improvements for the IETF MLS Standard for Group Messaging) is a collaboration between Wickr and cryptographers at NYU and IOHK. You can learn more about Real World Crypto 2020 and the details of Joël’s latest project below:
About Real World Crypto 2020
The Real World Crypto Symposium is a conference for applied cryptography research organized by the International Association for Cryptologic Research (IACR). The symposium was started in 2012 by Kenny Paterson and Nigel Smart. The conference aims to bring together cryptography researchers with developers implementing cryptography in real-world systems, in order to strengthen the dialogue between the two. Topics covered at Real World Crypto focus on uses of cryptography in real-world environments such as the Internet, the cloud, and embedded devices. This year’s conference took place in New York on January 8-10.
About the Project
The project started as an effort to do a formal security analysis of the core part of the MLS protocol called TreeKEM. However, the cryptographers hit a roadblock in that they were only able to prove unexpectedly weak forms of Forward Secrecy (FS) of TreeKEM. It turned out that rather than being a limitation of the proof technique this was instead due to a rather severe weakness in TreeKEM’s FS property. In fact, once Joël and the team uncovered the vulnerability it immediately became clear how to exploit it in the form of a rather serious class of attacks. What’s more, such attacks could, in turn, be extended into attacks on the PCS of MLS. At this point, the project shifted focus to building a more secure CGKA component to replace TreeKEM in the MLS protocol. You can read the full report here: https://eprint.iacr.org/2019/1189.pdf