End-to-end encrypted secure messaging is a widely used class of cryptographic protocols enabling clients to communicate securely and asynchronously over untrusted network and server infrastructure. The term “secure” encompasses several security guarantees, including message authenticity and a robust level of message confidentiality, captured by the notions of post-compromise security (PCS) and forward secrecy (FS). Intuitively, these notions require that current messages remain secure against any adversary that controls all network traffic and can leak all participants’ local states both in the past (PCS) and in the future (FS).
A new class of messaging applications are based on underlying Continuous Group Key Agreement (CGKA) protocols, including the IETF’s upcoming Messaging Layer Security (MLS) standard. Most of the functionality, security and efficiency properties of these protocols is inherited directly from their underlying CGKAs, rendering CGKA a growing subject of cryptographic research in recent years. In this work we analyse the security and propose improvements for the CGKA protocol proposed by the MLS standard.
Yiannis Tselekounis is a Lecturer at the Department of Information Security at Royal Holloway, University of London. His research focuses on applied and theoretical aspects of cryptography, including the security of cryptographic protocols, leakage/tamper-resilient cryptography, and blockchains. Before joining RHUL, Yiannis was a postdoctoral researcher at Carnegie Mellon University and Faculty Fellow at New York University. He obtained his PhD degree from the Department of Informatics of the University of Edinburgh.