DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2020 On Asynchronous Group Key Agreements Tripartite Asynchronous Ratchet Trees PHILLIP GAJLAND KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE On Asynchronous Group Key Agreements Phillip Gajland A thesis submitted for the degree of Master of Science Theoretical Computer Science: Algorithms, Complexity and Cryptography Supervisor (CH): Prof. Dr. Serge Vaudenay Security and Cryptography Laboratory (LASEC) EPFL { Swiss Federal Institute of Technology Lausanne Supervisor (SE): Prof. Dr. Mats N¨aslund Division of Theoretical Computer Science (TCS) KTH - Royal Institute of Technology Examiner: Prof. Dr. Johan H˚astad Department of Mathematics KTH - Royal Institute of Technology School of Electrical Engineering and Computer Science KTH Royal Institute of Technology Stockholm / Lausanne - Spring 2020 Abstract The subject of secure messaging has gained notable attention lately in the cryptographic community. For communications between two parties, paradigms such as the double ratchet, used in the Signal protocol, provide provably strong security guarantees such as forward secrecy and post-compromise security. Variations of the Signal protocol have enjoyed widespread adoption and are embedded in several well known messaging services, including Signal, WhatsApp and Facebook Secret Conversations. However, providing equally strong guarantees that scale well in group settings remains somewhat less well studied and is often neglected in practice. This motivated the need for the IETF Messaging Layer Security (MLS) working group. The first continuous group key agreement (CGKA) protocol to be proposed was Asynchronous Ratcheting Trees (ART) [Cohn-Gordon et al., 2018] and formed the basis of TreeKEM [Barnes et al., 2019], the CGKA protocol currently suggested for MLS. In this thesis we propose a new asynchronous group key agreement protocol based on a one-round Tripartite Diffie-Hellman [Joux, 2000]. Furthermore, we show that our protocol can be generalised for an n-ary asynchronous ratchet tree, assuming the existence of a one-round (n + 1)-way Diffie-Hellman key exchange, based on a n-multilinear map [Boneh and Silverberg, 2003]. We analyse ART, TreeKEM, and our proposals from a complexity theoretic perspective and show that our proposals improve the cost of update operations. Finally we present some discussion and improvements to the IETF MLS standard. Keywords: MLS, secure messaging, cryptography. Phillip Gajland (Stockholm / Lausanne - Spring 2020) On Asynchronous Group Key Agreements 1 Sammanfattning Amnet¨ om s¨akra meddelanden har p˚a senare tid skapat uppm¨arksamhet inom kryptografiska samfundet. F¨orkommunikationer mellan tv˚aparter ger paradigmer s˚asom Double Ratchet, som anv¨ands i Signal-protokollet, starka bevisbara s¨akerhetsgarantier som forward secrecy och post-compromise security. Variationer av Signal-protokollet anv¨ands mycket i praktiken och ¨arinb¨addadei flera v¨alk¨andameddelandetj¨ansters˚asomSignal, WhatsApp och Facebook Secret Conversations. D¨aremot¨arprotokoll som erbjuder lika starka garantier och som skalar v¨ali gruppsituationer n˚agotmindre studerade och ofta eftersatta i praktiken. Detta motiverade behovet av arbetsgruppen IETF Messaging Layer Security (MLS). Det f¨orstakontinuerliga gruppnyckelprotokollet (CGKA) som f¨oreslogsvar Asynchronous Ratcheting Trees (ART) [Cohn-Gordon et al., 2018] och lade grunden f¨or TreeKEM [Barnes et al., 2019], det CGKA-protokoll som f¨orn¨arvarande f¨oreslagitsf¨orMLS. I detta examensarbete f¨oresl˚arvi ett nytt asynkront gruppnyckelprotokoll baserat p˚aen en-rundad Tripartite Diffie–Hellman [Joux, 2000]. Vidare visar vi att v˚artprotokoll kan generaliseras f¨orn-ary tr¨admed hj¨alpav ett en-rundat (n + 1)-v¨agDiffie-Hellman nyckelutbyte, baserat p˚aen multilinj¨armappning [Boneh and Silverberg, 2003]. Vi analyserar ART, TreeKEM och v˚araf¨orslag ur ett teoretiskt perspektiv samt visar att v˚araf¨orslag f¨orb¨attrar kostnaden f¨oruppdateringsoperationer. Slutligen presenterar vi n˚agradiskussioner och f¨orb¨attringarav IETF MLS-standarden. Nyckelord: MLS, s¨aker meddelandehantering, kryptografi. Phillip Gajland (Stockholm / Lausanne - Spring 2020) On Asynchronous Group Key Agreements 2 "Ich will! { Das Wort ist m¨achtig, Spricht's einer ernst und still; Die Sterne reißt’s vom Himmel Das eine Wort: Ich will!" - Große 3 Acknowledgements Foremost I would like to express my deepest appreciation to my supervisor, Serge Vaudenay, for hosting me at LASEC and making this thesis possible. His remarkable attention to detail and emphasis on quality research leaves me in awe. I am extremely grateful for the continued guidance that I have received from my supervisor in Sweden, Mats N¨aslund.His deep insights into such a wide range of topics in cryptography have been most valuable. I would also like to thank Johan H˚astadfor agreeing to be the examiner of this thesis and for putting me in touch with Mats. My time at the lab has been most memorable and I would like to thank all my colleagues there for the fruitful conversations. A particular mention goes to Fatih Balli, whom I had the privilege of sharing an office with, as well as Martine Corval for helping me with the various administrative hurdles. Finally, I thank my parents and family for their continued support. 4 Contents 1 Background 8 1.1 Motivation . .8 1.2 Outline . 11 1.3 Objectives of Secure Messaging . 11 1.4 Security Notions . 12 1.5 Relevant Previous Work . 13 1.6 Introductory Cryptography . 13 1.7 KEM . 15 2 Secure Messaging 17 2.1 The Signal Protocol . 17 2.2 X3DH . 17 2.3 Hash Ratchets & the Double Ratchet Algorithm . 19 3 Secure Group Messaging 24 3.1 Messaging Layer Security (MLS) . 25 3.2 Asynchronous Ratcheting Trees . 28 3.3 Tree KEM . 30 3.4 Tripartite Asynchronous Ratcheting Trees . 31 4 Discussion 38 4.1 Results and Conclusion . 38 4.2 Open Questions for the IETF MLS Standard . 39 5 List of Figures 1.1 PGP hasn't been adopted by the general public as non-technical users might find it hard to use. Inspecting public keys with gpg, the OpenPGP part of the GNU Privacy Guard (GnuPG). .9 1.2 A X.509 self-signed root certificate representing a certificate authority. 11 2.1 The three Diffie-Hellman operations making up X3DH are DH1 = DH(IKA; SPKB), DH2 = DH(EKA; IKB) and DH3 = DH(EKA; SPKB). The shared key k is computed as k = KDF(DH1jjDH2jjDH3). If the prekey bundle contains a one-time i prekey OPKB, then k is computed as k = KDF(DH1jjDH2jjDH3jjDH4), i where DH4 = DH(EKA; OPKB). ......................... 19 2.2 In a KDF chain, part of the output from a KDF is used as the input to a following KDF. The other part is used as an output key. Since each output appears random, a KDF chain provides forward secrecy. 21 2.3 Diffie-Hellman ratchet. Alice is initialised with Bob's ratchet pkB0 . Alice performs a DH computation with pkB0 and skA1 , the output is used to derive a new sending chain key. The next message sent by Alice includes her pkA1 . Bob then performs a DH computation using pkA1 and skB0 . The output is used to derive his new receiving chain key, which is the same as Alice's sending chain key. Bob then computes a new pair (pkB1 ; skB1 ) and derives a new key for his sending chain using pkA1 and skB1 ..................... 22 3.1 Using the Signal protocol for a group of 8 users would require 28 channels. 24 3.2 Users A, B and C publish their KeyPackages to a directory . 26 3.3 User A creates a group with users B and C. 27 3.4 User B sends an update. 28 3.5 ART - At each node a public key pk and a secret key sk is stored (separated by a semicolon). For intermediate nodes, the children's secret keys are used as the exponents to compute sk. f(·) maps a group element to an integer, f(·): G! Z=jGjZ, where G is an arbitrary Diffie-Hellman group. The path from C to the root is marked in red and the nodes lying on the copath of C are marked in bold................................. 29 3.6 TreeKEM - At each node a public key pk, a secret key sk and a symmetric secret is stored (separated by a semicolon). 30 6 LIST OF TABLES PKG 3.7 Tripartite ART - At each node a public key pk and a secret key sk is stored (separated by a semicolon). For intermediate nodes, one secret key along with two public keys belonging to the children are used to compute sk. The path from C to the root is marked in red and the nodes lying on the copath of C are marked in bold. 33 List of Tables 3.1 Comparison of ART, Tripartite ART and TreeKEM - listing the number of elementary cryptographic operations. Send update denotes the number of operations done by a group member initialising an update. Similarly, process update denotes the number of operations done by each group member to process an update. Transmission indicates the amount of key material that needs to be broadcasted to make an update. Storage indicates the number of public keys need to be stored along the path in order to compute the values stored at intermediate nodes. When updates are processed, on average only a constant number of keys need to be computed, the remaining keys along the path need to be cached though. As usual, (pk; sk) denotes a key pair of an arbitrary public-key cryptosystem and s denotes a symmetric secret . 37 7 Chapter 1 Background 1.1 Motivation Recently, the desire for secure messaging has gained an increase in popularity, in part due to the Snowden revelations [Macaskill and Dance, 2013]. Messaging applications have progressively been adopting end-to-end security mechanisms to ensure that messages are not accessible to servers involved in the communications, but only to the communicating end parties.