Signal Protocol’s crypto core has no major flaws, researchers find
A group of computer science and cryptography professors and doctoral students has effected a security analysis of the secure messaging Signal Protocol – specifically, of its Key Agreement and Double Ratchet multi-stage key exchange protocol (the effective cryptographic core).
The results of the analysis are encouraging. “We have found no major flaws in the design, and hope that our presentation and results can serve as a starting point for other analyses of this widely adopted protocol,” they noted in the paper detailing their research.
The Signal cryptographic protocol is used by a variety of popular messaging apps, including Facebook Messenger, WhatsApp, Google Allo, Signal (the app developed by Open Whisper Systems, the company that also developed the secure protocol in question), as well as Silent Circle, CryptoCat (v2), and others.
In short, billions of users depend on it for end-to-end encrypted, secure communication.
“One might expect this widespread uptake of the Signal protocol by large players to be accompanied by an in-depth security analysis and examination of the design rationale, in order to understand and specify the security assurances which Signal is intended to provide, and to verify that it provides them. Surprisingly, this is not yet the case,” the researchers pointed out, and effectively explained the impetus behind their effort.
The protocol is open source, but the code is not well documented, so the researchers had their work cut out for them. In addition to this, the analysis also proved challenging because Signal employs a “novel and unstudied design” that does not fit into existing analysis models – so they had to create one that would allow it.
They made sure to note that they did not analyze all the mechanisms and components on which the security of the protocol depends on, nor studied all security and functionality goals which Signal may address.
Also, they pointed out, “popular applications using Signal tend to change important details as they implement or integrate the protocol, and thus merit security analyses in their own right.” This analysis should be just the first of many, they concluded.
The research group consists of Cas Cremers, professor of Information Security at the University of Oxford, Katriel Cohn-Gordon and Luke Garratt (two doctoral students at the same university), Assistant Professor in cryptography at McMaster University Dr. Douglas Stebila, and Ben Dowling, a Ph.D candidate at the Queensland University of Technology.