International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Fast Message Franking: From Invisible Salamanders to Encryptment

Authors:
Yevgeniy Dodis
Paul Grubbs
Thomas Ristenpart
Joanne Woodage
Download:
DOI: 10.1007/978-3-319-96884-1_6 (login may be required)
Search ePrint
Search Google
Presentation: Slides
Conference: CRYPTO 2018
Abstract: Message franking enables cryptographically verifiable reporting of abusive messages in end-to-end encrypted messaging. Grubbs, Lu, and Ristenpart recently formalized the needed underlying primitive, what they call compactly committing authenticated encryption (AE), and analyze security of a number of approaches. But all known secure schemes are still slow compared to the fastest standard AE schemes. For this reason Facebook Messenger uses AES-GCM for franking of attachments such as images or videos.We show how to break Facebook’s attachment franking scheme: a malicious user can send an objectionable image to a recipient but that recipient cannot report it as abuse. The core problem stems from use of fast but non-committing AE, and so we build the fastest compactly committing AE schemes to date. To do so we introduce a new primitive, called encryptment, which captures the essential properties needed. We prove that, unfortunately, schemes with performance profile similar to AES-GCM won’t work. Instead, we show how to efficiently transform Merkle-Damgärd-style hash functions into secure encryptments, and how to efficiently build compactly committing AE from encryptment. Ultimately our main construction allows franking using just a single computation of SHA-256 or SHA-3. Encryptment proves useful for a variety of other applications, such as remotely keyed AE and concealments, and our results imply the first single-pass schemes in these settings as well.
Video from CRYPTO 2018
BibTeX
@inproceedings{crypto-2018-28863,
  title={Fast Message Franking: From Invisible Salamanders to Encryptment},
  booktitle={Advances in Cryptology – CRYPTO 2018},
  series={Lecture Notes in Computer Science},
  publisher={Springer},
  volume={10991},
  pages={155-186},
  doi={10.1007/978-3-319-96884-1_6},
  author={Yevgeniy Dodis and Paul Grubbs and Thomas Ristenpart and Joanne Woodage},
  year=2018
}