CryptoDB
Analyzing Group Chat Encryption in MLS, Session, Signal, and Matrix
| Authors: |
|
|---|---|
| Download: | |
| Conference: | EUROCRYPT 2025 |
| Abstract: | We analyze the composition of symmetric encryption and digital signatures in secure group messaging protocols where group members share a symmetric encryption key. In particular, we analyze the chat encryption algorithms underlying MLS, Session, Signal, and Matrix using the formalism of symmetric signcryption introduced by Jaeger, Kumar, and Stepanovs (Eurocrypt 2024). We identify theoretical attacks against each of the constructions we analyze that result from the insufficient binding between the symmetric encryption scheme and the digital signature scheme. In the case of MLS and Session, these translate into practically exploitable replay attacks by a group-insider. For Signal this leads to a forgery attack by a group-outsider with access to a user's signing key, an attack previously discovered by Balbás, Collins, and Gajland (Asiacrypt 2023). In Matrix there are mitigations in the broader ecosystem that prevent exploitation. We provide formal security theorems that each of the four constructions are secure up to these attacks. |
BibTeX
@inproceedings{eurocrypt-2025-35108,
title={Analyzing Group Chat Encryption in MLS, Session, Signal, and Matrix},
publisher={Springer-Verlag},
author={Joseph Jaeger and Akshaya Kumar},
year=2025
}