International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption

Authors:
Melissa Chase
Trevor Perrin
Greg Zaverucha
Download:
Search ePrint
Search Google
Abstract: We propose a talk based on a recent project to design and implement a new system to privately manage groups in the Signal messenger application. The system is in testing and is expected to be deployed by RWC 2021. There is an associated research paper, to appear at CCS 2020. (The first ten pages of that paper are attached, and an earlier version of the complete paper is online as ePrint 2019/1416). The talk will select content from the paper, implementation and deployment experience that are expected to be of interest to the RWC audience. Paper abstract: In this paper we present a system for maintaining a membership list of users in a group, designed for use in the Signal Messenger secure messaging app. The goal is to support {\em private groups} where membership information is readily available to all group members but hidden from the service provider or anyone outside the group. In the proposed solution, a central server stores the group membership in the form of encrypted entries. Members of the group authenticate to the server in a way that reveals only that they correspond to some encrypted entry, then read and write the encrypted entries. Authentication in our design uses a primitive called a keyed-verification anonymous credential~(KVAC), and we construct a new KVAC scheme based on an algebraic MAC, instantiated in a group G of prime order. The benefit of the new KVAC is that attributes may be elements in G whereas previous schemes could only support attributes that were integers modulo the order of G. This enables us to encrypt group data using an efficient Elgamal-like encryption scheme, and to prove in zero-knowledge that the encrypted data is certified by a credential. Because encryption, authentication, and the associated proofs of knowledge are all instantiated in G the system is efficient, even for large groups.
Video: https://youtu.be/4eKwlSqGUi4?t=1732
BibTeX
@misc{rwc-2021-35554,
  title={The Signal Private Group System and Anonymous Credentials Supporting Efficient Verifiable Encryption},
  note={Video at \url{https://youtu.be/4eKwlSqGUi4?t=1732}},
  howpublished={Talk given at RWC 2021},
  author={Melissa Chase and Trevor Perrin and Greg Zaverucha},
  year=2021
}