Fle­xi­ble Au­then­ti­ca­ted and Con­fi­den­ti­al Chan­nel Es­ta­blish­ment (fACCE): Ana­ly­zing the Noise Pro­to­col Frame­work

Ben­ja­min Dow­ling, Paul Rös­ler, Jörg Schwenk

IACR In­ter­na­tio­nal Con­fe­rence on Prac­tice and Theo­ry in Pu­blic Key Cryp­to­gra­phy, PKC 2020


Ab­stract

The Noise pro­to­col frame­work is a suite of chan­nel es­ta­blish­ment pro­to­cols, of which each in­di­vi­du­al pro­to­col en­su­res va­rious se­cu­ri­ty pro­per­ties of the trans­mit­ted mes­sa­ges, but keeps spe­ci­fi­ca­ti­on, im­ple­men­ta­ti­on, and con­fi­gu­ra­ti­on re­la­tive­ly sim­ple. Im­ple­men­ta­ti­ons of the Noise pro­to­cols are them­sel­ves, due to the em­ploy­ed pri­mi­ti­ves, very per­for­mant. Thus, de­s­pi­te its re­la­ti­ve youth, Noise is al­re­a­dy used by lar­ge-sca­le de­ploy­ed ap­p­li­ca­ti­ons such as Whats­App and Slack. Though the Noise spe­ci­fi­ca­ti­on de­scri­bes and claims the se­cu­ri­ty pro­per­ties of the pro­to­col pat­terns very pre­cise­ly, there has been no com­pu­ta­tio­nal proof yet. We close this gap.

Noise uses only a li­mi­ted num­ber of cryp­to­gra­phic pri­mi­ti­ves which makes it an ideal can­di­da­te for re­duc­tion-ba­sed se­cu­ri­ty pro­ofs. Due to its pat­terns' cha­rac­te­ris­tics as chan­nel es­ta­blish­ment pro­to­cols, and the usage of es­ta­blis­hed keys wi­t­hin the hand­shake, the au­then­ti­ca­ted and con­fi­den­ti­al chan­nel es­ta­blish­ment (ACCE) model (Jager et al. CRYP­TO 2012) seems to per­fect­ly fit for an ana­ly­sis of Noise. Howe­ver, the ACCE model strict­ly di­vi­des pro­to­cols into two non-over­lap­ping pha­ses: the pre-ac­cept phase (i.e., the chan­nel es­ta­blish­ment) and post-ac­cept phase (i.e., the chan­nel). In con­trast, Noise al­lows the trans­mis­si­on of en­cryp­ted mes­sa­ges as soon as any key is es­ta­blis­hed (for in­stan­ce, be­fo­re au­then­ti­ca­ti­on bet­ween par­ties has taken place), and then in­cre­men­tal­ly in­crea­ses the chan­nel's se­cu­ri­ty gua­ran­tees. By pro­po­sing a ge­ne­ra­liza­t­i­on of the ori­gi­nal ACCE model, we cap­tu­re se­cu­ri­ty pro­per­ties of such sta­ged chan­nel es­ta­blish­ment pro­to­cols fle­xi­bly – com­pa­ra­b­ly to the mul­ti-sta­ge key ex­chan­ge model (Fisch­lin and Gün­ther CCS 2014).

We give se­cu­ri­ty pro­ofs for eight of the 15 basic Noise pat­terns.

[ex­ten­ded ver­si­on]

Tags: ACCE;, Chan­nel, es­ta­blish­ment, frame­work;, Mul­ti-Sta­ge;, Noise, pro­to­col