Facebook has open-sourced encrypted group chat

Governments hate encrypted chat tools on social media, so brace for outrage in 3 ... 2 ...


Updated Facebook has responded to governments' criticism of cryptography by giving the world an open source encrypted group chat tool.

It's hardly likely to endear the ad-farm to people like FBI Director Christopher Wray, who yesterday told an international infosec conference it was “ridiculous” that the Feds have seized nearly 8,000 phones they can't access. UK prime minister Theresa May has also called for backdoors in messaging services and for social networks to stop offering "safe spaces" for extremists.

Facebook's latest project, which went live on GitHub yesterday, tackles the problem of protecting group chat. ART, Asynchronous Ratcheting Tree, was created by Facebook's Jon Millican and Oxford University's Katriel Cohn-Gordon, Cas Cremers, Luke Garratt and Kevin Milner.

As the group explains in a December paper* [PDF] about ART at the International Association for Cryptologic Research (IACR) pre-press site, existing chat solutions are great between individuals but not so good at protecting group chats.

In group chats, the paper said, “WhatsApp, Facebook Messenger and the Signal app … use a simpler key-transport mechanism ('sender keys') which does not achieve PCS” - that's post-compromise security – if Alice realises a conversation is compromised, the system has a means re-establish secure communications).

The shortcomings of those apps, the group wrote, means if someone hacks one member of a group, they can “indefinitely and passively read future communications in that group … In practice this means that in these apps, if a third party is added to a two-party communication, the security of the communication is decreased without informing the users.”

To protect group chats, ART “derives a group key for a set of agents” that's secure even if some members aren't online, and “even after total compromise, an agent can participate in a secure group key exchange.”

The ART scheme sets up conversations using what the paper calls “asymmetric prekeys” (a model created by Moxie Marlinspike for TextSecure) and a one-time asymmetric setup key. The Diffie-Hellman setup key is generated by the creator of a group chat, and is only used during session creation, allowing the group leader to create secret “leaf keys” for other group members while they're offline.

To add PCS to this, Alice needs a way to replace a leaf key if hers is compromised, and other group members need to be able to get the new key.

To get a new leaf key, Alice “computes the new public keys at all nodes along the path from her leaf to the tree root, and broadcasts to the group her public leaf key together with these public keys.”

The protocol then lets other group members compute the updated group key, “again without requiring any two group members to be online at the same time”.

The implementation Facebook published is offered under a Creative Commons license. ®

*Bootnote: There's no significance whatever to the IACR paper's filename being "666.pdf", we're sure you'll agree.

Update: Here's one possible reason Faceboook got to work on multi-party chat encryption: last July, a group of German researchers published their analysis of WhatsApp, Signal, and Threema group chat security.

This paper, first posted in July 2017, didn't attract media attention at the time. However, its language closely mirrors the problem statement Facebook put forward – including the lack of Future Secrecy when private messaging is used for groups.

The older paper was updated earlier this month to add a reference to the Facebook ART paper.

Similar topics

Narrower topics


Other stories you might like

  • Google sours on legacy G Suite freeloaders, demands fee or flee

    Free incarnation of online app package, which became Workplace, is going away

    Google has served eviction notices to its legacy G Suite squatters: the free service will no longer be available in four months and existing users can either pay for a Google Workspace subscription or export their data and take their not particularly valuable businesses elsewhere.

    "If you have the G Suite legacy free edition, you need to upgrade to a paid Google Workspace subscription to keep your services," the company said in a recently revised support document. "The G Suite legacy free edition will no longer be available starting May 1, 2022."

    Continue reading
  • SpaceX Starlink sat streaks now present in nearly a fifth of all astronomical images snapped by Caltech telescope

    Annoying, maybe – but totally ruining this science, maybe not

    SpaceX’s Starlink satellites appear in about a fifth of all images snapped by the Zwicky Transient Facility (ZTF), a camera attached to the Samuel Oschin Telescope in California, which is used by astronomers to study supernovae, gamma ray bursts, asteroids, and suchlike.

    A study led by Przemek Mróz, a former postdoctoral scholar at the California Institute of Technology (Caltech) and now a researcher at the University of Warsaw in Poland, analysed the current and future effects of Starlink satellites on the ZTF. The telescope and camera are housed at the Palomar Observatory, which is operated by Caltech.

    The team of astronomers found 5,301 streaks leftover from the moving satellites in images taken by the instrument between November 2019 and September 2021, according to their paper on the subject, published in the Astrophysical Journal Letters this week.

    Continue reading
  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading

Biting the hand that feeds IT © 1998–2022