What is it about?
Group chat apps (WhatsApp, Signal, etc.) usually tie you to one provider - if you want to continue your current conversions, you need to keep using the same app and its servers. But in principle, a group chat service could let you pick any app or server, as is already the case with email and phone service. We describe how to maintain WhatsApp-quality security (end-to-end encryption) in this setting, including the ability to change servers on the fly, or avoid servers entirely.
Featured Image
Photo by Volodymyr Hryshchenko on Unsplash
Why is it important?
Most current group chat apps lock in users to their app and provider. If the app/provider does something users dislike (e.g., change the terms of service, as WhatsApp did in early 2021), users must either accept the change or abandon their current conversations and contacts. We envision a future in which users can instead change apps or providers at will, avoiding lock-in. That's a big project, but our paper comes one step closer, by explaining how to maintain WhatsApp-quality security in this setting. Our paper's security techniques can also be used to maintain security in group chat apps that work offline (e.g., between passengers on a plane) or during Internet shutdowns.
Perspectives
My general interest is in making apps that work as well as current apps, but while placing users in control, instead of whatever company made the app. This paper addresses the theory of how to do so for one specific problem: secure group messaging. My hope is that this can someday improve user control of group chat apps as well as related things like Google Docs-style collaboration.
Matthew Weidner
Carnegie Mellon University
Read the Original
This page is a summary of: Key Agreement for Decentralized Secure Group Messaging with Strong Security Guarantees, November 2021, ACM (Association for Computing Machinery),
DOI: 10.1145/3460120.3484542.
You can read the full text:
Contributors
The following have contributed to this page
