Oxford researchers work with Facebook to improve secure group messaging

A team from the department led by Professor Cas Cremers has been working with Facebook software engineer Jon Millican to improve the security of group messaging.

As part of the research project, the team designed a mechanism called Asynchronous Ratcheting Tree (ART), a protocol for end-to-end encrypted group messaging. It aims to improve on existing systems’ security guarantees for scalable group conversations, which are often weaker than those they provide for one to one messages.

‘Modern security applications already offer strong security for two-party communications, but these often diminish once more parties are involved. The existing techniques for strong security don’t scale to the group sizes required by WhatsApp or Facebook. In our paper we combine techniques from group messaging with strong modern security guarantees,’ said Cas. ‘The resulting ART protocol offers the advantages of point-to-point security while still being usable on mobile devices, which are often offline. An important point is that it can re-establish a secure connection even if there is a security breach on one device, a property which we called “post-compromise security”.’

Facebook has made a proof-of-concept implementation of the new protocol publicly available via GitHub. The researchers hope that the protocol can in future be used to enhance the security of apps like WhatsApp, Signal, Facebook Messenger, Google Allo, or Wire.

Oxford DPhil students Katriel Cohn-Gordon, Luke Garratt and Kevin Milner worked on the research with Cas. The paper on the ART research can be read online.