A new method was created by Cornell Tech researchers that aimed to maintain anonymity in encrypted messaging. It hides the message content but doesn't conceal the sender's identity. This method could also block unwanted or abusive messages.
End-to-End Encryption Challenges
End-to-end encrypted (E2EE) messaging is used by several platforms, including Signal, WhatsApp, and Facebook Messenger. This encryption is required to ensure the message's confidentiality. User anonymity, however, is not guaranteed.
Recently, Signal added an anonymity-protection feature to its service. However, the attempt at anonymity encryption fails because it is vulnerable to attack.
Its sealed sender protocol ensures the sender's identity is never revealed to the platform. However, this protocol creates a key tension in sender-anonymous systems where it maintains sender anonymity while mitigating potentially abusive messages.
According to TechXplore, encryption makes certain types of abuse mitigation difficult by encryption alone, and sender anonymity only complicates those efforts. Blocklisting is one example of abuse mitigation that is complicated by sender anonymity.
Nirvan Tyagi, a doctoral student and co-lead author stated that while the feature prevents content from being leaked to the platform, it does not prevent other types of metadata leakage. He said that sender-anonymous sender blocklisting is an irony. This is due to their desire for the platform to be able to filter based on sender identities. They also want the platform to protect sender anonymity.
Orca: Blocklisting in Sender-Anonymous Messaging
Orca: Blocklisting in Sender-Anonymous Messaging is a mechanism that keeps encrypted messaging anonymous. This project builds on previous research to take significant steps toward safer online communication.
Message recipients would use this blocklisting mechanism to register an anonymized blocklist with the platform. Senders create messages that the platform can verify as being from someone not on the blocklist.
Group signatures are used for verification, enabling users to sign messages anonymously on behalf of a group. The platform registers individual users. The recipient, who is the group's opening authority, can trace each individual user's identity.
The platform rejects the message if the sender is on the blocklist or if the message is malformed. However, the recipient can identify the sender if the message is delivered.
To take it a step further, instead of creating and verifying a group signature for every message sent, the group signature will only be used regularly to mint new batches of one-time-use sender tokens from the platform. However, a valid token for the recipient must be included when sending messages. Yet, access keys, or tokens, are much easier for the platform to verify. This is due to the fact that they only require a check against a list of used or blocked tokens.
Using cryptography, the senders that send the message can prove to the platform that they're an authorized sender for the recipient and are not on the recipient's blocklist. And they can do it while still concealing their identity from the platform.
Tyagi cited that Orca could safeguard a person in different ways. One of these examples is related to medicine. He said that just communicating with a cardiologist could reveal confidential information about your health. Orca would be able to keep that confidentiality.
ALSO READ : NIST Announce Quantum-Resistant Encryption Algorithms That Protect Digital Systems from Security Breach
Check out more news and information on Technology in Science Times.