Skip to main content
SpringerLink
Log in

Formal Verification of a Post-quantum Signal Protocol with Tamarin

  • Conference paper
  • First Online:
Verification and Evaluation of Computer and Communication Systems (VECoS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14368))

  • 126 Accesses

Abstract

The Signal protocol is used by billions of people for instant messaging in applications such as Facebook Messenger, Google Messages, Signal, Skype, and WhatsApp. However, advances in quantum computing threaten the security of the cornerstone of this protocol: the Diffie-Hellman key exchange. There actually are resistant alternatives, called post-quantum secure, but replacing the Diffie-Hellman key exchange with these new primitives requires a deep revision of the associated security proof. While the security of the current Signal protocol has been extensively studied with hand-written proofs and computer-verified symbolic analyses, its quantum-resistant variants lack symbolic security analyses.

In this work, we present the first symbolic security model for post-quantum variants of the Signal protocol. Our model focuses on the core state machines of the two main sub-protocols of Signal: the X3DH handshake, and the so-called double ratchet protocol. Then we show, with an automated proof using the Tamarin prover, that instantiated with the Hashimoto-Katsumata-Kwiatkowski-Prest post-quantum Signal’s handshake from PKC’21, and the Alwen-Coretti-Dodis KEM-based double ratchet from EUROCRYPT’19, the resulting post-quantum Signal protocol has equivalent security properties to its current classical counterpart.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 129–158. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_5

    Chapter  Google Scholar 

  2. Avanzi, R., et al.: CRYSTALS-Kyber - Submission to round 3 of the NIST post-quantum project (2021). https://pq-crystals.org/kyber/data/kyber-specification-round3-20210804.pdf

  3. Basin, D.A., Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R., Stettler, V.: A formal analysis of 5g authentication. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) CCS, pp. 1383–1396 (2018)

    Google Scholar 

  4. Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: IEEE Symposium on Security and Privacy, SP, pp. 483–502 (2017)

    Google Scholar 

  5. Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the station-to-station (STS) protocol. In: Public Key Cryptography, Second International Workshop on Practice and Theory in Public Key Cryptography, PKC, vol. 1560, pp. 154–170 (1999)

    Google Scholar 

  6. Blanchet, B.: Modeling and verifying security protocols with the applied pi calculus and ProVerif. Found. Trends Priv. Secur. 1(1–2), 1–135 (2016)

    Google Scholar 

  7. Brendel, J., Fischlin, M., Günther, F., Janson, C., Stebila, D.: Towards post-quantum security for signal’s X3DH handshake. In: Dunkelman, O., Jacobson, Jr., M.J., O’Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 404–430. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-81652-0_16

    Chapter  Google Scholar 

  8. Celi, S., Hoyland, J., Stebila, D., Wiggers, T.: A tale of two models: Formal verification of KEMTLS via Tamarin. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS 2022, Part III. LNCS, vol. 13556, pp. 63–83. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-17143-7_4

    Chapter  Google Scholar 

  9. Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. J. Cryptol. 33(4), 1914–1983 (2020)

    Article  MathSciNet  Google Scholar 

  10. Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: CCS, pp. 1773–1788 (2017)

    Google Scholar 

  11. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–207 (1983)

    Article  MathSciNet  Google Scholar 

  12. Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for signal’s handshake (X3DH): post-quantum, state leakage secure, and deniable. In: PKC, vol. 12711, pp. 410–440 (2021)

    Google Scholar 

  13. Hülsing, A., Ning, K.C., Schwabe, P., Weber, F., Zimmermann, P.R.: Post-quantum WireGuard. In: 2021 IEEE Symposium on Security and Privacy, pp. 304–321. IEEE Computer Society Press, San Francisco (2021). https://doi.org/10.1109/SP40001.2021.00030

  14. Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: EuroS &P, pp. 435–450 (2017)

    Google Scholar 

  15. Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_33

    Chapter  Google Scholar 

  16. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61042-1_43

    Chapter  Google Scholar 

  17. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

  18. Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    Google Scholar 

  19. Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, CCS 2020, pp. 1461–1480 (2020)

    Google Scholar 

  20. Trevor Perrin, M.M.: The double ratchet algorithm. https://signal.org/docs/specifications/doubleratchet/

  21. Trevor Perrin, M.M.: The X3DH key agreement protocol. https://signal.org/docs/specifications/x3dh/

Download references

Acknowledgement

We wish to thanks Matthieu Giraud and Renaud Dubois for help on the Tamarin prover as well as helping discussions on the subject and the reviewers for highlighting some typos. First and last authors were supported by ANRT under the program CIFRE N\(^{\circ }\) 2021/0645 and N\(^{\circ }\) 2019/1583.

Author information

Authors and Affiliations

  1. Thales, Gennevilliers, France

    Hugo Beguinet, Thomas Ricosset & Hugo Senet

  2. DIENS, École normale supérieure, CNRS, Inria, PSL University, Paris, France

    Hugo Beguinet, Céline Chevalier & Hugo Senet

  3. CRED, Université Paris-Panthéon-Assas, Paris, France

    Céline Chevalier

Authors
  1. Hugo Beguinet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Céline Chevalier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Ricosset
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hugo Senet
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Ricosset .

Editor information

Editors and Affiliations

  1. CEA LIST, Gif-sur-Yvette, France

    Belgacem Ben Hedia

  2. Université Sultan Moulay Slimane, Beni Mellal, Morocco

    Yassine Maleh

  3. Al-Baha University, Al Baha, Saudi Arabia

    Moez Krichen

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Beguinet, H., Chevalier, C., Ricosset, T., Senet, H. (2024). Formal Verification of a Post-quantum Signal Protocol with Tamarin. In: Ben Hedia, B., Maleh, Y., Krichen, M. (eds) Verification and Evaluation of Computer and Communication Systems. VECoS 2023. Lecture Notes in Computer Science, vol 14368. Springer, Cham. https://doi.org/10.1007/978-3-031-49737-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-49737-7_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-49736-0

  • Online ISBN: 978-3-031-49737-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation