Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Implementing a Fast, Memory–safe Axolotl Ratchet Protocol
Search
Jihyeok Seo
December 05, 2015
Research
0
99
Implementing a Fast, Memory–safe Axolotl Ratchet Protocol
2015 한국정보보호학회 동계학술대회 (CISC-W'15)
Jihyeok Seo
December 05, 2015
Tweet
Share
More Decks by Jihyeok Seo
See All by Jihyeok Seo
네이버 블로그를 백업해주는 exitnaver와 그 이야기
limeburst
0
120
Other Decks in Research
See All in Research
Generative AI - practice and theory
gpeyre
1
570
My Journey as a UX Researcher
aranciap
0
1.1k
AIを前提とした体験の実現に向けて/toward_ai_based_experiences
monochromegane
1
240
Ground Metric Learning with applications in genomics
gpeyre
0
360
「EBPMエコシステム」の可能性
daimoriwaki
0
200
プロシェアリング白書2024_PROSHARING_REPORT_2024
circulation
0
630
Accurate Method and Variable Tracking in Commit History
tsantalis
0
250
Embodied AIについて / About Embodied AI
nttcom
1
560
第14回対話システムシンポジウム EMNLP 2023 参加報告
atsumoto
0
150
LiDARセキュリティ最前線
kentaroy47
0
280
CASCON 2023 Most Influential Paper Award Talk
tsantalis
0
120
F0に基づいて伸縮された画像文字からの音声合成 [ASJ2024春]
nehi0615
0
120
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
92
4.8k
10 Git Anti Patterns You Should be Aware of
lemiorhan
648
58k
Docker and Python
trallard
34
2.7k
The Cost Of JavaScript in 2023
addyosmani
16
3.9k
Building Effective Engineering Teams - LeadDev
addyosmani
28
1.8k
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Imperfection Machines: The Place of Print at Facebook
scottboms
260
12k
Ruby is Unlike a Banana
tanoku
96
10k
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
GraphQLとの向き合い方2022年版
quramy
32
12k
RailsConf 2023
tenderlove
4
540
Transcript
ࡅܰҊ ݫݽܻ–উೠ ইഓ۽ౣ ېஞ ۽ష ҳഅ ࢲഄ*, ട࠼** ѤҴҮ ࢤݺҗҗ*,
ࢲৈҮ ࠁࠁഐҗ**
Implementing a Fast, Memory–safe Axolotl Ratchet Protocol Jihyeok Seo*, Dabin
Hwang** Konkuk University*, Seoul Women’s University**
Motivation • 20150730, Yonhap, “NIS, Requested ‘Hacking Team’ Provide KakaoTalk
Wiretapping” • 20151006, Yonhap, “Kakao, Starts Producing Data For Wiretapping Warrants” • We need secure, end–to–end encrypted mobile communication methods
How? • Suitable protocols for the mobile environment • Secure
cryptographic primitives • Safe implementations
Ratcheting Protocol
Ratcheting • Sharing a secret is trivial (Diffie–Hellman) • How
do we reduce risk of a compromised shared secret key? • Constantly change the shared secret • Ratcheting Protocols (OTR, SCIMP, Axolotl, etc.)
OTR • https://otr.cypherpunks.ca • Diffie–Hellman key exchange on every message
• Assumptions: communicating parties are always online • In mobile environments, not always so
SCIMP • https://silentcircle.com/products-and-solutions/ technology/scimp/ • Hash–based iteration ratchet • Can
ratchet even when offline • Past keys can be used to derive future keys
Axolotl • https://github.com/trevp/axolotl/wiki • Trevor Perrin • State-of-the-art key ratcheting
protocol • OTR (DH ratchet) + SCIMP (hash ratchet) • Opportunistic
Cryptographic Primitives
Message Encryption: ChaCha20 • D. J. Bernstein. 2008. • http://cr.yp.to/papers.html#chacha
• Faster, more energy-efficient in mobile devices • Immune to timing, padding oracle attacks
Message Authentication: Poly1305 • D. J. Bernstein. 2005. • http://cr.yp.to/papers.html#poly1305
• Faster, more energy-efficient in mobile devices • Smaller MAC size compared to HMAC–SHA256
ChaCha20–Poly1305 • Accepted TLS cipher suite • Used for communication
between Android devices and Google services • Used for Cloudflare CDN network • Industry tested cipher suite
Comparison Signal Lumi Key Derivation HKDF (HMAC–SHA256) Key Exchange X25519
(Curve25519) Encryption AES–256 (CTR) ChaCha20 MAC HMAC–SHA256 Poly1305–AES
Safe Implementation
Rust • https://www.rust-lang.org • Guaranteed memory safety • Prevents security
vulnerabilities • Buffer overflows, dangling pointers, data race…
None
None
None
Conclusion • Memory–safe implementation of the state–of–the– art ratcheting protocol
• Better, faster, more secure cryptographic primitives • Proof of concept of an end–to–end encrypted messaging application
Future Work • Adopt post-quantum cryptography (Ring-LWE, SPHINCS, etc.) •
Reduce metadata leak (I2P, Tor, Router Federation, etc.) • Formal verification of Rust code (Coq, Isabelle, etc.)
Acknowledgements • KITRI Best of the Best • NAVER, Sanghyun
Cho, Heo Gyu