[Feature] Session Standard: 1-1 Chat Security Enhancement with Perfect Forward Secrecy

[venezuela01]

Session Standard: 1-1 Chat Security Enhancement with Perfect Forward Secrecy

This is a follow up of Session Standard: Multi-device Security Enhancement

Perfect Forward Secrecy (PFS) presents a known challenge in the context of decentralized messenger apps, primarily due to issues such as the potential for messages to arrive out of order. This proposal aims to outline a solution that addresses this concern.

The foundational concept of this proposal is based on the idea of the Primary Device. In this model, multiple devices linked to the same user each possess a unique device_id, yet they all share the same session_id. A user can register an Oxen Name System (ONS) mapping to link a session_id with a unique device_id, subsequently designating that device as the primary one.

Capitalizing on this primary device structure, we can tackle the problem of out-of-order messages. In our design, the primary device is exclusively responsible for generating a seed value, which serves as the root key in a deterministic key chain. This root key is then synchronized across multiple devices, empowering each to independently reproduce the same deterministic key chain, using the identical root key and Key Derivation Function (KDF).

From this point, we can incorporate the concept of the prekey bundle from Signal’s Perfect Forward Secrecy design, utilizing the deterministic key chain generation process triggered by the primary device.

One limitation of this design is the necessity for both communicating parties to have registered a primary device. However, we could potentially mitigate this constraint through inovative marketing strategies, reminiscent of viral marketing.

The strategy is to encourage users to invest in 'Session Security Enhancement Support', enabling their Session client to automatically initiate PFS whenever possible. The crucial trick is to take advantage of users’ social networks and Session’s built-in UI interaction to spread awareness of PFS. For instance, suppose Alice activates the 'Session Security Enhancement Support' by paying a few Oxen to register a primary device. When she interacts with Bob, who has not opted for the security enhancement, Bob's Session UI should notify him: "Alice has enabled enhanced security (Perfect Forward Secrecy). Would you like to enable it by paying 5 Oxen?" Similarly, Alice’s Session UI should prompt her: "Bob currently lacks enhanced security (Perfect Forward Secrecy). Consider helping Bob to acquire some Oxen and upgrade his security." By executing this strategy, we can leverage the social graph of our Session user base to promote the enhanced security feature, essentially allowing users to market the feature for us.

Please note that this draft is an initial placeholder, and it currently lacks detailed specifics. Its early publication is intended to support subsequent discussions. More technical details pertaining to the Session PFS design will be updated in the coming months.

[beantaco]

Note: Comment moved from #2802 to here and edited.

I would also like to see perfect forward secrecy in Session, but it seems like it is technically challenging to achieve over a decentralized network.

[hendrycase]

Why not to use Ratcheted Dynamic Multicast which was proposed in this paper? - https://eprint.iacr.org/2019/1363.pdf

[yani]

It's funny how Session removed PFS: https://getsession.org/session-protocol-explained

But EVERYBODY wants it back.