Signal’s approach to the problem of allowing a user to prove her identity without the service knowing her identity is to use a modified anonymous credential called a keyed-verification anonymous credential (KVAC). So Signal is working on a new system that stores information about the group’s members and the state of the group in encrypted form on a server but still allows members to authenticate and prove membership without revealing their identities. That approach has some limitations in terms of controlling access to groups and controlling the amount of authority a given group member has.
Instead, clients tell each other what they need to know,” Jim O’Leary, vice president of engineering at Signal, wrote in a post explaining the new feature. Clients never tell the service which messages are group messages or individual messages, or who is in the group. Clients send group messages to each other tagged with a Group ID (a random 128-bit secret that cannot be guessed), and they also exchange group state updates – such as the group’s name, attributes, and membership – via the same method. “The group conversation scheme that we introduced in 2014 was built on the existing pairwise encrypted channels that are already used in one-on-one Signal conversations. Signal is built to minimize the amount of information that the service has on any user, and its private group feature was designed with that in mind. The main advantage of this design is that it prevents Signal from having to store any of the group’s information in plaintext on a central server that could be subject to attack or law enforcement action. Right now, the private group feature in Signal uses a distributed architecture in which the list of members and the state of the group is stored on each group member’s device.
Signal, like many other messaging apps, provides people with the ability to create their own ad hoc groups. The private group feature is simple in concept but proves to be quite complicated to implement. Signal, the maker of the encrypted messaging app of the same name, is working on a new system that allows people to set up private groups with administrators and access control while storing the membership information on a central server rather than on each individual device.
0 kommentar(er)
