"Protecting Privacy – And Safety – In Encrypted Messaging"

Cornell Tech researchers have created a mechanism for maintaining anonymity in encrypted messaging while also blocking unwanted or abusive messages. The group's paper titled, "Orca: Blocklisting in Sender-Anonymous Messaging," was presented at the 31st USENIX (Advanced Computing Systems Association) Symposium. This work is a continuation of research funded by a five-year, $3 million National Science Foundation (NSF) grant, with the goal of making significant strides toward safer online communication. Platforms such as Signal, WhatsApp, and Facebook Messenger use end-to-end encrypted (E2EE) messaging to ensure message confidentiality, but user anonymity is not guaranteed. Signal recently added an anonymity-preserving feature, but it has since been discovered to be vulnerable to attack. While E2EE messaging provides strong message confidentiality, the platform can learn the identities of both the sender and the recipient of every message sent over the network. Message recipients could use Orca to register an anonymized blocklist with the platform. Senders create messages that can be verified by the platform as being from someone who is not on the blocklist. Group signatures, which allow users to sign messages anonymously on behalf of a group, are used for verification. The platform registers individual users, and the group's opening authority, which is the recipient, can trace the identity of each individual user. The platform rejects the message if the sender is on the blocklist or if the message is malformed. However, if the message is delivered, the recipient will be able to identify the sender. The computational challenge of ensuring that a single cryptographic identity corresponds to a single human will be addressed in future work. It is one of many issues confronting computer scientists as they grapple with the conflict between anonymity and abuse mitigation. This article continues to discuss the mechanism developed by Cornell Tech researchers to preserve anonymity in encrypted messaging while blocking unwanted messages. 

Cornell Chronicle reports "Protecting Privacy – And Safety – In Encrypted Messaging"