Security News > 2023 > July > Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

Google has announced that it intends to add support for Message Layer Security to its Messages service for Android and open source implementation of the specification.

"Like the widely used Double Ratchet protocol, MLS allows for asynchronous operation and provides advanced security features such as post-compromise security. And, like TLS 1.3, MLS provides robust authentication."

Central to MLS is an approach known as Continuous Group Key Agreement that allows multiple messaging clients to agree on a shared key that caters to groups in size ranging from two to thousands in a manner that offers forward secrecy guarantees regardless of the individuals who join and leave the group conversation.

"That secret can then be used to protect messages sent from one participant in the group to the other participants using the MLS framing layer or can be exported for use with other protocols. MLS provides group AKE in the sense that there can be more than two participants in the protocol, and continuous group AKE in the sense that the set of participants in the protocol can change over time."

The goal is to be able to efficiently remove any member, achieving post-compromise security by preventing group messages from being intercepted even if one member was breached at some point in the past.

Mozilla, which is hoping to see a standardization of a Web API to leverage the protocol directly via web browsers, said MLS is designed such that "The legitimacy of new members entering a group is checked by everyone: there is nowhere to hide."

News URL

https://thehackernews.com/2023/07/google-messages-getting-cross-platform.html