Jaeger and Kumar group chat encryption analysis

Jaeger and Kumar group chat encryption analysis

Joseph Jaeger and Akshaya Kumar’s 2025 paper analyzes group-chat encryption constructions used by MLS, Session, Signal, and Matrix. It uses a symmetric-signcryption formalism to examine how symmetric encryption and signatures are bound together.

Findings

The paper identifies theoretical attacks in all four analyzed constructions. The practical consequence depends on the surrounding system:

  • MLS and Session admit group-insider replay and reordering attacks in the constructions analyzed.
  • Signal admits a forgery attack when an outsider has access to a user’s signing key; the underlying issue had been identified in earlier research.
  • Matrix has broader ecosystem mitigations that prevent the analyzed construction weakness from being exploited in the same way.
  • The authors also identify two additional Session attacks: an outsider with an exposed signing key can forge messages, and outsiders can replay ciphertexts.

These are scoped protocol findings. They do not establish that every application using the named stack is generally compromised. They show why a cryptographic primitive, group construction, and complete application must be evaluated separately.

Provenance limit

The paper is available through the IACR ePrint archive and as a published book chapter. Automated preservation of the PDF under sources/ was blocked by the archive’s Cloudflare challenge in this session, so the external URLs remain the provisional artifacts.

Wiki relevance

Secure and decentralized communication stacks uses the paper as independent counterevidence to protocol marketing and feature checklists. It is especially relevant to the current Session tradeoff between metadata-resistant routing and group-message cryptographic guarantees.

Sources

  1. eprint.iacr.org
  2. doi.org