Secure Complaint-Enabled Source-Tracking for Encrypted Messaging

Abstract

While the end-to-end encryption properties of popular messaging schemes such as Whatsapp, Messenger, and Signal guarantee privacy for users, these properties also make it very difficult for messaging platforms to enforce any sort of content moderation. This can lead to the unchecked spread of malicious content such as misinformation on such platforms. In 2019, Tyagi et al. developed message traceback, which addresses this issue by allowing a messaging platform to recover the path of a forwarded message after a user reports it for malicious content. This paper presents an alternative to message traceback that offers more privacy to users and requires less platform-side storage. We term this approach source-tracking for encrypted messaging schemes. Source-tracking enables messaging platforms to provide the privacy guarantees expected from standard end-to-end encryption, but also helps hold the sources of malicious messages accountable: if malicious content is reported by a user, the source can be identified. We formalize security goals for source-tracking schemes and design and implement two source-tracking schemes with different security and performance tradeoffs.