Abstract by Jordan Jenkins
Using Key Transparency to Detect Fake Key Attacks in Signal
Secure messaging apps like WhatsApp and Signal rely on a centralized key server. Users trust the key server to store and exchange their keys so they can message each other. However, a malicious key server could perform fake key attacks. Apps provide Alice and Bob an authentication ceremony for manually verifying exchanged keys, but prior research shows that users don’t understand the need for the ceremony and find it difficult to perform. We propose using key transparency to detect fake key attacks.