A Cryptographic Investigation of Secure Scuttlebutt

Abstract
Scuttlebutt is a framework for developing decentralized applications which can achieve scalability, availability and secure communications despite not requiring a central trusted party. The Scuttlebutt protocol describes three sub-protocols for its handshake, invite system and private messaging, all of which claim to achieve ambitious security goals.
We present a comprehensive analysis of the Scuttlebutt sub-protocols in the symbolic model using the automated verifier ProVerif, and the first computational proofs of Scuttlebutt’s security using the CryptoVerif proof assistant. We conclude by showing that the Scuttlebutt handshake can achieve its security guarantees in half the amount of message round-trips.

Oleksandra Lapiha did this work under the direction of Prof. Nadim Kobeissi. People interested in #crypto and #security using proofs should definitely check it out.

Links:

• github link
• the PDF as a blob: A Cryptographic Investigation of Secure Scuttlebutt

also #ssb-research #ssb-papers I can't find the resarch/wiki/gathering thing right now...

@cryptix: %vWAPOTU...

We conclude by showing that the Scuttlebutt handshake can achieve its security guarantees in half the amount of message round-trips.

Where do they show this? What would such a handshake look like?

I can't figure out where they show that. It's mentioned in the abstract but not in the conclusion...
I posted an issue about it on their github: https://github.com/olapiha/scuttlebutt/issues/1

Where do they show this? What would such a handshake look like?

I'm not 100% percent certain but I think it's supposed to follow from 5.4? And it's more like we proof that the same can be done in less as equivalency steps? There also are two giant tex files in the cryptoverif folder of the repo that I did not bother compiling or reading yet. @keks might be able to shed a light on this.

copying authors reply from github:

Dear Dominic,
I am so happy to see your message. I really appreciate the ideas you implemented in Scuttlebutt!
Sorry for the abstract I was writing the report for many hours straight with the help of my supervisor. I'm convinced the Handshake does need all four messages to achieve all security goals. I will fix it asap! And the typo as well :)
May I use this opportunity to ask you a question? I like a lot the construction of Scuttlebutt, especially how you deal with group chats encrypting the number of recipients and the main key! I was looking at the protocol from the cryptographic side but I saw the interview with you on epicenter where you also discussed the decentralization aspect of it. I was wondering why do you use Pubs that should be run on servers if it is possible to make it even more decentralized using BitTorrent protocol and maybe even a distributed hash table to get rid of the trackers. You were mentioning BitTorrent in the interview so there's probably a reason for such design decision, I am so curious to know what it is!
I hope my work helped at least a tiny bit the community! I have a desire to help the project develop. Would you be interested if I continue working with CryptoVerif to obtain more proofs? Or is it not the main focus and maybe I can help in some other way?

so I was reading too much between the lines and incorporating to much wishful thinking from what I knew about @kekss work. Since she addressed you directly, @dominic i didn't feel like responding myself. My butt thoughts are: Have you seen keks work on shs2? Probably not but i feel like they should talk... maybe also tell them about your plans for groups? :)