Hello Trevor, Ximin, vmon, etc. with September coming up, it's high time for me to find the topic of my MSc thesis. Even though during the past months I haven't been involved with secure messaging as much I would have liked, I'm still motivated to do my thesis on the topic.
Because of the nature of my degree and the skills of my advisor (Kenny), I think the most fitting topics would be something related to cryptanalysis, protocol analysis, formal crypto proofs, or mathematics. I'm mainly interested in the topic of _multiparty_ secure messaging, and here are some ideas that I find intriguing: a) Analysis of proposed secure multiparty messaging protocols This will involve analyzing and trying to break proposed multiparty chat protocols (like the upcoming mpCat paper). I find this topic interesting and it's also a topic that my professor is very good at, which means that something decent might come out of this. I'm mainly afraid that there won't be many such protocols to analyze by the time I start my thesis (probably Q3/Q4 2014). I could focus specifically on mpCat, but I'm not sure when the paper is going to be published, or how concrete the protocol is going to be at the time of publication (because maybe only a rough skeleton of the protocol will be published initially, which is hard to thoroughly analyze/break). b) Other authentication methods for multiparty chat This would involve designing/analyzing authentication methods for multiparty messaging that are different to public key fingerprint verification. For example, this could involve designing protocols similar to PANDA for Pond and SMP for OTR, that would allow password-based authentication/rendezvous for multiparty chat users. The use case I would want to satisfy is "We are 5 strangers IRL and we want to meet securely online in a chat server using solely the password 'banoffeewitches'" Even though I find practical value in this use case, I'm afraid that I will end up spending lots of time designing a new type of chat server that would allow such protocols to work well (similar to PANDA servers in Pond), or find hacky ways to piggyback on current chat server protocols (like IRC/XMPP) to facilitate this use case. Also, even if I were to design such an authentication/rendezvous scheme, it might be hard or useless to impement it without having an actual multiparty chat protocol to make it work with. To be honest, I think (a) is the saner and more useful option here, but it also depends on whether mpCat etc. will have been published by then. The timeline of my project is Q4 2014 to Q2 2015; do you think that's a good time period to conduct such a project? Also, do you think that analyzing mpCat or other such protocols will be a useful thing to do? Any other thoughts on what kind of research the multiparty chat community needs at this point, and could be a good MSc thesis topic? And just for the record, here are some other research projects, that I rejected for various reasons: - Formal proof of multiparty chat protocols - Ratchets (formal treatment, properties, etc.) - Transcript consistency - Deniability Thanks for your thoughts! PS: I also posted this mail to [[email protected]] because why not. _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
