Time: March 28, Friday, 12:15-1:45pm
Location: Rice 109
Abstract:
As interest in metadata-hiding communication grows in both research and practice, a need exists for stronger abuse reporting features on metadata-hiding platforms. While a technique called message franking has been deployed as a lightweight and effective abuse reporting feature for end-to-end encrypted messaging, there is no comparable technique for metadata-hiding platforms. Existing efforts to support abuse reporting in this setting, such as asymmetric message franking or the Hecate scheme, require order of magnitude increases in client and server computation or fundamental changes to the architecture of messaging systems. As a result, while metadata-hiding communication inches closer to practice, critical content moderation concerns remain unaddressed.
This talk demonstrates that, for broad classes of metadata-hiding schemes, lightweight abuse reporting can be deployed with minimal changes to the overall architecture of the system. Our insight is that much of the structure needed to support abuse reporting already exists in these schemes. By taking a non-generic approach, we can reuse this structure to achieve abuse reporting with minimal overhead.
In particular, we show how to modify schemes based on (i) secret sharing user inputs and (ii) onion encryption to support message franking-style protocols with order of magnitude reductions in computation overhead compared to prior work. We also explore stronger threat models for abuse reporting and moderation not explored in prior work, showing where prior work falls short and how to strengthen both our schemes and others’ – including deployed E2EE messaging schemes – to achieve higher levels of security.
This talk is based on papers at USENIX Security 2024 and NDSS 2025, and on joint work with Matthew Gregoire and Margaret Pierce.
Bio:
Saba Eskandarian is an assistant professor at the University of North Carolina at Chapel Hill, where he leads the applied cryptography group. His Research broadly focuses on applied cryptography, with recent interests including private messaging, private payment applications, and compression side channel attacks. He received his PhD in 2021 from the applied cryptography group at Stanford University.