Transcript Franking for Encrypted Messaging

TL;DR

This paper introduces transcript franking, a cryptographic protocol enabling secure reporting of message subsets in encrypted messaging, ensuring message causality and content verification for abuse mitigation.

Contribution

It presents the first formal definition, constructions, and security proofs for transcript franking in both two-party and group messaging contexts.

Findings

Efficient cryptographic constructions for transcript franking.

Formal security proofs for the proposed protocols.

Discussion on real-world deployment considerations.

Abstract

Message franking is an indispensable abuse mitigation tool for end-to-end encrypted (E2EE) messaging platforms. With it, users who receive harmful content can securely report that content to platform moderators. However, while real-world deployments of reporting require the disclosure of multiple messages, existing treatments of message franking only consider the report of a single message. As a result, there is a gap between the security goals achieved by constructions and those needed in practice. Our work introduces transcript franking, a new type of protocol that allows reporting subsets of conversations such that moderators can cryptographically verify message causality and contents. We define syntax, semantics, and security for transcript franking in two-party and group messaging. We then present efficient constructions for transcript franking and prove their security. Looking toward deployment considerations, we provide detailed discussion of how real-world messaging systems can incorporate our protocols.