Abstract

Webinar: https://cam-ac-uk.zoom.us/j/81404415431?pwd=IutjEfY03U0bQzsMUJwnq3eJQHLH1I.1

Key transparency has gained significant attention in recent years, with major messaging applications such as WhatsApp and iMessage—serving billions of users—already deploying it. However, a major challenge in current practical deployments is the large size of audit proofs. Concretely, auditing WhatsApp’s key transparency requires computation equivalent to hashing hundreds of megabytes of data every minute, which is impractical for everyday users, especially those on mobile devices. Consequently, the auditing task is delegated to a small set of non-profit organizations, such as Cloudflare, that perform the audits on behalf of users. In essence, billions of users must trust a handful of third-party entities to verify their security, which introduces a significant trust bottleneck. Our work aims to eliminate this dependency by making the auditing process lightweight enough for users themselves to perform securely and efficiently, which benefits billions of users in privacy.