Skip to content
Daniel Wilshire Jones

Research

My interests lie in the building, breaking, and otherwise study of cryptographic protocols. I am most interested in those protocols that underly the ordinary technology we use on a daily basis. For example, my PhD thesis studied the design of secure group messaging as it is deployed by Matrix and WhatsApp. I look to understand how such protocols work, the security they achieve in practice, and how they could be improved. Be that by strengthening their security guarantees, improving usability or, ideally, both.

This involves a mix of theoretical and applied work. Oftentimes, the use-cases and protocols we are studying may have properties which are relevant to practical usage, but which are not captured by existing cryptographic formalisms. By studying these existing protocols, we can identify those properties, and develop new formalisms to capture them. For example, many of the vulnerabilities we discovered in Matrix relied upon interactions between the messaging protocol and the multi-device functionality. Thus, we developed a model that can capture these interactions. We can then use these formalisms to guide new constructions, ensuring they fulfil our requirements, correctly and securely.

I try to identify gaps that are impeding the widespread adoption of end-to-end encryption, and then fill those gaps as best I can. Thus, since my initial work on group messaging, I have also worked on mechanisms to secure key distribution, through key transparency and related technologies, as well as improving the multi-device functionality provided by end-to-end encrypted applications.

See below for more info on my research projects, past and present.

  1. Secure Group Messaging in Practice

    Despite Matrix and WhatsApp having provided end-to-end encryption in their group messaging offerings as early as 2014, there was a lack of understanding regarding how these systems really work, and what security they actually provide. Diagram showing multi-device group messaging. Alice, Bob and Claire are in a group chat, named "Acme Family Group Chat", each of which has a multiple devices with which they connect to the group. Alice has a phone and laptop; Bob, a phone and tablet; and Claire, two phones. The diagram depicts how each user's devices form their distinct group. To fill this gap, we investigated the state of secure group messaging as deployed by Matrix and WhatsApp, studying both their specifications and implementations.

  2. Ad-hoc Authentication and Contextual Identity

    Authentication in cryptography tends to rely on rigid notions of identity. That is, we assume there exists a well-known mapping from a person to an identifier, then to a long-term public key, and work our way from there forwards. This baseline assumption works well for large organisations, such as in an enterprise, the government or military, because there exists one or more central parties that can be trusted to maintain these mappings. But there doesn’t exist an analogous trusted party for normal, everyday people. Diagram showing the infrastructure used to map a person to a cryptographic key. It shows two people, Alice and Bob. A table maps these people to identifiers, alice@wonderland.com and bob@builder.com (respectively). A second table maps these identifiers to long-term keys, 0x123... and 0xCAF... (respectively). The diagram notes that the first table is usually controlled by a service provider, email service, OpenID provider, or similar, while the second table is usually controlled by the application service provider themselves. The diagram poses two questions: 1) Can we get rid of the long-term keys? and 2) Can we get rid of the global identifiers? We investigate alternative formulations of authentication in cryptography that do not rely on global identification schemes, favouring localized or contextual authentication. Taking this to the extreme, we ask whether it is possible to provide strong notions of authentication without any shared notion of user identity, at all.

    This is a broad problem space with many avenues for exploration. We consider:

    1. Protocols that provide secure connections without encoding any notion of identity whatsoever, enabling users to authenticate one another in an ad-hoc fashion.
    2. Protocols that enable people to build local identities that are specific to a particular context, without the need for a globally meaningful identifier to back them.
    3. Protocols that maintain a single, long-term user identifier using only ephemeral key material, i.e. without the need to maintain a single, long-term cryptographic identity to go along with it.

  3. Resilient and Usable Multi-Device Primitives

    Many secure messaging applications in use today, and end-to-end encrypted (E2EE) applications more generally, share a common limitation: they require users to maintain control over, and to keep secure, a single cryptographic identity over the lifetime of their account. That’s a long time! Anyone who has enabled notifications for contact security code changes (in, say, WhatsApp) will understand how difficult it is to keep hold of a single cryptographic identity for an extended period of time (you will be bombarded with notifications).

    At the same time, multi-device support provides a number of quality-of-life features for users: easy access to your account from multiple devices, with long-term logins for trusted devices and temporary access for untrusted devices; the ability to synchronise application data and settings; a natural means to migrate your account to a new device; and even acting as an informal backup when devices are lost or break. Diagram showing the progression of Alice's account, as she adds and removes devices over time. 1. She creates an account with her phone. 2. She signs-in with her laptop. 3. Her phone is stolen, so she removes it from her account. 4. She buys a new phone and links it to her account. In this line of work, we look to initiate the study of multi-device functionality as its own primitive. One that:

    1. Provides those aforementioned quality-of-life features: multi-device use, synchronisation, migration, and backups.
    2. Distributes trust between a user’s devices, making it easier to maintain control over and secure their account over the long-term.
    3. Fits into existing usage patterns, and does not require additional effort or mental space from users.