MLS - RFC 9420

Franziskus Kiefer
July 18, 2023

✨ We are thrilled to announce the release of the MLS specification as RFC 9420.

RFC 9420 is a comprehensive description of the first standardised, efficient, asynchronous, key establishment protocol with forward secrecy and post-compromise security for groups in size ranging from two to thousands. While Cryspen didn’t exist back when the MLS working group was established, our co-founder Karthik played a pivotal role in designing MLS from the beginning by contributing to the original design of TreeKEM, the basis of MLS today.

The issue of securely encrypting large groups efficiently has been tackled by different messenger applications in various ways so far. But none of them have the efficiency, security, or scalability of MLS. As such, MLS represents a major technical evolution for everyone.

RFC 9420 will be accompanied by an architecture document, which is not finished yet. While RFC 9420 describes the MLS protocol, the architecture document describes, on a very high level, the server infrastructure needed to run the MLS protocol. In particular, it describes the requirements on a delivery service that distributes MLS messages and an authentication service that is responsible for authenticating MLS group members.

💡 Understanding MLS

The Messaging Layer Security (MLS) protocol is designed to provide secure and efficient group messaging for modern applications, but can be used for any scenario where keys need to be distributed in large, dynamic groups. When using MLS for messaging it offers end-to-end encryption, ensuring that messages exchanged within a group remain private and protected from unauthorized access.

One of the key features of MLS is its ability to support large groups with dynamic membership. It allows users to join or leave a group without compromising the security of past or future messages. This flexibility makes MLS an ideal solution for applications that require secure collaboration and real-time or asynchronous communication among a large number of participants.

Furthermore, MLS incorporates efficient message distribution techniques, minimizing the computational overhead and bandwidth requirements associated with secure group messaging. It provides mechanisms for authenticating group members, establishing a shared secret key, and securely distributing messages within the group, all while maintaining a high level of performance.

👩🏽‍💻 Technical Primer

An entirely new approach was needed for MLS because the problem it solves is very different from what existing protocols target. Security guarantees of a long-lived connection, such as a messaging channel, are very different from a relatively short lived connection such as TLS. Considering a dynamic group context, as done in MLS, adds another set of challenges, because it must be possible to add and remove members without compromising security.

The efficient key exchange in MLS, even for large groups, is possible because the members of a group are arranged as leaves in a binary tree structure. The protocol ensures that all participants agree on this tree, which they then use to derive a common group key. Due to the binary tree structure the performance of MLS is logarithmic in the number of the leaves (member devices) in most cases, compared to linear or even squared when using a Signal-like protocol.

Stay tuned! We will write more in-depth descriptions and analyses of MLS in the coming weeks. 👀

❣️ Significance of MLS

MLS is a big milestone because it marks the first standardized group key agreement protocol. It addresses the pressing need for secure group messaging, offers scalability for large groups, provides efficient message distribution, supports integration into various applications, and is built on strong cryptographic foundations. The flexibility of the MLS protocol enables its integration into various applications and systems. It can be seamlessly incorporated into secure messaging platforms, collaborative workspaces, IoT systems, decentralized networks, and much more.

In a world where many users have at least one mobile device and one desktop device, even a two-person conversation consists of at least three devices. Because sharing keys between devices is a bad idea, most two-person conversations actually are group conversations, hence making the need for a good group messaging solution even more pressing.

While being designed for messaging, MLS offers a standardized and robust solution to tackle existing challenges and drive innovation in the field of secure communication.

🚀 Unlocking the Full Potential

To help you make the most out of MLS, Cryspen offers expert consulting, customized designs for your use-cases, as well as an open source implementation.

Our comprehensive approach ensures a smooth and successful adoption process, mitigating risks and maximizing benefits. Whether you are a small business, a large enterprise, or a government organization, our consulting and engineering services can be tailored to meet your unique needs and help you stay ahead in an increasingly competitive landscape.

Get in touch