Forward Secure Message Franking with Updatable Reporting Tags

Message franking is introduced by Facebook in end-to-end encrypted messaging services. It allows to produce verifiable reports of malicious messages by including cryptographic proofs, called reporting tags, generated by Facebook. Recently, Grubbs et al. (CRYPTO'17) proceeded with the formal study of message franking and introduced committing authenticated encryption with associated data (CAEAD) as a core primitive for obtaining message franking. In this work, we aim to enhance the security of message franking and introduce forward security and updates of reporting tags for message franking. Forward security guarantees the security associated with the past keys even if the current keys are exposed and updates of reporting tags allow for reporting malicious messages after keys are updated. To this end, we firstly propose the notion of key-evolving message franking with updatable reporting tags including additional key and reporting tag update algorithms. Then, we formalize five security requirements: confidentiality, ciphertext integrity, unforgeability, receiver binding, and sender binding. Finally, we show a construction of forward secure message franking with updatable reporting tags based on CAEAD, forward secure pseudorandom generator, and updatable message authentication code.