Secure messaging through distributed messages

Most internet communications today rely on the TLS (Transport Layer Security) protocol, which protects against eavesdropping on the network, but not against access by service providers themselves. While end-to-end encryption (E2EE) ensures only the sender and recipient can read the messages, existing solutions are often not user-friendly or widely adopted.

For example, encrypted emails via PGP or S/MIME are difficult for the average user to set up. While apps like Signal offer secure messaging, their encryption is not always visible or well-understood by many users. Additionally, government organizations in the EU and the US have proposed introducing backdoors into encrypted systems, prompting an open letter from more than 300 researchers warning of the dangers of such measures.

Encrypted multi-channel communication

Computer scientists from the research groups ENCRYPTO, led by Professor Thomas Schneider, and PEASEC, led by Professor Christian Reuter, have now developed a solution that balances ease of use, privacy, and security without creating a single point of failure or requiring cumbersome registration processes. The result is EMC² (Encrypted Multi-Channel Communication), which leverages the modern proliferation of messaging apps to distribute encrypted message parts across multiple independent communication channels.

EMC² encrypts a plaintext message in two steps using a technique inspired by the so-called one-time pad encryption. In the first step, the plaintext message is converted into binary form, e.g., the word “hello” into the number 11010. In the second step, these binary numbers are then encrypted using a random sequence of numbers, similar to flipping a coin, where heads means that the numerical value remains the same and tails means that the numerical value is flipped from 1 to 0 or from 0 to 1.

The encrypted text and the random sequence of numbers are then sent separately via independent communication channels. The recipient can then use EMC² to enter the two messages and decrypt the plain text. This distributed trust system adds an additional layer of security that ensures that the confidentiality of a message is maintained as long as attackers do not intercept all parts of a message.

Provider independent security

Techniques like EMC² are particularly relevant for sensitive professions such as law, where confidentiality is paramount. The researchers’ goal is not to replace existing messaging apps such as Signal, but rather to increase the security of sensitive messages by developing an overarching, independent tool that distributes trust across multiple communication services.

The tool developed as part of the research is now available on a public website for anyone interested to try out, along with a video that explains the process in a way that is easy to understand. The solution is independent of individual service providers, requires no registration or set-up, is easy to understand and can be used via existing communication channels. In addition, the proposed method strengthens the argument against governmentally enforced backdoors in messenger apps by demonstrating their ineffectiveness.