{"version":"1.0.0","segments":[{"speaker":"Deirdre","startTime":12.77,"endTime":12.959,"body":"Hello."},{"speaker":"Deirdre","startTime":13.42,"endTime":15.71,"body":"Welcome to Security"},{"speaker":"Deirdre","startTime":13.42,"endTime":15.71,"body":"Cryptography Whatever."},{"speaker":"Deirdre","startTime":15.75,"endTime":16.639,"body":"I'm Deirdre."},{"speaker":"David","startTime":16.779,"endTime":17.499,"body":"I'm David."},{"speaker":"Deirdre","startTime":17.879,"endTime":19.88,"body":"And we have"},{"speaker":"Deirdre","startTime":17.879,"endTime":19.88,"body":"a special guest today."},{"speaker":"Deirdre","startTime":19.88,"endTime":23.419,"body":"We have Professor Douglas"},{"speaker":"Deirdre","startTime":19.88,"endTime":23.419,"body":"Stebila with us, hi, Douglas."},{"speaker":"Douglas","startTime":23.83,"endTime":24.31,"body":"Good morning."},{"speaker":"Deirdre","startTime":24.47,"endTime":29.34,"body":"Douglas is— very"},{"speaker":"Deirdre","startTime":24.47,"endTime":29.34,"body":"rapidly agreed to join us"},{"speaker":"Deirdre","startTime":29.38,"endTime":34.85,"body":"after a new announcement from"},{"speaker":"Deirdre","startTime":29.38,"endTime":34.85,"body":"Apple about a post-quantum"},{"speaker":"Deirdre","startTime":34.85,"endTime":36.85,"body":"security upgrade to iMessage."},{"speaker":"Deirdre","startTime":37.86,"endTime":41.23,"body":"And not just a post-quantum"},{"speaker":"Deirdre","startTime":37.86,"endTime":41.23,"body":"security message to upgrade"},{"speaker":"Deirdre","startTime":41.23,"endTime":44.43,"body":"to iMessage, but a whole"},{"speaker":"Deirdre","startTime":41.23,"endTime":44.43,"body":"bunch of upgrades to their"},{"speaker":"Deirdre","startTime":44.68,"endTime":48.42,"body":"iMessage protocol that"},{"speaker":"Deirdre","startTime":44.68,"endTime":48.42,"body":"have been updated in other"},{"speaker":"Deirdre","startTime":48.45,"endTime":49.85,"body":"secure messaging protocols."},{"speaker":"Deirdre","startTime":50.11,"endTime":54.199,"body":"And now Apple is just sort"},{"speaker":"Deirdre","startTime":50.11,"endTime":54.199,"body":"of rushing ahead of everybody"},{"speaker":"Deirdre","startTime":54.199,"endTime":55.3,"body":"on a whole bunch of fronts."},{"speaker":"Deirdre","startTime":55.31,"endTime":56.56,"body":"And it's pretty interesting."},{"speaker":"Deirdre","startTime":56.83,"endTime":59.53,"body":"We've invited Douglas to join"},{"speaker":"Deirdre","startTime":56.83,"endTime":59.53,"body":"us because he wrote a security"},{"speaker":"Deirdre","startTime":59.53,"endTime":62.47,"body":"analysis that Apple published"},{"speaker":"Deirdre","startTime":59.53,"endTime":62.47,"body":"as part of their announcement."},{"speaker":"Deirdre","startTime":62.84,"endTime":66.509,"body":"And he was the first one to"},{"speaker":"Deirdre","startTime":62.84,"endTime":66.509,"body":"say, yes, I can jump on a"},{"speaker":"Deirdre","startTime":66.559,"endTime":67.729,"body":"call with you for an hour."},{"speaker":"Deirdre","startTime":68.11,"endTime":70.29,"body":"For the record, we reached out"},{"speaker":"Deirdre","startTime":68.11,"endTime":70.29,"body":"to some people at Apple and"},{"speaker":"Deirdre","startTime":70.29,"endTime":71.369,"body":"they did not get back to us."},{"speaker":"Deirdre","startTime":71.369,"endTime":72.689,"body":"So Douglas wins."},{"speaker":"Deirdre","startTime":74.109,"endTime":78.52,"body":"So, Douglas, can you tell"},{"speaker":"Deirdre","startTime":74.109,"endTime":78.52,"body":"us a little bit about one,"},{"speaker":"Deirdre","startTime":78.53,"endTime":82.88,"body":"iMessage and two, the changes"},{"speaker":"Deirdre","startTime":78.53,"endTime":82.88,"body":"that Apple has made to"},{"speaker":"Deirdre","startTime":82.91,"endTime":84.839,"body":"iMessage that you analyzed?"},{"speaker":"Douglas","startTime":85.37,"endTime":85.56,"body":"Yeah."},{"speaker":"Douglas","startTime":85.56,"endTime":89.839,"body":"So iMessage is Apple's very"},{"speaker":"Douglas","startTime":85.56,"endTime":89.839,"body":"large scale consumer instant"},{"speaker":"Douglas","startTime":89.84,"endTime":94.22,"body":"messaging app and provides"},{"speaker":"Douglas","startTime":89.84,"endTime":94.22,"body":"end-to-end encryption."},{"speaker":"Douglas","startTime":94.23,"endTime":99.05,"body":"And so the announcement on"},{"speaker":"Douglas","startTime":94.23,"endTime":99.05,"body":"this week talked about their"},{"speaker":"Douglas","startTime":99.05,"endTime":102.619,"body":"addition of post-quantum"},{"speaker":"Douglas","startTime":99.05,"endTime":102.619,"body":"cryptography to iMessage."},{"speaker":"Douglas","startTime":102.92,"endTime":107.369,"body":"And so the cryptographic"},{"speaker":"Douglas","startTime":102.92,"endTime":107.369,"body":"structure of the protocol"},{"speaker":"Douglas","startTime":107.379,"endTime":112.94,"body":"that they announced is that"},{"speaker":"Douglas","startTime":107.379,"endTime":112.94,"body":"it has a handshake and then"},{"speaker":"Douglas","startTime":113.0,"endTime":116.36,"body":"a kind of double ratchet"},{"speaker":"Douglas","startTime":113.0,"endTime":116.36,"body":"structure similar to we're"},{"speaker":"Douglas","startTime":116.36,"endTime":117.949,"body":"familiar with in Signal."},{"speaker":"Douglas","startTime":118.38,"endTime":120.89,"body":"And so whereas it had been"},{"speaker":"Douglas","startTime":118.38,"endTime":120.89,"body":"previously using Diffie-Hellman"},{"speaker":"Douglas","startTime":121.38,"endTime":127.199,"body":"key exchange in the initial"},{"speaker":"Douglas","startTime":121.38,"endTime":127.199,"body":"handshake and the asymmetric"},{"speaker":"Douglas","startTime":127.199,"endTime":128.639,"body":"ratchet ellliptic curve"},{"speaker":"Douglas","startTime":127.199,"endTime":128.639,"body":"Diffie-Hellman key exchange,"},{"speaker":"Douglas","startTime":129.15,"endTime":133.87,"body":"they've now added post-quantum"},{"speaker":"Douglas","startTime":129.15,"endTime":133.87,"body":"KEMs there, specifically ML-KEM."},{"speaker":"Deirdre","startTime":134.32,"endTime":137.55,"body":"And so they're using,"},{"speaker":"Deirdre","startTime":134.32,"endTime":137.55,"body":"I made sure to double check,"},{"speaker":"Deirdre","startTime":137.55,"endTime":141.63,"body":"because in a couple, the"},{"speaker":"Deirdre","startTime":137.55,"endTime":141.63,"body":"post and the two papers, they"},{"speaker":"Deirdre","startTime":141.63,"endTime":144.319,"body":"had said different things in"},{"speaker":"Deirdre","startTime":141.63,"endTime":144.319,"body":"different places about whether"},{"speaker":"Deirdre","startTime":144.32,"endTime":146.319,"body":"they were using Kyber or ML-KEM."},{"speaker":"Deirdre","startTime":146.69,"endTime":149.619,"body":"And some people have"},{"speaker":"Deirdre","startTime":146.69,"endTime":149.619,"body":"basically confirmed."},{"speaker":"Deirdre","startTime":149.64,"endTime":151.07,"body":"It's all ML-KEM."},{"speaker":"Deirdre","startTime":152.15,"endTime":154.469,"body":"I have a feeling they were"},{"speaker":"Deirdre","startTime":152.15,"endTime":154.469,"body":"working on this for a while."},{"speaker":"Deirdre","startTime":154.469,"endTime":157.844,"body":"And so they started with Kyber,"},{"speaker":"Deirdre","startTime":154.469,"endTime":157.844,"body":"and then they moved to ML-KEM"},{"speaker":"Deirdre","startTime":158.15,"endTime":161.109,"body":"because that seems to be the"},{"speaker":"Deirdre","startTime":158.15,"endTime":161.109,"body":"case for a lot of parties."},{"speaker":"Deirdre","startTime":161.44,"endTime":167.54,"body":"But anyway, they're using ML-KEM"},{"speaker":"Deirdre","startTime":161.44,"endTime":167.54,"body":"1024 for their post-quantum"},{"speaker":"Deirdre","startTime":167.56,"endTime":171.88,"body":"upgrades to their device keys"},{"speaker":"Deirdre","startTime":167.56,"endTime":171.88,"body":"or identity keys for part of"},{"speaker":"Deirdre","startTime":171.88,"endTime":174.03,"body":"the session's initial handshake."},{"speaker":"Deirdre","startTime":174.53,"endTime":177.55,"body":"And then one of the big"},{"speaker":"Deirdre","startTime":174.53,"endTime":177.55,"body":"things is they are including"},{"speaker":"Deirdre","startTime":177.74,"endTime":184.03,"body":"ML-KEM 768 keys every so often"},{"speaker":"Deirdre","startTime":177.74,"endTime":184.03,"body":"when they do the ratcheting"},{"speaker":"Deirdre","startTime":184.1,"endTime":188.24,"body":"during the ongoing back and"},{"speaker":"Deirdre","startTime":184.1,"endTime":188.24,"body":"forth messaging conversation."},{"speaker":"Deirdre","startTime":188.76,"endTime":191.84,"body":"And one thing that's"},{"speaker":"Deirdre","startTime":188.76,"endTime":191.84,"body":"interesting is one Signal"},{"speaker":"Deirdre","startTime":191.84,"endTime":195.379,"body":"made a post-quantum upgrade"},{"speaker":"Deirdre","startTime":191.84,"endTime":195.379,"body":"recently, but just to their"},{"speaker":"Deirdre","startTime":195.7,"endTime":200.14,"body":"conversation setup handshake,"},{"speaker":"Deirdre","startTime":195.7,"endTime":200.14,"body":"not ongoing post-quantum"},{"speaker":"Deirdre","startTime":200.15,"endTime":201.42,"body":"updates to the ratcheting."},{"speaker":"Deirdre","startTime":202.35,"endTime":205.1,"body":"And no one else has done"},{"speaker":"Deirdre","startTime":202.35,"endTime":205.1,"body":"any post-quantum updates to"},{"speaker":"Deirdre","startTime":205.1,"endTime":208.67,"body":"their ratcheting like this,"},{"speaker":"Deirdre","startTime":205.1,"endTime":208.67,"body":"of any similar conversation"},{"speaker":"Deirdre","startTime":208.67,"endTime":210.679,"body":"that I've seen before,"},{"speaker":"Deirdre","startTime":208.67,"endTime":210.679,"body":"any sort of end-to-end"},{"speaker":"Deirdre","startTime":210.679,"endTime":211.8,"body":"messaging conversation."},{"speaker":"Deirdre","startTime":212.27,"endTime":216.42,"body":"Apple is the first, but"},{"speaker":"Deirdre","startTime":212.27,"endTime":216.42,"body":"they're only doing it if I'm"},{"speaker":"Deirdre","startTime":216.42,"endTime":221.739,"body":"correct, every 50 messages,"},{"speaker":"Deirdre","startTime":216.42,"endTime":221.739,"body":"or at least every seven days."},{"speaker":"Deirdre","startTime":221.97,"endTime":224.5,"body":"I think they have a more"},{"speaker":"Deirdre","startTime":221.97,"endTime":224.5,"body":"complicated heuristic under"},{"speaker":"Deirdre","startTime":224.5,"endTime":227.899,"body":"the hood, but those are kind of"},{"speaker":"Deirdre","startTime":224.5,"endTime":227.899,"body":"the bounds of that heuristic."},{"speaker":"Deirdre","startTime":228.309,"endTime":231.929,"body":"And they said that they're"},{"speaker":"Deirdre","startTime":228.309,"endTime":231.929,"body":"only doing that only that"},{"speaker":"Deirdre","startTime":231.929,"endTime":236.91,"body":"often because these ML-KEM"},{"speaker":"Deirdre","startTime":231.929,"endTime":236.91,"body":"keys are so large on the wire"},{"speaker":"Deirdre","startTime":236.93,"endTime":238.1,"body":"and they just can't afford it."},{"speaker":"Deirdre","startTime":238.5,"endTime":240.06,"body":"Can you tell a little"},{"speaker":"Deirdre","startTime":238.5,"endTime":240.06,"body":"bit more about that?"},{"speaker":"Douglas","startTime":240.74,"endTime":241.6,"body":"Yeah, that's"},{"speaker":"Douglas","startTime":240.74,"endTime":241.6,"body":"right, Deirdre."},{"speaker":"Douglas","startTime":241.6,"endTime":246.679,"body":"So ML-KEM keys are, well,"},{"speaker":"Douglas","startTime":241.6,"endTime":246.679,"body":"a key exchange with ML-KEM"},{"speaker":"Douglas","startTime":246.679,"endTime":252.129,"body":"is a couple of kilobytes of"},{"speaker":"Douglas","startTime":246.679,"endTime":252.129,"body":"communication, whereas with ECDH"},{"speaker":"Douglas","startTime":252.159,"endTime":254.92,"body":"we're looking at 32 or 64 bytes."},{"speaker":"Douglas","startTime":255.22,"endTime":258.19,"body":"So there's a pretty"},{"speaker":"Douglas","startTime":255.22,"endTime":258.19,"body":"big increase there."},{"speaker":"Douglas","startTime":258.55,"endTime":262.259,"body":"And so you have to kind of make"},{"speaker":"Douglas","startTime":258.55,"endTime":262.259,"body":"a decision whether you want to"},{"speaker":"Douglas","startTime":262.26,"endTime":268.23,"body":"pay that two kilobyte cost on"},{"speaker":"Douglas","startTime":262.26,"endTime":268.23,"body":"every round trip that you do."},{"speaker":"Douglas","startTime":268.6,"endTime":271.7,"body":"And for chat messages where"},{"speaker":"Douglas","startTime":268.6,"endTime":271.7,"body":"the message itself could"},{"speaker":"Douglas","startTime":271.7,"endTime":275.94,"body":"be a two character emoji"},{"speaker":"Douglas","startTime":271.7,"endTime":275.94,"body":"or something, that's a"},{"speaker":"Douglas","startTime":276.4,"endTime":277.62,"body":"pretty substantial overhead."},{"speaker":"Douglas","startTime":277.9,"endTime":279.039,"body":"So it's a choice to make."},{"speaker":"Douglas","startTime":279.669,"endTime":283.12,"body":"And, yeah, so what you described"},{"speaker":"Douglas","startTime":279.669,"endTime":283.12,"body":"is my understanding that there's"},{"speaker":"Douglas","startTime":283.42,"endTime":286.369,"body":"an amortization, basically"},{"speaker":"Douglas","startTime":283.42,"endTime":286.369,"body":"that they'll send the post"},{"speaker":"Douglas","startTime":286.529,"endTime":287.949,"body":"during the asymmetric ratchet."},{"speaker":"Douglas","startTime":288.18,"endTime":292.52,"body":"They'll send ML-KEM keys"},{"speaker":"Douglas","startTime":288.18,"endTime":292.52,"body":"periodically, and I think that's"},{"speaker":"Douglas","startTime":292.52,"endTime":296.27,"body":"a tunable parameter they're"},{"speaker":"Douglas","startTime":292.52,"endTime":296.27,"body":"able to adjust over time."},{"speaker":"Douglas","startTime":296.45,"endTime":299.29,"body":"But in a setup right now,"},{"speaker":"Douglas","startTime":296.45,"endTime":299.29,"body":"what they've said is that"},{"speaker":"Douglas","startTime":299.29,"endTime":302.859,"body":"it's every 50 messages, or"},{"speaker":"Douglas","startTime":299.29,"endTime":302.859,"body":"at least every seven days,"},{"speaker":"Douglas","startTime":303.049,"endTime":305.51,"body":"depending on how frequently"},{"speaker":"Douglas","startTime":303.049,"endTime":305.51,"body":"the device is being used."},{"speaker":"Deirdre","startTime":305.59,"endTime":307.49,"body":"Okay, that's"},{"speaker":"Deirdre","startTime":305.59,"endTime":307.49,"body":"pretty interesting."},{"speaker":"Deirdre","startTime":307.49,"endTime":310.71,"body":"I would be very—"},{"speaker":"Deirdre","startTime":307.49,"endTime":310.71,"body":"unfortunately, Apple has"},{"speaker":"Deirdre","startTime":310.71,"endTime":314.03,"body":"never released anything like"},{"speaker":"Deirdre","startTime":310.71,"endTime":314.03,"body":"a specification for iMessage."},{"speaker":"Deirdre","startTime":314.9,"endTime":318.989,"body":"It's all been kind of reverse"},{"speaker":"Deirdre","startTime":314.9,"endTime":318.989,"body":"engineering how it works and"},{"speaker":"Deirdre","startTime":318.99,"endTime":322.109,"body":"having people like you kind"},{"speaker":"Deirdre","startTime":318.99,"endTime":322.109,"body":"of blessed to look inside the"},{"speaker":"Deirdre","startTime":322.109,"endTime":325.469,"body":"curtain and do an analysis"},{"speaker":"Deirdre","startTime":322.109,"endTime":325.469,"body":"and then release an analysis."},{"speaker":"Deirdre","startTime":325.77,"endTime":328.67,"body":"So I would be very interested"},{"speaker":"Deirdre","startTime":325.77,"endTime":328.67,"body":"to look at it from like a"},{"speaker":"Deirdre","startTime":328.88,"endTime":332.049,"body":"protocol design perspective or"},{"speaker":"Deirdre","startTime":328.88,"endTime":332.049,"body":"an implementation perspective"},{"speaker":"Deirdre","startTime":332.059,"endTime":335.799,"body":"where that turnable parameter"},{"speaker":"Deirdre","startTime":332.059,"endTime":335.799,"body":"lives and how far is it"},{"speaker":"Deirdre","startTime":335.8,"endTime":336.989,"body":"exposed and stuff like that."},{"speaker":"Deirdre","startTime":337.24,"endTime":341.809,"body":"But anyway, can you tell us a"},{"speaker":"Deirdre","startTime":337.24,"endTime":341.809,"body":"little bit about what you looked"},{"speaker":"Deirdre","startTime":341.859,"endTime":344.85,"body":"at to do your security analysis?"},{"speaker":"Deirdre","startTime":344.87,"endTime":349.429,"body":"And for those listening,"},{"speaker":"Deirdre","startTime":344.87,"endTime":349.429,"body":"Apple released Douglas's"},{"speaker":"Deirdre","startTime":349.48,"endTime":352.26,"body":"security analysis on their"},{"speaker":"Deirdre","startTime":349.48,"endTime":352.26,"body":"website, and we'll link"},{"speaker":"Deirdre","startTime":352.28,"endTime":353.47,"body":"to that in our show notes."},{"speaker":"Deirdre","startTime":353.59,"endTime":357.08,"body":"And this is a straightforward,"},{"speaker":"Deirdre","startTime":353.59,"endTime":357.08,"body":"like, I'm a cryptographer,"},{"speaker":"Deirdre","startTime":357.5,"endTime":359.829,"body":"I'm modeling this"},{"speaker":"Deirdre","startTime":357.5,"endTime":359.829,"body":"as a security game."},{"speaker":"Deirdre","startTime":360.33,"endTime":362.24,"body":"This is like game-based proofs."},{"speaker":"Deirdre","startTime":362.5,"endTime":365.799,"body":"This is not some of the"},{"speaker":"Deirdre","startTime":362.5,"endTime":365.799,"body":"computer aided cryptography"},{"speaker":"Deirdre","startTime":365.8,"endTime":368.49,"body":"proofs that we've talked about"},{"speaker":"Deirdre","startTime":365.8,"endTime":368.49,"body":"on this podcast recently."},{"speaker":"Deirdre","startTime":368.82,"endTime":371.349,"body":"This is bread and butter, I'm"},{"speaker":"Deirdre","startTime":368.82,"endTime":371.349,"body":"sitting down, I'm using my"},{"speaker":"Deirdre","startTime":371.36,"endTime":374.9,"body":"brain, and I'm drawing up some"},{"speaker":"Deirdre","startTime":371.36,"endTime":374.9,"body":"security proof sort of analysis."},{"speaker":"Deirdre","startTime":374.91,"endTime":376.979,"body":"Can you tell us a little"},{"speaker":"Deirdre","startTime":374.91,"endTime":376.979,"body":"bit how you approached it?"},{"speaker":"Douglas","startTime":377.68,"endTime":377.93,"body":"Sure."},{"speaker":"Douglas","startTime":378.03,"endTime":381.72,"body":"So Apple gave me kind of their"},{"speaker":"Douglas","startTime":378.03,"endTime":381.72,"body":"version of the design document"},{"speaker":"Douglas","startTime":381.72,"endTime":387.61,"body":"and the protocol description,"},{"speaker":"Douglas","startTime":381.72,"endTime":387.61,"body":"and so I kind of translated that"},{"speaker":"Douglas","startTime":387.61,"endTime":392.149,"body":"to the format that I understand,"},{"speaker":"Douglas","startTime":387.61,"endTime":392.149,"body":"pseudocode in a paper in LaTeX."},{"speaker":"Douglas","startTime":392.839,"endTime":396.039,"body":"And so that's what's in the"},{"speaker":"Douglas","startTime":392.839,"endTime":396.039,"body":"security analysis that I wrote"},{"speaker":"Douglas","startTime":396.07,"endTime":400.15,"body":"for them that they've released,"},{"speaker":"Douglas","startTime":396.07,"endTime":400.15,"body":"and they kind of reviewed"},{"speaker":"Douglas","startTime":400.15,"endTime":403.93,"body":"that my interpretation of"},{"speaker":"Douglas","startTime":400.15,"endTime":403.93,"body":"what they gave me was correct."},{"speaker":"Deirdre","startTime":404.11,"endTime":404.31,"body":"Good."},{"speaker":"Douglas","startTime":404.31,"endTime":407.519,"body":"And then I proceeded"},{"speaker":"Douglas","startTime":404.31,"endTime":407.519,"body":"with the analysis from there."},{"speaker":"Deirdre","startTime":407.77,"endTime":408.299,"body":"Okay."},{"speaker":"Deirdre","startTime":408.36,"endTime":411.349,"body":"So deduced security properties"},{"speaker":"Deirdre","startTime":408.36,"endTime":411.349,"body":"that they were trying to"},{"speaker":"Deirdre","startTime":411.349,"endTime":414.159,"body":"achieve, or did they say,"},{"speaker":"Deirdre","startTime":411.349,"endTime":414.159,"body":"we are trying to achieve"},{"speaker":"Deirdre","startTime":414.42,"endTime":416.93,"body":"certain security properties,"},{"speaker":"Deirdre","startTime":414.42,"endTime":416.93,"body":"please double check our"},{"speaker":"Deirdre","startTime":416.93,"endTime":418.2,"body":"work, or something like that."},{"speaker":"Douglas","startTime":418.25,"endTime":418.42,"body":"Yeah."},{"speaker":"Douglas","startTime":418.42,"endTime":419.689,"body":"They were very clear"},{"speaker":"Douglas","startTime":418.42,"endTime":419.689,"body":"from the outset on the"},{"speaker":"Douglas","startTime":419.71,"endTime":421.46,"body":"security properties that"},{"speaker":"Douglas","startTime":419.71,"endTime":421.46,"body":"they were aiming for."},{"speaker":"Douglas","startTime":421.46,"endTime":426.509,"body":"So post compromise security"},{"speaker":"Douglas","startTime":421.46,"endTime":426.509,"body":"or healing, forward secrecy."},{"speaker":"Douglas","startTime":427.67,"endTime":429.86,"body":"So forward secrecy on"},{"speaker":"Douglas","startTime":427.67,"endTime":429.86,"body":"both the asymmetric"},{"speaker":"Douglas","startTime":429.86,"endTime":430.45,"body":"and symmetric ratchets."},{"speaker":"Douglas","startTime":430.76,"endTime":435.07,"body":"Post compromise security on"},{"speaker":"Douglas","startTime":430.76,"endTime":435.07,"body":"the asymmetric ratchet, both"},{"speaker":"Douglas","startTime":435.07,"endTime":439.89,"body":"post-quantum and elliptic curve"},{"speaker":"Douglas","startTime":435.07,"endTime":439.89,"body":"assumptions for that part, and"},{"speaker":"Douglas","startTime":439.89,"endTime":444.419,"body":"also confidentiality in the"},{"speaker":"Douglas","startTime":439.89,"endTime":444.419,"body":"session key establishment, the"},{"speaker":"Douglas","startTime":444.419,"endTime":445.859,"body":"initial handshake establishment."},{"speaker":"Deirdre","startTime":446.49,"endTime":451.93,"body":"So did you have some"},{"speaker":"Deirdre","startTime":446.49,"endTime":451.93,"body":"sort of tunable advantage when"},{"speaker":"Deirdre","startTime":451.93,"endTime":454.68,"body":"the post compromise security"},{"speaker":"Deirdre","startTime":451.93,"endTime":454.68,"body":"and the forward secrecy stuff"},{"speaker":"Deirdre","startTime":454.68,"endTime":458.92,"body":"was being analyzed, given"},{"speaker":"Deirdre","startTime":454.68,"endTime":458.92,"body":"this heuristic of, \"we're"},{"speaker":"Deirdre","startTime":458.96,"endTime":463.174,"body":"only updating our post-quantum"},{"speaker":"Deirdre","startTime":458.96,"endTime":463.174,"body":"security with these ML-KEM"},{"speaker":"Deirdre","startTime":463.46,"endTime":468.069,"body":"ratcheting keys every 50 or"},{"speaker":"Deirdre","startTime":463.46,"endTime":468.069,"body":"so\", or up to seven days,"},{"speaker":"Deirdre","startTime":468.559,"endTime":471.32,"body":"however, that is measured"},{"speaker":"Deirdre","startTime":468.559,"endTime":471.32,"body":"in terms of advantage."},{"speaker":"Deirdre","startTime":471.33,"endTime":472.6,"body":"How did you account for that?"},{"speaker":"Deirdre","startTime":472.6,"endTime":479.48,"body":"Sort of like, when it's"},{"speaker":"Deirdre","startTime":472.6,"endTime":479.48,"body":"literally like the original"},{"speaker":"Deirdre","startTime":479.49,"endTime":483.87,"body":"Signal ratcheting double"},{"speaker":"Deirdre","startTime":479.49,"endTime":483.87,"body":"ratchet design is you send a new"},{"speaker":"Deirdre","startTime":483.94,"endTime":488.49,"body":"handshake, Diffie-Hellman every,"},{"speaker":"Deirdre","startTime":483.94,"endTime":488.49,"body":"like, I send a message and"},{"speaker":"Deirdre","startTime":488.49,"endTime":490.33,"body":"my partner sends me one back."},{"speaker":"Deirdre","startTime":490.79,"endTime":493.59,"body":"If they haven't sent one"},{"speaker":"Deirdre","startTime":490.79,"endTime":493.59,"body":"back to you in a while, and"},{"speaker":"Deirdre","startTime":493.59,"endTime":495.67,"body":"you just keep sending them,"},{"speaker":"Deirdre","startTime":493.59,"endTime":495.67,"body":"like, I saw this TikTok."},{"speaker":"Deirdre","startTime":495.94,"endTime":496.76,"body":"I saw this TikTok."},{"speaker":"Deirdre","startTime":496.76,"endTime":497.639,"body":"I saw this TikTok."},{"speaker":"Deirdre","startTime":497.69,"endTime":499.699,"body":"That's where the symmetric"},{"speaker":"Deirdre","startTime":497.69,"endTime":499.699,"body":"ratchet comes in."},{"speaker":"Deirdre","startTime":500.17,"endTime":503.64,"body":"And you're not doing the"},{"speaker":"Deirdre","startTime":500.17,"endTime":503.64,"body":"asymmetric ratchet, but when you"},{"speaker":"Deirdre","startTime":503.65,"endTime":506.61,"body":"finally complete another back"},{"speaker":"Deirdre","startTime":503.65,"endTime":506.61,"body":"and forth handshake, that's when"},{"speaker":"Deirdre","startTime":506.61,"endTime":507.53,"body":"you do an asymmetric ratchet."},{"speaker":"Deirdre","startTime":507.58,"endTime":511.88,"body":"So that's a very deterministic"},{"speaker":"Deirdre","startTime":507.58,"endTime":511.88,"body":"way to analyze the post"},{"speaker":"Deirdre","startTime":511.88,"endTime":514.49,"body":"compromise security and"},{"speaker":"Deirdre","startTime":511.88,"endTime":514.49,"body":"the forward security that"},{"speaker":"Deirdre","startTime":514.49,"endTime":515.409,"body":"the ratchet gives you."},{"speaker":"Deirdre","startTime":515.75,"endTime":519.75,"body":"How do you analyze the sort"},{"speaker":"Deirdre","startTime":515.75,"endTime":519.75,"body":"of, like, maybe it's every 50?"},{"speaker":"Deirdre","startTime":519.919,"endTime":521.829,"body":"Maybe it's every seven days?"},{"speaker":"Deirdre","startTime":521.869,"endTime":522.639,"body":"Who knows?"},{"speaker":"Deirdre","startTime":523.059,"endTime":524.159,"body":"How do you do that?"},{"speaker":"Douglas","startTime":524.96,"endTime":525.32,"body":"Right."},{"speaker":"Douglas","startTime":525.54,"endTime":529.64,"body":"So, basically, the model that"},{"speaker":"Douglas","startTime":525.54,"endTime":529.64,"body":"I kind of gave of the protocol"},{"speaker":"Douglas","startTime":529.75,"endTime":532.58,"body":"is actually kind of assuming"},{"speaker":"Douglas","startTime":529.75,"endTime":532.58,"body":"that there's both ratchets"},{"speaker":"Douglas","startTime":532.59,"endTime":535.119,"body":"happening, both post-quantum"},{"speaker":"Douglas","startTime":532.59,"endTime":535.119,"body":"and elliptic curves happening"},{"speaker":"Douglas","startTime":535.59,"endTime":539.669,"body":"in each step, and so that kind"},{"speaker":"Douglas","startTime":535.59,"endTime":539.669,"body":"of simplifies the analysis."},{"speaker":"Deirdre","startTime":540.529,"endTime":540.659,"body":"Okay."},{"speaker":"Douglas","startTime":541.29,"endTime":543.89,"body":"And then if you"},{"speaker":"Douglas","startTime":541.29,"endTime":543.89,"body":"wanted to leave out one of"},{"speaker":"Douglas","startTime":543.89,"endTime":546.89,"body":"the components, you could do"},{"speaker":"Douglas","startTime":543.89,"endTime":546.89,"body":"so and extend the analysis."},{"speaker":"Douglas","startTime":547.22,"endTime":549.739,"body":"But the write up that"},{"speaker":"Douglas","startTime":547.22,"endTime":549.739,"body":"I have just focuses on"},{"speaker":"Douglas","startTime":549.75,"endTime":551.86,"body":"both of them happening"},{"speaker":"Douglas","startTime":549.75,"endTime":551.86,"body":"at once for simplicity."},{"speaker":"Deirdre","startTime":552.04,"endTime":552.5,"body":"Okay."},{"speaker":"Deirdre","startTime":553.03,"endTime":554.759,"body":"Both of them happening at once."},{"speaker":"Deirdre","startTime":555.54,"endTime":560.36,"body":"So did you kind of give sort"},{"speaker":"Deirdre","startTime":555.54,"endTime":560.36,"body":"of like a bound on if it"},{"speaker":"Deirdre","startTime":560.4,"endTime":566.45,"body":"at least happens every 50"},{"speaker":"Deirdre","startTime":560.4,"endTime":566.45,"body":"messages, that means blah, or"},{"speaker":"Deirdre","startTime":567.11,"endTime":568.22,"body":"am I asking the wrong question?"},{"speaker":"Douglas","startTime":569.41,"endTime":569.839,"body":"No."},{"speaker":"Douglas","startTime":569.84,"endTime":573.909,"body":"So, basically, on the asymmetric"},{"speaker":"Douglas","startTime":569.84,"endTime":573.909,"body":"ratchet, the analysis here"},{"speaker":"Douglas","startTime":573.92,"endTime":579.76,"body":"is doing a post-quantum and"},{"speaker":"Douglas","startTime":573.92,"endTime":579.76,"body":"elliptic curve exchange on every"},{"speaker":"Douglas","startTime":580.78,"endTime":582.11,"body":"step of the asymmetric ratchet."},{"speaker":"Deirdre","startTime":584.27,"endTime":584.88,"body":"Interesting."},{"speaker":"Deirdre","startTime":585.26,"endTime":590.74,"body":"So your sort of analysis is"},{"speaker":"Deirdre","startTime":585.26,"endTime":590.74,"body":"the ideal when this tunable"},{"speaker":"Deirdre","startTime":590.75,"endTime":594.06,"body":"parameter is, like, cranked"},{"speaker":"Deirdre","startTime":590.75,"endTime":594.06,"body":"up to, we don't care about no"},{"speaker":"Deirdre","startTime":594.06,"endTime":597.315,"body":"stinking badges, we're just"},{"speaker":"Deirdre","startTime":594.06,"endTime":597.315,"body":"going to send them all the"},{"speaker":"Deirdre","startTime":597.36,"endTime":600.81,"body":"time, every time an asymmetric"},{"speaker":"Deirdre","startTime":597.36,"endTime":600.81,"body":"ratchet is appropriate."},{"speaker":"Douglas","startTime":601.28,"endTime":601.56,"body":"Right."},{"speaker":"Deirdre","startTime":601.57,"endTime":604.12,"body":"So it sounds like,"},{"speaker":"Deirdre","startTime":601.57,"endTime":604.12,"body":"strictly speaking, what Apple"},{"speaker":"Deirdre","startTime":604.12,"endTime":607.27,"body":"is deploying, at least right"},{"speaker":"Deirdre","startTime":604.12,"endTime":607.27,"body":"now, and can be tunable later,"},{"speaker":"Deirdre","startTime":607.57,"endTime":610.979,"body":"is strictly below what you"},{"speaker":"Deirdre","startTime":607.57,"endTime":610.979,"body":"have analyzed in the paper."},{"speaker":"Douglas","startTime":611.709,"endTime":612.419,"body":"Yeah, I guess so."},{"speaker":"Deirdre","startTime":614.37,"endTime":614.83,"body":"Okay."},{"speaker":"Deirdre","startTime":616.39,"endTime":621.35,"body":"I'm not aware of a nice,"},{"speaker":"Deirdre","startTime":616.39,"endTime":621.35,"body":"measurable advantage of an"},{"speaker":"Deirdre","startTime":621.36,"endTime":624.54,"body":"adversary of, like, oh, we"},{"speaker":"Deirdre","startTime":621.36,"endTime":624.54,"body":"only do ratcheting every"},{"speaker":"Deirdre","startTime":624.54,"endTime":628.179,"body":"50 handshakes, and we only"},{"speaker":"Deirdre","startTime":624.54,"endTime":628.179,"body":"do ratcheting, and it could"},{"speaker":"Deirdre","startTime":628.19,"endTime":631.31,"body":"be somewhere between 50"},{"speaker":"Deirdre","startTime":628.19,"endTime":631.31,"body":"and a million, whatever."},{"speaker":"Deirdre","startTime":631.48,"endTime":635.25,"body":"So I was very curious if you"},{"speaker":"Deirdre","startTime":631.48,"endTime":635.25,"body":"had pioneered a new sort of"},{"speaker":"Deirdre","startTime":635.8,"endTime":637.02,"body":"analysis or something like that."},{"speaker":"Deirdre","startTime":637.02,"endTime":638.849,"body":"But that makes it"},{"speaker":"Deirdre","startTime":637.02,"endTime":638.849,"body":"a lot more obvious."},{"speaker":"Douglas","startTime":639.52,"endTime":640.4,"body":"Yeah,"},{"speaker":"Douglas","startTime":639.52,"endTime":640.4,"body":"you could do that."},{"speaker":"Douglas","startTime":640.4,"endTime":643.55,"body":"I think you'd have to kind of"},{"speaker":"Douglas","startTime":640.4,"endTime":643.55,"body":"exchange the, extend the key"},{"speaker":"Douglas","startTime":643.55,"endTime":647.19,"body":"exchange model to maybe give the"},{"speaker":"Douglas","startTime":643.55,"endTime":647.19,"body":"adversary the chance to control"},{"speaker":"Douglas","startTime":647.19,"endTime":649.54,"body":"how frequent that happens."},{"speaker":"Douglas","startTime":650.05,"endTime":652.689,"body":"And that introduces a whole"},{"speaker":"Douglas","startTime":650.05,"endTime":652.689,"body":"lot of extra bookkeeping,"},{"speaker":"Douglas","startTime":652.82,"endTime":655.35,"body":"keeping, and state management"},{"speaker":"Douglas","startTime":652.82,"endTime":655.35,"body":"into the security experiment."},{"speaker":"Douglas","startTime":655.68,"endTime":657.22,"body":"But you could do it."},{"speaker":"Deirdre","startTime":657.389,"endTime":657.689,"body":"Yeah."},{"speaker":"Deirdre","startTime":657.75,"endTime":658.16,"body":"Okay."},{"speaker":"Deirdre","startTime":658.25,"endTime":661.04,"body":"By the way, how much time"},{"speaker":"Deirdre","startTime":658.25,"endTime":661.04,"body":"did you have to work on this?"},{"speaker":"Douglas","startTime":661.81,"endTime":662.11,"body":"Yeah."},{"speaker":"Douglas","startTime":662.11,"endTime":664.33,"body":"So they reached out to me"},{"speaker":"Douglas","startTime":662.11,"endTime":664.33,"body":"kind of middle of last year"},{"speaker":"Douglas","startTime":664.33,"endTime":665.599,"body":"to start looking at it."},{"speaker":"Deirdre","startTime":665.85,"endTime":666.26,"body":"Okay."},{"speaker":"Deirdre","startTime":666.33,"endTime":666.579,"body":"All right."},{"speaker":"Deirdre","startTime":666.6,"endTime":667.28,"body":"So you had time."},{"speaker":"Deirdre","startTime":669.1,"endTime":669.88,"body":"Just curious."},{"speaker":"Deirdre","startTime":669.97,"endTime":674.71,"body":"One interesting thing is"},{"speaker":"Deirdre","startTime":669.97,"endTime":674.71,"body":"that the setup of the initial"},{"speaker":"Deirdre","startTime":674.71,"endTime":679.01,"body":"handshake has these 1024 bit"},{"speaker":"Deirdre","startTime":674.71,"endTime":679.01,"body":"ML-KEM keys, which are the"},{"speaker":"Deirdre","startTime":679.01,"endTime":681.92,"body":"highest security parameter"},{"speaker":"Deirdre","startTime":679.01,"endTime":681.92,"body":"that's being published by the"},{"speaker":"Deirdre","startTime":681.969,"endTime":686.04,"body":"standard, which makes sense if"},{"speaker":"Deirdre","startTime":681.969,"endTime":686.04,"body":"you're going to root your stuff."},{"speaker":"Deirdre","startTime":686.47,"endTime":687.14,"body":"Sure, why not?"},{"speaker":"Deirdre","startTime":687.15,"endTime":690.11,"body":"This is ostensibly a one time"},{"speaker":"Deirdre","startTime":687.15,"endTime":690.11,"body":"thing, unless you completely"},{"speaker":"Deirdre","startTime":690.11,"endTime":692.66,"body":"reset your session, your chat"},{"speaker":"Deirdre","startTime":690.11,"endTime":692.66,"body":"session or something like that,"},{"speaker":"Deirdre","startTime":692.73,"endTime":694.78,"body":"and then having something,"},{"speaker":"Deirdre","startTime":692.73,"endTime":694.78,"body":"the next step for these"},{"speaker":"Deirdre","startTime":694.78,"endTime":698.33,"body":"ephemeral, for these ratcheting"},{"speaker":"Deirdre","startTime":694.78,"endTime":698.33,"body":"asymmetric ratcheting keys."},{"speaker":"Deirdre","startTime":698.73,"endTime":701.269,"body":"One other thing that seems"},{"speaker":"Deirdre","startTime":698.73,"endTime":701.269,"body":"to jump out at me is that"},{"speaker":"Deirdre","startTime":701.6,"endTime":705.66,"body":"they explicitly call out"},{"speaker":"Deirdre","startTime":701.6,"endTime":705.66,"body":"that they're not doing any"},{"speaker":"Deirdre","startTime":705.73,"endTime":710.1,"body":"post-quantum authentication"},{"speaker":"Deirdre","startTime":705.73,"endTime":710.1,"body":"like signatures in this update."},{"speaker":"Deirdre","startTime":710.13,"endTime":716.139,"body":"And this chimes with the Signal"},{"speaker":"Deirdre","startTime":710.13,"endTime":716.139,"body":"PQ extended Diffie-Hellman"},{"speaker":"Deirdre","startTime":716.509,"endTime":717.609,"body":"update that they did."},{"speaker":"Deirdre","startTime":717.87,"endTime":721.29,"body":"They also have the"},{"speaker":"Deirdre","startTime":717.87,"endTime":721.29,"body":"original Signal setup."},{"speaker":"Deirdre","startTime":721.29,"endTime":724.94,"body":"And kind of similar with"},{"speaker":"Deirdre","startTime":721.29,"endTime":724.94,"body":"iMessage is you have an identity"},{"speaker":"Deirdre","startTime":724.94,"endTime":728.16,"body":"key pair or a device key pair"},{"speaker":"Deirdre","startTime":724.94,"endTime":728.16,"body":"that is associated with an"},{"speaker":"Deirdre","startTime":728.16,"endTime":732.7,"body":"identity, and you can both do"},{"speaker":"Deirdre","startTime":728.16,"endTime":732.7,"body":"that to do Diffie-Hellman like"},{"speaker":"Deirdre","startTime":733.01,"endTime":735.49,"body":"curve25519 Diffie-Hellman."},{"speaker":"Deirdre","startTime":735.79,"endTime":740.18,"body":"And then you can tweak that key"},{"speaker":"Deirdre","startTime":735.79,"endTime":740.18,"body":"pair and you can sign with it."},{"speaker":"Deirdre","startTime":740.19,"endTime":743.51,"body":"And so if you're using"},{"speaker":"Deirdre","startTime":740.19,"endTime":743.51,"body":"what Signal uses, which is"},{"speaker":"Deirdre","startTime":743.51,"endTime":747.54,"body":"curve25519, you can do this"},{"speaker":"Deirdre","startTime":743.51,"endTime":747.54,"body":"transformation and you can use a"},{"speaker":"Deirdre","startTime":747.54,"endTime":750.93,"body":"key pair to do the key exchange,"},{"speaker":"Deirdre","startTime":747.54,"endTime":750.93,"body":"and then you can use that"},{"speaker":"Deirdre","startTime":750.93,"endTime":755.279,"body":"same root of key material to"},{"speaker":"Deirdre","startTime":750.93,"endTime":755.279,"body":"sign with Ed25519 or something"},{"speaker":"Deirdre","startTime":755.279,"endTime":757.459,"body":"like that signature scheme."},{"speaker":"Deirdre","startTime":758.41,"endTime":759.49,"body":"Apple uses the same thing."},{"speaker":"Deirdre","startTime":759.49,"endTime":761.59,"body":"They're doing everything"},{"speaker":"Deirdre","startTime":759.49,"endTime":761.59,"body":"with P-256, so it's ECDSA"},{"speaker":"Deirdre","startTime":762.32,"endTime":763.1,"body":"and stuff like that."},{"speaker":"Deirdre","startTime":763.42,"endTime":768.079,"body":"But they ship their"},{"speaker":"Deirdre","startTime":763.42,"endTime":768.079,"body":"Apple devices with a key"},{"speaker":"Deirdre","startTime":768.08,"endTime":770.329,"body":"pair rooted in hardware."},{"speaker":"Deirdre","startTime":770.679,"endTime":773.989,"body":"And so I completely understand"},{"speaker":"Deirdre","startTime":770.679,"endTime":773.989,"body":"why they are like, this"},{"speaker":"Deirdre","startTime":773.99,"endTime":775.28,"body":"is extremely valuable."},{"speaker":"Deirdre","startTime":775.28,"endTime":778.68,"body":"We have a very, very"},{"speaker":"Deirdre","startTime":775.28,"endTime":778.68,"body":"trustworthy root of trust."},{"speaker":"Deirdre","startTime":779.01,"endTime":783.56,"body":"Unfortunately, we can't go"},{"speaker":"Deirdre","startTime":779.01,"endTime":783.56,"body":"over to TSMC and just be like"},{"speaker":"Deirdre","startTime":783.809,"endTime":787.17,"body":"just shove in ML-KEM roots"},{"speaker":"Deirdre","startTime":783.809,"endTime":787.17,"body":"of trust at the same time."},{"speaker":"Deirdre","startTime":787.44,"endTime":792.39,"body":"That is way years away"},{"speaker":"Deirdre","startTime":787.44,"endTime":792.39,"body":"from them doing that."},{"speaker":"Deirdre","startTime":792.4,"endTime":798.23,"body":"So they do the session setup,"},{"speaker":"Deirdre","startTime":792.4,"endTime":798.23,"body":"they do their ECDH part of the"},{"speaker":"Deirdre","startTime":798.23,"endTime":803.079,"body":"session set up with P-256, they"},{"speaker":"Deirdre","startTime":798.23,"endTime":803.079,"body":"do their ML-KEM session set up"},{"speaker":"Deirdre","startTime":803.09,"endTime":809.0,"body":"with ML-KEM 1024, but they're"},{"speaker":"Deirdre","startTime":803.09,"endTime":809.0,"body":"signing with their root of"},{"speaker":"Deirdre","startTime":809.01,"endTime":814.12,"body":"trust key pair for ECDSA and"},{"speaker":"Deirdre","startTime":809.01,"endTime":814.12,"body":"they don't have an equivalent"},{"speaker":"Deirdre","startTime":814.32,"endTime":815.579,"body":"for the post-quantum stuff."},{"speaker":"Deirdre","startTime":815.78,"endTime":816.67,"body":"Did I get anything wrong?"},{"speaker":"Deirdre","startTime":816.67,"endTime":817.87,"body":"Does that sound correct?"},{"speaker":"Douglas","startTime":818.21,"endTime":821.26,"body":"I don't know about"},{"speaker":"Douglas","startTime":818.21,"endTime":821.26,"body":"the hardware, the root of trust"},{"speaker":"Douglas","startTime":821.26,"endTime":823.749,"body":"stuff, but yeah, you got the"},{"speaker":"Douglas","startTime":821.26,"endTime":823.749,"body":"protocol description right."},{"speaker":"Douglas","startTime":823.75,"endTime":824.72,"body":"As far as I know, yeah."},{"speaker":"Deirdre","startTime":825.059,"endTime":827.66,"body":"In their blog post"},{"speaker":"Deirdre","startTime":825.059,"endTime":827.66,"body":"they were like, they mentioned"},{"speaker":"Deirdre","startTime":827.66,"endTime":830.11,"body":"a couple of places where I'm"},{"speaker":"Deirdre","startTime":827.66,"endTime":830.11,"body":"just sort of like, oh, right."},{"speaker":"Deirdre","startTime":830.74,"endTime":833.06,"body":"So my whole point of"},{"speaker":"Deirdre","startTime":830.74,"endTime":833.06,"body":"describing this is, one,"},{"speaker":"Deirdre","startTime":833.09,"endTime":835.66,"body":"they don't have post-quantum"},{"speaker":"Deirdre","startTime":833.09,"endTime":835.66,"body":"authentication stuff, which"},{"speaker":"Deirdre","startTime":835.66,"endTime":836.759,"body":"is just understandable."},{"speaker":"Deirdre","startTime":836.77,"endTime":842.55,"body":"It's not a very,"},{"speaker":"Deirdre","startTime":836.77,"endTime":842.55,"body":"no one has that."},{"speaker":"Deirdre","startTime":842.55,"endTime":844.129,"body":"Yeah, speaking of the guy who"},{"speaker":"Deirdre","startTime":842.55,"endTime":844.129,"body":"has to worry about this for the"},{"speaker":"Deirdre","startTime":844.129,"endTime":849.24,"body":"web PKI and his web browsers,"},{"speaker":"Deirdre","startTime":844.129,"endTime":849.24,"body":"but also that they have"},{"speaker":"Deirdre","startTime":849.41,"endTime":854.38,"body":"invested a lot into hardware"},{"speaker":"Deirdre","startTime":849.41,"endTime":854.38,"body":"optimization, like all these"},{"speaker":"Deirdre","startTime":854.4,"endTime":857.7,"body":"things that are rooted in their"},{"speaker":"Deirdre","startTime":854.4,"endTime":857.7,"body":"secure enclave implementations,"},{"speaker":"Deirdre","startTime":857.71,"endTime":864.6,"body":"including P-256, ECDSA and ECDH"},{"speaker":"Deirdre","startTime":857.71,"endTime":864.6,"body":"over P-256 and stuff like that."},{"speaker":"Deirdre","startTime":864.8,"endTime":867.73,"body":"And then they have this key"},{"speaker":"Deirdre","startTime":864.8,"endTime":867.73,"body":"material that's rooted in their"},{"speaker":"Deirdre","startTime":867.73,"endTime":870.689,"body":"devices and they have this"},{"speaker":"Deirdre","startTime":867.73,"endTime":870.689,"body":"whole chain of trusted compute"},{"speaker":"Deirdre","startTime":870.72,"endTime":875.11,"body":"and trusted hardware, but"},{"speaker":"Deirdre","startTime":870.72,"endTime":875.11,"body":"it's all rooted in classical"},{"speaker":"Deirdre","startTime":875.15,"endTime":876.449,"body":"elliptic curve cryptography."},{"speaker":"Deirdre","startTime":877.15,"endTime":881.019,"body":"And this other stuff, the new"},{"speaker":"Deirdre","startTime":877.15,"endTime":881.019,"body":"stuff is all, I think, all in"},{"speaker":"Deirdre","startTime":881.02,"endTime":883.06,"body":"software, which makes sense."},{"speaker":"Deirdre","startTime":883.289,"endTime":886.939,"body":"But it's also interesting"},{"speaker":"Deirdre","startTime":883.289,"endTime":886.939,"body":"from a security perspective"},{"speaker":"Deirdre","startTime":886.94,"endTime":890.59,"body":"of like you've got these"},{"speaker":"Deirdre","startTime":886.94,"endTime":890.59,"body":"layers of like you've got"},{"speaker":"Deirdre","startTime":890.59,"endTime":893.64,"body":"some real solid root of"},{"speaker":"Deirdre","startTime":890.59,"endTime":893.64,"body":"trust, but it's all classical."},{"speaker":"Deirdre","startTime":893.64,"endTime":896.41,"body":"And then you're kind of layering"},{"speaker":"Deirdre","startTime":893.64,"endTime":896.41,"body":"on this post-quantum stuff"},{"speaker":"Deirdre","startTime":896.87,"endTime":901.1,"body":"that is all in software, and it"},{"speaker":"Deirdre","startTime":896.87,"endTime":901.1,"body":"kind of chains to this software"},{"speaker":"Deirdre","startTime":901.129,"endTime":904.04,"body":"update mechanism that also is"},{"speaker":"Deirdre","startTime":901.129,"endTime":904.04,"body":"root of trust, but it's all"},{"speaker":"Deirdre","startTime":904.05,"endTime":905.42,"body":"based on classical as well."},{"speaker":"Deirdre","startTime":906.02,"endTime":909.08,"body":"And this is a little bit"},{"speaker":"Deirdre","startTime":906.02,"endTime":909.08,"body":"outside your brief, but I"},{"speaker":"Deirdre","startTime":909.08,"endTime":912.389,"body":"hope hardware backed, high"},{"speaker":"Deirdre","startTime":909.08,"endTime":912.389,"body":"optimized implementations"},{"speaker":"Deirdre","startTime":913.509,"endTime":917.739,"body":"of things like ML-KEM will"},{"speaker":"Deirdre","startTime":913.509,"endTime":917.739,"body":"get rolled out eventually."},{"speaker":"Deirdre","startTime":917.74,"endTime":920.06,"body":"I don't know if they're going"},{"speaker":"Deirdre","startTime":917.74,"endTime":920.06,"body":"to get stamped into the silicon"},{"speaker":"Deirdre","startTime":920.06,"endTime":926.109,"body":"in TSMC anytime soon, but if"},{"speaker":"Deirdre","startTime":920.06,"endTime":926.109,"body":"those high efficiency optimized"},{"speaker":"Deirdre","startTime":927.34,"endTime":930.239,"body":"implementations get rolled"},{"speaker":"Deirdre","startTime":927.34,"endTime":930.239,"body":"out, that may have an impact"},{"speaker":"Deirdre","startTime":930.259,"endTime":933.14,"body":"on how frequently you can"},{"speaker":"Deirdre","startTime":930.259,"endTime":933.14,"body":"do the ratcheting, at least"},{"speaker":"Deirdre","startTime":933.14,"endTime":936.63,"body":"at a computational level,"},{"speaker":"Deirdre","startTime":933.14,"endTime":936.63,"body":"the transmission of bytes on"},{"speaker":"Deirdre","startTime":936.63,"endTime":940.68,"body":"the wire, Apple doesn't have"},{"speaker":"Deirdre","startTime":936.63,"endTime":940.68,"body":"a lot of control about how"},{"speaker":"Deirdre","startTime":940.68,"endTime":943.469,"body":"expensive that is for your"},{"speaker":"Deirdre","startTime":940.68,"endTime":943.469,"body":"battery, how long that takes."},{"speaker":"Deirdre","startTime":943.68,"endTime":945.56,"body":"But that was just one thing"},{"speaker":"Deirdre","startTime":943.68,"endTime":945.56,"body":"that I kind of noted that"},{"speaker":"Deirdre","startTime":946.469,"endTime":949.33,"body":"they mentioned in their post."},{"speaker":"Deirdre","startTime":949.509,"endTime":953.349,"body":"They had this scale, they"},{"speaker":"Deirdre","startTime":949.509,"endTime":953.349,"body":"had PQ1, PQ2, and now"},{"speaker":"Deirdre","startTime":953.35,"endTime":954.37,"body":"they're calling this PQ3."},{"speaker":"Deirdre","startTime":955.47,"endTime":960.26,"body":"And I think PQ4 is where you"},{"speaker":"Deirdre","startTime":955.47,"endTime":960.26,"body":"will have this post-quantum"},{"speaker":"Deirdre","startTime":961.29,"endTime":962.05,"body":"authentication in there."},{"speaker":"Deirdre","startTime":962.36,"endTime":964.05,"body":"So this is me just talking."},{"speaker":"Deirdre","startTime":964.05,"endTime":966.43,"body":"I don't have a question here,"},{"speaker":"Deirdre","startTime":964.05,"endTime":966.43,"body":"I'm sorry, but to actually"},{"speaker":"Deirdre","startTime":966.43,"endTime":969.499,"body":"ask you a question, in your"},{"speaker":"Deirdre","startTime":966.43,"endTime":969.499,"body":"analysis, did you look at"},{"speaker":"Deirdre","startTime":969.509,"endTime":973.26,"body":"the lack of post-quantum"},{"speaker":"Deirdre","startTime":969.509,"endTime":973.26,"body":"secure authentication as it"},{"speaker":"Deirdre","startTime":973.279,"endTime":975.23,"body":"impacted the protocol or not?"},{"speaker":"Douglas","startTime":975.69,"endTime":976.04,"body":"No."},{"speaker":"Douglas","startTime":976.04,"endTime":977.32,"body":"So that was kind of"},{"speaker":"Douglas","startTime":976.04,"endTime":977.32,"body":"outside the brief."},{"speaker":"Douglas","startTime":977.32,"endTime":981.61,"body":"The design criteria"},{"speaker":"Douglas","startTime":977.32,"endTime":981.61,"body":"were for post-quantum"},{"speaker":"Douglas","startTime":981.639,"endTime":984.86,"body":"confidentiality, but not"},{"speaker":"Douglas","startTime":981.639,"endTime":984.86,"body":"post-quantum authentication."},{"speaker":"Douglas","startTime":985.48,"endTime":990.75,"body":"So I think you speak to a lot of"},{"speaker":"Douglas","startTime":985.48,"endTime":990.75,"body":"reasons why adopters are doing"},{"speaker":"Douglas","startTime":990.75,"endTime":991.98,"body":"post-quantum confidentiality."},{"speaker":"Douglas","startTime":991.98,"endTime":995.13,"body":"First, I think your example"},{"speaker":"Douglas","startTime":991.98,"endTime":995.13,"body":"on the whole hardware stack"},{"speaker":"Douglas","startTime":995.13,"endTime":999.31,"body":"and roots of trust kind of"},{"speaker":"Douglas","startTime":995.13,"endTime":999.31,"body":"speaks to the magnitude of"},{"speaker":"Douglas","startTime":999.33,"endTime":1002.859,"body":"this transition, that there's"},{"speaker":"Douglas","startTime":999.33,"endTime":1002.859,"body":"so many different pieces that"},{"speaker":"Douglas","startTime":1002.88,"endTime":1007.169,"body":"have to come into play, and"},{"speaker":"Douglas","startTime":1002.88,"endTime":1007.169,"body":"even a company that controls a"},{"speaker":"Douglas","startTime":1007.17,"endTime":1012.18,"body":"large part of its stack still"},{"speaker":"Douglas","startTime":1007.17,"endTime":1012.18,"body":"has to take its time to get"},{"speaker":"Douglas","startTime":1012.18,"endTime":1014.55,"body":"all of those pieces in place."},{"speaker":"Douglas","startTime":1015.6,"endTime":1019.329,"body":"And I think obviously as"},{"speaker":"Douglas","startTime":1015.6,"endTime":1019.329,"body":"well, post-quantum signature"},{"speaker":"Douglas","startTime":1019.33,"endTime":1021.449,"body":"schemes are still developing"},{"speaker":"Douglas","startTime":1019.33,"endTime":1021.449,"body":"a bit more than post-quantum"},{"speaker":"Douglas","startTime":1021.449,"endTime":1025.99,"body":"KEM are with the continued"},{"speaker":"Douglas","startTime":1021.449,"endTime":1025.99,"body":"NIST signature scheme on ramp."},{"speaker":"Douglas","startTime":1026.15,"endTime":1030.88,"body":"And the need is maybe a little"},{"speaker":"Douglas","startTime":1026.15,"endTime":1030.88,"body":"bit less pressing as well"},{"speaker":"Douglas","startTime":1030.91,"endTime":1034.189,"body":"because we don't have the same"},{"speaker":"Douglas","startTime":1030.91,"endTime":1034.189,"body":"threat of store now and decrypt"},{"speaker":"Douglas","startTime":1034.19,"endTime":1036.979,"body":"later attacks on authentication."},{"speaker":"Douglas","startTime":1036.979,"endTime":1038.049,"body":"That just doesn't make sense."},{"speaker":"Deirdre","startTime":1038.089,"endTime":1038.839,"body":"Definitely."},{"speaker":"Deirdre","startTime":1039.25,"endTime":1043.63,"body":"Like completely understand"},{"speaker":"Deirdre","startTime":1039.25,"endTime":1043.63,"body":"it is a problem that we will"},{"speaker":"Deirdre","startTime":1043.63,"endTime":1044.839,"body":"eventually have to solve."},{"speaker":"Deirdre","startTime":1044.88,"endTime":1049.68,"body":"And all of our options at"},{"speaker":"Deirdre","startTime":1044.88,"endTime":1049.68,"body":"the moment don't seem very"},{"speaker":"Deirdre","startTime":1049.68,"endTime":1052.67,"body":"attractive, and yet we will"},{"speaker":"Deirdre","startTime":1049.68,"endTime":1052.67,"body":"eventually have to solve it."},{"speaker":"Deirdre","startTime":1052.73,"endTime":1056.689,"body":"And it's not that we're putting"},{"speaker":"Deirdre","startTime":1052.73,"endTime":1056.689,"body":"it off, it's just that we get to"},{"speaker":"Deirdre","startTime":1056.7,"endTime":1059.879,"body":"focus on, like, we've got some"},{"speaker":"Deirdre","startTime":1056.7,"endTime":1059.879,"body":"KEMs, all right, we have a tool"},{"speaker":"Deirdre","startTime":1059.88,"endTime":1061.3,"body":"set that we're all right with."},{"speaker":"Deirdre","startTime":1061.57,"endTime":1065.37,"body":"We have a very pressing a—"},{"speaker":"Deirdre","startTime":1061.57,"endTime":1065.37,"body":"currently facing us problem,"},{"speaker":"Deirdre","startTime":1065.37,"endTime":1068.379,"body":"because you can store everything"},{"speaker":"Deirdre","startTime":1065.37,"endTime":1068.379,"body":"that we're putting on the wire"},{"speaker":"Deirdre","startTime":1068.38,"endTime":1071.74,"body":"now and haven't been for years,"},{"speaker":"Deirdre","startTime":1068.38,"endTime":1071.74,"body":"and then just theoretically"},{"speaker":"Deirdre","startTime":1071.76,"endTime":1074.32,"body":"rifle through it when you've"},{"speaker":"Deirdre","startTime":1071.76,"endTime":1074.32,"body":"got a cryptographically relevant"},{"speaker":"Deirdre","startTime":1074.32,"endTime":1078.47,"body":"quantum computer come online"},{"speaker":"Deirdre","startTime":1074.32,"endTime":1078.47,"body":"and just point it at your"},{"speaker":"Deirdre","startTime":1078.47,"endTime":1079.65,"body":"favorite thing and you're done."},{"speaker":"Deirdre","startTime":1079.76,"endTime":1084.0,"body":"But the problem doesn't"},{"speaker":"Deirdre","startTime":1079.76,"endTime":1084.0,"body":"go away anytime soon."},{"speaker":"Deirdre","startTime":1084.0,"endTime":1088.75,"body":"Okay, some of the other cool"},{"speaker":"Deirdre","startTime":1084.0,"endTime":1088.75,"body":"things that I'm going to ask"},{"speaker":"Deirdre","startTime":1088.75,"endTime":1090.79,"body":"you about, and I don't know"},{"speaker":"Deirdre","startTime":1088.75,"endTime":1090.79,"body":"if you actually have anything"},{"speaker":"Deirdre","startTime":1090.79,"endTime":1092.63,"body":"to say about them, but I'm"},{"speaker":"Deirdre","startTime":1090.79,"endTime":1092.63,"body":"going to ask you anyway."},{"speaker":"Deirdre","startTime":1093.73,"endTime":1098.37,"body":"One of the things that has been"},{"speaker":"Deirdre","startTime":1093.73,"endTime":1098.37,"body":"a topic for people in the area,"},{"speaker":"Deirdre","startTime":1098.41,"endTime":1105.07,"body":"like myself, is how you do"},{"speaker":"Deirdre","startTime":1098.41,"endTime":1105.07,"body":"hybrid combinations, or whatever"},{"speaker":"Deirdre","startTime":1105.07,"endTime":1110.979,"body":"you want to call it, for these"},{"speaker":"Deirdre","startTime":1105.07,"endTime":1110.979,"body":"shared secrets or KEM combiners"},{"speaker":"Deirdre","startTime":1110.979,"endTime":1112.55,"body":"or whatever you're combining."},{"speaker":"Deirdre","startTime":1112.79,"endTime":1116.01,"body":"So in this case, this"},{"speaker":"Deirdre","startTime":1112.79,"endTime":1116.01,"body":"whole protocol is not"},{"speaker":"Deirdre","startTime":1116.389,"endTime":1118.82,"body":"a fully PQ protocol."},{"speaker":"Deirdre","startTime":1118.85,"endTime":1122.8,"body":"This is a hybrid design, because"},{"speaker":"Deirdre","startTime":1118.85,"endTime":1122.8,"body":"they're keeping all this sort"},{"speaker":"Deirdre","startTime":1122.8,"endTime":1126.669,"body":"of elliptic curve based stuff"},{"speaker":"Deirdre","startTime":1122.8,"endTime":1126.669,"body":"that we talked about and adding"},{"speaker":"Deirdre","startTime":1126.679,"endTime":1130.69,"body":"this hybrid stuff, this, sorry,"},{"speaker":"Deirdre","startTime":1126.679,"endTime":1130.69,"body":"post-quantum stuff onto it."},{"speaker":"Deirdre","startTime":1131.099,"endTime":1134.179,"body":"If it was just all post-quantum"},{"speaker":"Deirdre","startTime":1131.099,"endTime":1134.179,"body":"asymmetric primitives, we"},{"speaker":"Deirdre","startTime":1134.179,"endTime":1135.669,"body":"would just call it fully PQ."},{"speaker":"Deirdre","startTime":1135.67,"endTime":1137.35,"body":"But technically, this is hybrid."},{"speaker":"Deirdre","startTime":1137.77,"endTime":1140.58,"body":"And so when you're doing this"},{"speaker":"Deirdre","startTime":1137.77,"endTime":1140.58,"body":"hybrid stuff, you've kind of"},{"speaker":"Deirdre","startTime":1140.59,"endTime":1144.89,"body":"got a range of options about how"},{"speaker":"Deirdre","startTime":1140.59,"endTime":1144.89,"body":"to smoosh the things together."},{"speaker":"Deirdre","startTime":1145.11,"endTime":1149.06,"body":"Can you tell us a little bit"},{"speaker":"Deirdre","startTime":1145.11,"endTime":1149.06,"body":"about how they are combining"},{"speaker":"Deirdre","startTime":1149.21,"endTime":1153.75,"body":"the shared secret key agreement"},{"speaker":"Deirdre","startTime":1149.21,"endTime":1153.75,"body":"from classical and the shared"},{"speaker":"Deirdre","startTime":1153.78,"endTime":1156.34,"body":"secret key agreement from"},{"speaker":"Deirdre","startTime":1153.78,"endTime":1156.34,"body":"the post-quantum stuff and"},{"speaker":"Deirdre","startTime":1156.34,"endTime":1158.51,"body":"smooshing it together and"},{"speaker":"Deirdre","startTime":1156.34,"endTime":1158.51,"body":"getting security out of it."},{"speaker":"Douglas","startTime":1158.9,"endTime":1159.19,"body":"Right."},{"speaker":"Douglas","startTime":1159.2,"endTime":1164.549,"body":"So in the iMessage PQ3 protocol,"},{"speaker":"Douglas","startTime":1159.2,"endTime":1164.549,"body":"especially, like, let's focus"},{"speaker":"Douglas","startTime":1164.55,"endTime":1165.81,"body":"on, say, the asymmetric ratchet."},{"speaker":"Douglas","startTime":1165.81,"endTime":1168.799,"body":"So there's kind of three"},{"speaker":"Douglas","startTime":1165.81,"endTime":1168.799,"body":"pieces of input keying"},{"speaker":"Douglas","startTime":1168.799,"endTime":1171.6,"body":"material, or up to three pieces"},{"speaker":"Douglas","startTime":1168.799,"endTime":1171.6,"body":"of input keying material."},{"speaker":"Douglas","startTime":1171.82,"endTime":1175.4,"body":"There's the chaining key from"},{"speaker":"Douglas","startTime":1171.82,"endTime":1175.4,"body":"your previous stage or from"},{"speaker":"Douglas","startTime":1175.4,"endTime":1179.58,"body":"the initial handshake, there's"},{"speaker":"Douglas","startTime":1175.4,"endTime":1179.58,"body":"a new ephemeral Diffie-Hellman"},{"speaker":"Douglas","startTime":1180.11,"endTime":1184.76,"body":"shared secret, and there's"},{"speaker":"Douglas","startTime":1180.11,"endTime":1184.76,"body":"potentially a new ML-KEM"},{"speaker":"Douglas","startTime":1185.77,"endTime":1186.859,"body":"post-quantum shared secret."},{"speaker":"Douglas","startTime":1187.629,"endTime":1190.14,"body":"And so from those three pieces"},{"speaker":"Douglas","startTime":1187.629,"endTime":1190.14,"body":"of input keying material,"},{"speaker":"Douglas","startTime":1190.36,"endTime":1193.629,"body":"we want to derive a new"},{"speaker":"Douglas","startTime":1190.36,"endTime":1193.629,"body":"chaining key from which we"},{"speaker":"Douglas","startTime":1193.63,"endTime":1196.77,"body":"can derive the next stages"},{"speaker":"Douglas","startTime":1193.63,"endTime":1196.77,"body":"and the next message keys."},{"speaker":"Douglas","startTime":1197.21,"endTime":1201.829,"body":"So the approach that they"},{"speaker":"Douglas","startTime":1197.21,"endTime":1201.829,"body":"used was to kind of use"},{"speaker":"Douglas","startTime":1202.48,"endTime":1207.35,"body":"HKDF-Extract, which is really"},{"speaker":"Douglas","startTime":1202.48,"endTime":1207.35,"body":"just HMAC, a two input function"},{"speaker":"Douglas","startTime":1207.63,"endTime":1208.9,"body":"to smash those together."},{"speaker":"Douglas","startTime":1209.08,"endTime":1211.87,"body":"So they put one piece of"},{"speaker":"Douglas","startTime":1209.08,"endTime":1211.87,"body":"keying material in the HMAC"},{"speaker":"Douglas","startTime":1212.02,"endTime":1214.81,"body":"key input and the other"},{"speaker":"Douglas","startTime":1212.02,"endTime":1214.81,"body":"piece of keying material"},{"speaker":"Douglas","startTime":1214.81,"endTime":1216.91,"body":"in the HMAC message input."},{"speaker":"Douglas","startTime":1217.4,"endTime":1221.709,"body":"And so they do that once"},{"speaker":"Douglas","startTime":1217.4,"endTime":1221.709,"body":"to accumulate together the"},{"speaker":"Douglas","startTime":1221.88,"endTime":1225.61,"body":"chaining key and the ECDH"},{"speaker":"Douglas","startTime":1221.88,"endTime":1225.61,"body":"shared secret, and then"},{"speaker":"Douglas","startTime":1225.63,"endTime":1229.629,"body":"another time to accumulate that"},{"speaker":"Douglas","startTime":1225.63,"endTime":1229.629,"body":"intermediate value with the"},{"speaker":"Douglas","startTime":1229.63,"endTime":1230.82,"body":"post-quantum shared secret."},{"speaker":"Douglas","startTime":1231.4,"endTime":1236.649,"body":"And then from that result,"},{"speaker":"Douglas","startTime":1231.4,"endTime":1236.649,"body":"then you apply HKDF-Expand"},{"speaker":"Douglas","startTime":1236.95,"endTime":1240.899,"body":"as a PRF to expand out a"},{"speaker":"Douglas","startTime":1236.95,"endTime":1240.899,"body":"bunch of keys from there."},{"speaker":"Deirdre","startTime":1241.209,"endTime":1246.11,"body":"And in the slot"},{"speaker":"Deirdre","startTime":1241.209,"endTime":1246.11,"body":"in the label, they have a"},{"speaker":"Deirdre","startTime":1246.19,"endTime":1249.86,"body":"ton of session contextual"},{"speaker":"Deirdre","startTime":1246.19,"endTime":1249.86,"body":"transcript material."},{"speaker":"Deirdre","startTime":1250.12,"endTime":1251.63,"body":"And we love this."},{"speaker":"Deirdre","startTime":1251.929,"endTime":1254.22,"body":"If you can afford to do"},{"speaker":"Deirdre","startTime":1251.929,"endTime":1254.22,"body":"it, if it's computationally"},{"speaker":"Deirdre","startTime":1256.17,"endTime":1259.9,"body":"affordable to you, just shoving"},{"speaker":"Deirdre","startTime":1256.17,"endTime":1259.9,"body":"everything public in your"},{"speaker":"Deirdre","startTime":1259.91,"endTime":1264.38,"body":"session handshake transcript"},{"speaker":"Deirdre","startTime":1259.91,"endTime":1264.38,"body":"in there is just like."},{"speaker":"Deirdre","startTime":1264.38,"endTime":1265.27,"body":"We love that."},{"speaker":"Deirdre","startTime":1265.27,"endTime":1268.05,"body":"And we love that because"},{"speaker":"Deirdre","startTime":1265.27,"endTime":1268.05,"body":"it means that you get the"},{"speaker":"Deirdre","startTime":1268.24,"endTime":1269.739,"body":"session independence stuff."},{"speaker":"Deirdre","startTime":1269.77,"endTime":1274.14,"body":"No one can swap-a-doodle"},{"speaker":"Deirdre","startTime":1269.77,"endTime":1274.14,"body":"your encapsulated shared"},{"speaker":"Deirdre","startTime":1274.15,"endTime":1275.63,"body":"secret for another one."},{"speaker":"Deirdre","startTime":1275.63,"endTime":1279.459,"body":"And all these nice things"},{"speaker":"Deirdre","startTime":1275.63,"endTime":1279.459,"body":"come out of just shoving"},{"speaker":"Deirdre","startTime":1279.46,"endTime":1280.48,"body":"all that stuff in there."},{"speaker":"Deirdre","startTime":1280.65,"endTime":1284.42,"body":"So I'm very happy, I'm"},{"speaker":"Deirdre","startTime":1280.65,"endTime":1284.42,"body":"very happy about that."},{"speaker":"Douglas","startTime":1285.08,"endTime":1288.12,"body":"Yeah, I'm of"},{"speaker":"Douglas","startTime":1285.08,"endTime":1288.12,"body":"the philosophy, hash"},{"speaker":"Douglas","startTime":1288.12,"endTime":1289.08,"body":"everything in if you can."},{"speaker":"Douglas","startTime":1289.08,"endTime":1290.739,"body":"So I'm glad to see that."},{"speaker":"Douglas","startTime":1290.98,"endTime":1294.139,"body":"I think in key exchange"},{"speaker":"Douglas","startTime":1290.98,"endTime":1294.139,"body":"protocols, there was this trend"},{"speaker":"Douglas","startTime":1294.16,"endTime":1297.46,"body":"for a bit of time, trying to"},{"speaker":"Douglas","startTime":1294.16,"endTime":1297.46,"body":"be clever and leave things out."},{"speaker":"Douglas","startTime":1298.07,"endTime":1301.72,"body":"And you can prove security, but"},{"speaker":"Douglas","startTime":1298.07,"endTime":1301.72,"body":"it's a little bit more fragile."},{"speaker":"Douglas","startTime":1301.75,"endTime":1302.01,"body":"Right."},{"speaker":"Douglas","startTime":1302.01,"endTime":1305.49,"body":"And you have to be careful"},{"speaker":"Douglas","startTime":1302.01,"endTime":1305.49,"body":"and make sure if you change"},{"speaker":"Douglas","startTime":1305.49,"endTime":1307.21,"body":"something or you move to"},{"speaker":"Douglas","startTime":1305.49,"endTime":1307.21,"body":"a different model or a"},{"speaker":"Douglas","startTime":1307.21,"endTime":1309.72,"body":"different primitive, you"},{"speaker":"Douglas","startTime":1307.21,"endTime":1309.72,"body":"have to make sure that it"},{"speaker":"Douglas","startTime":1309.74,"endTime":1311.31,"body":"really goes through properly."},{"speaker":"Douglas","startTime":1311.54,"endTime":1314.699,"body":"Whereas if you hash everything"},{"speaker":"Douglas","startTime":1311.54,"endTime":1314.699,"body":"in, there's less risk."},{"speaker":"Deirdre","startTime":1315.05,"endTime":1315.68,"body":"Yes."},{"speaker":"Deirdre","startTime":1315.8,"endTime":1318.449,"body":"When we weren't sure if they"},{"speaker":"Deirdre","startTime":1315.8,"endTime":1318.449,"body":"were using Kyber, if they were"},{"speaker":"Deirdre","startTime":1318.51,"endTime":1321.79,"body":"using ML-KEM, they are using"},{"speaker":"Deirdre","startTime":1318.51,"endTime":1321.79,"body":"ML-KEM, blah, blah, blah, this"},{"speaker":"Deirdre","startTime":1321.79,"endTime":1326.049,"body":"would be quite relevant is"},{"speaker":"Deirdre","startTime":1321.79,"endTime":1326.049,"body":"that if you are changing the"},{"speaker":"Deirdre","startTime":1326.059,"endTime":1329.949,"body":"KEM you use later, because"},{"speaker":"Deirdre","startTime":1326.059,"endTime":1329.949,"body":"different KEMs have different"},{"speaker":"Deirdre","startTime":1329.95,"endTime":1334.13,"body":"binding properties to their"},{"speaker":"Deirdre","startTime":1329.95,"endTime":1334.13,"body":"encapsulation key, to the"},{"speaker":"Deirdre","startTime":1334.14,"endTime":1340.03,"body":"ciphertext, to yada, yada,"},{"speaker":"Deirdre","startTime":1334.14,"endTime":1340.03,"body":"yada, about how much guarantee"},{"speaker":"Deirdre","startTime":1340.25,"endTime":1342.92,"body":"you get from the shared secret"},{"speaker":"Deirdre","startTime":1340.25,"endTime":1342.92,"body":"that comes out the backside"},{"speaker":"Deirdre","startTime":1342.92,"endTime":1347.25,"body":"of your KEM, and how closely"},{"speaker":"Deirdre","startTime":1342.92,"endTime":1347.25,"body":"it's like you cannot get this"},{"speaker":"Deirdre","startTime":1347.259,"endTime":1350.04,"body":"value if you use a different"},{"speaker":"Deirdre","startTime":1347.259,"endTime":1350.04,"body":"public key or if you use a"},{"speaker":"Deirdre","startTime":1350.04,"endTime":1351.689,"body":"different ciphertext, or you"},{"speaker":"Deirdre","startTime":1350.04,"endTime":1351.689,"body":"have a different ciphertext."},{"speaker":"Deirdre","startTime":1352.01,"endTime":1355.98,"body":"So the fact that they're"},{"speaker":"Deirdre","startTime":1352.01,"endTime":1355.98,"body":"binding all of the stuff into"},{"speaker":"Deirdre","startTime":1355.98,"endTime":1359.23,"body":"their KDF means that that"},{"speaker":"Deirdre","startTime":1355.98,"endTime":1359.23,"body":"doesn't matter, that they"},{"speaker":"Deirdre","startTime":1359.23,"endTime":1362.1,"body":"have a lot more ability to"},{"speaker":"Deirdre","startTime":1359.23,"endTime":1362.1,"body":"swap those KEMs out, because"},{"speaker":"Deirdre","startTime":1362.1,"endTime":1366.619,"body":"they're literally committing to"},{"speaker":"Deirdre","startTime":1362.1,"endTime":1366.619,"body":"everything related to that KEM."},{"speaker":"Deirdre","startTime":1366.959,"endTime":1368.56,"body":"And so it doesn't matter."},{"speaker":"Deirdre","startTime":1368.75,"endTime":1373.26,"body":"They can change things around"},{"speaker":"Deirdre","startTime":1368.75,"endTime":1373.26,"body":"in a much more agile way, which"},{"speaker":"Deirdre","startTime":1373.26,"endTime":1377.86,"body":"seems to be a bit of a crypto"},{"speaker":"Deirdre","startTime":1373.26,"endTime":1377.86,"body":"agility is coming back, but in"},{"speaker":"Deirdre","startTime":1377.86,"endTime":1380.35,"body":"a different context, and it's"},{"speaker":"Deirdre","startTime":1377.86,"endTime":1380.35,"body":"kind of breaking my brain."},{"speaker":"David","startTime":1380.67,"endTime":1383.36,"body":"Are they committing"},{"speaker":"David","startTime":1380.67,"endTime":1383.36,"body":"to the actual algorithm"},{"speaker":"David","startTime":1383.36,"endTime":1386.359,"body":"used somewhere like"},{"speaker":"David","startTime":1383.36,"endTime":1386.359,"body":"feeding in the name."},{"speaker":"Deirdre","startTime":1386.359,"endTime":1389.43,"body":"Of, let's see where"},{"speaker":"Deirdre","startTime":1386.359,"endTime":1389.43,"body":"it's invoked up here because"},{"speaker":"Deirdre","startTime":1389.43,"endTime":1390.63,"body":"it's used several times."},{"speaker":"Deirdre","startTime":1391.3,"endTime":1394.37,"body":"We've got id, we've got the"},{"speaker":"Deirdre","startTime":1391.3,"endTime":1394.37,"body":"label for the ratchet, we've"},{"speaker":"Deirdre","startTime":1394.51,"endTime":1396.83,"body":"got the public key, the elliptic"},{"speaker":"Deirdre","startTime":1394.51,"endTime":1396.83,"body":"curve public key, we've got"},{"speaker":"Deirdre","startTime":1397.63,"endTime":1400.099,"body":"the post-quantum ciphertext,"},{"speaker":"Deirdre","startTime":1397.63,"endTime":1400.099,"body":"the post-quantum public key"},{"speaker":"Deirdre","startTime":1400.099,"endTime":1403.08,"body":"I think they are, because"},{"speaker":"Deirdre","startTime":1400.099,"endTime":1403.08,"body":"they're committing to a bunch"},{"speaker":"Deirdre","startTime":1403.08,"endTime":1406.72,"body":"of identifying material, not"},{"speaker":"Deirdre","startTime":1403.08,"endTime":1406.72,"body":"just the key material, but I"},{"speaker":"Deirdre","startTime":1406.72,"endTime":1408.53,"body":"need to go double check anyway."},{"speaker":"Deirdre","startTime":1408.86,"endTime":1410.75,"body":"I would be surprised"},{"speaker":"Deirdre","startTime":1408.86,"endTime":1410.75,"body":"if they weren't."},{"speaker":"Deirdre","startTime":1412.15,"endTime":1417.139,"body":"One interesting thing about"},{"speaker":"Deirdre","startTime":1412.15,"endTime":1417.139,"body":"this kind of nested HMAC KDF"},{"speaker":"Deirdre","startTime":1418.44,"endTime":1425.44,"body":"that they've put together, they"},{"speaker":"Deirdre","startTime":1418.44,"endTime":1425.44,"body":"call it KDFRKCK because it is,"},{"speaker":"Deirdre","startTime":1426.67,"endTime":1428.31,"body":"the whole KDF they've designed."},{"speaker":"Deirdre","startTime":1428.64,"endTime":1431.76,"body":"They take the sort of root"},{"speaker":"Deirdre","startTime":1428.64,"endTime":1431.76,"body":"key, if you have a root"},{"speaker":"Deirdre","startTime":1431.76,"endTime":1435.54,"body":"key, you have this elliptic"},{"speaker":"Deirdre","startTime":1431.76,"endTime":1435.54,"body":"curve shared secret, you've"},{"speaker":"Deirdre","startTime":1435.54,"endTime":1438.08,"body":"got the KEM shared secret,"},{"speaker":"Deirdre","startTime":1435.54,"endTime":1438.08,"body":"and you've got all this"},{"speaker":"Deirdre","startTime":1438.1,"endTime":1440.039,"body":"contextual session information."},{"speaker":"Deirdre","startTime":1440.049,"endTime":1441.08,"body":"They call it sid."},{"speaker":"Deirdre","startTime":1441.45,"endTime":1444.25,"body":"And then you do this computation"},{"speaker":"Deirdre","startTime":1441.45,"endTime":1444.25,"body":"on the inside and it spits"},{"speaker":"Deirdre","startTime":1444.25,"endTime":1446.65,"body":"out your RK and your CK."},{"speaker":"Deirdre","startTime":1446.78,"endTime":1449.31,"body":"And those are the two"},{"speaker":"Deirdre","startTime":1446.78,"endTime":1449.31,"body":"different ratchet keys."},{"speaker":"Deirdre","startTime":1449.4,"endTime":1450.379,"body":"Is that what those are?"},{"speaker":"Douglas","startTime":1450.53,"endTime":1450.71,"body":"Yeah."},{"speaker":"Douglas","startTime":1450.71,"endTime":1452.969,"body":"So the root key is the"},{"speaker":"Douglas","startTime":1450.71,"endTime":1452.969,"body":"one that continues on the"},{"speaker":"Douglas","startTime":1453.449,"endTime":1457.37,"body":"asymmetric ratchet, and the"},{"speaker":"Douglas","startTime":1453.449,"endTime":1457.37,"body":"CK is the one that's fed down"},{"speaker":"Douglas","startTime":1457.379,"endTime":1460.33,"body":"into the symmetric ratchet."},{"speaker":"Deirdre","startTime":1460.49,"endTime":1460.84,"body":"Awesome."},{"speaker":"Deirdre","startTime":1460.9,"endTime":1464.19,"body":"Okay, this is an interesting"},{"speaker":"Deirdre","startTime":1460.9,"endTime":1464.19,"body":"approach, because I've seen"},{"speaker":"Deirdre","startTime":1464.23,"endTime":1468.05,"body":"a lot of different approaches"},{"speaker":"Deirdre","startTime":1464.23,"endTime":1468.05,"body":"of how you take two different"},{"speaker":"Deirdre","startTime":1468.58,"endTime":1472.46,"body":"secrets and you throw them"},{"speaker":"Deirdre","startTime":1468.58,"endTime":1472.46,"body":"through a KDF, and then you"},{"speaker":"Deirdre","startTime":1472.46,"endTime":1476.079,"body":"just have a value at the end,"},{"speaker":"Deirdre","startTime":1472.46,"endTime":1476.079,"body":"and then you either just split"},{"speaker":"Deirdre","startTime":1476.08,"endTime":1478.7,"body":"it down the middle and use"},{"speaker":"Deirdre","startTime":1476.08,"endTime":1478.7,"body":"like the first half of the"},{"speaker":"Deirdre","startTime":1478.7,"endTime":1481.01,"body":"bytes for some other purpose,"},{"speaker":"Deirdre","startTime":1478.7,"endTime":1481.01,"body":"and then half of the bytes"},{"speaker":"Deirdre","startTime":1481.01,"endTime":1482.71,"body":"for another purpose, and you"},{"speaker":"Deirdre","startTime":1481.01,"endTime":1482.71,"body":"might shove those through more"},{"speaker":"Deirdre","startTime":1482.71,"endTime":1484.159,"body":"KDFs or something like that."},{"speaker":"Deirdre","startTime":1484.66,"endTime":1491.08,"body":"This one is, my first naive"},{"speaker":"Deirdre","startTime":1484.66,"endTime":1491.08,"body":"approach to doing something"},{"speaker":"Deirdre","startTime":1491.08,"endTime":1493.559,"body":"like this is I would"},{"speaker":"Deirdre","startTime":1491.08,"endTime":1493.559,"body":"concatenate all this information"},{"speaker":"together","startTime":1493.559,"endTime":1496.22,"body":"your KEM shared"},{"speaker":"together","startTime":1493.559,"endTime":1496.22,"body":"secret, your elliptic curve"},{"speaker":"together","startTime":1496.22,"endTime":1498.97,"body":"Diffie-Hellman shared secret,"},{"speaker":"together","startTime":1496.22,"endTime":1498.97,"body":"your session information,"},{"speaker":"together","startTime":1498.97,"endTime":1501.96,"body":"your transcript information,"},{"speaker":"together","startTime":1498.97,"endTime":1501.96,"body":"concate it all together and"},{"speaker":"together","startTime":1501.96,"endTime":1506.14,"body":"shove it through HKDF, which"},{"speaker":"together","startTime":1501.96,"endTime":1506.14,"body":"is what they use internally."},{"speaker":"together","startTime":1506.46,"endTime":1507.82,"body":"They didn't do that."},{"speaker":"together","startTime":1507.86,"endTime":1510.839,"body":"Do you have any notions"},{"speaker":"together","startTime":1507.86,"endTime":1510.839,"body":"about why they didn't"},{"speaker":"together","startTime":1510.84,"endTime":1513.77,"body":"do it that way and they"},{"speaker":"together","startTime":1510.84,"endTime":1513.77,"body":"did it this way instead?"},{"speaker":"Douglas","startTime":1514.31,"endTime":1517.86,"body":"So I don't have"},{"speaker":"Douglas","startTime":1514.31,"endTime":1517.86,"body":"insight from their side."},{"speaker":"Douglas","startTime":1518.04,"endTime":1519.79,"body":"We see this pattern elsewhere."},{"speaker":"Douglas","startTime":1519.79,"endTime":1525.26,"body":"So the TLS 1.3 key schedule kind"},{"speaker":"Douglas","startTime":1519.79,"endTime":1525.26,"body":"of also combines the preshared"},{"speaker":"Douglas","startTime":1525.389,"endTime":1529.92,"body":"key with the Diffie-Hellman"},{"speaker":"Douglas","startTime":1525.389,"endTime":1529.92,"body":"shared secret using two"},{"speaker":"Douglas","startTime":1529.92,"endTime":1531.72,"body":"arguments of HKDF extract."},{"speaker":"Douglas","startTime":1531.96,"endTime":1533.57,"body":"So we've seen this"},{"speaker":"Douglas","startTime":1531.96,"endTime":1533.57,"body":"design pattern before."},{"speaker":"Douglas","startTime":1534.03,"endTime":1537.35,"body":"So I have thought about this"},{"speaker":"Douglas","startTime":1534.03,"endTime":1537.35,"body":"a bit, and when you do it"},{"speaker":"Douglas","startTime":1537.35,"endTime":1542.83,"body":"this way, it allows you to"},{"speaker":"Douglas","startTime":1537.35,"endTime":1542.83,"body":"model HKDF as a dual PRF."},{"speaker":"Deirdre","startTime":1542.9,"endTime":1543.58,"body":"Yeah."},{"speaker":"Douglas","startTime":1543.58,"endTime":1545.959,"body":"So you really have a"},{"speaker":"Douglas","startTime":1543.58,"endTime":1545.959,"body":"two input function and you're"},{"speaker":"Douglas","startTime":1545.96,"endTime":1550.16,"body":"asking it to be a PRF in its"},{"speaker":"Douglas","startTime":1545.96,"endTime":1550.16,"body":"two kind of distinct inputs."},{"speaker":"Douglas","startTime":1550.98,"endTime":1554.44,"body":"And there's subsequently"},{"speaker":"Douglas","startTime":1550.98,"endTime":1554.44,"body":"been some security analysis,"},{"speaker":"Douglas","startTime":1554.48,"endTime":1557.92,"body":"specifically of the dual"},{"speaker":"Douglas","startTime":1554.48,"endTime":1557.92,"body":"PRF property of HMAC."},{"speaker":"Douglas","startTime":1557.94,"endTime":1560.99,"body":"There's a crypto 2023"},{"speaker":"Douglas","startTime":1557.94,"endTime":1560.99,"body":"paper by Backendal, Belare,"},{"speaker":"Douglas","startTime":1561.1,"endTime":1563.26,"body":"Günther and Scarlotta."},{"speaker":"Douglas","startTime":1563.509,"endTime":1566.8,"body":"So that's a very kind of well"},{"speaker":"Douglas","startTime":1563.509,"endTime":1566.8,"body":"defined specific property"},{"speaker":"Douglas","startTime":1566.81,"endTime":1570.909,"body":"you're making of assumption"},{"speaker":"Douglas","startTime":1566.81,"endTime":1570.909,"body":"you're making of HMAC,"},{"speaker":"Douglas","startTime":1570.96,"endTime":1573.69,"body":"whereas concatenate and just"},{"speaker":"Douglas","startTime":1570.96,"endTime":1573.69,"body":"hash, I mean, if you're in"},{"speaker":"Douglas","startTime":1573.69,"endTime":1576.549,"body":"the random oracle model,"},{"speaker":"Douglas","startTime":1573.69,"endTime":1576.549,"body":"then great, it's fine, but"},{"speaker":"Douglas","startTime":1576.58,"endTime":1579.999,"body":"otherwise you're less clear"},{"speaker":"Douglas","startTime":1576.58,"endTime":1579.999,"body":"on where the different parts"},{"speaker":"Douglas","startTime":1580.0,"endTime":1584.189,"body":"of the secret are in the hash"},{"speaker":"Douglas","startTime":1580.0,"endTime":1584.189,"body":"function input, whether it's"},{"speaker":"Douglas","startTime":1584.19,"endTime":1585.73,"body":"going across a block boundary."},{"speaker":"Douglas","startTime":1586.2,"endTime":1588.45,"body":"It feels like you're being"},{"speaker":"Douglas","startTime":1586.2,"endTime":1588.45,"body":"a little bit less specific"},{"speaker":"Douglas","startTime":1588.46,"endTime":1591.409,"body":"on that, and you're making a"},{"speaker":"Douglas","startTime":1588.46,"endTime":1591.409,"body":"variable length assumption as"},{"speaker":"Douglas","startTime":1591.41,"endTime":1594.369,"body":"well on kind of where the secret"},{"speaker":"Douglas","startTime":1591.41,"endTime":1594.369,"body":"stuff is within the input."},{"speaker":"Deirdre","startTime":1594.48,"endTime":1598.37,"body":"That's interesting,"},{"speaker":"Deirdre","startTime":1594.48,"endTime":1598.37,"body":"because I'm a part of a"},{"speaker":"Deirdre","startTime":1598.37,"endTime":1601.47,"body":"team that's working on a"},{"speaker":"Deirdre","startTime":1598.37,"endTime":1601.47,"body":"different hybrid KEM called"},{"speaker":"Deirdre","startTime":1601.49,"endTime":1605.379,"body":"X Wing, and part of that is"},{"speaker":"Deirdre","startTime":1601.49,"endTime":1605.379,"body":"literally concatenating a"},{"speaker":"Deirdre","startTime":1605.38,"endTime":1608.77,"body":"bunch of stuff together and"},{"speaker":"Deirdre","startTime":1605.38,"endTime":1608.77,"body":"shoving it through SHA-3."},{"speaker":"Deirdre","startTime":1608.77,"endTime":1609.11,"body":"But."},{"speaker":"Deirdre","startTime":1609.67,"endTime":1612.84,"body":"To your point about where is the"},{"speaker":"Deirdre","startTime":1609.67,"endTime":1612.84,"body":"secret material and the block"},{"speaker":"Deirdre","startTime":1613.01,"endTime":1616.639,"body":"boundary and all this sort of"},{"speaker":"Deirdre","startTime":1613.01,"endTime":1616.639,"body":"stuff, our team has done very"},{"speaker":"Deirdre","startTime":1616.839,"endTime":1621.12,"body":"specific analysis about this"},{"speaker":"Deirdre","startTime":1616.839,"endTime":1621.12,"body":"length of bytes, where the key"},{"speaker":"Deirdre","startTime":1621.12,"endTime":1625.409,"body":"material is, how many rounds of"},{"speaker":"Deirdre","startTime":1621.12,"endTime":1625.409,"body":"Keccak inside SHA-3 are being"},{"speaker":"Deirdre","startTime":1625.41,"endTime":1628.71,"body":"used to parse this material,"},{"speaker":"Deirdre","startTime":1625.41,"endTime":1628.71,"body":"for both performance reasons"},{"speaker":"Deirdre","startTime":1629.71,"endTime":1634.66,"body":"and for security reasons, this"},{"speaker":"Deirdre","startTime":1629.71,"endTime":1634.66,"body":"analysis indicates to me that"},{"speaker":"Deirdre","startTime":1634.679,"endTime":1641.44,"body":"it allows you to use HKDF and"},{"speaker":"Deirdre","startTime":1634.679,"endTime":1641.44,"body":"HKDF-Extract and HKDF-Expand"},{"speaker":"Deirdre","startTime":1642.39,"endTime":1647.27,"body":"in a slightly higher level of"},{"speaker":"Deirdre","startTime":1642.39,"endTime":1647.27,"body":"abstraction without having to"},{"speaker":"Deirdre","startTime":1647.27,"endTime":1652.009,"body":"do, \" how many rounds of the"},{"speaker":"Deirdre","startTime":1647.27,"endTime":1652.009,"body":"internal cipher block function"},{"speaker":"Deirdre","startTime":1652.009,"endTime":1655.35,"body":"of this hash function that I'm"},{"speaker":"Deirdre","startTime":1652.009,"endTime":1655.35,"body":"using as my KDF and how long is"},{"speaker":"Deirdre","startTime":1655.35,"endTime":1659.6,"body":"my—\", it allows you to almost"},{"speaker":"Deirdre","startTime":1655.35,"endTime":1659.6,"body":"achieve a similar thing, but"},{"speaker":"Deirdre","startTime":1659.6,"endTime":1663.42,"body":"with a nicer, safer to use"},{"speaker":"Deirdre","startTime":1659.6,"endTime":1663.42,"body":"higher level of abstraction."},{"speaker":"Deirdre","startTime":1664.37,"endTime":1664.919,"body":"Neat."},{"speaker":"Douglas","startTime":1665.83,"endTime":1667.58,"body":"Yeah, it is a"},{"speaker":"Douglas","startTime":1665.83,"endTime":1667.58,"body":"higher level of abstraction."},{"speaker":"Douglas","startTime":1667.58,"endTime":1670.859,"body":"I think you still have to"},{"speaker":"Douglas","startTime":1667.58,"endTime":1670.859,"body":"really be careful about judging"},{"speaker":"Douglas","startTime":1670.86,"endTime":1672.929,"body":"whether HMAC satisfies this."},{"speaker":"Douglas","startTime":1673.57,"endTime":1678.29,"body":"And it hadn't really gotten very"},{"speaker":"Douglas","startTime":1673.57,"endTime":1678.29,"body":"much attention until last year's"},{"speaker":"Douglas","startTime":1678.31,"endTime":1683.99,"body":"paper and last year's paper that"},{"speaker":"Douglas","startTime":1678.31,"endTime":1683.99,"body":"I mentioned from CRYPTO 2023."},{"speaker":"Douglas","startTime":1684.15,"endTime":1687.02,"body":"There are a lot of subtleties"},{"speaker":"Douglas","startTime":1684.15,"endTime":1687.02,"body":"to it, because HMAC does some"},{"speaker":"Douglas","startTime":1687.02,"endTime":1689.539,"body":"interesting things like, and I"},{"speaker":"Douglas","startTime":1687.02,"endTime":1689.539,"body":"can't remember all the details."},{"speaker":"Douglas","startTime":1689.54,"endTime":1692.189,"body":"But if the key is less"},{"speaker":"Douglas","startTime":1689.54,"endTime":1692.189,"body":"than a certain length,"},{"speaker":"Douglas","startTime":1692.199,"endTime":1694.61,"body":"then the key is used raw."},{"speaker":"Douglas","startTime":1694.8,"endTime":1696.79,"body":"If the key is longer"},{"speaker":"Douglas","startTime":1694.8,"endTime":1696.79,"body":"than a certain length,"},{"speaker":"Douglas","startTime":1697.1,"endTime":1698.439,"body":"it's hashed first."},{"speaker":"Douglas","startTime":1698.78,"endTime":1701.02,"body":"And there's a few extra"},{"speaker":"Douglas","startTime":1698.78,"endTime":1701.02,"body":"little details in there."},{"speaker":"Douglas","startTime":1701.2,"endTime":1704.439,"body":"So it's a subtle analysis and"},{"speaker":"Douglas","startTime":1701.2,"endTime":1704.439,"body":"sometimes the lengths do matter."},{"speaker":"Douglas","startTime":1705.48,"endTime":1708.67,"body":"So there's a lot to be careful"},{"speaker":"Douglas","startTime":1705.48,"endTime":1708.67,"body":"about here in how you do"},{"speaker":"Douglas","startTime":1709.77,"endTime":1714.25,"body":"the key derivation in dual"},{"speaker":"Douglas","startTime":1709.77,"endTime":1714.25,"body":"prfs and hybrid combiners."},{"speaker":"Deirdre","startTime":1714.32,"endTime":1717.71,"body":"Okay, that's very"},{"speaker":"Deirdre","startTime":1714.32,"endTime":1717.71,"body":"good to know because there's a"},{"speaker":"Deirdre","startTime":1717.71,"endTime":1721.83,"body":"discussion about trying to make"},{"speaker":"Deirdre","startTime":1717.71,"endTime":1721.83,"body":"a draft about how to do hybrid"},{"speaker":"Deirdre","startTime":1721.86,"endTime":1725.21,"body":"KEM combiners and recommend"},{"speaker":"Deirdre","startTime":1721.86,"endTime":1725.21,"body":"it to things like IETF."},{"speaker":"Deirdre","startTime":1725.349,"endTime":1728.58,"body":"And I've had that paper on"},{"speaker":"Deirdre","startTime":1725.349,"endTime":1728.58,"body":"my sort of queue, but then I"},{"speaker":"Deirdre","startTime":1728.59,"endTime":1732.66,"body":"saw this in the Apple thing"},{"speaker":"Deirdre","startTime":1728.59,"endTime":1732.66,"body":"and I was like, oh, this is"},{"speaker":"Deirdre","startTime":1732.66,"endTime":1734.42,"body":"very relevant to my interests."},{"speaker":"Deirdre","startTime":1734.42,"endTime":1737.36,"body":"And then I didn't detect"},{"speaker":"Deirdre","startTime":1734.42,"endTime":1737.36,"body":"that subtlety just from"},{"speaker":"Deirdre","startTime":1737.36,"endTime":1738.1,"body":"a cursory disorder."},{"speaker":"Deirdre","startTime":1738.1,"endTime":1739.549,"body":"Like, oh, this is neat."},{"speaker":"Deirdre","startTime":1740.91,"endTime":1741.9,"body":"This is another option."},{"speaker":"Deirdre","startTime":1741.91,"endTime":1742.899,"body":"Maybe we'll just"},{"speaker":"Deirdre","startTime":1741.91,"endTime":1742.899,"body":"try it like this."},{"speaker":"Deirdre","startTime":1742.899,"endTime":1745.139,"body":"And it's like, okay, there"},{"speaker":"Deirdre","startTime":1742.899,"endTime":1745.139,"body":"are other subtleties to"},{"speaker":"Deirdre","startTime":1745.139,"endTime":1745.979,"body":"doing it this way too."},{"speaker":"Deirdre","startTime":1746.02,"endTime":1747.19,"body":"Okay, thank you."},{"speaker":"Deirdre","startTime":1747.19,"endTime":1749.1,"body":"I need to read that."},{"speaker":"Deirdre","startTime":1749.77,"endTime":1750.36,"body":"Okay."},{"speaker":"Deirdre","startTime":1750.56,"endTime":1753.909,"body":"One thing that I noticed, or"},{"speaker":"Deirdre","startTime":1750.56,"endTime":1753.909,"body":"someone noticed when looking"},{"speaker":"Deirdre","startTime":1753.91,"endTime":1758.339,"body":"at this protocol update is"},{"speaker":"Deirdre","startTime":1753.91,"endTime":1758.339,"body":"the lack of deniability in"},{"speaker":"Deirdre","startTime":1758.34,"endTime":1759.6,"body":"this update to iMessage."},{"speaker":"Deirdre","startTime":1760.98,"endTime":1764.13,"body":"If I'm Apple, I don't think"},{"speaker":"Deirdre","startTime":1760.98,"endTime":1764.13,"body":"they care about deniability."},{"speaker":"Deirdre","startTime":1764.13,"endTime":1766.97,"body":"But there are other very similar"},{"speaker":"Deirdre","startTime":1764.13,"endTime":1766.97,"body":"end-to-end encrypted messaging"},{"speaker":"Deirdre","startTime":1766.97,"endTime":1770.86,"body":"protocols like Signal that do"},{"speaker":"Deirdre","startTime":1766.97,"endTime":1770.86,"body":"seem to care about deniability."},{"speaker":"Deirdre","startTime":1771.44,"endTime":1774.44,"body":"Can you tell us a little"},{"speaker":"Deirdre","startTime":1771.44,"endTime":1774.44,"body":"bit about what cryptographic"},{"speaker":"Deirdre","startTime":1774.44,"endTime":1777.819,"body":"deniability is and why some"},{"speaker":"Deirdre","startTime":1774.44,"endTime":1777.819,"body":"people care and why apparently"},{"speaker":"Deirdre","startTime":1777.889,"endTime":1779.49,"body":"Apple and iMessage don't care."},{"speaker":"Douglas","startTime":1780.619,"endTime":1782.613,"body":"So I can tell you what"},{"speaker":"Douglas","startTime":1780.619,"endTime":1782.613,"body":"cryptographic deniability is."},{"speaker":"Douglas","startTime":1782.63,"endTime":1786.33,"body":"I can't tell you what"},{"speaker":"Douglas","startTime":1782.63,"endTime":1786.33,"body":"Apple's opinion is on it."},{"speaker":"Douglas","startTime":1786.99,"endTime":1790.42,"body":"So cryptographic deniability"},{"speaker":"Douglas","startTime":1786.99,"endTime":1790.42,"body":"is the idea that when you"},{"speaker":"Douglas","startTime":1790.63,"endTime":1794.289,"body":"participate in a protocol"},{"speaker":"Douglas","startTime":1790.63,"endTime":1794.289,"body":"exchange, that exchange should"},{"speaker":"Douglas","startTime":1794.29,"endTime":1800.499,"body":"not produce any kind of output"},{"speaker":"Douglas","startTime":1794.29,"endTime":1800.499,"body":"that can be transferred to"},{"speaker":"Douglas","startTime":1800.499,"endTime":1804.62,"body":"another party and be used to"},{"speaker":"Douglas","startTime":1800.499,"endTime":1804.62,"body":"verify something that occurred"},{"speaker":"Douglas","startTime":1804.86,"endTime":1806.249,"body":"during the protocol execution."},{"speaker":"Douglas","startTime":1806.61,"endTime":1809.969,"body":"So either it can't be used to"},{"speaker":"Douglas","startTime":1806.61,"endTime":1809.969,"body":"confirm that a particular party"},{"speaker":"Douglas","startTime":1810.09,"endTime":1814.34,"body":"said something during a protocol"},{"speaker":"Douglas","startTime":1810.09,"endTime":1814.34,"body":"execution or even participated"},{"speaker":"Douglas","startTime":1814.349,"endTime":1815.569,"body":"in a protocol execution."},{"speaker":"Douglas","startTime":1815.91,"endTime":1819.32,"body":"And so kind of this dates"},{"speaker":"Douglas","startTime":1815.91,"endTime":1819.32,"body":"back at least to the off the"},{"speaker":"Douglas","startTime":1819.32,"endTime":1823.47,"body":"record messaging protocol"},{"speaker":"Douglas","startTime":1819.32,"endTime":1823.47,"body":"OTR, which is in some sense"},{"speaker":"Douglas","startTime":1823.68,"endTime":1826.54,"body":"an ancestor to many of"},{"speaker":"Douglas","startTime":1823.68,"endTime":1826.54,"body":"our chat protocols today."},{"speaker":"Douglas","startTime":1826.84,"endTime":1831.61,"body":"And OTR had a form of"},{"speaker":"Douglas","startTime":1826.84,"endTime":1831.61,"body":"cryptographic deniability"},{"speaker":"Douglas","startTime":1831.88,"endTime":1835.549,"body":"because the two main things"},{"speaker":"Douglas","startTime":1831.88,"endTime":1835.549,"body":"that gave it that were that"},{"speaker":"Douglas","startTime":1835.549,"endTime":1840.07,"body":"it used Diffie-Hellman for"},{"speaker":"Douglas","startTime":1835.549,"endTime":1840.07,"body":"authentication rather than"},{"speaker":"Douglas","startTime":1840.07,"endTime":1844.08,"body":"signatures, and then from"},{"speaker":"Douglas","startTime":1840.07,"endTime":1844.08,"body":"that shared secret use MACs"},{"speaker":"Douglas","startTime":1844.08,"endTime":1845.08,"body":"to authenticate messages."},{"speaker":"Douglas","startTime":1845.65,"endTime":1849.779,"body":"And so first off, because"},{"speaker":"Douglas","startTime":1845.65,"endTime":1849.779,"body":"it's a symmetric key in"},{"speaker":"Douglas","startTime":1849.78,"endTime":1853.34,"body":"a mac, either party could"},{"speaker":"Douglas","startTime":1849.78,"endTime":1853.34,"body":"have generated a MAC tag."},{"speaker":"Douglas","startTime":1853.58,"endTime":1856.62,"body":"And so you can't proverif"},{"speaker":"Douglas","startTime":1853.58,"endTime":1856.62,"body":"that the other person said"},{"speaker":"Douglas","startTime":1856.62,"endTime":1859.46,"body":"something, and then there are"},{"speaker":"Douglas","startTime":1856.62,"endTime":1859.46,"body":"no signatures, so you kind"},{"speaker":"Douglas","startTime":1859.46,"endTime":1861.0,"body":"of don't have that as well."},{"speaker":"Douglas","startTime":1861.35,"endTime":1865.98,"body":"And OTR, I think, even went so"},{"speaker":"Douglas","startTime":1861.35,"endTime":1865.98,"body":"far as to release the MAC keys"},{"speaker":"Douglas","startTime":1866.179,"endTime":1870.25,"body":"at the end of the conversation"},{"speaker":"Douglas","startTime":1866.179,"endTime":1870.25,"body":"so that they could really argue,"},{"speaker":"Douglas","startTime":1870.41,"endTime":1871.919,"body":"hey, the key is out there."},{"speaker":"Douglas","startTime":1872.09,"endTime":1874.55,"body":"And in fact, if you download"},{"speaker":"Douglas","startTime":1872.09,"endTime":1874.55,"body":"OTR, you get this tool"},{"speaker":"Douglas","startTime":1874.55,"endTime":1875.87,"body":"to forge a transcript."},{"speaker":"Douglas","startTime":1875.94,"endTime":1878.61,"body":"So take it with a"},{"speaker":"Douglas","startTime":1875.94,"endTime":1878.61,"body":"huge grain of salt."},{"speaker":"Deirdre","startTime":1880.929,"endTime":1885.33,"body":"For me, we've come"},{"speaker":"Deirdre","startTime":1880.929,"endTime":1885.33,"body":"so far in the deployment"},{"speaker":"Deirdre","startTime":1885.37,"endTime":1889.909,"body":"of end-to-end encrypted"},{"speaker":"Deirdre","startTime":1885.37,"endTime":1889.909,"body":"messaging protocols in the"},{"speaker":"Deirdre","startTime":1889.91,"endTime":1893.07,"body":"world, where it's actually"},{"speaker":"Deirdre","startTime":1889.91,"endTime":1893.07,"body":"deployed by your whatsApps,"},{"speaker":"Deirdre","startTime":1893.07,"endTime":1898.24,"body":"your facebooks, and honestly,"},{"speaker":"Deirdre","startTime":1893.07,"endTime":1898.24,"body":"your wide scale Signals."},{"speaker":"Deirdre","startTime":1898.49,"endTime":1901.919,"body":"We've gone so far the other"},{"speaker":"Deirdre","startTime":1898.49,"endTime":1901.919,"body":"way away from deniability."},{"speaker":"Deirdre","startTime":1902.4,"endTime":1906.279,"body":"For example, Facebook"},{"speaker":"Deirdre","startTime":1902.4,"endTime":1906.279,"body":"released full support"},{"speaker":"Deirdre","startTime":1906.279,"endTime":1909.1,"body":"for end-to-end encrypted"},{"speaker":"Deirdre","startTime":1906.279,"endTime":1909.1,"body":"Facebook messaging chats."},{"speaker":"Deirdre","startTime":1909.35,"endTime":1912.22,"body":"It used to be opt in, and now"},{"speaker":"Deirdre","startTime":1909.35,"endTime":1912.22,"body":"it's, I think, on by default."},{"speaker":"Deirdre","startTime":1912.23,"endTime":1915.8,"body":"And they have like a whole"},{"speaker":"Deirdre","startTime":1912.23,"endTime":1915.8,"body":"bunch of stuff that allows"},{"speaker":"Deirdre","startTime":1915.8,"endTime":1921.439,"body":"you to report a message to"},{"speaker":"Deirdre","startTime":1915.8,"endTime":1921.439,"body":"Facebook and for Facebook to"},{"speaker":"Deirdre","startTime":1921.439,"endTime":1924.449,"body":"authenticate that Facebook"},{"speaker":"Deirdre","startTime":1921.439,"endTime":1924.449,"body":"sent that message that was"},{"speaker":"Deirdre","startTime":1924.459,"endTime":1927.83,"body":"end-to-end encrypted, that they"},{"speaker":"Deirdre","startTime":1924.459,"endTime":1927.83,"body":"sent it, they couldn't read it."},{"speaker":"Deirdre","startTime":1928.04,"endTime":1930.95,"body":"But now you are reporting"},{"speaker":"Deirdre","startTime":1928.04,"endTime":1930.95,"body":"the decrypted message,"},{"speaker":"Deirdre","startTime":1931.66,"endTime":1935.239,"body":"know, a tag that was on the"},{"speaker":"Deirdre","startTime":1931.66,"endTime":1935.239,"body":"encrypted message to Facebook"},{"speaker":"Deirdre","startTime":1935.27,"endTime":1937.57,"body":"to be like, someone's being"},{"speaker":"Deirdre","startTime":1935.27,"endTime":1937.57,"body":"a dick to me or harassing"},{"speaker":"Deirdre","startTime":1937.57,"endTime":1940.609,"body":"me on Facebook messenger,"},{"speaker":"Deirdre","startTime":1937.57,"endTime":1940.609,"body":"I'm reporting them to you."},{"speaker":"Deirdre","startTime":1940.69,"endTime":1944.37,"body":"And Facebook needs has"},{"speaker":"Deirdre","startTime":1940.69,"endTime":1944.37,"body":"very explicitly put extra"},{"speaker":"Deirdre","startTime":1944.61,"endTime":1947.51,"body":"cryptographically safe, but"},{"speaker":"Deirdre","startTime":1944.61,"endTime":1947.51,"body":"extra stuff in here that's like"},{"speaker":"Deirdre","startTime":1947.51,"endTime":1949.02,"body":"the opposite of deniability."},{"speaker":"Deirdre","startTime":1949.02,"endTime":1953.24,"body":"It's someone sent something,"},{"speaker":"Deirdre","startTime":1949.02,"endTime":1953.24,"body":"and we Facebook ferried it from"},{"speaker":"Deirdre","startTime":1953.24,"endTime":1956.59,"body":"point a to point b, and someone"},{"speaker":"Deirdre","startTime":1953.24,"endTime":1956.59,"body":"received it and decrypted it."},{"speaker":"Deirdre","startTime":1956.86,"endTime":1959.619,"body":"And now we are able"},{"speaker":"Deirdre","startTime":1956.86,"endTime":1959.619,"body":"to check all of those."},{"speaker":"Deirdre","startTime":1960.779,"endTime":1963.284,"body":"Anyone who wants deniability"},{"speaker":"Deirdre","startTime":1960.779,"endTime":1963.284,"body":"except cypherpunks."},{"speaker":"David","startTime":1966.98,"endTime":1968.2,"body":"I desperately"},{"speaker":"David","startTime":1966.98,"endTime":1968.2,"body":"want to see deniability."},{"speaker":"Deirdre","startTime":1973.98,"endTime":1975.029,"body":"Oh, my God."},{"speaker":"David","startTime":1975.029,"endTime":1975.193,"body":"Yeah, I want a"},{"speaker":"David","startTime":1975.029,"endTime":1975.193,"body":"court case that has an OTR."},{"speaker":"Douglas","startTime":1975.21,"endTime":1976.429,"body":"Yeah, I've"},{"speaker":"Douglas","startTime":1975.21,"endTime":1976.429,"body":"wondered about that, too."},{"speaker":"Douglas","startTime":1976.429,"endTime":1978.899,"body":"And there are a couple of"},{"speaker":"Douglas","startTime":1976.429,"endTime":1978.899,"body":"things that I thought of that"},{"speaker":"Douglas","startTime":1978.9,"endTime":1979.994,"body":"I wanted to mention about this."},{"speaker":"Douglas","startTime":1980.31,"endTime":1984.07,"body":"So there was this talk"},{"speaker":"Douglas","startTime":1980.31,"endTime":1984.07,"body":"last year at RWC on"},{"speaker":"Douglas","startTime":1984.08,"endTime":1988.139,"body":"deniability in messaging,"},{"speaker":"Douglas","startTime":1984.08,"endTime":1988.139,"body":"and we have this notion of"},{"speaker":"Douglas","startTime":1988.179,"endTime":1989.502,"body":"cryptographic deniability."},{"speaker":"Douglas","startTime":1989.502,"endTime":1992.319,"body":"But what does it mean"},{"speaker":"Douglas","startTime":1989.502,"endTime":1992.319,"body":"in the real world?"},{"speaker":"Douglas","startTime":1992.57,"endTime":1995.7,"body":"And is it actually promised"},{"speaker":"Douglas","startTime":1992.57,"endTime":1995.7,"body":"in the real world, even"},{"speaker":"Douglas","startTime":1995.7,"endTime":1999.9,"body":"if you have a deniable"},{"speaker":"Douglas","startTime":1995.7,"endTime":1999.9,"body":"protocol Signal, or OTR?"},{"speaker":"Douglas","startTime":2000.46,"endTime":2004.2,"body":"So this paper by Collins,"},{"speaker":"Douglas","startTime":2000.46,"endTime":2004.2,"body":"Colombo and Huguenin-Dumittan."},{"speaker":"Douglas","startTime":2004.92,"endTime":2007.05,"body":"So they argue that for"},{"speaker":"Douglas","startTime":2004.92,"endTime":2007.05,"body":"deniability, you have to"},{"speaker":"Douglas","startTime":2007.05,"endTime":2010.09,"body":"consider the context in which"},{"speaker":"Douglas","startTime":2007.05,"endTime":2010.09,"body":"the protocol is running."},{"speaker":"Douglas","startTime":2010.599,"endTime":2014.679,"body":"So maybe the core chat protocol"},{"speaker":"Douglas","startTime":2010.599,"endTime":2014.679,"body":"is deniable, but then it's"},{"speaker":"Douglas","startTime":2014.68,"endTime":2017.37,"body":"running in some kind of— there's"},{"speaker":"Douglas","startTime":2014.68,"endTime":2017.37,"body":"a separate layer above that"},{"speaker":"Douglas","startTime":2017.37,"endTime":2019.909,"body":"authenticates the users to the"},{"speaker":"Douglas","startTime":2017.37,"endTime":2019.909,"body":"server or something like that."},{"speaker":"Douglas","startTime":2020.4,"endTime":2022.91,"body":"So all of that"},{"speaker":"Douglas","startTime":2020.4,"endTime":2022.91,"body":"could be undermining"},{"speaker":"Douglas","startTime":2023.19,"endTime":2024.49,"body":"cryptographic deniability."},{"speaker":"Douglas","startTime":2024.95,"endTime":2027.51,"body":"And then, as David said,"},{"speaker":"Douglas","startTime":2024.95,"endTime":2027.51,"body":"we have no idea how this"},{"speaker":"Douglas","startTime":2027.51,"endTime":2029.259,"body":"would play out in a court."},{"speaker":"Douglas","startTime":2029.28,"endTime":2029.66,"body":"Right."},{"speaker":"Douglas","startTime":2029.929,"endTime":2033.29,"body":"The legal system has for"},{"speaker":"Douglas","startTime":2029.929,"endTime":2033.29,"body":"centuries had its own way"},{"speaker":"Douglas","startTime":2033.709,"endTime":2037.59,"body":"of assessing credibility of"},{"speaker":"Douglas","startTime":2033.709,"endTime":2037.59,"body":"evidence long before digital"},{"speaker":"Douglas","startTime":2037.59,"endTime":2038.82,"body":"signatures were a possibility."},{"speaker":"Douglas","startTime":2038.82,"endTime":2039.139,"body":"Right."},{"speaker":"Douglas","startTime":2039.64,"endTime":2041.909,"body":"In fact, there was a paper"},{"speaker":"Douglas","startTime":2039.64,"endTime":2041.909,"body":"at SMP last year as well,"},{"speaker":"Douglas","startTime":2042.09,"endTime":2044.049,"body":"like, touching on this"},{"speaker":"Douglas","startTime":2042.09,"endTime":2044.049,"body":"question just a little bit."},{"speaker":"Douglas","startTime":2044.699,"endTime":2047.12,"body":"So there's some researchers from"},{"speaker":"Douglas","startTime":2044.699,"endTime":2047.12,"body":"University of Maryland, they did"},{"speaker":"Douglas","startTime":2047.12,"endTime":2052.56,"body":"this study where they had like,"},{"speaker":"Douglas","startTime":2047.12,"endTime":2052.56,"body":"600, well, 1200 users across"},{"speaker":"Douglas","startTime":2052.56,"endTime":2057.969,"body":"2600 user studies where they"},{"speaker":"Douglas","startTime":2052.56,"endTime":2057.969,"body":"asked how nonexpert users would"},{"speaker":"Douglas","startTime":2057.969,"endTime":2061.969,"body":"perceive deniability of chat"},{"speaker":"Douglas","startTime":2057.969,"endTime":2061.969,"body":"messages in a courtroom setting."},{"speaker":"Douglas","startTime":2062.309,"endTime":2067.009,"body":"So, like, how likely are you"},{"speaker":"Douglas","startTime":2062.309,"endTime":2067.009,"body":"to convict if you are told"},{"speaker":"Douglas","startTime":2067.009,"endTime":2070.45,"body":"that if a cryptographer comes"},{"speaker":"Douglas","startTime":2067.009,"endTime":2070.45,"body":"in and tells you that it's"},{"speaker":"Douglas","startTime":2070.46,"endTime":2075.19,"body":"cryptographically deniable,"},{"speaker":"Douglas","startTime":2070.46,"endTime":2075.19,"body":"or if you sieve that the chat"},{"speaker":"Douglas","startTime":2075.19,"endTime":2079.76,"body":"program includes a function"},{"speaker":"Douglas","startTime":2075.19,"endTime":2079.76,"body":"to edit the messages or tamper"},{"speaker":"Douglas","startTime":2079.76,"endTime":2081.01,"body":"with screenshots or whatever?"},{"speaker":"Douglas","startTime":2081.29,"endTime":2084.79,"body":"So I think we're starting to"},{"speaker":"Douglas","startTime":2081.29,"endTime":2084.79,"body":"touch just a tiny bit on what"},{"speaker":"Douglas","startTime":2084.79,"endTime":2087.719,"body":"deniability, cryptographic"},{"speaker":"Douglas","startTime":2084.79,"endTime":2087.719,"body":"deniability really means."},{"speaker":"Douglas","startTime":2087.719,"endTime":2091.1,"body":"But I don't know"},{"speaker":"Douglas","startTime":2087.719,"endTime":2091.1,"body":"really what it means."},{"speaker":"David","startTime":2092.58,"endTime":2094.38,"body":"Okay, Deirdre, we're"},{"speaker":"David","startTime":2092.58,"endTime":2094.38,"body":"going to need you to do some"},{"speaker":"David","startTime":2094.38,"endTime":2098.69,"body":"crimes and then leave evidence"},{"speaker":"David","startTime":2094.38,"endTime":2098.69,"body":"in OTR, and then we'll create"},{"speaker":"David","startTime":2099.92,"endTime":2101.639,"body":"some forged transcripts and send"},{"speaker":"David","startTime":2099.92,"endTime":2101.639,"body":"you to the US justice system"},{"speaker":"David","startTime":2101.87,"endTime":2102.86,"body":"and write a paper about it."},{"speaker":"Douglas","startTime":2103.719,"endTime":2104.99,"body":"Well, so one"},{"speaker":"Douglas","startTime":2103.719,"endTime":2104.99,"body":"other thing on this."},{"speaker":"Douglas","startTime":2105.0,"endTime":2108.589,"body":"So we have seen court cases"},{"speaker":"Douglas","startTime":2105.0,"endTime":2108.589,"body":"where chat messages have been"},{"speaker":"Douglas","startTime":2108.59,"endTime":2112.82,"body":"evidence, and I'm thinking,"},{"speaker":"Douglas","startTime":2108.59,"endTime":2112.82,"body":"among others, of anchor chat"},{"speaker":"Douglas","startTime":2112.86,"endTime":2116.91,"body":"in Europe, which was a chat"},{"speaker":"Douglas","startTime":2112.86,"endTime":2116.91,"body":"program used by organized"},{"speaker":"Douglas","startTime":2116.94,"endTime":2120.13,"body":"crime and so on, and law"},{"speaker":"Douglas","startTime":2116.94,"endTime":2120.13,"body":"enforcement infiltrated this"},{"speaker":"Douglas","startTime":2120.179,"endTime":2123.99,"body":"and that evidence has been"},{"speaker":"Douglas","startTime":2120.179,"endTime":2123.99,"body":"used in convictions and so on."},{"speaker":"Douglas","startTime":2124.279,"endTime":2127.56,"body":"And the chats there contain"},{"speaker":"Douglas","startTime":2124.279,"endTime":2127.56,"body":"all kinds of corroborating"},{"speaker":"Douglas","startTime":2128.27,"endTime":2132.77,"body":"evidence, like a selfie of"},{"speaker":"Douglas","startTime":2128.27,"endTime":2132.77,"body":"someone holding a bag of"},{"speaker":"Douglas","startTime":2132.77,"endTime":2137.33,"body":"cocaine, or like someone, and"},{"speaker":"Douglas","startTime":2132.77,"endTime":2137.33,"body":"I think this is true, someone"},{"speaker":"Douglas","startTime":2137.33,"endTime":2139.159,"body":"holding a block of cheese."},{"speaker":"Douglas","startTime":2139.32,"endTime":2142.719,"body":"And you can see the fingerprints"},{"speaker":"Douglas","startTime":2139.32,"endTime":2142.719,"body":"from their fingers holding the"},{"speaker":"Douglas","startTime":2142.719,"endTime":2144.38,"body":"block that are in the picture."},{"speaker":"Douglas","startTime":2144.38,"endTime":2145.4,"body":"They're holding the"},{"speaker":"Douglas","startTime":2144.38,"endTime":2145.4,"body":"block of cheese."},{"speaker":"Deirdre","startTime":2145.41,"endTime":2145.44,"body":"Right?"},{"speaker":"Deirdre","startTime":2145.76,"endTime":2146.31,"body":"Wow."},{"speaker":"Douglas","startTime":2146.56,"endTime":2149.529,"body":"All this corroborating"},{"speaker":"Douglas","startTime":2146.56,"endTime":2149.529,"body":"evidence, regardless of"},{"speaker":"Douglas","startTime":2149.53,"endTime":2151.32,"body":"the metadata of the chat."},{"speaker":"Deirdre","startTime":2151.349,"endTime":2152.189,"body":"Oh, boy."},{"speaker":"Deirdre","startTime":2152.25,"endTime":2152.63,"body":"Yeah."},{"speaker":"Deirdre","startTime":2152.76,"endTime":2153.75,"body":"Oh, God."},{"speaker":"Deirdre","startTime":2155.759,"endTime":2158.61,"body":"I could see someone be like, oh,"},{"speaker":"Deirdre","startTime":2155.759,"endTime":2158.61,"body":"right, \"This is like a picture"},{"speaker":"Deirdre","startTime":2158.619,"endTime":2160.069,"body":"of my passport for backup.\""},{"speaker":"Deirdre","startTime":2160.08,"endTime":2164.19,"body":"And then be like, \"but the"},{"speaker":"Deirdre","startTime":2160.08,"endTime":2164.19,"body":"transcript is deniable!\""},{"speaker":"Deirdre","startTime":2164.52,"endTime":2166.42,"body":"Just like, okay, all right."},{"speaker":"Deirdre","startTime":2166.81,"endTime":2167.23,"body":"Yeah."},{"speaker":"Deirdre","startTime":2167.34,"endTime":2171.069,"body":"It kind of reinforces, like,"},{"speaker":"Deirdre","startTime":2167.34,"endTime":2171.069,"body":"it's a cute cryptographic"},{"speaker":"Deirdre","startTime":2171.309,"endTime":2176.33,"body":"trick, but I think the end"},{"speaker":"Deirdre","startTime":2171.309,"endTime":2176.33,"body":"user demand for deniability"},{"speaker":"Deirdre","startTime":2176.33,"endTime":2177.809,"body":"has only decreased over time."},{"speaker":"Deirdre","startTime":2178.19,"endTime":2181.799,"body":"But it seems funny that"},{"speaker":"Deirdre","startTime":2178.19,"endTime":2181.799,"body":"cryptographers are like,"},{"speaker":"Deirdre","startTime":2181.8,"endTime":2183.259,"body":"\"there's no deniability here?"},{"speaker":"Deirdre","startTime":2183.56,"endTime":2183.75,"body":"Oh, no!\""},{"speaker":"Deirdre","startTime":2184.17,"endTime":2187.625,"body":"And I'm like, why would,"},{"speaker":"Deirdre","startTime":2184.17,"endTime":2187.625,"body":"why would there be?"},{"speaker":"Deirdre","startTime":2188.13,"endTime":2191.95,"body":"But actually, on the other"},{"speaker":"Deirdre","startTime":2188.13,"endTime":2191.95,"body":"hand, Apple might be one of"},{"speaker":"Deirdre","startTime":2191.95,"endTime":2194.609,"body":"those parties that actually"},{"speaker":"Deirdre","startTime":2191.95,"endTime":2194.609,"body":"kind of is no, like, nothing"},{"speaker":"Deirdre","startTime":2194.609,"endTime":2199.1,"body":"to see here, like, we"},{"speaker":"Deirdre","startTime":2194.609,"endTime":2199.1,"body":"care about your privacy."},{"speaker":"Deirdre","startTime":2199.1,"endTime":2200.98,"body":"We care about all"},{"speaker":"Deirdre","startTime":2199.1,"endTime":2200.98,"body":"this sort of stuff."},{"speaker":"Deirdre","startTime":2200.98,"endTime":2202.88,"body":"They might be one of"},{"speaker":"Deirdre","startTime":2200.98,"endTime":2202.88,"body":"those parties that are"},{"speaker":"Deirdre","startTime":2202.88,"endTime":2204.46,"body":"like, yes, you cannot..."},{"speaker":"Deirdre","startTime":2204.48,"endTime":2206.63,"body":"But they're also"},{"speaker":"Deirdre","startTime":2204.48,"endTime":2206.63,"body":"just a large company."},{"speaker":"Deirdre","startTime":2206.63,"endTime":2207.449,"body":"I don't know."},{"speaker":"David","startTime":2207.449,"endTime":2213.369,"body":"The EU, just to rampantly"},{"speaker":"David","startTime":2207.449,"endTime":2213.369,"body":"speculate, the EU does care"},{"speaker":"David","startTime":2213.369,"endTime":2216.97,"body":"a lot about trust and safety"},{"speaker":"David","startTime":2213.369,"endTime":2216.97,"body":"and deniability and trust"},{"speaker":"David","startTime":2216.97,"endTime":2220.67,"body":"and safety in general don't"},{"speaker":"David","startTime":2216.97,"endTime":2220.67,"body":"play nice with each other."},{"speaker":"Deirdre","startTime":2220.91,"endTime":2223.8,"body":"I know there's nothing"},{"speaker":"Deirdre","startTime":2220.91,"endTime":2223.8,"body":"in your analysis, Douglas,"},{"speaker":"Deirdre","startTime":2223.84,"endTime":2229.179,"body":"about the padding that they"},{"speaker":"Deirdre","startTime":2223.84,"endTime":2229.179,"body":"added to iMessage, which is"},{"speaker":"Deirdre","startTime":2229.179,"endTime":2231.799,"body":"basically like a privacy win."},{"speaker":"Deirdre","startTime":2232.78,"endTime":2235.74,"body":"I don't know if other messaging"},{"speaker":"Deirdre","startTime":2232.78,"endTime":2235.74,"body":"protocols have something"},{"speaker":"Deirdre","startTime":2235.74,"endTime":2239.53,"body":"similar or if they're just"},{"speaker":"Deirdre","startTime":2235.74,"endTime":2239.53,"body":"sort of just doing the maximal"},{"speaker":"Deirdre","startTime":2239.53,"endTime":2241.36,"body":"padding by default anyway."},{"speaker":"Deirdre","startTime":2241.41,"endTime":2245.26,"body":"But basically, this is another"},{"speaker":"Deirdre","startTime":2241.41,"endTime":2245.26,"body":"way to avoid a completely"},{"speaker":"Deirdre","startTime":2245.26,"endTime":2248.209,"body":"different class of attack, which"},{"speaker":"Deirdre","startTime":2245.26,"endTime":2248.209,"body":"is just sort of like looking"},{"speaker":"Deirdre","startTime":2248.209,"endTime":2253.52,"body":"at the different sizes of the"},{"speaker":"Deirdre","startTime":2248.209,"endTime":2253.52,"body":"ciphertext on the wire to get"},{"speaker":"Deirdre","startTime":2253.53,"endTime":2256.55,"body":"some information about what's"},{"speaker":"Deirdre","startTime":2253.53,"endTime":2256.55,"body":"actually being encrypted."},{"speaker":"Deirdre","startTime":2257.3,"endTime":2261.099,"body":"And so to counteract that, they"},{"speaker":"Deirdre","startTime":2257.3,"endTime":2261.099,"body":"call it, this is a Padmé padding"},{"speaker":"Deirdre","startTime":2262.69,"endTime":2266.509,"body":"heuristic, which literally makes"},{"speaker":"Deirdre","startTime":2262.69,"endTime":2266.509,"body":"it so that that information"},{"speaker":"Deirdre","startTime":2266.51,"endTime":2269.16,"body":"that is being leaked by the"},{"speaker":"Deirdre","startTime":2266.51,"endTime":2269.16,"body":"size of the ciphertext on the"},{"speaker":"Deirdre","startTime":2269.16,"endTime":2271.549,"body":"wire is much, much smaller."},{"speaker":"Deirdre","startTime":2272.1,"endTime":2273.44,"body":"Can you tell us a"},{"speaker":"Deirdre","startTime":2272.1,"endTime":2273.44,"body":"little bit about that?"},{"speaker":"Douglas","startTime":2274.45,"endTime":2274.91,"body":"I can't."},{"speaker":"Douglas","startTime":2275.55,"endTime":2276.5,"body":"I didn't take a look at that."},{"speaker":"Douglas","startTime":2276.5,"endTime":2280.069,"body":"All right, so basically,"},{"speaker":"Douglas","startTime":2276.5,"endTime":2280.069,"body":"my focus was on the key"},{"speaker":"Douglas","startTime":2280.07,"endTime":2280.819,"body":"establishment, right?"},{"speaker":"Douglas","startTime":2280.82,"endTime":2284.069,"body":"The key exchange, not the"},{"speaker":"Douglas","startTime":2280.82,"endTime":2284.069,"body":"authenticated encryption"},{"speaker":"Douglas","startTime":2284.67,"endTime":2286.699,"body":"or anything of her"},{"speaker":"Douglas","startTime":2284.67,"endTime":2286.699,"body":"message transmission."},{"speaker":"Deirdre","startTime":2286.73,"endTime":2287.03,"body":"Okay."},{"speaker":"Douglas","startTime":2287.04,"endTime":2287.691,"body":"Sorry I didn't"},{"speaker":"Douglas","startTime":2287.04,"endTime":2287.691,"body":"take a look at Padmé,"},{"speaker":"Douglas","startTime":2287.73,"endTime":2291.89,"body":"but it looks promising."},{"speaker":"Deirdre","startTime":2291.93,"endTime":2292.43,"body":"Yes."},{"speaker":"Deirdre","startTime":2292.96,"endTime":2295.87,"body":"This is sort of like yet another"},{"speaker":"Deirdre","startTime":2292.96,"endTime":2295.87,"body":"thing that is just, iMessage"},{"speaker":"Deirdre","startTime":2297.55,"endTime":2298.92,"body":"has been a little bit of a..."},{"speaker":"Deirdre","startTime":2299.68,"endTime":2303.39,"body":"iMessage came out the gate"},{"speaker":"Deirdre","startTime":2299.68,"endTime":2303.39,"body":"when Apple released it as a"},{"speaker":"Deirdre","startTime":2303.39,"endTime":2307.2,"body":"pretty good, groundbreaking,"},{"speaker":"Deirdre","startTime":2303.39,"endTime":2307.2,"body":"or at least for wide"},{"speaker":"Deirdre","startTime":2307.22,"endTime":2311.29,"body":"scale messaging protocol"},{"speaker":"Deirdre","startTime":2307.22,"endTime":2311.29,"body":"encrypted messaging protocol."},{"speaker":"Deirdre","startTime":2311.52,"endTime":2314.049,"body":"It wasn't documented very"},{"speaker":"Deirdre","startTime":2311.52,"endTime":2314.049,"body":"well, but it was considered"},{"speaker":"Deirdre","startTime":2314.05,"endTime":2315.7,"body":"pretty good at the time."},{"speaker":"Deirdre","startTime":2316.179,"endTime":2317.61,"body":"And then it's been"},{"speaker":"Deirdre","startTime":2316.179,"endTime":2317.61,"body":"kind of stagnant."},{"speaker":"Deirdre","startTime":2317.63,"endTime":2319.14,"body":"People have analyzed it."},{"speaker":"Deirdre","startTime":2319.16,"endTime":2321.26,"body":"People find some breaks,"},{"speaker":"Deirdre","startTime":2319.16,"endTime":2321.26,"body":"they fixed some breaks,"},{"speaker":"Deirdre","startTime":2321.26,"endTime":2322.269,"body":"and things like that."},{"speaker":"Deirdre","startTime":2322.43,"endTime":2327.04,"body":"Signal has screamed ahead,"},{"speaker":"Deirdre","startTime":2322.43,"endTime":2327.04,"body":"WhatsApp adapted Signal."},{"speaker":"Deirdre","startTime":2327.04,"endTime":2330.77,"body":"WhatsApp's had their own"},{"speaker":"Deirdre","startTime":2327.04,"endTime":2330.77,"body":"advancements, and then"},{"speaker":"Deirdre","startTime":2330.77,"endTime":2332.85,"body":"Signal has been an influence"},{"speaker":"Deirdre","startTime":2330.77,"endTime":2332.85,"body":"to a lot of end-to-end"},{"speaker":"Deirdre","startTime":2333.259,"endTime":2336.07,"body":"encryption protocols, not just"},{"speaker":"Deirdre","startTime":2333.259,"endTime":2336.07,"body":"messaging in a lot of places."},{"speaker":"Deirdre","startTime":2336.099,"endTime":2340.279,"body":"And iMessage has just been"},{"speaker":"Deirdre","startTime":2336.099,"endTime":2340.279,"body":"kind of plateaued, I would say."},{"speaker":"Deirdre","startTime":2340.53,"endTime":2344.76,"body":"And then all of a sudden,"},{"speaker":"Deirdre","startTime":2340.53,"endTime":2344.76,"body":"they've got post-quantum, and"},{"speaker":"Deirdre","startTime":2344.76,"endTime":2348.04,"body":"they've got more post-quantum"},{"speaker":"Deirdre","startTime":2344.76,"endTime":2348.04,"body":"stuff than anyone else has."},{"speaker":"Deirdre","startTime":2348.28,"endTime":2351.319,"body":"They've got this much"},{"speaker":"Deirdre","startTime":2348.28,"endTime":2351.319,"body":"better padding for privacy."},{"speaker":"Deirdre","startTime":2351.62,"endTime":2353.25,"body":"They've got a whole"},{"speaker":"Deirdre","startTime":2351.62,"endTime":2353.25,"body":"bunch of stuff going"},{"speaker":"Deirdre","startTime":2353.25,"endTime":2355.39,"body":"on in here all at once."},{"speaker":"Deirdre","startTime":2355.67,"endTime":2358.83,"body":"I don't have a question here,"},{"speaker":"Deirdre","startTime":2355.67,"endTime":2358.83,"body":"but it's just kind of good."},{"speaker":"Deirdre","startTime":2358.9,"endTime":2363.25,"body":"It's good to see because"},{"speaker":"Deirdre","startTime":2358.9,"endTime":2363.25,"body":"iMessage kind of was a big"},{"speaker":"Deirdre","startTime":2363.25,"endTime":2366.64,"body":"leader to start, and now"},{"speaker":"Deirdre","startTime":2363.25,"endTime":2366.64,"body":"they're coming all the way"},{"speaker":"Deirdre","startTime":2366.64,"endTime":2370.169,"body":"back after being somewhat"},{"speaker":"Deirdre","startTime":2366.64,"endTime":2370.169,"body":"quiet for a long time, and"},{"speaker":"Deirdre","startTime":2370.17,"endTime":2371.129,"body":"it's pretty good to see."},{"speaker":"Deirdre","startTime":2371.549,"endTime":2375.069,"body":"And I'm glad that they basically"},{"speaker":"Deirdre","startTime":2371.549,"endTime":2375.069,"body":"reached out to people like you."},{"speaker":"Deirdre","startTime":2376.42,"endTime":2378.56,"body":"And there was another team"},{"speaker":"Deirdre","startTime":2376.42,"endTime":2378.56,"body":"that did a Tamarin analysis,"},{"speaker":"Deirdre","startTime":2378.75,"endTime":2380.93,"body":"and I have to go through their"},{"speaker":"Deirdre","startTime":2378.75,"endTime":2380.93,"body":"analysis, and I want them to"},{"speaker":"Deirdre","startTime":2380.93,"endTime":2383.22,"body":"release their Tamarin model."},{"speaker":"Deirdre","startTime":2383.46,"endTime":2386.44,"body":"I was grepping in their"},{"speaker":"Deirdre","startTime":2383.46,"endTime":2386.44,"body":"paper for a git link or"},{"speaker":"Deirdre","startTime":2386.44,"endTime":2388.36,"body":"something, and there isn't one."},{"speaker":"Deirdre","startTime":2388.36,"endTime":2390.32,"body":"So I have to dig a little"},{"speaker":"Deirdre","startTime":2388.36,"endTime":2390.32,"body":"bit harder, and I would"},{"speaker":"Deirdre","startTime":2390.32,"endTime":2392.48,"body":"like to take a look at that."},{"speaker":"Deirdre","startTime":2392.5,"endTime":2394.93,"body":"And someone did an"},{"speaker":"Deirdre","startTime":2392.5,"endTime":2394.93,"body":"audit of the code."},{"speaker":"Deirdre","startTime":2395.42,"endTime":2398.2,"body":"They were not named, just"},{"speaker":"Deirdre","startTime":2395.42,"endTime":2398.2,"body":"that an audit happened."},{"speaker":"Deirdre","startTime":2398.2,"endTime":2403.85,"body":"All right, but"},{"speaker":"Deirdre","startTime":2398.2,"endTime":2403.85,"body":"that is also good."},{"speaker":"Deirdre","startTime":2403.85,"endTime":2407.28,"body":"And the other thing is, a"},{"speaker":"Deirdre","startTime":2403.85,"endTime":2407.28,"body":"couple of months ago, they"},{"speaker":"Deirdre","startTime":2407.299,"endTime":2412.41,"body":"announced their contact key"},{"speaker":"Deirdre","startTime":2407.299,"endTime":2412.41,"body":"verification thing, and that"},{"speaker":"Deirdre","startTime":2412.41,"endTime":2414.82,"body":"came with key transparency logs."},{"speaker":"Deirdre","startTime":2415.31,"endTime":2419.28,"body":"And for us nerds, like, this"},{"speaker":"Deirdre","startTime":2415.31,"endTime":2419.28,"body":"is like a big, big thing"},{"speaker":"Deirdre","startTime":2419.28,"endTime":2423.689,"body":"because did Whatsapp do"},{"speaker":"Deirdre","startTime":2419.28,"endTime":2423.689,"body":"that first or did I forget?"},{"speaker":"Deirdre","startTime":2424.05,"endTime":2425.42,"body":"Okay, David's nodding at me."},{"speaker":"Deirdre","startTime":2425.42,"endTime":2429.249,"body":"I think WhatsApp did similar, a"},{"speaker":"Deirdre","startTime":2425.42,"endTime":2429.249,"body":"slightly different design, but"},{"speaker":"Deirdre","startTime":2429.25,"endTime":2430.539,"body":"they did a similar thing first."},{"speaker":"Deirdre","startTime":2430.81,"endTime":2433.56,"body":"And basically the contact"},{"speaker":"Deirdre","startTime":2430.81,"endTime":2433.56,"body":"key verification, or key"},{"speaker":"Deirdre","startTime":2433.56,"endTime":2436.97,"body":"verification stuff is about"},{"speaker":"Deirdre","startTime":2433.56,"endTime":2436.97,"body":"when we talked about setting"},{"speaker":"Deirdre","startTime":2436.97,"endTime":2440.14,"body":"up your sessions and you have"},{"speaker":"Deirdre","startTime":2436.97,"endTime":2440.14,"body":"these long term keys that might"},{"speaker":"Deirdre","startTime":2440.14,"endTime":2444.21,"body":"be per device or per identity"},{"speaker":"Deirdre","startTime":2440.14,"endTime":2444.21,"body":"or whatever it is, those"},{"speaker":"Deirdre","startTime":2444.21,"endTime":2447.459,"body":"are long term and you really"},{"speaker":"Deirdre","startTime":2444.21,"endTime":2447.459,"body":"want to know when they change"},{"speaker":"Deirdre","startTime":2447.459,"endTime":2451.55,"body":"because you have to restart your"},{"speaker":"Deirdre","startTime":2447.459,"endTime":2451.55,"body":"session and things like that."},{"speaker":"Deirdre","startTime":2451.81,"endTime":2455.83,"body":"In the long, distant past of"},{"speaker":"Deirdre","startTime":2451.81,"endTime":2455.83,"body":"messaging, encrypted messaging,"},{"speaker":"Deirdre","startTime":2456.08,"endTime":2460.53,"body":"it was just sort of like, here's"},{"speaker":"Deirdre","startTime":2456.08,"endTime":2460.53,"body":"a code, here's an encoding of"},{"speaker":"Deirdre","startTime":2460.53,"endTime":2464.479,"body":"someone's public key, and maybe"},{"speaker":"Deirdre","startTime":2460.53,"endTime":2464.479,"body":"you compare codes to make sure"},{"speaker":"Deirdre","startTime":2464.48,"endTime":2466.92,"body":"that you're both seeing the same"},{"speaker":"Deirdre","startTime":2464.48,"endTime":2466.92,"body":"thing and that it was relying on"},{"speaker":"Deirdre","startTime":2466.92,"endTime":2468.62,"body":"you to check that out of band."},{"speaker":"Deirdre","startTime":2468.99,"endTime":2471.879,"body":"So, like, in the distant,"},{"speaker":"Deirdre","startTime":2468.99,"endTime":2471.879,"body":"distant past, this might"},{"speaker":"Deirdre","startTime":2471.88,"endTime":2475.24,"body":"actually involve someone"},{"speaker":"Deirdre","startTime":2471.88,"endTime":2475.24,"body":"at some data center calling"},{"speaker":"Deirdre","startTime":2475.24,"endTime":2479.58,"body":"you and be like, read me off"},{"speaker":"Deirdre","startTime":2475.24,"endTime":2479.58,"body":"the hex encoding of your ssh"},{"speaker":"Deirdre","startTime":2480.2,"endTime":2483.93,"body":"public kem, which I had to"},{"speaker":"Deirdre","startTime":2480.2,"endTime":2483.93,"body":"do back in the day, and then"},{"speaker":"Deirdre","startTime":2483.959,"endTime":2486.779,"body":"Signal and WhatsApp literally"},{"speaker":"Deirdre","startTime":2483.959,"endTime":2486.779,"body":"had like a little QR code."},{"speaker":"Deirdre","startTime":2486.78,"endTime":2489.22,"body":"And you do that out of"},{"speaker":"Deirdre","startTime":2486.78,"endTime":2489.22,"body":"band, blah, blah, blah."},{"speaker":"Deirdre","startTime":2489.39,"endTime":2492.14,"body":"So this contact key"},{"speaker":"Deirdre","startTime":2489.39,"endTime":2492.14,"body":"verification stuff, and the"},{"speaker":"Deirdre","startTime":2492.14,"endTime":2495.099,"body":"equivalent WhatsApp one was"},{"speaker":"Deirdre","startTime":2492.14,"endTime":2495.099,"body":"literally doing it for you."},{"speaker":"Deirdre","startTime":2495.2,"endTime":2499.439,"body":"It was WhatsApp or Apple or"},{"speaker":"Deirdre","startTime":2495.2,"endTime":2499.439,"body":"whomever is running the service"},{"speaker":"Deirdre","startTime":2500.199,"endTime":2504.47,"body":"watches all the public keys"},{"speaker":"Deirdre","startTime":2500.199,"endTime":2504.47,"body":"that are being verified, has"},{"speaker":"Deirdre","startTime":2504.48,"endTime":2508.96,"body":"these logs that anyone can check"},{"speaker":"Deirdre","startTime":2504.48,"endTime":2508.96,"body":"to keep track of the changes"},{"speaker":"Deirdre","startTime":2508.97,"endTime":2513.039,"body":"of these public keys and then"},{"speaker":"Deirdre","startTime":2508.97,"endTime":2513.039,"body":"prompting you, the user, if they"},{"speaker":"Deirdre","startTime":2513.04,"endTime":2517.56,"body":"notice something is wrong, if"},{"speaker":"Deirdre","startTime":2513.04,"endTime":2517.56,"body":"they notice a public key being"},{"speaker":"Deirdre","startTime":2517.62,"endTime":2522.589,"body":"advertised from a party, that"},{"speaker":"Deirdre","startTime":2517.62,"endTime":2522.589,"body":"shouldn't be, because WhatsApp"},{"speaker":"Deirdre","startTime":2522.59,"endTime":2527.21,"body":"or iMessage or whatever knows"},{"speaker":"Deirdre","startTime":2522.59,"endTime":2527.21,"body":"the trusted public private or"},{"speaker":"Deirdre","startTime":2527.23,"endTime":2531.09,"body":"the trusted public keys from"},{"speaker":"Deirdre","startTime":2527.23,"endTime":2531.09,"body":"trusted devices that it knows."},{"speaker":"Deirdre","startTime":2531.21,"endTime":2534.21,"body":"And so it can catch or any"},{"speaker":"Deirdre","startTime":2531.21,"endTime":2534.21,"body":"of these logs can catch, it"},{"speaker":"Deirdre","startTime":2534.21,"endTime":2536.663,"body":"doesn't have to be by the"},{"speaker":"Deirdre","startTime":2534.21,"endTime":2536.663,"body":"service providers, but they"},{"speaker":"Deirdre","startTime":2536.663,"endTime":2541.1,"body":"are in the most advantageous"},{"speaker":"Deirdre","startTime":2536.663,"endTime":2541.1,"body":"position to operate this; they"},{"speaker":"Deirdre","startTime":2541.36,"endTime":2545.509,"body":"will notice if David Adrian's"},{"speaker":"Deirdre","startTime":2541.36,"endTime":2545.509,"body":"device, which is showing me"},{"speaker":"Deirdre","startTime":2545.55,"endTime":2551.16,"body":"a hash of a public key that's"},{"speaker":"Deirdre","startTime":2545.55,"endTime":2551.16,"body":"like 1234, but the hash of the"},{"speaker":"Deirdre","startTime":2551.16,"endTime":2554.15,"body":"public key that I'm seeing on my"},{"speaker":"Deirdre","startTime":2551.16,"endTime":2554.15,"body":"device is actually four, five,"},{"speaker":"Deirdre","startTime":2554.15,"endTime":2557.12,"body":"six, seven or something like"},{"speaker":"Deirdre","startTime":2554.15,"endTime":2557.12,"body":"that and they will notify me."},{"speaker":"Deirdre","startTime":2557.359,"endTime":2558.28,"body":"So that's the whole thing."},{"speaker":"Deirdre","startTime":2558.64,"endTime":2559.29,"body":"They did that too."},{"speaker":"Deirdre","startTime":2560.31,"endTime":2561.9,"body":"They did that a"},{"speaker":"Deirdre","startTime":2560.31,"endTime":2561.9,"body":"couple of months too."},{"speaker":"Deirdre","startTime":2561.95,"endTime":2565.65,"body":"And basically it seems to"},{"speaker":"Deirdre","startTime":2561.95,"endTime":2565.65,"body":"be the, I don't have the"},{"speaker":"Deirdre","startTime":2565.65,"endTime":2568.39,"body":"numbers in front of me,"},{"speaker":"Deirdre","startTime":2565.65,"endTime":2568.39,"body":"but it was the largest"},{"speaker":"Deirdre","startTime":2568.45,"endTime":2573.72,"body":"deployment of key transparency"},{"speaker":"Deirdre","startTime":2568.45,"endTime":2573.72,"body":"logging period because"},{"speaker":"Deirdre","startTime":2573.72,"endTime":2575.53,"body":"they have so many devices."},{"speaker":"Deirdre","startTime":2575.59,"endTime":2581.07,"body":"I think the Apple one was bigger"},{"speaker":"Deirdre","startTime":2575.59,"endTime":2581.07,"body":"because they just turned it on."},{"speaker":"Deirdre","startTime":2581.09,"endTime":2582.62,"body":"I think they only"},{"speaker":"Deirdre","startTime":2581.09,"endTime":2582.62,"body":"turned on by default."},{"speaker":"Deirdre","startTime":2583.02,"endTime":2586.069,"body":"And the WhatsApp one is"},{"speaker":"Deirdre","startTime":2583.02,"endTime":2586.069,"body":"like slightly smaller for"},{"speaker":"Deirdre","startTime":2586.07,"endTime":2588.7,"body":"reasons and I don't remember"},{"speaker":"Deirdre","startTime":2586.07,"endTime":2588.7,"body":"why, but it's literally"},{"speaker":"Deirdre","startTime":2588.7,"endTime":2589.78,"body":"billions versus billions."},{"speaker":"David","startTime":2590.02,"endTime":2592.91,"body":"I believe that Apple's"},{"speaker":"David","startTime":2590.02,"endTime":2592.91,"body":"users times average number of"},{"speaker":"David","startTime":2592.92,"endTime":2596.7,"body":"Apple devices is bigger than"},{"speaker":"David","startTime":2592.92,"endTime":2596.7,"body":"total number of WhatsApp users."},{"speaker":"David","startTime":2596.8,"endTime":2599.1,"body":"Since it's just one key"},{"speaker":"David","startTime":2596.8,"endTime":2599.1,"body":"per user on WhatsApp."},{"speaker":"Deirdre","startTime":2599.1,"endTime":2599.93,"body":"That might be it."},{"speaker":"Deirdre","startTime":2599.93,"endTime":2600.41,"body":"But yeah."},{"speaker":"Deirdre","startTime":2600.45,"endTime":2600.97,"body":"Anyway."},{"speaker":"David","startTime":2601.179,"endTime":2604.4,"body":"My understanding is also"},{"speaker":"David","startTime":2601.179,"endTime":2604.4,"body":"that Apple launched PQ3 and the"},{"speaker":"David","startTime":2604.4,"endTime":2607.199,"body":"key transparency at the same"},{"speaker":"David","startTime":2604.4,"endTime":2607.199,"body":"time and then just being Apple"},{"speaker":"David","startTime":2607.21,"endTime":2610.059,"body":"didn't tell people about it."},{"speaker":"Douglas","startTime":2610.1,"endTime":2610.21,"body":"No."},{"speaker":"Douglas","startTime":2610.21,"endTime":2614.67,"body":"I think key transparency"},{"speaker":"Douglas","startTime":2610.21,"endTime":2614.67,"body":"came out in an earlier"},{"speaker":"Douglas","startTime":2614.67,"endTime":2615.759,"body":"version of iOS."},{"speaker":"Douglas","startTime":2615.77,"endTime":2619.459,"body":"Yes, 17 two and now we're on."},{"speaker":"Douglas","startTime":2619.849,"endTime":2625.02,"body":"And I think they said post"},{"speaker":"Douglas","startTime":2619.849,"endTime":2625.02,"body":"PQ3 will come out in 17.4."},{"speaker":"Douglas","startTime":2625.57,"endTime":2625.89,"body":"Yeah."},{"speaker":"Douglas","startTime":2627.74,"endTime":2628.7,"body":"Which we're not at yet."},{"speaker":"Douglas","startTime":2628.76,"endTime":2629.04,"body":"Yeah."},{"speaker":"Douglas","startTime":2630.27,"endTime":2634.37,"body":"Although I also was fiddling"},{"speaker":"Douglas","startTime":2630.27,"endTime":2634.37,"body":"around with contact key"},{"speaker":"Douglas","startTime":2634.37,"endTime":2636.71,"body":"verification yesterday."},{"speaker":"Deirdre","startTime":2637.29,"endTime":2637.749,"body":"Oh yeah."},{"speaker":"Douglas","startTime":2638.33,"endTime":2640.07,"body":"And I had"},{"speaker":"Douglas","startTime":2638.33,"endTime":2640.07,"body":"to go and turn it on."},{"speaker":"Douglas","startTime":2640.08,"endTime":2644.129,"body":"So I don't know if it is on"},{"speaker":"Douglas","startTime":2640.08,"endTime":2644.129,"body":"by default or maybe I just"},{"speaker":"Douglas","startTime":2644.559,"endTime":2647.23,"body":"screwed up a setting but I"},{"speaker":"Douglas","startTime":2644.559,"endTime":2647.23,"body":"had to turn it on, at least."},{"speaker":"Deirdre","startTime":2647.27,"endTime":2652.319,"body":"I think for Apple"},{"speaker":"Deirdre","startTime":2647.27,"endTime":2652.319,"body":"this started as high risk"},{"speaker":"Deirdre","startTime":2652.32,"endTime":2656.34,"body":"users, whatever their official"},{"speaker":"Deirdre","startTime":2652.32,"endTime":2656.34,"body":"name is for know, if you"},{"speaker":"Deirdre","startTime":2656.36,"endTime":2659.069,"body":"think you're a high risk"},{"speaker":"Deirdre","startTime":2656.36,"endTime":2659.069,"body":"target, turn on all of these"},{"speaker":"Deirdre","startTime":2659.07,"endTime":2662.949,"body":"features, including contact"},{"speaker":"Deirdre","startTime":2659.07,"endTime":2662.949,"body":"key verification or whatever."},{"speaker":"Deirdre","startTime":2663.6,"endTime":2666.17,"body":"And now they're rolling out"},{"speaker":"Deirdre","startTime":2663.6,"endTime":2666.17,"body":"contact key verification"},{"speaker":"Deirdre","startTime":2666.18,"endTime":2667.5,"body":"for basically everybody."},{"speaker":"Deirdre","startTime":2667.59,"endTime":2669.71,"body":"But I do think you"},{"speaker":"Deirdre","startTime":2667.59,"endTime":2669.71,"body":"have to turn it on."},{"speaker":"Deirdre","startTime":2670.3,"endTime":2674.229,"body":"And I think in WhatsApp they"},{"speaker":"Deirdre","startTime":2670.3,"endTime":2674.229,"body":"have set it up so that it is"},{"speaker":"Deirdre","startTime":2674.25,"endTime":2677.259,"body":"on by default because they're"},{"speaker":"Deirdre","startTime":2674.25,"endTime":2677.259,"body":"literally doing the, like,"},{"speaker":"Deirdre","startTime":2677.259,"endTime":2680.34,"body":"we're doing all this work"},{"speaker":"Deirdre","startTime":2677.259,"endTime":2680.34,"body":"on the back end so that only"},{"speaker":"Deirdre","startTime":2680.34,"endTime":2685.04,"body":"when we give you a prompt or"},{"speaker":"Deirdre","startTime":2680.34,"endTime":2685.04,"body":"a flag or whatever, you have"},{"speaker":"Deirdre","startTime":2685.04,"endTime":2687.19,"body":"to do anything or whatever."},{"speaker":"Deirdre","startTime":2687.19,"endTime":2689.82,"body":"Just not even do anything,"},{"speaker":"Deirdre","startTime":2687.19,"endTime":2689.82,"body":"just not message somebody"},{"speaker":"Deirdre","startTime":2689.82,"endTime":2690.589,"body":"or something like that."},{"speaker":"Deirdre","startTime":2691.139,"endTime":2692.5,"body":"I think that's what it is."},{"speaker":"Deirdre","startTime":2692.94,"endTime":2694.74,"body":"And it may literally just be."},{"speaker":"Deirdre","startTime":2694.75,"endTime":2698.009,"body":"It's harder for Apple to"},{"speaker":"Deirdre","startTime":2694.75,"endTime":2698.009,"body":"turn this on by default"},{"speaker":"Deirdre","startTime":2698.41,"endTime":2702.07,"body":"for so many heterogeneous"},{"speaker":"Deirdre","startTime":2698.41,"endTime":2702.07,"body":"devices and operating systems"},{"speaker":"Deirdre","startTime":2702.07,"endTime":2706.16,"body":"because they're doing this"},{"speaker":"Deirdre","startTime":2702.07,"endTime":2706.16,"body":"stuff for iOS, iPadOS, macOS,"},{"speaker":"Deirdre","startTime":2706.2,"endTime":2708.176,"body":"watchOS, blah, blah blah."},{"speaker":"Deirdre","startTime":2708.22,"endTime":2710.33,"body":"They have a heterogeneous"},{"speaker":"Deirdre","startTime":2708.22,"endTime":2710.33,"body":"environment."},{"speaker":"Deirdre","startTime":2710.33,"endTime":2712.1,"body":"And WhatsApp is just like,"},{"speaker":"Deirdre","startTime":2710.33,"endTime":2712.1,"body":"we have an app, well,"},{"speaker":"Deirdre","startTime":2712.12,"endTime":2716.01,"body":"they have iOS, they have"},{"speaker":"Deirdre","startTime":2712.12,"endTime":2716.01,"body":"an Android app, they have"},{"speaker":"Deirdre","startTime":2716.369,"endTime":2720.47,"body":"WhatsApp web, which is tightly"},{"speaker":"Deirdre","startTime":2716.369,"endTime":2720.47,"body":"bound to those other apps."},{"speaker":"Deirdre","startTime":2720.48,"endTime":2723.66,"body":"So I think they have an"},{"speaker":"Deirdre","startTime":2720.48,"endTime":2723.66,"body":"easier time turning it on"},{"speaker":"Deirdre","startTime":2723.66,"endTime":2725.24,"body":"by default than Apple does."},{"speaker":"Deirdre","startTime":2725.77,"endTime":2727.86,"body":"But I wouldn't be surprised"},{"speaker":"Deirdre","startTime":2725.77,"endTime":2727.86,"body":"if they did eventually."},{"speaker":"David","startTime":2727.87,"endTime":2730.103,"body":"All of those are bound to"},{"speaker":"David","startTime":2727.87,"endTime":2730.103,"body":"a single phone number, though."},{"speaker":"David","startTime":2730.103,"endTime":2732.49,"body":"Like, you don't have"},{"speaker":"David","startTime":2730.103,"endTime":2732.49,"body":"two instances of your"},{"speaker":"David","startTime":2732.49,"endTime":2733.24,"body":"WhatsApp at the same time."},{"speaker":"Deirdre","startTime":2733.24,"endTime":2736.609,"body":"I have to remember how"},{"speaker":"Deirdre","startTime":2733.24,"endTime":2736.609,"body":"they handled this, actually,"},{"speaker":"Deirdre","startTime":2736.62,"endTime":2738.95,"body":"because I think they evolved it."},{"speaker":"David","startTime":2739.18,"endTime":2741.32,"body":"You can do web and"},{"speaker":"David","startTime":2739.18,"endTime":2741.32,"body":"a phone at the same time,"},{"speaker":"David","startTime":2741.33,"endTime":2743.19,"body":"but I don't think you can"},{"speaker":"David","startTime":2741.33,"endTime":2743.19,"body":"have two separate phones."},{"speaker":"Deirdre","startTime":2743.8,"endTime":2744.42,"body":"I think you"},{"speaker":"Deirdre","startTime":2743.8,"endTime":2744.42,"body":"might be changing it,"},{"speaker":"Deirdre","startTime":2744.42,"endTime":2745.31,"body":"but you might be right."},{"speaker":"Deirdre","startTime":2745.76,"endTime":2746.26,"body":"But yeah."},{"speaker":"Deirdre","startTime":2746.71,"endTime":2748.71,"body":"Tldr yeah."},{"speaker":"David","startTime":2748.95,"endTime":2750.99,"body":"If anyone with inside"},{"speaker":"David","startTime":2748.95,"endTime":2750.99,"body":"knowledge of Apple wants"},{"speaker":"David","startTime":2750.99,"endTime":2754.279,"body":"to come on and wear a max"},{"speaker":"David","startTime":2750.99,"endTime":2754.279,"body":"headroom mask and use a voice."},{"speaker":"Deirdre","startTime":2754.28,"endTime":2755.399,"body":"Changer,"},{"speaker":"Deirdre","startTime":2754.28,"endTime":2755.399,"body":"we'd be happy to talk."},{"speaker":"Deirdre","startTime":2756.17,"endTime":2759.77,"body":"We would love if you just"},{"speaker":"Deirdre","startTime":2756.17,"endTime":2759.77,"body":"quietly gave us the inside"},{"speaker":"Deirdre","startTime":2759.77,"endTime":2763.439,"body":"scoop, but I think everyone"},{"speaker":"Deirdre","startTime":2759.77,"endTime":2763.439,"body":"is sworn to secrecy by Apple."},{"speaker":"Deirdre","startTime":2763.599,"endTime":2763.919,"body":"Incorp."},{"speaker":"Deirdre","startTime":2763.919,"endTime":2771.429,"body":"But yeah, Tl the or iMessage"},{"speaker":"Deirdre","startTime":2763.919,"endTime":2771.429,"body":"on a wide scale has gone from"},{"speaker":"Deirdre","startTime":2771.799,"endTime":2776.22,"body":"pretty stagnant, like okay, but"},{"speaker":"Deirdre","startTime":2771.799,"endTime":2776.22,"body":"hasn't really changed much in a"},{"speaker":"Deirdre","startTime":2776.22,"endTime":2779.93,"body":"long time to changing a lot in"},{"speaker":"Deirdre","startTime":2776.22,"endTime":2779.93,"body":"about six months, or at least"},{"speaker":"Deirdre","startTime":2779.95,"endTime":2782.23,"body":"from our public vantage point."},{"speaker":"Deirdre","startTime":2782.66,"endTime":2784.7,"body":"The contact key"},{"speaker":"Deirdre","startTime":2782.66,"endTime":2784.7,"body":"verification was October."},{"speaker":"Deirdre","startTime":2785.0,"endTime":2786.25,"body":"This is February."},{"speaker":"Deirdre","startTime":2786.49,"endTime":2790.93,"body":"It's been a lot of awesome stuff"},{"speaker":"Deirdre","startTime":2786.49,"endTime":2790.93,"body":"being rolled out all in one go."},{"speaker":"Deirdre","startTime":2791.12,"endTime":2792.06,"body":"Very cool to see."},{"speaker":"Deirdre","startTime":2792.06,"endTime":2796.27,"body":"And they're now at the front"},{"speaker":"Deirdre","startTime":2792.06,"endTime":2796.27,"body":"of the game in terms of the"},{"speaker":"Deirdre","startTime":2796.27,"endTime":2801.23,"body":"most post-quantum resistant"},{"speaker":"Deirdre","startTime":2796.27,"endTime":2801.23,"body":"end-to-end messaging protocol"},{"speaker":"Deirdre","startTime":2801.32,"endTime":2804.09,"body":"because they are including"},{"speaker":"Deirdre","startTime":2801.32,"endTime":2804.09,"body":"these post-quantum ratchets."},{"speaker":"Deirdre","startTime":2805.139,"endTime":2807.91,"body":"Not every asymmetric"},{"speaker":"Deirdre","startTime":2805.139,"endTime":2807.91,"body":"ratchet, but at all."},{"speaker":"Deirdre","startTime":2807.949,"endTime":2809.529,"body":"No one else is doing"},{"speaker":"Deirdre","startTime":2807.949,"endTime":2809.529,"body":"that right now."},{"speaker":"Deirdre","startTime":2809.53,"endTime":2811.6,"body":"No one else has deployed that"},{"speaker":"Deirdre","startTime":2809.53,"endTime":2811.6,"body":"to their users right now."},{"speaker":"Deirdre","startTime":2811.6,"endTime":2812.299,"body":"So that's awesome."},{"speaker":"Deirdre","startTime":2812.73,"endTime":2814.62,"body":"I'm trying to think if there's"},{"speaker":"Deirdre","startTime":2812.73,"endTime":2814.62,"body":"anything else you want to cover."},{"speaker":"Deirdre","startTime":2815.5,"endTime":2823.18,"body":"Douglas, I looked at Signal's"},{"speaker":"Deirdre","startTime":2815.5,"endTime":2823.18,"body":"post-quantum extended"},{"speaker":"Deirdre","startTime":2823.18,"endTime":2824.89,"body":"Diffie-Hellman pretty closely."},{"speaker":"Deirdre","startTime":2825.49,"endTime":2828.23,"body":"Have you looked at that"},{"speaker":"Deirdre","startTime":2825.49,"endTime":2828.23,"body":"significantly to be able"},{"speaker":"Deirdre","startTime":2828.23,"endTime":2832.799,"body":"to compare and contrast how"},{"speaker":"Deirdre","startTime":2828.23,"endTime":2832.799,"body":"iMessage does its post-quantum"},{"speaker":"Deirdre","startTime":2833.28,"endTime":2838.71,"body":"hybrid session setup versus"},{"speaker":"Deirdre","startTime":2833.28,"endTime":2838.71,"body":"the Signal version, not the"},{"speaker":"Deirdre","startTime":2838.71,"endTime":2841.39,"body":"extra ratcheting stuff, just"},{"speaker":"Deirdre","startTime":2838.71,"endTime":2841.39,"body":"the setup of the session."},{"speaker":"Douglas","startTime":2841.8,"endTime":2842.06,"body":"Right."},{"speaker":"Douglas","startTime":2842.06,"endTime":2845.45,"body":"It's been a while since I looked"},{"speaker":"Douglas","startTime":2842.06,"endTime":2845.45,"body":"at it, so I don't remember the"},{"speaker":"Douglas","startTime":2845.45,"endTime":2847.879,"body":"full details of how it went."},{"speaker":"Douglas","startTime":2848.38,"endTime":2848.62,"body":"Right."},{"speaker":"Douglas","startTime":2848.63,"endTime":2851.39,"body":"So they have, in the"},{"speaker":"Douglas","startTime":2848.63,"endTime":2851.39,"body":"handshake they're doing"},{"speaker":"Douglas","startTime":2851.39,"endTime":2852.27,"body":"a post-quantum KEM."},{"speaker":"Douglas","startTime":2853.04,"endTime":2856.36,"body":"I think they're just"},{"speaker":"Douglas","startTime":2853.04,"endTime":2856.36,"body":"doing with ephemeral keys."},{"speaker":"Douglas","startTime":2856.889,"endTime":2858.87,"body":"They don't have long"},{"speaker":"Douglas","startTime":2856.889,"endTime":2858.87,"body":"term identity keys."},{"speaker":"Deirdre","startTime":2858.87,"endTime":2861.0,"body":"I think they do, yes."},{"speaker":"Deirdre","startTime":2861.02,"endTime":2865.819,"body":"So now it's the post-quantum"},{"speaker":"Deirdre","startTime":2861.02,"endTime":2865.819,"body":"variant long term key, the"},{"speaker":"Deirdre","startTime":2865.82,"endTime":2871.2,"body":"post-quantum pre keys or"},{"speaker":"Deirdre","startTime":2865.82,"endTime":2871.2,"body":"whatever, and the classical long"},{"speaker":"Deirdre","startTime":2871.22,"endTime":2875.529,"body":"term keys and the classical pre"},{"speaker":"Deirdre","startTime":2871.22,"endTime":2875.529,"body":"keys, and they're all smushed"},{"speaker":"Deirdre","startTime":2875.54,"endTime":2876.699,"body":"up there together, I think."},{"speaker":"Deirdre","startTime":2877.2,"endTime":2881.84,"body":"And yeah, all the pre keys"},{"speaker":"Deirdre","startTime":2877.2,"endTime":2881.84,"body":"and all that stuff are signed"},{"speaker":"Deirdre","startTime":2881.87,"endTime":2887.41,"body":"classically with the long"},{"speaker":"Deirdre","startTime":2881.87,"endTime":2887.41,"body":"term classical id keys."},{"speaker":"Douglas","startTime":2887.87,"endTime":2888.109,"body":"Right."},{"speaker":"Douglas","startTime":2888.11,"endTime":2893.459,"body":"So it looks like the PQXDH has"},{"speaker":"Douglas","startTime":2888.11,"endTime":2893.459,"body":"a bunch of one time post-quantum"},{"speaker":"Douglas","startTime":2893.86,"endTime":2898.12,"body":"KEM pre keys, and then also"},{"speaker":"Douglas","startTime":2893.86,"endTime":2898.12,"body":"a last resort one that they"},{"speaker":"Douglas","startTime":2898.12,"endTime":2901.77,"body":"call it if there are no more"},{"speaker":"Douglas","startTime":2898.12,"endTime":2901.77,"body":"one time ones available."},{"speaker":"Deirdre","startTime":2901.78,"endTime":2905.759,"body":"Yes, and that"},{"speaker":"Deirdre","startTime":2901.78,"endTime":2905.759,"body":"last resort may be used"},{"speaker":"Deirdre","startTime":2905.76,"endTime":2908.93,"body":"repeatedly if they haven't"},{"speaker":"Deirdre","startTime":2905.76,"endTime":2908.93,"body":"refreshed the other pre keys,"},{"speaker":"Douglas","startTime":2909.52,"endTime":2913.199,"body":"but no identity keys"},{"speaker":"Douglas","startTime":2909.52,"endTime":2913.199,"body":"in the post-quantum chem."},{"speaker":"Deirdre","startTime":2915.15,"endTime":2919.78,"body":"So in iMessage PQ3,"},{"speaker":"Deirdre","startTime":2915.15,"endTime":2919.78,"body":"they don't have a long term"},{"speaker":"Deirdre","startTime":2920.85,"endTime":2927.239,"body":"ML-KEM, they just have a strong"},{"speaker":"Deirdre","startTime":2920.85,"endTime":2927.239,"body":"session set up ML-KEM, but their"},{"speaker":"Deirdre","startTime":2927.24,"endTime":2932.139,"body":"id key is still their, I guess"},{"speaker":"Deirdre","startTime":2927.24,"endTime":2932.139,"body":"their hardware rooted elliptic"},{"speaker":"Deirdre","startTime":2932.32,"endTime":2933.689,"body":"key pair or something like that."},{"speaker":"Deirdre","startTime":2934.76,"endTime":2937.009,"body":"Okay, I didn't pick up on that."},{"speaker":"Deirdre","startTime":2937.05,"endTime":2937.48,"body":"That's cool."},{"speaker":"Deirdre","startTime":2937.97,"endTime":2945.28,"body":"And actually they seem very"},{"speaker":"Deirdre","startTime":2937.97,"endTime":2945.28,"body":"similar except for the KDF."},{"speaker":"Douglas","startTime":2946.309,"endTime":2950.51,"body":"Yes, it looks like"},{"speaker":"Douglas","startTime":2946.309,"endTime":2950.51,"body":"the Signal PQXDH key derivation"},{"speaker":"Douglas","startTime":2950.52,"endTime":2955.63,"body":"function concatenates the three"},{"speaker":"Douglas","startTime":2950.52,"endTime":2955.63,"body":"or four Diffie-Hellman shared"},{"speaker":"Douglas","startTime":2955.63,"endTime":2958.78,"body":"secrets and then also the"},{"speaker":"Douglas","startTime":2955.63,"endTime":2958.78,"body":"post-quantum shared secret after"},{"speaker":"Douglas","startTime":2958.78,"endTime":2962.65,"body":"that, and then runs that through"},{"speaker":"Douglas","startTime":2958.78,"endTime":2962.65,"body":"the key derivation function"},{"speaker":"Douglas","startTime":2962.65,"endTime":2965.459,"body":"itself, which it says HKDF."},{"speaker":"Douglas","startTime":2965.459,"endTime":2972.4,"body":"And I guess that would"},{"speaker":"Douglas","startTime":2965.459,"endTime":2972.4,"body":"mean HKDF-Extract."},{"speaker":"Douglas","startTime":2972.6,"endTime":2975.279,"body":"And then there's an"},{"speaker":"Douglas","startTime":2972.6,"endTime":2975.279,"body":"-Expand after that."},{"speaker":"Deirdre","startTime":2975.44,"endTime":2979.37,"body":"Yeah, the standard,"},{"speaker":"Deirdre","startTime":2975.44,"endTime":2979.37,"body":"just one after the other."},{"speaker":"Deirdre","startTime":2979.73,"endTime":2986.56,"body":"And I think the only other"},{"speaker":"Deirdre","startTime":2979.73,"endTime":2986.56,"body":"kind of note is that Signal's"},{"speaker":"Deirdre","startTime":2986.969,"endTime":2989.899,"body":"extended Diffie-Hellman"},{"speaker":"Deirdre","startTime":2986.969,"endTime":2989.899,"body":"gives these sort of implicit"},{"speaker":"Deirdre","startTime":2989.93,"endTime":2995.19,"body":"authentication things to this"},{"speaker":"Deirdre","startTime":2989.93,"endTime":2995.19,"body":"that I think the iMessage"},{"speaker":"Deirdre","startTime":2995.2,"endTime":2996.55,"body":"session setup doesn't have."},{"speaker":"Deirdre","startTime":2996.55,"endTime":3000.18,"body":"So the iMessage session setup"},{"speaker":"Deirdre","startTime":2996.55,"endTime":3000.18,"body":"is signing a bunch of stuff"},{"speaker":"Deirdre","startTime":3000.57,"endTime":3003.48,"body":"with their ID key or whatever."},{"speaker":"Deirdre","startTime":3003.78,"endTime":3006.49,"body":"The transformed equivalent"},{"speaker":"Deirdre","startTime":3003.78,"endTime":3006.49,"body":"of their P-256 id key;"},{"speaker":"Deirdre","startTime":3007.38,"endTime":3008.859,"body":"Signal does that too."},{"speaker":"Deirdre","startTime":3009.06,"endTime":3011.71,"body":"But they're also doing"},{"speaker":"Deirdre","startTime":3009.06,"endTime":3011.71,"body":"this triple Diffie-Hellman"},{"speaker":"Deirdre","startTime":3011.71,"endTime":3013.33,"body":"that they've been"},{"speaker":"Deirdre","startTime":3011.71,"endTime":3013.33,"body":"doing for a long time."},{"speaker":"Deirdre","startTime":3013.33,"endTime":3017.504,"body":"So they have a diffie helmet"},{"speaker":"Deirdre","startTime":3013.33,"endTime":3017.504,"body":"between their id key and"},{"speaker":"Deirdre","startTime":3017.599,"endTime":3020.3,"body":"a pre key and vice versa."},{"speaker":"Deirdre","startTime":3020.34,"endTime":3022.999,"body":"So the other party between"},{"speaker":"Deirdre","startTime":3020.34,"endTime":3022.999,"body":"their it and the other person's"},{"speaker":"Deirdre","startTime":3023.0,"endTime":3026.63,"body":"pre key, and then between"},{"speaker":"Deirdre","startTime":3023.0,"endTime":3026.63,"body":"these two pre keys as well,"},{"speaker":"Deirdre","startTime":3026.68,"endTime":3029.91,"body":"and they're doing those are"},{"speaker":"Deirdre","startTime":3026.68,"endTime":3029.91,"body":"the triple Diffie-Hellman,"},{"speaker":"Deirdre","startTime":3029.92,"endTime":3031.88,"body":"which have been a part of"},{"speaker":"Deirdre","startTime":3029.92,"endTime":3031.88,"body":"Signal for a long time."},{"speaker":"Deirdre","startTime":3032.309,"endTime":3035.77,"body":"And then they add in this"},{"speaker":"Deirdre","startTime":3032.309,"endTime":3035.77,"body":"ML-KEM between these pre keys"},{"speaker":"Deirdre","startTime":3036.02,"endTime":3039.59,"body":"for the post-quantum variant,"},{"speaker":"Deirdre","startTime":3036.02,"endTime":3039.59,"body":"and then they concate those"},{"speaker":"Deirdre","startTime":3039.59,"endTime":3041.63,"body":"all together and smoosh"},{"speaker":"Deirdre","startTime":3039.59,"endTime":3041.63,"body":"them through their KDF."},{"speaker":"Deirdre","startTime":3042.41,"endTime":3045.85,"body":"So can you tell us a little"},{"speaker":"Deirdre","startTime":3042.41,"endTime":3045.85,"body":"bit about the authentication"},{"speaker":"Deirdre","startTime":3045.85,"endTime":3050.76,"body":"properties that these extra"},{"speaker":"Deirdre","startTime":3045.85,"endTime":3050.76,"body":"Diffie-Hellmans give us, that"},{"speaker":"Deirdre","startTime":3050.76,"endTime":3052.6,"body":"they just don't happen to be"},{"speaker":"Deirdre","startTime":3050.76,"endTime":3052.6,"body":"present in iMessage, and I"},{"speaker":"Deirdre","startTime":3052.61,"endTime":3053.689,"body":"don't think they ever have been."},{"speaker":"Douglas","startTime":3054.059,"endTime":3054.299,"body":"Right."},{"speaker":"Douglas","startTime":3054.3,"endTime":3059.609,"body":"So in Signal, the authentication"},{"speaker":"Douglas","startTime":3054.3,"endTime":3059.609,"body":"of a session or messages in"},{"speaker":"Douglas","startTime":3059.609,"endTime":3062.93,"body":"that session of the session"},{"speaker":"Douglas","startTime":3059.609,"endTime":3062.93,"body":"is done using implicitly"},{"speaker":"Douglas","startTime":3062.93,"endTime":3064.27,"body":"authenticated key exchange."},{"speaker":"Douglas","startTime":3064.27,"endTime":3068.18,"body":"So there are these long term"},{"speaker":"Douglas","startTime":3064.27,"endTime":3068.18,"body":"Diffie-Hellman keys, and we"},{"speaker":"Douglas","startTime":3068.18,"endTime":3071.45,"body":"compute a shared secret, and"},{"speaker":"Douglas","startTime":3068.18,"endTime":3071.45,"body":"only you and I should be able"},{"speaker":"Douglas","startTime":3071.45,"endTime":3072.77,"body":"to compute that shared secret."},{"speaker":"Douglas","startTime":3073.429,"endTime":3075.66,"body":"So no one else has that,"},{"speaker":"Douglas","startTime":3073.429,"endTime":3075.66,"body":"that's implicit authentication."},{"speaker":"Douglas","startTime":3076.9,"endTime":3079.734,"body":"Then from that, if we derive"},{"speaker":"Douglas","startTime":3076.9,"endTime":3079.734,"body":"a MAC key or something and we"},{"speaker":"Douglas","startTime":3079.734,"endTime":3084.69,"body":"use that, then you subsequently"},{"speaker":"Douglas","startTime":3079.734,"endTime":3084.69,"body":"explicitly authenticate a"},{"speaker":"Douglas","startTime":3084.69,"endTime":3086.79,"body":"message tagged under that MAC."},{"speaker":"Douglas","startTime":3086.92,"endTime":3090.599,"body":"That's kind of the main idea"},{"speaker":"Douglas","startTime":3086.92,"endTime":3090.599,"body":"from which cryptographic"},{"speaker":"Douglas","startTime":3090.599,"endTime":3091.57,"body":"deniability comes from as well."},{"speaker":"Douglas","startTime":3092.889,"endTime":3096.839,"body":"Whereas in the iMessage"},{"speaker":"Douglas","startTime":3092.889,"endTime":3096.839,"body":"protocol, the long term"},{"speaker":"Douglas","startTime":3096.84,"endTime":3101.27,"body":"keys are signing keys, not"},{"speaker":"Douglas","startTime":3096.84,"endTime":3101.27,"body":"Diffie-Hellman keys, and"},{"speaker":"Douglas","startTime":3101.27,"endTime":3105.44,"body":"they use them in a signature"},{"speaker":"Douglas","startTime":3101.27,"endTime":3105.44,"body":"scheme, not in a key exchange."},{"speaker":"Deirdre","startTime":3105.929,"endTime":3110.1,"body":"So besides the"},{"speaker":"Deirdre","startTime":3105.929,"endTime":3110.1,"body":"deniability part, why is this"},{"speaker":"Deirdre","startTime":3110.1,"endTime":3114.559,"body":"attractive beyond signing things"},{"speaker":"Deirdre","startTime":3110.1,"endTime":3114.559,"body":"with your long term id key?"},{"speaker":"Deirdre","startTime":3114.75,"endTime":3117.64,"body":"Because that's what iMessage"},{"speaker":"Deirdre","startTime":3114.75,"endTime":3117.64,"body":"has, and that gives us some"},{"speaker":"Deirdre","startTime":3117.87,"endTime":3121.33,"body":"amount of authentication that"},{"speaker":"Deirdre","startTime":3117.87,"endTime":3121.33,"body":"we are talking with someone"},{"speaker":"Deirdre","startTime":3121.33,"endTime":3125.219,"body":"who controls this long term"},{"speaker":"Deirdre","startTime":3121.33,"endTime":3125.219,"body":"ID key to start the session."},{"speaker":"Deirdre","startTime":3125.67,"endTime":3129.85,"body":"Why is this extra implicit"},{"speaker":"Deirdre","startTime":3125.67,"endTime":3129.85,"body":"authentication attractive"},{"speaker":"Deirdre","startTime":3130.44,"endTime":3133.23,"body":"when we already have these"},{"speaker":"Deirdre","startTime":3130.44,"endTime":3133.23,"body":"signatures over a lot of this"},{"speaker":"Deirdre","startTime":3133.23,"endTime":3137.56,"body":"stuff that is bound to our"},{"speaker":"Deirdre","startTime":3133.23,"endTime":3137.56,"body":"long term id key, for example."},{"speaker":"Douglas","startTime":3138.45,"endTime":3141.05,"body":"So if you're doing"},{"speaker":"Douglas","startTime":3138.45,"endTime":3141.05,"body":"implicitly authenticated"},{"speaker":"Douglas","startTime":3141.05,"endTime":3144.549,"body":"key exchange with long term"},{"speaker":"Douglas","startTime":3141.05,"endTime":3144.549,"body":"Diffie-Hellman keys, you can"},{"speaker":"Douglas","startTime":3144.559,"endTime":3150.149,"body":"do extra combinations ephemeral"},{"speaker":"Douglas","startTime":3144.559,"endTime":3150.149,"body":"with long term or vice versa."},{"speaker":"Douglas","startTime":3150.58,"endTime":3155.029,"body":"And this can increase the"},{"speaker":"Douglas","startTime":3150.58,"endTime":3155.029,"body":"resistance to certain type"},{"speaker":"Douglas","startTime":3155.03,"endTime":3156.3,"body":"of compromise attacks."},{"speaker":"Douglas","startTime":3156.65,"endTime":3160.479,"body":"So there's this security"},{"speaker":"Douglas","startTime":3156.65,"endTime":3160.479,"body":"model paper for key"},{"speaker":"Douglas","startTime":3160.48,"endTime":3163.92,"body":"exchange called the extended"},{"speaker":"Douglas","startTime":3160.48,"endTime":3163.92,"body":"Canetti-Krawczyk paper [eCK]."},{"speaker":"Douglas","startTime":3164.48,"endTime":3167.989,"body":"And what this model says"},{"speaker":"Douglas","startTime":3164.48,"endTime":3167.989,"body":"is that, so we know forward"},{"speaker":"Douglas","startTime":3167.99,"endTime":3171.79,"body":"secrecy, that's like it should"},{"speaker":"Douglas","startTime":3167.99,"endTime":3171.79,"body":"be secure if your long term"},{"speaker":"Douglas","startTime":3171.79,"endTime":3173.21,"body":"key is revealed afterwards."},{"speaker":"Douglas","startTime":3173.46,"endTime":3178.06,"body":"But an eCK model, and with"},{"speaker":"Douglas","startTime":3173.46,"endTime":3178.06,"body":"these many combinations,"},{"speaker":"Douglas","startTime":3178.24,"endTime":3181.299,"body":"you can also have security"},{"speaker":"Douglas","startTime":3178.24,"endTime":3181.299,"body":"against randomness reveal."},{"speaker":"Douglas","startTime":3182.67,"endTime":3185.91,"body":"So if your random number"},{"speaker":"Douglas","startTime":3182.67,"endTime":3185.91,"body":"generator is bad or somehow"},{"speaker":"Douglas","startTime":3185.93,"endTime":3190.19,"body":"revealed, then if you also did"},{"speaker":"Douglas","startTime":3185.93,"endTime":3190.19,"body":"a static Diffie-Hellman, and you"},{"speaker":"Douglas","startTime":3190.19,"endTime":3195.19,"body":"did that static Diffie-Hellman"},{"speaker":"Douglas","startTime":3190.19,"endTime":3195.19,"body":"using well generated safe"},{"speaker":"Douglas","startTime":3195.57,"endTime":3197.629,"body":"static Diffie-Hellman keys,"},{"speaker":"Douglas","startTime":3195.57,"endTime":3197.629,"body":"because maybe they're in a"},{"speaker":"Douglas","startTime":3197.849,"endTime":3200.64,"body":"hardware route of trust or"},{"speaker":"Douglas","startTime":3197.849,"endTime":3200.64,"body":"something, then you at least"},{"speaker":"Douglas","startTime":3200.64,"endTime":3204.55,"body":"still have that basis of"},{"speaker":"Douglas","startTime":3200.64,"endTime":3204.55,"body":"confidentiality, even if all"},{"speaker":"Douglas","startTime":3204.55,"endTime":3205.74,"body":"your ephemeral keys were bad."},{"speaker":"Deirdre","startTime":3205.93,"endTime":3206.49,"body":"Awesome."},{"speaker":"Deirdre","startTime":3206.56,"endTime":3207.85,"body":"Okay, thank you."},{"speaker":"Deirdre","startTime":3207.88,"endTime":3211.65,"body":"Because I think I knew something"},{"speaker":"Deirdre","startTime":3207.88,"endTime":3211.65,"body":"about that once upon a time"},{"speaker":"Deirdre","startTime":3211.65,"endTime":3213.79,"body":"when I first learned about"},{"speaker":"Deirdre","startTime":3211.65,"endTime":3213.79,"body":"triple Diffie-Hellman or"},{"speaker":"Deirdre","startTime":3213.79,"endTime":3218.409,"body":"whatever, and I literally was"},{"speaker":"Deirdre","startTime":3213.79,"endTime":3218.409,"body":"like, why do we do this again?"},{"speaker":"Deirdre","startTime":3218.509,"endTime":3223.43,"body":"I was like, okay, it's not just"},{"speaker":"Deirdre","startTime":3218.509,"endTime":3223.43,"body":"quote robustness, but it's like"},{"speaker":"Deirdre","startTime":3223.53,"endTime":3226.85,"body":"different kinds of robustness"},{"speaker":"Deirdre","startTime":3223.53,"endTime":3226.85,"body":"all throughout the protocol."},{"speaker":"Deirdre","startTime":3227.01,"endTime":3229.99,"body":"And it's efficient enough,"},{"speaker":"Deirdre","startTime":3227.01,"endTime":3229.99,"body":"whether it's efficient enough"},{"speaker":"Deirdre","startTime":3230.05,"endTime":3233.22,"body":"to throw these big KEMs on"},{"speaker":"Deirdre","startTime":3230.05,"endTime":3233.22,"body":"the wire, to do the same"},{"speaker":"Deirdre","startTime":3233.24,"endTime":3236.7,"body":"thing, to do like I've got"},{"speaker":"Deirdre","startTime":3233.24,"endTime":3236.7,"body":"my long term KEM keepers and"},{"speaker":"Deirdre","startTime":3236.7,"endTime":3238.009,"body":"I've got my ephemeral KEMs."},{"speaker":"Deirdre","startTime":3238.009,"endTime":3242.11,"body":"I'm just shoving"},{"speaker":"Deirdre","startTime":3238.009,"endTime":3242.11,"body":"like 6 wire to do it."},{"speaker":"Deirdre","startTime":3242.47,"endTime":3243.069,"body":"We'll see."},{"speaker":"Deirdre","startTime":3243.73,"endTime":3244.62,"body":"But thank you."},{"speaker":"Douglas","startTime":3245.0,"endTime":3249.349,"body":"And if you're really"},{"speaker":"Douglas","startTime":3245.0,"endTime":3249.349,"body":"sensitive with bandwidth, there"},{"speaker":"Douglas","startTime":3249.349,"endTime":3252.6,"body":"is one more benefit to doing KEM"},{"speaker":"Douglas","startTime":3249.349,"endTime":3252.6,"body":"based authentication rather than"},{"speaker":"Douglas","startTime":3252.6,"endTime":3256.2,"body":"signatures, is that post-quantum"},{"speaker":"Douglas","startTime":3252.6,"endTime":3256.2,"body":"KEMs are a little bit smaller"},{"speaker":"Douglas","startTime":3256.2,"endTime":3257.7,"body":"than post-quantum signatures."},{"speaker":"Douglas","startTime":3258.14,"endTime":3260.6,"body":"You can save a little bit"},{"speaker":"Douglas","startTime":3258.14,"endTime":3260.6,"body":"bandwidth, at least with"},{"speaker":"Douglas","startTime":3260.6,"endTime":3262.56,"body":"our current post-quantum"},{"speaker":"Douglas","startTime":3260.6,"endTime":3262.56,"body":"KEMs and our current"},{"speaker":"Douglas","startTime":3262.56,"endTime":3263.52,"body":"post-quantum signatures."},{"speaker":"Douglas","startTime":3263.8,"endTime":3266.45,"body":"You could save a little bit"},{"speaker":"Douglas","startTime":3263.8,"endTime":3266.45,"body":"of bandwidth with implicitly"},{"speaker":"Douglas","startTime":3266.45,"endTime":3269.47,"body":"authenticated post-quantum key"},{"speaker":"Douglas","startTime":3266.45,"endTime":3269.47,"body":"exchange rather than explicitly."},{"speaker":"Deirdre","startTime":3269.63,"endTime":3271.91,"body":"Yeah, there's"},{"speaker":"Deirdre","startTime":3269.63,"endTime":3271.91,"body":"definitely some protocols"},{"speaker":"Deirdre","startTime":3271.91,"endTime":3276.89,"body":"that currently really rely"},{"speaker":"Deirdre","startTime":3271.91,"endTime":3276.89,"body":"on signatures, and I'm"},{"speaker":"Deirdre","startTime":3277.38,"endTime":3278.569,"body":"taking another look at them."},{"speaker":"Deirdre","startTime":3278.63,"endTime":3280.72,"body":"Like, what if, all KEMs?"},{"speaker":"Deirdre","startTime":3281.57,"endTime":3282.24,"body":"Oops, all KEMs?"},{"speaker":"Deirdre","startTime":3283.02,"endTime":3284.83,"body":"And I might talk to you"},{"speaker":"Deirdre","startTime":3283.02,"endTime":3284.83,"body":"more about that later."},{"speaker":"Deirdre","startTime":3285.28,"endTime":3288.3,"body":"Douglas Stebila, thank you"},{"speaker":"Deirdre","startTime":3285.28,"endTime":3288.3,"body":"so much for joining us."},{"speaker":"Deirdre","startTime":3288.32,"endTime":3291.56,"body":"And thank you for letting us"},{"speaker":"Deirdre","startTime":3288.32,"endTime":3291.56,"body":"ramble about things that you"},{"speaker":"Deirdre","startTime":3291.56,"endTime":3295.19,"body":"did not look at at all, but"},{"speaker":"Deirdre","startTime":3291.56,"endTime":3295.19,"body":"try to answer our questions."},{"speaker":"Deirdre","startTime":3295.2,"endTime":3295.75,"body":"Anyway."},{"speaker":"Deirdre","startTime":3296.62,"endTime":3297.51,"body":"Thank you very much."},{"speaker":"Douglas","startTime":3297.51,"endTime":3298.4,"body":"Thank you."},{"speaker":"Deirdre","startTime":3298.57,"endTime":3300.52,"body":"Security Cryptography"},{"speaker":"Deirdre","startTime":3298.57,"endTime":3300.52,"body":"Whatever is a side project"},{"speaker":"Deirdre","startTime":3300.52,"endTime":3302.84,"body":"from Deirdre Connolly, Thomas"},{"speaker":"Deirdre","startTime":3300.52,"endTime":3302.84,"body":"Ptacek, and David Adrian."},{"speaker":"Deirdre","startTime":3303.05,"endTime":3304.41,"body":"Our editor is Nettie Smith."},{"speaker":"Deirdre","startTime":3304.44,"endTime":3307.689,"body":"You can find the podcast"},{"speaker":"Deirdre","startTime":3304.44,"endTime":3307.689,"body":"online at scwpod and"},{"speaker":"Deirdre","startTime":3308.839,"endTime":3310.11,"body":"securitycryptographywhatever"},{"speaker":"Deirdre","startTime":3308.839,"endTime":3310.11,"body":"dot com, and the hosts"},{"speaker":"Deirdre","startTime":3310.139,"endTime":3314.059,"body":"online @durumcrustulum,"},{"speaker":"Deirdre","startTime":3310.139,"endTime":3314.059,"body":"@tqbf, and @davidadrian."},{"speaker":"Deirdre","startTime":3314.069,"endTime":3317.08,"body":"You can buy merch at merch dot"},{"speaker":"Deirdre","startTime":3314.069,"endTime":3317.08,"body":"securitycryptographywhatever"},{"speaker":"Deirdre","startTime":3317.09,"endTime":3317.65,"body":"dot com."},{"speaker":"Deirdre","startTime":3317.91,"endTime":3320.68,"body":"If you like the pod, give us"},{"speaker":"Deirdre","startTime":3317.91,"endTime":3320.68,"body":"a five star review on Apple"},{"speaker":"Deirdre","startTime":3320.68,"endTime":3322.92,"body":"podcasts or wherever you"},{"speaker":"Deirdre","startTime":3320.68,"endTime":3322.92,"body":"rate your favorite podcasts."},{"speaker":"Deirdre","startTime":3323.36,"endTime":3324.499,"body":"Thank you for listening."}]}