In this interview, we talk to Rolf Oppliger, author of the book Signal and Messaging Layer Security. We discuss the motivation behind writing the book, the target audience, the most useful aspects of the book, the challenges of writing the book, and advice for other engineers who are considering writing a book.
Rolf Oppliger leads eSECURITY Technologies, works for the Swiss federal administration, serves as an adjunct professor of computer science at the University of Z¸rich, Switzerland, and is the Information Security and Privacy editor at Artech House. He earned his Ph.D. in computer science from the University of Berne, Switzerland.
1. Could you summarize the main content of your book? What are the key topics addressed?
The book elaborates on end-to-end encrypted (E2EE) messaging on the Internet and has two main focuses: On the one hand, it introduces, explains in detail, and puts into perspective the Signal protocol that is the gold standard for E2EE messaging on the Internet and is used in many E2EE messengers, including WhatsApp, Facebook Messenger, Instagram Direct Messaging (DM), Wire, and Viber. On the other hand, it also addresses the question on how an E2EE messaging protocol like Signal can be extended to support more than two users in a scalable way. The resulting protocol is known as Messaging Layer Protocol (MLS) and was recently standardized by the Internet Engineering Task Force (IETF). As such, the MLS is about to become the predominant standard when it comes to E2EE group messaging or chats. Together, the Signal and MLS protocols build the basis for any E2EE messaging solution, especially if it targets the group setting.
2. What is the primary purpose of your book? How do you envision it helping readers in their work or studies?
As mentioned above, a focus of the book is to introduce, explain in detail, and put into perspective the Signal and MLS protocols. As such, its primary purpose is to help readers to get into the topic of E2EE messaging on the Internet, and to fully comprehend the design of the respective protocols, as well as the rationale that has led to their current designs. In fact, there are many engineering challenges that must be resolved to come up with a solution that meets the requirements in the field. As such, the Signal and MLS protocols have evolved from many previous protocols, including OpenPGP, S/MIME, and OTR, to provide a viable solution for synchronous and asynchronous E2EE messaging on the Internet.
3. What sets your book apart from other works in the same field? Are there any innovative concepts, methodologies, or insights that make it stand out?
Except an earlier book I wrote a few years ago (“End-to-End Encrypted Messaging”, Artech House, 2020, ISBN 978-1-63081-732-9), there is neither a book about the Signal protocol nor a book about the MLS protocol on the market. This is unfortunate, because interested people must find their ways through tons of protocol specifications and related materials that are inherently difficult to read and even more so to comprehend. As such, the book provides the opportunity to enter the field more efficiently, and to capture and more quickly understand the challenges and solutions related to E2EE messaging on the Internet, especially when used in large groups. In its current form, the book does not seem to have a competitor. There are some books that address the Signal protocol among other topics, but there is no other book dedicated exclusively to the topic. This is even more true for the MLS protocol.
4.Who is the intended readership for your book? Are there specific industries, professionals, or fields of study that would benefit most from this content?
The intended readership includes everybody working in the field of E2EE messaging on the Internet who is interested and eager to learn about the challenges and solutions available in the field. This is particularly true for computer scientists and software engineers who are implementing E2EE messaging solutions and respective apps that are to scale to the Internet. Also, the users of E2EE messengers like WhatsApp, Facebook Messenger, or Instagram DM may want to learn how the software works behind the scenes, and what the advantages and disadvantages of these working principles are. This allows them to make better decisions on how to use the messengers in the field.
5. What are the most important lessons or insights you want readers to take away from this book?
The most important lessons or insights for readers to take away are the working and operating principles of the Signal and MLS protocols, their evolution and development over time, their use of basic and more advanced cryptographic primitives, mechanisms, and services, the sophistication of the resulting protocols, and the possibilities of their future development (e.g., in the realm of post-quantum cryptography). The readers should get a complete and comprehensive overview about the state-of-the-art in E2EE messaging on the Internet, with a special focus on the Signal and MLS protocols.
6.Does your book include any original research, case studies, or data? If so, could you highlight some of the most significant findings?
No, the book is based on contemporary and state-of-the-art cryptography, but it does not propose new research, case study, or data. Instead, the book is to familiarize the reader with the Signal and MLS protocols, their working and operating principles, as well as the considerations and decisions that have led to their current designs. In addition, it puts the protocols into perspective and explains how the field has evolved since the early 1990s and why it has done so.
7.Does your book address any new or emerging trends in the field? How does it prepare readers for future developments?
Yes, the book addresses (at least) two new or emerging trends in the field: First, it explains how the Signal protocol is being made quantum computer-resistant (e.g., by integrating and putting in place PQC technologies) and how it compares to Apple’s PQ3. Second, it explains in detail how an E2EE messaging protocol like Signal can be adapted to support very large groups. This is a particularly interesting and challenging research area, where many things are currently going on. To follow these things, it is important to understand the previous proposals that have led to the MLS protocol. This is where the book is intended to support the reader.
8.What personal experiences, if any, have shaped your perspective or approach to the topics discussed in your book?
I have been an active user of E2EE messaging since the very beginning in the early 1990s (mainly with PGP and S/MIME to secure e-mail). Unfortunately, these technologies have never been successful, also because they demand too much from the user. Using a contemporary and state-of-the-art technology like the Signal protocol is promising, because its use is transparent for the user, meaning that the user doesn’t have to care. The messages are E2EE even without user interaction, and this helps a lot to deploy the technology in the first place.
Learn more about the book on our websites:
ARTECH HOUSE USA : Signal and Messaging Layer Security
ARTECH HOUSE U.K.: Signal and Messaging Layer Security
More Security and Privacy content here: Security and Privacy – Artech House Insider
