How do you make sure you are not a target of a man-in-the-middle (MitM) attack when using an instant messaging app? Encryption can secure the content of a conversation from eavesdroppers, but what if someone has hacked the account of the person you want to talk to and is impersonating them? The off-the-record (OTR) encryption protocol used by Secure Chat solves this problem by providing mutual identification through the Socialist Millionaire Protocol.

Via the Socialist Millionaire Protocol two parties can establish a shared secret without disclosing it.

The latter has nothing to do with shady Eastern European oligarchs and their henchmen, don't worry. The Socialist Millionaire Protocol allows two parties to authenticate to each other by using a shared secret they both know – but without disclosing the shared secret over the course of the conversation.

To paraphrase: You (Alice) and your contact (Bob) both know the same secret and use it to authenticate to each other. If someone (Eve) hacks your contact’s account and initiates a conversation with you (a MitM attack), you’d be aware it isn’t your friend.

The Socialist Millionaire Protocol explained

How does this work? Imagine Alice and Bob want to find out whether they are paid equally. They can go out and reveal their salaries to each other, but on the other hand, Alice might not be pleased to find out she makes 78 cents for every dollar Bob earns. They just want to check whether they receive an equal amount. (And to authenticate in a chat, you only care whether your and your contact’s keys match, not whose key is longer.)

What Alice can do is write the amount she earns on a piece of paper, and then write some different sums on more pieces of paper – so she’d end with four pieces of paper with four different amounts on them. Then she can put each piece in a separate box, each locked with a different key. She gives the four boxes and four keys to Bob and keeps a copy only of the key with her salary amount in it.

Bob receives the four boxes with the four pieces of paper locked in each and opens them all. In one of them, he sees the amount he earns. So, he locks that box again, writes “yup, that’s mine” on the outside, and sends it back to Alice. When she receives it back, she tries to unlock it with her only key, and from here there are two scenarios:

A) Her key successfully unlocks the box. Since she only kept the key for the box with her sum in it, this means Bob is paid the same as her.

B) Her key doesn’t unlock the box Bob sent back. Which means they are not equally paid. Note, however, that the box remains locked and Alice has no idea how much Bob receives from their boss.

You and your contact can authenticate to each other in Secure Chat using a secret phrase.

How is this logic employed in OTR encryption?

In end-to-end encrypted chat messengers like Secure Chat that use the OTR protocol, mutual authentication works in a similar manner. Only that a 1,536-bit prime number is used to seed a complicated equation, which produces a long private key – which is the secret Alice and Bob share. Without having to have met in person ever before, they can use the Diffie-Hellman key exchange algorithm to initiate an encrypted chat session.

Once they have set up that connection, Alice wants to see if this is really Bob she is chatting with. She generates the value x using information about the private encryption keys she and Bob used to set up the connection, plus a piece of information she enters manually. Bob does the same to generate the value y. If x = y, Alice can be sure she is talking to Bob.

If Eve had hijacked the conversation and is pretending she’s Bob, she still isn’t able to derive a value y equal to Alice’s x because she doesn’t have the necessary information about Alice’s private key. Only Bob does. Alice will be able to see that y ≠ x and will shut the conversation down, knowing that it isn’t Bob on the other side.

This is, generally speaking, how OTR provides mutual authentication (you can read the full mathematical rundown here). Secure Group’s end-to-end encrypted chat client, Secure Chat, also offers 256-bit AES encryption of messages, perfect forward secrecy (ephemeral keys for each chat session – one compromised key doesn’t compromise your entire history), encrypted video and file sharing, and remote wipe for all data stored in the app. Secure Chat comes as part of Secure Pack – our suite of encrypted apps – together with Secure Email (a PGP-powered mail client), and Secure Voice (an encrypted VoIP app that uses the ZRTP protocol).