A study led by Professor Zhao Mang from the School of Cyber Science and Engineering at Wuhan University, in collaboration with Professor Cas Cremers, doctoral student Esra Gunsay from the Helmholtz Center for Information Security (CISPA) in Germany, and Bitkom specialist Vera Wesselkamp, has been accepted for Eurocrypt 2026, which is scheduled to take place from May 10 to 14 in Rome, Italy.

The study, ETK: External-Operations TreeKEM and the Security of MLS in RFC 9420, examines Messaging Layer Security (MLS), a crucial standard for secure end-to-end communication in large group instant messaging, developed over five and a half years by the Internet Engineering Task Force (IETF) and finalized in RFC 9420.

The core advantage of MLS lies in its ability to maintain end-to-end group key establishment and evolution, even if a server is compromised, thereby providing robust security for group communications in extreme scenarios.

This protocol is currently utilized by major tech companies such as Apple, Google, and Matrix Communications. Despite prior studies analyzing early drafts of MLS, the final RFC 9420 version and its key modules, such as the "external operations" module that supports unaudited group joining, have remained largely unexplored with respect to security, posing significant challenges for cryptography.

The research team developed a protocol model that accurately depicts the core functions of MLS RFC 9420 and proposed an ideal functional security framework. This has led to the world's first cryptographic security analysis of both the final standard version and the "external operations" module.

The team demonstrated that the protocol provides strong security guarantees in complex scenarios across key metrics, including consistency, confidentiality, and authentication. It also identified a critical vulnerability: activating the "external operations" module could degrade protocol security, enabling hackers to exploit its mechanism to steal group keys.

The team proposed a lightweight improvement: by reusing the pre-shared key (PSK) mechanism already deployed in the standard, they countered the aforementioned attacks without adding any new modules.

This solution enhances security while maintaining protocol compatibility, providing a practical and efficient approach to strengthening security in real-world protocol deployments.