Defense Notices

End-to-end encrypted (E2EE) messaging services rely on the service operator to distribute authentic public keys. This arrangement protects users from external attackers, but fails catastrophically when the service itself acts maliciously. A service that distributes a spoofed key can silently decrypt, read, and re-encrypt its users' communications—undetectably, if users simply assume the service is trustworthy.

This thesis proposes and evaluates a state-replicated key directory, a model that decouples key distribution from the messaging service entirely. Instead of a single service controlling the directory, the directory is built and maintained across multiple decentralized nodes that follow a consensus and validation protocol. This design substantially raises the cost of key substitution attacks and, under well-defined assumptions, can prevent them outright.

We make three core contributions. First, we present End2, a fully functional browser-based E2EE messaging application that integrates a state-replicated key directory without modifying the underlying cryptographic session protocol. Second, we implement and compare three distinct key directory backends—centralized, permissionless blockchain (Ethereum), and permissioned blockchain (CometBFT)—and analyze their respective security and performance trade-offs. Third, we provide an empirical evaluation under realistic workloads, including upload and query latency, long-term performance degradation, validator failure resilience, and detection of malicious key insertions.

Our results show that a permissioned, Byzantine fault-tolerant key directory achieves query performance comparable to a centralized directory while providing substantially stronger security guarantees against service-side attacks. State-replicated key directories offer a practical and deployable path toward reducing the excessive trust placed in modern E2EE messaging providers.