If it's HMAC'd, there's no sidestepping of padding oracles needed. Error side channels are a consequence of chosen ciphertext attacks, not of padding. Switching to CTR would not "go a long way" towards shoring up the security of their protocol.
I do not understand your "confused deputy" attack. Can you outline it in more detail?
> I do not understand your "confused deputy" attack. Can you outline it in more detail?
I'm literally referring to "the iMessage attack".
If you recall, iMessage did ECDSA(AES(m, ek), sk) without an intermediary HMAC. Libolm does have an (albeit truncated) HMAC, so the attack doesn't apply at all here. But it's still a design smell.
If I could extend their construction (which looks like the setup to the iMessage attack, without the punchline) into a real attack, I would have just disclosed it to them and not commented publicly.
How the attack I envision would work if their HMAC suddenly got erased from the protocol: Establish a multi-device setup, flip bits in ciphertext you want to decrypt, sign with Ed25519, observe padding oracle.
(A truncated HMAC does prevent that in the real world, but at a 32-bit security level rather than a 128-bit security level.)
These are (somewhat nitpicky) design critiques, not security vulnerabilities. :)
Edit to add: Also, the iMessage attack had some other weirdness that isn't relevant for what I'm describing, but was very relevant for iMessage being broken.
Isn't it a little weird to tell people to do major surgery on a crypto design, especially in ways that depart from the well-regarded design they derived it from, on account of attacks that don't work against that design?
It's only weird if you put Signal's specific design decisions from 2013 on a pedestal and declare it perfect and incapable of being improved.
(N.b. I don't expect my specific suggestions to be adopted. However, I view complaining without offering solutions to be poor form, so I offered some alongside my complaints.)
Of course, any deviation from Signal's design can and should be vetted by the same experts that vetted Signal's. And if they're unavailable to vet the derivations, the conservative thing to do is grit your teeth and bear Signal's legacy until they become available.
However, if Signal still targets Android 4.4 phones in 2020, there's a lot of devices without AES-NI and thus improving upon their AES-CBC design decision is worth probing at least.
In addition to my previous comments, I also have a thing about reflexively suggesting that people eliminate CBC from their designs. Depending on circumstances, CBC can be a safer choice than CTR (and CTR-derived modes like the AEAD stream ciphers); different failure modes.
You're entitled to your thing. Granted, CBC mode has a better misuse story than CTR, but an extended-nonce ChaPoly AEAD is likely to be safer in most of Signal's installed userbase (n.b. the same userbase Matrix and Jitsi would be targeting in a lot of cases), given the ARM SIMD (AES-NI equivalent) situation.
Chapoly depends on a reliable per-message CSPRNG. CBC wants randomness too, of course, but the failure mode under randomness hiccups isn't "coughs up keys". If you have a system working with CBC+HMAC, what's the advantage to shouldering that additional risk?
In a new design, I'd recommend Chapoly too. But this isn't a new design. Changing things has cost.
> If you have a system working with CBC+HMAC, what's the advantage to shouldering that additional risk?
The details you probably want me to put here are a bit fuzzy still, and I've solicited others' to provide clarity and insight into the specifics, so I apologize if this is hand-wavy, but your question deserves an answer.
Given:
Most smartphones are built on ARM architecture. At the very least, I'm confident about Android being ARM. I've never purchased an Apple product in my life, and can't rightly say much about their internals.
"In order to offer low cost options, device manufacturers sometimes use low-end processors such as the ARM Cortex-A7, which does not have hardware support for AES. On these devices, AES is so slow that it would result in a poor user experience; apps would take much longer to launch, and the device would generally feel much slower."
Even for smartphones that use ARMv8-A and newer, OEM weirdness can get in the way of that. Without tearing a specific model of a specific phone apart, I can't really give you much more information than that.
The advantage to the additional risk of ChaPoly is to not cough up keys to JavaScript running in a web browser capable of leveraging a cache-timing attack against software AES, in the smartphones that most people can afford.
That is to say, while it's true that the CSPRNG failure mode of ChaPoly is bad (but relies on conditions the attacker probably can't control), the failure mode of software AES is equally bad and can be influenced by an attacker.
> In a new design, I'd recommend Chapoly too. But this isn't a new design. Changing things has cost.
If there is significant market share where the device has a reliable CSPRNG but not hardware AES (post-OEM tampering), I'd argue that the security gain of a ChaPoly migration is worth the cost of changing, in particular.
The ratcheting changes are mostly a hygiene issue and probably won't be meaningfully important. I was just being nitpicky.
I think you misunderstood what I'm talking about here.
[ App (Java -> Dvorak) ]--.
>--- Same CPU
[ Web Browser with JS ]--`
My argument wasn't about "it" running in a web browser. I was arguing that side-channel attacks that can be exploited from a browser on the same CPU (as per djb's AES cache attack paper) are pretty bad, considering "trick user into opening a webpage" is a pretty low-hanging fruit attack vector.
It's like a standard padding oracle attack, but 4 billion times slower (on average) and requires 4 billion times more CPU work and bandwidth, and you have to be able to distinguish between a HMAC failure and a padding error.
I do not understand your "confused deputy" attack. Can you outline it in more detail?