🎖️ The Three Rules
What Makes Secure Groups Work
In 10 minutes: Understand security rules for group messaging
Prerequisite: None
🎯 The Simple Story
For a group chat to be secure, it needs three rules:
- Only members can read (Confidentiality)
- Past messages stay secret (Forward Secrecy)
- Future messages stay secret (Post-Compromise Security)
Let me explain with a story...
🧠 Mental Model
Hold this picture in your head:
Secure Group Chat - Three Locks:
🔒 Lock 1: Only members can enter
└─ Alice, Bob, Charlie can read
└─ Eve cannot read (she's outside)
🔒 Lock 2: Burn after reading
└─ Alice sends message #1
└─ Everyone reads message #1
└─ Key for #1 is deleted
└─ Eve steals phone later: Can't read #1
🔒 Lock 3: Change locks after breach
└─ Alice's phone gets hacked
└─ Attackers get group secret
└─ MLS updates group secret
└─ Attackers can't read new messages
📚 Rule #1: Confidentiality
Only members can read messages.
Mental model: Secret meeting room with soundproof walls.
Confidentiality:
Inside the room:
┌─────────────────────────────┐
│ Alice: Hello everyone │
│ Bob: Hi Alice │
│ Charlie: Hey │
│ (Everyone inside hears) │
└─────────────────────────────┘
Outside the room:
┌──────�───────────────────┐
│ Eve: What are they │
│ saying? │
│ (Can't hear anything) │
└─────────────────────────┘
Eve can't hear: Soundproof walls
What this means in crypto:
Group has a shared secret key K:
- Alice knows K
- Bob knows K
- Charlie knows K
- Eve doesn't know K
Alice encrypts message with K → sends
Bob decrypts with K → reads
Charlie decrypts with K → reads
Eve tries to decrypt with K → fails (doesn't have K)
📚 Rule #2: Forward Secrecy
Past messages stay secret even if future keys are compromised.
Mental model: Burn after reading
What happens without forward secrecy?
NO Forward Secrecy (Bad):
Day 1: Alice sends: Password = 12345
├─ Encrypted with K (same key)
├─ Bob reads: Password = 12345
└─ Bob KEEPS K forever
Day 180: Eve steals Bob's phone
├─ Eve finds K
├─ Eve decrypts Day 1 message
└─ Eve reads: Password = 12345
WITH Forward Secrecy (Good):
Day 1: Alice sends: Password = 12345
├─ Encrypted with K1
├─ Bob reads: Password = 12345
└─ Bob deletes K1 immediately
Day 180: Eve steals Bob's phone
├─ Eve looks for K1...
├─ K1 doesn't exist (deleted)
└─ Can't decrypt Day 1 message
📚 Rule #3: Post-Compromise Security (PCS)
Future messages stay secret even if current keys are compromised.
Mental model: Change the lock after someone breaks in
What happens without PCS?
NO PCS (Bad):
Day 1: Alice's phone hacked
├─ Attacker gets group secret K
└─ Attacker reads all future messages
Day 2: Alice: Meeting at 2pm
├─ Encrypted with K
└─ Attacker decrypts with K: Reads
Day 3: Alice: Secret door code: 555
├─ Encrypted with K
└─ Attacker decrypts with K: Reads
WITH PCS (Good):
Day 1: Alice's phone hacked
├─ Attacker gets group secret K
└─ MLS detects → rotates to K'
Day 2: Alice: Meeting at 2pm
├─ Encrypted with K'
└─ Attacker tries with K → Fails
Day 3: Alice: Secret door code: 555
├─ Encrypted with K''
└─ Attacker tries with K → Fails
🎮 Try It Yourself
Question 1: Alice sends 3 messages. After each message, Bob deletes the key. Day 180, Eve steals Bob's phone. How many of Alice's messages can Eve read?
Show Answer
Day 1: Alice sends message #1 with key K1
- Bob reads message #1
- Bob deletes K1 immediately
Day 2: Alice sends message #2 with key K2
- Bob reads message #2
- Bob deletes K2 immediately
Day 3: Alice sends message #3 with key K3
- Bob reads message #3
- Bob deletes K3 immediately
Day 180: Eve steals Bob's phone
- Looks for K1, K2, K3
- All deleted
- Eve can't read any messages
Answer: 0 messages (none) - Forward secrecy works
Question 2: Alice's phone gets hacked and the attacker gets the group secret K. MLS rotates the key to K'. Alice sends: "Secret info: 123". The attacker tries with K. Can they read the message?
Show Answer
Day 1: Attacker gets group secret K from Alice's phone
- MLS detects compromise
- MLS rotates group key to K'
Day 1: Alice sends: "Secret info: 123"
- Encrypted with K'
Attacker:
- Has old key K
- Tries to decrypt with K
- Fails (Message uses K', not K)
Answer: No, attacker can't read the message - PCS works
Question 3: What's the difference between forward secrecy and post-compromise security?
Show Answer This
Forward Secrecy (Past):
- Compromise NOW
- Can't read PAST messages
- Keys deleted after use
- Focus: Protect history
Post-Compromise Security (Future):
- Compromise NOW
- Can't read FUTURE messages
- Keys rotate after breach
- Focus: Protect future
Together they protect BOTH past AND future
💡 Why We Care
Real-World Examples
Without these rules:
Corporate chat:
- Employee leaves company
- Employee still has keys
- Employee reads all messages
Social media group:
- Group member hacked
- Hacker reads all future messages
Political group chat:
- Someone arrested
- Past messages extracted
- No protection for past conversations
With MLS (has all 3 rules):
Corporate chat:
- Employee leaves company
- MLS rotates keys
- Employee CAN'T read new messages
Social media group:
- Group member hacked
- MLS rotates keys
- Hacker CAN'T read new messages
Political group chat:
- Someone arrested
- Old keys deleted (forward secrecy)
- CAN'T read past conversations
✅ Quick Check
Can you explain the three rules to a 5-year-old?
Try saying this out loud:
"The three rules for secret meetings are:
- Only people who belong can hear (confidentiality)
- Burn the notes after reading (forward secrecy)
- Change the secret phrase if someone sneaks in (post-compromise security)"
🎓 Key Takeaways
✅ Rule 1: Confidentiality = Only members can read
✅ Rule 2: Forward Secrecy = Past safe even if future compromised
✅ Rule 3: PCS = Future safe even if current compromised
✅ Together: Protect past AND future messages
✅ MLS: Provides all 3 rules automatically
🎉 What You'll Learn Next
Now you understand the security rules Next, we'll learn exactly HOW MLS manages keys efficiently:
🌳 Continue: The Tree of Secret Keys
We'll learn about ratchet trees - the amazing structure that makes MLS work
Now you know the three security rules. Next: How MLS manages all these keys with ratchet trees