Is anyone aware of an analysis of the TextSecure protocol?
https://whispersystems.org/blog/simplifying-otr-deniability/
https://github.com/WhisperSystems/TextSecure/wiki/Protocol
It is a simplification of the OTR protocol. Instead of signing the ephemeral key, it uses DH over an ephemeral key (a,b) and an identity (A,B) key.
The claimed advantages are: Reduced Algorithmic Complexity, Increased Forgability, Reduced Protocol Complexity, Maintained Forward Secrecy, and Smaller Payloads
Not an cryptographer and haven't analysed it in-depth, but from my brief inspection:
The Secure Text protocol 1 (as specified in the wiki) works with (initial) ephemeral ECC Keys, that requires validation of the key exchange on each session initiation. The tool provided for this is pretty ugly (comparing two SHA-1 fingerprints). I think this needs to be improved.
There is also no protocol feature to reveal the HMAC Keys so an longer one-way conversation cannot be invalidated (if for example both devices are inspected and the current keys are retrieved). But that disadvantage is I guess mitigated by a better denyability due to the random keys (as long as applications do not build a persistence around it).
But Text Secure already work on a new protocol which is specified here:
