Breaking Message Integrity of an End-to-End Encryption Scheme of LINE

  • Takanori IsobeEmail author
  • Kazuhiko Minematsu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11099)


In this paper, we analyze the security of an end-to-end encryption scheme (E2EE) of LINE, a.k.a Letter Sealing. LINE is one of the most widely-deployed instant messaging applications, especially in East Asia. By a close inspection of their protocols, we give several attacks against the message integrity of Letter Sealing. Specifically, we propose forgery and impersonation attacks on the one-to-one message encryption and the group message encryption. All of our attacks are feasible with the help of an end-to-end adversary, who has access to the inside of the LINE server (e.g. service provider LINE themselves). We stress that the main purpose of E2EE is to provide a protection against the end-to-end adversary. In addition, we found some attacks that even do not need the help of E2E adversary, which shows a critical security flaw of the protocol. Our results reveal that the E2EE scheme of LINE do not sufficiently guarantee the integrity of messages compared to the state-of-the-art E2EE schemes such as Signal, which is used by WhatApp and Facebook Messenger.


E2EE LINE Key exchange Group message Authenticated encryption 



The authors would like to thank the anonymous referees for their insightful comments and suggestions. We are also grateful to LINE corporation for the fruitful discussion and feedback about our findings.


  1. 1.
    FIPS PUB 197: Advanced Encryption Standard (AES). U.S. Department of Commerce/National Institute of Standards and Technology (2001)Google Scholar
  2. 2.
    NIST SP 800–38A: Recommendation for Block Cipher Modes of Operation. U.S. Department of Commerce/National Institute of Standards and Technology (2001)Google Scholar
  3. 3.
    NIST SP 800–38C: Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality. U.S. Department of Commerce/National Institute of Standards and Technology (2007)Google Scholar
  4. 4.
    NIST SP 800–38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. U.S. Department of Commerce/National Institute of Standards and Technology (2007)Google Scholar
  5. 5.
    FIPS PUB 180–4: Secure Hash Standard. U.S. Department of Commerce/National Institute of Standards and Technology (2015)Google Scholar
  6. 6.
    New generation of safe messaging: Letter Sealing. LINE Blog (2015).
  7. 7.
    LINE Enters Agreement with Japan’s CAO for Mynaportal Interconnectivity (2017).
  8. 8.
    Line Will Top 50 Million Users in Japan This Year. eMarketer (2017).
  9. 9.
    Al Fardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 526–540. IEEE Computer Society (2013)Google Scholar
  10. 10.
    Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J. Cryptol. 21(4), 469–491 (2008)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004). Scholar
  12. 12.
    Bernstein, D.J.: Curve25519: new diffie-hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). Scholar
  13. 13.
    Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the station-to-station (STS) protocol. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 154–170. Springer, Heidelberg (1999). Scholar
  14. 14.
    Möller, B., Duong, T., Kotowicz, K.: This POODLE Bites: Exploiting The SSL 3.0 Fallback (2016)Google Scholar
  15. 15.
    Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees. Cryptology ePrint Archive, Report 2017/666 (2017).
  16. 16.
    Cohn-Gordon, K., Cremers, C.J.F., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, pp. 451–466. IEEE (2017)Google Scholar
  17. 17.
    Cohn-Gordon, K., Cremers, C.J.F., Garratt, L.: On post-compromise security. In: IEEE 29th Computer Security Foundations Symposium, CSF 2016, pp. 164–178. IEEE Computer Society (2016)Google Scholar
  18. 18.
    Curtis, T.: Encryption out of LINE Reverse engineering end-to-end encrypted messaging. Ekoparty 2016 (2016)Google Scholar
  19. 19.
    Espinoza, A.M., Tolley, W.J., Crandall, J.R., Crete-Nishihata, M., Hilts, A.: Alice and Bob, who the FOCI are they?: analysis of end-to-end encryption in the LINE messaging application. In: 7th USENIX Workshop on Free and Open Communications on the Internet (FOCI 17). USENIX Association (2017)Google Scholar
  20. 20.
    Garman, C., Green, M., Kaptchuk, G., Miers, I., Rushanan, M.: Dancing on the lip of the volcano: chosen ciphertext attacks on apple imessage. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 655–672. USENIX Association (2016)Google Scholar
  21. 21.
    Gaži, P., Pietrzak, K., Rybár, M.: The exact PRF-security of NMAC and HMAC. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 113–130. Springer, Heidelberg (2014). Scholar
  22. 22.
    Krawczyk, H.: The order of encryption and authentication for protecting communications (or: how secure Is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310–331. Springer, Heidelberg (2001). Scholar
  23. 23.
    LINE Corporation: LINE Encryption Overview (2016)Google Scholar
  24. 24.
    Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257–274. Springer, Heidelberg (2014). Scholar
  25. 25.
    Open Whisper Systems: Signal Github Repository (2017).
  26. 26.
    Rosler, P., Mainka, C., Schwenk, J.: More is less: how group chats weaken the security of instant messengers signal, WhatsApp, and Threema. In: 3rd IEEE European Symposium on Security and Privacy 2018 (2018)Google Scholar
  27. 27.
    Vaudenay, S.: Security flaws induced by CBC padding — applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.University of HyogoKobeJapan
  2. 2.NEC CorporationKawasakiJapan

Personalised recommendations