Security Proof of Threema’s Communication Protocol

Security Proof of Threema’s Communication Protocol

When it comes to cryptographic protocols, a formal security proof is the ultimate hallmark of quality. German researchers now provide such a proof for the Ibex protocol, confirming that Threema’s security is based on a rock-solid foundation.

A few months back, we introduced “Ibex.” This new cryptographic communication protocol has further strengthened Threema’s time-tested security, established Perfect Forward Secrecy on the end-to-end layer, and future-proofed the overall system.

Three renowned security researchers from the Chair of Applied Cryptography at the University of Erlangen-Nuremberg have now concluded an in-depth security analysis of Ibex. They present a formal proof of the protocol’s security and show that Ibex is cryptographically sound:

Through a comprehensive examination, we have successfully evaluated the protocol’s adherence to its promised security properties. The results of our analysis reveal that the Ibex protocol satisfactorily meets the desired security requirements. Notably, our investigation did not uncover any flaws or vulnerabilities within the protocol. This outcome underscores the sound cryptographic design of the Ibex protocol, as it has withstood a rigorous security analysis, and we were able to prove the security of Ibex formally. The absence of significant weaknesses further strengthens the confidence in the protocol’s security guarantees and enhances its overall reliability. (p. 36)

To establish Ibex’s security, the research team employs state-of-the-art methods and a proof by contradiction. They show that assuming some adversary can read Threema messages would entail that the Gap-Diffie-Hellman problem can be solved in polynomial time. Since this is something no efficient adversary is believed to be able to do, no adversary can read Threema messages. Hence, Ibex provides provable security, and confidentiality is guaranteed. Furthermore, the researchers demonstrate that Ibex also upholds other security guarantees, in particular: integrity, authenticity, and Perfect Forward Secrecy.

Given this positive outcome, Perfect Forward Secrecy is now enabled by default in the latest mobile apps (Threema 5.1 for Android and Threema 5.4 for iOS), which are available for download as of today.

We would like to thank Prof. Dominique Schröder, Prof. Paul Rösler, and Paul Gerhart for their commitment, dedication, and meticulous work. To read the full security analysis, please follow this link:

Security of Ibex (PDF) →

More audit reports →