Olvid – The good, the bad and the ugly

Olvid is a French messaging app with over 200,000 users, including high-risk users such as members of the French government. Despite bold claims positioning Olvid as the most secure messenger in the world and its important user base, limited independent analysis has been conducted on its security. Here we present our work, which takes a first step towards addressing this issue by analysing Olvid's cryptographic core. First, we formally modelled the authenticated key exchange and continuous key exchange protocols using the Tamarin prover. Our analysis confirmed that key security properties, such as forward secrecy and replay protection, are upheld. However, under stronger adversarial models, some important guarantees do not hold. Next, we analysed the implementation and discovered a timing side-channel vulnerability. We developed a proof-of-concept attack to show how long-term private keys can be recovered by leveraging such a vulnerability. Finally, we proposed some changes to Olvid’s design aimed at enhancing its security and facilitating future analyses.