Securing End‐To‐End Encrypted File Sharing Services With the Messaging Layer Security Protocol

Secure file sharing is essential in today's digital environment, yet many systems remain vulnerable: if an attacker steals client keys, they can often decrypt both past and future content. To address this challenge, we propose a novel file-sharing architecture that strengthens post-compromise security while remaining practical. Our contributions are threefold. First, we design a concept that integrates Messaging Layer Security group key exchange, attribute-based access control, and a tamper-resistant, versioned metadata store, providing post-compromise security and, with some limitations, forward secrecy. Second, we present a reference architecture and a working prototype. Third, we evaluate security against common threats and benchmark key distribution scalability. Results demonstrate that our system preserves end-to-end confidentiality even with a fully compromised server, restores security after client compromise, and scales key delivery efficiently—for example, distributing 10,000 keys to 1000 clients is only about 40% slower than to 100 clients. Overall, our approach delivers stronger security guarantees than popular alternatives while remaining practical.