{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T04:22:38Z","timestamp":1776745358097,"version":"3.51.2"},"publisher-location":"Cham","reference-count":57,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031159787","type":"print"},{"value":"9783031159794","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-15979-4_1","type":"book-chapter","created":{"date-parts":[[2022,10,12]],"date-time":"2022-10-12T16:25:31Z","timestamp":1665591931000},"page":"3-33","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["Universally\u00a0Composable\u00a0End-to-End\u00a0Secure Messaging"],"prefix":"10.1007","author":[{"given":"Ran","family":"Canetti","sequence":"first","affiliation":[]},{"given":"Palak","family":"Jain","sequence":"additional","affiliation":[]},{"given":"Marika","family":"Swanberg","sequence":"additional","affiliation":[]},{"given":"Mayank","family":"Varia","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,10,13]]},"reference":[{"key":"1_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-030-17653-2_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"J Alwen","year":"2019","unstructured":"Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 129\u2013158. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_5"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1007\/978-3-030-56784-2_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"J Alwen","year":"2020","unstructured":"Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Security analysis and improvements for the IETF MLS standard for group messaging. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part I. LNCS, vol. 12170, pp. 248\u2013277. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56784-2_9"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Modular design of secure group messaging protocols and the security of MLS. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 1463\u20131483. ACM Press, November 2021","DOI":"10.1145\/3460120.3484820"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1007\/978-3-030-64378-2_10","volume-title":"Theory of Cryptography","author":"J Alwen","year":"2020","unstructured":"Alwen, J., Coretti, S., Jost, D., Mularczyk, M.: Continuous group key agreement with active security. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 261\u2013290. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64378-2_10"},{"key":"1_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-030-64381-2_1","volume-title":"Theory of Cryptography","author":"C Badertscher","year":"2020","unstructured":"Badertscher, C., Canetti, R., Hesse, J., Tackmann, B., Zikas, V.: Universal composition with global subroutines: capturing global setup within plain UC. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part III. LNCS, vol. 12552, pp. 1\u201330. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64381-2_1"},{"key":"1_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1007\/978-3-030-90453-1_22","volume-title":"Theory of Cryptography","author":"C Badertscher","year":"2021","unstructured":"Badertscher, C., Hesse, J., Zikas, V.: On the (ir)replaceability of global setups, or how (not) to use a global ledger. In: Nissim, K., Waters, B. (eds.) TCC 2021, Part II. LNCS, vol. 13043, pp. 626\u2013657. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-90453-1_22"},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"621","DOI":"10.1007\/978-3-030-64840-4_21","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"F Balli","year":"2020","unstructured":"Balli, F., R\u00f6sler, P., Vaudenay, S.: Determining the core primitive for optimally secure ratcheting. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part III. LNCS, vol. 12493, pp. 621\u2013650. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64840-4_21"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"M Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232\u2013249. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_21"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: 27th ACM STOC, pp. 57\u201366. ACM Press, May\/June 1995","DOI":"10.1145\/225058.225084"},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1007\/978-3-319-63697-9_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"M Bellare","year":"2017","unstructured":"Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: the security of messaging. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 619\u2013650. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_21"},{"key":"1_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-030-64378-2_8","volume-title":"Theory of Cryptography","author":"A Bienstock","year":"2020","unstructured":"Bienstock, A., Dodis, Y., R\u00f6sler, P.: On the price of concurrency in group ratcheting protocols. In: Pass, R., Pietrzak, K. (eds.) TCC 2020, Part II. LNCS, vol. 12551, pp. 198\u2013228. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64378-2_8"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Bienstock, A., Fairoze, J., Garg, S., Mukherjee, P., Raghuraman, S.: A more complete analysis of the signal double ratchet algorithm. Cryptology ePrint Archive, Report 2022\/355 (2022). https:\/\/eprint.iacr.org\/2022\/355","DOI":"10.1007\/978-3-031-15802-5_27"},{"key":"1_CR13","doi-asserted-by":"crossref","unstructured":"Blazy, O., Bossuat, A., Bultel, X., Fouque, P., Onete, C., Pagnin, E.: SAID: reshaping signal into an identity-based asynchronous messaging protocol with authenticated ratcheting. In: EuroS &P, pp. 294\u2013309. IEEE (2019)","DOI":"10.1109\/EuroSP.2019.00030"},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Borisov, N., Goldberg, I., Brewer, E.A.: Off-the-record communication, or, why not to use PGP. In: WPES, pp. 77\u201384. ACM (2004)","DOI":"10.1145\/1029179.1029200"},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1007\/978-3-030-75248-4_23","volume-title":"Public-Key Cryptography \u2013 PKC 2021","author":"A Caforio","year":"2021","unstructured":"Caforio, A., Durak, F.B., Vaudenay, S.: Beyond security and efficiency: on-demand ratcheting with security awareness. In: Garay, J.A. (ed.) PKC 2021, Part II. LNCS, vol. 12711, pp. 649\u2013677. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75248-4_23"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1007\/978-3-662-49387-8_10","volume-title":"Public-Key Cryptography \u2013 PKC 2016","author":"J Camenisch","year":"2016","unstructured":"Camenisch, J., Drijvers, M., Lehmann, A.: Universally composable direct anonymous attestation. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016, Part II. LNCS, vol. 9615, pp. 234\u2013264. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49387-8_10"},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1007\/978-3-030-57878-7_9","volume-title":"Applied Cryptography and Network Security","author":"S Campion","year":"2020","unstructured":"Campion, S., Devigne, J., Duguey, C., Fouque, P.-A.: Multi-device for signal. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020, Part II. LNCS, vol. 12147, pp. 167\u2013187. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-57878-7_9"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136\u2013145. IEEE Computer Society Press, October 2001","DOI":"10.1109\/SFCS.2001.959888"},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security. J. ACM 67(5), 28:1\u201328:94 (2020)","DOI":"10.1145\/3402457"},{"issue":"1","key":"1_CR20","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/s001459910004","volume":"13","author":"R Canetti","year":"2000","unstructured":"Canetti, R., Halevi, S., Herzberg, A.: Maintaining authenticated communication in the presence of break-ins. J. Cryptol. 13(1), 61\u2013105 (2000)","journal-title":"J. Cryptol."},{"key":"1_CR21","doi-asserted-by":"crossref","unstructured":"Canetti, R., Jain, P., Swanberg, M., Varia, M.: Universally composable end-to-end secure messaging. Cryptology ePrint Archive, Report 2022\/376 (2022). https:\/\/eprint.iacr.org\/2022\/376","DOI":"10.1007\/978-3-031-15979-4_1"},{"key":"1_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-44987-6_28","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"R Canetti","year":"2001","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453\u2013474. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_28"},{"key":"1_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/3-540-46035-7_22","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"R Canetti","year":"2002","unstructured":"Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337\u2013351. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_22"},{"key":"1_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/978-3-662-49387-8_11","volume-title":"Public-Key Cryptography \u2013 PKC 2016","author":"R Canetti","year":"2016","unstructured":"Canetti, R., Shahaf, D., Vald, M.: Universally composable authentication and key-exchange with global PKI. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016, Part II. LNCS, vol. 9615, pp. 265\u2013296. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49387-8_11"},{"key":"1_CR25","doi-asserted-by":"crossref","unstructured":"Chase, M., Perrin, T., Zaverucha, G.: The signal private group system and anonymous credentials supporting efficient verifiable encryption. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1445\u20131459. ACM Press, November 2020","DOI":"10.1145\/3372297.3417887"},{"key":"1_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"588","DOI":"10.1007\/978-3-030-61078-4_33","volume-title":"Information and Communications Security","author":"K Chen","year":"2020","unstructured":"Chen, K., Chen, J.: Anonymous end to end encryption group messaging protocol based on asynchronous ratchet tree. In: Meng, W., Gollmann, D., Jensen, C.D., Zhou, J. (eds.) ICICS 2020. LNCS, vol. 12282, pp. 588\u2013605. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-61078-4_33"},{"key":"1_CR27","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: EuroS &P, pp. 451\u2013466. IEEE (2017)","DOI":"10.1109\/EuroSP.2017.27"},{"issue":"4","key":"1_CR28","doi-asserted-by":"publisher","first-page":"1914","DOI":"10.1007\/s00145-020-09360-1","volume":"33","author":"K Cohn-Gordon","year":"2020","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. J. Cryptol. 33(4), 1914\u20131983 (2020)","journal-title":"J. Cryptol."},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1802\u20131819. ACM Press, October 2018","DOI":"10.1145\/3243734.3243747"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C.J.F., Garratt, L.: On post-compromise security. In: Hicks, M., K\u00f6pf, B. (eds.) CSF 2016 Computer Security Foundations Symposium, pp. 164\u2013178. IEEE Computer Society Press (2016)","DOI":"10.1109\/CSF.2016.19"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Cremers, C., Fairoze, J., Kiesl, B., Naska, A.: Clone detection in secure messaging: improving post-compromise security in practice. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1481\u20131495. ACM Press, November 2020","DOI":"10.1145\/3372297.3423354"},{"key":"1_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-030-26834-3_20","volume-title":"Advances in Information and Computer Security","author":"FB Durak","year":"2019","unstructured":"Durak, F.B., Vaudenay, S.: Bidirectional asynchronous ratcheted key agreement with linear complexity. In: Attrapadung, N., Yagi, T. (eds.) IWSEC 2019. LNCS, vol. 11689, pp. 343\u2013362. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26834-3_20"},{"key":"1_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/978-3-030-75248-4_15","volume-title":"Public-Key Cryptography \u2013 PKC 2021","author":"K Hashimoto","year":"2021","unstructured":"Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for signal\u2019s handshake (X3DH): post-quantum, state leakage secure, and deniable. In: Garay, J.A. (ed.) PKC 2021, Part II. LNCS, vol. 12711, pp. 410\u2013440. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75248-4_15"},{"key":"1_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-662-53644-5_5","volume-title":"Theory of Cryptography","author":"D Hofheinz","year":"2016","unstructured":"Hofheinz, D., Rao, V., Wichs, D.: Standard security does not imply indistinguishability under selective opening. In: Hirt, M., Smith, A. (eds.) TCC 2016, Part II. LNCS, vol. 9986, pp. 121\u2013145. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53644-5_5"},{"key":"1_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-96884-1_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"J Jaeger","year":"2018","unstructured":"Jaeger, J., Stepanovs, I.: Optimal channel security against fine-grained state compromise: the safety of messaging. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 33\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_2"},{"key":"1_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-030-17653-2_6","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"D Jost","year":"2019","unstructured":"Jost, D., Maurer, U., Mularczyk, M.: Efficient ratcheting: almost-optimal guarantees for secure messaging. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 159\u2013188. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_6"},{"key":"1_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"180","DOI":"10.1007\/978-3-030-36033-7_7","volume-title":"Theory of Cryptography","author":"D Jost","year":"2019","unstructured":"Jost, D., Maurer, U., Mularczyk, M.: A unified and composable take on ratcheting. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019, Part II. LNCS, vol. 11892, pp. 180\u2013210. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-36033-7_7"},{"key":"1_CR38","unstructured":"Keybase blog: New cryptographic tools on keybase (2020). https:\/\/keybase.io\/blog\/crypto"},{"key":"1_CR39","unstructured":"Krohn, M.: Zoom rolling out end-to-end encryption offering (2020). https:\/\/blog.zoom.us\/zoom-rolling-out-end-to-end-encryption-offering\/"},{"key":"1_CR40","doi-asserted-by":"crossref","unstructured":"Martiny, I., Kaptchuk, G., Aviv, A.J., Roche, D.S., Wustrow, E.: Improving signal\u2019s sealed sender. In: NDSS. The Internet Society (2021)","DOI":"10.14722\/ndss.2021.24180"},{"key":"1_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-14577-3_1","volume-title":"Financial Cryptography and Data Security","author":"U Maurer","year":"2010","unstructured":"Maurer, U.: Constructive cryptography \u2013 a primer. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, p. 1. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14577-3_1"},{"key":"1_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-642-27375-9_3","volume-title":"Theory of Security and Applications","author":"U Maurer","year":"2012","unstructured":"Maurer, U.: Constructive cryptography \u2013 a new paradigm for security definitions and proofs. In: M\u00f6dersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 33\u201356. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-27375-9_3"},{"key":"1_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/3-540-45708-9_8","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"JB Nielsen","year":"2002","unstructured":"Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111\u2013126. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_8"},{"key":"1_CR44","unstructured":"Open Whisper Systems: Technical information: Specifications and software libraries for developers (2016). https:\/\/signal.org\/docs\/"},{"key":"1_CR45","unstructured":"Perrin, T.: The noise protocol framework (2018). https:\/\/noiseprotocol.org\/noise.html"},{"key":"1_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-96884-1_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"B Poettering","year":"2018","unstructured":"Poettering, B., R\u00f6sler, P.: Towards bidirectional ratcheted key exchange. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 3\u201332. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_1"},{"key":"1_CR47","doi-asserted-by":"crossref","unstructured":"R\u00f6sler, P., Mainka, C., Schwenk, J.: More is less: on the end-to-end security of group chats in signal, whatsapp, and threema. In: EuroS &P, pp. 415\u2013429. IEEE (2018)","DOI":"10.1109\/EuroSP.2018.00036"},{"key":"1_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-319-96884-1_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"L Rotem","year":"2018","unstructured":"Rotem, L., Segev, G.: Out-of-band authentication in group messaging: computational, statistical, optimal. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 63\u201389. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_3"},{"key":"1_CR49","unstructured":"Singh, M.: Whatsapp is now delivering roughly 100 billion messages a day (2020). https:\/\/techcrunch.com\/2020\/10\/29\/whatsapp-is-now-delivering-roughly-100-billion-messages-a-day\/"},{"key":"1_CR50","unstructured":"Status: Private, secure communication (2022). https:\/\/status.im"},{"key":"1_CR51","unstructured":"Sylo: Comms for the metaverse (2022). https:\/\/sylo.io"},{"key":"1_CR52","doi-asserted-by":"crossref","unstructured":"Unger, N., et al.: SoK: secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232\u2013249. IEEE Computer Society Press, May 2015","DOI":"10.1109\/SP.2015.22"},{"key":"1_CR53","doi-asserted-by":"crossref","unstructured":"Unger, N., Goldberg, I.: Deniable key exchanges for secure messaging. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 1211\u20131223. ACM Press, October 2015","DOI":"10.1145\/2810103.2813616"},{"issue":"1","key":"1_CR54","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1515\/popets-2018-0003","volume":"2018","author":"N Unger","year":"2018","unstructured":"Unger, N., Goldberg, I.: Improved strongly deniable authenticated key exchanges for secure messaging. PoPETs 2018(1), 21\u201366 (2018)","journal-title":"PoPETs"},{"key":"1_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-030-57878-7_10","volume-title":"Applied Cryptography and Network Security","author":"N Vatandas","year":"2020","unstructured":"Vatandas, N., Gennaro, R., Ithurburn, B., Krawczyk, H.: On the cryptographic deniability of the signal protocol. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020, Part II. LNCS, vol. 12147, pp. 188\u2013209. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-57878-7_10"},{"key":"1_CR56","unstructured":"WhatsApp LLC: About end-to-end encryption (2021). https:\/\/faq.whatsapp.com\/general\/security-and-privacy\/end-to-end-encryption\/"},{"key":"1_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1007\/978-3-030-58208-1_11","volume-title":"Advances in Information and Computer Security","author":"H Yan","year":"2020","unstructured":"Yan, H., Vaudenay, S.: Symmetric asynchronous ratcheted communication with associated data. In: Aoki, K., Kanaoka, A. (eds.) IWSEC 2020. LNCS, vol. 12231, pp. 184\u2013204. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58208-1_11"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-15979-4_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T22:02:21Z","timestamp":1760220141000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-15979-4_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031159787","9783031159794"],"references-count":57,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-15979-4_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"13 October 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"42","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}