{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T06:11:06Z","timestamp":1780553466471,"version":"3.54.1"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031385506","type":"print"},{"value":"9783031385513","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-38551-3_11","type":"book-chapter","created":{"date-parts":[[2023,8,8]],"date-time":"2023-08-08T19:03:06Z","timestamp":1691521386000},"page":"330-361","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Security Analysis of\u00a0the\u00a0WhatsApp End-to-End Encrypted Backup Protocol"],"prefix":"10.1007","author":[{"given":"Gareth T.","family":"Davies","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sebastian","family":"Faller","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kai","family":"Gellert","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tobias","family":"Handirk","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Julia","family":"Hesse","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"M\u00e1t\u00e9","family":"Horv\u00e1th","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tibor","family":"Jager","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2023,8,9]]},"reference":[{"key":"11_CR1","unstructured":"Direct correspondences with Kevin Lewi and other members of the WhatsApp engineering team, 2022\u20132023"},{"key":"11_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-030-17653-2_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"J Alwen","year":"2019","unstructured":"Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 129\u2013158. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_5"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Bagherzandi, A., Jarecki, S., Saxena, N., Lu, Y.: Password-protected secret sharing. In: ACM CCS 2011, pp. 433\u2013444. ACM Press (2011)","DOI":"10.1145\/2046707.2046758"},{"key":"11_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1007\/978-3-319-63697-9_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"M Bellare","year":"2017","unstructured":"Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: the security of messaging. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 619\u2013650. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_21"},{"key":"11_CR5","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"784","DOI":"10.1007\/978-3-031-15802-5_27","volume-title":"CRYPTO 2022, Part I","author":"A Bienstock","year":"2022","unstructured":"Bienstock, A., Fairoze, J., Garg, S., Mukherjee, P., Raghuraman, S.: A more complete analysis of the signal double ratchet algorithm. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part I. LNCS, vol. 13507, pp. 784\u2013813. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-15802-5_27"},{"key":"11_CR6","unstructured":"Bourdrez, D., Krawczyk, D.H., Lewi, K., Wood, C.A.: The OPAQUE Asymmetric PAKE Protocol. Internet-Draft draft-irtf-cfrg-opaque-09, Internet Engineering Task Force (2022). https:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-opaque\/09\/. Work in Progress"},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Brost, J., Egger, C., Lai, R.W.F., Schmid, F., Schr\u00f6der, D., Zoppelt, M.: Threshold password-hardened encryption services. In: ACM CCS 2020, pp. 409\u2013424. ACM Press (2020)","DOI":"10.1145\/3372297.3417266"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Camenisch, J., Lysyanskaya, A., Neven, G.: Practical yet universally composable two-server password-authenticated secret sharing. In: ACM CCS 2012, pp. 525\u2013536. ACM Press (2012)","DOI":"10.1145\/2382196.2382252"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136\u2013145. IEEE Computer Society Press (2001)","DOI":"10.1109\/SFCS.2001.959888"},{"key":"11_CR10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-15979-4_1","volume-title":"CRYPTO 2022, Part II","author":"R Canetti","year":"2022","unstructured":"Canetti, R., Jain, P., Swanberg, M., Varia, M.: Universally composable end-to-end secure messaging. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part II. LNCS, vol. 13508, pp. 3\u201333. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_1"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Casacuberta, S., Hesse, J., Lehmann, A.: SoK: oblivious pseudorandom functions. In: IEEE EuroS &P 2022. IEEE (2022)","DOI":"10.1109\/EuroSP53844.2022.00045"},{"key":"11_CR12","unstructured":"Cathcart, W.: (2022). https:\/\/twitter.com\/wcathcart\/status\/1600603826477617152"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Chase, M., Perrin, T., Zaverucha, G.: The signal private group system and anonymous credentials supporting efficient verifiable encryption. In: ACM CCS 2020, pp. 1445\u20131459. ACM Press (2020)","DOI":"10.1145\/3372297.3417887"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: EuroS &P, pp. 451\u2013466. IEEE (2017)","DOI":"10.1109\/EuroSP.2017.27"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Das, P., Hesse, J., Lehmann, A.: DPaSE: distributed password-authenticated symmetric-key encryption, or how to get many keys from one password. In: ASIACCS 2022, pp. 682\u2013696. ACM Press (2022)","DOI":"10.1145\/3488932.3517389"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Davidson, A., Faz-Hernandez, A., Sullivan, N., Wood, C.A.: Oblivious Pseudorandom Functions (OPRFs) using Prime-Order Groups. Internet-Draft draft-irtf-cfrg-voprf-17, Internet Engineering Task Force (2023). https:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-voprf\/17\/. Work in Progress","DOI":"10.17487\/RFC9497"},{"key":"11_CR17","unstructured":"Davies, G.T., et al.: Security analysis of the whatsapp end-to-end encrypted backup protocol. Cryptology ePrint Archive, Paper 2023\/843 (2023). https:\/\/eprint.iacr.org\/2023\/843"},{"key":"11_CR18","unstructured":"Doussot, G., Lacharit\u00e9, M.S., Schorn, E.: End-to-End Encrypted Backups Security Assessment (2021). https:\/\/research.nccgroup.com\/wp-content\/uploads\/2021\/10\/NCC_Group_WhatsApp_E001000M_Report_2021-10-27_v1.2.pdf"},{"key":"11_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1007\/11818175_9","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"C Gentry","year":"2006","unstructured":"Gentry, C., MacKenzie, P., Ramzan, Z.: A method for making password-based key exchange resilient to server compromise. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 142\u2013159. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11818175_9"},{"key":"11_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/978-3-662-45608-8_13","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"S Jarecki","year":"2014","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H.: Round-optimal password-protected secret sharing and T-PAKE in the password-only model. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 233\u2013253. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45608-8_13"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: Highly-efficient and composable password-protected secret sharing (or: how to protect your bitcoin wallet online). In: IEEE European Symposium on Security and Privacy, EuroS &P 2016, Saarbr\u00fccken, Germany, 21\u201324 March 2016, pp. 276\u2013291. IEEE (2016)","DOI":"10.1109\/EuroSP.2016.30"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Jarecki, S., Krawczyk, H., Resch, J.K.: Updatable oblivious key management for storage systems. In: ACM CCS 2019, pp. 379\u2013393. ACM Press (2019)","DOI":"10.1145\/3319535.3363196"},{"key":"11_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1007\/978-3-319-78372-7_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"S Jarecki","year":"2018","unstructured":"Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 456\u2013486. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_15"},{"key":"11_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"180","DOI":"10.1007\/978-3-030-36033-7_7","volume-title":"Theory of Cryptography","author":"D Jost","year":"2019","unstructured":"Jost, D., Maurer, U., Mularczyk, M.: A unified and composable take on ratcheting. In: Hofheinz, D., Rosen, A. (eds.) TCC 2019, Part II. LNCS, vol. 11892, pp. 180\u2013210. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-36033-7_7"},{"key":"11_CR25","unstructured":"Krawczyk, D.H., Lewi, K., Wood, C.A.: The OPAQUE Asymmetric PAKE Protocol. Internet-Draft draft-irtf-cfrg-opaque-03, Internet Engineering Task Force (2021). https:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-opaque\/03\/. Work in Progress"},{"key":"11_CR26","unstructured":"Lai, R.W.F., Egger, C., Reinert, M., Chow, S.S.M., Maffei, M., Schr\u00f6der, D.: Simple password-hardened encryption services. In: USENIX Security 2018, pp. 1405\u20131421. USENIX Association (2018)"},{"key":"11_CR27","unstructured":"Novak, M.: Paul Manafort Learns That Encrypting Messages Doesn\u2019t Matter If the Feds Have a Warrant to Search Your iCloud Account (2018). https:\/\/gizmodo.com\/paul-manafort-learns-that-encrypting-messages-doesnt-ma-1826561511"},{"key":"11_CR28","unstructured":"Perrin, T.: The noise protocol framework. http:\/\/noiseprotocol.org\/noise.html"},{"key":"11_CR29","doi-asserted-by":"crossref","unstructured":"R\u00f6sler, P., Mainka, C., Schwenk, J.: More is less: on the end-to-end security of group chats in signal, whatsapp, and threema. In: EuroS &P, pp. 415\u2013429. IEEE (2018)","DOI":"10.1109\/EuroSP.2018.00036"},{"key":"11_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-030-57878-7_10","volume-title":"Applied Cryptography and Network Security","author":"N Vatandas","year":"2020","unstructured":"Vatandas, N., Gennaro, R., Ithurburn, B., Krawczyk, H.: On the cryptographic deniability of the signal protocol. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020, Part II. LNCS, vol. 12147, pp. 188\u2013209. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-57878-7_10"},{"key":"11_CR31","unstructured":"WhatsApp: Security of End-to-End Encrypted Backups (2021). https:\/\/www.whatsapp.com\/security\/WhatsApp_Security_Encrypted_Backups_Whitepaper.pdf"},{"key":"11_CR32","unstructured":"WhatsApp: WhatsApp Encryption Overview (2021). https:\/\/www.whatsapp.com\/security\/WhatsApp-Security-Whitepaper.pdf"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-38551-3_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,26]],"date-time":"2025-07-26T22:03:29Z","timestamp":1753567409000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-38551-3_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031385506","9783031385513"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-38551-3_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"9 August 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"43","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"479","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"124","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}