{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,2]],"date-time":"2026-07-02T16:35:57Z","timestamp":1783010157936,"version":"3.54.5"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031911002","type":"print"},{"value":"9783031911019","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-91101-9_11","type":"book-chapter","created":{"date-parts":[[2025,4,27]],"date-time":"2025-04-27T21:14:20Z","timestamp":1745788460000},"page":"302-331","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Triple Ratchet: A Bandwidth Efficient Hybrid-Secure Signal Protocol"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1013-6318","authenticated-orcid":false,"given":"Yevgeniy","family":"Dodis","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6562-9665","authenticated-orcid":false,"given":"Daniel","family":"Jost","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8496-0476","authenticated-orcid":false,"given":"Shuichi","family":"Katsumata","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1445-6212","authenticated-orcid":false,"given":"Thomas","family":"Prest","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-6365-8988","authenticated-orcid":false,"given":"Rolfe","family":"Schmidt","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,4,28]]},"reference":[{"key":"11_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-030-17653-2_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"J Alwen","year":"2019","unstructured":"Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 129\u2013158. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_5"},{"key":"11_CR2","unstructured":"Apple Security Engineering and Architecture (SEAR). iMessage with PQ3: The new state of the art in quantum-secure messaging at scale"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., et al.: DY*: a modular symbolic verification framework for executable cryptographic protocol code. In: 2021 IEEE European Symposium on Security and Privacy, Vienna, Austria, pp. 523\u2013542 (2021)","DOI":"10.1109\/EuroSP51992.2021.00042"},{"key":"11_CR4","unstructured":"Bhargavan, K., Jacomme, C., Kiefer, F., Schmidt, R.: Formal Verification of the PQXDH Post-quantum Key Agreement Protocol for End-to-End Secure Messaging, p. 2024. USENIX Security, Philadelphia (2024)"},{"key":"11_CR5","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"784","DOI":"10.1007\/978-3-031-15802-5_27","volume-title":"CRYPTO 2022, Part I","author":"A Bienstock","year":"2022","unstructured":"Bienstock, A., Fairoze, J., Garg, S., Mukherjee, P., Raghuraman, S.: A more complete analysis of the Signal double ratchet algorithm. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part I. LNCS, vol. 13507, pp. 784\u2013813. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15802-5_27"},{"key":"11_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1007\/978-3-030-75248-4_23","volume-title":"Public-Key Cryptography \u2013 PKC 2021","author":"A Caforio","year":"2021","unstructured":"Caforio, A., Durak, F.B., Vaudenay, S.: Beyond security and efficiency: on-demand ratcheting with security awareness. In: Garay, J.A. (ed.) PKC 2021, Part II. LNCS, vol. 12711, pp. 649\u2013677. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75248-4_23"},{"key":"11_CR7","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-15979-4_1","volume-title":"CRYPTO 2022, Part II","author":"R Canetti","year":"2022","unstructured":"Canetti, R., Jain, P., Swanberg, M., Varia, M.: Universally composable end-to-end secure messaging. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part II. LNCS, vol. 13508, pp. 3\u201333. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_1"},{"key":"11_CR8","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/978-3-031-58734-4_9","volume-title":"EUROCRYPT 2024, Part III","author":"S Chen","year":"2024","unstructured":"Chen, S., Fischlin, M.: Integrating causality in messaging channels. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024, Part III. LNCS, vol. 14653, pp. 251\u2013282. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-58734-4_9"},{"issue":"4","key":"11_CR9","doi-asserted-by":"publisher","first-page":"1914","DOI":"10.1007\/s00145-020-09360-1","volume":"33","author":"K Cohn-Gordon","year":"2017","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the Signal messaging protocol. J. Cryptol. 33(4), 1914\u20131983 (2017)","journal-title":"J. Cryptol."},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"Collins, D.,\u00a0Riepel, D., Tran, S.A.O.: On the tight security of the double ratchet. ACM CCS 2024, Salt Lake City, UT, USA, pp. 4747\u20134761 (2024)","DOI":"10.1145\/3658644.3690360"},{"key":"11_CR11","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/978-3-031-68376-3_13","volume-title":"CRYPTO 2024, Part I","author":"R Pino","year":"2024","unstructured":"Pino, R., Katsumata, S., Prest, T., Rossi, M.: Raccoon: a masking-friendly signature proven in the probing model. In: Reyzin, L., Stebila, D. (eds.) CRYPTO 2024, Part I. LNCS, vol. 14920, pp. 409\u2013444. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68376-3_13"},{"key":"11_CR12","unstructured":"Pino, R., et al.: Raccoon. Technical report, National Institute of Standards and Technology (2023). https:\/\/csrc.nist.gov\/Projects\/pqc-dig-sig\/round-1-additional-signatures"},{"key":"11_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-030-20951-3_3","volume-title":"Cyber Security Cryptography and Machine Learning","author":"N Drucker","year":"2019","unstructured":"Drucker, N., Gueron, S.: Continuous key agreement with reduced bandwidth. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds.) CSCML 2019. LNCS, vol. 11527, pp. 33\u201346. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-20951-3_3"},{"key":"11_CR14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"316","DOI":"10.1007\/978-3-031-58754-2_12","volume-title":"EUROCRYPT 2024, Part VII","author":"MF Esgin","year":"2024","unstructured":"Esgin, M.F., Espitau, T., Niot, G., Prest, T., Sakzad, A., Steinfeld, R.: Plover: masking-friendly hash-and-sign lattice signatures. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024, Part VII. LNCS, vol. 14657, pp. 316\u2013345. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-58754-2_12"},{"key":"11_CR15","unstructured":"Gennaro, R.,\u00a0Shoup, V.: A note on an encryption scheme of Kurosawa and Desmedt. Cryptology ePrint Archive, Report 2004\/194"},{"key":"11_CR16","unstructured":"Jacobs, F.: Designing iMessage PQ3: quantum-secure messaging at scale. Invited talk at the Real World Crypto Symposium 2025 (2024)"},{"key":"11_CR17","doi-asserted-by":"publisher","unstructured":"Kim, D.,\u00a0Lee, D.,\u00a0Seo, J.,\u00a0Song, Y.: Toward practical lattice-based proof of knowledge from hint-MLWE. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0V. LNCS, vol. 14085, pp. 549\u2013580. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38554-4_18","DOI":"10.1007\/978-3-031-38554-4_18"},{"key":"11_CR18","doi-asserted-by":"crossref","unstructured":"Kobeissi, N.,\u00a0Bhargavan, K.,\u00a0Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: 2017 IEEE European Symposium on Security and Privacy, EuroS &P 2017, Paris, France, 26\u201328 April 2017, pp. 435\u2013450","DOI":"10.1109\/EuroSP.2017.38"},{"key":"11_CR19","unstructured":"Kret, E.,\u00a0Schmidt, R.: The PQXDH key agreement protocol"},{"key":"11_CR20","doi-asserted-by":"publisher","first-page":"33224","DOI":"10.1109\/ACCESS.2023.3262809","volume":"11","author":"J Lee","year":"2023","unstructured":"Lee, J., Kwon, J., Shin, J.S.: Efficient continuous key agreement with reduced bandwidth from a decomposable KEM. IEEE Access 11, 33224\u201333235 (2023)","journal-title":"IEEE Access"},{"key":"11_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/978-3-642-19074-2_21","volume-title":"Topics in Cryptology \u2013 CT-RSA 2011","author":"R Lindner","year":"2011","unstructured":"Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319\u2013339. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19074-2_21"},{"key":"11_CR22","unstructured":"Linker, F.,\u00a0Sasse, R.,\u00a0Basin, D.: A formal analysis of apple?s iMessage PQ3 protocol. Cryptology ePrint Archive, Paper 2024\/1395"},{"key":"11_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-13190-5_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"V Lyubashevsky","year":"2010","unstructured":"Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1\u201323. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_1"},{"key":"11_CR24","unstructured":"Marlinspike, M.,\u00a0Perrin, T.: The double ratchet algorithm"},{"key":"11_CR25","unstructured":"Marlinspike, M.,\u00a0Perrin, T.: The X3DH key agreement protocol"},{"key":"11_CR26","unstructured":"Schwabe, P., et al.: CRYSTALS-KYBER. Technical report, National Institute of Standards and Technology (2022). https:\/\/csrc.nist.gov\/Projects\/post-quantum-cryptography\/selected-algorithms-2022"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th FOCS, Santa Fe, NM, USA, pp. 124\u2013134 (1994)","DOI":"10.1109\/SFCS.1994.365700"},{"key":"11_CR28","unstructured":"Stebila, D.: Security analysis of the iMessage PQ3 protocol. Cryptology ePrint Archive, Report 2024\/357"},{"key":"11_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-030-57878-7_10","volume-title":"Applied Cryptography and Network Security","author":"N Vatandas","year":"2020","unstructured":"Vatandas, N., Gennaro, R., Ithurburn, B., Krawczyk, H.: On the cryptographic deniability of the signal protocol. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020, Part II. LNCS, vol. 12147, pp. 188\u2013209. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-57878-7_10"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-91101-9_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,27]],"date-time":"2025-04-27T22:02:32Z","timestamp":1745791352000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-91101-9_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031911002","9783031911019"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-91101-9_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"28 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Madrid","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 May 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 May 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}