{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,7]],"date-time":"2025-12-07T13:10:53Z","timestamp":1765113053791,"version":"3.44.0"},"publisher-location":"Cham","reference-count":64,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783032019127"},{"type":"electronic","value":"9783032019134"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01913-4_2","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T08:22:43Z","timestamp":1755332563000},"page":"39-74","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Guarding the\u00a0Signal: Secure Messaging with\u00a0Reverse Firewalls"],"prefix":"10.1007","author":[{"given":"Yevgeniy","family":"Dodis","sequence":"first","affiliation":[]},{"given":"Bernardo","family":"Magri","sequence":"additional","affiliation":[]},{"given":"Noah","family":"Stephens-Davidowitz","sequence":"additional","affiliation":[]},{"given":"Yiannis","family":"Tselekounis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"key":"2_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-030-17653-2_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"J Alwen","year":"2019","unstructured":"Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 129\u2013158. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_5"},{"key":"2_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1007\/978-3-540-85174-5_28","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"J Alwen","year":"2008","unstructured":"Alwen, J., Shelat, A., Visconti, I.: Collusion-free protocols in the mediated model. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 497\u2013514. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85174-5_28"},{"issue":"3","key":"2_CR3","doi-asserted-by":"publisher","first-page":"152","DOI":"10.46586\/tosc.v2019.i3.152-168","volume":"2019","author":"M Armour","year":"2019","unstructured":"Armour, M., Poettering, B.: Substitution attacks against message authentication. IACR Trans. Symm. Cryptol. 2019(3), 152\u2013168 (2019)","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"2_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/978-3-030-21568-2_23","volume-title":"Applied Cryptography and Network Security","author":"G Ateniese","year":"2019","unstructured":"Ateniese, G., Francati, D., Magri, B., Venturi, D.: Public immunization against complete subversion without random oracles. In: Deng, R.H., Gauthier-Uma\u00f1a, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 465\u2013485. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-21568-2_23"},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 364\u2013375. ACM Press (2015)","DOI":"10.1145\/2810103.2813635"},{"key":"2_CR6","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-319-76578-5_12","volume-title":"PKC 2018, Part I","author":"B Auerbach","year":"2018","unstructured":"Auerbach, B., Bellare, M., Kiltz, E.: Public-key encryption resistant to parameter subversion and its realization from efficiently-embeddable groups. In: Abdalla, M., Dahab, R. (eds.) PKC 2018, Part I. LNCS, vol. 10769, pp. 348\u2013377. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76578-5_12"},{"key":"2_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"621","DOI":"10.1007\/978-3-030-64840-4_21","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"F Balli","year":"2020","unstructured":"Balli, F., R\u00f6sler, P., Vaudenay, S.: Determining the core primitive for optimally secure ratcheting. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part III. LNCS, vol. 12493, pp. 621\u2013650. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64840-4_21"},{"key":"2_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"777","DOI":"10.1007\/978-3-662-53890-6_26","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part II. LNCS, vol. 10032, pp. 777\u2013804. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53890-6_26"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Bellare, M., Jaeger, J., Kane, D.: Mass-surveillance without the state: strongly undetectable algorithm-substitution attacks. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 1431\u20131440. ACM Press (2015)","DOI":"10.1145\/2810103.2813681"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-662-44371-2_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"M Bellare","year":"2014","unstructured":"Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 1\u201319. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_1"},{"key":"2_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1007\/978-3-319-63697-9_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"M Bellare","year":"2017","unstructured":"Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: the security of messaging. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 619\u2013650. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_21"},{"key":"2_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1007\/978-3-030-75245-3_23","volume-title":"Public-Key Cryptography \u2013 PKC 2021","author":"P Bemmann","year":"2021","unstructured":"Bemmann, P., Chen, R., Jager, T.: Subversion-resilient public key encryption with practical watchdogs. In: Garay, J.A. (ed.) PKC 2021, Part I. LNCS, vol. 12710, pp. 627\u2013658. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75245-3_23"},{"key":"2_CR13","doi-asserted-by":"crossref","unstructured":"Berndt, S., Liskiewicz, M.: Algorithm substitution attacks from a steganographic perspective. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1649\u20131660. ACM Press (2017)","DOI":"10.1145\/3133956.3133981"},{"key":"2_CR14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"784","DOI":"10.1007\/978-3-031-15802-5_27","volume-title":"CRYPTO 2022, Part I","author":"A Bienstock","year":"2022","unstructured":"Bienstock, A., Fairoze, J., Garg, S., Mukherjee, P., Raghuraman, S.: A more complete analysis of the Signal double ratchet algorithm. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part I. LNCS, vol. 13507, pp. 784\u2013813. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15802-5_27"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Bienstock, A., R\u00f6sler, P., Tang, Y.: ASMESH: anonymous and secure messaging in mesh networks using stronger, anonymous double ratchet. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pp. 1\u201315 (2023)","DOI":"10.1145\/3576915.3616615"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use PGP. In: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, pp. 77\u201384 (2004)","DOI":"10.1145\/1029179.1029200"},{"key":"2_CR17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-97131-1_1","volume-title":"PKC 2022, Part II","author":"J Brendel","year":"2022","unstructured":"Brendel, J., Fiedler, R., G\u00fcnther, F., Janson, C., Stebila, D.: Post-quantum asynchronous deniable key exchange and the Signal handshake. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022, Part II. LNCS, vol. 13178, pp. 3\u201334. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-030-97131-1_1"},{"key":"2_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/978-3-030-81652-0_16","volume-title":"Selected Areas in Cryptography","author":"J Brendel","year":"2021","unstructured":"Brendel, J., Fischlin, M., G\u00fcnther, F., Janson, C., Stebila, D.: Towards post-quantum security for signal\u2019s X3DH handshake. In: Dunkelman, O., Jacobson, Jr., M.J., O\u2019Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 404\u2013430. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-81652-0_16"},{"key":"2_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1007\/978-3-030-75248-4_23","volume-title":"Public-Key Cryptography \u2013 PKC 2021","author":"A Caforio","year":"2021","unstructured":"Caforio, A., Durak, F.B., Vaudenay, S.: Beyond security and efficiency: on-demand ratcheting with security awareness. In: Garay, J.A. (ed.) PKC 2021, Part II. LNCS, vol. 12711, pp. 649\u2013677. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75248-4_23"},{"key":"2_CR20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-15979-4_1","volume-title":"CRYPTO 2022, Part II","author":"R Canetti","year":"2022","unstructured":"Canetti, R., Jain, P., Swanberg, M., Varia, M.: Universally composable end-to-end secure messaging. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part II. LNCS, vol. 13508, pp. 3\u201333. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15979-4_1"},{"key":"2_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"732","DOI":"10.1007\/978-3-030-56880-1_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"S Chakraborty","year":"2020","unstructured":"Chakraborty, S., Dziembowski, S., Nielsen, J.B.: Reverse\u00a0firewalls\u00a0for\u00a0actively\u00a0secure\u00a0MPCs. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part II. LNCS, vol. 12171, pp. 732\u2013762. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56880-1_26"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/978-3-030-92075-3_12","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"S Chakraborty","year":"2021","unstructured":"Chakraborty, S., Ganesh, C., Pancholi, M., Sarkar, P.: Reverse firewalls for adaptively secure MPC without setup. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part II. LNCS, vol. 13091, pp. 335\u2013364. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92075-3_12"},{"key":"2_CR23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1007\/978-3-031-06944-4_10","volume-title":"EUROCRYPT 2022, Part I","author":"S Chakraborty","year":"2022","unstructured":"Chakraborty, S., Magri, B., Nielsen, J.B., Venturi, D.: Universally composable subversion-resilient cryptography. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part I. LNCS, vol. 13275, pp. 272\u2013302. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-06944-4_10"},{"key":"2_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"844","DOI":"10.1007\/978-3-662-53887-6_31","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"R Chen","year":"2016","unstructured":"Chen, R., Mu, Y., Yang, G., Susilo, W., Guo, F., Zhang, M.: Cryptographic reverse firewall via malleable smooth projective hash functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 844\u2013876. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_31"},{"key":"2_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/978-3-030-17253-4_8","volume-title":"Public-Key Cryptography \u2013 PKC 2019","author":"SSM Chow","year":"2019","unstructured":"Chow, S.S.M., Russell, A., Tang, Q., Yung, M., Zhao, Y., Zhou, H.-S.: Let a non-barking watchdog bite: cliptographic signatures with an offline watchdog. In: Lin, D., Sako, K. (eds.) PKC 2019, Part I. LNCS, vol. 11442, pp. 221\u2013251. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17253-4_8"},{"issue":"4","key":"2_CR26","doi-asserted-by":"publisher","first-page":"1914","DOI":"10.1007\/s00145-020-09360-1","volume":"33","author":"K Cohn-Gordon","year":"2020","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the Signal messaging protocol. J. Cryptol. 33(4), 1914\u20131983 (2020)","journal-title":"J. Cryptol."},{"key":"2_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1007\/978-3-662-48116-5_28","volume-title":"Fast Software Encryption","author":"JP Degabriele","year":"2015","unstructured":"Degabriele, J.P., Farshim, P., Poettering, B.: A more cautious approach to security against mass surveillance. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 579\u2013598. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48116-5_28"},{"key":"2_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"403","DOI":"10.1007\/978-3-662-53018-4_15","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"JP Degabriele","year":"2016","unstructured":"Degabriele, J.P., Paterson, K.G., Schuldt, J.C.N., Woodage, J.: Backdoors in pseudorandom number generators: possibility and impossibility results. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 403\u2013432. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_15"},{"key":"2_CR29","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"422","DOI":"10.1007\/978-3-031-17234-2_20","volume-title":"PQCrypto 2022","author":"S Dobson","year":"2022","unstructured":"Dobson, S., Galbraith, S.D.: Post-quantum signal key agreement from SIDH. In: Cheon, J.H., Johansson, T. (eds.) PQCrypto 2022. LNCS, vol. 13512, pp. 422\u2013450. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-17234-2_20"},{"key":"2_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-662-46800-5_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"Y Dodis","year":"2015","unstructured":"Dodis, Y., Ganesh, C., Golovnev, A., Juels, A., Ristenpart, T.: A formal treatment of backdoored pseudorandom generators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 101\u2013126. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_5"},{"key":"2_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-662-53018-4_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"Y Dodis","year":"2016","unstructured":"Dodis, Y., Mironov, I., Stephens-Davidowitz, N.: Message transmission with reverse firewalls\u2014secure communication on corrupted machines. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 341\u2013372. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_13"},{"key":"2_CR32","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/978-3-031-17146-8_18","volume-title":"ESORICS 2022, Part II","author":"B Dowling","year":"2022","unstructured":"Dowling, B., G\u00fcnther, F., Poirrier, A.: Continuous authentication in secure messaging. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS 2022, Part II. LNCS, vol. 13555, pp. 361\u2013381. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-17146-8_18"},{"key":"2_CR33","unstructured":"Dowling, B., Hale, B.: There can be no compromise: The necessity of ratcheted authentication in secure messaging. Cryptology ePrint Archive, Report 2020\/541 (2020)"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Dowling, B., Hale, B.: Secure messaging authentication against active man-in-the-middle attacks. In: 2021 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 54\u201370. IEEE (2021)","DOI":"10.1109\/EuroSP51992.2021.00015"},{"key":"2_CR35","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/978-3-031-22969-5_5","volume-title":"ASIACRYPT 2022, Part III","author":"B Dowling","year":"2022","unstructured":"Dowling, B., Hauck, E., Riepel, D., R\u00f6sler, P.: Strongly anonymous ratcheted key exchange. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022, Part III. LNCS, vol. 13793, pp. 119\u2013150. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22969-5_5"},{"key":"2_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-030-26834-3_20","volume-title":"Advances in Information and Computer Security","author":"FB Durak","year":"2019","unstructured":"Durak, F.B., Vaudenay, S.: Bidirectional asynchronous ratcheted key agreement with linear complexity. In: Attrapadung, N., Yagi, T. (eds.) IWSEC 2019. LNCS, vol. 11689, pp. 343\u2013362. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26834-3_20"},{"key":"2_CR37","doi-asserted-by":"crossref","unstructured":"Fischlin, M., Janson, C., Mazaheri, S.: Backdoored hash functions: immunizing HMAC and HKDF. In: Chong, S. Delaune, S. (eds.) CSF 2018 Computer Security Foundations Symposium, pp. 105\u2013118. IEEE Computer Society Press (2018)","DOI":"10.1109\/CSF.2018.00015"},{"key":"2_CR38","unstructured":"Ganesh, C., Magri, B., Venturi, D.: Cryptographic reverse firewalls for interactive proof systems. In; Czumaj, A., Dawar, A., Merelli, E. (eds.) ICALP 2020. LIPIcs, vol. 168, pp. 55:1\u201355:16. Schloss Dagstuhl (2020)"},{"key":"2_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-3-319-26823-1_4","volume-title":"Cryptology and Network Security","author":"I Giacomelli","year":"2015","unstructured":"Giacomelli, I., Olimid, R.F., Ranellucci, S.: Security of linear secret-sharing schemes against mass surveillance. In: Reiter, M., Naccache, D. (eds.) CANS 2015. LNCS, vol. 9476, pp. 43\u201358. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26823-1_4"},{"key":"2_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/978-3-030-75248-4_15","volume-title":"Public-Key Cryptography \u2013 PKC 2021","author":"K Hashimoto","year":"2021","unstructured":"Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for signal\u2019s handshake (X3DH): post-quantum, state leakage secure, and deniable. In: Garay, J.A. (ed.) PKC 2021, Part II. LNCS, vol. 12711, pp. 410\u2013440. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75248-4_15"},{"issue":"3","key":"2_CR41","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/s00145-022-09427-1","volume":"35","author":"K Hashimoto","year":"2022","unstructured":"Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for Signal\u2019s handshake (X3DH): post-quantum, state leakage secure, and deniable. J. Cryptol. 35(3), 17 (2022)","journal-title":"J. Cryptol."},{"key":"2_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-319-96884-1_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"J Jaeger","year":"2018","unstructured":"Jaeger, J., Stepanovs, I.: Optimal channel security against fine-grained state compromise: the safety of messaging. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 33\u201362. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_2"},{"key":"2_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-030-17653-2_6","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"D Jost","year":"2019","unstructured":"Jost, D., Maurer, U., Mularczyk, M.: Efficient ratcheting: almost-optimal guarantees for secure messaging. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 159\u2013188. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_6"},{"key":"2_CR44","doi-asserted-by":"crossref","unstructured":"Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: 2017 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 435\u2013450. IEEE (2017)","DOI":"10.1109\/EuroSP.2017.38"},{"key":"2_CR45","unstructured":"Kostyuk, N., Landau, S.: Dueling over DUAL_EC_DRBG: the consequences of corrupting a cryptographic standardization process. Harvard Nat. Secur. J. (2022)"},{"key":"2_CR46","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-981-96-0957-4_10","volume-title":"ProvSec 2023, Part II","author":"J Liu","year":"2024","unstructured":"Liu, J., Chen, R., Wang, Y., Tang, X., Su, J.: Subversion-resilient authenticated key exchange with reverse firewalls. In: Liu, J.K., Chen, L., Sun, S.-F., Liu, X. (eds.) ProvSec 2023, Part II. LNCS, vol. 14904, pp. 181\u2013200. Springer, Singapore (2024). https:\/\/doi.org\/10.1007\/978-981-96-0957-4_10"},{"key":"2_CR47","unstructured":"Marlinspike, M., Perrin, T.:. The double ratchet algorithm (2016). https:\/\/whispersystems.org\/docs\/specifications\/doubleratchet\/doubleratchet.pdf"},{"key":"2_CR48","unstructured":"Marlinspike, M., Perrin, T.: The x3dh key agreement protocol (2016). https:\/\/signal.org\/docs\/specifications\/x3dh\/x3dh.pdf"},{"key":"2_CR49","unstructured":"Miller, G.: The intelligence coup of the century (2020). https:\/\/www.washingtonpost.com\/graphics\/2020\/world\/national-security\/cia-crypto-encryption-machines-espionage\/"},{"key":"2_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"657","DOI":"10.1007\/978-3-662-46803-6_22","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"I Mironov","year":"2015","unstructured":"Mironov, I., Stephens-Davidowitz, N.: Cryptographic reverse firewalls. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 657\u2013686. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46803-6_22"},{"key":"2_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-96884-1_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"B Poettering","year":"2018","unstructured":"Poettering, B., R\u00f6sler, P.: Towards bidirectional ratcheted key exchange. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 3\u201332. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_1"},{"key":"2_CR52","unstructured":"Ringerud, M.: Note on subversion-resilient key exchange. Cryptology ePrint Archive, Report 2023\/749 (2023)"},{"key":"2_CR53","unstructured":"Robertson, J., Riley, M.: The big hack: how china used a tiny chip to infiltrate U.S. companies (2018). https:\/\/www.bloomberg.com\/news\/features\/2018-10-04\/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies"},{"key":"2_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-662-53890-6_2","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"A Russell","year":"2016","unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Cliptography: clipping the power of kleptographic attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part II. LNCS, vol. 10032, pp. 34\u201364. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53890-6_2"},{"key":"2_CR55","doi-asserted-by":"crossref","unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Generic semantic security against a kleptographic adversary. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 907\u2013922. ACM Press (2017)","DOI":"10.1145\/3133956.3133993"},{"key":"2_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/978-3-319-96881-0_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"A Russell","year":"2018","unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Correcting subverted random oracles. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 241\u2013271. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_9"},{"key":"2_CR57","doi-asserted-by":"crossref","unstructured":"Simmons, G.J.: The prisoners\u2019 problem and the subliminal channel. In: Chaum, D. (eds.), CRYPTO\u201983, pp. 51\u201367. Plenum Press, New York (1983)","DOI":"10.1007\/978-1-4684-4730-9_5"},{"key":"2_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/3-540-39568-7_32","volume-title":"Advances in Cryptology","author":"GJ Simmons","year":"1985","unstructured":"Simmons, G.J.: Authentication theory\/coding theory. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 411\u2013431. Springer, Heidelberg (1985). https:\/\/doi.org\/10.1007\/3-540-39568-7_32"},{"key":"2_CR59","unstructured":"O. W. Systems. The signal application (2023). https:\/\/github.com\/signalapp"},{"key":"2_CR60","doi-asserted-by":"crossref","unstructured":"Unger, N., Goldberg, I.: Deniable key exchanges for secure messaging. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 1211\u20131223. ACM Press (2015)","DOI":"10.1145\/2810103.2813616"},{"issue":"1","key":"2_CR61","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1515\/popets-2018-0003","volume":"2018","author":"N Unger","year":"2018","unstructured":"Unger, N., Goldberg, I.: Improved strongly deniable authenticated key exchanges for secure messaging. PoPETs 2018(1), 21\u201366 (2018)","journal-title":"PoPETs"},{"key":"2_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-030-57878-7_10","volume-title":"Applied Cryptography and Network Security","author":"N Vatandas","year":"2020","unstructured":"Vatandas, N., Gennaro, R., Ithurburn, B., Krawczyk, H.: On the cryptographic deniability of the signal protocol. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020, Part II. LNCS, vol. 12147, pp. 188\u2013209. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-57878-7_10"},{"key":"2_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/3-540-68697-5_8","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"A Young","year":"1996","unstructured":"Young, A., Yung, M.: The dark side of \u201cBlack-Box\u2019\u2019 cryptography or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89\u2013103. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_8"},{"key":"2_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/3-540-69053-0_6","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201997","author":"A Young","year":"1997","unstructured":"Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62\u201374. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_6"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01913-4_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T14:56:19Z","timestamp":1757429779000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01913-4_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032019127","9783032019134"],"references-count":64,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01913-4_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}