{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T16:47:37Z","timestamp":1755794857454,"version":"3.44.0"},"publisher-location":"Cham","reference-count":55,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032019127","type":"print"},{"value":"9783032019134","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01913-4_4","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T08:22:49Z","timestamp":1755332569000},"page":"109-140","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["$$\\textsf{XHMQV}$$: Better Efficiency and\u00a0Stronger Security for\u00a0Signal\u2019s Initial Handshake based on\u00a0HMQV"],"prefix":"10.1007","author":[{"given":"Rune","family":"Fiedler","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8495-6610","authenticated-orcid":false,"given":"Felix","family":"G\u00fcnther","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7459-6850","authenticated-orcid":false,"given":"Jiaxin","family":"Pan","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8606-3007","authenticated-orcid":false,"given":"Runzhi","family":"Zeng","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"key":"4_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","volume-title":"Topics in Cryptology \u2014 CT-RSA 2001","author":"M Abdalla","year":"2001","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143\u2013158. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45353-9_12"},{"key":"4_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/3-540-46035-7_6","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"JH An","year":"2002","unstructured":"An, J.H., Dodis, Y., Rabin, T.: On the security of joint signature and encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 83\u2013107. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_6"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-45724-2_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"M Bellare","year":"2020","unstructured":"Bellare, M., Davis, H., G\u00fcnther, F.: Separate your domains: NIST PQC KEMs, oracle cloning and read-only indifferentiability. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part II. LNCS, vol. 12106, pp. 3\u201332. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_1"},{"key":"4_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"M Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232\u2013249. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_21"},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11745853_14","volume-title":"Public Key Cryptography - PKC 2006","author":"DJ Bernstein","year":"2006","unstructured":"Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207\u2013228. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11745853_14"},{"key":"4_CR6","unstructured":"Bhargavan, K., Jacomme, C., Kiefer, F., Schmidt, R.: Formal verification of the PQXDH post-quantum key agreement protocol for end-to-end secure messaging. In: Balzarotti, D., Xu, W. (eds.) USENIX Security 2024. USENIX Association (2024). https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/bhargavan"},{"key":"4_CR7","unstructured":"Brendel, J., Fiedler, R., G\u00fcnther, F., Janson, C., Stebila, D.: Post-quantum asynchronous deniable key exchange and the Signal handshake. Cryptology ePrint Archive, Report 2021\/769 (2021). https:\/\/eprint.iacr.org\/2021\/769"},{"key":"4_CR8","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-97131-1_1","volume-title":"PKC 2022, Part II","author":"J Brendel","year":"2022","unstructured":"Brendel, J., Fiedler, R., G\u00fcnther, F., Janson, C., Stebila, D.: Post-quantum asynchronous deniable key exchange and the Signal handshake. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds.) PKC 2022, Part II. LNCS, vol. 13178, pp. 3\u201334. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-030-97131-1_1"},{"key":"4_CR9","unstructured":"Carlini, N., et al.: Extracting training data from diffusion models. In: Calandrino, J.A., Troncoso, C. (eds.) USENIX Security 2023, pp. 5253\u20135270. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/carlini"},{"key":"4_CR10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1007\/978-3-031-30589-4_15","volume-title":"EUROCRYPT 2023, Part V","author":"W Castryck","year":"2023","unstructured":"Castryck, W., Decru, T.: An efficient key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part V. LNCS, vol. 14008, pp. 423\u2013447. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_15"},{"key":"4_CR11","doi-asserted-by":"publisher","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the Signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy, pp. 451\u2013466. IEEE Computer Society Press (2017). https:\/\/doi.org\/10.1109\/EuroSP.2017.27","DOI":"10.1109\/EuroSP.2017.27"},{"issue":"4","key":"4_CR12","doi-asserted-by":"publisher","first-page":"1914","DOI":"10.1007\/s00145-020-09360-1","volume":"33","author":"K Cohn-Gordon","year":"2020","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. J. Cryptol. 33(4), 1914\u20131983 (2020). https:\/\/doi.org\/10.1007\/s00145-020-09360-1","journal-title":"J. Cryptol."},{"key":"4_CR13","unstructured":"Collins, D., Huguenin-Dumittan, L., Nguyen, N.K., Rolin, N., Vaudenay, S.: K-WAAY: fast and deniable post-quantum X3DH without ring signatures. In: Balzarotti, D., Xu, W. (eds.) USENIX Security 2024. USENIX Association (2024). https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/collins"},{"key":"4_CR14","doi-asserted-by":"publisher","unstructured":"Cremers, C., Dax, A., Medinger, N.: Keeping up with the KEMs: stronger security notions for KEMs and automated analysis of KEM-based protocols. In: Luo, B., Liao, X., Xu, J., Kirda, E., Lie, D. (eds.) ACM CCS 2024, pp. 1046\u20131060. ACM Press (2024). https:\/\/doi.org\/10.1145\/3658644.3670283","DOI":"10.1145\/3658644.3670283"},{"key":"4_CR15","unstructured":"Cremers, C., Feltz, M.: One-round strongly secure key exchange with perfect forward secrecy and deniability. Cryptology ePrint Archive, Report 2011\/300 (2011). https:\/\/eprint.iacr.org\/2011\/300"},{"key":"4_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-642-40203-6_20","volume-title":"Computer Security \u2013 ESORICS 2013","author":"\u00d6 Dagdelen","year":"2013","unstructured":"Dagdelen, \u00d6., Fischlin, M., Gagliardoni, T., Marson, G.A., Mittelbach, A., Onete, C.: A cryptographic analysis of OPACITY. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 345\u2013362. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40203-6_20"},{"key":"4_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/978-3-642-27954-6_8","volume-title":"Topics in Cryptology \u2013 CT-RSA 2012","author":"JP Degabriele","year":"2012","unstructured":"Degabriele, J.P., Lehmann, A., Paterson, K.G., Smart, N.P., Strefler, M.: On the joint security of encryption and signature in EMV. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 116\u2013135. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-27954-6_8"},{"key":"4_CR18","doi-asserted-by":"publisher","unstructured":"Di Raimondo, M., Gennaro, R., Krawczyk, H.: Deniable authentication and key exchange. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM CCS 2006, pp. 400\u2013409. ACM Press (2006). https:\/\/doi.org\/10.1145\/1180405.1180454","DOI":"10.1145\/1180405.1180454"},{"key":"4_CR19","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"422","DOI":"10.1007\/978-3-031-17234-2_20","volume-title":"PQCrypto 2022","author":"S Dobson","year":"2022","unstructured":"Dobson, S., Galbraith, S.D.: Post-quantum Signal key agreement from SIDH. In: Cheon, J.H., Johansson, T. (eds.) PQCrypto 2022. LNCS, vol. 13512, pp. 422\u2013450. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-17234-2_20"},{"key":"4_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1007\/978-3-642-00457-5_10","volume-title":"Theory of Cryptography","author":"Y Dodis","year":"2009","unstructured":"Dodis, Y., Katz, J., Smith, A., Walfish, S.: Composability and on-line deniability of authentication. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 146\u2013162. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-00457-5_10"},{"key":"4_CR21","doi-asserted-by":"publisher","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the TLS\u00a01.3 handshake protocol candidates. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 1197\u20131210. ACM Press (2015). https:\/\/doi.org\/10.1145\/2810103.2813653","DOI":"10.1145\/2810103.2813653"},{"key":"4_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1007\/978-3-319-70503-3_17","volume-title":"Theory of Cryptography","author":"M Fersch","year":"2017","unstructured":"Fersch, M., Kiltz, E., Poettering, B.: On the one-per-message unforgeability of\u00a0(EC)DSA and its variants. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017, Part II. LNCS, vol. 10678, pp. 519\u2013534. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70503-3_17"},{"key":"4_CR23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/978-3-031-91823-0_5","volume-title":"PKC 2025, Part II","author":"R Fiedler","year":"2025","unstructured":"Fiedler, R., G\u00fcnther, F.: Security analysis of Signal\u2019s PQXDH handshake. In: Jager, T., Pan, J. (eds.) PKC 2025, Part II. LNCS, vol. 15675, pp. 137\u2013169. Springer, Cham (2025). https:\/\/doi.org\/10.1007\/978-3-031-91823-0_5"},{"key":"4_CR24","unstructured":"Fiedler, R., G\u00fcnther, F., Pan, J., Zeng, R.: XHMQV: better efficiency and stronger security for Signal\u2019s initial handshake based on HMQV. Cryptology ePrint Archive, Paper 2025\/1049 (2025). https:\/\/eprint.iacr.org\/2025\/1049"},{"key":"4_CR25","doi-asserted-by":"publisher","unstructured":"Fiedler, R., Janson, C.: A deniability analysis of Signal\u2019s initial handshake PQXDH. PoPETs 2024(4), 907\u2013928 (2024). https:\/\/doi.org\/10.56553\/popets-2024-0148","DOI":"10.56553\/popets-2024-0148"},{"key":"4_CR26","unstructured":"Fiedler, R., Langrehr, R.: On deniable authentication against malicious verifiers. Cryptology ePrint Archive, Paper 2025\/470 (2025). https:\/\/eprint.iacr.org\/2025\/470"},{"key":"4_CR27","doi-asserted-by":"publisher","unstructured":"Haber, S., Pinkas, B.: Securely combining public-key cryptosystems. In: Reiter, M.K., Samarati, P. (eds.) ACM CCS 2001, pp. 215\u2013224. ACM Press (2001). https:\/\/doi.org\/10.1145\/501983.502013","DOI":"10.1145\/501983.502013"},{"key":"4_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/978-3-030-75248-4_15","volume-title":"Public-Key Cryptography \u2013 PKC 2021","author":"K Hashimoto","year":"2021","unstructured":"Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for Signal\u2019s handshake (X3DH): post-quantum, state leakage secure, and deniable. In: Garay, J.A. (ed.) PKC 2021, Part II. LNCS, vol. 12711, pp. 410\u2013440. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75248-4_15"},{"issue":"3","key":"4_CR29","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/s00145-022-09427-1","volume":"35","author":"K Hashimoto","year":"2022","unstructured":"Hashimoto, K., Katsumata, S., Kwiatkowski, K., Prest, T.: An efficient and generic construction for Signal\u2019s handshake (X3DH): post-quantum, state leakage secure, and deniable. J. Cryptol. 35(3), 17 (2022). https:\/\/doi.org\/10.1007\/s00145-022-09427-1","journal-title":"J. Cryptol."},{"key":"4_CR30","unstructured":"Hashimoto, K., Katsumata, S., Wiggers, T.: Bundled authenticated key exchange: a concrete treatment of (post-quantum) Signal\u2019s handshake protocol. In: 34th USENIX Security Symposium, USENIX Security 2025. USENIX Association (2025, to appear). Available as Cryptology ePrint Archive Report 2025\/040, https:\/\/eprint.iacr.org\/2025\/040"},{"key":"4_CR31","doi-asserted-by":"publisher","unstructured":"Jiang, S.: Timed encryption with application to deniable key exchange. Theor. Comput. Sci. 560, 172\u2013189 (2014). https:\/\/doi.org\/10.1016\/J.TCS.2014.02.005, https:\/\/doi.org\/10.1016\/j.tcs.2014.02.005","DOI":"10.1016\/J.TCS.2014.02.005"},{"key":"4_CR32","doi-asserted-by":"publisher","unstructured":"Jiang, S., Chee, Y.M., Ling, S., Wang, H., Xing, C.: A new framework for deniable secure key exchange. Inf. Comput. 285(Part), 104866 (2022). https:\/\/doi.org\/10.1016\/J.IC.2022.104866","DOI":"10.1016\/J.IC.2022.104866"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/978-3-540-85230-8_4","volume-title":"Financial Cryptography and Data Security","author":"S Jiang","year":"2008","unstructured":"Jiang, S., Safavi-Naini, R.: An efficient deniable key exchange protocol (extended abstract). In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 47\u201352. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85230-8_4"},{"key":"4_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-662-53008-5_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"E Kiltz","year":"2016","unstructured":"Kiltz, E., Masny, D., Pan, J.: Optimal security proofs for signatures from identification schemes. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 33\u201361. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_2"},{"key":"4_CR35","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"645","DOI":"10.1007\/978-3-031-30872-7_25","volume-title":"CT-RSA 2023","author":"E Kiltz","year":"2023","unstructured":"Kiltz, E., Pan, J., Riepel, D., Ringerud, M.: Multi-user CDH problems and the concrete security of NAXOS and HMQV. In: Rosulek, M. (ed.) CT-RSA 2023. LNCS, vol. 13871, pp. 645\u2013671. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30872-7_25"},{"key":"4_CR36","doi-asserted-by":"publisher","unstructured":"Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: 2017 IEEE European Symposium on Security and Privacy, pp. 435\u2013450. IEEE Computer Society Press (2017). https:\/\/doi.org\/10.1109\/EuroSP.2017.38","DOI":"10.1109\/EuroSP.2017.38"},{"key":"4_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/11535218_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"H Krawczyk","year":"2005","unstructured":"Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546\u2013566. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_33"},{"key":"4_CR38","unstructured":"Kret, E., Schmidt, R.: The PQXDH key agreement protocol (2024). https:\/\/signal.org\/docs\/specifications\/pqxdh\/"},{"key":"4_CR39","doi-asserted-by":"publisher","unstructured":"Langley, A., Hamburg, M., Turner, S.: Elliptic Curves for Security. RFC 7748 (Informational) (2016). https:\/\/doi.org\/10.17487\/RFC7748, https:\/\/www.rfc-editor.org\/rfc\/rfc7748.txt","DOI":"10.17487\/RFC7748"},{"issue":"2","key":"4_CR40","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1023\/A:1022595222606","volume":"28","author":"L Law","year":"2003","unstructured":"Law, L., Menezes, A., Qu, M., Solinas, J.A., Vanstone, S.A.: An efficient protocol for authenticated key agreement. DCC 28(2), 119\u2013134 (2003). https:\/\/doi.org\/10.1023\/A:1022595222606","journal-title":"DCC"},{"key":"4_CR41","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"448","DOI":"10.1007\/978-3-031-30589-4_16","volume-title":"EUROCRYPT 2023, Part V","author":"L Maino","year":"2023","unstructured":"Maino, L., Martindale, C., Panny, L., Pope, G., Wesolowski, B.: A direct key recovery attack on SIDH. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part V. LNCS, vol. 14008, pp. 448\u2013471. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_16"},{"key":"4_CR42","unstructured":"Marlinspike, M., Perrin, T.: The X3DH key agreement protocol (2016). https:\/\/signal.org\/docs\/specifications\/x3dh\/"},{"key":"4_CR43","unstructured":"Menezes, A.: Another look at HMQV. Cryptology ePrint Archive, Report 2005\/205 (2005). https:\/\/eprint.iacr.org\/2005\/205"},{"key":"4_CR44","unstructured":"Menezes, A., Qu, M., Vanstone, S.A.: Some new key agreement protocols providing mutual implicit authentication. In: 2nd Workshop on Selected Areas in Cryptography (SAC 1995) (1995)"},{"key":"4_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-642-25385-0_9","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"KG Paterson","year":"2011","unstructured":"Paterson, K.G., Schuldt, J.C.N., Stam, M., Thomson, S.: On the joint security of encryption and signature, revisited. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 161\u2013178. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_9"},{"key":"4_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-030-26948-7_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2019","author":"C Patton","year":"2019","unstructured":"Patton, C., Shrimpton, T.: Security in the presence of key reuse: context-separable interfaces and their applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019, Part I. LNCS, vol. 11692, pp. 738\u2013768. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26948-7_26"},{"key":"4_CR47","unstructured":"Perrin, T.: The XEdDSA and VXEdDSA signature schemes (2016). https:\/\/signal.org\/docs\/specifications\/xeddsa\/"},{"issue":"3","key":"4_CR48","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000). https:\/\/doi.org\/10.1007\/s001450010003","journal-title":"J. Cryptol."},{"key":"4_CR49","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"472","DOI":"10.1007\/978-3-031-30589-4_17","volume-title":"EUROCRYPT 2023, Part V","author":"D Robert","year":"2023","unstructured":"Robert, D.: Breaking SIDH in polynomial time. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part V. LNCS, vol. 14008, pp. 472\u2013503. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_17"},{"key":"4_CR50","unstructured":"Signal: Technical information. https:\/\/signal.org\/docs\/"},{"key":"4_CR51","unstructured":"Thormarker, E.: On using the same key pair for Ed25519 and an X25519 based KEM. Cryptology ePrint Archive, Report 2021\/509 (2021). https:\/\/eprint.iacr.org\/2021\/509"},{"key":"4_CR52","doi-asserted-by":"publisher","unstructured":"Unger, N., Goldberg, I.: Deniable key exchanges for secure messaging. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015, pp. 1211\u20131223. ACM Press (2015). https:\/\/doi.org\/10.1145\/2810103.2813616","DOI":"10.1145\/2810103.2813616"},{"issue":"1","key":"4_CR53","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1515\/popets-2018-0003","volume":"2018","author":"N Unger","year":"2018","unstructured":"Unger, N., Goldberg, I.: Improved strongly deniable authenticated key exchanges for secure messaging. PoPETs 2018(1), 21\u201366 (2018). https:\/\/doi.org\/10.1515\/popets-2018-0003","journal-title":"PoPETs"},{"key":"4_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-030-57878-7_10","volume-title":"Applied Cryptography and Network Security","author":"N Vatandas","year":"2020","unstructured":"Vatandas, N., Gennaro, R., Ithurburn, B., Krawczyk, H.: On the cryptographic deniability of the signal protocol. In: Conti, M., Zhou, J., Casalicchio, E., Spognardi, A. (eds.) ACNS 2020, Part II. LNCS, vol. 12147, pp. 188\u2013209. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-57878-7_10"},{"key":"4_CR55","doi-asserted-by":"publisher","unstructured":"Yao, A.C.C., Zhao, Y.: OAKE: a new family of implicitly authenticated Diffie-Hellman protocols. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 1113\u20131128. ACM Press (2013). https:\/\/doi.org\/10.1145\/2508859.2516695","DOI":"10.1145\/2508859.2516695"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01913-4_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T08:22:52Z","timestamp":1755332572000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01913-4_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032019127","9783032019134"],"references-count":55,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01913-4_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}