{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T17:13:21Z","timestamp":1778087601535,"version":"3.51.4"},"publisher-location":"Cham","reference-count":58,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032253163","type":"print"},{"value":"9783032253170","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-25317-0_2","type":"book-chapter","created":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T16:39:29Z","timestamp":1778085569000},"page":"34-65","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Group Key Progression: Strong Security for\u00a0Shared Persistent Data"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8677-8301","authenticated-orcid":false,"given":"Matilda","family":"Backendal","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4864-1125","authenticated-orcid":false,"given":"David","family":"Balb\u00e1s","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8796-5064","authenticated-orcid":false,"given":"Miro","family":"Haller","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,7]]},"reference":[{"key":"2_CR1","doi-asserted-by":"publisher","unstructured":"Albrecht, M.R., Backendal, M., Coppola, D., Paterson, K.G.: Share with care: breaking E2EE in nextcloud. In: 2024 IEEE European Symposium on Security and Privacy, pp. 828\u2013840. IEEE Computer Society Press (2024). https:\/\/doi.org\/10.1109\/EuroSP60621.2024.00051","DOI":"10.1109\/EuroSP60621.2024.00051"},{"key":"2_CR2","doi-asserted-by":"publisher","unstructured":"Albrecht, M.R., Dowling, B., Jones, D.: Device-oriented group messaging: a formal cryptographic analysis of matrix\u2019 core. In: 2024 IEEE Symposium on Security and Privacy, pp. 2666\u20131685. IEEE Computer Society Press (2024). https:\/\/doi.org\/10.1109\/SP54263.2024.00075","DOI":"10.1109\/SP54263.2024.00075"},{"key":"2_CR3","doi-asserted-by":"publisher","unstructured":"Albrecht, M.R., Haller, M., Marekov\u00e1, L., Paterson, K.G.: Caveat implementor! Key recovery attacks on MEGA. In: Hazay, C., Stam, M. (eds.) EUROCRYPT\u00a02023, Part\u00a0V. LNCS, vol. 14008, pp. 190\u2013218. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_7","DOI":"10.1007\/978-3-031-30589-4_7"},{"key":"2_CR4","doi-asserted-by":"publisher","unstructured":"Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the Signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT\u00a02019, Part\u00a0I. LNCS, vol. 11476, pp. 129\u2013158. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_5","DOI":"10.1007\/978-3-030-17653-2_5"},{"key":"2_CR5","doi-asserted-by":"publisher","unstructured":"Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Security analysis and improvements for the IETF MLS standard for group messaging. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO\u00a02020, Part\u00a0I. LNCS, vol. 12170, pp. 248\u2013277. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56784-2_9","DOI":"10.1007\/978-3-030-56784-2_9"},{"key":"2_CR6","doi-asserted-by":"publisher","unstructured":"Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Modular design of secure group messaging protocols and the security of MLS. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021. pp. 1463\u20131483. ACM Press (2021). https:\/\/doi.org\/10.1145\/3460120.3484820","DOI":"10.1145\/3460120.3484820"},{"key":"2_CR7","doi-asserted-by":"publisher","unstructured":"Alwen, J., Coretti, S., Jost, D., Mularczyk, M.: Continuous group key agreement with active security. In: Pass, R., Pietrzak, K. (eds.) TCC\u00a02020, Part\u00a0II. LNCS, vol. 12551, pp. 261\u2013290. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64378-2_10","DOI":"10.1007\/978-3-030-64378-2_10"},{"key":"2_CR8","doi-asserted-by":"publisher","unstructured":"Alwen, J., Hartmann, D., Kiltz, E., Mularczyk, M.: Server-aided continuous group key agreement. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) ACM CCS 2022. pp. 69\u201382. ACM Press (2022). https:\/\/doi.org\/10.1145\/3548606.3560632","DOI":"10.1145\/3548606.3560632"},{"key":"2_CR9","unstructured":"Backendal, M., Balb\u00e1s, D., Haller, M.: Group key progression: strong security for shared persistent data. Cryptology ePrint Archive (2025). https:\/\/eprint.iacr.org\/2025\/1028"},{"key":"2_CR10","doi-asserted-by":"publisher","unstructured":"Backendal, M., Bellare, M., G\u00fcnther, F., Scarlata, M.: When messages are keys: is HMAC a dual-PRF? In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0III. LNCS, vol. 14083, pp. 661\u2013693. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38548-3_22","DOI":"10.1007\/978-3-031-38548-3_22"},{"key":"2_CR11","doi-asserted-by":"publisher","unstructured":"Backendal, M., Davis, H., G\u00fcnther, F., Haller, M., Paterson, K.G.: A formal treatment of end-to-end encrypted cloud storage. In: Reyzin, L., Stebila, D. (eds.) CRYPTO\u00a02024, Part\u00a0II. LNCS, vol. 14921, pp. 40\u201374. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68379-4_2","DOI":"10.1007\/978-3-031-68379-4_2"},{"key":"2_CR12","doi-asserted-by":"publisher","unstructured":"Backendal, M., G\u00fcnther, F., Paterson, K.G.: Puncturable key wrapping and its applications. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0II. LNCS, vol. 13792, pp. 651\u2013681. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22966-4_22","DOI":"10.1007\/978-3-031-22966-4_22"},{"key":"2_CR13","doi-asserted-by":"publisher","unstructured":"Backendal, M., Haller, M., Paterson, K.G.: MEGA: malleable encryption goes awry. In: 2023 IEEE Symposium on Security and Privacy, pp. 146\u2013163. IEEE Computer Society Press (2023). https:\/\/doi.org\/10.1109\/SP46215.2023.10179290","DOI":"10.1109\/SP46215.2023.10179290"},{"key":"2_CR14","doi-asserted-by":"publisher","unstructured":"Backes, M., Cachin, C., Oprea, A.: Secure key-updating for lazy revocation. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS\u00a02006. LNCS, vol.\u00a04189, pp. 327\u2013346. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11863908_21","DOI":"10.1007\/11863908_21"},{"key":"2_CR15","doi-asserted-by":"publisher","unstructured":"Balb\u00e1s, D., Collins, D., Gajland, P.: WhatsUpp with sender keys? Analysis, improvements and security proofs. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT\u00a02023, Part\u00a0V. LNCS, vol. 14442, pp. 307\u2013341. Springer, Singapore (2023). https:\/\/doi.org\/10.1007\/978-981-99-8733-7_10","DOI":"10.1007\/978-981-99-8733-7_10"},{"key":"2_CR16","unstructured":"Balb\u00e1s, D., Collins, D., Vaudenay, S.: Cryptographic administration for secure group messaging. In: Calandrino, J.A., Troncoso, C. (eds.) USENIX Security 2023, pp. 1253\u20131270. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/balbas"},{"key":"2_CR17","doi-asserted-by":"publisher","unstructured":"Barnes, R., Beurdouche, B., Robert, R., Millican, J., Omara, E., Cohn-Gordon, K.: The messaging layer security (MLS) protocol. RFC 9420 (2023). https:\/\/doi.org\/10.17487\/RFC9420. https:\/\/www.rfc-editor.org\/info\/rfc9420","DOI":"10.17487\/RFC9420"},{"key":"2_CR18","doi-asserted-by":"publisher","unstructured":"Barooti, K., Collins, D., Colombo, S., Huguenin-Dumittan, L., Vaudenay, S.: On active attack detection in messaging with immediate decryption. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0IV. LNCS, vol. 14084, pp. 362\u2013395. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38551-3_12","DOI":"10.1007\/978-3-031-38551-3_12"},{"key":"2_CR19","doi-asserted-by":"publisher","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol.\u00a01109, pp. 1\u201315. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_1","DOI":"10.1007\/3-540-68697-5_1"},{"key":"2_CR20","unstructured":"Bellare, M., Lysyanskaya, A.: Symmetric and dual PRFs from standard assumptions: a generic validation of an HMAC assumption. Cryptology ePrint Archive, Report 2015\/1198 (2015). https:\/\/eprint.iacr.org\/2015\/1198"},{"issue":"4","key":"2_CR21","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/s00145-024-09513-6","volume":"37","author":"M Bellare","year":"2024","unstructured":"Bellare, M., Lysyanskaya, A.: Symmetric and dual PRFs from standard assumptions: a generic validation of a prevailing assumption. J. Cryptol. 37(4), 33 (2024). https:\/\/doi.org\/10.1007\/s00145-024-09513-6","journal-title":"J. Cryptol."},{"key":"2_CR22","doi-asserted-by":"publisher","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol.\u00a04004, pp. 409\u2013426. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_25","DOI":"10.1007\/11761679_25"},{"key":"2_CR23","doi-asserted-by":"publisher","unstructured":"Bessani, A., Correia, M., Quaresma, B., Andr\u00e9, F., Sousa, P.: Depsky: dependable and secure storage in a cloud-of-clouds. ACM Trans. Storage 9(4) (2013). https:\/\/doi.org\/10.1145\/2535929","DOI":"10.1145\/2535929"},{"key":"2_CR24","doi-asserted-by":"publisher","unstructured":"Bienstock, A., Dodis, Y., Garg, S., Grogan, G., Hajiabadi, M., R\u00f6sler, P.: On the worst-case inefficiency of CGKA. In: Kiltz, E., Vaikuntanathan, V. (eds.) TCC\u00a02022, Part\u00a0II. LNCS, vol. 13748, pp. 213\u2013243. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22365-5_8","DOI":"10.1007\/978-3-031-22365-5_8"},{"key":"2_CR25","doi-asserted-by":"publisher","unstructured":"Boneh, D., Lewi, K., Montgomery, H.W., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO\u00a02013, Part\u00a0I. LNCS, vol.\u00a08042, pp. 410\u2013428. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_23","DOI":"10.1007\/978-3-642-40041-4_23"},{"key":"2_CR26","doi-asserted-by":"publisher","unstructured":"Boyd, C., Davies, G.T., Gj\u00f8steen, K., Jiang, Y.: Fast and secure updatable encryption. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO\u00a02020, Part\u00a0I. LNCS, vol. 12170, pp. 464\u2013493. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56784-2_16","DOI":"10.1007\/978-3-030-56784-2_16"},{"key":"2_CR27","unstructured":"Burkhalter, L., Hithnawi, A., Viand, A., Shafagh, H., Ratnasamy, S.: TimeCrypt: encrypted data stream processing at scale with cryptographic access control. In: 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2020), pp. 835\u2013850. USENIX Association, Santa Clara, CA (2020). https:\/\/www.usenix.org\/conference\/nsdi20\/presentation\/burkhalter"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Chen, D., et al.: Flexible and fine-grained access control for EHR in blockchain-assisted e-healthcare systems. IEEE Internet Things J. (2023)","DOI":"10.1109\/JIOT.2023.3328382"},{"key":"2_CR29","doi-asserted-by":"publisher","unstructured":"Chen, L., Guo, H., Li, Y.N., Tang, Q.: Efficient secure storage with version control and key rotation. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT\u00a02023, Part\u00a0VI. LNCS, vol. 14443, pp. 168\u2013198. Springer, Singapore (2023). https:\/\/doi.org\/10.1007\/978-981-99-8736-8_6","DOI":"10.1007\/978-981-99-8736-8_6"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"Chen, W., Hoang, T., Guajardo, J., Yavuz, A.A.: Titanium: a metadata-hiding file-sharing system with malicious security. In: NDSS\u00a02022. The Internet Society (2022)","DOI":"10.14722\/ndss.2022.24161"},{"key":"2_CR31","doi-asserted-by":"publisher","unstructured":"Davies, G.T., et al.: Security analysis of the WhatsApp end-to-end encrypted backup protocol. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0IV. LNCS, vol. 14084, pp. 330\u2013361. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38551-3_11","DOI":"10.1007\/978-3-031-38551-3_11"},{"key":"2_CR32","doi-asserted-by":"publisher","unstructured":"Devigne, J., Duguey, C., Fouque, P.A.: MLS group messaging: how zero-knowledge can secure updates. In: Bertino, E., Shulman, H., Waidner, M. (eds.) ESORICS\u00a02021, Part\u00a0II. LNCS, vol. 12973, pp. 587\u2013607. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-88428-4_29","DOI":"10.1007\/978-3-030-88428-4_29"},{"key":"2_CR33","doi-asserted-by":"publisher","unstructured":"Dodis, Y., Jost, D.: Compact key storage in the standard model. In: Boyle, E., Mahmoody, M. (eds.) TCC\u00a02024, Part\u00a0I. LNCS, vol. 15364, pp. 444\u2013475. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-78011-0_15","DOI":"10.1007\/978-3-031-78011-0_15"},{"key":"2_CR34","doi-asserted-by":"publisher","unstructured":"Dodis, Y., Jost, D., Marcedone, A.: Compact key storage - a modern approach to key backup and delegation. In: Reyzin, L., Stebila, D. (eds.) CRYPTO\u00a02024, Part\u00a0II. LNCS, vol. 14921, pp. 75\u2013109. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68379-4_3","DOI":"10.1007\/978-3-031-68379-4_3"},{"key":"2_CR35","doi-asserted-by":"publisher","unstructured":"Everspaugh, A., Paterson, K.G., Ristenpart, T., Scott, S.: Key rotation for authenticated encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO\u00a02017, Part\u00a0III. LNCS, vol. 10403, pp. 98\u2013129. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_4","DOI":"10.1007\/978-3-319-63697-9_4"},{"key":"2_CR36","unstructured":"Fu, K., Kamara, S., Kohno, Y.: Key regression: enabling efficient key distribution for secure distributed storage. In: NDSS\u00a02006. The Internet Society (2006)"},{"key":"2_CR37","unstructured":"Goh, E.J., Shacham, H., Modadugu, N., Boneh, D.: SiRiUS: securing remote untrusted storage. In: NDSS\u00a02003. The Internet Society (2003)"},{"key":"2_CR38","doi-asserted-by":"publisher","unstructured":"Goldreich, O.: Towards a theory of software protection and simulation by oblivious RAMs. In: Aho, A. (ed.) 19th ACM STOC, pp. 182\u2013194. ACM Press (1987). https:\/\/doi.org\/10.1145\/28395.28416","DOI":"10.1145\/28395.28416"},{"key":"2_CR39","doi-asserted-by":"publisher","unstructured":"Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions (extended abstract). In: 25th FOCS, pp. 464\u2013479. IEEE Computer Society Press (1984). https:\/\/doi.org\/10.1109\/SFCS.1984.715949","DOI":"10.1109\/SFCS.1984.715949"},{"issue":"4","key":"2_CR40","doi-asserted-by":"publisher","first-page":"792","DOI":"10.1145\/6490.6503","volume":"33","author":"O Goldreich","year":"1986","unstructured":"Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792\u2013807 (1986). https:\/\/doi.org\/10.1145\/6490.6503","journal-title":"J. ACM"},{"key":"2_CR41","doi-asserted-by":"publisher","unstructured":"Hashimoto, K., Katsumata, S., Postlethwaite, E., Prest, T., Westerbaan, B.: A concrete treatment of efficient continuous group key agreement via multi-recipient PKEs. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 1441\u20131462. ACM Press (2021). https:\/\/doi.org\/10.1145\/3460120.3484817","DOI":"10.1145\/3460120.3484817"},{"key":"2_CR42","doi-asserted-by":"publisher","unstructured":"Heninger, N., Ryan, K.: The hidden number problem with small unknown multipliers: cryptanalyzing MEGA in six queries and other applications. In: Boldyreva, A., Kolesnikov, V. (eds.) PKC\u00a02023, Part\u00a0I. LNCS, vol. 13940, pp. 147\u2013176. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-31368-4_6","DOI":"10.1007\/978-3-031-31368-4_6"},{"key":"2_CR43","doi-asserted-by":"publisher","unstructured":"Hofmann, J., Truong, K.T.: End-to-end encrypted cloud storage in the wild: a broken ecosystem. In: Luo, B., Liao, X., Xu, J., Kirda, E., Lie, D. (eds.) ACM CCS 2024, pp. 3988\u20134001. ACM Press (2024). https:\/\/doi.org\/10.1145\/3658644.3690309","DOI":"10.1145\/3658644.3690309"},{"key":"2_CR44","unstructured":"Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: Plutus: scalable secure file sharing on untrusted storage. In: Proceedings of the 2nd USENIX Conference on File and Storage Technologies, FAST 2003, pp. 29\u201342. USENIX Association, USA (2003)"},{"key":"2_CR45","doi-asserted-by":"publisher","unstructured":"Klein, K., et al.: Keep the dirt: tainted TreeKEM, adaptively and actively secure continuous group key agreement. In: 2021 IEEE Symposium on Security and Privacy, pp. 268\u2013284. IEEE Computer Society Press (2021). https:\/\/doi.org\/10.1109\/SP40001.2021.00035","DOI":"10.1109\/SP40001.2021.00035"},{"key":"2_CR46","doi-asserted-by":"publisher","unstructured":"Kloo\u00df, M., Lehmann, A., Rupp, A.: (R)CCA secure updatable encryption with integrity protection. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT\u00a02019, Part\u00a0I. LNCS, vol. 11476, pp. 68\u201399. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_3","DOI":"10.1007\/978-3-030-17653-2_3"},{"key":"2_CR47","doi-asserted-by":"publisher","unstructured":"Lehmann, A., Tackmann, B.: Updatable encryption with post-compromise security. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT\u00a02018, Part\u00a0III. LNCS, vol. 10822, pp. 685\u2013716. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_22","DOI":"10.1007\/978-3-319-78372-7_22"},{"key":"2_CR48","doi-asserted-by":"crossref","unstructured":"Li, J., Krohn, M., Mazi\u00e8res, D., Shasha, D.: Secure untrusted data repository (SUNDR). In: 6th Symposium on Operating Systems Design & Implementation (OSDI 2004). USENIX Association, San Francisco, CA (2004). https:\/\/www.usenix.org\/conference\/osdi-04\/secure-untrusted-data-repository-sundr","DOI":"10.21236\/ADA445862"},{"key":"2_CR49","doi-asserted-by":"publisher","unstructured":"Marson, G.A., Poettering, B.: Practical secure logging: seekable sequential key generators. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS\u00a02013. LNCS, vol.\u00a08134, pp. 111\u2013128. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40203-6_7","DOI":"10.1007\/978-3-642-40203-6_7"},{"key":"2_CR50","doi-asserted-by":"publisher","unstructured":"Marson, G.A., Poettering, B.: Even more practical secure logging: tree-based seekable sequential key generators. In: Kutylowski, M., Vaidya, J. (eds.) ESORICS\u00a02014, Part\u00a0II. LNCS, vol.\u00a08713, pp. 37\u201354. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-11212-1_3","DOI":"10.1007\/978-3-319-11212-1_3"},{"key":"2_CR51","unstructured":"Mega Limited: Mega security white paper \u2013 third edition (2022). https:\/\/mega.nz\/SecurityWhitepaper.pdf"},{"key":"2_CR52","doi-asserted-by":"publisher","unstructured":"Namavari, A., et al.: Private hierarchical governance for encrypted messaging. In: 2024 IEEE Symposium on Security and Privacy, pp. 2610\u20132629. IEEE Computer Society Press (2024). https:\/\/doi.org\/10.1109\/SP54263.2024.00235","DOI":"10.1109\/SP54263.2024.00235"},{"key":"2_CR53","doi-asserted-by":"publisher","unstructured":"Poettering, B., R\u00f6sler, P., Schwenk, J., Stebila, D.: SoK: game-based security models for group key exchange. In: Paterson, K.G. (ed.) CT-RSA\u00a02021. LNCS, vol. 12704, pp. 148\u2013176. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75539-3_7","DOI":"10.1007\/978-3-030-75539-3_7"},{"key":"2_CR54","unstructured":"Popa, R.A., Stark, E., Valdez, S., Helfer, J., Zeldovich, N., Balakrishnan, H.: Building web applications on top of encrypted data using mylar. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2014), pp. 157\u2013172. USENIX Association, Seattle, WA (2014). https:\/\/www.usenix.org\/conference\/nsdi14\/technical-sessions\/presentation\/popa"},{"key":"2_CR55","doi-asserted-by":"publisher","unstructured":"Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (Proposed Standard) (2018). https:\/\/doi.org\/10.17487\/RFC8446. https:\/\/www.rfc-editor.org\/rfc\/rfc8446.txt","DOI":"10.17487\/RFC8446"},{"key":"2_CR56","unstructured":"Scarlata, M., Backendal, M., Haller, M.: MFKDF: multiple factors knocked down flat. In: Balzarotti, D., Xu, W. (eds.) USENIX Security 2024. USENIX Association (2024). https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/scarlata"},{"key":"2_CR57","unstructured":"Shafagh, H., Burkhalter, L., Ratnasamy, S., Hithnawi, A.: Droplet: decentralized authorization and access control for encrypted data streams. In: Capkun, S., Roesner, F. (eds.) USENIX Security 2020, pp. 2469\u20132486. USENIX Association (2020). https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/shafagh"},{"key":"2_CR58","unstructured":"Wang, F., Mickens, J., Zeldovich, N., Vaikuntanathan, V.: Sieve: cryptographically enforced access control for user data in untrusted clouds. In: 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2016), pp. 611\u2013626. USENIX Association, Santa Clara, CA (2016). https:\/\/www.usenix.org\/conference\/nsdi16\/technical-sessions\/presentation\/wang-frank"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2026"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-25317-0_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T16:39:40Z","timestamp":1778085580000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-25317-0_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032253163","9783032253170"],"references-count":58,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-25317-0_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"7 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2026","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 May 2026","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 May 2026","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2026","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2026\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}