{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T23:45:48Z","timestamp":1769298348106,"version":"3.49.0"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319636962","type":"print"},{"value":"9783319636979","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-63697-9_21","type":"book-chapter","created":{"date-parts":[[2017,8,1]],"date-time":"2017-08-01T04:07:12Z","timestamp":1501560432000},"page":"619-650","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":61,"title":["Ratcheted Encryption and Key Exchange: The Security of Messaging"],"prefix":"10.1007","author":[{"given":"Mihir","family":"Bellare","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Asha Camper","family":"Singh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joseph","family":"Jaeger","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maya","family":"Nyayapati","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Igors","family":"Stepanovs","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,8,2]]},"reference":[{"key":"21_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","volume-title":"Topics in Cryptology \u2014 CT-RSA 2001","author":"M Abdalla","year":"2001","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The oracle diffie-hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143\u2013158. Springer, Heidelberg (2001). doi:10.1007\/3-540-45353-9_12"},{"key":"21_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1007\/978-3-642-00862-7_6","volume-title":"Topics in Cryptology \u2013 CT-RSA 2009","author":"M Bellare","year":"2009","unstructured":"Bellare, M., Duan, S., Palacio, A.: Key insulation and intrusion resilience over a public channel. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 84\u201399. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-00862-7_6"},{"key":"21_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139\u2013155. Springer, Heidelberg (2000). doi:10.1007\/3-540-45539-6_11"},{"key":"21_CR4","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM CCS 1993 (1993)","DOI":"10.1145\/168588.168596"},{"key":"21_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"M Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232\u2013249. Springer, Heidelberg (1994). doi:10.1007\/3-540-48329-2_21"},{"key":"21_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006). doi:10.1007\/11761679_25"},{"key":"21_CR7","doi-asserted-by":"crossref","unstructured":"Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: the security of messaging. Cryptology ePrint Archive, Report 2016\/1028 (2016)","DOI":"10.1007\/978-3-319-63697-9_21"},{"key":"21_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-662-53018-4_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Tackmann, B.: The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 247\u2013276. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53018-4_10"},{"key":"21_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-36563-X_1","volume-title":"Topics in Cryptology \u2014 CT-RSA 2003","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1\u201318. Springer, Heidelberg (2003). doi:10.1007\/3-540-36563-X_1"},{"key":"21_CR10","doi-asserted-by":"crossref","unstructured":"Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use pgp. In: Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES) (2004)","DOI":"10.1145\/1029179.1029200"},{"key":"21_CR11","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the Signal messaging protocol. In: Proceedings of IEEE European Symposium on Security and Privacy (EuroS&P) (2017)","DOI":"10.1109\/EuroSP.2017.27"},{"key":"21_CR12","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Garratt, L.: On post-compromise security. In: IEEE 29th Computer Security Foundations Symposium (CSF) (2016)","DOI":"10.1109\/CSF.2016.19"},{"key":"21_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/3-540-46035-7_5","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"Y Dodis","year":"2002","unstructured":"Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-insulated public key cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65\u201382. Springer, Heidelberg (2002). doi:10.1007\/3-540-46035-7_5"},{"key":"21_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/3-540-36288-6_10","volume-title":"Public Key Cryptography \u2014 PKC 2003","author":"Y Dodis","year":"2003","unstructured":"Dodis, Y., Katz, J., Xu, S., Yung, M.: Strong key-insulated signature schemes. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 130\u2013144. Springer, Heidelberg (2003). doi:10.1007\/3-540-36288-6_10"},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Dodis, Y., Luo, W., Xu, S., Yung, M.: Key-insulated symmetric key cryptography and mitigating attacks against cryptographic cloud software. In: ASIACCS 2012","DOI":"10.1145\/2414456.2414489"},{"key":"21_CR16","unstructured":"Perrin, T., Marlinspike, M. (ed.): The double ratchet algorithm, 20 November 2016. https:\/\/whispersystems.org\/docs\/specifications\/doubleratchet\/"},{"key":"21_CR17","unstructured":"Facebook: Messenger secret conversations technical whitepaper. Technical whitepaper, 8 July 2016. https:\/\/fbnewsroomus.files.wordpress.com\/2016\/07\/secret_conversations_whitepaper-1.pdf"},{"key":"21_CR18","doi-asserted-by":"crossref","unstructured":"Fischlin, M., G\u00fcnther, F.: Multi-stage key exchange and the case of Google\u2019s QUIC protocol. In: ACM CCS 2014 (2014)","DOI":"10.1145\/2660267.2660308"},{"key":"21_CR19","unstructured":"Langley, A.: Pond. GitHub repository, README.md (2012). https:\/\/github.com\/agl\/pond\/commit\/7bb06244b9aa121d367a6d556867992d1481f0c8"},{"key":"21_CR20","unstructured":"Marlinspike, M.: Advanced cryptographic ratcheting, 26 November 2013. https:\/\/whispersystems.org\/blog\/advanced-ratcheting\/"},{"key":"21_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-44586-2_8","volume-title":"Public Key Cryptography","author":"T Okamoto","year":"2001","unstructured":"Okamoto, T., Pointcheval, D.: The gap-problems: a new class of problems for the security of cryptographic schemes. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104\u2013118. Springer, Heidelberg (2001). doi:10.1007\/3-540-44586-2_8"},{"key":"21_CR22","unstructured":"Open Whisper Systems: Signal protocol library for java\/android. GitHub repository (2017). https:\/\/github.com\/WhisperSystems\/libsignal-protocol-java"},{"key":"21_CR23","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: ACM CCS 2002 (2002)","DOI":"10.1145\/586110.586125"},{"key":"21_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-540-25937-4_22","volume-title":"Fast Software Encryption","author":"P Rogaway","year":"2004","unstructured":"Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348\u2013358. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-25937-4_22"},{"key":"21_CR25","doi-asserted-by":"crossref","unstructured":"Unger, N., Dechand, S., Bonneau, J., Fahl, S., Perl, H., Goldberg, I., Smith, M.: SoK: secure messaging. In: IEEE Symposium on Security and Privacy (2015)","DOI":"10.1109\/SP.2015.22"},{"key":"21_CR26","unstructured":"WhatsApp: Whatsapp encryption overview. Technical white paper, April 4 2016. https:\/\/www.whatsapp.com\/security\/WhatsApp-Security-Whitepaper.pdf"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-63697-9_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T19:21:37Z","timestamp":1750792897000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-63697-9_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319636962","9783319636979"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-63697-9_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"2 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iacr.org\/conferences\/crypto2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}