{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,6]],"date-time":"2026-01-06T18:41:19Z","timestamp":1767724879462,"version":"3.48.0"},"reference-count":101,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"Government of HKSAR"},{"name":"Laboratory for AI-Powered Financial Technologies"},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202228"],"award-info":[{"award-number":["62202228"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62572243"],"award-info":[{"award-number":["62572243"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Youth Science and Technology Talents Lifting Project of Jiangsu Association of Science and Technology","award":["JSTJ-2024-163"],"award-info":[{"award-number":["JSTJ-2024-163"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U2441240"],"award-info":[{"award-number":["U2441240"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62441238"],"award-info":[{"award-number":["62441238"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U21B2018"],"award-info":[{"award-number":["U21B2018"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Research Grants Council of Hong Kong","award":["RFS2122-1S04"],"award-info":[{"award-number":["RFS2122-1S04"]}]},{"name":"Research Grants Council of Hong Kong","award":["C1029-22G"],"award-info":[{"award-number":["C1029-22G"]}]},{"name":"N_CityU139\/21"},{"DOI":"10.13039\/501100001809","name":"NSFC","doi-asserted-by":"publisher","award":["62032021"],"award-info":[{"award-number":["62032021"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Netw."],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/ton.2025.3625430","type":"journal-article","created":{"date-parts":[[2025,11,10]],"date-time":"2025-11-10T18:47:02Z","timestamp":1762800422000},"page":"1495-1510","source":"Crossref","is-referenced-by-count":0,"title":["Scaling Metadata-Private Messaging Under Hardware Trust"],"prefix":"10.1109","volume":"34","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5702-7181","authenticated-orcid":false,"given":"Peipei","family":"Jiang","sequence":"first","affiliation":[{"name":"School of Cyber Science and Engineering, Wuhan University, Hubei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-8932-3632","authenticated-orcid":false,"given":"Yihao","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Wuhan University, Hubei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jianhao","family":"Cheng","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Wuhan University, Hubei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9178-6640","authenticated-orcid":false,"given":"Lei","family":"Xu","sequence":"additional","affiliation":[{"name":"School of Mathematics and Statistics, Nanjing University of Science and Technology, Nanjing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shenglong","family":"Yao","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8967-8525","authenticated-orcid":false,"given":"Qian","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Wuhan University, Hubei, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0547-315X","authenticated-orcid":false,"given":"Cong","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Computer Science, City University of Hong Kong, Hong Kong, SAR, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1969-2591","authenticated-orcid":false,"given":"Kui","family":"Ren","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Blockchain and Data Security, the School of Cyber Science and Technology, and the College of Computer Science and Technology, Zhejiang University, Hangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","first-page":"877","article-title":"Boomerang: Metadata-private messaging under hardware trust","volume-title":"Proc. 20th USENIX Symp. Networked Syst. Design Implement. (NSDI)","author":"Jiang"},{"article-title":"Enterprise end-to-end encryption is on the rise","year":"2021","author":"Llanor","key":"ref2"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3338537"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1073\/pnas.1508081113"},{"article-title":"We kill people based on metadata","year":"2014","author":"Core","key":"ref5"},{"key":"ref6","first-page":"1775","article-title":"Express: Lowering the cost of metadata-hiding communication with cryptographic privacy","volume-title":"Proc. 30th USENIX Security Symp.","author":"Eskandarian"},{"key":"ref7","first-page":"229","article-title":"Spectrum: High-bandwidth anonymous broadcast","volume-title":"Proc. 19th USENIX Symp. Networked Syst. Design Implement. (NSDI \u201922)","author":"Newman"},{"volume-title":"Why Metadata Matters","year":"2023","author":"Foundation","key":"ref8"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00011"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.21236\/ADA465464"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866346"},{"key":"ref12","first-page":"179","article-title":"Dissent in numbers: Making strong anonymity scale","volume-title":"Proc. 10th USENIX Symp. Operating Syst. Design Implement. (OSDI)","author":"Wolinsky"},{"key":"ref13","first-page":"147","article-title":"Proactively accountable anonymous messaging in verdict","volume-title":"Proc. USENIX Secur.","author":"Corrigan-Gibbs"},{"key":"ref14","first-page":"1217","article-title":"MCMix: Anonymous messaging via secure multiparty computation","volume-title":"Proc. USENIX Secur.","author":"Alexopoulos"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417261"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/2815400.2815417"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132755"},{"key":"ref18","first-page":"571","article-title":"Alpenhorn: Bootstrapping secure communication without leaking metadata","volume-title":"Proc. 12th USENIX Symp. Operating Syst. Design Implement. (OSDI)","author":"Lazar"},{"key":"ref19","first-page":"711","article-title":"Karaoke: Distributed private messaging immune to passive traffic analysis","volume-title":"Proc. USENIX OSDI","author":"Lazar"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3341301.3359648"},{"key":"ref21","first-page":"1199","article-title":"The Loopix anonymity system","volume-title":"Proc. 26th USENIX Security Symp.","author":"Piotrowska"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2486001.2486002"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2785956.2787491"},{"key":"ref24","first-page":"759","article-title":"XRD: Scalable messaging system with cryptographic privacy","volume-title":"Proc. USENIX NSDI","author":"Kwon"},{"key":"ref25","first-page":"551","article-title":"Unobservable communication over fully untrusted infrastructure","volume-title":"Proc. USENIX OSDI","author":"Angel"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.27"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00062"},{"key":"ref28","first-page":"1","article-title":"Addra: Metadata-private voice communication over fully untrusted infrastructure","volume-title":"Proc. USENIX OSDI","author":"Ahmad"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24141"},{"key":"ref30","first-page":"735","article-title":"Groove: Flexible metadata-private messaging","volume-title":"Proc. USENIX OSDI","author":"Barman"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132783"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3447543"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3453930"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2018.2868054"},{"key":"ref35","first-page":"145","article-title":"Enhancing security and privacy of Tor\u2019s ecosystem by using trusted execution environments","volume-title":"Proc. 14th USENIX Symp. Netw. Syst. Design Implement.","author":"Kim"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3339814"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3106989.3106994"},{"key":"ref38","first-page":"201","article-title":"SafeBricks: Shielding network functions in the cloud","volume-title":"Proc. 15th USENIX Symp. Networked Syst. Design Implement. (NSDI)","author":"Poddar"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24095"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483562"},{"article-title":"The cybersecurity 202: Leak charges against treasury official show encrypted apps only as secure as you make them","year":"2018","author":"Inzaurralde","key":"ref41"},{"key":"ref42","first-page":"1","article-title":"Anonymity loves company: Usability and the network effect","volume-title":"Proc. WEIS","author":"Dingledine"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134038"},{"key":"ref44","first-page":"619","article-title":"Oblivious multi-party machine learning on trusted processors","volume-title":"Proc. 25th USENIX Secur. Symp.","author":"Ohrimenko"},{"volume-title":"XGBoost Repository","year":"2022","key":"ref45"},{"key":"ref46","first-page":"719","article-title":"SHORTSTACK: Distributed, fault-tolerant, oblivious data access","volume-title":"Proc. USENIX OSDI","author":"Vuppalapati"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.25"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00045"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2487726.2488368"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358310"},{"key":"ref51","first-page":"857","article-title":"Sanctum: Minimal hardware extensions for strong software isolation","volume-title":"Proc. 25th USENIX Secur. Symp. (USENIX Secur.)","author":"Costan"},{"key":"ref52","first-page":"1","article-title":"Software grand exposure: SGX cache attacks are practical","volume-title":"Proc. WOOT","author":"Brasser"},{"key":"ref53","first-page":"299","article-title":"High-resolution side channels for untrusted operating systems","volume-title":"Proc. USENIX ATC","author":"H\u00e4hnel"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66787-4_4"},{"key":"ref55","first-page":"1041","article-title":"Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution","volume-title":"Proc. USENIX Secur.","author":"Bulck"},{"key":"ref56","first-page":"1","article-title":"Integrating remote attestation with transport layer security","volume-title":"Proc. CoRR","author":"Knauth"},{"volume-title":"Confidential Computing Zoo Repository","year":"2022","key":"ref57"},{"volume-title":"SGX Remote Attenstation Services","year":"2022","key":"ref58"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.10"},{"volume-title":"Mutual Attestation: Why and How","year":"2023","key":"ref60"},{"key":"ref61","first-page":"4095","article-title":"MAGE: Mutual attestation for a group of enclaves without trusted third parties","volume-title":"Proc. USENIX Secur.","author":"Chen"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00065"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00025"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00057"},{"key":"ref65","first-page":"699","article-title":"VoltPillager: Hardware-based fault injection attacks against Intel SGX enclaves using the SVID voltage scaling interface","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Security)","author":"Chen"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00020"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00089"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-36467-6_9"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1007\/11423409_2"},{"key":"ref70","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516740"},{"key":"ref71","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70630-4_3"},{"key":"ref72","doi-asserted-by":"publisher","DOI":"10.1145\/3411501.3419420"},{"key":"ref73","first-page":"1039","article-title":"Visor: Privacy-preserving video analytics as a cloud service","volume-title":"Proc. USENIX Secur.","author":"Poddar"},{"key":"ref74","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611976014.2"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.1145\/1468075.1468121"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2008.09.023"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-49543-6_13"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10366-7_31"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1145\/1989493.1989555"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1145\/2517840.2517866"},{"key":"ref81","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3624385"},{"volume-title":"Tencent Cloud Instance Type Documentation","year":"2022","key":"ref82"},{"volume-title":"Intel Xeon Scalable Platform Built for Most Sensitive Workloads","year":"2023","key":"ref83"},{"volume-title":"Azure Virtual Machine Pricing","year":"2022","key":"ref84"},{"volume-title":"Chrome Extension","year":"2024","key":"ref85"},{"volume-title":"GRPC-Web","year":"2024","key":"ref86"},{"key":"ref87","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2024-0030"},{"key":"ref88","doi-asserted-by":"publisher","DOI":"10.1145\/358549.358563"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2016-0008"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1007\/BF00206326"},{"key":"ref91","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670350"},{"key":"ref92","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2025.240268"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63697-9_3"},{"key":"ref94","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-26954-8_8"},{"key":"ref95","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2025.242729"},{"key":"ref96","first-page":"3205","article-title":"Abuse reporting for metadata-hiding communication based on secret sharing","volume-title":"Proc. USENIX Secur. Symp.","author":"Eskandarian"},{"key":"ref97","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354243"},{"key":"ref98","first-page":"2335","article-title":"Hecate: Abuse reporting in secure messengers with sealed sender","volume-title":"Proc. USENIX Secur. Symp.","author":"Issa"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2025.240980"},{"key":"ref100","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2021.3052831"},{"volume-title":"Intel SDP for Desktop Based on Alder Lake S\u201412th Generation Intel Core Processors","year":"2023","key":"ref101"}],"container-title":["IEEE Transactions on Networking"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10723154\/11317935\/11236977.pdf?arnumber=11236977","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,6]],"date-time":"2026-01-06T18:34:56Z","timestamp":1767724496000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11236977\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":101,"URL":"https:\/\/doi.org\/10.1109\/ton.2025.3625430","relation":{},"ISSN":["2998-4157"],"issn-type":[{"type":"electronic","value":"2998-4157"}],"subject":[],"published":{"date-parts":[[2026]]}}}