{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T14:42:30Z","timestamp":1776523350326,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":59,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"UKRI","award":["104423"],"award-info":[{"award-number":["104423"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484817","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:33Z","timestamp":1636805133000},"page":"1441-1462","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs"],"prefix":"10.1145","author":[{"given":"Keitaro","family":"Hashimoto","sequence":"first","affiliation":[{"name":"Tokyo Institute of Technology &amp; AIST, Tokyo, Japan"}]},{"given":"Shuichi","family":"Katsumata","sequence":"additional","affiliation":[{"name":"AIST, Tokyo, Japan"}]},{"given":"Eamonn","family":"Postlethwaite","sequence":"additional","affiliation":[{"name":"CWI, Amsterdam, Netherlands"}]},{"given":"Thomas","family":"Prest","sequence":"additional","affiliation":[{"name":"PQShield SAS, Paris, France"}]},{"given":"Bas","family":"Westerbaan","sequence":"additional","affiliation":[{"name":"Cloudflare, Amsterdam, Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"crossref","unstructured":"Gorjan Alagic Jacob Alperin-Sheriff Daniel Apon David Cooper Quynh Dang John Kelsey Yi-Kai Liu Carl Miller Dustin Moody Rene Peralta Ray Perlner Angela Robinson and Daniel Smith-Tone. 2020. NISTIR 8309 - Status Report on the Secind Round of the NIST Post-Quantum Cryptography Standardization Process. https:\/\/csrc.nist.gov\/publications\/detail\/nistir\/8309\/final.","DOI":"10.6028\/NIST.IR.8240"},{"key":"e_1_3_2_2_2_1","unstructured":"Ange Albertini Thai Duong Shay Gueron Stefan K\u00f6lbl Atul Luykx and Sophie Schmieg. 2020. How to Abuse and Fix Authenticated Encryption Without Key Commitment. Cryptology ePrint Archive Report 2020\/1456. https:\/\/eprint.iacr.org\/2020\/1456."},{"key":"e_1_3_2_2_3_1","volume-title":"Martin Tomlinson, and Wen Wang.","author":"Albrecht Martin R.","year":"2020","unstructured":"Martin R. Albrecht, Daniel J. Bernstein, Tung Chou, Carlos Cid, Jan Gilcher, Tanja Lange, Varun Maram, Ingo von Maurich, Rafael Misoczki, Ruben Niederhagen, Kenneth G. Paterson, Edoardo Persichetti, Christiane Peters, Peter Schwabe, Nicolas Sendrier, Jakub Szefer, Cen Jung Tjhai, Martin Tomlinson, and Wen Wang. 2020. Classic McEliece. Technical Report. National Institute of Standards and Technology. available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions."},{"key":"e_1_3_2_2_4_1","unstructured":"Martin R. Albrecht Carlos Cid Jean-Charles Faug\u00e8re and Ludovic Perret. 2014. Algebraic Algorithms for LWE . Cryptology ePrint Archive Report 2014\/1018. https:\/\/eprint.iacr.org\/2014\/1018."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.13154\/tches.v2020.i3.219--242"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00035"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-17653-2_5"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030--56784--2_9"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030--64378--2_10"},{"key":"e_1_3_2_2_10_1","unstructured":"Jo\u00ebl Alwen Daniel Jost and Marta Mularczyk. 2020 c. On The Insider Security of MLS . Cryptology ePrint Archive Report 2020\/1327. https:\/\/eprint.iacr.org\/2020\/1327."},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642--22006--7_34"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-77272-9_16"},{"key":"e_1_3_2_2_13_1","unstructured":"Richard Barnes. 2018. [MLS] Efficiency and \"Ampelmann trees\" . IETF Mail Archive. https:\/\/mailarchive.ietf.org\/arch\/msg\/mls\/INcV28Jth25m_l__NMmQIYp13Po\/."},{"key":"e_1_3_2_2_14_1","unstructured":"Richard Barnes Benjamin Beurdouche Jon Millican Emad Omara Katriel Cohn-Gordon and Raphael Robert. 2020. The Messaging Layer Security (MLS) Protocol. Internet-Draft draft-ietf-mls-protocol-11. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-mls-protocol-11 Work in Progress."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/3--540--36288--6_7"},{"key":"e_1_3_2_2_16_1","volume-title":"Ming-Shing Chen, Chitchanok Chuengsatiansup, Tanja Lange, Adrian Marotzke, Bo-Yuan Peng, Nicola Tuveri, Christine van Vredendaal, and Bo-Yin Yang.","author":"Bernstein Daniel J.","year":"2020","unstructured":"Daniel J. Bernstein, Billy Bob Brumley, Ming-Shing Chen, Chitchanok Chuengsatiansup, Tanja Lange, Adrian Marotzke, Bo-Yuan Peng, Nicola Tuveri, Christine van Vredendaal, and Bo-Yin Yang. 2020. NTRU Prime. Technical Report. National Institute of Standards and Technology. available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions."},{"key":"e_1_3_2_2_17_1","volume-title":"Bernstein and Tanja Lange","author":"Daniel","year":"2020","unstructured":"Daniel J. Bernstein and Tanja Lange. 2020. McTiny: Fast High-Confidence Post-Quantum Key Erasure for Tiny Network Servers. In USENIX Security 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 1731--1748."},{"key":"e_1_3_2_2_18_1","unstructured":"Benjamin Beurdouche. 2020. Formal Verification for High Assurance Security Software in F* . Ph.D. Dissertation."},{"key":"e_1_3_2_2_19_1","unstructured":"Karthikeyan Bhargavan Richard Barnes and Eric Rescorla. 2018. TreeKEM: Asynchronous Decentralized Key Management for Large Dynamic Groups A protocol proposal for Messaging Layer Security (MLS). Research Report. Inria Paris . https:\/\/hal.inria.fr\/hal-02425247"},{"key":"e_1_3_2_2_20_1","unstructured":"Karthikeyan Bhargavan Benjamin Beurdouche and Prasad Naldurg. 2019. Formal Models and Verified Protocols for Group Messaging: Attacks and Proofs for IETF MLS. Research Report. Inria Paris . https:\/\/hal.inria.fr\/hal-02425229"},{"key":"e_1_3_2_2_21_1","unstructured":"WhatsApp Blog. 2020. Two Billion Users -- Connecting the World Privately. WhatsApp Blog. https:\/\/blog.whatsapp.com\/two-billion-users-connecting-the-world-privately\/."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/335305.335355"},{"key":"e_1_3_2_2_23_1","volume-title":"SAC 2020 . https:\/\/eprint.iacr.org\/2019\/1356","author":"Brendel Jacqueline","year":"2020","unstructured":"Jacqueline Brendel, Marc Fischlin, Felix G\u00fcnther, Christian Janson, and Douglas Stebila. 2020. Towards Post-Quantum Security for Signal's X3DH Handshake. In SAC 2020 . https:\/\/eprint.iacr.org\/2019\/1356."},{"key":"e_1_3_2_2_24_1","unstructured":"Cable.co.uk. 2021. Worldwide Mobile Data Pricing 2021 | 1GB Cost in 230 Countries. https:\/\/www.cable.co.uk\/mobiles\/worldwide-data-pricing\/."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.27"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-020-09360--1"},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243747"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2016.19"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","unstructured":"Jan-Pieter D'Anvers Marcel Tiepelt Frederik Vercauteren and Ingrid Verbauwhede. 2019 a. Timing Attacks on Error Correcting Codes in Post-Quantum Schemes. In TIS@CCS Beg\u00fc l Bilgin Svetla Petkova-Nikova and Vincent Rijmen (Eds.). ACM 2--9. https:\/\/doi.org\/10.1145\/3338467.3358948","DOI":"10.1145\/3338467.3358948"},{"key":"e_1_3_2_2_30_1","volume-title":"Frederik Vercauteren, Jose Maria Bermudo Mera, Michiel Van Beirendonck, and Andrea Basso.","author":"D'Anvers Jan-Pieter","year":"2020","unstructured":"Jan-Pieter D'Anvers, Angshuman Karmakar, Sujoy Sinha Roy, Frederik Vercauteren, Jose Maria Bermudo Mera, Michiel Van Beirendonck, and Andrea Basso. 2020. SABER. Technical Report. National Institute of Standards and Technology. available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030--25510--7_6"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-96884-1_6"},{"key":"e_1_3_2_2_33_1","volume-title":"Security of symmetric primitives under incorrect usage of keys. IACR Transactions on Symmetric Cryptology","author":"Farshim Pooya","year":"2017","unstructured":"Pooya Farshim, Claudio Orlandi, and Razvan Rosie. 2017. Security of symmetric primitives under incorrect usage of keys. IACR Transactions on Symmetric Cryptology (2017), 449--473."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1515\/jmc-2012-0015"},{"key":"e_1_3_2_2_35_1","unstructured":"Electronic Frontier Foundation. 2021. Lavabit. EFF. https:\/\/www.eff.org\/fr\/cases\/lavabit."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/3--540--48405--1_34"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-63697-9_3"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-34578-5_4"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030--75248--4_15"},{"key":"e_1_3_2_2_40_1","volume-title":"2021 b","author":"Hashimoto Keitaro","year":"2021","unstructured":"Keitaro Hashimoto, Shuichi Katsumata, Eamonn W. Postlethwaite, Thomas Prest, and Bas Westerbaan. 2021 b. A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs. Cryptology ePrint Archive. Full version - https:\/\/eprint.iacr.org\/2021."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00030"},{"key":"e_1_3_2_2_42_1","volume-title":"Basil Hess, Amir Jalali, Brian Koziel, Brian LaMacchia, Patrick Longa, Michael Naehrig, Joost Renes, Vladimir Soukharev, David Urbanik, Geovandro Pereira, Koray Karabina, and Aaron Hutchinson.","author":"Jao David","year":"2020","unstructured":"David Jao, Reza Azarderakhsh, Matthew Campagna, Craig Costello, Luca De Feo, Basil Hess, Amir Jalali, Brian Koziel, Brian LaMacchia, Patrick Longa, Michael Naehrig, Joost Renes, Vladimir Soukharev, David Urbanik, Geovandro Pereira, Koray Karabina, and Aaron Hutchinson. 2020. SIKE. Technical Report. National Institute of Standards and Technology. available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030--64837--4_10"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948132"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/3--540--45664--3_4"},{"key":"e_1_3_2_2_46_1","unstructured":"Ben Laurie Adam Langley Emilia Kasper Eran Messeri and Rob Stradling. 2021. Certificate Transparency Version 2.0. Internet-Draft draft-ietf-trans-rfc6962-bis-35. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-trans-rfc6962-bis-35 Work in Progress."},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-19074-2_21"},{"key":"e_1_3_2_2_48_1","volume-title":"Technical Report","author":"Lyubashevsky Vadim","unstructured":"Vadim Lyubashevsky, L\u00e9o Ducas, Eike Kiltz, Tancr\u00e8de Lepoint, Peter Schwabe, Gregor Seiler, Damien Stehl\u00e9, and Shi Bai. 2020. CRYSTALS-DILITHIUM. Technical Report. National Institute of Standards and Technology. available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions."},{"key":"e_1_3_2_2_49_1","unstructured":"Moxie Marlinspike and Trevor Perrin. 2016a. The double ratchet algorithm. https:\/\/signal.org\/docs\/specifications\/doubleratchet\/ https:\/\/signal.org\/docs\/specifications\/doubleratchet\/."},{"key":"e_1_3_2_2_50_1","unstructured":"Moxie Marlinspike and Trevor Perrin. 2016b. The X3DH key agreement protocol. https:\/\/signal.org\/docs\/specifications\/x3dh\/ https:\/\/signal.org\/docs\/specifications\/x3dh\/."},{"key":"e_1_3_2_2_51_1","volume-title":"Technical Report","author":"Naehrig Michael","unstructured":"Michael Naehrig, Erdem Alkim, Joppe Bos, L\u00e9o Ducas, Karen Easterbrook, Brian LaMacchia , Patrick Longa, Ilya Mironov, Valeria Nikolaenko, Christopher Peikert, Ananth Raghunathan, and Douglas Stebila. 2020. FrodoKEM. Technical Report. National Institute of Standards and Technology. available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions."},{"key":"e_1_3_2_2_52_1","unstructured":"Emad Omara Benjamin Beurdouche Eric Rescorla Srinivas Inguva Albert Kwon and Alan Duric. 2021. The Messaging Layer Security (MLS) Architecture. Internet-Draft draft-ietf-mls-architecture-06. Internet Engineering Task Force. https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-mls-architecture-06 Work in Progress."},{"key":"e_1_3_2_2_53_1","unstructured":"Peter Schwabe Roberto Avanzi Joppe Bos L\u00e9o Ducas Eike Kiltz Tancr\u00e8de Lepoint Vadim Lyubashevsky John M. Schanck Gregor Seiler and Damien Stehl\u00e9. 2020 a. CRYSTALS-KYBER. Technical Report. National Institute of Standards and Technology. available at https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-3-submissions."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3423350"},{"key":"e_1_3_2_2_55_1","unstructured":"Signal. 2021. Grand jury subpoena for Signal user data Central District of California. Signal Blog. https:\/\/signal.org\/bigbrother\/central-california-grand-jury\/."},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--540--30598--9_15"},{"key":"e_1_3_2_2_57_1","unstructured":"Speedtest. 2021. Speedtest Global Index -- Internet Speed around the world. https:\/\/www.speedtest.net\/global-index."},{"key":"e_1_3_2_2_58_1","volume-title":"Group messaging for secure asynchronous collaboration. MPhil dissertation","author":"Weidner Matthew","unstructured":"Matthew Weidner. 2019. Group messaging for secure asynchronous collaboration. MPhil dissertation. University of Cambridge, Cambridge, UK ."},{"key":"e_1_3_2_2_59_1","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i2.328--356"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484817","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484817","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:47:18Z","timestamp":1763498838000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484817"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":59,"alternative-id":["10.1145\/3460120.3484817","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484817","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}