{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T14:43:10Z","timestamp":1776523390658,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":30,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF","award":["1619158"],"award-info":[{"award-number":["1619158"]}]},{"name":"NSF","award":["1319051"],"award-info":[{"award-number":["1319051"]}]},{"name":"NSF","award":["1314568"],"award-info":[{"award-number":["1314568"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484820","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:33Z","timestamp":1636805133000},"page":"1463-1483","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":39,"title":["Modular Design of Secure Group Messaging Protocols and the Security of MLS"],"prefix":"10.1145","author":[{"given":"Jo\u00ebl","family":"Alwen","sequence":"first","affiliation":[{"name":"AWS Wickr, New York , NY, USA"}]},{"given":"Sandro","family":"Coretti","sequence":"additional","affiliation":[{"name":"IOHK, Zurich, Switzerland"}]},{"given":"Yevgeniy","family":"Dodis","sequence":"additional","affiliation":[{"name":"New York University, New York City, NY, USA"}]},{"given":"Yiannis","family":"Tselekounis","sequence":"additional","affiliation":[{"name":"University of Edinburgh, Edinburgh, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"1489","volume":"2019","author":"Alwen J.","year":"2019","unstructured":"J. Alwen, M. Capretto, M. Cueto, C. Kamath, K. Klein, G. Pascual-Perez, K. Pietrzak, and M. Walter. Keep the dirt: Tainted treekem, an efficient and provably secure continuous group key agreement protocol. IACR Cryptol. ePrint Arch., 2019:1489, 2019.","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"J. Alwen S. Coretti and Y. Dodis. The double ratchet: Security notions proofs and modularization for the Signal protocol. In Y. Ishai and V. Rijmen editors EUROCRYPT 2019 Part I volume 11476 of LNCS pages 129--158. Springer Heidelberg May 2019.","DOI":"10.1007\/978-3-030-17653-2_5"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"J. Alwen S. Coretti Y. Dodis and Y. Tselekounis. Security analysis and improvements for the IETF MLS standard for group messaging. In D. Micciancio and T. Ristenpart editors CRYPTO 2020 Part I volume 12170 of LNCS pages 248--277. Springer Heidelberg Aug. 2020.","DOI":"10.1007\/978-3-030-56784-2_9"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"J. Alwen S. Coretti Y. Dodis and Y. Tselekounis. Modular design of secure group messaging protocols and the security of mls. Cryptology ePrint Archive Report 2021\/1083 2021. https:\/\/ia.cr\/2021\/1083.","DOI":"10.1145\/3460120.3484820"},{"key":"e_1_3_2_1_5_1","volume-title":"TCC 2020","author":"Alwen J.","year":"2020","unstructured":"J. Alwen, S. Coretti, D. Jost, and M. Mularczyk. Continuous group key agreement with active security. In R. Pass and K. Pietrzak, editors, TCC 2020, 2020."},{"key":"e_1_3_2_1_6_1","first-page":"1327","volume":"2020","author":"Alwen J.","year":"2020","unstructured":"J. Alwen, D. Jost, and M. Mularczyk. On the insider security of MLS. IACR Cryptol. ePrint Arch., 2020:1327, 2020.","journal-title":"On the insider security of MLS. IACR Cryptol. ePrint Arch."},{"key":"e_1_3_2_1_7_1","volume-title":"[MLS] Remove without double-join (in TreeKEM)","author":"Barnes R.","year":"2018","unstructured":"R. Barnes. Subject: [MLS] Remove without double-join (in TreeKEM), 2018. riptsize https:\/\/mailarchive.ietf.org\/arch\/msg\/mls\/Zzw2tqZC1FCbVZA9LKERsMIQXik ."},{"key":"e_1_3_2_1_8_1","volume-title":"Internet Engineering Task Force","author":"Barnes R.","year":"2020","unstructured":"R. Barnes, B. Beurdouche, J. Millican, E. Omara, K. Cohn-Gordon, and R. Robert. The Messaging Layer Security (MLS) Protocol. Internet-Draft draft-ietf-mls-protocol-11, Internet Engineering Task Force, Dec. 2020. Work in Progress."},{"key":"e_1_3_2_1_9_1","volume-title":"Inria Paris","author":"Bhargavan K.","year":"2019","unstructured":"K. Bhargavan, B. Beurdouche, and P. Naldurg. Formal Models and Verified Protocols for Group Messaging: Attacks and Proofs for IETF MLS. Research report, Inria Paris, Dec. 2019."},{"key":"e_1_3_2_1_10_1","volume-title":"TCC","author":"Bienstock A.","year":"2020","unstructured":"A. Bienstock, Y. Dodis, and P. R\u00f6 sler. On the price of concurrency in group ratcheting protocols. In R. Pass and K. Pietrzak, editors, TCC, 2020."},{"key":"e_1_3_2_1_11_1","unstructured":"C. Brzuska E. Cornelissen and K. Kohbrok. Cryptographic security of the mls rfc draft 11. Cryptology ePrint Archive Report 2021\/137 2021."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.1999.751457"},{"key":"e_1_3_2_1_13_1","first-page":"1802","volume-title":"ACM CCS 2018","author":"Cohn-Gordon K.","year":"2018","unstructured":"K. Cohn-Gordon, C. Cremers, L. Garratt, J. Millican, and K. Milner. On ends-to-ends encryption: Asynchronous group messaging with strong security guarantees. In D. Lie, M. Mannan, M. Backes, and X. Wang, editors, ACM CCS 2018, pages 1802--1819. ACM Press, Oct. 2018."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.27"},{"key":"e_1_3_2_1_15_1","volume-title":"Revisiting post-compromise security guarantees in group messaging. IACR Cryptol. ePrint Arch","author":"Cremers C.","year":"2019","unstructured":"C. Cremers, B. Hale, and K. Kohbrok. Revisiting post-compromise security guarantees in group messaging. IACR Cryptol. ePrint Arch., 2019:477, 2019."},{"key":"e_1_3_2_1_16_1","first-page":"61","volume-title":"Digital Rights Management","author":"Dodis Y.","year":"2002","unstructured":"Y. Dodis and N. Fazio. Public key broadcast encryption for stateless receivers. In J. Feigenbaum, editor, Digital Rights Management, pages 61--80, Berlin, Heidelberg, 2002. Springer Berlin Heidelberg."},{"key":"e_1_3_2_1_17_1","unstructured":"E. Eaton D. Jao and C. Komlo. Towards post-quantum updatable public-key encryption via supersingular isogenies. Cryptology ePrint Archive Report 2020\/1593 2020. https:\/\/eprint.iacr.org\/2020\/1593."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"A. Fiat and M. Naor. Broadcast encryption. In D. R. Stinson editor CRYPTO'93 volume 773 of LNCS pages 480--491. Springer Heidelberg Aug. 1994.","DOI":"10.1007\/3-540-48329-2_40"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Z. Jafargholi C. Kamath K. Klein I. Komargodski K. Pietrzak and D. Wichs. Be adaptive avoid overcommitting. In J. Katz and H. Shacham editors CRYPTO 2017 Part I volume 10401 of LNCS pages 133--163. Springer Heidelberg Aug. 2017.","DOI":"10.1007\/978-3-319-63688-7_5"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"D. Jost U. Maurer and M. Mularczyk. Efficient ratcheting: Almost-optimal guarantees for secure messaging. In Y. Ishai and V. Rijmen editors EUROCRYPT 2019 Part I volume 11476 of LNCS pages 159--188. Springer Heidelberg May 2019.","DOI":"10.1007\/978-3-030-17653-2_6"},{"issue":"7","key":"e_1_3_2_1_21_1","first-page":"905","volume":"53","author":"Kim Y.","year":"2004","unstructured":"Y. Kim, A. Perrig, and G. Tsudik. Group key agreement efficient in communication. IEEE Trans. Computers, 53(7):905--921, 2004.","journal-title":"Group key agreement efficient in communication. IEEE Trans. Computers"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"H. Krawczyk. Cryptographic extraction and key derivation: The HKDF scheme. In T. Rabin editor CRYPTO 2010 volume 6223 of LNCS pages 631--648. Springer Heidelberg Aug. 2010.","DOI":"10.1007\/978-3-642-14623-7_34"},{"key":"e_1_3_2_1_23_1","volume-title":"Group Messaging for Secure Asynchronous Collaboration. Master's thesis","author":"Weidner A.","year":"2019","unstructured":"Matthew A. Weidner. Group Messaging for Secure Asynchronous Collaboration. Master's thesis, University of Cambridge, June 2019."},{"key":"e_1_3_2_1_24_1","first-page":"277","volume-title":"Proceedings of ACM SIGCOMM","author":"Mittra S.","year":"1997","unstructured":"S. Mittra. Iolus: A framework for scalable secure multicasting. In Proceedings of ACM SIGCOMM, pages 277--288, Cannes, France, Sept. 14--18, 1997."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"S. Panjwani. Tackling adaptive corruptions in multicast encryption protocols. In S. P. Vadhan editor TCC 2007 volume 4392 of LNCS pages 21--40. Springer Heidelberg Feb. 2007.","DOI":"10.1007\/978-3-540-70936-7_2"},{"key":"e_1_3_2_1_26_1","volume-title":"MLS Mailing List","author":"Rescorla E.","year":"2018","unstructured":"E. Rescorla. Subject: [MLS] TreeKEM: An alternative to ART. MLS Mailing List, 2018. riptsize https:\/\/mailarchive.ietf.org\/arch\/msg\/mls\/WRdXVr8iUwibaQu0tH6sDnqU1no ."},{"key":"e_1_3_2_1_27_1","volume-title":"CRYPTO '88","author":"Steer D. G.","year":"1988","unstructured":"D. G. Steer, L. Strawczynski, W. Diffie, and M. J. Wiener. A secure audio teleconference system. In S. Goldwasser, editor, CRYPTO '88, 1988."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2627"},{"key":"e_1_3_2_1_29_1","volume-title":"MPhil Dissertation","author":"Weidner M.","year":"2019","unstructured":"M. Weidner. Group messaging for secure asynchronous collaboration. MPhil Dissertation, 2019. https:\/\/mattweidner.com\/acs-dissertation.pdf."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/90.836475"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484820","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484820","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484820","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:49:24Z","timestamp":1763498964000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484820"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":30,"alternative-id":["10.1145\/3460120.3484820","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484820","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}