{"id":"https://openalex.org/W3203516920","doi":"https://doi.org/10.1145/3460120.3484820","title":"Modular Design of Secure Group Messaging Protocols and the Security of MLS","display_name":"Modular Design of Secure Group Messaging Protocols and the Security of MLS","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3203516920","doi":"https://doi.org/10.1145/3460120.3484820","mag":"3203516920"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3484820","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484820","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049577191","display_name":"Jo\u00ebl Alwen","orcid":"https://orcid.org/0000-0002-4473-903X"},"institutions":[{"id":"https://openalex.org/I4210149000","display_name":"Jacobs Institute","ror":"https://ror.org/04c00sd86","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I4210149000"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Jo\u00ebl Alwen","raw_affiliation_strings":["AWS Wickr, New York , NY, USA"],"affiliations":[{"raw_affiliation_string":"AWS Wickr, New York , NY, USA","institution_ids":["https://openalex.org/I4210149000"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063984924","display_name":"Sandro Coretti","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sandro Coretti","raw_affiliation_strings":["IOHK, Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"IOHK, Zurich, Switzerland","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012298614","display_name":"Yevgeniy Dodis","orcid":"https://orcid.org/0000-0003-1013-6318"},"institutions":[{"id":"https://openalex.org/I57206974","display_name":"New York University","ror":"https://ror.org/0190ak572","country_code":"US","type":"education","lineage":["https://openalex.org/I57206974"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yevgeniy Dodis","raw_affiliation_strings":["New York University, New York City, NY, USA","New York University, New York City, NY, USA,"],"affiliations":[{"raw_affiliation_string":"New York University, New York City, NY, USA","institution_ids":["https://openalex.org/I57206974"]},{"raw_affiliation_string":"New York University, New York City, NY, USA,","institution_ids":["https://openalex.org/I57206974"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5086483631","display_name":"Yiannis Tselekounis","orcid":null},"institutions":[{"id":"https://openalex.org/I98677209","display_name":"University of Edinburgh","ror":"https://ror.org/01nrxwf90","country_code":"GB","type":"education","lineage":["https://openalex.org/I98677209"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Yiannis Tselekounis","raw_affiliation_strings":["University of Edinburgh, Edinburgh, United Kingdom"],"affiliations":[{"raw_affiliation_string":"University of Edinburgh, Edinburgh, United Kingdom","institution_ids":["https://openalex.org/I98677209"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5049577191"],"corresponding_institution_ids":["https://openalex.org/I4210149000"],"apc_list":null,"apc_paid":null,"fwci":0.16563176,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.51514985,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"2021","issue":null,"first_page":"1463","last_page":"1483"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11498","display_name":"Security in Wireless Sensor Networks","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11498","display_name":"Security in Wireless Sensor Networks","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.9860000014305115,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10796","display_name":"Cooperative Communication and Network Coding","score":0.9854999780654907,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8028707504272461},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.5896939635276794},{"id":"https://openalex.org/keywords/cryptographic-primitive","display_name":"Cryptographic primitive","score":0.5059656500816345},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.48575857281684875},{"id":"https://openalex.org/keywords/transport-layer-security","display_name":"Transport Layer Security","score":0.4744342863559723},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.4537111520767212},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.4446813464164734},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.4197947382926941},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.34996914863586426},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.29136785864830017}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8028707504272461},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.5896939635276794},{"id":"https://openalex.org/C15927051","wikidata":"https://www.wikidata.org/wiki/Q246593","display_name":"Cryptographic primitive","level":4,"score":0.5059656500816345},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.48575857281684875},{"id":"https://openalex.org/C148176105","wikidata":"https://www.wikidata.org/wiki/Q206494","display_name":"Transport Layer Security","level":3,"score":0.4744342863559723},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.4537111520767212},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.4446813464164734},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.4197947382926941},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.34996914863586426},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.29136785864830017},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3460120.3484820","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484820","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"mag:3203516920","is_oa":false,"landing_page_url":null,"pdf_url":null,"source":null,"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":null}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5400000214576721,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W1793265733","https://openalex.org/W2019267322","https://openalex.org/W2037515303","https://openalex.org/W2064967060","https://openalex.org/W2099631081","https://openalex.org/W2164090669","https://openalex.org/W2566711147","https://openalex.org/W2724149932","https://openalex.org/W2902549778","https://openalex.org/W2903043053","https://openalex.org/W2947023307","https://openalex.org/W2951155591","https://openalex.org/W2982482325","https://openalex.org/W2998970855","https://openalex.org/W3003880898","https://openalex.org/W3090444770","https://openalex.org/W4238634196","https://openalex.org/W6677409770","https://openalex.org/W6748906305","https://openalex.org/W6780013715","https://openalex.org/W6784752432"],"related_works":["https://openalex.org/W3212103021","https://openalex.org/W2963329762","https://openalex.org/W1555829395","https://openalex.org/W1996315600","https://openalex.org/W3028694938","https://openalex.org/W30575285","https://openalex.org/W2069717895","https://openalex.org/W1512053738","https://openalex.org/W3214260160","https://openalex.org/W3193894930","https://openalex.org/W2962112877","https://openalex.org/W1688774097","https://openalex.org/W3021131508","https://openalex.org/W1508764330","https://openalex.org/W3006630443","https://openalex.org/W1983295053","https://openalex.org/W2167485997","https://openalex.org/W2111276172","https://openalex.org/W2102855631","https://openalex.org/W2801705091"],"abstract_inverted_index":{"The":[0,372],"Messaging":[1],"Layer":[2],"Security":[3],"(MLS)":[4],"project":[5],"is":[6,23,143,198,217,223,349],"an":[7,13,62,165,206,385],"IETF":[8],"effort":[9,63],"aiming":[10],"to":[11,51,64,81,98,170,205,264,332],"establish":[12],"industry-wide":[14],"standard":[15,183],"for":[16,241,277,358],"secure":[17,362],"group":[18,93,194,209],"messaging":[19],"(SGM).":[20],"Its":[21],"development":[22],"supported":[24],"by":[25,136,145,157,315],"several":[26],"major":[27],"secure-messaging":[28],"providers":[29],"(with":[30],"a":[31,39,53,86,138,146,158,187,199,213,218,224,252,274,307,322,379],"combined":[32],"user":[33],"base":[34],"in":[35,71,123,186,231,290,351],"the":[36,100,107,110,131,151,175,238,242,255,259,269,278,318,342,382],"billions)":[37],"and":[38,68,202,211,271,303,328,336,354],"growing":[40],"body":[41],"of":[42,76,83,88,102,109,133,154,208,245,254,258,268,286,292,304,324,374,384],"academic":[43],"research.":[44],"MLS":[45,77,112,163,246],"has":[46,114,311],"evolved":[47],"over":[48],"many":[49],"iterations":[50],"become":[52],"complex,":[54],"non-trivial,":[55],"yet":[56],"relatively":[57],"ad-hoc":[58],"cryptographic":[59,184],"protocol.":[60],"In":[61,118],"tame":[65],"its":[66,72,232],"complexity":[67],"build":[69,172],"confidence":[70],"security,":[73],"past":[74],"analyses":[75],"have":[78],"restricted":[79],"themselves":[80],"sub-protocols":[82],"MLS---most":[84],"prominently":[85],"type":[87],"sub-protocol":[89,297],"embodying":[90],"so-called":[91,214],"continuous":[92],"key":[94],"agreement":[95],"(CGKA).":[96],"However,":[97],"date":[99],"task":[101],"proving":[103],"or":[104],"even":[105],"defining":[106,137],"security":[108,132,140,155,239,244,256,275,357,383],"full":[111],"protocol":[113,364],"been":[115,313],"left":[116],"open.":[117],"this":[119,124],"work,":[120],"we":[121,128,161,283,299,320,340],"fill":[122],"missing":[125],"piece.":[126],"First,":[127],"formally":[129],"capture":[130],"SGM":[134,166,243,280,334,386],"protocols":[135,335],"corresponding":[139],"game,":[141],"which":[142,197,216,262],"parametrized":[144],"safety":[147],"predicate":[148,240],"that":[149,222],"characterizes":[150],"exact":[152],"level":[153],"achieved":[156],"construction.":[159,281],"Then,":[160],"cast":[162],"as":[164,251],"protocol,":[167],"showing":[168],"how":[169],"modularly":[171],"it":[173],"from":[174],"following":[176],"three":[177],"main":[178],"components":[179,270],"(and":[180],"some":[181],"additional":[182],"primitives)":[185],"black-box":[188],"fashion:":[189],"(a)":[190],"CGKA,":[191],"(b)":[192],"forward-secure":[193],"AEAD":[195],"(FS-GAEAD),":[196],"new":[200,325],"primitive":[201],"roughly":[203],"corresponds":[204],"epoch''":[207],"messaging,":[210],"(c)":[212],"PRF-PRNG,":[215],"two-input":[219],"hash":[220],"function":[221,226,253],"pseudorandom":[225],"(resp.":[227,234],"generator":[228],"with":[229,294,306,330],"input)":[230],"first":[233],"second)":[235],"input.":[236],"Crucially,":[237],"can":[247],"be":[248],"expressed":[249],"purely":[250],"predicates":[257],"underlying":[260],"primitives,":[261,289,327],"allows":[263],"swap":[265],"out":[266],"any":[267],"immediately":[272,377],"obtain":[273],"statement":[276],"resulting":[279],"Furthermore,":[282],"provide":[284],"instantiations":[285],"all":[287],"component":[288],"particular":[291],"CGKA":[293,352,363],"MLS's":[295],"TreeKEM":[296],"(which":[298,310,348],"prove":[300,355],"adaptively":[301],"secure)":[302],"FS-GAEAD":[305],"novel":[308],"construction":[309,387],"already":[312],"adopted":[314],"MLS).":[316],"Along":[317],"way":[319],"introduce":[321],"collection":[323],"techniques,":[326],"results":[329],"applications":[331],"other":[333],"beyond.":[337],"For":[338],"example,":[339],"extend":[341],"Generalized":[343],"Selective":[344],"Decryption":[345],"proof":[346],"technique":[347],"central":[350],"literature)":[353],"adaptive":[356],"another":[359],"(practical)":[360],"more":[361],"called":[365],"RTreeKEM":[366],"(Alwen":[367],"et":[368],"al.,":[369],"CRYPTO":[370],"'20).":[371],"modularity":[373],"our":[375],"approach":[376],"yields":[378],"corollary":[380],"characterizing":[381],"using":[388],"RTreeKEM.":[389]},"counts_by_year":[{"year":2022,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}