synchronous/usenix-2026-nested
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Jake Ginesin
2025-10-25 03:54:21 -04:00
commit da9a2906c3
43 changed files with 19617 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
sections/conclusion.tex Normal file
View File

@@ -0,0 +1,11 @@
We have presented a formal description of the nested ratchet protocol, instantiated with representative designs used in practice
such as Sender Keys and Megolm, as well as the first
unified, mechanized cryptographic analysis.
Our results demonstrate that core guarantees, including
secrecy, mutual authentication, perfect forward secrecy,
and post-compromise security, hold under standard assumptions.
We also present the first mechanized treatment of offline deniability
for this class of protocols.
We provide a detailed analysis of the compromise scenarios across pairwise and fan-out layers, clarifying how failures propagate and when recovery occurs (e.g. upon session regeneration or double ratchet-based self-healing).
Our analysis and formal models underscore two key design choices when constructing and implementing a nested ratchet protocol: (1) the deniability and trust implications of signed vs. unsigned pre-keys, and (2) the trade-off between non-reputation and deniability when choosing signatures vs. MACs for fan-out. Based on the tradeoffs we identity, as well as our formal analysis, we provide additional concrete recommendations for protocol implementers. Ultimately, in addition to the concrete results our analysis provides, our work demonstrates the utility of formal methods and computer-aided reasoning for constructing and verifying secure protocols.