Paper 2018/553

Optimal Channel Security Against Fine-Grained State Compromise: The Safety of Messaging

Joseph Jaeger and Igors Stepanovs


We aim to understand the best possible security of a (bidirectional) cryptographic channel against an adversary that may arbitrarily and repeatedly learn the secret state of either communicating party. We give a formal security definition and a proven-secure construction. This construction provides better security against state compromise than the Signal Double Ratchet Algorithm or any other known channel construction. To facilitate this we define and construct new forms of public-key encryption and digital signatures that update their keys over time.

Note: The proceedings version of this paper contained a security flaw. This is the full, fixed version.

Available format(s)
Publication info
A major revision of an IACR publication in CRYPTO 2018
Secure channelforwardbackward securitysecurity models
Contact author(s)
istepano @ eng ucsd edu
2018-08-20: revised
2018-06-04: received
See all versions
Short URL
Creative Commons Attribution


      author = {Joseph Jaeger and Igors Stepanovs},
      title = {Optimal Channel Security Against Fine-Grained State Compromise: The Safety of Messaging},
      howpublished = {Cryptology ePrint Archive, Paper 2018/553},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.