Paper 2023/228

Authenticated Continuous Key Agreement: Active MitM Detection and Prevention

Benjamin Dowling, University of Sheffield
Britta Hale, Naval Postgraduate School

Current messaging protocols are incapable of detecting active man-in-the-middle threats. Even common continuous key agreement protocols such as Signal, which offers forward secrecy and post-compromise security, are dependent on the adversary being passive immediately following state compromise, and healing guarantees are lost if the attacker is not. This work offers the first solution for detecting active man-in-the-middle attacks on such protocols by extending authentication beyond the initial public keys and binding it to the entire continuous key agreement. In this, any adversarial fork is identifiable to the protocol participants. We provide a modular construction generic for application with any continuous key agreement protocol, a specific construction for application to Signal, and security analysis. The modularity of our solution enables it to be seamlessly adopted by any continuous key agreement protocol.

Available format(s)
Cryptographic protocols
Publication info
AuthenticationContinuous Key Agreement (CKA)Signal
Contact author(s)
britta hale @ nps edu
2023-02-21: approved
2023-02-20: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial-NoDerivs


      author = {Benjamin Dowling and Britta Hale},
      title = {Authenticated Continuous Key Agreement: Active MitM Detection and Prevention},
      howpublished = {Cryptology ePrint Archive, Paper 2023/228},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.