As for future work, the most signiﬁcant limitation
of our work is that we have restricted ourselves to split
KEMs, which do not have the same history of study
and familiarity as AKEs. Thus, we plan to investi-
gate how to transform our construction into an ap-
propriate type of AKE, such as a Signal-Conforming
AKE. Moreover, we will investigate whether there are
any possible efﬁciency gains from translating our split
KEM into an appropriate AKE. This would include
things such as lowering the bandwidth of communi-
cation by removing any redundancies introduced by
a generic conversion from split KEM to SC-AKE or
deniable AKE. Another important direction for the fu-
ture of split KEMs is to deﬁne the notion of deni-
ability. The Signal protocol possesses the property
that transcripts between Alice and Bob cannot con-
ﬁrm with certainty that either truly participated, as the
DH shares are used for authentication as opposed to
signatures. As our construction relies on the use of
traditional signatures, it intuitively cannot be a deni-
able scheme. Thus, in contexts where deniability is
vital, how to construct a split KEM with this property
is an open problem.
REFERENCES
Signal protocol. Technical documentation.
Attrapadung, N., Matsuda, T., Nishimaki, R., Yamada, S.,
and Yamakawa, T. (2018). Constrained prfs for nc
1
in traditional groups. In Shacham, H. and Boldyreva,
A., editors, Advances in Cryptology – CRYPTO 2018,
pages 543–574, Cham. Springer International Pub-
lishing.
Boneh, D., Lewi, K., and Wu, D. J. (2017). Constraining
pseudorandom functions privately. In Fehr, S., editor,
Public-Key Cryptography – PKC 2017, pages 494–
524, Berlin, Heidelberg. Springer Berlin Heidelberg.
Boneh, D. and Waters, B. (2013). Constrained pseudo-
random functions and their applications. In Sako, K.
and Sarkar, P., editors, Advances in Cryptology - ASI-
ACRYPT 2013, pages 280–300, Berlin, Heidelberg.
Springer Berlin Heidelberg.
Boyd, C., Cliff, Y., Gonzalez Nieto, J., and Paterson, K. G.
(2008). Efﬁcient one-round key exchange in the stan-
dard model. In Mu, Y., Susilo, W., and Seberry, J.,
editors, Information Security and Privacy, pages 69–
83, Berlin, Heidelberg. Springer Berlin Heidelberg.
Boyle, E., Goldwasser, S., and Ivan, I. (2014). Func-
tional signatures and pseudorandom functions. In
Krawczyk, H., editor, Public-Key Cryptography –
PKC 2014, pages 501–519, Berlin, Heidelberg.
Springer Berlin Heidelberg.
Brakerski, Z. and Vaikuntanathan, V. (2015). Constrained
key-homomorphic prfs from standard lattice assump-
tions. In Dodis, Y. and Nielsen, J. B., editors, The-
ory of Cryptography, pages 1–30, Berlin, Heidelberg.
Springer Berlin Heidelberg.
Brendel, J., Fiedler, R., Günther, F., Janson, C., and Stebila,
D. (2021). Post-quantum asynchronous deniable key
exchange and the signal handshake. In IACR Cryptol-
ogy ePrint Archive.
Brendel, J., Fischlin, M., Günther, F., Janson, C., and
Stebila, D. (2020). Towards post-quantum secu-
rity for Signal’s X3DH handshake. In Jr., M. J. J.,
Dunkelman, O., and O’Flynn, C., editors, Proc.
27th Conference on Selected Areas in Cryptography
(SAC) 2020, LNCS. Springer. To appear. Cryptol-
ogy ePrint Archive, Report 2019/1356. http://eprint.
iacr.org/2019/1356.
Canetti, R. and Chen, Y. (2017). Constraint-hiding con-
strained prfs for nc
1
from lwe. In Coron, J.-S. and
Nielsen, J. B., editors, Advances in Cryptology – EU-
ROCRYPT 2017, pages 446–476, Cham. Springer In-
ternational Publishing.
Castryck, W. and Decru, T. (2023). An efﬁcient key recov-
ery attack on sidh. In Hazay, C. and Stam, M., editors,
Advances in Cryptology – EUROCRYPT 2023, pages
423–447, Cham. Springer Nature Switzerland.
Castryck, W., Lange, T., Martindale, C., Panny, L., and
Renes, J. (2018). Csidh: An efﬁcient post-quantum
commutative group action. In Peyrin, T. and Gal-
braith, S., editors, Advances in Cryptology – ASI-
ACRYPT 2018, pages 395–427, Cham. Springer In-
ternational Publishing.
Chuah, C. W., Dawson, E., and Simpson, L. (2013). Key
derivation function: The sckdf scheme. In Janczewski,
L. J., Wolfe, H. B., and Shenoi, S., editors, Secu-
rity and Privacy Protection in Information Processing
Systems, pages 125–138, Berlin, Heidelberg. Springer
Berlin Heidelberg.
Davidson, A., Katsumata, S., Nishimaki, R., Yamada,
S., and Yamakawa, T. (2020). Adaptively secure
constrained pseudorandom functions in the standard
model. In Micciancio, D. and Ristenpart, T., editors,
Advances in Cryptology – CRYPTO 2020, pages 559–
589, Cham. Springer International Publishing.
Dierks, T. and Rescorla, E. (2008). The Transport Layer
Security (TLS) Protocol Version 1.2. RFC 5246 (Pro-
posed Standard). Updated by RFCs 5746, 5878, 6176.
Difﬁe, W. and Hellman, M. (2006). New directions in cryp-
tography. IEEE Trans. Inf. Theor., 22(6):644–654.
Dobson, S. and Galbraith, S. D. (2022). Post-quantum sig-
nal key agreement from sidh. In Cheon, J. H. and
Johansson, T., editors, Post-Quantum Cryptography,
pages 422–450, Cham. Springer International Pub-
lishing.
Fujisaki, E. and Okamoto, T. (2013). Secure integration of
asymmetric and symmetric encryption schemes. Jour-
nal of Cryptology, 26(1):80–101.
Hashimoto, K., Katsumata, S., Kwiatkowski, K., and Prest,
T. (2022). An efﬁcient and generic construction for
signal’s handshake (x3dh): Post-quantum, state leak-
age secure, and deniable. Journal of Cryptology,
35(3).
ICISSP 2024 - 10th International Conference on Information Systems Security and Privacy
606