1. Security under Message-Derived Keys: Signcryption in iMessage 2020 AuthenticatedEncryption Eurocrypt PublicKeyEncryption SecureMessaging SymmetricKey
    Mihir Bellare and Igors Stepanovs
    [View PDF on eprint.iacr.org]
    [Show BibTex Citation]

    @misc{cryptoeprint:2020:224,
    author = {Mihir Bellare and Igors Stepanovs},
    title = {Security under Message-Derived Keys: Signcryption in iMessage},
    howpublished = {Cryptology ePrint Archive, Report 2020/224},
    year = {2020},
    note = {\url{https://eprint.iacr.org/2020/224}},
    }

At the core of Appleā€™s iMessage is a signcryption scheme that involves symmetric encryption of a message under a key that is derived from the message itself. This motivates us to formalize a primitive we call Encryption under Message-Derived Keys (EMDK). We prove security of the EMDK scheme underlying iMessage. We use this to prove security of the signcryption scheme itself, with respect to definitions of signcryption we give that enhance prior ones to cover issues peculiar to messaging protocols. Our provable-security results are quantitative, and we discuss the practical implications for iMessage.

  1.