[1] "Module-lattice-based key-encapsulation mechanism standard." https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf
[2] T. Perrin and M. Marlinspike, "The Double Ratchet Algorithm," 2016. https://signal.org/docs/specifications/doubleratchet/
[3] B. Auerbach, Y. Dodis, D. Jost, S. Katsumata, and R. Schmidt, "How to compare two-party secure messaging protocols: A quest for a more efficient and secure post-quantum protocol," 2025.
[4] E. Fujisaki and T. Okamoto, "Secure integration of asymmetric and symmetric encryption schemes," J. Cryptol., vol. 26, no. 1, 2013. https://doi.org/10.1007/s00145-011-9114-1
[5] H. Krawczyk and P. Eronen, "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)." Internet Engineering Task Force; RFC 5869 (Informational); IETF, May-2010. http://www.ietf.org/rfc/rfc5869.txt
[6] "Protocol buffers." https://protobuf.dev/
[7] E. Kret and R. Schmidt, "The PQXDH key agreement protocol," 2023. https://signal.org/docs/specifications/pqxdh/
[8] Y. Dodis, D. Jost, S. Katsumata, T. Prest, and R. Schmidt, "Triple ratchet: A bandwidth efficient hybrid-secure signal protocol." Cryptology ePrint Archive, Paper 2025/078, 2025. https://eprint.iacr.org/2025/078
[9] K. Bhargavan, C. Jacomme, and F. Kiefer, "PQXDH formal analysis git repository." https://github.com/Inria-Prosecco/pqxdh-analysis
[10] C. J. F. Cremers, A. Dax, and N. Medinger, "Keeping up with the KEMs: Stronger security notions for KEMs and automated analysis of KEM-based protocols," in Conference on computer and communications security, 2024. https://api.semanticscholar.org/CorpusID:268289969
[11] M. Luby, A. Shokrollahi, M. Watson, T. Stockhammer, and L. Minder, "RaptorQ Forward Error Correction Scheme for Object Delivery." Internet Engineering Task Force; RFC 6330 (Proposed Standard); IETF, Aug-2011. http://www.ietf.org/rfc/rfc6330.txt
[12] "ProVerif." https://bblanche.gitlabpages.inria.fr/proverif/
[13] S. Messenger, "Sparse Post-Quantum Ratchet," 2025. https://github.com/signalapp/sparsepostquantumratchet