[1] T. Perrin, "The XEdDSA and VXEdDSA Signature Schemes," 2016. https://signal.org/docs/specifications/xeddsa/
[2] "Module-lattice-based key-encapsulation mechanism standard." https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.ipd.pdf
[3] A. Langley, M. Hamburg, and S. Turner, "Elliptic Curves for Security." Internet Engineering Task Force; RFC 7748 (Informational); IETF, Jan-2016. http://www.ietf.org/rfc/rfc7748.txt
[4] H. Krawczyk and P. Eronen, "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)." Internet Engineering Task Force; RFC 5869 (Informational); IETF, May-2010. http://www.ietf.org/rfc/rfc5869.txt
[5] P. Rogaway, "Authenticated-encryption with Associated-data," in Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002. http://web.cs.ucdavis.edu/~rogaway/papers/ad.pdf
[6] M. Marlinspike and T. Perrin, "The X3DH Key Agreement Protocol," 2016. https://signal.org/docs/specifications/x3dh/
[7] T. Perrin and M. Marlinspike, "The Double Ratchet Algorithm," 2016. https://signal.org/docs/specifications/doubleratchet/
[8] K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, and D. Stebila, "A formal security analysis of the signal messaging protocol," J. Cryptol., vol. 33, no. 4, 2020. https://doi.org/10.1007/s00145-020-09360-1
[9] T. Okamoto and D. Pointcheval, "The gap-problems: A new class of problems for the security of cryptographic schemes," in Proceedings of the 4th international workshop on practice and theory in public key cryptography: Public key cryptography, 2001.
[10] A. Langlois and D. Stehlé, "Worst-case to average-case reductions for module lattices," Des. Codes Cryptography, vol. 75, no. 3, Jun. 2015. https://doi.org/10.1007/s10623-014-9938-4
[11] K. Bhargavan, C. Jacomme, and F. Kiefer, "PQXDH formal analysis git repository." https://github.com/Inria-Prosecco/pqxdh-analysis
[12] "ProVerif." https://bblanche.gitlabpages.inria.fr/proverif/
[13] "CryptoVerif." https://bblanche.gitlabpages.inria.fr/CryptoVerif/
[14] N. Unger and I. Goldberg, "Deniable Key Exchanges for Secure Messaging," in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. https://cypherpunks.ca/~iang/pubs/dake-ccs15.pdf
[15] J. Brendel, R. Fiedler, F. Günther, C. Janson, and D. Stebila, "Post-quantum asynchronous deniable key exchange and the signal handshake," in Public-key cryptography - PKC 2022 - 25th IACR international conference on practice and theory of public-key cryptography, virtual event, march 8-11, 2022, proceedings, part II, 2022, vol. 13178. https://doi.org/10.1007/978-3-030-97131-1_1
[16] N. Vatandas, R. Gennaro, B. Ithurburn, and H. Krawczyk, "On the cryptographic deniability of the signal protocol," in Applied cryptography and network security - 18th international conference, ACNS 2020, rome, italy, october 19-22, 2020, proceedings, part II, 2020, vol. 12147. https://doi.org/10.1007/978-3-030-57878-7_10
[17] D. Hofheinz, K. Hövelmanns, and E. Kiltz, "A modular analysis of the fujisaki-okamoto transformation," in Theory of cryptography - 15th international conference, TCC 2017, baltimore, MD, USA, november 12-15, 2017, proceedings, part I, 2017, vol. 10677. https://doi.org/10.1007/978-3-319-70500-2_12
[18] K. Hashimoto, S. Katsumata, K. Kwiatkowski, and T. Prest, "An efficient and generic construction for signal's handshake (X3DH): Post-quantum, state leakage secure, and deniable," J. Cryptol., vol. 35, no. 3, 2022. https://doi.org/10.1007/s00145-022-09427-1
[19] NIST, "Submission requirements and evaluation criteria for the post-quantum cryptography standardization process," 2016. https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf
[20] NIST, "Post-quantum cryptography." https://csrc.nist.gov/Projects/post-quantum-cryptography
[21] "Kyber key encapsulation mechanism." https://pq-crystals.org/kyber/