[1] A. Langley, M. Hamburg, and S. Turner, "Elliptic Curves for Security." RFC 7748, Jan-2016. http://www.ietf.org/rfc/rfc7748.txt
[2] T. Perrin, "The XEdDSA and VXEdDSA Signature Schemes," 2016. https://whispersystems.org/docs/specifications/xeddsa/
[3] H. Krawczyk and P. Eronen, "HMAC-based Extract-and-Expand Key Derivation Function (HKDF)." RFC 5869, May-2010. http://www.ietf.org/rfc/rfc5869.txt
[4] P. Rogaway, "Authenticated-encryption with Associated-data," in Proceedings of the 9th ACM Conference on Computer and Communications Security, 2002. http://web.cs.ucdavis.edu/~rogaway/papers/ad.pdf
[5] T. Perrin, "The Double Ratchet Algorithm (work in progress)," 2016.
[6] N. Borisov, I. Goldberg, and E. Brewer, "Off-the-record Communication, or, Why Not to Use PGP," in Proceedings of the 2004 ACM workshop on privacy in the electronic society, 2004. http://doi.acm.org/10.1145/1029179.1029200
[7] N. Unger and I. Goldberg, "Deniable Key Exchanges for Secure Messaging," in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. http://doi.acm.org/10.1145/2810103.2813616
[8] C. Kudla and K. G. Paterson, "Modular Security Proofs for Key Agreement Protocols," in ASIACRYPT 2005. http://www.isg.rhul.ac.uk/~kp/ModularProofs.pdf
[9] S. Blake-Wilson, D. Johnson, and A. Menezes, "Key agreement protocols and their security analysis," in Cryptography and Coding: 6th IMA International Conference, 1997. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.25.387
[10] C. Cremers and M. Feltz, "One-round Strongly Secure Key Exchange with Perfect Forward Secrecy and Deniability." Cryptology ePrint Archive, Report 2011/300, 2011. http://eprint.iacr.org/2011/300
[11] J. P. Degabriele, A. Lehmann, K. G. Paterson, N. P. Smart, and M. Strefler, "On the Joint Security of Encryption and Signature in EMV." Cryptology ePrint Archive, Report 2011/615, 2011. http://eprint.iacr.org/2011/615