BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Drupal iCal API//EN X-WR-CALNAME:Events items teaser X-WR-TIMEZONE:America/Toronto BEGIN:VTIMEZONE TZID:America/Toronto X-LIC-LOCATION:America/Toronto BEGIN:DAYLIGHT TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 DTSTART:20250309T070000 END:DAYLIGHT BEGIN:STANDARD TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 DTSTART:20251102T060000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT UID:69ce8cd9610cc DTSTART;TZID=America/Toronto:20260123T103000 SEQUENCE:0 TRANSP:TRANSPARENT DTEND;TZID=America/Toronto:20260123T113000 URL:https://uwaterloo.ca/combinatorics-and-optimization/events/crypto-readi ng-group-sam-jaques-impossibility-results-post SUMMARY:Crypto Reading Group -Sam Jaques-Impossibility Results for\nPost-Co mpromise Security in Real-World Communication Systems CLASS:PUBLIC DESCRIPTION:Speaker\n Sam Jaques\n\nAffiliation\n University of Waterloo\n\ nLocation\n MC 6029\n\nABSTRACT:  Modern secure communication systems\, such as iMessage\,\nWhatsApp\, and Signal include intricate mechanisms tha t aim to achieve\nvery strong security properties. These mechanisms typica lly involve\ncontinuously merging fresh secrets into the keying material t hat is\nused to encrypt messages during communications. In the literature\ ,\nthese mechanisms have been proven to achieve forms of Post-Compromise\n Security (PCS): the ability to provide communication security even if\nthe full state of a party was compromised some time in the past.\nHowever\, r ecent work has shown these proofs cannot be transferred to\nthe end-user l evel\, possibly because of usability concerns. This has\nraised the questi on of whether end-users can actually obtain PCS or\nnot\, and under which conditions.\n\nHere we show and formally prove that communication systems that need\nto be resilient against certain types of state loss (which can occur\nin practice) fundamentally cannot achieve full PCS for end-users.\n Whereas previous work showed that the Signal messenger did not achieve\nth is with its current session-management layer\, we isolate the exact\ncondi tions that cause this failure\, and we show why this cannot be\nsimply sol ved in communication systems by implementing a different\nsession-manageme nt layer or an entirely different protocol. Moreover\,\nwe clarify the tra de-off of the maximum number of sessions between two\nusers (40 in Signal) in terms of failure-resilience versus security. \nOur results have direct consequences for the design of future secure\ncommunication systems and c ould motivate either the simplification of\nredundant mechanisms or the im provement of session-management designs\nto provide better security trade- offs with respect to state\nloss/failure tolerance. DTSTAMP:20260402T153553Z END:VEVENT END:VCALENDAR