The standard view of cryptography is that secure systems should be built by implementing known primitives whose theoretical security guarantees are well understood. In this work we take the opposite approach, taking inspiration from existing systems and providing the theoretical basis with which to understand their security goals. Our particular inspirations are modern secure messaging apps (e.g. Signal, WhatsApp) which have deployed new techniques with the goal of maintaining some security against attackers which sometimes gain temporary access to honest users’ devices.
We propose that these security goals should be studied in a modular manner where distinct cryptographic components are studied in isolation. Towards this we separately provide formal models for understanding the initial exchange of cryptographic secrets and their later use for the exchange of messages in this setting. We provide provable secure constructions of these separate components (often achieving better security than what is currently deployed by messaging apps) and a composition result which generically proves security when these isolated components are used together.