= II. History and literature review =
<span style="font-size:200%">T</span>wo-party Off The Record messaging (OTR) was introduced in [BGB04] as an alternative to PGP for secure casual Internet chat by providing necessary forward secrecy and deniable transcript features. [BGB04] The paper proposes the use of symmetric encryption and message authentication in OTR for confidentiality and integrity, and the Diffie-Hellman key exchange for authenticating the other party in the chat. Since publication in 2004, the paper it has defined the standard for secure Internet chat attracting a lot of academic attention and security analysis. The OTR protocol is now at [https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html Version 3] and the [https://otr.cypherpunks.ca/index.php#downloads libotr software libraries] are continuously updated. Our research and literature review focused on the protocol presented in [BGB04] and the subsequent proposal for a multiparty use-case in [GUVGC09].
In [RGK05], researchers point out that OTR’s approach to authenticate renewed ephemeral session keys is provided by the property of confidentiality and is therefore dependent on the secrecy of the conversation. Hence, breaking the secrecy of the conversation (e.g. by leaking the session key) will lead to false authentication as well. They offer two authenticated deniable key exchange protocols, which also provide forward secrecy, as a replacement for OTR’s original key exchange. Furthermore, they argue that forgeability and malleability do not have any mathematical consequence in improving deniability if the parties have been authenticated by a deniable key exchange scheme. They argue that as these properties pose potential security threats, it is desirable to omit them from the protocol entirely.