# A protocol that is provably secure in a sufficiently strong adversarial model that addresses confidentiality, authenticity and forward secrecy
# Applicable to the [https://github.com/cryptocat/cryptocat/wiki/Design-and-Functionality Cryptocat XMPP use-case]
# Providing some degree of deniability when it does not negatively impact usability or our [[#IV._Security_Properties|security goals]]
# Addressing security flaws in [BGB04] and [GUVGC09]
Another major departure from the suggested protocol in [GUVGC09] is in-session transcript authentication, which happens every time a participant receives or sends a message. Transcript authentication (referred to as transcript consistency check from here on) is an optimistic approach based on the assumption that the XMPP server provides a reliable and orderly message delivery. We can ensure transcript consistency whenever the underlying transport layer guarantees the reliable delivery of the messages in the same order for all participants.
We also equip ''(n)sec'' with heartbeat to ensure in-session forward secrecy, periodical consistency check and freshness.
We propose the possibility of using block-based, rather than stream-based, encryption for the symmetric encryption primitives.
Finally, other protocol design possibilities we considered and the rationale for not pursuing them further is discussed in [[#Appendix_B:_Other_design_possibilities|Appendix B: Other design possibilities]]
= IV. Security Properties =