Slides 2.3: Finish! + move the PQ stuff to Topic 2.7

website/index.html

@@ -210,6 +210,7 @@
 							<li><i class="icon ph-duotone ph-scroll"></i>Ange Albertini, Thai Duong, Shay Gueron, Stefan K&#xF6;lbl, Atul Luykx, and Sophie Schmieg, <a href="papers/#key-commitment"><em>How to Abuse and Fix Authenticated Encryption Without Key Commitment</em></a>, USENIX Security Symposium, 2022.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Michael Luby and Charles Rackoff, <a href="papers/#luby-rackoff"><em>How To Construct Pseudorandom Permutations From Pseudorandom Functions</em></a>, Society for Industrial and Applied Mathematics, 1988.</li>
 							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Nick Sullivan, <a href="https://blog.cloudflare.com/killing-rc4-the-long-goodbye/"><em>Killing RC4: The Long Goodbye</em></a>, Cloudflare Blog, 2014.</li>
+							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Apple Security Engineering and Architecture (SEAR), <a href="https://security.apple.com/blog/imessage-pq3/"><em>iMessage with PQ3: The new state of the art in quantum-secure messaging at scale</em></a>, Apple Security Research, 2024.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin and Paul Zimmermann, <a href="papers/#imperfect-dh"><em>Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</em></a>, ACM CCS, 2015.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers, Niklas Medinger and Aurora Naska, <a href="papers/#pcs-impossibility"><em>Impossibility Results for Post-Compromise Security in Real-World Communication Systems</em></a>, IEEE Symposium on Security and Privacy, 2025.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Chris Alexander and Ian Goldberg, <a href="papers/#otr-auth"><em>Improved User Authentication in Off-The-Record Messaging</em></a>, Workshop on Privacy in the Electronic Society, 2007.</li>
@@ -225,6 +226,7 @@
 							<li><i class="icon ph-duotone ph-scroll"></i>Cas Cremers and Dennis Jackson, <a href="papers/#prime-order"><em>Prime, Order Please! Revisiting Small Subgroup and Invalid Curve Attacks on Protocols using Diffie-Hellman</em></a>, IEEE CSF, 2019.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Project Everest Team, <a href="papers/#everest-perspectives"><em>Project Everest: Perspectives from Developing Industrial-Grade High-Assurance Software</em></a>, Microsoft Research, 2025.</li>
 							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Matthew McPherrin, <a href="https://letsencrypt.org/2025/06/11/reflections-on-a-year-of-sunlight/"><em>Reflections on a Year of Sunlight</em></a>, Let's Encrypt Blog, 2025.</li>
+							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Richard Barnes, Karthikeyan Bhargavan, Benjamin Lipp and Christopher Wood, <a href="https://www.rfc-editor.org/rfc/rfc9180.html"><em>RFC 9810: Hybrid Public Key Encryption</em></a>, RFC Editor, 2022.</li>
 							<li><i class="icon ph-duotone ph-arrow-square-out"></i>Daniel J. Bernstein and Tanja Lange, <a href="https://safecurves.cr.yp.to"><em>SafeCurves: choosing safe curves for elliptic-curve cryptography</em></a>, SafeCurves, 2017.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Joël Alwen, Binyi Chen, Krzysztof Pietrzak, Leonid Reyzin and Stefano Tessaro, <a href="papers/#scrypt-memory"><em>Scrypt Is Maximally Memory-Hard</em></a>, IACR Eurocrypt, 2017.</li>
 							<li><i class="icon ph-duotone ph-scroll"></i>Hugo Krawczyk, <a href="papers/#sigma-ake"><em>SIGMA: the 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols</em></a>, IACR Crypto, 2003.</li>
@@ -525,10 +527,8 @@
 								<li><i class="icon ph-duotone ph-scroll"></i>Martin R. Albrecht, Benjamin Dowling and Daniel Jones, <a href="papers/#whatsapp-groups"><em>Formal Analysis of Multi-Device Group Messaging in WhatsApp</em></a>, IACR Eurocrypt, 2025.</li>
 								<li><i class="icon ph-duotone ph-scroll"></i>Paul Rösler, Christian Mainka and Jörg Schwenk, <a href="papers/#group-chats"><em>More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema</em></a>, IEEE European Symposium on Security and Privacy, 2018.</li>
 								<li><i class="icon ph-duotone ph-scroll"></i>David Balbás, Daniel Collins and Phillip Gajland, <a href="papers/#sender-keys"><em>WhatsUpp with Sender Keys? Analysis, Improvements and Security Proofs</em></a>, IACR Asiacrypt, 2023.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Felix Linker, Ralf Sasse and David Basin, <a href="papers/#pq3-analysis"><em>A Formal Analysis of Apple’s iMessage PQ3 Protocol</em></a>, USENIX Security Symposium, 2025.</li>
+								<li><i class="icon ph-duotone ph-arrow-square-out"></i>Richard Barnes, Karthikeyan Bhargavan, Benjamin Lipp and Christopher Wood, <a href="https://www.rfc-editor.org/rfc/rfc9180.html"><em>RFC 9810: Hybrid Public Key Encryption</em></a>, RFC Editor, 2022.</li>
 								<li><i class="icon ph-duotone ph-scroll"></i>Théophile Wallez, <a href="papers/#wallez-thesis"><em>A Verification Framework for Secure Group Messaging</em></a>, PSL Université Paris, 2025.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer and Rolfe Schmidt, <a href="papers/#pqxdh-analysis"><em>Formal Verification of the PQXDH Post-Quantum Key Agreement Protocol for End-to-End Secure Messaging</em></a>, USENIX Security Symposium, 2024.</li>
-								<li><i class="icon ph-duotone ph-scroll"></i>Yevgeniy Dodis, Daniel Jost, Shuichi Katsumata, Thomas Prest and Rolfe Schmidt, <a href="papers/#triple-ratchet"><em>Triple Ratchet: A Bandwidth Efficient Hybrid-Secure Signal Protocol</em></a>, IACR Eurocrypt, 2025.</li>
 							</ul>
 						</div>
 					</div>
@@ -594,6 +594,10 @@
 							<h5><i class="icon ph-duotone ph-file-plus"></i>Optional Readings</h5>
 							<ul>
 								<li><i class="icon ph-duotone ph-scroll"></i>Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner and Baas Westerban, <a href="papers/#xwing-hybrid"><em>X-Wing: The Hybrid KEM You’ve Been Looking For</em></a>, IACR Communications in Cryptology, 2024.</li>
+								<li><i class="icon ph-duotone ph-arrow-square-out"></i>Apple Security Engineering and Architecture (SEAR), <a href="https://security.apple.com/blog/imessage-pq3/"><em>iMessage with PQ3: The new state of the art in quantum-secure messaging at scale</em></a>, Apple Security Research, 2024.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Felix Linker, Ralf Sasse and David Basin, <a href="papers/#pq3-analysis"><em>A Formal Analysis of Apple’s iMessage PQ3 Protocol</em></a>, USENIX Security Symposium, 2025.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Karthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer and Rolfe Schmidt, <a href="papers/#pqxdh-analysis"><em>Formal Verification of the PQXDH Post-Quantum Key Agreement Protocol for End-to-End Secure Messaging</em></a>, USENIX Security Symposium, 2024.</li>
+								<li><i class="icon ph-duotone ph-scroll"></i>Yevgeniy Dodis, Daniel Jost, Shuichi Katsumata, Thomas Prest and Rolfe Schmidt, <a href="papers/#triple-ratchet"><em>Triple Ratchet: A Bandwidth Efficient Hybrid-Secure Signal Protocol</em></a>, IACR Eurocrypt, 2025.</li>
 							</ul>
 						</div>
 					</div>