{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2017:QSRYQ4QRZUWP7NFFGS2Z65I6KW","short_pith_number":"pith:QSRYQ4QR","canonical_record":{"source":{"id":"1707.05285","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-07-17T17:05:43Z","cross_cats_sorted":[],"title_canon_sha256":"7951e9be4ba8670571a8763c31283a9a6d8d9423a119f90d783e159331d57bf7","abstract_canon_sha256":"88a2d65e0f459adf845d9b15bb2bca956163037d576c6872358311d254e629e7"},"schema_version":"1.0"},"canonical_sha256":"84a3887211cd2cffb4a534b59f751e55b73c629cabe34f2361d803774095f5da","source":{"kind":"arxiv","id":"1707.05285","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1707.05285","created_at":"2026-05-18T00:40:09Z"},{"alias_kind":"arxiv_version","alias_value":"1707.05285v1","created_at":"2026-05-18T00:40:09Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1707.05285","created_at":"2026-05-18T00:40:09Z"},{"alias_kind":"pith_short_12","alias_value":"QSRYQ4QRZUWP","created_at":"2026-05-18T12:31:39Z"},{"alias_kind":"pith_short_16","alias_value":"QSRYQ4QRZUWP7NFF","created_at":"2026-05-18T12:31:39Z"},{"alias_kind":"pith_short_8","alias_value":"QSRYQ4QR","created_at":"2026-05-18T12:31:39Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2017:QSRYQ4QRZUWP7NFFGS2Z65I6KW","target":"record","payload":{"canonical_record":{"source":{"id":"1707.05285","kind":"arxiv","version":1},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-07-17T17:05:43Z","cross_cats_sorted":[],"title_canon_sha256":"7951e9be4ba8670571a8763c31283a9a6d8d9423a119f90d783e159331d57bf7","abstract_canon_sha256":"88a2d65e0f459adf845d9b15bb2bca956163037d576c6872358311d254e629e7"},"schema_version":"1.0"},"canonical_sha256":"84a3887211cd2cffb4a534b59f751e55b73c629cabe34f2361d803774095f5da","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-18T00:40:09.016311Z","signature_b64":"d5bQbaIw4WYZzIOKCmGToTfnm/7og41db5s/aMDW943iYzLntN+HYRj4EWEChu90JvOMhpmoZIjwC10vqSxODA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"84a3887211cd2cffb4a534b59f751e55b73c629cabe34f2361d803774095f5da","last_reissued_at":"2026-05-18T00:40:09.015563Z","signature_status":"signed_v1","first_computed_at":"2026-05-18T00:40:09.015563Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1707.05285","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:40:09Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"9hYJ0uHU97T+iLZmpl+E4T6UWgTycyHEu6rUkqU+3JLT4PjuZkv0SvRK04QcN02JygCvozD+6G1Rlinzwh4gAQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-28T22:34:13.900122Z"},"content_sha256":"cc1932eaab7c192cf9732379c557dd1359f78d710dde43696c7ef50b1cc60ca1","schema_version":"1.0","event_id":"sha256:cc1932eaab7c192cf9732379c557dd1359f78d710dde43696c7ef50b1cc60ca1"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2017:QSRYQ4QRZUWP7NFFGS2Z65I6KW","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"On the Pitfalls of End-to-End Encrypted Communications: A Study of Remote Key-Fingerprint Verification","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Jesvin James George, Maliheh Shirvanian, Nitesh Saxena","submitted_at":"2017-07-17T17:05:43Z","abstract_excerpt":"Many widely used Internet messaging and calling apps, such as WhatsApp, Viber, Telegram, and Signal, have deployed an end-to-end encryption functionality. To defeat potential MITM attackers against the key exchange protocol, the approach relies on users to perform a code verification task whereby each user must compare the code (a fingerprint of the cryptographic keys) computed by her app with the one computed by the other user's app and reject the session if the two do not match.\n  In this paper, we study the security and usability of this human-centered code verification task for a setting w"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1707.05285","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-18T00:40:09Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"NGp5ZsARoJiWsl5LeS5QvHUG9APsz7N3h6HLEQvRIPJ6YZR955y8MU58jGQvV7qL/idNqaUGk7oxoavjfq0TCQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-28T22:34:13.900784Z"},"content_sha256":"802764bd78cc95d0f3646b4a80586a308e893b5ee6a29b8e07835ac8e8b0f27b","schema_version":"1.0","event_id":"sha256:802764bd78cc95d0f3646b4a80586a308e893b5ee6a29b8e07835ac8e8b0f27b"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/QSRYQ4QRZUWP7NFFGS2Z65I6KW/bundle.json","state_url":"https://pith.science/pith/QSRYQ4QRZUWP7NFFGS2Z65I6KW/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/QSRYQ4QRZUWP7NFFGS2Z65I6KW/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-28T22:34:13Z","links":{"resolver":"https://pith.science/pith/QSRYQ4QRZUWP7NFFGS2Z65I6KW","bundle":"https://pith.science/pith/QSRYQ4QRZUWP7NFFGS2Z65I6KW/bundle.json","state":"https://pith.science/pith/QSRYQ4QRZUWP7NFFGS2Z65I6KW/state.json","well_known_bundle":"https://pith.science/.well-known/pith/QSRYQ4QRZUWP7NFFGS2Z65I6KW/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2017:QSRYQ4QRZUWP7NFFGS2Z65I6KW","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"88a2d65e0f459adf845d9b15bb2bca956163037d576c6872358311d254e629e7","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-07-17T17:05:43Z","title_canon_sha256":"7951e9be4ba8670571a8763c31283a9a6d8d9423a119f90d783e159331d57bf7"},"schema_version":"1.0","source":{"id":"1707.05285","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1707.05285","created_at":"2026-05-18T00:40:09Z"},{"alias_kind":"arxiv_version","alias_value":"1707.05285v1","created_at":"2026-05-18T00:40:09Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1707.05285","created_at":"2026-05-18T00:40:09Z"},{"alias_kind":"pith_short_12","alias_value":"QSRYQ4QRZUWP","created_at":"2026-05-18T12:31:39Z"},{"alias_kind":"pith_short_16","alias_value":"QSRYQ4QRZUWP7NFF","created_at":"2026-05-18T12:31:39Z"},{"alias_kind":"pith_short_8","alias_value":"QSRYQ4QR","created_at":"2026-05-18T12:31:39Z"}],"graph_snapshots":[{"event_id":"sha256:802764bd78cc95d0f3646b4a80586a308e893b5ee6a29b8e07835ac8e8b0f27b","target":"graph","created_at":"2026-05-18T00:40:09Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Many widely used Internet messaging and calling apps, such as WhatsApp, Viber, Telegram, and Signal, have deployed an end-to-end encryption functionality. To defeat potential MITM attackers against the key exchange protocol, the approach relies on users to perform a code verification task whereby each user must compare the code (a fingerprint of the cryptographic keys) computed by her app with the one computed by the other user's app and reject the session if the two do not match.\n  In this paper, we study the security and usability of this human-centered code verification task for a setting w","authors_text":"Jesvin James George, Maliheh Shirvanian, Nitesh Saxena","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-07-17T17:05:43Z","title":"On the Pitfalls of End-to-End Encrypted Communications: A Study of Remote Key-Fingerprint Verification"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1707.05285","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:cc1932eaab7c192cf9732379c557dd1359f78d710dde43696c7ef50b1cc60ca1","target":"record","created_at":"2026-05-18T00:40:09Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"88a2d65e0f459adf845d9b15bb2bca956163037d576c6872358311d254e629e7","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2017-07-17T17:05:43Z","title_canon_sha256":"7951e9be4ba8670571a8763c31283a9a6d8d9423a119f90d783e159331d57bf7"},"schema_version":"1.0","source":{"id":"1707.05285","kind":"arxiv","version":1}},"canonical_sha256":"84a3887211cd2cffb4a534b59f751e55b73c629cabe34f2361d803774095f5da","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"84a3887211cd2cffb4a534b59f751e55b73c629cabe34f2361d803774095f5da","first_computed_at":"2026-05-18T00:40:09.015563Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-18T00:40:09.015563Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"d5bQbaIw4WYZzIOKCmGToTfnm/7og41db5s/aMDW943iYzLntN+HYRj4EWEChu90JvOMhpmoZIjwC10vqSxODA==","signature_status":"signed_v1","signed_at":"2026-05-18T00:40:09.016311Z","signed_message":"canonical_sha256_bytes"},"source_id":"1707.05285","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:cc1932eaab7c192cf9732379c557dd1359f78d710dde43696c7ef50b1cc60ca1","sha256:802764bd78cc95d0f3646b4a80586a308e893b5ee6a29b8e07835ac8e8b0f27b"],"state_sha256":"bbd1f4897a7bb3d604aff58bafb8f299d21a1dccb4240ab0f5ec111bf363c6ef"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"+yLtKJ4l/HH0xNGVYJYrq/PNU/hy3EeKj44fOIm+wF6++zgzwCXBx70kl302JqEhk+7YswLojsRsHyM+4uY4Cw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-28T22:34:13.904334Z","bundle_sha256":"2f8a791e6803b22cbe7d26622fae0a2a1d7f5987baff337c87e8ea0e34515d26"}}