I'm also confused by this. The paper mentions that the authenticated key exchanges requires a "2-RTT synchronous protocol" but I'm unclear where they concluded that we only need 1 round trip.
I'm also confused by this. The paper mentions that the authenticated key exchanges requires a "2-RTT synchronous protocol" but I'm unclear where they concluded that we only need 1 round trip.