[lxgr]

> There is a newer version of the iMessage encryption (sometimes called "pair-ec") which uses ECIES.

Does that scheme definitely use ephemeral keys? Do you know if there is any documentation on it available?

> Beeper implements it, I never got around to backporting it to pypush proper.

Ah, thank you, this is important context! I looked through pypush and couldn't find anything that looks like it might be providing forward secrecy, so I was wondering if that was a misunderstanding of the impact of (only) switching to ECIES, as forward secrecy would require more than that.