I'm building a project using libsodium's AEAD + Key Exchange system and want to write a proof justifying the security of the project. I am wondering if I can find a source detailing the exact security definition libsodium's Key Exchange system satisfies.
I know the textbook definition of IND-CCA2 and that AEAD satisfies it, but I'm not sure how to formalize the "combined" security of AEAD using a secret key generated from a Key Exchange algorithm.
More specifically, I'm interested in a proof of the non-existence of a "backdoor" public key that, when exchanged with a private key and then used in encryption, would leak information about that private key.
