We describe SYM-GOTR, a protocol for secure Group Off-The-Record (GOTR) messaging. In contrast to previous work, SYM-GOTR is the first protocol to offer confidential, authenticated, and repudiable conversations among a dynamic group with the additional properties of message unlinkability and the guarantee that all users see the same conversation, while providing efficient use of network and CPU resources. SYM-GOTR achieves these properties through the use of a novel optimistic consistency check protocol that either determines that all users agree on a transcript with constant-size messages or identifies at least one user that has not followed the protocol. We provide an implementation of SYM-GOTR as a Java library along with a plugin for the Jitsi instant messaging client. We analyze the performance of SYM-GOTR in a real world deployment scenario and discuss the challenges of providing a usable implementation without compromising the security of the conversation.
 N. Weaver, “A close look at the NSA’s most powerful internet attack tool.” http://www.wired.com/2014/03/quantum/. Accessed: 19 May 2017.
 N. Borisov, I. Goldberg, and E. Brewer, “Off-the-record communication, or, why not to use pgp,” in Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, WPES ’04, (New York, NY, USA), pp. 77-84, ACM, 2004.
 I. Goldberg, B. Ustaoglu, M. D. Van Gundy, and H. Chen, “Multi-party off-the-record messaging,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, (New York, NY, USA), pp. 358- 368, ACM, 2009.
 H. Liu, E. Y. Vasserman, and N. Hopper, “Improved group off-the-record messaging,” in Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES ’13, (New York, NY, USA), pp. 249-254, ACM, 2013.
 O. W. Systems, Open Whisper Systems. https://whispersystems.org/.
 M. Schliep, I. Kariniemi, and N. Hopper, “Is bob sending mixed signals?,” in Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, WPES ’17, (New York, NY, USA), pp. 31-40, ACM, 2017.
 N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith, “Sok: Secure messaging,” in Security and Privacy (SP), 2015 IEEE Symposium on, pp. 232-249, IEEE, 2015.
 M. Burmester and Y. Desmedt, “A secure and efficient conference ey distribution system,” in Advances in cryptology EUROCRYPT’94, pp. 275-286, Springer, 1994.
 M. Marlinspike and T. Perrin, “The x3dh key agreement protocol,” 2016.
 M. Marlinspike and T. Perrin, “The double ratchet algorithm,” 2016.
 T. Frosch, C. Mainka, C. Bader, F. Bergsma, J. Schwenk, and T. Holz, “How secure is textsecure?,” in Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pp. 457-472, IEEE, 2016.
 K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, and D. Stebila, “A formal security analysis of the signal messaging protocol,” in Security and Privacy (EuroS&P), 2017 IEEE European Symposium on, pp. 451-466, IEEE, 2017.
 N. Kobeissi, K. Bhargavan, and B. Blanchet, “Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach,” in IEEE European Symposium on Security and Privacy (EuroS& P), 2017.
 R. Canetti and H. Krawczyk, “Analysis of key-exchange protocols and their use for building secure channels,” in Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, EUROCRYPT ’01, (London, UK, UK), pp. 453- 474, Springer-Verlag, 2001.