(no title)

This is basically fully owned access already, right? If you have everything that is required to authenticate to the Signal servers, of course you can register new devices.. In that scenario, there's not much you can do to protect against this, and even the proposed countermeasures are conceivable to work around as an attacker. Signal also seems to view the paper like that:

> We disclosed our findings to the Signal organization on October 20, 2020, and received an answer on October 28, 2020. In summary, they state that they do not treat a compromise of long-term secrets as part of their adversarial model. Therefore, they do not currently plan to mitigate the described attack or implement one of the proposed countermeasures.