{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T04:27:47Z","timestamp":1778128067634,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540424567","type":"print"},{"value":"9783540446477","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2001]]},"DOI":"10.1007\/3-540-44647-8_24","type":"book-chapter","created":{"date-parts":[[2007,11,13]],"date-time":"2007-11-13T14:28:14Z","timestamp":1194964094000},"page":"408-432","source":"Crossref","is-referenced-by-count":110,"title":["Session-Key Generation Using Human Passwords Only"],"prefix":"10.1007","author":[{"given":"Oded","family":"Goldreich","sequence":"first","affiliation":[]},{"given":"Yehuda","family":"Lindell","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2001,8,2]]},"reference":[{"key":"24_CR1","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/BF00196771","volume":"4","author":"D. Beaver","year":"1991","unstructured":"D. Beaver. Secure Multi-party Protocols and Zero-Knowledge Proof Systems Tolerating a Fault Minority. Journal of Cryptology, Vol. 4, pages 75\u2013122, 1991.","journal-title":"Journal of Cryptology"},{"key":"24_CR2","series-title":"Lect Notes Comput Sci","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"EuroCrypt 2000","author":"M. Bellare","year":"2000","unstructured":"M. Bellare, D. Pointcheval and P. Rogaway. Authenticated Key Exchange Secure Against Dictionary Attacks. In EuroCrypt 2000, Springer-Verlag (LNCS 1807), pages 139\u2013155, 2000."},{"key":"24_CR3","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In 1st Conf. on Computer and Communications Security, ACM, pages 62\u201373, 1993.","DOI":"10.1145\/168588.168596"},{"key":"24_CR4","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"CRYPTO\u201993","author":"M. Bellare","year":"1994","unstructured":"M. Bellare and P. Rogaway. Entity Authentication and Key Distribution. In CRYPTO\u201993, Springer-Verlag (LNCS 773), pages 232\u2013249, 1994."},{"key":"24_CR5","doi-asserted-by":"crossref","unstructured":"S. M. Bellovin and M. Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of the ACM\/IEEE Symposium on Research in Security and Privacy, pages 72\u201384, 1992.","DOI":"10.1109\/RISP.1992.213269"},{"key":"24_CR6","doi-asserted-by":"crossref","unstructured":"S. M. Bellovin and M. Merritt. Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise. In Proceedings of the 1st ACM Conference on Computer and Communication Security, pages 244\u2013250, 1993.","DOI":"10.1145\/168588.168618"},{"key":"24_CR7","unstructured":"M. Blum. Coin Flipping by Phone. IEEE Spring COMPCOM, pages 133\u2013137, February 1982."},{"key":"24_CR8","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1007\/3-540-39568-7_23","volume-title":"CRYPTO\u201984","author":"M. Blum","year":"1985","unstructured":"M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme which hides all partial information. In CRYPTO\u201984, Springer-Verlag (LNCS 196), pages 289\u2013302."},{"key":"24_CR9","doi-asserted-by":"crossref","first-page":"850","DOI":"10.1137\/0213053","volume":"13","author":"M. Blum","year":"1984","unstructured":"M. Blum and S. Micali. How to Generate Cryptographically Strong Sequences of Pseudo-Random Bits. SICOMP, Vol. 13, pages 850\u2013864, 1984. Preliminary version in 23rd FOCS, 1982.","journal-title":"SICOMP"},{"key":"24_CR10","doi-asserted-by":"crossref","unstructured":"M. Boyarsky. Public-key Cryptography and Password Protocols: The Multi-User Case. In Proceedings of the 6th ACM Conference on Computer and Communication Security, 1999.","DOI":"10.1145\/319709.319719"},{"key":"24_CR11","series-title":"Lect Notes Comput Sci","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/3-540-45539-6_12","volume-title":"Euro Crypt 2000","author":"V. Boyko","year":"2000","unstructured":"V. Boyko, P. MacKenzie and S. Patel. Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In Euro Crypt 2000, Springer-Verlag (LNCS 1807), pages 156\u2013171, 2000."},{"issue":"1","key":"24_CR12","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/s001459910006","volume":"13","author":"R. Canetti","year":"2000","unstructured":"R. Canetti. Security and Composition of Multi-party Cryptographic Protocols. Journal of Cryptology, Vol. 13, No. 1, pages 143\u2013202, 2000.","journal-title":"Journal of Cryptology"},{"key":"24_CR13","unstructured":"R. Canetti. A unified framework for analyzing security of protocols. Cryptology ePrint Archive, Report No. 2000\/067, 2000. Available from http:\/\/eprint.iacr.org ."},{"key":"24_CR14","doi-asserted-by":"crossref","unstructured":"R. Canetti, O. Goldreich, and S. Halevi. The Random Oracle Methodology, Revisited. In Proc. of the 30th STOC, pages 209\u2013218, 1998.","DOI":"10.1145\/276698.276741"},{"key":"24_CR15","unstructured":"W. Diffie, and M.E. Hellman. New Directions in Cryptography. IEEE Trans, on Info. Theory, IT-22 (Nov. 1976), pages 644\u2013654."},{"key":"24_CR16","doi-asserted-by":"crossref","unstructured":"D. Dolev, C. Dwork, and M. Naor. Non-Malleable Cryptography. SIAM Journal on Computing, January 2000.","DOI":"10.1137\/S0097539795291562"},{"key":"24_CR17","doi-asserted-by":"crossref","unstructured":"U. Feige and A. Shamir. Witness Indistinguishability and Witness Hiding Protocols. In 22nd STOC, pages 416\u2013426, 1990.","DOI":"10.1145\/100216.100272"},{"key":"24_CR18","unstructured":"O. Goldreich. Secure Multi-Party Computation. Manuscript. Preliminary version, 1998. Available from http:\/\/www.wisdom.weizmann.ac.il\/~oded\/pp.html ."},{"issue":"4","key":"24_CR19","doi-asserted-by":"publisher","first-page":"792","DOI":"10.1145\/6490.6503","volume":"33","author":"O. Goldreich","year":"1986","unstructured":"O. Goldreich, S. Goldwasser, and S. Micali. How to Construct Random Functions. JACM, Vol. 33, No. 4, pages 792\u2013807, 1986.","journal-title":"JACM"},{"key":"24_CR20","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1007\/s001459900010","volume":"9","author":"O. Goldreich","year":"1996","unstructured":"O. Goldreich and A. Kahan. How To Construct Constant-Round Zero-Knowledge Proof Systems for NP. Journal of Cryptology, Vol. 9, pages 167\u2013189, 1996.","journal-title":"Journal of Cryptology"},{"key":"24_CR21","doi-asserted-by":"crossref","unstructured":"O. Goldreich, S. Micali and A. Wigderson. How to Play any Mental Game-A Completeness Theorem for Protocols with Honest Majority. In 19th STOC, pages 218\u2013229, 1987. For details see [18].","DOI":"10.1145\/28395.28420"},{"key":"24_CR22","first-page":"270","volume":"28","author":"S. Goldwasser","year":"1984","unstructured":"S. Goldwasser and S. Micali. Probabilistic Encryption. JCSS, Vol. 28, No. 2, pages 270\u2013299, 1984.","journal-title":"JCSS"},{"key":"24_CR23","doi-asserted-by":"crossref","unstructured":"S. Halevi and H. Krawczyk. Public-Key Cryptography and Password Protocols. In ACM Conference on Computer and Communications Security, 1998.","DOI":"10.1145\/288090.288118"},{"issue":"5","key":"24_CR24","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/242896.242897","volume":"26","author":"D. P. Jablon","year":"1996","unstructured":"D. P. Jablon. Strong password-only authenticated key exchange. SIGCOMM Comput. Commun. Rev., Vol 26, No. 5, pages 5\u201326, 1996.","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"24_CR25","unstructured":"J. Katz, R. Ostrovsky and M. Yung. Practical Password-Authenticated Key Exchange Provably Secure under Standard Assumptions. In Eurocrypt 2001."},{"key":"24_CR26","unstructured":"C. Kaufman, R. Perlman and M. Speciner. Network Security. Prentice Hall, 1997."},{"key":"24_CR27","doi-asserted-by":"crossref","unstructured":"S. Lucks. Open key exchange: How to defeat dictionary attacks without encrypting public keys. In Proceedings of the Workshop on Security Protocols, Ecole Normale Superieure, 1997.","DOI":"10.1007\/BFb0028161"},{"key":"24_CR28","unstructured":"A. Menezes, P. Van Oorschot and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997."},{"key":"24_CR29","series-title":"Lect Notes Comput Sci","volume-title":"Secure Computation. Unpublished manuscript","author":"S. Micali","year":"1992","unstructured":"S. Micali and P. Rogaway. Secure Computation. Unpublished manuscript, 1992. Preliminary version in Crypto\u201991, Springer-Verlag (LNCS 576), 1991."},{"key":"24_CR30","doi-asserted-by":"crossref","unstructured":"M. Naor and B. Pinkas. Oblivious Transfer and Polynomial Evaluation. In 31st STOC, pages 245\u2013254, 1999.","DOI":"10.1145\/301250.301312"},{"key":"24_CR31","doi-asserted-by":"crossref","unstructured":"S. Patel. Number theoretic attacks on secure password schemes. In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 236\u2013247, 1997.","DOI":"10.1109\/SECPRI.1997.601340"},{"key":"24_CR32","doi-asserted-by":"crossref","unstructured":"R. Richardson and J. Kilian. On the Concurrent Composition of Zero-Knowledge Proofs. In EuroCrypt99, pages 415\u2013431.","DOI":"10.1007\/3-540-48910-X_29"},{"key":"24_CR33","doi-asserted-by":"crossref","unstructured":"R. Rivest, A. Shamir and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. CACM, Vol. 21, Feb. 1978, pages 120\u2013126.","DOI":"10.1145\/359340.359342"},{"issue":"3","key":"24_CR34","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1145\/206826.206834","volume":"29","author":"M. Steiner","year":"1995","unstructured":"M. Steiner, G. Tsudi and M. Waidner. Refinement and extension of encrypted key exchange. ACM SIGOPS Oper. Syst. Rev., Vol. 29, 3, pages 22\u201330, 1995.","journal-title":"ACM SIGOPS Oper. Syst. Rev."},{"key":"24_CR35","unstructured":"T. Wu. The secure remote password protocol. In 1998 Internet Society Symposium on Network and Distributed System Security, pages 97\u2013111, 1998."},{"key":"24_CR36","doi-asserted-by":"crossref","unstructured":"A.C. Yao. Theory and Application of Trapdoor Functions. In 23rd FOCS, pages 80\u201391, 1982.","DOI":"10.1109\/SFCS.1982.45"},{"key":"24_CR37","doi-asserted-by":"crossref","unstructured":"A.C. Yao. How to Generate and Exchange Secrets. In 27th FOCS, pages 162\u2013167, 1986.","DOI":"10.1109\/SFCS.1986.25"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2014 CRYPTO 2001"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-44647-8_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,4]],"date-time":"2019-05-04T06:22:26Z","timestamp":1556950946000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-44647-8_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2001]]},"ISBN":["9783540424567","9783540446477"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/3-540-44647-8_24","relation":{},"ISSN":["0302-9743"],"issn-type":[{"value":"0302-9743","type":"print"}],"subject":[],"published":{"date-parts":[[2001]]}}}