{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T16:43:59Z","timestamp":1776357839421,"version":"3.51.2"},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540420705","type":"print"},{"value":"9783540449874","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2001]]},"DOI":"10.1007\/3-540-44987-6_28","type":"book-chapter","created":{"date-parts":[[2007,8,11]],"date-time":"2007-08-11T13:46:47Z","timestamp":1186840007000},"page":"453-474","source":"Crossref","is-referenced-by-count":950,"title":["Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels"],"prefix":"10.1007","author":[{"given":"Ran","family":"Canetti","sequence":"first","affiliation":[]},{"given":"Hugo","family":"Krawczyk","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2001,4,15]]},"reference":[{"key":"28_CR1","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/BF00196771","volume":"4","author":"D. Beaver","year":"1991","unstructured":"D. Beaver, \u201cSecure Multi-party Protocols and Zero-Knowledge Proof Systems Tolerating a Faulty Minority\u201d, J. Cryptology (1991) 4: 75\u2013122.","journal-title":"J. Cryptology"},{"key":"28_CR2","doi-asserted-by":"crossref","unstructured":"M. Bellare, R. Canetti and H. Krawczyk, \u201cA modular approach to the design and analysis of authentication and key-exchange protocols\u201d, 30th STOC, 1998.","DOI":"10.1145\/276698.276854"},{"key":"28_CR3","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1007\/BFb0055718","volume-title":"Relations Among Notions of Security for Public-Key Encryption Schemes","author":"M. Bellare","year":"1998","unstructured":"M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, \u201cRelations Among Notions of Security for Public-Key Encryption Schemes\u201d, Advances in Cryptology-CRYPTO'98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk, ed., Springer-Verlag, 1998, pp. 26\u201345."},{"key":"28_CR4","unstructured":"M. Bellare, E. Petrank, C. Rackoff and P. Rogaway, \u201cAuthenticated key exchange in the public key model,\u201d manuscript 1995-96."},{"key":"28_CR5","series-title":"Lect Notes Comput Sci","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology,-CRYPTO'93","author":"M. Bellare","year":"1994","unstructured":"M. Bellare and P. Rogaway, \u201cEntity authentication and key distribution\u201d, Advances in Cryptology,-CRYPTO'93, Lecture Notes in Computer Science Vol. 773, D. Stinson ed, Springer-Verlag, 1994, pp. 232\u2013249."},{"key":"28_CR6","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway, \u201cProvably secure session key distribution-the three party case,\u201d Annual Symposium on the Theory of Computing (STOC), 1995.","DOI":"10.1145\/225058.225084"},{"issue":"5","key":"28_CR7","doi-asserted-by":"crossref","first-page":"679","DOI":"10.1109\/49.223869","volume":"11","author":"R. Bird","year":"1993","unstructured":"R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva and M. Yung, \u201cSystematic design of two-party authentication protocols,\u201d IEEE Journal on Selected Areas in Communications (special issue on Secure Communications), 11(5):679\u2013693, June 1993. (Preliminary version: Crypto'91.)","journal-title":"IEEE Journal on Selected Areas in Communications (special issue on Secure Communications)"},{"key":"28_CR8","doi-asserted-by":"crossref","unstructured":"S. Blake-Wilson, D. Johnson and A. Menezes, \u201cKey exchange protocols and their security analysis,\u201d Proceedings of the sixth IMA International Conference on Cryptography and Coding, 1997.","DOI":"10.1007\/BFb0024447"},{"key":"28_CR9","doi-asserted-by":"crossref","unstructured":"S. Blake-Wilson and A. Menezes, \u201cEntity authentication and key transport protocols employing asymmetric techniques\u201d, Security Protocols Workshop, 1997.","DOI":"10.1007\/BFb0028166"},{"key":"28_CR10","doi-asserted-by":"crossref","unstructured":"M. Burrows, M. Abadi and R. Needham, \u201cA logic for authentication,\u201d DEC Systems Research Center Technical Report 39, February 1990. Earlier versions in Proceedings of the Second Conference on Theoretical Aspects of Reasoning about Knowledge, 1988, and Proceedings of the Twelfth ACM Symposium on Operating Systems Principles, 1989.","DOI":"10.1145\/74850.74852"},{"key":"28_CR11","doi-asserted-by":"crossref","unstructured":"R. Canetti, \u201cSecurity and Composition of Multiparty Cryptographic Protocols\u201d, Journal of Cryptology, Vol. 13, No. 1, 2000.","DOI":"10.1007\/s001459910006"},{"key":"28_CR12","unstructured":"R. Canetti, \u201cA unified framework for analyzing security of Protocols\u201d, manuscript, 2000. Available at http:\/\/eprint.iacr.org\/2000\/067 ."},{"key":"28_CR13","doi-asserted-by":"crossref","unstructured":"R. Canetti and H. Krawczyk, \u201cAnalysis of Key-Exchange Protocols and Their Use for Building Secure Channels (Full Version)\u201d, http:\/\/eprint.iacr.org\/2001 .","DOI":"10.1007\/3-540-44987-6_28"},{"key":"28_CR14","unstructured":"R. Canetti and H. Krawczyk, \u201cProving secure composition of key-exchange protocols with any application\u201d, in preparation."},{"key":"28_CR15","doi-asserted-by":"publisher","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","volume":"IT-22","author":"W. Diffie","year":"1976","unstructured":"W. Diffie and M. Hellman, \u201cNew directions in cryptography,\u201d IEEE Trans. Info. Theory IT-22, November 1976, pp. 644\u2013654.","journal-title":"IEEE Trans. Info. Theory"},{"key":"28_CR16","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/BF00124891","volume":"2","author":"W. Diffie","year":"1992","unstructured":"W. Diffie, P. van Oorschot and M. Wiener, \u201cAuthentication and authenticated key exchanges\u201d, Designs, Codes and Cryptography, 2, 1992, pp. 107\u2013125.","journal-title":"Designs, Codes and Cryptography"},{"key":"28_CR17","unstructured":"O. Goldreich, \u201cFoundations of Cryptography (Fragments of a book)\u201d, Weizmann Inst. of Science, 1995. (Available at http:\/\/philby.ucsd.edu\/cryptolib.html )"},{"issue":"4","key":"28_CR18","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1145\/6490.6503","volume":"33","author":"O. Goldreich","year":"1986","unstructured":"O. Goldreich, S. Goldwasser and S. Micali, \u201cHow to construct random functions,\u201d Journal of the ACM, Vol. 33, No. 4, 210\u2013217, (1986).","journal-title":"Journal of the ACM"},{"key":"28_CR19","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","DOI":"10.1007\/0-387-34799-2","volume-title":"CRYPTO '90","author":"S. Goldwasser","year":"1990","unstructured":"S. Goldwasser, and L. Levin, \u201cFair Computation of General Functions in Presence of Immoral Majority\u201d, CRYPTO '90, LNCS 537, Springer-Verlag, 1990."},{"issue":"2","key":"28_CR20","first-page":"270","volume":"28","author":"S. Goldwasser","year":"1984","unstructured":"S. Goldwasser and S. Micali, Probabilistic encryption, JCSS, Vol. 28, No 2, April 1984, pp. 270\u2013299.","journal-title":"JCSS"},{"issue":"1","key":"28_CR21","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1137\/0218012","volume":"18","author":"S. Goldwasser","year":"1989","unstructured":"S. Goldwasser, S. Micali and C. Rackoff, \u201cThe Knowledge Complexity of Interactive Proof Systems\u201d, SIAM Journal on Comput., Vol. 18, No. 1, 1989, pp. 186\u2013208.","journal-title":"SIAM Journal on Comput."},{"key":"28_CR22","series-title":"Lect Notes Comput Sci","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1007\/3-540-46885-4_5","volume-title":"Advances in Cryptology-EUROCRYPT'89","author":"C.G. G\u00fcnther","year":"1990","unstructured":"C.G. G\u00fcnther, \u201cAn identity-based key-exchange protocol\u201d, Advances in Cryptology-EUROCRYPT'89, Lecture Notes in Computer Science Vol. 434, Springer-Verlag, 1990, pp. 29\u201337."},{"key":"28_CR23","doi-asserted-by":"crossref","unstructured":"D. Harkins and D. Carrel, ed., \u201cThe Internet Key Exchange (IKE)\u201d, RFC 2409, November 1998.","DOI":"10.17487\/rfc2409"},{"key":"28_CR24","unstructured":"ISO\/IEC IS 9798-3, \u201cEntity authentication mechanisms \u2014 Part 3: Entity authentication using asymmetric techniques\u201d, 1993."},{"key":"28_CR25","unstructured":"H. Krawczyk, \u201cThe order of encryption and authentication for protecting communications (Or: how secure is SSL?)\u201d, manuscript."},{"key":"28_CR26","doi-asserted-by":"crossref","unstructured":"H. Krawczyk, \u201cSKEME: A Versatile Secure Key Exchange Mechanism for Internet,\u201d, Proceedings of the 1996 Internet Society Symposium on Network and Distributed System Security, Feb. 1996, pp. 114\u2013127.","DOI":"10.1109\/NDSS.1996.492418"},{"key":"28_CR27","doi-asserted-by":"crossref","unstructured":"P. Lincoln, J. Mitchell, M. Mitchell, A. Schedrov, \u201cA Probabilistic Poly-time Framework for Protocol Analysis\u201d, 5th ACMConf. on Computer and System Security, 1998.","DOI":"10.1145\/288090.288117"},{"key":"28_CR28","doi-asserted-by":"crossref","unstructured":"A. Menezes, P. Van Oorschot and S. Vanstone, \u201cHandbook of Applied Cryptography,\u201d CRC Press, 1996.","DOI":"10.1201\/9781439821916"},{"key":"28_CR29","unstructured":"S. Micali and P. Rogaway, \u201cSecure Computation\u201d, unpublished manuscript, 1992. Preliminary version in CRYPTO 91."},{"issue":"12","key":"28_CR30","doi-asserted-by":"publisher","first-page":"993","DOI":"10.1145\/359657.359659","volume":"21","author":"R. Needham","year":"1978","unstructured":"R. Needham and M. Schroeder, \u201cUsing encryption for authentication in large networks of computers,\u201d Communications of the ACM, Vol. 21, No. 12, December 1978, pp. 993\u2013999.","journal-title":"Communications of the ACM"},{"key":"28_CR31","series-title":"IBM Research Report","volume-title":"Secure Reactive Systems","author":"B. Pfitzmann","year":"2000","unstructured":"B. Pfitzmann, M. Schunter and M. Waidner, \u201cSecure Reactive Systems\u201d, IBM Research Report RZ 3206 (#93252), IBM Research, Zurich, May 2000."},{"key":"28_CR32","unstructured":"B. Pfitzmann and M. Waidner, \u201cA General Framework for Formal Notions of\u2019 secure\u2019 System\u201d, Hildesheimer Informatik-Berichte 11\/94 Institut f\u00fcr Informatik, Universit\u00e4t Hildesheim, April 1994."},{"key":"28_CR33","series-title":"IBM Research Report","volume-title":"A model for asynchronous reactive systems and its application to secure message transmission","author":"B. Pfitzmann","year":"2000","unstructured":"B. Pfitzmann and M. Waidner, \u201cA model for asynchronous reactive systems and its application to secure message transmission\u201d, IBM Research Report RZ 3304 (#93350), IBM Research, Zurich, December 2000."},{"key":"28_CR34","unstructured":"V. Shoup, \u201cOn Formal Models for Secure Key Exchange\u201d, Theory of Cryptography Library, 1999. Available at: http:\/\/philby.ucsd.edu\/cryptolib\/1999\/99-12.html ."}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2014 EUROCRYPT 2001"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-44987-6_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,1]],"date-time":"2019-05-01T23:23:21Z","timestamp":1556753001000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-44987-6_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2001]]},"ISBN":["9783540420705","9783540449874"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/3-540-44987-6_28","relation":{},"ISSN":["0302-9743"],"issn-type":[{"value":"0302-9743","type":"print"}],"subject":[],"published":{"date-parts":[[2001]]}}}