{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T01:25:43Z","timestamp":1775265943458,"version":"3.50.1"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030038090","type":"print"},{"value":"9783030038106","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-03810-6_21","type":"book-chapter","created":{"date-parts":[[2018,11,7]],"date-time":"2018-11-07T16:30:29Z","timestamp":1541608229000},"page":"575-599","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["The Security of Lazy Users in Out-of-Band Authentication"],"prefix":"10.1007","author":[{"given":"Moni","family":"Naor","sequence":"first","affiliation":[]},{"given":"Lior","family":"Rotem","sequence":"additional","affiliation":[]},{"given":"Gil","family":"Segev","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,11,8]]},"reference":[{"key":"21_CR1","unstructured":"Alghamdi, D., Flechais, I., Jirotka, M.: Security practices for households bank customers in the kingdom of Saudi Arabia. In: Symposium on Usable Privacy and Security (SOUPS), pp. 297\u2013308 (2015)"},{"issue":"3","key":"21_CR2","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1016\/j.cose.2003.09.002","volume":"23","author":"D Besnard","year":"2004","unstructured":"Besnard, D., Arief, B.: Computer security impaired by legitimate users. Comput. Secur. 23(3), 253\u2013264 (2004)","journal-title":"Comput. Secur."},{"key":"21_CR3","doi-asserted-by":"crossref","unstructured":"Barak, B.: Constant-round coin-tossing with a man in the middle or realizing the shared random string model. In: Proceedings of the 43rd Annual IEEE Symposium on Foundations of Computer Science, pp. 345\u2013355 (2002)","DOI":"10.1109\/SFCS.2002.1181957"},{"issue":"1","key":"21_CR4","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1109\/18.272497","volume":"40","author":"SM Bellovin","year":"1994","unstructured":"Bellovin, S.M., Merritt, M.: An attack on the interlock protocol when used for authentication. IEEE Trans. Inf. Theor. 40(1), 273\u2013275 (1994)","journal-title":"IEEE Trans. Inf. Theor."},{"key":"21_CR5","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62\u201373 (1993)","DOI":"10.1145\/168588.168596"},{"key":"21_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1007\/978-3-319-63697-9_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"M Bellare","year":"2017","unstructured":"Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: the security of messaging. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 619\u2013650. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_21"},{"key":"21_CR7","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C.J.F., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P), pp. 451\u2013466 (2017)","DOI":"10.1109\/EuroSP.2017.27"},{"key":"21_CR8","unstructured":"Cohn-Gordon, K., Cremers, C.: Mind the gap: where provable security and real-world messaging don\u2019t quite meet. Cryptology ePrint Archive, Report 2017\/982 (2017)"},{"key":"21_CR9","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. Cryptology ePrint Archive, Report 2017\/666 (2017)","DOI":"10.1145\/3243734.3243747"},{"key":"21_CR10","doi-asserted-by":"crossref","unstructured":"Dupree, J.L., Devries, R., Berry, D.M., Lank, E.: Privacy personas: clustering users via attitudes and behaviors toward security practices. In: Proceedings of the CHI Conference on Human Factors in Computing Systems, pp. 5228\u20135239. ACM (2016)","DOI":"10.1145\/2858036.2858214"},{"issue":"2","key":"21_CR11","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1137\/S0097539795291562","volume":"30","author":"D Dolev","year":"2000","unstructured":"Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. Comput. 30(2), 391\u2013437 (2000)","journal-title":"SIAM J. Comput."},{"key":"21_CR12","unstructured":"Ellison, C.M.: Establishing identity without certification authorities. In: Proceedings of the 6th USENIX Security Symposium, p. 7 (1996)"},{"key":"21_CR13","doi-asserted-by":"crossref","unstructured":"Frosch, T., Mainka, C., Bader, C., Bergsma, F., Schwenk, J., Holz, T.: How secure is TextSecure? In: Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P), pp. 457\u2013472 (2016)","DOI":"10.1109\/EuroSP.2016.41"},{"key":"21_CR14","doi-asserted-by":"crossref","unstructured":"Goyal, V., Lee, C.-K., Ostrovsky, R., Visconti, I.: Constructing non-malleable commitments: a black-box approach. In: Proceedings of the 53rd Annual IEEE Symposium on Foundations of Computer Science, pp. 51\u201360 (2012)","DOI":"10.1109\/FOCS.2012.47"},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Goldreich, O.: Foundations of Cryptography: Basic Techniques, vol. 1. Cambridge University Press, Cambridge (2001)","DOI":"10.1017\/CBO9780511546891"},{"key":"21_CR16","doi-asserted-by":"crossref","unstructured":"Goyal, V.: Constant round non-malleable protocols using one way functions. In: Proceedings of the 43rd Annual ACM Symposium on Theory of Computing, pp. 695\u2013704 (2011)","DOI":"10.1145\/1993636.1993729"},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Goyal, V., Pandey, O., Richelson, S.: Textbook non-malleable commitments. In: Proceedings of the 48th annual ACM Symposium on Theory of Computing, pp. 1128\u20131141 (2016)","DOI":"10.1145\/2897518.2897657"},{"key":"21_CR18","unstructured":"Green, M.: Attack of the week: Group messaging in WhatsApp and Signal. A Few Thoughts on Cryptographic Engineering (2018). https:\/\/blog.cryptographyengineering.com\/2018\/01\/10\/attack-of-the-week-group-messaging"},{"key":"21_CR19","unstructured":"Greenberg, A.: WhatsApp security flaws could allow snoops to slide into group chats. Wired Magazine (2018). https:\/\/www.wired.com\/story\/whatsapp-security-flaws-encryption-group-chats"},{"key":"21_CR20","doi-asserted-by":"crossref","unstructured":"Goyal, V., Richelson, S., Rosen, A., Vald, M.: An algebraic approach to non-malleability. In: Proceedings of the 55th Annual IEEE Symposium on Foundations of Computer Science, pp. 41\u201350 (2014)","DOI":"10.1109\/FOCS.2014.13"},{"key":"21_CR21","doi-asserted-by":"crossref","unstructured":"Herley, C.: So long and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the Workshop on New Security Paradigms, pp. 133\u2013144 (2009)","DOI":"10.1145\/1719030.1719050"},{"key":"21_CR22","doi-asserted-by":"crossref","unstructured":"Herzberg, A., Leibowitz, H.: Can Johnny finally encrypt?: evaluating E2E-encryption in popular IM applications. In: Proceedings of the 6th Workshop on Socio-Technical Aspects in Security and Trust, pp. 17\u201328 (2016)","DOI":"10.1145\/3046055.3046059"},{"key":"21_CR23","unstructured":"Harbach, M., Zezschwitz, E.V., Fichtner, A., Luca, A.D., Smith, M.: It\u2019s a hard lock life: a field study of smartphone (un)locking behavior and risk perception. In: Symposium on Usable Privacy and Security (SOUPS), pp. 213\u2013230 (2014)"},{"key":"21_CR24","doi-asserted-by":"crossref","unstructured":"Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS&P), pp. 435\u2013450 (2017)","DOI":"10.1109\/EuroSP.2017.38"},{"key":"21_CR25","doi-asserted-by":"crossref","unstructured":"Lin, H., Pass, R.: Non-malleability amplification. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 189\u2013198 (2009)","DOI":"10.1145\/1536414.1536442"},{"key":"21_CR26","doi-asserted-by":"crossref","unstructured":"Lin, H., Pass, R.: Constant-round non-malleable commitments from any one-way function. In: Proceedings of the 43rd Annual ACM Symposium on Theory of Computing, pp. 705\u2013714 (2011)","DOI":"10.1145\/1993636.1993730"},{"key":"21_CR27","unstructured":"Li, S., Shum, H.-Y.: Secure human-computer identification against peeping attacks (SecHCI): A survey (2003)"},{"key":"21_CR28","unstructured":"Membe, T.: A look at how private messengers handle key changes. Medium (2017). https:\/\/medium.com\/@pepelephew\/a-look-at-how-private-messengers-handle-key-changes-5fd4334b809a"},{"key":"21_CR29","doi-asserted-by":"crossref","unstructured":"Naor, M., Rotem, L., Segev, G.: The security of lazy users in out-of-band authentication. Cryptology ePrint Archive, Report 2018\/823 (2018)","DOI":"10.1007\/978-3-030-03810-6_21"},{"key":"21_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"214","DOI":"10.1007\/11818175_13","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Naor","year":"2006","unstructured":"Naor, M., Segev, G., Smith, A.: Tight bounds for unconditional authentication protocols in the manual channel and shared key models. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 214\u2013231. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11818175_13"},{"issue":"6","key":"21_CR31","doi-asserted-by":"publisher","first-page":"2408","DOI":"10.1109\/TIT.2008.921691","volume":"54","author":"M Naor","year":"2008","unstructured":"Naor, M., Segev, G., Smith, A.D.: Tight bounds for unconditional authentication protocols in the manual channel and shared key models. IEEE Trans. Inf. Theor. 54(6), 2408\u20132425 (2008)","journal-title":"IEEE Trans. Inf. Theor."},{"key":"21_CR32","doi-asserted-by":"crossref","unstructured":"Patrick, A.S., Long, A.C., Flinn, S.: HCI and security systems. In: Proceedings of the CHI Conference on Human Factors in Computing Systems, pp. 1056\u20131057 (2003)","DOI":"10.1145\/765891.766146"},{"key":"21_CR33","unstructured":"Perrin, T., Marlinspike, M.: The double ratchet algorithm (2016). https:\/\/signal.org\/docs\/specifications\/doubleratchet\/doubleratchet.pdf. Accessed 16 May 2018"},{"key":"21_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-540-85174-5_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"O Pandey","year":"2008","unstructured":"Pandey, O., Pass, R., Vaikuntanathan, V.: Adaptive one-way functions and applications. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 57\u201374. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85174-5_4"},{"issue":"2","key":"21_CR35","doi-asserted-by":"publisher","first-page":"702","DOI":"10.1137\/060671553","volume":"38","author":"R Pass","year":"2008","unstructured":"Pass, R., Rosen, A.: New and improved constructions of nonmalleable cryptographic protocols. SIAM J. Comput. 38(2), 702\u2013752 (2008)","journal-title":"SIAM J. Comput."},{"key":"21_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/11605805_18","volume-title":"Topics in Cryptology \u2013 CT-RSA 2006","author":"S Pasini","year":"2006","unstructured":"Pasini, S., Vaudenay, S.: An optimal non-interactive message authentication protocol. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 280\u2013294. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11605805_18"},{"key":"21_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"638","DOI":"10.1007\/978-3-642-13190-5_32","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"R Pass","year":"2010","unstructured":"Pass, R., Wee, H.: Constant-round non-malleable commitments from sub-exponential one-way functions. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 638\u2013655. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_32"},{"key":"21_CR38","doi-asserted-by":"crossref","unstructured":"R\u00f6sler, P., Mainka, C., Schwenk, J.: More is less: on the end-to-end security of group chats in signal, WhatsApp, and Threema. In: Proceedings of the 3nd IEEE European Symposium on Security and Privacy (EuroS&P) (2018)","DOI":"10.1109\/EuroSP.2018.00036"},{"issue":"4","key":"21_CR39","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1145\/358027.358053","volume":"27","author":"RL Rivest","year":"1984","unstructured":"Rivest, R.L., Shamir, A.: How to expose an eavesdropper. Commun. ACM 27(4), 393\u2013395 (1984)","journal-title":"Commun. ACM"},{"key":"21_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-319-96884-1_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"L Rotem","year":"2018","unstructured":"Rotem, L., Segev, G.: Out-of-band authentication in group messaging: computational, statistical, optimal. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 63\u201389. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_3"},{"key":"21_CR41","doi-asserted-by":"crossref","unstructured":"Schliep, M., Kariniemi, I., Hopper, N.: Is Bob sending mixed signals? In: Proceedings of the 2017 on Workshop on Privacy in the Electronic Society, pp. 31\u201340 (2017)","DOI":"10.1145\/3139550.3139568"},{"key":"21_CR42","unstructured":"Telegram. End-to-end encrypted voice calls - key verification. https:\/\/core.telegram.org\/api\/end-to-end\/voice-calls#key-verification. Accessed 16 May 2018"},{"key":"21_CR43","unstructured":"Telegram. End-to-end encryption. https:\/\/core.telegram.org\/api\/end-to-end. Accessed 16 May 2018"},{"key":"21_CR44","unstructured":"Telegram. FAQ for the technically inclined - hash collisions for Diffie-Hellman keys. https:\/\/core.telegram.org\/techfaq#hash-collisions-for-diffie-hellman-keys. Accessed 16 May 2018"},{"key":"21_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1007\/11535218_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"S Vaudenay","year":"2005","unstructured":"Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309\u2013326. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_19"},{"key":"21_CR46","unstructured":"Viber encryption overview. https:\/\/www.viber.com\/app\/uploads\/Viber-Encryption-Overview.pdf. Accessed 16 May 2018"},{"key":"21_CR47","doi-asserted-by":"crossref","unstructured":"Wee, H.: Black-box, round-efficient secure computation via non-malleability amplification. In: Proceedings of the 51st Annual IEEE Symposium on Foundations of Computer Science, pp. 531\u2013540 (2010)","DOI":"10.1109\/FOCS.2010.87"},{"key":"21_CR48","unstructured":"WhatsApp encryption overview. https:\/\/www.whatsapp.com\/security\/WhatsApp-Security-Whitepaper.pdf. Accessed 16 May 2018"},{"key":"21_CR49","unstructured":"Wikipedia. Instant messaging. https:\/\/en.wikipedia.org\/wiki\/Instant_messaging. Accessed 16 May 2018"}],"container-title":["Lecture Notes in Computer Science","Theory of Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-03810-6_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T00:21:07Z","timestamp":1775262067000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-03810-6_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030038090","9783030038106"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-03810-6_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"8 November 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"TCC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Theory of Cryptography Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Panaji","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 November 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 November 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"tcc2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/tcc.iacr.org\/2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}