{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,7]],"date-time":"2025-12-07T13:08:25Z","timestamp":1765112905810,"version":"3.40.3"},"publisher-location":"Cham","reference-count":72,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030457204"},{"type":"electronic","value":"9783030457211"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-45721-1_23","type":"book-chapter","created":{"date-parts":[[2020,5,1]],"date-time":"2020-05-01T04:17:18Z","timestamp":1588306638000},"page":"644-674","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Security of Hedged Fiat\u2013Shamir Signatures Under Fault Attacks"],"prefix":"10.1007","author":[{"given":"Diego F.","family":"Aranha","sequence":"first","affiliation":[]},{"given":"Claudio","family":"Orlandi","sequence":"additional","affiliation":[]},{"given":"Akira","family":"Takahashi","sequence":"additional","affiliation":[]},{"given":"Greg","family":"Zaverucha","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,5,1]]},"reference":[{"key":"23_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1007\/3-540-46035-7_28","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"M Abdalla","year":"2002","unstructured":"Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the Fiat-Shamir transform: minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418\u2013433. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_28"},{"key":"23_CR2","doi-asserted-by":"crossref","unstructured":"Alagic, G., et al.: Status report on the first round of the NIST post-quantum cryptography standardization process (2019)","DOI":"10.6028\/NIST.IR.8240"},{"key":"23_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1007\/978-3-319-76953-0_18","volume-title":"Topics in Cryptology \u2013 CT-RSA 2018","author":"C Ambrose","year":"2018","unstructured":"Ambrose, C., Bos, J.W., Fay, B., Joye, M., Lochter, M., Murray, B.: Differential attacks on deterministic signatures. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 339\u2013353. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76953-0_18"},{"key":"23_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/978-3-662-45611-8_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"DF Aranha","year":"2014","unstructured":"Aranha, D.F., Fouque, P.-A., G\u00e9rard, B., Kammerer, J.-G., Tibouchi, M., Zapalowicz, J.-C.: GLV\/GLS decomposition, power analysis, and attacks on ECDSA signatures with single-bit nonce bias. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 262\u2013281. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_14"},{"key":"23_CR5","unstructured":"Aranha, D.F., Orlandi, C., Takahashi, A., Zaverucha, G.: Security of hedged Fiat-Shamir signatures under fault attacks. Cryptology ePrint Archive, Report 2019\/956 (2019)"},{"issue":"4","key":"23_CR6","doi-asserted-by":"publisher","first-page":"1052","DOI":"10.1007\/s00453-016-0219-7","volume":"79","author":"P Austrin","year":"2017","unstructured":"Austrin, P., Chung, K., Mahmoody, M., Pass, R., Seth, K.: On the impossibility of cryptography with tamperable randomness. Algorithmica 79(4), 1052\u20131101 (2017)","journal-title":"Algorithmica"},{"key":"23_CR7","unstructured":"Baert, M.: Ed25519 leaks private key if public key is incorrect #170. https:\/\/github.com\/jedisct1\/libsodium\/issues\/170"},{"issue":"2","key":"23_CR8","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1109\/JPROC.2005.862424","volume":"94","author":"H Bar-El","year":"2006","unstructured":"Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer\u2019s apprentice guide to fault attacks. Proc. IEEE 94(2), 370\u2013382 (2006)","journal-title":"Proc. IEEE"},{"key":"23_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"182","DOI":"10.1007\/978-3-319-44524-3_11","volume-title":"Advances in Information and Computer Security","author":"A Barenghi","year":"2016","unstructured":"Barenghi, A., Pelosi, G.: A note on fault attacks against deterministic signature schemes. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 182\u2013192. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-44524-3_11"},{"key":"23_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-662-44709-3_12","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2014","author":"G Barthe","year":"2014","unstructured":"Barthe, G., Dupressoir, F., Fouque, P.-A., Gr\u00e9goire, B., Tibouchi, M., Zapalowicz, J.-C.: Making RSA\u2013PSS provably secure against non-random faults. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 206\u2013222. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44709-3_12"},{"key":"23_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-642-10366-7_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M Bellare","year":"2009","unstructured":"Bellare, M., et al.: Hedged public-key encryption: how to protect against bad randomness. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 232\u2013249. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_14"},{"key":"23_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1007\/978-3-662-46803-6_21","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"M Bellare","year":"2015","unstructured":"Bellare, M., Hoang, V.T.: Resisting randomness subversion: fast deterministic and hedged public-key encryption in the standard model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 627\u2013656. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46803-6_21"},{"key":"23_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1007\/3-540-39200-9_31","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2003","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491\u2013506. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-39200-9_31"},{"key":"23_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-662-53890-6_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Poettering, B., Stebila, D.: From identification to signatures, tightly: a framework and generic transforms. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part II. LNCS, vol. 10032, pp. 435\u2013464. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53890-6_15"},{"key":"23_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"729","DOI":"10.1007\/978-3-662-49890-3_28","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Tackmann, B.: Nonce-based cryptography: retaining security when randomness fails. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 729\u2013757. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49890-3_28"},{"issue":"2","key":"23_CR16","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/s13389-012-0027-1","volume":"2","author":"DJ Bernstein","year":"2012","unstructured":"Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77\u201389 (2012). https:\/\/doi.org\/10.1007\/s13389-012-0027-1","journal-title":"J. Cryptogr. Eng."},{"key":"23_CR17","unstructured":"Bindel, N., et al.: qTESLA. Technical report, National Institute of Standards and Technology. https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions"},{"key":"23_CR18","unstructured":"Bleichenbacher, D.: On the generation of one-time keys in DL signature schemes. Presentation at IEEE P1363 Working Group Meeting (2000)"},{"key":"23_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"462","DOI":"10.1007\/978-3-319-63697-9_16","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"A Boldyreva","year":"2017","unstructured":"Boldyreva, A., Patton, C., Shrimpton, T.: Hedging public-key encryption in the real world. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 462\u2013494. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_16"},{"key":"23_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/3-540-69053-0_4","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201997","author":"D Boneh","year":"1997","unstructured":"Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37\u201351. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_4"},{"key":"23_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/3-540-68697-5_11","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"D Boneh","year":"1996","unstructured":"Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129\u2013142. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_11"},{"key":"23_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"623","DOI":"10.1007\/978-3-030-00470-5_29","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"M Brengel","year":"2018","unstructured":"Brengel, M., Rossow, C.: Identifying key leakage of bitcoin users. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 623\u2013643. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00470-5_29"},{"issue":"3","key":"23_CR23","doi-asserted-by":"crossref","first-page":"21","DOI":"10.46586\/tches.v2018.i3.21-43","volume":"2018","author":"LG Bruinderink","year":"2018","unstructured":"Bruinderink, L.G., Pessl, P.: Differential fault attacks on deterministic lattice signatures. IACR TCHES 2018(3), 21\u201343 (2018)","journal-title":"IACR TCHES"},{"key":"23_CR24","unstructured":"Chailloux, A.: Quantum security of the Fiat-Shamir transform of commit and open protocols. Cryptology ePrint Archive, Report 2019\/699 (2019)"},{"key":"23_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1007\/978-3-662-49099-0_5","volume-title":"Theory of Cryptography","author":"M Ciampi","year":"2016","unstructured":"Ciampi, M., Persiano, G., Scafuro, A., Siniscalchi, L., Visconti, I.: Improved OR-composition of sigma-protocols. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016, Part II. LNCS, vol. 9563, pp. 112\u2013141. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49099-0_5"},{"key":"23_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-74735-2_13","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2007","author":"C Clavier","year":"2007","unstructured":"Clavier, C.: Secret external encodings do not prevent transient fault analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 181\u2013194. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74735-2_13"},{"key":"23_CR27","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C.J.F., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: EuroS&P, pp. 451\u2013466. IEEE (2017)","DOI":"10.1109\/EuroSP.2017.27"},{"key":"23_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"653","DOI":"10.1007\/978-3-642-10366-7_38","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"J-S Coron","year":"2009","unstructured":"Coron, J.-S., Mandal, A.: PSS is secure against random fault attacks. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 653\u2013666. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_38"},{"key":"23_CR29","doi-asserted-by":"crossref","unstructured":"Daemen, J., Dobraunig, C., Eichlseder, M., Gross, H., Mendel, F., Primas, R.: Protecting against statistical ineffective fault attacks. Cryptology ePrint Archive, Report 2019\/536","DOI":"10.46586\/tches.v2020.i3.508-543"},{"key":"23_CR30","unstructured":"Damg\u00e5rd, I.: On $$\\varSigma $$-protocols. http:\/\/www.cs.au.dk\/~ivan\/Sigma.pdf"},{"issue":"1","key":"23_CR31","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1007\/s00145-015-9218-0","volume":"30","author":"I Damg\u00e5rd","year":"2015","unstructured":"Damg\u00e5rd, I., Faust, S., Mukherjee, P., Venturi, D.: Bounded tamper resilience: how to go beyond the algebraic barrier. J. Cryptol. 30(1), 152\u2013190 (2015). https:\/\/doi.org\/10.1007\/s00145-015-9218-0","journal-title":"J. Cryptol."},{"key":"23_CR32","first-page":"25","volume":"1","author":"L De Meyer","year":"2019","unstructured":"De Meyer, L., Arribas, V., Nikova, S., Nikov, V., Rijmen, V.: M&M: masks and macs against physical attacks. IACR TCHES 1, 25\u201350 (2019)","journal-title":"IACR TCHES"},{"key":"23_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-030-03329-3_11","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"C Dobraunig","year":"2018","unstructured":"Dobraunig, C., Eichlseder, M., Gross, H., Mangard, S., Mendel, F., Primas, R.: Statistical ineffective fault attacks on\u00a0masked AES with fault countermeasures. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 315\u2013342. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_11"},{"key":"23_CR34","doi-asserted-by":"crossref","first-page":"547","DOI":"10.46586\/tches.v2018.i3.547-572","volume":"3","author":"C Dobraunig","year":"2018","unstructured":"Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. IACR TCHES 3, 547\u2013572 (2018)","journal-title":"IACR TCHES"},{"issue":"4","key":"23_CR35","doi-asserted-by":"publisher","first-page":"20:1","DOI":"10.1145\/3178432","volume":"65","author":"S Dziembowski","year":"2018","unstructured":"Dziembowski, S., Pietrzak, K., Wichs, D.: Non-malleable codes. J. ACM 65(4), 20:1\u201320:32 (2018)","journal-title":"J. ACM"},{"key":"23_CR36","unstructured":"fail0verflow: Console hacking 2010 - PS3 epic fail. 27th Chaos Communications Congress (2010)"},{"key":"23_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-319-93387-0_7","volume-title":"Applied Cryptography and Network Security","author":"A Faonio","year":"2018","unstructured":"Faonio, A., Nielsen, J.B., Simkin, M., Venturi, D.: Continuously non-malleable codes with split-state refresh. In: Preneel, B., Vercauteren, F. (eds.) ACNS 2018. LNCS, vol. 10892, pp. 121\u2013139. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-93387-0_7"},{"key":"23_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"877","DOI":"10.1007\/978-3-662-53887-6_32","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"A Faonio","year":"2016","unstructured":"Faonio, A., Venturi, D.: Efficient public-key cryptography with bounded leakage and tamper resilience. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 877\u2013907. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_32"},{"key":"23_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1007\/978-3-642-22006-7_33","volume-title":"Automata, Languages and Programming","author":"S Faust","year":"2011","unstructured":"Faust, S., Pietrzak, K., Venturi, D.: Tamper-proof circuits: how to trade leakage for tamper-resilience. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part I. LNCS, vol. 6755, pp. 391\u2013402. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22006-7_33"},{"key":"23_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201986","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987). https:\/\/doi.org\/10.1007\/3-540-47721-7_12"},{"key":"23_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-030-40186-3_4","volume-title":"Topics in Cryptology \u2013 CT-RSA 2020","author":"M Fischlin","year":"2020","unstructured":"Fischlin, M., G\u00fcnther, F.: Modeling memory faults in signature and authenticated encryption schemes. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 56\u201384. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-40186-3_4"},{"key":"23_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"908","DOI":"10.1007\/978-3-662-53887-6_33","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"E Fujisaki","year":"2016","unstructured":"Fujisaki, E., Xagawa, K.: Public-key cryptosystems resilient to continuous tampering and leakage of arbitrary functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 908\u2013938. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_33"},{"key":"23_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"258","DOI":"10.1007\/978-3-540-24638-1_15","volume-title":"Theory of Cryptography","author":"R Gennaro","year":"2004","unstructured":"Gennaro, R., Lysyanskaya, A., Malkin, T., Micali, S., Rabin, T.: Algorithmic Tamper-Proof (ATP) security: theoretical foundations for security against hardware tampering. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 258\u2013277. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24638-1_15"},{"key":"23_CR44","volume-title":"Foundations of Cryptography","author":"O Goldreich","year":"2000","unstructured":"Goldreich, O.: Foundations of Cryptography, vol. 1. Cambridge University Press, New York (2000)"},{"key":"23_CR45","doi-asserted-by":"crossref","unstructured":"Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design (extended abstract). In: 27th FOCS, pp. 174\u2013187. IEEE Computer Society Press (1986)","DOI":"10.1109\/SFCS.1986.47"},{"key":"23_CR46","series-title":"Information Security and Cryptography","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14303-8","volume-title":"Efficient Secure Two-Party Protocols","author":"C Hazay","year":"2010","unstructured":"Hazay, C., Lindell, Y.: Efficient Secure Two-Party Protocols. ISC. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14303-8"},{"key":"23_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/978-3-319-76578-5_9","volume-title":"Public-Key Cryptography \u2013 PKC 2018","author":"Z Huang","year":"2018","unstructured":"Huang, Z., Lai, J., Chen, W., Au, M.H., Peng, Z., Li, J.: Hedged nonce-based public-key encryption: adaptive security under randomness failures. In: Abdalla, M., Dahab, R. (eds.) PKC 2018, Part I. LNCS, vol. 10769, pp. 253\u2013279. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76578-5_9"},{"key":"23_CR48","doi-asserted-by":"crossref","unstructured":"Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge from secure multiparty computation. In: 39th ACM STOC, pp. 21\u201330. ACM Press (2007)","DOI":"10.1145\/1250790.1250794"},{"key":"23_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1007\/11761679_19","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"Y Ishai","year":"2006","unstructured":"Ishai, Y., Prabhakaran, M., Sahai, A., Wagner, D.: Private circuits II: keeping secrets in tamperable circuits. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 308\u2013327. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_19"},{"key":"23_CR50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29656-7","volume-title":"Fault analysis in cryptography, Information Security and Cryptography","author":"M Joye","year":"2012","unstructured":"Joye, M., Tunstall, M.: Fault analysis in cryptography, Information Security and Cryptography, vol. 147. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29656-7"},{"issue":"12","key":"23_CR51","doi-asserted-by":"publisher","first-page":"2295","DOI":"10.1109\/TVLSI.2012.2231707","volume":"21","author":"D Karaklajic","year":"2013","unstructured":"Karaklajic, D., Schmidt, J., Verbauwhede, I.: Hardware designer\u2019s guide to fault attacks. IEEE Trans. VLSI Syst. 21(12), 2295\u20132306 (2013)","journal-title":"IEEE Trans. VLSI Syst."},{"key":"23_CR52","doi-asserted-by":"crossref","unstructured":"Katz, J., Kolesnikov, V., Wang, X.: Improved non-interactive zero knowledge with applications to post-quantum signatures. In: ACM CCS 2018, pp. 525\u2013537. ACM Press (2018)","DOI":"10.1145\/3243734.3243805"},{"key":"23_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"545","DOI":"10.1007\/0-387-34805-0_47","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201989 Proceedings","author":"J Kilian","year":"1990","unstructured":"Kilian, J., Micali, S., Ostrovsky, R.: Minimum resource zero-knowledge proofs (extended abstract). In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 545\u2013546. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_47"},{"key":"23_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1007\/978-3-319-78372-7_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"E Kiltz","year":"2018","unstructured":"Kiltz, E., Lyubashevsky, V., Schaffner, C.: A concrete treatment of Fiat-Shamir signatures in the quantum random-oracle model. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 552\u2013586. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_18"},{"key":"23_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-662-53008-5_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"E Kiltz","year":"2016","unstructured":"Kiltz, E., Masny, D., Pan, J.: Optimal security proofs for signatures from identification schemes. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 33\u201361. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_2"},{"key":"23_CR56","doi-asserted-by":"crossref","unstructured":"Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ISCA, pp. 361\u2013372. IEEE Computer Society (2014)","DOI":"10.1145\/2678373.2665726"},{"key":"23_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"517","DOI":"10.1007\/978-3-642-32009-5_30","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"F-H Liu","year":"2012","unstructured":"Liu, F.-H., Lysyanskaya, A.: Tamper and leakage resilience in the split-state model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 517\u2013532. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_30"},{"key":"23_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/978-3-319-30840-1_2","volume-title":"Information Security and Cryptology - ICISC 2015","author":"H Morita","year":"2016","unstructured":"Morita, H., Schuldt, J.C.N., Matsuda, T., Hanaoka, G., Iwata, T.: On the security of the schnorr signature scheme and dsa against related-key attacks. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 20\u201335. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-30840-1_2"},{"key":"23_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1007\/3-540-48892-8_6","volume-title":"Selected Areas in Cryptography","author":"D M\u2019Ra\u00efhi","year":"1999","unstructured":"M\u2019Ra\u00efhi, D., Naccache, D., Pointcheval, D., Vaudenay, S.: Computational alternatives to random number generators. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 72\u201380. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48892-8_6"},{"key":"23_CR60","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/BFb0055741","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201998","author":"K Ohta","year":"1998","unstructured":"Ohta, K., Okamoto, T.: On concrete security treatment of signatures derived from identification. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 354\u2013369. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0055741"},{"key":"23_CR61","unstructured":"Perrin, T.: The XEdDSA and VXEdDSA Signature Schemes. Signalrevision 1. https:\/\/signal.org\/docs\/specifications\/xeddsa\/"},{"key":"23_CR62","doi-asserted-by":"crossref","unstructured":"Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., Rosler, P.: Attacking deterministic signature schemes using fault attacks. In: Euro S&P 2018, pp. 338\u2013352. IEEE (2018)","DOI":"10.1109\/EuroSP.2018.00031"},{"issue":"3","key":"23_CR63","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000). https:\/\/doi.org\/10.1007\/s001450010003","journal-title":"J. Cryptol."},{"key":"23_CR64","doi-asserted-by":"crossref","unstructured":"Ravi, P., Jhanwar, M.P., Howe, J., Chattopadhyay, A., Bhasin, S.: Exploiting determinism in lattice-based signatures: practical fault attacks on pqm4 implementations of NIST candidates. In: Asia CCS 2019, pp. 427\u2013440. ACM (2019)","DOI":"10.1145\/3321705.3329821"},{"key":"23_CR65","unstructured":"Ristenpart, T., Yilek, S.: When good randomness goes bad: virtual machine reset vulnerabilities and hedging deployed cryptography. In: NDSS 2010. The Internet Society (2010)"},{"key":"23_CR66","doi-asserted-by":"crossref","unstructured":"Romailler, Y., Pelissier, S.: Practical fault attack against the Ed25519 and EdDSA signature schemes. In: FDTC 2017, pp. 17\u201324 (2017)","DOI":"10.1109\/FDTC.2017.12"},{"key":"23_CR67","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-319-89339-6_17","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2018","author":"N Samwel","year":"2018","unstructured":"Samwel, N., Batina, L.: Practical fault injection on deterministic signatures: the case of EdDSA. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 306\u2013321. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-89339-6_17"},{"key":"23_CR68","unstructured":"Schmidt, B.: [curves] EdDSA specification. https:\/\/moderncrypto.org\/mail-archive\/curves\/2016\/000768.html"},{"issue":"3","key":"23_CR69","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/BF00196725","volume":"4","author":"CP Schnorr","year":"1991","unstructured":"Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161\u2013174 (1991). https:\/\/doi.org\/10.1007\/BF00196725","journal-title":"J. Cryptol."},{"key":"23_CR70","doi-asserted-by":"crossref","first-page":"331","DOI":"10.46586\/tches.v2018.i3.331-371","volume":"3","author":"A Takahashi","year":"2018","unstructured":"Takahashi, A., Tibouchi, M., Abe, M.: New bleichenbacher records: fault attacks on qDSA signatures. IACR TCHES 3, 331\u2013371 (2018)","journal-title":"IACR TCHES"},{"issue":"9","key":"23_CR71","doi-asserted-by":"publisher","first-page":"967","DOI":"10.1109\/12.869328","volume":"49","author":"S Yen","year":"2000","unstructured":"Yen, S., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967\u2013970 (2000)","journal-title":"IEEE Trans. Comput."},{"key":"23_CR72","unstructured":"Zaverucha, G., et al.: Picnic. Technical report, National Institute of Standards and Technology. https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2020"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-45721-1_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:05:06Z","timestamp":1682899506000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-45721-1_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030457204","9783030457211"],"references-count":72,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-45721-1_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"1 May 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zagreb","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Croatia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 May 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 May 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"39","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"IACR websubrev","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"375","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"81","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"22% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}