{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T05:09:39Z","timestamp":1742965779968,"version":"3.40.3"},"publisher-location":"Cham","reference-count":51,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030643560"},{"type":"electronic","value":"9783030643577"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-64357-7_5","type":"book-chapter","created":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T11:47:35Z","timestamp":1606218455000},"page":"91-113","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["SoK: Comparison of the Security of Real World RSA Hash-and-Sign Signatures"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4425-4240","authenticated-orcid":false,"given":"Saqib A.","family":"Kakvi","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,24]]},"reference":[{"key":"5_CR1","unstructured":"ANSI: Digital signatures using reversible public key cryptography for the financial services industry (rDSA). Technical report X9.31, American National Standards Institute, New York, New York, USA (1998)"},{"key":"5_CR2","doi-asserted-by":"publisher","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM CCS 93, pp. 62\u201373. ACM Press (1993). https:\/\/doi.org\/10.1145\/168588.168596","DOI":"10.1145\/168588.168596"},{"key":"5_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1007\/3-540-68339-9_34","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and Rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399\u2013416. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_34"},{"key":"5_CR4","unstructured":"Bellare, M., Rogaway, P.: PSS: provably secure encoding method for digital signatures. Submission to IEEE P1363 Working Group (1998)"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"442","DOI":"10.1007\/3-540-48071-4_31","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 92","author":"M Bellare","year":"1993","unstructured":"Bellare, M., Yung, M.: Certifying cryptographic tools: the case of trapdoor permutations. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 442\u2013460. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-48071-4_31"},{"issue":"3","key":"5_CR6","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/BF00208000","volume":"9","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Yung, M.: Certifying permutations: noninteractive zero-knowledge based on any trapdoor permutation. J. Cryptol. 9(3), 149\u2013166 (1996). https:\/\/doi.org\/10.1007\/BF00208000","journal-title":"J. Cryptol."},{"key":"5_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/3-540-68339-9_2","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201996","author":"D Bleichenbacher","year":"1996","unstructured":"Bleichenbacher, D.: Generating EIGamal signatures without knowing the secret key. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 10\u201318. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_2"},{"key":"5_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BFb0055716","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201998","author":"D Bleichenbacher","year":"1998","unstructured":"Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1\u201312. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0055716"},{"key":"5_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1007\/3-540-48910-X_28","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201999","author":"C Cachin","year":"1999","unstructured":"Cachin, C., Micali, S., Stadler, M.: Computationally private information retrieval with polylogarithmic communication. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 402\u2013414. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48910-X_28"},{"issue":"4","key":"5_CR10","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s001459900030","volume":"10","author":"D Coppersmith","year":"1997","unstructured":"Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233\u2013260 (1997). https:\/\/doi.org\/10.1007\/s001459900030","journal-title":"J. Cryptol."},{"key":"5_CR11","unstructured":"Coppersmith, D., Halevi, S., Jutla, C.: ISO 9796\u20131 and the new forgery strategy (working draft). Submission to IEEE P1363 Working Group (1999)"},{"key":"5_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/3-540-44598-6_14","volume-title":"Advances in Cryptology \u2014 CRYPTO 2000","author":"J-S Coron","year":"2000","unstructured":"Coron, J.-S.: On the exact security of full domain hash. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 229\u2013235. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44598-6_14"},{"key":"5_CR13","unstructured":"Coron, J.S.: Optimal security proofs for PSS and other signature schemes. Cryptology ePrint Archive, Report 2001\/062 (2001). http:\/\/eprint.iacr.org\/2001\/062"},{"key":"5_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1007\/3-540-46035-7_18","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"J-S Coron","year":"2002","unstructured":"Coron, J.-S.: Optimal security proofs for PSS and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272\u2013287. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_18"},{"key":"5_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1007\/3-540-45708-9_39","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"J-S Coron","year":"2002","unstructured":"Coron, J.-S.: Security proof for partial-domain hash signature schemes. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 613\u2013626. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_39"},{"key":"5_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-48405-1_1","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 99","author":"J-S Coron","year":"1999","unstructured":"Coron, J.-S., Naccache, D., Stern, J.P.: On the security of RSA padding. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 1\u201318. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_1"},{"issue":"3","key":"5_CR17","doi-asserted-by":"publisher","first-page":"632","DOI":"10.1007\/s00145-015-9205-5","volume":"29","author":"JS Coron","year":"2016","unstructured":"Coron, J.S., Naccache, D., Tibouchi, M., Weinmann, R.P.: Practical cryptanalysis of ISO 9796\u20132 and EMV signatures. J. Cryptol. 29(3), 632\u2013656 (2016). https:\/\/doi.org\/10.1007\/s00145-015-9205-5","journal-title":"J. Cryptol."},{"key":"5_CR18","unstructured":"Davida, G.I.: Chosen signature cryptanalysis of the RSA (MIT) public key cryptosystem. University of Wisconsin, Milwaukee, Technical report (1982)"},{"key":"5_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1007\/3-540-39799-X_3","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201985 Proceedings","author":"W de Jonge","year":"1986","unstructured":"de Jonge, W., Chaum, D.: Attacks on some RSA signatures. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 18\u201327. Springer, Heidelberg (1986). https:\/\/doi.org\/10.1007\/3-540-39799-X_3"},{"key":"5_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/978-3-642-27954-6_8","volume-title":"Topics in Cryptology \u2013 CT-RSA 2012","author":"JP Degabriele","year":"2012","unstructured":"Degabriele, J.P., Lehmann, A., Paterson, K.G., Smart, N.P., Strefler, M.: On the joint security of encryption and signature in EMV. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 116\u2013135. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-27954-6_8"},{"issue":"4","key":"5_CR21","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1145\/358027.358052","volume":"27","author":"DE Denning","year":"1984","unstructured":"Denning, D.E.: Digital signatures with RSA and other public-key cryptosystems. Commun. ACM 27(4), 388\u2013392 (1984). https:\/\/doi.org\/10.1145\/358027.358052","journal-title":"Commun. ACM"},{"key":"5_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"516","DOI":"10.1007\/3-540-39799-X_40","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201985 Proceedings","author":"Y Desmedt","year":"1986","unstructured":"Desmedt, Y., Odlyzko, A.M.: A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 516\u2013522. Springer, Heidelberg (1986). https:\/\/doi.org\/10.1007\/3-540-39799-X_40"},{"key":"5_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/3-540-69053-0_34","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201997","author":"M Girault","year":"1997","unstructured":"Girault, M., Misarsky, J.-F.: Selective forgery of RSA signatures using redundancy. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 495\u2013507. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_34"},{"key":"5_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/3-540-45539-6_6","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"M Girault","year":"2000","unstructured":"Girault, M., Misarsky, J.-F.: Cryptanalysis of countermeasures proposed for repairing ISO 9796-1. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 81\u201390. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_6"},{"key":"5_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"700","DOI":"10.1007\/978-3-030-34618-8_24","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"S Goldberg","year":"2019","unstructured":"Goldberg, S., Reyzin, L., Sagga, O., Baldimtsi, F.: Efficient noninteractive certification of RSA moduli and beyond. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 700\u2013727. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34618-8_24"},{"issue":"2","key":"5_CR26","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S Goldwasser","year":"1988","unstructured":"Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281\u2013308 (1988)","journal-title":"SIAM J. Comput."},{"issue":"9","key":"5_CR27","doi-asserted-by":"publisher","first-page":"377","DOI":"10.1049\/el:19850269","volume":"21","author":"JA Gordon","year":"1985","unstructured":"Gordon, J.A.: How to forge RSA key certificates. Electron. Lett. 21(9), 377\u2013379 (1985). https:\/\/doi.org\/10.1049\/el:19850269","journal-title":"Electron. Lett."},{"key":"5_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/3-540-46877-3_42","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201990","author":"LC Guillou","year":"1991","unstructured":"Guillou, L.C., Quisquater, J.-J., Walker, M., Landrock, P., Shaer, C.: Precautions taken against various potential attacks. In: Damg\u00e5rd, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 465\u2013473. Springer, Heidelberg (1991). https:\/\/doi.org\/10.1007\/3-540-46877-3_42"},{"key":"5_CR29","unstructured":"ISO: Information technology - security techniques - digital signature schemes giving message recovery - part 2: Mechanisms using a hash-function. ISO 9796\u20132:1997, International Organization for Standardization, Geneva, Switzerland (1997). https:\/\/www.iso.org\/standard\/28232.html (WITHDRAWN)"},{"key":"5_CR30","unstructured":"ISO: Information technology - security techniques - digital signature schemes giving message recovery - part 2: Integer factorization based mechanisms. ISO 9796\u20132:2002, International Organization for Standardization, Geneva, Switzerland (2002). https:\/\/www.iso.org\/standard\/35455.html (WITHDRAWN)"},{"key":"5_CR31","unstructured":"ISO: Information technology - security techniques - digital signatures with appendix - part 2: Integer factorization based mechanisms. ISO 14888\u20132:2008, International Organization for Standardization, Geneva, Switzerland (2008). https:\/\/www.iso.org\/standard\/44227.html"},{"key":"5_CR32","unstructured":"ISO: Information technology - security techniques - digital signature schemes giving message recovery - part 2: Integer factorization based mechanisms. ISO 9796\u20132:2010, International Organization for Standardization, Geneva, Switzerland (2010). https:\/\/www.iso.org\/standard\/54788.html"},{"key":"5_CR33","doi-asserted-by":"publisher","unstructured":"Jager, T., Kakvi, S.A., May, A.: On the security of the PKCS#1 v1.5 signature scheme. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1195\u20131208. ACM Press (2018). https:\/\/doi.org\/10.1145\/3243734.3243798","DOI":"10.1145\/3243734.3243798"},{"key":"5_CR34","doi-asserted-by":"publisher","unstructured":"Jonsson, J., Kaliski, B.: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational), February 2003. Obsoleted by RFC 8017. https:\/\/doi.org\/10.17487\/RFC3447, https:\/\/www.rfc-editor.org\/rfc\/rfc3447.txt","DOI":"10.17487\/RFC3447"},{"key":"5_CR35","unstructured":"Jonsson, J.: Security proofs for the RSA-PSS signature scheme and its variants. Cryptology ePrint Archive, Report 2001\/053 (2001). http:\/\/eprint.iacr.org\/2001\/053"},{"key":"5_CR36","doi-asserted-by":"publisher","unstructured":"Kakvi, S.A.: On the security of RSA-PSS in the wild. In: Mehrnezhad, M., van der Merwe, T., Hao, F. (eds.) Proceedings of the 5th ACM Workshop on Security Standardisation Research Workshop, London, UK, 11 November 2019, pp. 23\u201334. ACM (2019). https:\/\/doi.org\/10.1145\/3338500.3360333","DOI":"10.1145\/3338500.3360333"},{"key":"5_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/978-3-642-29011-4_32","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"SA Kakvi","year":"2012","unstructured":"Kakvi, S.A., Kiltz, E.: Optimal security proofs for full domain hash, revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 537\u2013553. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_32"},{"issue":"1","key":"5_CR38","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/s00145-017-9257-9","volume":"31","author":"SA Kakvi","year":"2018","unstructured":"Kakvi, S.A., Kiltz, E.: Optimal security proofs for full domain hash, revisited. J. Cryptol. 31(1), 276\u2013306 (2018). https:\/\/doi.org\/10.1007\/s00145-017-9257-9","journal-title":"J. Cryptol."},{"key":"5_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/978-3-642-34961-4_25","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"SA Kakvi","year":"2012","unstructured":"Kakvi, S.A., Kiltz, E., May, A.: Certifying RSA. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 404\u2013414. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_25"},{"key":"5_CR40","doi-asserted-by":"crossref","unstructured":"Kaliski, B.: PKCS #1: RSA Encryption Version 1.5. RFC 2313 (Informational), March 1998. 10.17487\/RFC2313, obsoleted by RFC 2437. https:\/\/www.rfc-editor.org\/rfc\/rfc2313.txt","DOI":"10.17487\/rfc2313"},{"key":"5_CR41","doi-asserted-by":"crossref","unstructured":"Kaliski, B., Staddon, J.: PKCS #1: RSA Cryptography Specifications Version 2.0. RFC 2437 (Informational), October 1998. 10.17487\/RFC2437, obsoleted by RFC 3447. https:\/\/www.rfc-editor.org\/rfc\/rfc2437.txt","DOI":"10.17487\/rfc2437"},{"key":"5_CR42","unstructured":"Kaliski, B.: From PKC to PKI: Reflections on standardizing the RSA algorithm (2019). https:\/\/youtu.be\/sqsDKjPaJVg"},{"key":"5_CR43","doi-asserted-by":"publisher","unstructured":"Kaliski, B. (ed.): IEEE standard specifications for public-key cryptography. IEEE Std 1363\u20132000, pp. 1\u2013228, August 2000. https:\/\/doi.org\/10.1109\/IEEESTD.2000.92292, https:\/\/ieeexplore.ieee.org\/servlet\/opac?punumber=7168","DOI":"10.1109\/IEEESTD.2000.92292"},{"key":"5_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/3-540-45682-1_5","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2001","author":"AK Lenstra","year":"2001","unstructured":"Lenstra, A.K.: Unbelievable security matching AES security using public key systems. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 67\u201386. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45682-1_5"},{"issue":"4","key":"5_CR45","doi-asserted-by":"publisher","first-page":"5150","DOI":"10.1007\/BF01457454","volume":"261","author":"AK Lenstra","year":"1982","unstructured":"Lenstra, A.K., Lenstra, H.W., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 5150\u2013534 (1982). https:\/\/doi.org\/10.1007\/BF01457454","journal-title":"Math. Ann."},{"key":"5_CR46","series-title":"Information Security and Cryptography","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-642-02295-1_10","volume-title":"The LLL Algorithm","author":"A May","year":"2010","unstructured":"May, A.: Using LLL-reduction for solving RSA and factorization problems. In: Nguyen, P., Vall\u00e9e, B. (eds.) The LLL Algorithm. Information Security and Cryptography, pp. 315\u2013348. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-02295-1_10"},{"key":"5_CR47","unstructured":"Menezes, A.: Evaluation of security level of cryptography: RSA signature schemes (2002). http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.612.1271&rep=rep1&type=pdf"},{"key":"5_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/BFb0052238","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201997","author":"J-F\u00c7 Misarsky","year":"1997","unstructured":"Misarsky, J.-F.\u00c7.: A multiplicative attack using LLL algorithm on RSA signatures with redundancy. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 221\u2013234. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0052238"},{"key":"5_CR49","unstructured":"Moriarty, K. (ed.), Kaliski, B., Jonsson, J., Rusch, A.: PKCS #1: RSA Cryptography Specifications Version 2.2. RFC 8017 (Informational), November 2016. 10.17487\/RFC8017, https:\/\/www.rfc-editor.org\/rfc\/rfc8017.txt"},{"key":"5_CR50","doi-asserted-by":"publisher","unstructured":"Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: Ladner, R.E., Dwork, C. (eds.) 40th ACM STOC, pp. 187\u2013196. ACM Press (2008). https:\/\/doi.org\/10.1145\/1374376.1374406","DOI":"10.1145\/1374376.1374406"},{"issue":"2","key":"5_CR51","first-page":"120","volume":"21","author":"RL Rivest","year":"1978","unstructured":"Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. Assoc. Comput. Mach. 21(2), 120\u2013126 (1978)","journal-title":"Commun. Assoc. Comput. Mach."}],"container-title":["Lecture Notes in Computer Science","Security Standardisation Research"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-64357-7_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T12:42:12Z","timestamp":1619268132000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-64357-7_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030643560","9783030643577"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-64357-7_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"24 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SSR","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Research in Security Standardisation","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"London","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ssr2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ssr2020.mozilla.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}