{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:06:06Z","timestamp":1773511566747,"version":"3.50.1"},"publisher-location":"Cham","reference-count":54,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030842581","type":"print"},{"value":"9783030842598","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-84259-8_24","type":"book-chapter","created":{"date-parts":[[2021,8,10]],"date-time":"2021-08-10T23:21:47Z","timestamp":1628637707000},"page":"701-730","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":26,"title":["KHAPE: Asymmetric PAKE from\u00a0Key-Hiding Key Exchange"],"prefix":"10.1007","author":[{"given":"Yanqi","family":"Gu","sequence":"first","affiliation":[]},{"given":"Stanislaw","family":"Jarecki","sequence":"additional","affiliation":[]},{"given":"Hugo","family":"Krawczyk","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,8,11]]},"reference":[{"key":"24_CR1","unstructured":"Facebook stored hundreds of millions of passwords in plain text. https:\/\/www.theverge.com\/2019\/3\/21\/18275837\/facebook-plain-text-password-storage-hundreds-millions-users"},{"key":"24_CR2","unstructured":"Google stored some passwords in plain text for fourteen years. https:\/\/www.theverge.com\/2019\/5\/21\/18634842\/google-passwords-plain-text-g-suite-fourteen-years"},{"key":"24_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-030-56784-2_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"M Abdalla","year":"2020","unstructured":"Abdalla, M., Barbosa, M., Bradley, T., Jarecki, S., Katz, J., Xu, J.: Universally composable relaxed password authenticated key exchange. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 278\u2013307. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56784-2_10"},{"key":"24_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/978-3-540-79263-5_22","volume-title":"Topics in Cryptology \u2013 CT-RSA 2008","author":"M Abdalla","year":"2008","unstructured":"Abdalla, M., Catalano, D., Chevalier, C., Pointcheval, D.: Efficient two-party password-based key exchange protocols in the UC framework. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 335\u2013351. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-79263-5_22"},{"key":"24_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-540-30574-3_14","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"M Abdalla","year":"2005","unstructured":"Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191\u2013208. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30574-3_14"},{"key":"24_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/978-3-642-40041-4_29","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"E Andreeva","year":"2013","unstructured":"Andreeva, E., Bogdanov, A., Dodis, Y., Mennink, B., Steinberger, J.P.: On the indifferentiability of key-alternating ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 531\u2013550. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_29"},{"key":"24_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/978-3-319-13051-4_2","volume-title":"Selected Areas in Cryptography \u2013 SAC 2014","author":"DF Aranha","year":"2014","unstructured":"Aranha, D.F., Fouque, P.-A., Qian, C., Tibouchi, M., Zapalowicz, J.-C.: Binary elligator squared. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 20\u201337. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13051-4_2"},{"key":"24_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/3-540-45682-1_33","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2001","author":"M Bellare","year":"2001","unstructured":"Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566\u2013582. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45682-1_33"},{"key":"24_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139\u2013155. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_11"},{"key":"24_CR10","unstructured":"Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: IEEE Computer Society Symposium on Research in Security and Privacy - S&P 1992, pp. 72\u201384. IEEE (1992)"},{"key":"24_CR11","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: ACM Conference on Computer and Communications Security - CCS 2013 (2013)","DOI":"10.1145\/2508859.2516734"},{"key":"24_CR12","unstructured":"Bernstein, D.J., et al.: Gimli: a cross-platform permutation. Cryptology ePrint Archive, Report 2017\/630 (2017). http:\/\/eprint.iacr.org\/2017\/630"},{"key":"24_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-642-38348-9_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"G Bertoni","year":"2013","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313\u2013314. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38348-9_19"},{"key":"24_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"442","DOI":"10.1007\/978-3-030-21568-2_22","volume-title":"Applied Cryptography and Network Security","author":"T Bradley","year":"2019","unstructured":"Bradley, T., Camenisch, J., Jarecki, S., Lehmann, A., Neven, G., Xu, J.: Password-authenticated public-key encryption. In: Deng, R.H., Gauthier-Uma\u00f1a, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 442\u2013462. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-21568-2_22"},{"key":"24_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"798","DOI":"10.1007\/978-3-030-26954-8_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2019","author":"T Bradley","year":"2019","unstructured":"Bradley, T., Jarecki, S., Xu, J.: Strong asymmetric PAKE based on trapdoor CKEM. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 798\u2013825. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26954-8_26"},{"key":"24_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/978-3-642-14623-7_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"E Brier","year":"2010","unstructured":"Brier, E., Coron, J.-S., Icart, T., Madore, D., Randriam, H., Tibouchi, M.: Efficient indifferentiable hashing into ordinary elliptic curves. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 237\u2013254. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14623-7_13"},{"key":"24_CR17","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: IEEE Symposium on Foundations of Computer Science - FOCS 2001, pp. 136\u2013145. IEEE (2001)","DOI":"10.1109\/SFCS.2001.959888"},{"key":"24_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-44987-6_28","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"R Canetti","year":"2001","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453\u2013474. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_28"},{"key":"24_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-11799-2_17","volume-title":"Theory of Cryptography","author":"J-S Coron","year":"2010","unstructured":"Coron, J.-S., Dodis, Y., Mandal, A., Seurin, Y.: A domain extender for the ideal cipher. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 273\u2013289. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-11799-2_17"},{"key":"24_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1007\/978-3-662-49896-5_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"D Dachman-Soled","year":"2016","unstructured":"Dachman-Soled, D., Katz, J., Thiruvengadam, A.: 10-round Feistel is indifferentiable from an ideal cipher. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 649\u2013678. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_23"},{"key":"24_CR21","doi-asserted-by":"crossref","unstructured":"Daemen, J., Hoffert, S., Assche, G.V., Keer, R.V.: The design of Xoodoo and Xoofff, pp. 1\u201338 (2018)","DOI":"10.46586\/tosc.v2018.i4.1-38"},{"key":"24_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"524","DOI":"10.1007\/978-3-319-63697-9_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"Y Dai","year":"2017","unstructured":"Dai, Y., Seurin, Y., Steinberger, J., Thiruvengadam, A.: Indifferentiability of iterated Even-Mansour ciphers with non-idealized key-schedules: five rounds are necessary and sufficient. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 524\u2013555. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_18"},{"key":"24_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-662-53018-4_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"Y Dai","year":"2016","unstructured":"Dai, Y., Steinberger, J.: Indifferentiability of 8-round Feistel networks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 95\u2013120. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_4"},{"key":"24_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"679","DOI":"10.1007\/978-3-662-49896-5_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"Y Dodis","year":"2016","unstructured":"Dodis, Y., Stam, M., Steinberger, J., Liu, T.: Indifferentiability of confusion-diffusion networks. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 679\u2013704. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_24"},{"key":"24_CR25","unstructured":"Faz-Hernandez, A., Scott, S., Sullivan, N., Wahby, R., Wood, C.: Hashing to elliptic curves draft-IRTF-CFRG-hash-to-curve, June 2020. https:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-hash-to-curve\/"},{"key":"24_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-642-39059-3_14","volume-title":"Information Security and Privacy","author":"P-A Fouque","year":"2013","unstructured":"Fouque, P.-A., Joux, A., Tibouchi, M.: Injective encodings to elliptic curves. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 203\u2013218. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-39059-3_14"},{"key":"24_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1007\/11818175_9","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"C Gentry","year":"2006","unstructured":"Gentry, C., MacKenzie, P., Ramzan, Z.: A method for making password-based key exchange resilient to server compromise. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 142\u2013159. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11818175_9"},{"key":"24_CR28","doi-asserted-by":"crossref","unstructured":"Gu, Y., Jarecki, S., Krawczyk, H.: KHAPE: Asymmetric PAKE from Key-Hiding Key Exchange. IACR Cryptology ePrint Archive, June 2021. http:\/\/eprint.iacr.org\/2021","DOI":"10.1007\/978-3-030-84259-8_24"},{"issue":"3","key":"24_CR29","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1145\/322510.322514","volume":"2","author":"S Halevi","year":"1999","unstructured":"Halevi, S., Krawczyk, H.: Public-key cryptography and password protocols. ACM Trans. Inf. Syst. Secur. (TISSEC) 2(3), 230\u2013268 (1999)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"24_CR30","unstructured":"Hao, F., Shahandashti, S.F.: The SPEKE protocol revisited. Cryptology ePrint Archive, Report 2014\/585 (2014). http:\/\/eprint.iacr.org\/2014\/585"},{"key":"24_CR31","unstructured":"Hofheinz, D., H\u00f6velmanns, K., Kiltz, E.: A modular analysis of the fujisaki-okamoto transformation. Cryptology ePrint Archive, Report 2017\/604 (2017). https:\/\/eprint.iacr.org\/2017\/604"},{"key":"24_CR32","doi-asserted-by":"crossref","unstructured":"Holenstein, T., K\u00fcnzler, R., Tessaro, S.: The equivalence of the random oracle model and the ideal cipher model, revisited. In: STOC 2011 (2011)","DOI":"10.1145\/1993636.1993650"},{"key":"24_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"485","DOI":"10.1007\/978-3-319-98113-0_26","volume-title":"Security and Cryptography for Networks","author":"JY Hwang","year":"2018","unstructured":"Hwang, J.Y., Jarecki, S., Kwon, T., Lee, J., Shin, J.S., Xu, J.: Round-reduced modular construction of asymmetric password-authenticated key exchange. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 485\u2013504. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98113-0_26"},{"key":"24_CR34","doi-asserted-by":"crossref","unstructured":"Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: STOC 1989, pp. 44\u201361 (1989)","DOI":"10.1145\/73007.73012"},{"key":"24_CR35","unstructured":"Jablon, D.P.: Extended password key exchange protocols immune to dictionary attacks. In: 6th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 1997), pp. 248\u2013255, Cambridge, MA, USA, 18\u201320 June 1997. IEEE Computer Society (1997)"},{"key":"24_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-319-61204-1_3","volume-title":"Applied Cryptography and Network Security","author":"S Jarecki","year":"2017","unstructured":"Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: TOPPSS: cost-minimal password-protected secret sharing based on threshold OPRF. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 39\u201358. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-61204-1_3"},{"key":"24_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1007\/978-3-319-78372-7_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"S Jarecki","year":"2018","unstructured":"Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 456\u2013486. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_15"},{"key":"24_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-319-22425-1_3","volume-title":"Advances in Information and Computer Security","author":"T Kim","year":"2015","unstructured":"Kim, T., Tibouchi, M.: Invalid curve attacks in a GLS setting. In: Tanaka, K., Suga, Y. (eds.) IWSEC 2015. LNCS, vol. 9241, pp. 41\u201355. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-22425-1_3"},{"key":"24_CR39","unstructured":"Krawczyk, H.: SKEME: a versatile secure key exchange mechanism for internet. In: 1996 Internet Society Symposium on Network and Distributed System Security (NDSS), pp. 114\u2013127 (1996)"},{"key":"24_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"400","DOI":"10.1007\/978-3-540-45146-4_24","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"H Krawczyk","year":"2003","unstructured":"Krawczyk, H.: SIGMA: the \u2018SIGn-and-MAc\u2019 approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400\u2013425. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_24"},{"key":"24_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/11535218_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"H Krawczyk","year":"2005","unstructured":"Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546\u2013566. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_33"},{"key":"24_CR42","unstructured":"Krawczyk, H., Bourdrez, D., Lewi, K., Wood, C.: The opaque asymmetric pake protocol, draft-IRTF-CFRG-opaque (2021). https:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-opaque\/"},{"key":"24_CR43","unstructured":"MacKenzie, P.: On the security of the SPEKE password-authenticated key exchange protocol. Cryptology ePrint Archive, Report 2001\/057 (2001). http:\/\/eprint.iacr.org\/2001\/057"},{"key":"24_CR44","unstructured":"Marlinspike, M.: Simplifying OTR deniability (2013). https:\/\/signal.org\/blog\/simplifying-otr-deniability\/"},{"key":"24_CR45","unstructured":"Marlinspike, M., Perrin, T.: The X3DH key agreement protocol (2016). https:\/\/signal.org\/docs\/specifications\/x3dh\/"},{"key":"24_CR46","doi-asserted-by":"crossref","unstructured":"McQuoid, I., Rosulek, M., Roy, L.: Minimal symmetric PAKE and 1-out-of-n OT from programmable-once public functions. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) CCS 2020: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, USA, 9\u201313 November 2020. https:\/\/eprint.iacr.org\/2020\/1043","DOI":"10.1145\/3372297.3417870"},{"key":"24_CR47","unstructured":"NIST Information Technology Lab. Post-quantum cryptography. https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography"},{"key":"24_CR48","doi-asserted-by":"crossref","unstructured":"Pointcheval, D., Wang, G.: VTBPEKE: verifier-based two-basis password exponential key exchange. In ASIACCS 2017, pp. 301\u2013312. ACM Press (2017)","DOI":"10.1145\/3052973.3053026"},{"key":"24_CR49","doi-asserted-by":"crossref","unstructured":"Schmidt, J.: Requirements for password-authenticated key agreement (PAKE) schemes, April 2017. https:\/\/tools.ietf.org\/html\/rfc8125","DOI":"10.17487\/RFC8125"},{"key":"24_CR50","doi-asserted-by":"crossref","unstructured":"Shallue, A., van de Woestijne, C.: Construction of rational points on elliptic curves over finite fields. In: ANTS (2006)","DOI":"10.1007\/11792086_36"},{"key":"24_CR51","first-page":"313","volume":"2020","author":"V Shoup","year":"2020","unstructured":"Shoup, V.: Security analysis of SPAKE2+. IACR Cryptol. ePrint Arch. 2020, 313 (2020)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"24_CR52","unstructured":"Sullivan, N., Krawczyk, H., Friel, O., Barnes, R.: OPAQUE with TLS 1.3, draft-sullivan-tls-opaque, February 2021. https:\/\/datatracker.ietf.org\/doc\/draft-sullivan-tls-opaque\/"},{"key":"24_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/978-3-662-45472-5_10","volume-title":"Financial Cryptography and Data Security","author":"M Tibouchi","year":"2014","unstructured":"Tibouchi, M.: Elligator squared: uniform points on elliptic curves of prime order as uniform random strings. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 139\u2013156. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45472-5_10"},{"key":"24_CR54","doi-asserted-by":"crossref","unstructured":"Wahby, R.S., Boneh, D.: Fast and simple constant-time hashing to the BLS12-381 elliptic curve, no. 4, pp. 154\u2013179 (2019). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/8348","DOI":"10.46586\/tches.v2019.i4.154-179"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-84259-8_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,11]],"date-time":"2024-08-11T00:06:18Z","timestamp":1723334778000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-84259-8_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030842581","9783030842598"],"references-count":54,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-84259-8_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"11 August 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 August 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"41","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"426","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"103","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20.9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1 invited paper is also included.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}