{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,4]],"date-time":"2026-06-04T15:47:06Z","timestamp":1780588026865,"version":"3.54.1"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030920678","type":"print"},{"value":"9783030920685","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-92068-5_23","type":"book-chapter","created":{"date-parts":[[2021,11,30]],"date-time":"2021-11-30T20:34:17Z","timestamp":1638304457000},"page":"681-710","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":20,"title":["Symmetric Key Exchange with\u00a0Full Forward Security and\u00a0Robust Synchronization"],"prefix":"10.1007","author":[{"given":"Colin","family":"Boyd","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5935-5725","authenticated-orcid":false,"given":"Gareth T.","family":"Davies","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3143-4381","authenticated-orcid":false,"given":"Bor","family":"de Kock","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0985-7265","authenticated-orcid":false,"given":"Kai","family":"Gellert","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tibor","family":"Jager","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Lise","family":"Millerjord","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,12,1]]},"reference":[{"key":"23_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-030-17653-2_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"J Alwen","year":"2019","unstructured":"Alwen, J., Coretti, S., Dodis, Y.: The double ratchet: security notions, proofs, and modularization for the signal protocol. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 129\u2013158. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_5"},{"key":"23_CR2","unstructured":"Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (ANSI x9.24). Standard, American National Standards Institute, New York, USA (2009)"},{"key":"23_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-030-17656-3_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"N Aviram","year":"2019","unstructured":"Aviram, N., Gellert, K., Jager, T.: Session resumption protocols and efficient forward security for TLS 1.3 0-RTT. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 117\u2013150. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17656-3_5"},{"key":"23_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/978-3-030-40186-3_10","volume-title":"Topics in Cryptology \u2013 CT-RSA 2020","author":"G Avoine","year":"2020","unstructured":"Avoine, G., Canard, S., Ferreira, L.: Symmetric-key authenticated key exchange (SAKE) with perfect forward secrecy. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 199\u2013224. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-40186-3_10"},{"key":"23_CR5","unstructured":"Bellare, M., Goldreich, O., Mityagin, A.: The power of verification queries in message authentication and authenticated encryption. Cryptology ePrint Archive, Report 2004\/309 (2004). http:\/\/eprint.iacr.org\/2004\/309"},{"key":"23_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1007\/3-540-48405-1_28","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 99","author":"M Bellare","year":"1999","unstructured":"Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431\u2013448. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48405-1_28"},{"key":"23_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139\u2013155. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_11"},{"key":"23_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"M Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232\u2013249. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_21"},{"key":"23_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-36563-X_1","volume-title":"Topics in Cryptology \u2014 CT-RSA 2003","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1\u201318. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36563-X_1"},{"key":"23_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/978-3-642-42045-0_15","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"D Boneh","year":"2013","unstructured":"Boneh, D., Waters, B.: Constrained pseudorandom functions and their applications. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 280\u2013300. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-42045-0_15"},{"key":"23_CR11","doi-asserted-by":"crossref","unstructured":"Boyd, C., Davies, G.T., de Kock, B., Gellert, K., Jager, T., Millerjord, L.: Symmetric key exchange with full forward security and robust synchronization. IACR Cryptol. ePrint Arch, p. 702 (2021). https:\/\/eprint.iacr.org\/2021\/702","DOI":"10.1007\/978-3-030-92068-5_23"},{"key":"23_CR12","doi-asserted-by":"publisher","unstructured":"Boyd, C., Gellert, K.: A modern view on forward security. Comput. J. (2020). https:\/\/doi.org\/10.1093\/comjnl\/bxaa104","DOI":"10.1093\/comjnl\/bxaa104"},{"key":"23_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"501","DOI":"10.1007\/978-3-642-54631-0_29","volume-title":"Public-Key Cryptography \u2013 PKC 2014","author":"E Boyle","year":"2014","unstructured":"Boyle, E., Goldwasser, S., Ivan, I.: Functional signatures and pseudorandom functions. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 501\u2013519. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-54631-0_29"},{"key":"23_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"250","DOI":"10.1007\/978-3-642-17373-8_15","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"E Brier","year":"2010","unstructured":"Brier, E., Peyrin, T.: A forward-secure symmetric-key derivation protocol. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 250\u2013267. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_15"},{"key":"23_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-44987-6_28","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"R Canetti","year":"2001","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453\u2013474. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_28"},{"key":"23_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-030-64837-4_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"V Cini","year":"2020","unstructured":"Cini, V., Ramacher, S., Slamanig, D., Striecks, C.: CCA-secure (Puncturable) KEMs from encryption with non-negligible decryption errors. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 159\u2013190. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64837-4_6"},{"key":"23_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1007\/978-3-319-78372-7_14","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"D Derler","year":"2018","unstructured":"Derler, D., Jager, T., Slamanig, D., Striecks, C.: Bloom filter encryption and applications to efficient forward-secret 0-RTT key exchange. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 425\u2013455. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_14"},{"issue":"4","key":"23_CR18","doi-asserted-by":"publisher","first-page":"471","DOI":"10.3934\/amc.2015.9.471","volume":"9","author":"MS Dousti","year":"2015","unstructured":"Dousti, M.S., Jalili, R.: FORSAKES: a forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes. Adv. Math. Commun. 9(4), 471\u2013514 (2015). https:\/\/doi.org\/10.3934\/amc.2015.9.471","journal-title":"Adv. Math. Commun."},{"issue":"4","key":"23_CR19","doi-asserted-by":"publisher","first-page":"792","DOI":"10.1145\/6490.6503","volume":"33","author":"O Goldreich","year":"1986","unstructured":"Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792\u2013807 (1986)","journal-title":"J. ACM"},{"key":"23_CR20","doi-asserted-by":"publisher","unstructured":"Green, M.D., Miers, I.: Forward secure asynchronous messaging from puncturable encryption. In: 2015 IEEE Symposium on Security and Privacy, pp. 305\u2013320. IEEE Computer Society Press, May 2015. https:\/\/doi.org\/10.1109\/SP.2015.26","DOI":"10.1109\/SP.2015.26"},{"key":"23_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1007\/978-3-319-56617-7_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"F G\u00fcnther","year":"2017","unstructured":"G\u00fcnther, F., Hale, B., Jager, T., Lauer, S.: 0-RTT key exchange with full forward secrecy. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 519\u2013548. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56617-7_18"},{"key":"23_CR22","unstructured":"FIPS 198\u20131: The Keyed-Hash Message Authentication Code (HMAC). Standard, NIST (2008)"},{"key":"23_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-32009-5_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T Jager","year":"2012","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273\u2013293. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_17"},{"key":"23_CR24","doi-asserted-by":"publisher","unstructured":"Kiayias, A., Papadopoulos, S., Triandopoulos, N., Zacharias, T.: Delegatable pseudorandom functions and applications. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 669\u2013684. ACM Press, November 2013. https:\/\/doi.org\/10.1145\/2508859.2516668","DOI":"10.1145\/2508859.2516668"},{"key":"23_CR25","unstructured":"(NIST SP)-800-185: SHA-3 derived functions: cSHAKE, KMAC, TupleHash and ParallelHash. Special Publication. Standard, NIST (2016)"},{"key":"23_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/11535218_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"H Krawczyk","year":"2005","unstructured":"Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546\u2013566. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_33"},{"key":"23_CR27","doi-asserted-by":"crossref","unstructured":"Le, T.V., Burmester, M., de Medeiros, B.: Universally composable and forward-secure RFID authentication and authenticated key exchange. In: Bao, F., Miller, S. (eds.) ASIACCS 07, pp. 242\u2013252. ACM Press, Mar 2007","DOI":"10.1145\/1229285.1229319"},{"key":"23_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"669","DOI":"10.1007\/978-3-642-54631-0_38","volume-title":"Public-Key Cryptography \u2013 PKC 2014","author":"Y Li","year":"2014","unstructured":"Li, Y., Sch\u00e4ge, S., Yang, Z., Kohlar, F., Schwenk, J.: On the security of the pre-shared key Ciphersuites of TLS. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 669\u2013684. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-54631-0_38"},{"key":"23_CR29","doi-asserted-by":"publisher","unstructured":"Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more. In: Shmoys, D.B. (ed.) 46th ACM STOC, pp. 475\u2013484. ACM Press, May\/June 2014. https:\/\/doi.org\/10.1145\/2591796.2591825","DOI":"10.1145\/2591796.2591825"},{"key":"23_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1007\/978-3-030-45374-9_11","volume-title":"Public-Key Cryptography \u2013 PKC 2020","author":"S-F Sun","year":"2020","unstructured":"Sun, S.-F., Sakzad, A., Steinfeld, R., Liu, J.K., Gu, D.: Public-Key puncturable encryption: modular and compact constructions. In: Kiayias, A., Kohlweiss, M., Wallden, P., Zikas, V. (eds.) PKC 2020. LNCS, vol. 12110, pp. 309\u2013338. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45374-9_11"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-92068-5_23","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T00:10:10Z","timestamp":1732925410000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-92068-5_23"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030920678","9783030920685"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-92068-5_23","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"1 December 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 December 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/asiacrypt.iacr.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"341","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"95","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.21","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.61","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held online due to the COVID-19 pandemic","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}