{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,19]],"date-time":"2026-05-19T15:08:49Z","timestamp":1779203329780,"version":"3.51.4"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030920678","type":"print"},{"value":"9783030920685","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-92068-5_24","type":"book-chapter","created":{"date-parts":[[2021,11,30]],"date-time":"2021-11-30T20:34:17Z","timestamp":1638304457000},"page":"711-741","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":29,"title":["Security Analysis of\u00a0CPace"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2447-4329","authenticated-orcid":false,"given":"Michel","family":"Abdalla","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9413-5226","authenticated-orcid":false,"given":"Bj\u00f6rn","family":"Haase","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2875-6198","authenticated-orcid":false,"given":"Julia","family":"Hesse","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,12,1]]},"reference":[{"key":"24_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-030-56784-2_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"M Abdalla","year":"2020","unstructured":"Abdalla, M., Barbosa, M., Bradley, T., Jarecki, S., Katz, J., Xu, J.: Universally composable relaxed password authenticated key exchange. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part I. LNCS, vol. 12170, pp. 278\u2013307. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56784-2_10"},{"key":"24_CR2","doi-asserted-by":"crossref","unstructured":"Abdalla, M., Barbosa, M., Katz, J., Loss, J., Jiayu, X.: Algebraic adversaries in the universal composability framework. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS. Springer, Heidelberg (2021)","DOI":"10.1007\/978-3-030-92078-4_11"},{"key":"24_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","volume-title":"Topics in Cryptology \u2014 CT-RSA 2001","author":"M Abdalla","year":"2001","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The oracle Diffie-Hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143\u2013158. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45353-9_12"},{"key":"24_CR4","unstructured":"Abdalla, M., Haase, B., Hesse, J.: Security analysis of CPace. Cryptology ePrint Archive, Report 2021\/114 (2021). https:\/\/eprint.iacr.org\/2021\/114"},{"key":"24_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-540-30574-3_14","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"M Abdalla","year":"2005","unstructured":"Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191\u2013208. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30574-3_14"},{"key":"24_CR6","unstructured":"Barak, B., Lindell, Y., Rabin, T.: Protocol initialization for the framework of universal composability. Cryptology ePrint Archive, Report 2004\/006 (2004). https:\/\/eprint.iacr.org\/2004\/006"},{"key":"24_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139\u2013155. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_11"},{"key":"24_CR8","unstructured":"Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: 1992 IEEE Symposium on Security and Privacy, pp. 72\u201384. IEEE Computer Society Press, May 1992"},{"key":"24_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-642-04474-8_3","volume-title":"Information Security","author":"J Bender","year":"2009","unstructured":"Bender, J., Fischlin, M., K\u00fcgler, D.: Security analysis of the PACE key-agreement protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 33\u201348. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04474-8_3"},{"key":"24_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11745853_14","volume-title":"Public Key Cryptography - PKC 2006","author":"DJ Bernstein","year":"2006","unstructured":"Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207\u2013228. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11745853_14"},{"key":"24_CR11","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J., Hamburg, M., Krasnova, A., Lange, T.: Elligator: elliptic-curve points indistinguishable from uniform random strings. In: Sadeghi, A., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 967\u2013980. ACM Press, November 2013","DOI":"10.1145\/2508859.2516734"},{"key":"24_CR12","unstructured":"Bernstein, D.J., Lange, T.: SafeCurves: choosing safe curves for elliptic-curve cryptography. Definition of Twist security (2019). https:\/\/safecurves.cr.yp.to\/twist.html. Accessed 15 Jan 2019"},{"key":"24_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/978-3-642-14623-7_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"E Brier","year":"2010","unstructured":"Brier, E., Coron, J.-S., Icart, T., Madore, D., Randriam, H., Tibouchi, M.: Efficient indifferentiable hashing into ordinary elliptic curves. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 237\u2013254. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14623-7_13"},{"key":"24_CR14","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136\u2013145. IEEE Computer Society Press, October 2001","DOI":"10.1109\/SFCS.2001.959888"},{"key":"24_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/11426639_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"R Canetti","year":"2005","unstructured":"Canetti, R., Halevi, S., Katz, J., Lindell, Y., MacKenzie, P.: Universally composable password-based key exchange. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 404\u2013421. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_24"},{"key":"24_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/978-3-540-45146-4_16","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"R Canetti","year":"2003","unstructured":"Canetti, R., Rabin, T.: Universal composition with joint state. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 265\u2013281. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_16"},{"key":"24_CR17","unstructured":"de Valence, H., Grigg, J., Tankersley, G., Valsorda, F., Lovecruft, I., Hamburg, M.: The ristretto255 and decaf448 groups. RFC, IRTF (2020)"},{"key":"24_CR18","unstructured":"Digital Signature Standard (DSS): National Institute of Standards and Technology (NIST), FIPS PUB 186-4, U.S. Department of Commerce, July 2013. https:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.186-4.pdf"},{"key":"24_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1007\/978-3-030-81293-5_9","volume-title":"Post-Quantum Cryptography","author":"E Eaton","year":"2021","unstructured":"Eaton, E., Stebila, D.: The \u201cquantum annoying\u2019\u2019 property of\u00a0password-authenticated key exchange\u00a0protocols. In: Cheon, J.H., Tillich, J.-P. (eds.) PQCrypto 2021 2021. LNCS, vol. 12841, pp. 154\u2013173. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-81293-5_9"},{"key":"24_CR20","unstructured":"Faz-Hernandez, A., Scott, S., Sullivan, N., Wahby, R., Wood, C.: Hashing to elliptic curves (2019). https:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-hash-to-curve\/"},{"key":"24_CR21","doi-asserted-by":"crossref","unstructured":"Gentry, C., Wichs, D.: Separating succinct non-interactive arguments from all falsifiable assumptions. In: Fortnow, L., Vadhan, S.P. (eds.) 43rd ACM STOC, pp. 99\u2013108. ACM Press, June 2011","DOI":"10.1145\/1993636.1993651"},{"key":"24_CR22","doi-asserted-by":"crossref","unstructured":"Haase, B., Labrique, B.: AuCPace: efficient verifier-based PAKE protocol tailored for the IIoT. IACR TCHES 2019(2), 1\u201348 (2019). https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/7384","DOI":"10.46586\/tches.v2019.i2.1-48"},{"key":"24_CR23","unstructured":"Haase, B.: CPace, a balanced composable PAKE (2020). https:\/\/datatracker.ietf.org\/doc\/draft-haase-cpace\/"},{"key":"24_CR24","unstructured":"Haase, B., Labrique, B.: AuCPace: efficient verifier-based PAKE protocol tailored for the IIoT. Cryptology ePrint Archive, Report 2018\/286 (2018). https:\/\/eprint.iacr.org\/2018\/286"},{"key":"24_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"705","DOI":"10.1007\/978-3-662-47989-6_34","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"M Hamburg","year":"2015","unstructured":"Hamburg, M.: Decaf: eliminating cofactors through point compression. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 705\u2013723. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_34"},{"key":"24_CR26","unstructured":"Hamburg, M.: Ed448-goldilocks, a new elliptic curve. Cryptology ePrint Archive, Report 2015\/625 (2015). https:\/\/eprint.iacr.org\/2015\/625"},{"key":"24_CR27","unstructured":"Hamburg, M.: Indifferentiable hashing from Elligator 2. Cryptology ePrint Archive, Report 2020\/1513 (2020). https:\/\/eprint.iacr.org\/2020\/1513"},{"key":"24_CR28","unstructured":"Hesse, J.: Review of (security of) remaining candidates. Posting to the CFRG mailing list (2020). https:\/\/mailarchive.ietf.org\/arch\/msg\/cfrg\/47pnOSsrVS8uozXbAuM-alEk0-s\/"},{"key":"24_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1007\/978-3-030-57990-6_29","volume-title":"Security and Cryptography for Networks","author":"J Hesse","year":"2020","unstructured":"Hesse, J.: Separating symmetric and asymmetric password-authenticated key exchange. In: Galdi, C., Kolesnikov, V. (eds.) SCN 2020. LNCS, vol. 12238, pp. 579\u2013599. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-57990-6_29"},{"issue":"5","key":"24_CR30","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/242896.242897","volume":"26","author":"DP Jablon","year":"1996","unstructured":"Jablon, D.P.: Strong password-only authenticated key exchange. Comput. Commun. Rev. 26(5), 5\u201326 (1996)","journal-title":"Comput. Commun. Rev."},{"key":"24_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1007\/978-3-319-78372-7_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"S Jarecki","year":"2018","unstructured":"Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part III. LNCS, vol. 10822, pp. 456\u2013486. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_15"},{"key":"24_CR32","doi-asserted-by":"crossref","unstructured":"Langley, A., Hamburg, M., Turner, S.: Elliptic curves for security. RFC 7748, IETF, January 2016","DOI":"10.17487\/RFC7748"},{"key":"24_CR33","unstructured":"Advanced security mechanism for machine readable travel documents (extended access control (EAC), password authenticated connection establishment (PACE), and restricted identification (RI)). Federal Office for Information Security (BSI), BSI-TR-03110, Version 2.0 (2008)"},{"key":"24_CR34","doi-asserted-by":"crossref","unstructured":"Pointcheval, D., Wang, G.: VTBPEKE: verifier-based two-basis password exponential key exchange. In: Karri, R., Sinanoglu, O., Sadeghi, A., Yi, X. (eds.) ASIACCS 17, pp. 301\u2013312. ACM Press, April 2017","DOI":"10.1145\/3052973.3053026"},{"key":"24_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"510","DOI":"10.1007\/11792086_36","volume-title":"Algorithmic Number Theory","author":"A Shallue","year":"2006","unstructured":"Shallue, A., van de Woestijne, C.E.: Construction of rational points on elliptic curves over finite fields. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 510\u2013524. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11792086_36"},{"key":"24_CR36","unstructured":"Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004\/332 (2004). https:\/\/eprint.iacr.org\/2004\/332"},{"key":"24_CR37","unstructured":"Tackmann, B.: Updated review of PAKEs. Posting to the CFRG mailing list (2020). https:\/\/mailarchive.ietf.org\/arch\/msg\/cfrg\/eo8O6JYPmWY6L9TlcIXStFy5gNQ\/"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-92068-5_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,30]],"date-time":"2024-11-30T00:10:07Z","timestamp":1732925407000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-92068-5_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030920678","9783030920685"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-92068-5_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"1 December 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Singapore","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 December 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/asiacrypt.iacr.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"341","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"95","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.21","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.61","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held online due to the COVID-19 pandemic","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}