{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T00:00:50Z","timestamp":1775692850720,"version":"3.50.1"},"publisher-location":"Cham","reference-count":19,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031158018","type":"print"},{"value":"9783031158025","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-15802-5_22","type":"book-chapter","created":{"date-parts":[[2022,10,11]],"date-time":"2022-10-11T16:59:52Z","timestamp":1665507592000},"page":"622-653","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Formal Verification of Saber\u2019s Public-Key Encryption Scheme in EasyCrypt"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2215-4134","authenticated-orcid":false,"given":"Andreas","family":"H\u00fclsing","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5351-991X","authenticated-orcid":false,"given":"Matthias","family":"Meijers","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8196-7875","authenticated-orcid":false,"given":"Pierre-Yves","family":"Strub","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,10,12]]},"reference":[{"key":"22_CR1","doi-asserted-by":"crossref","unstructured":"Almeida, J.B., Barbosa, M., Barthe, G., Gr\u00e9goire, B., Koutsos, A., Laporte, V., Oliveira, T., Strub, P.-Y.: The last mile: high-assurance and high-speed cryptographic implementations. In: 2020 IEEE Symposium on Security and Privacy, pp. 965\u2013982. IEEE Computer Society Press, May 2020","DOI":"10.1109\/SP40000.2020.00028"},{"key":"22_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1007\/978-3-642-29011-4_42","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Banerjee","year":"2012","unstructured":"Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719\u2013737. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_42"},{"key":"22_CR3","doi-asserted-by":"crossref","unstructured":"Barbosa, M., Barthe, G., Bhargavan, K., Blanchet, B., Cremers, C., Liao, K., Parno, B.: SoK: computer-aided cryptography. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 777\u2013795. IEEE Computer Society, May 2021","DOI":"10.1109\/SP40001.2021.00008"},{"key":"22_CR4","doi-asserted-by":"crossref","unstructured":"Barbosa, M., Barthe, G., Fan, X., Gr\u00e9goire, B., Hung, S.-H., Katz, J., Strub, P.-Y., Wu, X., Zhou, L.: EasyPQC: verifying post-quantum cryptography. Cryptology ePrint Archive, Report 2021\/1253 (2021)","DOI":"10.1145\/3460120.3484567"},{"key":"22_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1007\/978-3-642-32347-8_2","volume-title":"Interactive Theorem Proving","author":"G Barthe","year":"2012","unstructured":"Barthe, G., Crespo, J.M., Gr\u00e9goire, B., Kunz, C., Zanella B\u00e9guelin, S.: Computer-aided cryptographic proofs. In: Beringer, L., Felty, A. (eds.) ITP 2012. LNCS, vol. 7406, pp. 11\u201327. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32347-8_2"},{"key":"22_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework\u00a0for\u00a0code-based\u00a0game-playing\u00a0proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_25"},{"key":"22_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-25385-0_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"D Boneh","year":"2011","unstructured":"Boneh, D., Dagdelen, \u00d6., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random Oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 41\u201369. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_3"},{"key":"22_CR8","doi-asserted-by":"crossref","unstructured":"Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1773\u20131788. ACM Press, October\/November 2017","DOI":"10.1145\/3133956.3134063"},{"key":"22_CR9","unstructured":"D\u2019Anvers, J.-P.: Design and security analysis of lattice-based post-quantum encryption. Ph.D. dissertation, KU Leuven Arenberg Doctoral School, May 2021"},{"key":"22_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1007\/978-3-319-89339-6_16","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2018","author":"J-P D\u2019Anvers","year":"2018","unstructured":"D\u2019Anvers, J.-P., Karmakar, A., Sinha Roy, S., Vercauteren, F.: Saber: Module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 282\u2013305. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-89339-6_16"},{"key":"22_CR11","unstructured":"Duman, J., H\u00f6velmanns, K., Kiltz, E., Lyubashevsky, V., Seiler, G.: Faster Kyber and Saber via a generic Fujisaki-Okamoto transform for multi-user security in the QROM (2021)"},{"key":"22_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-319-70500-2_12","volume-title":"Theory of Cryptography","author":"D Hofheinz","year":"2017","unstructured":"Hofheinz, D., H\u00f6velmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 341\u2013371. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70500-2_12"},{"key":"22_CR13","doi-asserted-by":"crossref","unstructured":"H\u00fclsing, A., Meijers, M., Strub, P.-Y.: Formal verification of Saber\u2019s public-key encryption scheme in EasyCrypt. Cryptology ePrint Archive, Paper 2022\/351 (2022). https:\/\/eprint.iacr.org\/2022\/351","DOI":"10.1007\/978-3-031-15802-5_22"},{"issue":"4","key":"22_CR14","doi-asserted-by":"publisher","first-page":"517","DOI":"10.3934\/amc.2019034","volume":"13","author":"N Koblitz","year":"2019","unstructured":"Koblitz, N., Menezes, A.J.: Critical perspectives on provable security: fifteen years of \u201canother look\u2019\u2019 papers. Adv. Math. Commun. 13(4), 517\u2013558 (2019)","journal-title":"Adv. Math. Commun."},{"key":"22_CR15","doi-asserted-by":"crossref","unstructured":"Lazar, D., Chen, H., Wang, X., Zeldovich, N.: Why does cryptographic software fail? A case study and open problems. In: Proceedings of 5th Asia-Pacific Workshop on Systems, APSys 2014, pp. 1\u20137. Association for Computing Machinery (2014)","DOI":"10.1145\/2637166.2637237"},{"issue":"5","key":"22_CR16","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1109\/MSP.2018.3761723","volume":"16","author":"M Mosca","year":"2018","unstructured":"Mosca, M.: Cybersecurity in an era with quantum computers: will we be ready? IEEE Security & Privacy 16(5), 38\u201341 (2018). https:\/\/doi.org\/10.1109\/MSP.2018.3761723","journal-title":"IEEE Security & Privacy"},{"key":"22_CR17","doi-asserted-by":"crossref","unstructured":"Shor, P.: Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, pp. 124\u2013134 (1994)","DOI":"10.1109\/SFCS.1994.365700"},{"key":"22_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-030-64837-4_11","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"D Unruh","year":"2020","unstructured":"Unruh, D.: Post-quantum verification of Fujisaki-Okamoto. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 321\u2013352. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64837-4_11"},{"key":"22_CR19","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-7722-9","volume-title":"Quantum Attacks on Public-Key Cryptosystems","author":"SY Yan","year":"2013","unstructured":"Yan, S.Y.: Quantum Attacks on Public-Key Cryptosystems, 1st edn. Springer, Boston (2013). https:\/\/doi.org\/10.1007\/978-1-4419-7722-9","edition":"1"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-15802-5_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:06:46Z","timestamp":1760134006000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-15802-5_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031158018","9783031158025"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-15802-5_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"12 October 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"42","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}