{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,7]],"date-time":"2026-02-07T10:52:22Z","timestamp":1770461542649,"version":"3.49.0"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031229626","type":"print"},{"value":"9783031229633","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-22963-3_21","type":"book-chapter","created":{"date-parts":[[2023,1,24]],"date-time":"2023-01-24T11:48:42Z","timestamp":1674560922000},"page":"621-650","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Key-Schedule Security for\u00a0the\u00a0TLS 1.3 Standard"],"prefix":"10.1007","author":[{"given":"Chris","family":"Brzuska","sequence":"first","affiliation":[]},{"given":"Antoine","family":"Delignat-Lavaud","sequence":"additional","affiliation":[]},{"given":"Christoph","family":"Egger","sequence":"additional","affiliation":[]},{"given":"C\u00e9dric","family":"Fournet","sequence":"additional","affiliation":[]},{"given":"Konrad","family":"Kohbrok","sequence":"additional","affiliation":[]},{"given":"Markulf","family":"Kohlweiss","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,1,25]]},"reference":[{"key":"21_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45353-9_12","volume-title":"Topics in Cryptology \u2014 CT-RSA 2001","author":"M Abdalla","year":"2001","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The oracle diffie-hellman assumptions and an analysis of DHIES. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 143\u2013158. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45353-9_12"},{"key":"21_CR2","doi-asserted-by":"publisher","unstructured":"Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: ACM CCS 2015, pp. 5\u201317. ACM Press (2015). https:\/\/doi.org\/10.1145\/2810103.2813707","DOI":"10.1145\/2810103.2813707"},{"key":"21_CR3","doi-asserted-by":"publisher","unstructured":"AlFardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: 2013 S &P, pp. 526\u2013540. IEEE (2013). https:\/\/doi.org\/10.1109\/SP.2013.42","DOI":"10.1109\/SP.2013.42"},{"key":"21_CR4","doi-asserted-by":"publisher","unstructured":"Arfaoui, G., Bultel, X., Fouque, P.A., Nedelcu, A., Onete, C.: The privacy of the TLS 1.3 protocol. PoPETs 2019(4), 190\u2013210 (2019). https:\/\/doi.org\/10.2478\/popets-2019-0065","DOI":"10.2478\/popets-2019-0065"},{"key":"21_CR5","unstructured":"Aviram, N., et al.: DROWN: breaking TLS using SSLv2. In: USENIX Security 2016, pp. 689\u2013706. USENIX (2016)"},{"key":"21_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/978-3-319-26059-4_5","volume-title":"Provable Security","author":"C Badertscher","year":"2015","unstructured":"Badertscher, C., Matt, C., Maurer, U., Rogaway, P., Tackmann, B.: Augmented secure channels and the goal of the TLS 1.3 record layer. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 85\u2013104. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26059-4_5"},{"issue":"4","key":"21_CR7","doi-asserted-by":"publisher","first-page":"844","DOI":"10.1007\/s00145-014-9185-x","volume":"28","author":"M Bellare","year":"2014","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: security without collision resistance. J. Cryptol. 28(4), 844\u2013878 (2014). https:\/\/doi.org\/10.1007\/s00145-014-9185-x","journal-title":"J. Cryptol."},{"key":"21_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"M Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232\u2013249. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_21"},{"key":"21_CR9","doi-asserted-by":"publisher","unstructured":"Beurdouche, B., et al.: A messy state of the union: taming the composite state machines of TLS. In: 2015 S &P, pp. 535\u2013552. IEEE (2015). https:\/\/doi.org\/10.1109\/SP.2015.39","DOI":"10.1109\/SP.2015.39"},{"key":"21_CR10","doi-asserted-by":"publisher","unstructured":"Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: 2017 S &P, pp. 483\u2013502. IEEE (2017). https:\/\/doi.org\/10.1109\/SP.2017.26","DOI":"10.1109\/SP.2017.26"},{"key":"21_CR11","doi-asserted-by":"publisher","unstructured":"Bhargavan, K., Brzuska, C., Fournet, C., Green, M., Kohlweiss, M., Zanella-B\u00e9guelin, S.: Downgrade resilience in key-exchange protocols. In: 2016 S &P, pp. 506\u2013525. IEEE (2016). https:\/\/doi.org\/10.1109\/SP.2016.37","DOI":"10.1109\/SP.2016.37"},{"key":"21_CR12","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Delignat-Lavaud, A., Fournet, C., Pironti, A., Strub, P.Y.: Triple handshakes and cookie cutters: Breaking and fixing authentication over tls. In: IEEE Symposium on Security & Privacy (Oakland) (2014). pubs\/triple-handshakes-and-cookie-cutters-sp14.pdf","DOI":"10.1109\/SP.2014.14"},{"key":"21_CR13","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Delignat-Lavaud, A., Pironti, A.: Verified contributive channel bindings for compound authentication. In: NDSS 2015. ISOC (2015)","DOI":"10.14722\/ndss.2015.23277"},{"key":"21_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/978-3-662-44381-1_14","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"K Bhargavan","year":"2014","unstructured":"Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zanella-B\u00e9guelin, S.: Proving the TLS handshake secure (as it is). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 235\u2013255. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44381-1_14"},{"key":"21_CR15","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE and SSH. In: NDSS 2016. ISOC (2016)","DOI":"10.14722\/ndss.2016.23418"},{"key":"21_CR16","unstructured":"Blanchet, B.: CryptoVerif: computationally sound mechanized prover for cryptographic protocols. In: Formal Protocol Verification, vol. 117, p. 156 (2007)"},{"key":"21_CR17","doi-asserted-by":"publisher","unstructured":"Blanchet, B.: Composition theorems for CryptoVerif and application to TLS 1.3. In: CSF, pp. 16\u201330 (2018). https:\/\/doi.org\/10.1109\/CSF.2018.00009","DOI":"10.1109\/CSF.2018.00009"},{"key":"21_CR18","unstructured":"Blanchet, B., Smyth, B., Cheval, V., Sylvestre, M.: ProVerif 2.00: automatic cryptographic protocol verifier. User Manual (2018)"},{"key":"21_CR19","unstructured":"B\u00f6ck, H., Somorovsky, J., Young, C.: Return of bleichenbacher\u2019s oracle threat (ROBOT). In: USENIX Security 2018, pp. 817\u2013849. USENIX (2018)"},{"key":"21_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"651","DOI":"10.1007\/978-3-319-63697-9_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"J Brendel","year":"2017","unstructured":"Brendel, J., Fischlin, M., G\u00fcnther, F., Janson, C.: PRF-ODH: relations, instantiations, and impossibility results. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 651\u2013681. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_22"},{"key":"21_CR21","unstructured":"Bricout, R., Murphy, S., Paterson, K.G., van der Merwe, T.: Analysing and exploiting the mantin biases in RC4. Cryptology ePrint Archive, Report 2016\/063 (2016). http:\/\/eprint.iacr.org\/2016\/063"},{"key":"21_CR22","doi-asserted-by":"publisher","unstructured":"Brzuska, C., Cornelissen, E., Kohbrok, K.: Security analysis of the mls key derivation. In: 2022 IEEE Symposium on Security and Privacy, pp. 595\u2013613. IEEE Computer Society, Los Alamitos (2022). https:\/\/doi.org\/10.1109\/SP46214.2022.00035","DOI":"10.1109\/SP46214.2022.00035"},{"key":"21_CR23","doi-asserted-by":"crossref","unstructured":"Brzuska, C., Delignat-Lavaud, A., Egger, C., Fournet, C., Kohbrok, K., Kohlweiss, M.: Key-schedule security for the TLS 1.3 standard. Cryptology ePrint Archive, Report 2021\/467 (2021). https:\/\/eprint.iacr.org\/2021\/467","DOI":"10.1007\/978-3-031-22963-3_21"},{"key":"21_CR24","doi-asserted-by":"publisher","unstructured":"Brzuska, C., Delignat-Lavaud, A., Fournet, C., Kohbrok, K., Kohlweiss, M.: State separation for code-based game-playing proofs. In: ASIACRYPT 2018, Part III. LNCS, vol. 11274, pp. 222\u2013249. Springer, Heidelberg (Dec 2018). https:\/\/doi.org\/10.1007\/978-3-030-03332-3_9","DOI":"10.1007\/978-3-030-03332-3_9"},{"key":"21_CR25","unstructured":"Brzuska, C., Egger, C.: Key exchange to key schedule reduction for TLS 1.3 (2022). preprint"},{"key":"21_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/3-540-46035-7_22","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"R Canetti","year":"2002","unstructured":"Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337\u2013351. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_22"},{"key":"21_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/978-3-030-29959-0_20","volume-title":"Computer Security \u2013 ESORICS 2019","author":"S Chen","year":"2019","unstructured":"Chen, S., Jero, S., Jagielski, M., Boldyreva, A., Nita-Rotaru, C.: Secure communication channel establishment: TLS 1.3 (over TCP Fast Open) vs. QUIC. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 404\u2013426. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-29959-0_20"},{"key":"21_CR28","unstructured":"Cornelissen, E.: Pull request 453: Use the GroupContext to derive the joiner_secret. https:\/\/github.com\/mlswg\/mls-protocol\/pull\/453"},{"key":"21_CR29","doi-asserted-by":"crossref","unstructured":"Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: ACM CCS 2017, pp. 1773\u20131788. ACM Press (2017)","DOI":"10.1145\/3133956.3134063"},{"key":"21_CR30","doi-asserted-by":"publisher","unstructured":"Cremers, C., Horvat, M., Scott, S., van der Merwe, T.: Automated analysis and verification of TLS 1.3: 0-RTT, resumption and delayed authentication. In: 2016 S &P, pp. 470\u2013485. IEEE (2016). https:\/\/doi.org\/10.1109\/SP.2016.35","DOI":"10.1109\/SP.2016.35"},{"key":"21_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"448","DOI":"10.1007\/978-3-030-78375-4_18","volume-title":"Applied Cryptography and Network Security","author":"H Davis","year":"2021","unstructured":"Davis, H., G\u00fcnther, F.: Tighter proofs for the SIGMA and TLS\u00a01.3 key exchange protocols. In: Sako, K., Tippenhauer, N.O. (eds.) ACNS 2021. LNCS, vol. 12727, pp. 448\u2013479. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78375-4_18"},{"key":"21_CR32","doi-asserted-by":"crossref","unstructured":"Delignat-Lavaud, A., et al.: Implementing and proving the TLS 1.3 record layer. In: IEEE Security & Privacy. IEEE (2017)","DOI":"10.1109\/SP.2017.58"},{"issue":"3","key":"21_CR33","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-021-09388-x","volume":"34","author":"D Diemert","year":"2021","unstructured":"Diemert, D., Jager, T.: On the tight security of TLS 1.3: theoretically sound cryptographic parameters for real-world deployments. J. Cryptol. 34(3), 1\u201357 (2021). https:\/\/doi.org\/10.1007\/s00145-021-09388-x","journal-title":"J. Cryptol."},{"key":"21_CR34","doi-asserted-by":"publisher","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: ACM CCS 2015, pp. 1197\u20131210. ACM Press (2015). https:\/\/doi.org\/10.1145\/2810103.2813653","DOI":"10.1145\/2810103.2813653"},{"key":"21_CR35","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 draft-10 full and pre-shared key handshake protocol. Cryptology ePrint Archive, Report 2016\/081 (2016). http:\/\/eprint.iacr.org\/2016\/081"},{"issue":"4","key":"21_CR36","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-021-09384-1","volume":"34","author":"B Dowling","year":"2021","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol. J. Cryptol. 34(4), 1\u201369 (2021). https:\/\/doi.org\/10.1007\/s00145-021-09384-1","journal-title":"J. Cryptol."},{"issue":"3","key":"21_CR37","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-021-09387-y","volume":"34","author":"N Drucker","year":"2021","unstructured":"Drucker, N., Gueron, S.: Selfie: reflections on TLS 1.3 with PSK. J. Cryptol. 34(3), 1\u201318 (2021). https:\/\/doi.org\/10.1007\/s00145-021-09387-y","journal-title":"J. Cryptol."},{"key":"21_CR38","unstructured":"Duong, T., Rizzo, J.: Here come the $$\\oplus $$ ninjas (2011). http:\/\/nerdoholic.org\/uploads\/dergln\/beast_part2\/ssl_jun21.pdf"},{"key":"21_CR39","doi-asserted-by":"crossref","unstructured":"Fischlin, M., G\u00fcnther, F.: Replay attacks on zero round-trip time: the case of the TLS 1.3 handshake candidates. In: 2017 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 60\u201375. IEEE (2017)","DOI":"10.1109\/EuroSP.2017.18"},{"key":"21_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"545","DOI":"10.1007\/978-3-662-48000-7_27","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"M Fischlin","year":"2015","unstructured":"Fischlin, M., G\u00fcnther, F., Marson, G.A., Paterson, K.G.: Data is a stream: security of stream-based channels. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 545\u2013564. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48000-7_27"},{"key":"21_CR41","doi-asserted-by":"publisher","unstructured":"Fischlin, M., G\u00fcnther, F., Schmidt, B., Warinschi, B.: Key confirmation in key exchange: a formal treatment and implications for TLS 1.3. In: 2016 S &P, pp. 452\u2013469. IEEE (2016). https:\/\/doi.org\/10.1109\/SP.2016.34","DOI":"10.1109\/SP.2016.34"},{"key":"21_CR42","unstructured":"Iyengar, J., Thomson, M.: QUIC. IETF draft (2019)"},{"issue":"4","key":"21_CR43","doi-asserted-by":"publisher","first-page":"1276","DOI":"10.1007\/s00145-016-9248-2","volume":"30","author":"T Jager","year":"2017","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: Authenticated confidential channel establishment and the security of TLS-DHE. J. Cryptol. 30(4), 1276\u20131324 (2017). https:\/\/doi.org\/10.1007\/s00145-016-9248-2","journal-title":"J. Cryptol."},{"key":"21_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"400","DOI":"10.1007\/978-3-540-45146-4_24","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"H Krawczyk","year":"2003","unstructured":"Krawczyk, H.: SIGMA: the \u201cSIGn-and-MAc\u2019\u2019 approach to authenticated diffie-hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400\u2013425. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_24"},{"key":"21_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1007\/978-3-642-14623-7_34","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"H Krawczyk","year":"2010","unstructured":"Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631\u2013648. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14623-7_34"},{"key":"21_CR46","doi-asserted-by":"publisher","unstructured":"Krawczyk, H.: A unilateral-to-mutual authentication compiler for key exchange (with applications to client authentication in TLS 1.3). In: ACM CCS 2016, pp. 1438\u20131450. ACM Press (2016). https:\/\/doi.org\/10.1145\/2976749.2978325","DOI":"10.1145\/2976749.2978325"},{"key":"21_CR47","doi-asserted-by":"crossref","unstructured":"Krawczyk, H., Wee, H.: The OPTLS protocol and TLS 1.3. Cryptology ePrint Archive, Report 2015\/978 (2015). http:\/\/eprint.iacr.org\/2015\/978","DOI":"10.1109\/EuroSP.2016.18"},{"key":"21_CR48","doi-asserted-by":"publisher","unstructured":"Li, X., Xu, J., Zhang, Z., Feng, D., Hu, H.: Multiple handshakes security of TLS 1.3 candidates. In: 2016 S &P, pp. 486\u2013505. IEEE (2016). https:\/\/doi.org\/10.1109\/SP.2016.36","DOI":"10.1109\/SP.2016.36"},{"key":"21_CR49","doi-asserted-by":"publisher","unstructured":"Mavrogiannopoulos, N., Vercauteren, F., Velichkov, V., Preneel, B.: A cross-protocol attack on the TLS protocol. In: ACM CCS 2012, pp. 62\u201372. ACM Press (2012). https:\/\/doi.org\/10.1145\/2382196.2382206","DOI":"10.1145\/2382196.2382206"},{"key":"21_CR50","unstructured":"M\u00f6ller, B., Duong, T., Kotowicz, K.: This poodle bites: exploiting the SSL 3.0 fallback (2014). https:\/\/www.openssl.org\/~bodo\/ssl-poodle.pdf"},{"key":"21_CR51","doi-asserted-by":"crossref","unstructured":"Paterson, K.G., van der Merwe, T.: Reactive and proactive standardisation of TLS. In: Security Standardisation Research, pp. 160\u2013186 (2016)","DOI":"10.1007\/978-3-319-49100-4_7"},{"key":"21_CR52","doi-asserted-by":"crossref","unstructured":"Patton, C., Shrimpton, T.: Partially specified channels: the TLS 1.3 record layer without elision. Cryptology ePrint Archive, Report 2018\/634 (2018)","DOI":"10.1145\/3243734.3243789"},{"key":"21_CR53","doi-asserted-by":"crossref","unstructured":"Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3 (2018). https:\/\/tools.ietf.org\/html\/rfc8446","DOI":"10.17487\/RFC8446"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-22963-3_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T01:03:47Z","timestamp":1769216627000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-22963-3_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031229626","9783031229633"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-22963-3_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"25 January 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taipei","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taiwan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 December 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 December 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/asiacrypt.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"364","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"98","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"10","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}