{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:14:40Z","timestamp":1742912080819,"version":"3.40.3"},"publisher-location":"Cham","reference-count":20,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031430329"},{"type":"electronic","value":"9783031430336"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-43033-6_19","type":"book-chapter","created":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T05:01:47Z","timestamp":1697864507000},"page":"199-204","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["If It\u2019s Provably Secure, It Probably Isn\u2019t: Why Learning from\u00a0Proof Failure Is Hard"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8697-5682","authenticated-orcid":false,"given":"Ross","family":"Anderson","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5674-3730","authenticated-orcid":false,"given":"Nicholas","family":"Boucher","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,10,21]]},"reference":[{"key":"19_CR1","unstructured":"Aaronson, S.: Collaborative refutation. Shtetl-Optimized (2013). https:\/\/scottaaronson.blog\/?p=1255"},{"key":"19_CR2","doi-asserted-by":"publisher","unstructured":"Albrecht, M.R., Paterson, K.G., Watson, G.J.: Plaintext recovery attacks against SSH. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 16\u201326 (2009). https:\/\/doi.org\/10.1109\/SP.2009.5","DOI":"10.1109\/SP.2009.5"},{"issue":"2","key":"19_CR3","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1109\/JPROC.2005.862423","volume":"94","author":"R Anderson","year":"2006","unstructured":"Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors-a survey. Proc. IEEE 94(2), 357\u2013369 (2006). https:\/\/doi.org\/10.1109\/JPROC.2005.862423","journal-title":"Proc. IEEE"},{"key":"19_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/BFb0013910","volume-title":"Computer Security \u2014 ESORICS 92","author":"RJ Anderson","year":"1992","unstructured":"Anderson, R.J.: UEPS \u2014 A second generation electronic wallet. In: Deswarte, Y., Eizenberg, G., Quisquater, J.-J. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 411\u2013418. Springer, Heidelberg (1992). https:\/\/doi.org\/10.1007\/BFb0013910"},{"key":"19_CR5","doi-asserted-by":"publisher","unstructured":"Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the ssh binary packet protocol. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, p. 1\u201311. CCS 2002, Association for Computing Machinery, New York, NY, USA (2002). https:\/\/doi.org\/10.1145\/586110.586112","DOI":"10.1145\/586110.586112"},{"key":"19_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201994","author":"M Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92\u2013111. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053428"},{"key":"19_CR7","doi-asserted-by":"publisher","unstructured":"Boucher, N., Anderson, R.: Talking trojan: analyzing an industry-wide disclosure. In: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, pp. 83\u201392. SCORED2022, Association for Computing Machinery, New York, NY, USA (2022). https:\/\/doi.org\/10.1145\/3560835.3564555","DOI":"10.1145\/3560835.3564555"},{"key":"19_CR8","unstructured":"Brady, R., Anderson, R.: Maxwell\u2019s fluid model of magnetism (2015). https:\/\/arxiv.org\/abs\/1502.05926"},{"key":"19_CR9","doi-asserted-by":"publisher","unstructured":"Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18\u201336 (1990). https:\/\/doi.org\/10.1145\/77648.77649","DOI":"10.1145\/77648.77649"},{"key":"19_CR10","doi-asserted-by":"publisher","unstructured":"Degabriele, J.P., Paterson, K.G.: On the (in)security of IPsec in MAC-then-encrypt configurations. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 493\u2013504. CCS 2010, Association for Computing Machinery, New York, NY, USA (2010). https:\/\/doi.org\/10.1145\/1866307.1866363","DOI":"10.1145\/1866307.1866363"},{"key":"19_CR11","doi-asserted-by":"publisher","unstructured":"Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) Fast Software Encryption. FSE 1997. LNCS, vol. 1267. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/bfb0052332","DOI":"10.1007\/bfb0052332"},{"key":"19_CR12","unstructured":"Koblitz, N., Menezes, A.: Another look at \u201cprovable security\u201d. Cryptology ePrint Archive, Paper 2004\/152 (2004). https:\/\/eprint.iacr.org\/2004\/152"},{"key":"19_CR13","unstructured":"Koblitz, N., Menezes, A.: Another look at security definitions. Cryptology ePrint Archive, Paper 2011\/343 (2011). https:\/\/eprint.iacr.org\/2011\/343"},{"key":"19_CR14","doi-asserted-by":"publisher","unstructured":"Krawczyk, H.: The order of encryption and authentication for protecting communications (or: how secure is SSL?). In: IACR, vol. 2139 (2001). https:\/\/doi.org\/10.1007\/3-540-44647-8_19","DOI":"10.1007\/3-540-44647-8_19"},{"key":"19_CR15","unstructured":"Meyer, C., Schwenk, J.: Lessons learned from previous SSL\/TLS attacks - a brief chronology of attacks and weaknesses. IACR 2013, 49 (2013). https:\/\/eprint.iacr.org\/2013\/049"},{"key":"19_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/3-540-48071-4_41","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 92","author":"K Nyberg","year":"1993","unstructured":"Nyberg, K., Knudsen, L.R.: Provable security against differential cryptanalysis. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 566\u2013574. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-48071-4_41"},{"key":"19_CR17","doi-asserted-by":"publisher","unstructured":"Paulson, L.C.: Inductive analysis of the internet protocol TLS. ACM Trans. Inf. Syst. Secur. 2(3), 332\u2013351 (1999). https:\/\/doi.org\/10.1145\/322510.322530","DOI":"10.1145\/322510.322530"},{"issue":"4","key":"19_CR18","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/s00145-002-0133-9","volume":"15","author":"V Shoup","year":"2002","unstructured":"Shoup, V.: OAEP reconsidered. J. Cryptol. 15(4), 223\u2013249 (2002). https:\/\/doi.org\/10.1007\/s00145-002-0133-9","journal-title":"J. Cryptol."},{"key":"19_CR19","doi-asserted-by":"crossref","unstructured":"Tomasello, M.: A natural history of human thinking. Harvard (2014)","DOI":"10.4159\/9780674726369"},{"key":"19_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/978-3-642-17773-6_21","volume-title":"Security Protocols","author":"P Youn","year":"2010","unstructured":"Youn, P., et al.: Robbing the bank with a theorem prover. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2007. LNCS, vol. 5964, p. 171. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17773-6_21"}],"container-title":["Lecture Notes in Computer Science","Security Protocols XXVIII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-43033-6_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,21]],"date-time":"2023-10-21T05:03:29Z","timestamp":1697864609000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-43033-6_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031430329","9783031430336"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-43033-6_19","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"21 October 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Security Protocols","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge International Workshop on Security Protocols","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 March 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 March 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"spw2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.cl.cam.ac.uk\/events\/spw\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"CMT3","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"13","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"57% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}