{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,16]],"date-time":"2026-06-16T11:06:48Z","timestamp":1781608008779,"version":"3.54.5"},"publisher-location":"Cham","reference-count":68,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031577208","type":"print"},{"value":"9783031577185","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-57718-5_12","type":"book-chapter","created":{"date-parts":[[2024,4,12]],"date-time":"2024-04-12T22:01:17Z","timestamp":1712959277000},"page":"352-386","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["On the\u00a0Possibility of\u00a0a\u00a0Backdoor in\u00a0the\u00a0Micali-Schnorr Generator"],"prefix":"10.1007","author":[{"given":"Hannah","family":"Davis","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Matthew D.","family":"Green","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7904-7295","authenticated-orcid":false,"given":"Nadia","family":"Heninger","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5846-2046","authenticated-orcid":false,"given":"Keegan","family":"Ryan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Adam","family":"Suhl","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2024,4,13]]},"reference":[{"key":"12_CR1","unstructured":"DRBG Recommmendations from the x9.82 Editing Group. https:\/\/github.com\/matthewdgreen\/nistfoia\/blob\/master\/6.4.2014%20production\/055%20-%20DRBG%20Recomm%20from%20X9.82%20Editing%20Group.pdf"},{"key":"12_CR2","unstructured":"DRBGs Based on Hard Problems. https:\/\/github.com\/matthewdgreen\/nistfoia\/blob\/master\/6.4.2014%20production\/039%20-%20DRBGs%20Based%20on%20Hard%20Problems.pdf"},{"key":"12_CR3","unstructured":"Excerpt from 2013 Intelligence Budget Request: SIGINT ENABLING. Media leak (2013). https:\/\/archive.nytimes.com\/www.nytimes.com\/interactive\/2013\/09\/05\/us\/documents-reveal-nsa-campaign-against-encryption.html"},{"key":"12_CR4","doi-asserted-by":"publisher","unstructured":"SHA-3 Standard: permutation-based hash and extendable-output functions (2015-08-04 2015). https:\/\/doi.org\/10.6028\/NIST.FIPS.202","DOI":"10.6028\/NIST.FIPS.202"},{"key":"12_CR5","doi-asserted-by":"publisher","unstructured":"Alexi, W., Chor, B., Goldreich, O., Schnorr, C.P.: RSA\/Rabin bits are $$1\/2 + 1\/\\text{poly}(\\log {N})$$ secure. In: 25th FOCS, pp. 449\u2013457. IEEE Computer Society Press (1984). https:\/\/doi.org\/10.1109\/SFCS.1984.715947","DOI":"10.1109\/SFCS.1984.715947"},{"key":"12_CR6","doi-asserted-by":"publisher","unstructured":"Allen, C., Dierks, T.: The TLS Protocol Version 1.0. RFC 2246 (1999). https:\/\/doi.org\/10.17487\/RFC2246, https:\/\/www.rfc-editor.org\/info\/rfc2246","DOI":"10.17487\/RFC2246"},{"key":"12_CR7","doi-asserted-by":"publisher","first-page":"995","DOI":"10.1049\/el:19930662","volume":"29","author":"RJ Anderson","year":"1993","unstructured":"Anderson, R.J.: Practical RSA Trapdoor. Electron. Lett. 29, 995\u2013995 (1993)","journal-title":"Electron. Lett."},{"key":"12_CR8","doi-asserted-by":"publisher","unstructured":"Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1\u201319. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_1","DOI":"10.1007\/978-3-662-44371-2_1"},{"key":"12_CR9","unstructured":"Benjamin, D.: Additional TLS 1.3 Results from Chrome (December 2017). https:\/\/mailarchive.ietf.org\/arch\/msg\/tls\/i9blmvG2BEPf1s1OJkenHknRw9c\/"},{"key":"12_CR10","doi-asserted-by":"publisher","unstructured":"Berndt, S., Liskiewicz, M.: Algorithm substitution attacks from a steganographic perspective. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1649\u20131660. ACM Press (2017). https:\/\/doi.org\/10.1145\/3133956.3133981","DOI":"10.1145\/3133956.3133981"},{"key":"12_CR11","doi-asserted-by":"publisher","unstructured":"Bernstein, D.J., Lange, T., Niederhagen, R.: Dual EC: A Standardized Back Door, pp. 256\u2013281. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49301-4_17","DOI":"10.1007\/978-3-662-49301-4_17"},{"key":"12_CR12","doi-asserted-by":"publisher","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181\u2013197. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_11","DOI":"10.1007\/978-3-540-78967-3_11"},{"key":"12_CR13","doi-asserted-by":"publisher","unstructured":"Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2), 364\u2013383 (1986). https:\/\/doi.org\/10.1137\/0215025","DOI":"10.1137\/0215025"},{"key":"12_CR14","doi-asserted-by":"publisher","unstructured":"Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo random bits. In: 23rd FOCS, pp. 112\u2013117. IEEE Computer Society Press (1982). https:\/\/doi.org\/10.1109\/SFCS.1982.72","DOI":"10.1109\/SFCS.1982.72"},{"key":"12_CR15","doi-asserted-by":"publisher","unstructured":"Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key $$d$$ less than $$N^{0.292}$$. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 1\u201311. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48910-X_1","DOI":"10.1007\/3-540-48910-X_1"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Cesati, M.: A new idea for RSA backdoors. arXiv preprint arXiv:2201.13153 (2022).","DOI":"10.3390\/cryptography7030045"},{"key":"12_CR17","doi-asserted-by":"publisher","unstructured":"Checkoway, S., et al.: A systematic analysis of the juniper dual EC incident. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, pp. 468\u2013479. ACM Press (2016). https:\/\/doi.org\/10.1145\/2976749.2978395","DOI":"10.1145\/2976749.2978395"},{"key":"12_CR18","unstructured":"Checkoway, S., et al.: On the practical exploitability of dual EC in TLS implementations. In: Fu, K., Jung, J. (eds.) USENIX Security 2014, pp. 319\u2013335. USENIX Association (2014)"},{"key":"12_CR19","doi-asserted-by":"publisher","unstructured":"Chow, S.S.M., Russell, A., Tang, Q., Yung, M., Zhao, Y., Zhou, H.S.: Let a non-barking watchdog bite: cliptographic signatures with an offline watchdog. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11442, pp. 221\u2013251. Springer, Heidelberg (2019). https:\/\/doi.org\/10.1007\/978-3-030-17253-4_8","DOI":"10.1007\/978-3-030-17253-4_8"},{"key":"12_CR20","doi-asserted-by":"publisher","unstructured":"Cohney, S.N., Green, M.D., Heninger, N.: Practical state recovery attacks against legacy RNG implementations. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 265\u2013280. ACM Press (2018). https:\/\/doi.org\/10.1145\/3243734.3243756","DOI":"10.1145\/3243734.3243756"},{"issue":"4","key":"12_CR21","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s001459900030","volume":"10","author":"D Coppersmith","year":"1997","unstructured":"Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. Cryptol. 10(4), 233\u2013260 (1997). https:\/\/doi.org\/10.1007\/s001459900030","journal-title":"J. Cryptol."},{"key":"12_CR22","doi-asserted-by":"publisher","unstructured":"Coppersmith, D.: Finding small solutions to small degree polynomials. In: Silverman, J.H. (ed.) Cryptography and Lattices, pp. 20\u201331. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44670-2_3","DOI":"10.1007\/3-540-44670-2_3"},{"key":"12_CR23","doi-asserted-by":"publisher","unstructured":"Cr\u00e9peau, C., Slakmon, A.: Simple backdoors for RSA key generation. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 403\u2013416. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36563-X_28","DOI":"10.1007\/3-540-36563-X_28"},{"key":"12_CR24","unstructured":"Davis, H., Green, M., Heninger, N., Ryan, K., Suhl, A.: On the possibility of a backdoor in the Micali-Schnorr generator. Cryptology ePrint Archive, Paper 2023\/440 (2023). https:\/\/eprint.iacr.org\/2023\/440"},{"key":"12_CR25","doi-asserted-by":"publisher","unstructured":"Degabriele, J.P., Paterson, K.G., Schuldt, J.C.N., Woodage, J.: Backdoors in pseudorandom number generators: possibility and impossibility results. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, LNCS, vol. 9814, pp. 403\u2013432. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_15","DOI":"10.1007\/978-3-662-53018-4_15"},{"key":"12_CR26","doi-asserted-by":"publisher","unstructured":"Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346 (2006). https:\/\/doi.org\/10.17487\/RFC4346","DOI":"10.17487\/RFC4346"},{"key":"12_CR27","doi-asserted-by":"publisher","unstructured":"Dodis, Y., Ganesh, C., Golovnev, A., Juels, A., Ristenpart, T.: A formal treatment of backdoored pseudorandom generators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 101\u2013126. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_5","DOI":"10.1007\/978-3-662-46800-5_5"},{"key":"12_CR28","doi-asserted-by":"publisher","unstructured":"Dodis, Y., Pointcheval, D., Ruhault, S., Vergnaud, D., Wichs, D.: Security analysis of pseudo-random number generators with input: \/dev\/random is not robust. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 647\u2013658. ACM Press (2013). https:\/\/doi.org\/10.1145\/2508859.2516653","DOI":"10.1145\/2508859.2516653"},{"key":"12_CR29","doi-asserted-by":"publisher","unstructured":"Doraswamy, N., Glenn, K.R., Thayer, R.L.: IP Security Document Roadmap. RFC 2411 (1998). https:\/\/doi.org\/10.17487\/RFC2411, https:\/\/www.rfc-editor.org\/info\/rfc2411","DOI":"10.17487\/RFC2411"},{"key":"12_CR30","unstructured":"Engelberts, L.: Analysis of the Micali-Schnorr PRNG with known factorisation of the modulus. Master\u2019s thesis, University of Oxford (2020)"},{"key":"12_CR31","doi-asserted-by":"publisher","unstructured":"Fischlin, M., Mazaheri, S.: Self-guarding cryptographic protocols against algorithm substitution attacks. In: Chong, S., Delaune, S. (eds.) CSF 2018 Computer Security Foundations Symposium, pp. 76\u201390. IEEE Computer Society Press (2018). https:\/\/doi.org\/10.1109\/CSF.2018.00013","DOI":"10.1109\/CSF.2018.00013"},{"key":"12_CR32","doi-asserted-by":"publisher","unstructured":"Fischlin, R., Schnorr, C.P.: Stronger security proofs for RSA and Rabin bits. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 267\u2013279. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_19","DOI":"10.1007\/3-540-69053-0_19"},{"issue":"2","key":"12_CR33","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/s001459910008","volume":"13","author":"R Fischlin","year":"2000","unstructured":"Fischlin, R., Schnorr, C.P.: Stronger security proofs for RSA and Rabin bits. J. Cryptol. 13(2), 221\u2013244 (2000). https:\/\/doi.org\/10.1007\/s001459910008","journal-title":"J. Cryptol."},{"key":"12_CR34","doi-asserted-by":"publisher","unstructured":"Fouque, P.A., Vergnaud, D., Zapalowicz, J.C.: Time\/memory\/data tradeoffs for variants of the RSA problem. In: Du, D.Z., Zhang, G. (eds.) Computing and Combinatorics, pp. 651\u2013662. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38768-5_57","DOI":"10.1007\/978-3-642-38768-5_57"},{"key":"12_CR35","doi-asserted-by":"publisher","unstructured":"Fouque, P.A., Zapalowicz, J.C.: Statistical properties of short RSA distribution and their cryptographic applications. In: Cai, Z., Zelikovsky, A., Bourgeois, A. (eds.) Computing and Combinatorics, pp. 525\u2013536. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-08783-2_45","DOI":"10.1007\/978-3-319-08783-2_45"},{"key":"12_CR36","doi-asserted-by":"publisher","unstructured":"Freier, A.O., Karlton, P., Kocher, P.C.: The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101 (2011). https:\/\/doi.org\/10.17487\/RFC6101, https:\/\/www.rfc-editor.org\/info\/rfc6101","DOI":"10.17487\/RFC6101"},{"key":"12_CR37","unstructured":"Green, M.: A few more notes on NSA random number generators (2013). https:\/\/web.archive.org\/web\/20230109062504\/https:\/\/ blog.cryptographyengineering.com\/2013\/12\/28\/a-few-more-notes- on-nsa-random-number\/"},{"key":"12_CR38","doi-asserted-by":"crossref","unstructured":"Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). IETF RFC 2409 (Proposed Standard) (1998)","DOI":"10.17487\/rfc2409"},{"key":"12_CR39","doi-asserted-by":"publisher","unstructured":"Herrmann, M., May, A.: Attacking power generators using unravelled linearization: when do we output too much? In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 487\u2013504. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_29","DOI":"10.1007\/978-3-642-10366-7_29"},{"key":"12_CR40","unstructured":"Hoffman, P.E.: Additional Random Extension to TLS. Internet-Draft draft-hoffman-tls-additional-random-ext-01, Internet Engineering Task Force (2010). Work in Progress. https:\/\/datatracker.ietf.org\/doc\/draft-hoffman-tls- additional-random-ext\/01\/"},{"key":"12_CR41","doi-asserted-by":"publisher","unstructured":"Hoffman, P.E.: Additional Master Secret Inputs for TLS. RFC 6358 (2012). https:\/\/doi.org\/10.17487\/RFC6358, https:\/\/www.rfc-editor.org\/info\/rfc6358","DOI":"10.17487\/RFC6358"},{"key":"12_CR42","unstructured":"Hoffman, P.E., Solinas, J.: Additional PRF Inputs for TLS. Internet-Draft draft-solinas-tls-additional-prf-input-01, Internet Engineering Task Force (2009). Work in Progress. https:\/\/datatracker.ietf.org\/doc\/draft-solinas-tls- additional-prf-input\/01\/"},{"key":"12_CR43","unstructured":"International Organization for Standardization: ISO\/IEC 18031:2011 Information Technology\u2014Security Techniques\u2014Random Bit Generation (2011). https:\/\/www.iso.org\/standard\/54945.html"},{"key":"12_CR44","doi-asserted-by":"publisher","unstructured":"Jochemsz, E., May, A.: A strategy for finding roots of multivariate polynomials with new applications in attacking RSA variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 267\u2013282. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11935230_18","DOI":"10.1007\/11935230_18"},{"key":"12_CR45","unstructured":"Johnson, D.B.: X9.82 part 3: number theoretic DRBGs. Presented at the NIST RNG Workshop (2004). https:\/\/csrc.nist.gov\/CSRC\/media\/Events\/Random-Number-Generation-Workshop-2004\/documents\/NumberTheoreticDRBG.pdf"},{"key":"12_CR46","doi-asserted-by":"publisher","unstructured":"Joye, M.: RSA moduli with a predetermined portion: Techniques and applications. In: Chen, L., Mu, Y., Susilo, W. (eds.) Information Security Practice and Experience, pp. 116\u2013130. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-79104-1_9","DOI":"10.1007\/978-3-540-79104-1_9"},{"key":"12_CR47","doi-asserted-by":"publisher","unstructured":"Jutla, C.S.: On finding small solutions of modular multivariate polynomial equations. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 158\u2013170. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054124","DOI":"10.1007\/BFb0054124"},{"key":"12_CR48","doi-asserted-by":"publisher","unstructured":"Koblitz, N., Menezes, A.: Another look at \u201cprovable security\u201d. II. (invited talk). In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 148\u2013175. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11941378_12","DOI":"10.1007\/11941378_12"},{"issue":"4","key":"12_CR49","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/BF01457454","volume":"261","author":"AK Lenstra","year":"1982","unstructured":"Lenstra, A.K., Lenstra, H.W., Jr., Lov\u00e1sz, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515\u2013534 (1982)","journal-title":"Math. Ann."},{"key":"12_CR50","doi-asserted-by":"publisher","unstructured":"Micali, S., Schnorr, C.P.: Efficient, perfect random number generators. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 173\u2013198. Springer, Heidelberg (1990). https:\/\/doi.org\/10.1007\/0-387-34799-2_14","DOI":"10.1007\/0-387-34799-2_14"},{"issue":"3","key":"12_CR51","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/BF00196909","volume":"3","author":"S Micali","year":"1991","unstructured":"Micali, S., Schnorr, C.P.: Efficient, perfect polynomial random number generators. J. Cryptol. 3(3), 157\u2013172 (1991). https:\/\/doi.org\/10.1007\/BF00196909","journal-title":"J. Cryptol."},{"key":"12_CR52","unstructured":"National Institute of Standards and Technology. Results of a recent FOIA for NIST documents related to the design of Dual EC DRBG (2015). https:\/\/github.com\/matthewdgreen\/nistfoia\/"},{"key":"12_CR53","doi-asserted-by":"publisher","unstructured":"Nguyen, P.Q., Stehl\u00e9, D.: Lll on the average. In: Hess, F., Pauli, S., Pohst, M. (eds.) Algorithmic Number Theory, pp. 238\u2013256. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11792086_18","DOI":"10.1007\/11792086_18"},{"issue":"2","key":"12_CR54","first-page":"191","volume":"3","author":"C Patsakis","year":"2012","unstructured":"Patsakis, C.: Number theoretic SETUPs for RSA like factoring based algorithms. J. Inf. Hiding Multim. Signal Process. 3(2), 191\u2013204 (2012)","journal-title":"J. Inf. Hiding Multim. Signal Process."},{"key":"12_CR55","unstructured":"Perlroth, N., Larson, J., Shane, S.: N.S.A. able to foil basic safeguards of privacy on web. New York Times (2013). https:\/\/www.nytimes.com\/2013\/09\/06\/us\/nsa-foils-much- internet-encryption.html"},{"key":"12_CR56","doi-asserted-by":"publisher","unstructured":"Peyrin, T., Wang, H.: The MALICIOUS framework: embedding backdoors into tweakable block ciphers. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 249\u2013278. Springer, Heidelberg (2020). https:\/\/doi.org\/10.1007\/978-3-030-56877-1_9","DOI":"10.1007\/978-3-030-56877-1_9"},{"key":"12_CR57","doi-asserted-by":"publisher","unstructured":"Rescorla, E., Dierks, T.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (2008). https:\/\/doi.org\/10.17487\/RFC5246, https:\/\/www.rfc-editor.org\/info\/rfc5246","DOI":"10.17487\/RFC5246"},{"key":"12_CR58","unstructured":"Rescorla, E., Salter, M.: Opaque PRF Inputs for TLS. Internet-Draft draft-rescorla-tls-opaque-prf-input-00, Internet Engineering Task Force (2006). Work in Progress. https:\/\/datatracker.ietf.org\/doc\/draft-rescorla-tls-opaque-prf-input\/00\/"},{"key":"12_CR59","unstructured":"Rescorla, E., Salter, M.: Extended Random Values for TLS. Internet-Draft draft-rescorla-tls-extended-random-02, Internet Engineering Task Force (2009). Work in Progress. https:\/\/datatracker.ietf.org\/doc\/draft-rescorla-tls-extended-random\/02\/"},{"key":"12_CR60","doi-asserted-by":"publisher","unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.S.: Cliptography: clipping the power of kleptographic attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 34\u201364. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53890-6_2","DOI":"10.1007\/978-3-662-53890-6_2"},{"key":"12_CR61","unstructured":"Sanso, A.: How to try to predict the output of Micali-Schnorr generator (MS-DRBG) knowing the factorization (2017). http:\/\/blog.intothesymmetry.com\/2017\/12\/how-to-try-to-predict-output-of-micali.html"},{"key":"12_CR62","unstructured":"Shumow, D., Ferguson, N.: On the possibility of a back door in the NIST SP800-90 Dual Ec Prng. Presented at the Crypto 2007 rump session (2007). http:\/\/rump2007.cr.yp.to\/15-shumow.pdf"},{"key":"12_CR63","doi-asserted-by":"publisher","unstructured":"Steinfeld, R., Pieprzyk, J., Wang, H.: On the provable security of an efficient RSA-based pseudorandom generator. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 194\u2013209. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11935230_13","DOI":"10.1007\/11935230_13"},{"key":"12_CR64","doi-asserted-by":"crossref","unstructured":"W\u00fcller, S., K\u00fchnel, M., Meyer, U.: Information hiding in the RSA modulus. In: Proceedings of the 4th ACM Workshop on Information Hiding and Multimedia Security, pp. 159\u2013167 (2016)","DOI":"10.1145\/2909827.2930804"},{"key":"12_CR65","doi-asserted-by":"publisher","unstructured":"Yao, A.C.C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd FOCS, pp. 80\u201391. IEEE Computer Society Press (1982). https:\/\/doi.org\/10.1109\/SFCS.1982.45","DOI":"10.1109\/SFCS.1982.45"},{"key":"12_CR66","doi-asserted-by":"publisher","unstructured":"Young, A., Yung, M.: The dark side of \u201cblack-box\u201d cryptography, or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89\u2013103. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_8","DOI":"10.1007\/3-540-68697-5_8"},{"key":"12_CR67","doi-asserted-by":"publisher","unstructured":"Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62\u201374. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_6","DOI":"10.1007\/3-540-69053-0_6"},{"key":"12_CR68","doi-asserted-by":"publisher","unstructured":"Young, A., Yung, M.: A space efficient backdoor in RSA and its applications. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 128\u2013143. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11693383_9","DOI":"10.1007\/11693383_9"}],"container-title":["Lecture Notes in Computer Science","Public-Key Cryptography \u2013 PKC 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-57718-5_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,12]],"date-time":"2024-04-12T22:02:22Z","timestamp":1712959342000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-57718-5_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031577208","9783031577185"],"references-count":68,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-57718-5_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"13 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PKC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IACR International Conference on Public-Key Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sydney, NSW","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 April 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 April 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"pkc2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}