{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,27]],"date-time":"2025-04-27T21:40:05Z","timestamp":1745790005305,"version":"3.40.4"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031911002","type":"print"},{"value":"9783031911019","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-91101-9_14","type":"book-chapter","created":{"date-parts":[[2025,4,27]],"date-time":"2025-04-27T21:14:16Z","timestamp":1745788456000},"page":"393-426","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Key Derivation Functions Without a\u00a0Grain of\u00a0Salt"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8677-8301","authenticated-orcid":false,"given":"Matilda","family":"Backendal","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0005-9436-1417","authenticated-orcid":false,"given":"Sebastian","family":"Clermont","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0597-8297","authenticated-orcid":false,"given":"Marc","family":"Fischlin","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8495-6610","authenticated-orcid":false,"given":"Felix","family":"G\u00fcnther","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,28]]},"reference":[{"key":"14_CR1","doi-asserted-by":"publisher","unstructured":"Angel, Y., Dowling, B., H\u00fclsing, A., Schwabe, P., Weber, F.J.: Post quantum noise. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) ACM CCS 2022, pp. 97\u2013109. ACM Press (Nov 2022). https:\/\/doi.org\/10.1145\/3548606.3560577","DOI":"10.1145\/3548606.3560577"},{"key":"14_CR2","unstructured":"Aviram, N., Dowling, B., Komargodski, I., Paterson, K.G., Ronen, E., Yogev, E.: Practical (post-quantum) key combiners from one-wayness and applications to TLS. Cryptology ePrint Archive, Report 2022\/065 (2022). https:\/\/eprint.iacr.org\/2022\/065"},{"key":"14_CR3","doi-asserted-by":"publisher","unstructured":"Backendal, M., Bellare, M., G\u00fcnther, F., Scarlata, M.: When messages are keys: Is HMAC a dual-PRF? In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0III. LNCS, vol. 14083, pp. 661\u2013693. Springer, Cham (Aug 2023). https:\/\/doi.org\/10.1007\/978-3-031-38548-3_22","DOI":"10.1007\/978-3-031-38548-3_22"},{"key":"14_CR4","unstructured":"Backendal, M., Clermont, S., Fischlin, M., G\u00fcnther, F.: Key derivation functions without a grain of salt. Cryptology ePrint, Archive Report 2025\/657 (2025). https:\/\/eprint.iacr.org\/2025\/657,"},{"key":"14_CR5","doi-asserted-by":"publisher","unstructured":"Barbosa, M., et al.: X-wing. CiC 1(1), 21 (2024). https:\/\/doi.org\/10.62056\/a3qj89n4e","DOI":"10.62056\/a3qj89n4e"},{"key":"14_CR6","doi-asserted-by":"publisher","unstructured":"Barker, E., Chen, L., Davis, R.: Recommendation for key-derivation methods in key-establishment schemes. Tech. Rep. NIST Special Publication (SP) 800-56C-r2, National Institute of Standards and Technology (NIST), Gaithersburg, MD (Aug 2020). https:\/\/doi.org\/10.6028\/NIST.SP.800-56Cr2","DOI":"10.6028\/NIST.SP.800-56Cr2"},{"key":"14_CR7","doi-asserted-by":"publisher","unstructured":"Barnes, R., Beurdouche, B., Robert, R., Millican, J., Omara, E., Cohn-Gordon, K.: The Messaging Layer Security (MLS) Protocol. RFC 9420 (Proposed Standard) (Jul 2023). https:\/\/doi.org\/10.17487\/RFC9420. https:\/\/www.rfc-editor.org\/rfc\/rfc9420.txt","DOI":"10.17487\/RFC9420"},{"key":"14_CR8","doi-asserted-by":"publisher","unstructured":"Barnes, R., Bhargavan, K., Lipp, B., Wood, C.: Hybrid Public Key Encryption. RFC 9180 (Informational) (Feb 2022). https:\/\/doi.org\/10.17487\/RFC9180, https:\/\/www.rfc-editor.org\/rfc\/rfc9180.txt","DOI":"10.17487\/RFC9180"},{"key":"14_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-68697-5_1","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1\u201315. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_1"},{"key":"14_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework\u00a0for\u00a0code-based\u00a0game-playing\u00a0proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_25"},{"key":"14_CR11","unstructured":"Bhargavan, K., Jacomme, C., Kiefer, F., Schmidt, R.: Formal verification of the PQXDH post-quantum key agreement protocol for end-to-end secure messaging. In: Balzarotti, D., Xu, W. (eds.) USENIX Security 2024. USENIX Association (Aug 2024)"},{"issue":"3","key":"14_CR12","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1016\/S0020-0190(02)00269-7","volume":"84","author":"E Biham","year":"2002","unstructured":"Biham, E.: How to decrypt or even substitute des-encrypted messages in $$2^{28}$$ steps. Inf. Process. Lett. 84(3), 117\u2013124 (2002). https:\/\/doi.org\/10.1016\/S0020-0190(02)00269-7","journal-title":"Inf. Process. Lett."},{"key":"14_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-030-25510-7_12","volume-title":"Post-Quantum Cryptography","author":"N Bindel","year":"2019","unstructured":"Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., Stebila, D.: Hybrid key encapsulation mechanisms and authenticated key exchange. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 206\u2013226. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-25510-7_12"},{"key":"14_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1007\/3-540-49162-7_12","volume-title":"Public Key Cryptography","author":"S Blake-Wilson","year":"1999","unstructured":"Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the Station-to-Station (STS) protocol. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 154\u2013170. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-49162-7_12"},{"key":"14_CR15","unstructured":"Bluetooth Special Interest Group (SIG): Bluetooth core specification (January 2023), ver. 5.4"},{"key":"14_CR16","doi-asserted-by":"publisher","unstructured":"Brzuska, C., Cornelissen, E., Kohbrok, K.: Security analysis of the MLS key derivation. In: 2022 IEEE Symposium on Security and Privacy, pp. 2535\u20132553. IEEE Computer Society Press (May 2022). https:\/\/doi.org\/10.1109\/SP46214.2022.9833678","DOI":"10.1109\/SP46214.2022.9833678"},{"key":"14_CR17","doi-asserted-by":"publisher","unstructured":"Brzuska, C., Delignat-Lavaud, A., Egger, C., Fournet, C., Kohbrok, K., Kohlweiss, M.: Key-schedule security for the TLS 1.3 standard. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0I. LNCS, vol. 13791, pp. 621\u2013650. Springer, Cham (Dec 2022). https:\/\/doi.org\/10.1007\/978-3-031-22963-3_21","DOI":"10.1007\/978-3-031-22963-3_21"},{"key":"14_CR18","unstructured":"Brzuska, C., Winkelmann, J.: NPRFs and their application to MLS. https:\/\/datatracker.ietf.org\/meeting\/interim-2020-cfrg-02\/materials\/slides-interim-2020-cfrg-02-sessa-nprfs-and-their-application-to-mls-00.pdf (July 2020), visited on August 26, 2022"},{"key":"14_CR19","unstructured":"Campagna, M., Petcher, A.: Security of hybrid key encapsulation. Cryptology ePrint Archive, Report 2020\/1364 (2020). https:\/\/eprint.iacr.org\/2020\/1364"},{"key":"14_CR20","doi-asserted-by":"publisher","unstructured":"Celi, S., Hoyland, J., Stebila, D., Wiggers, T.: A tale of two models: formal verification of KEMTLS via Tamarin. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS\u00a02022, Part\u00a0III. LNCS, vol. 13556, pp. 63\u201383. Springer, Cham (Sep 2022). https:\/\/doi.org\/10.1007\/978-3-031-17143-7_4","DOI":"10.1007\/978-3-031-17143-7_4"},{"key":"14_CR21","doi-asserted-by":"publisher","unstructured":"Chen, L.: Recommendation for key derivation using pseudorandom functions. Tech. Rep. NIST Special Publication (SP) 800-108-r1-upd1, National Institute of Standards and Technology (NIST), Gaithersburg, MD (Feb 2024). https:\/\/doi.org\/10.6028\/NIST.SP.800-108r1-upd1","DOI":"10.6028\/NIST.SP.800-108r1-upd1"},{"key":"14_CR22","doi-asserted-by":"publisher","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy, EuroS &P 2017, Paris, France, April 26-28, 2017, pp. 451\u2013466. IEEE (2017). https:\/\/doi.org\/10.1109\/EUROSP.2017.27","DOI":"10.1109\/EUROSP.2017.27"},{"key":"14_CR23","doi-asserted-by":"publisher","first-page":"876","DOI":"10.1007\/978-3-031-07085-3_30","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2022: 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norway, May 30 \u2013 June 3, 2022, Proceedings, Part II","author":"H Davis","year":"2022","unstructured":"Davis, H., Diemert, D., G\u00fcnther, F., Jager, T.: On the concrete security of TLS 1.3 PSK mode. In: Dunkelman, O., Dziembowski, S. (eds.) Advances in Cryptology \u2013 EUROCRYPT 2022: 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norway, May 30 \u2013 June 3, 2022, Proceedings, Part II, pp. 876\u2013906. Springer International Publishing, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07085-3_30"},{"key":"14_CR24","doi-asserted-by":"publisher","first-page":"448","DOI":"10.1007\/978-3-030-78375-4_18","volume-title":"Applied Cryptography and Network Security: 19th International Conference, ACNS 2021, Kamakura, Japan, June 21\u201324, 2021, Proceedings, Part II","author":"H Davis","year":"2021","unstructured":"Davis, H., G\u00fcnther, F.: Tighter proofs for the SIGMA and TLS\u00a01.3 key exchange protocols. In: Sako, K., Tippenhauer, N.O. (eds.) Applied Cryptography and Network Security: 19th International Conference, ACNS 2021, Kamakura, Japan, June 21\u201324, 2021, Proceedings, Part II, pp. 448\u2013479. Springer International Publishing, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78375-4_18"},{"issue":"3","key":"14_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-021-09388-x","volume":"34","author":"D Diemert","year":"2021","unstructured":"Diemert, D., Jager, T.: On the tight security of TLS 1.3: theoretically sound cryptographic parameters for real-world deployments. J. Cryptol. 34(3), 1\u201357 (2021). https:\/\/doi.org\/10.1007\/s00145-021-09388-x","journal-title":"J. Cryptol."},{"key":"14_CR26","doi-asserted-by":"publisher","unstructured":"Dodis, Y., Ristenpart, T., Steinberger, J.P., Tessaro, S.: To hash or not to hash again? (In)differentiability results for $$H^2$$ and HMAC. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO\u00a02012. LNCS, vol.\u00a07417, pp. 348\u2013366. Springer, Berlin, Heidelberg (Aug 2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_21","DOI":"10.1007\/978-3-642-32009-5_21"},{"issue":"4","key":"14_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-021-09384-1","volume":"34","author":"B Dowling","year":"2021","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol. J. Cryptol. 34(4), 1\u201369 (2021). https:\/\/doi.org\/10.1007\/s00145-021-09384-1","journal-title":"J. Cryptol."},{"key":"14_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1007\/978-3-030-44223-1_26","volume-title":"Post-Quantum Cryptography","author":"B Dowling","year":"2020","unstructured":"Dowling, B., Hansen, T.B., Paterson, K.G.: Many a mickle makes a muckle: a framework for provably quantum-secure hybrid key exchange. In: Ding, J., Tillich, J.-P. (eds.) PQCrypto 2020. LNCS, vol. 12100, pp. 483\u2013502. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-44223-1_26"},{"key":"14_CR29","unstructured":"ETSI: Quantum-safe hybrid key exchanges. TS 103 744. v1.1.1, European Telecommunications Standards Institute (ETSI) (December 2020)"},{"key":"14_CR30","unstructured":"Fiedler, R., G\u00fcnther, F.: Security analysis of Signal\u2019s PQXDH handshake. In: Jager, T., Pan, J., de\u00a0Kock, B., Slide, T. (eds.) 28th International Conference on Practice and Theory of Public-Key Cryptography (PKC\u00a02025). Springer (May 2025). https:\/\/eprint.iacr.org\/2024\/702"},{"key":"14_CR31","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1007\/978-3-319-76578-5_7","volume-title":"Public-Key Cryptography \u2013 PKC 2018: 21st IACR International Conference on Practice and Theory of Public-Key Cryptography, Rio de Janeiro, Brazil, March 25-29, 2018, Proceedings, Part I","author":"F Giacon","year":"2018","unstructured":"Giacon, F., Heuer, F., Poettering, B.: KEM combiners. In: Abdalla, M., Dahab, R. (eds.) Public-Key Cryptography \u2013 PKC 2018: 21st IACR International Conference on Practice and Theory of Public-Key Cryptography, Rio de Janeiro, Brazil, March 25-29, 2018, Proceedings, Part I, pp. 190\u2013218. Springer International Publishing, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76578-5_7"},{"key":"14_CR32","doi-asserted-by":"publisher","unstructured":"H\u00fclsing, A., Ning, K.C., Schwabe, P., Weber, F.J., Zimmermann, P.R.: Post-quantum WireGuard. In: 2021 IEEE Symposium on Security and Privacy. pp. 304\u2013321. IEEE Computer Society Press (May 2021). https:\/\/doi.org\/10.1109\/SP40001.2021.00030","DOI":"10.1109\/SP40001.2021.00030"},{"key":"14_CR33","doi-asserted-by":"publisher","unstructured":"Kaliski, B.: PKCS #5: Password-Based Cryptography Specification Version 2.0. RFC 2898 (Informational) (Sep 2000). https:\/\/doi.org\/10.17487\/RFC2898, https:\/\/www.rfc-editor.org\/rfc\/rfc2898.txt, obsoleted by RFC 8018","DOI":"10.17487\/RFC2898"},{"key":"14_CR34","doi-asserted-by":"publisher","unstructured":"Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996 (Proposed Standard) (Sep 2010). https:\/\/doi.org\/10.17487\/RFC5996, https:\/\/www.rfc-editor.org\/rfc\/rfc5996.txt, obsoleted by RFC 7296, updated by RFCs 5998, 6989","DOI":"10.17487\/RFC5996"},{"key":"14_CR35","doi-asserted-by":"publisher","first-page":"645","DOI":"10.1007\/978-3-031-30872-7_25","volume-title":"Topics in Cryptology \u2013 CT-RSA 2023: Cryptographers\u2019 Track at the RSA Conference 2023, San Francisco, CA, USA, April 24\u201327, 2023, Proceedings","author":"E Kiltz","year":"2023","unstructured":"Kiltz, E., Pan, J., Riepel, D., Ringerud, M.: Multi-user CDH problems and\u00a0the\u00a0concrete security of\u00a0NAXOS and\u00a0HMQV. In: Rosulek, M. (ed.) Topics in Cryptology \u2013 CT-RSA 2023: Cryptographers\u2019 Track at the RSA Conference 2023, San Francisco, CA, USA, April 24\u201327, 2023, Proceedings, pp. 645\u2013671. Springer International Publishing, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30872-7_25"},{"key":"14_CR36","doi-asserted-by":"publisher","unstructured":"Krawczyk, H., Eronen, P.: HMAC-based Extract-and-Expand Key Derivation Function (HKDF). RFC 5869 (Informational) (May 2010). https:\/\/doi.org\/10.17487\/RFC5869, https:\/\/www.rfc-editor.org\/rfc\/rfc5869.txt","DOI":"10.17487\/RFC5869"},{"key":"14_CR37","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1007\/978-3-642-14623-7_34","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"H Krawczyk","year":"2010","unstructured":"Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) Advances in Cryptology \u2013 CRYPTO 2010, pp. 631\u2013648. Springer Berlin Heidelberg, Berlin, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14623-7_34"},{"key":"14_CR38","unstructured":"Marlinspike, M., Perrin, T.: The X3DH key agreement protocol (April 2016). https:\/\/www.signal.org\/docs\/specifications\/x3dh\/, revision 1"},{"key":"14_CR39","unstructured":"Marlinspike, M., Perrin, T.: The PQXDH key agreement protocol (January 2024). https:\/\/signal.org\/docs\/specifications\/pqxdh\/, revision 3"},{"key":"14_CR40","unstructured":"Nair, V., Song, D.: Multi-factor key derivation function (MFKDF) for fast, flexible, secure, & practical key management. In: Calandrino, J.A., Troncoso, C. (eds.) USENIX Security 2023, pp. 2097\u20132114. USENIX Association (Aug 2023)"},{"key":"14_CR41","unstructured":"Perrin, T.: The noise protocol framework (Jul 2018). https:\/\/noiseprotocol.org\/noise.html"},{"key":"14_CR42","doi-asserted-by":"publisher","unstructured":"Poettering, B., Rastikian, S.: A study of KEM generalizations. In: G\u00fcnther, F., Hesse, J. (eds.) Security Standardisation Research - 8th International Conference, SSR 2023, Lyon, France, April 22-23, 2023, Proceedings. Lecture Notes in Computer Science, vol. 13895, pp. 53\u201377. Springer (2023). https:\/\/doi.org\/10.1007\/978-3-031-30731-7_3","DOI":"10.1007\/978-3-031-30731-7_3"},{"key":"14_CR43","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"B Preneel","year":"2001","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) Advances in Cryptology \u2014 CRYPTO\u2019 93, pp. 368\u2013378. Springer Berlin Heidelberg, Berlin, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-48329-2_31"},{"key":"14_CR44","doi-asserted-by":"publisher","unstructured":"Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (Proposed Standard) (Aug 2018). https:\/\/doi.org\/10.17487\/RFC8446, https:\/\/www.rfc-editor.org\/rfc\/rfc8446.txt","DOI":"10.17487\/RFC8446"},{"key":"14_CR45","unstructured":"Scarlata, M., Backendal, M., Haller, M.: MFKDF: Multiple factors knocked down flat. In: Balzarotti, D., Xu, W. (eds.) USENIX Security 2024. USENIX Association (Aug 2024)"},{"key":"14_CR46","doi-asserted-by":"publisher","unstructured":"Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1461\u20131480. ACM Press (Nov 2020). https:\/\/doi.org\/10.1145\/3372297.3423350","DOI":"10.1145\/3372297.3423350"},{"key":"14_CR47","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-88418-5_1","volume-title":"Computer Security \u2013 ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4\u20138, 2021, Proceedings, Part I","author":"P Schwabe","year":"2021","unstructured":"Schwabe, P., Stebila, D., Wiggers, T.: More efficient post-quantum KEMTLS with pre-distributed public keys. In: Bertino, E., Shulman, H., Waidner, M. (eds.) Computer Security \u2013 ESORICS 2021: 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4\u20138, 2021, Proceedings, Part I, pp. 3\u201322. Springer International Publishing, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-88418-5_1"},{"key":"14_CR48","unstructured":"Stebila, D.: Security analysis of the iMessage PQ3 protocol. Cryptology ePrint Archive, Report 2024\/357 (2024). https:\/\/eprint.iacr.org\/2024\/357"},{"key":"14_CR49","unstructured":"Stebila, D., Fluhrer, S., Gueron, S.: Hybrid key exchange in TLS 1.3 \u2013 draft-ietf-tls-hybrid-design-10 (Apr 2024). https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-tls-hybrid- design-10"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-91101-9_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,27]],"date-time":"2025-04-27T21:14:20Z","timestamp":1745788460000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-91101-9_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031911002","9783031911019"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-91101-9_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"28 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Madrid","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 May 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 May 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}