{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T00:05:29Z","timestamp":1767830729173,"version":"3.49.0"},"publisher-location":"Cham","reference-count":47,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319457406","type":"print"},{"value":"9783319457413","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45741-3_11","type":"book-chapter","created":{"date-parts":[[2016,9,14]],"date-time":"2016-09-14T04:50:25Z","timestamp":1473828625000},"page":"201-222","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":28,"title":["On Bitcoin Security in the Presence of Broken Cryptographic Primitives"],"prefix":"10.1007","author":[{"given":"Ilias","family":"Giechaskiel","sequence":"first","affiliation":[]},{"given":"Cas","family":"Cremers","sequence":"additional","affiliation":[]},{"given":"Kasper B.","family":"Rasmussen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,9,15]]},"reference":[{"key":"11_CR1","unstructured":"Alert, B.: Some miners generating invalid blocks, 4 July 2015. https:\/\/bitcoin.org\/en\/alert\/2015-07-04-spv-mining. Accessed: 11 Feb 2016"},{"key":"11_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/978-3-642-28496-0_3","volume-title":"Selected Areas in Cryptography","author":"E Andreeva","year":"2012","unstructured":"Andreeva, E., Mennink, B.: Provable chosen-target-forced-midfix preimage resistance. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 37\u201354. Springer, Heidelberg (2012)"},{"key":"11_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-642-39884-1_4","volume-title":"Financial Cryptography and Data Security","author":"E Androulaki","year":"2013","unstructured":"Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in Bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34\u201351. Springer, Heidelberg (2013)"},{"key":"11_CR4","unstructured":"Antonopoulos, A.M.: Mastering Bitcoin: Unlocking Digital Crypto-Currencies, 1st edn. O\u2019Reilly Media Inc. (2014)"},{"key":"11_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1007\/978-3-642-32946-3_29","volume-title":"Financial Cryptography and Data Security","author":"S Barber","year":"2012","unstructured":"Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better \u2014 how to make Bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399\u2013414. Springer, Heidelberg (2012)"},{"key":"11_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1007\/978-3-662-44709-3_5","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2014","author":"N Benger","year":"2014","unstructured":"Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: \u201cOoh Aah.. Just a Little Bit\u201d: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75\u201392. Springer, Heidelberg (2014)"},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Bhargavan, K., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE, and SSH. In: Annual Network and Distributed System Security Symposium (NDSS) (2016)","DOI":"10.14722\/ndss.2016.23418"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Biryukov, A., Khovratovich, D., Pustogarov, I.: Deanonymisation of clients in Bitcoin P2P network. In: ACM Conference on Computer and Communications Security (CCS) (2014)","DOI":"10.1145\/2660267.2660379"},{"key":"11_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1007\/3-540-49162-7_12","volume-title":"Public Key Cryptography","author":"S Blake-Wilson","year":"1999","unstructured":"Blake-Wilson, S., Menezes, A.: Unknown key-share attacks on the station-to-station (STS) protocol. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 154\u2013170. Springer, Heidelberg (1999)"},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J., Felten, E.: SoK: research perspectives and challenges for Bitcoin and cryptocurrencies. In: IEEE Symposium on Security and Privacy (SP) (2015)","DOI":"10.1109\/SP.2015.14"},{"key":"11_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"PQ Nguy\u00ean","year":"2005","unstructured":"Nguy\u00ean, P.Q., Stern, J., Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd revisited: how to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430\u2013448. Springer, Heidelberg (2005)"},{"key":"11_CR12","unstructured":"Courtois, N.T., Bahack, L.: On subversive miner strategies and block withholding attack in Bitcoin digital currency. ArXiv e-prints 1402.1718 (2014). http:\/\/arxiv.org\/abs\/1402.1718"},{"key":"11_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"313","DOI":"10.1007\/978-3-319-11212-1_18","volume-title":"Computer Security - ESORICS 2014","author":"C Decker","year":"2014","unstructured":"Decker, C., Wattenhofer, R.: Bitcoin transaction Malleability and MtGox. In: Kuty\u0142owski, M., Vaidya, J. (eds.) ICAIS 2014, Part II. LNCS, vol. 8713, pp. 313\u2013326. Springer, Heidelberg (2014)"},{"key":"11_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-642-32009-5_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"Y Dodis","year":"2012","unstructured":"Dodis, Y., Ristenpart, T., Steinberger, J., Tessaro, S.: To hash or not to hash again? (in)differentiability results for H\n          $$^\\text{2 }$$ and HMAC. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 348\u2013366. Springer, Heidelberg (2012)"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Eyal, I.: The miner\u2019s dilemma. In: IEEE Symposium on Security and Privacy (SP) (2015)","DOI":"10.1109\/SP.2015.13"},{"key":"11_CR16","series-title":"Lecture Notes in Computer Science","first-page":"431","volume-title":"Financial Cryptography and Data Security","author":"I Eyal","year":"2014","unstructured":"Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 431\u2013449. Springer, Heidelberg (2014)"},{"key":"11_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1007\/978-3-662-46803-6_10","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"J Garay","year":"2015","unstructured":"Garay, J., Kiayias, A., Leonardos, N.: The Bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281\u2013310. Springer, Heidelberg (2015)"},{"key":"11_CR18","doi-asserted-by":"crossref","unstructured":"Gervais, A., Ritzdorf, H., Karame, G.O., Capkun, S.: Tampering with the delivery of blocks and transactions in Bitcoin. In: ACM Conference on Computer and Communications Security (CCS) (2015)","DOI":"10.1145\/2810103.2813655"},{"issue":"2","key":"11_CR19","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S Goldwasser","year":"1988","unstructured":"Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. (SICOMP) 17(2), 281\u2013308 (1988)","journal-title":"SIAM J. Comput. (SICOMP)"},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Annual ACM Symposium on Theory of Computing (STOC) (1996)","DOI":"10.1145\/237814.237866"},{"key":"11_CR21","unstructured":"Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on Bitcoin\u2019s peer-to-peer network. In: USENIX Security Symposium (USENIX Security) (2015)"},{"key":"11_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1007\/978-3-540-70583-3_50","volume-title":"Automata, Languages and Programming","author":"JJ Hoch","year":"2008","unstructured":"Hoch, J.J., Shamir, A.: On the strength of the concatenated hash combiner when all the hash functions are weak. In: Aceto, L., Damg\u00e5rd, I., Goldberg, L.A., Halld\u00f3rsson, M.M., Ing\u00f3lfsd\u00f3ttir, A., Walukiewicz, I. (eds.) ICALP 2008, Part II. LNCS, vol. 5126, pp. 616\u2013630. Springer, Heidelberg (2008)"},{"key":"11_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-540-28628-8_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"A Joux","year":"2004","unstructured":"Joux, A.: Multicollisions in iterated hash functions. application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306\u2013316. Springer, Heidelberg (2004)"},{"issue":"1","key":"11_CR24","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1145\/2732196","volume":"18","author":"GO Karame","year":"2015","unstructured":"Karame, G.O., Androulaki, E., Roeschlin, M., Gervais, A., \u010capkun, S.: Misbehavior in Bitcoin: a study of double-spending and accountability. ACM Trans. Inf. Syst. Secur. (TISSEC) 18(1), 2 (2015)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Karame, G.O., Androulaki, E., \u010capkun, S.: Double-spending fast payments in Bitcoin. In: ACM Conference on Computer and Communications Security (CCS) (2012)","DOI":"10.1145\/2382196.2382292"},{"key":"11_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/11761679_12","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"J Kelsey","year":"2006","unstructured":"Kelsey, J., Kohno, T.: Herding hash functions and the nostradamus attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183\u2013200. Springer, Heidelberg (2006)"},{"key":"11_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1007\/11426639_28","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J Kelsey","year":"2005","unstructured":"Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2$$^{n}$$ work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474\u2013490. Springer, Heidelberg (2005)"},{"key":"11_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-642-34047-5_15","volume-title":"Fast Software Encryption","author":"D Khovratovich","year":"2012","unstructured":"Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on Skein-512 and the SHA-2 family. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 244\u2013263. Springer, Heidelberg (2012)"},{"key":"11_CR29","unstructured":"Kroll, J.A., Davey, I.C., Felten, E.W.: The economics of Bitcoin mining, or Bitcoin in the presence of adversaries. In: Workshop on the Economics of Information Security (WEIS) (2013)"},{"key":"11_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1007\/978-3-662-46800-5_14","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"G Leurent","year":"2015","unstructured":"Leurent, G., Wang, L.: The sum can be weaker than each part. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 345\u2013367. Springer, Heidelberg (2015)"},{"key":"11_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/978-3-642-38348-9_16","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"F Mendel","year":"2013","unstructured":"Mendel, F., Nad, T., Schl\u00e4ffer, M.: Improving local collisions: new attacks on reduced SHA-256. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 262\u2013278. Springer, Heidelberg (2013)"},{"key":"11_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1007\/978-3-642-42045-0_25","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"F Mendel","year":"2013","unstructured":"Mendel, F., Peyrin, T., Schl\u00e4ffer, M., Wang, L., Wu, S.: Improved cryptanalysis of reduced RIPEMD-160. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 484\u2013503. Springer, Heidelberg (2013)"},{"key":"11_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"369","DOI":"10.1007\/3-540-48184-2_32","volume-title":"Advances in Cryptology - CRYPTO \u201987","author":"RC Merkle","year":"1988","unstructured":"Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369\u2013378. Springer, Heidelberg (1988)"},{"key":"11_CR34","unstructured":"Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). http:\/\/bitcoin.org\/bitcoin.pdf"},{"key":"11_CR35","unstructured":"Nakamoto, S.: Bitcoin source code v0.1.0: Util.h. (2009). https:\/\/github.com\/trottier\/original-bitcoin\/blob\/4184ab26345d19e87045ce7d9291e60e7d36e096\/src\/util.h. Accessed: 11 Feb 2016"},{"key":"11_CR36","unstructured":"Nakamoto, S.: Dealing with SHA-256 collisions (msg #6), 14 June 2010. https:\/\/bitcointalk.org\/index.php?topic=191.msg1585#msg1585. Accessed: 11 Feb 2016"},{"key":"11_CR37","unstructured":"Nakamoto, S.: Hash() function not secure (msg #28), 16 July 2010. https:\/\/bitcointalk.org\/index.php?topic=360.msg3520#msg3520. Accessed: 11 Feb 2016"},{"key":"11_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-642-21518-6_13","volume-title":"Information Security and Cryptology","author":"C Ohtahara","year":"2011","unstructured":"Ohtahara, C., Sasaki, Y., Shimoyama, T.: Preimage attacks on step-reduced RIPEMD-128 and RIPEMD-160. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 169\u2013186. Springer, Heidelberg (2011)"},{"key":"11_CR39","unstructured":"Okupski, K.: Bitcoin developer reference working paper (2015). http:\/\/enetium.com\/resources\/Bitcoin.pdf. Accessed: 11 Feb 2016"},{"issue":"4","key":"11_CR40","first-page":"317","volume":"3","author":"J Proos","year":"2003","unstructured":"Proos, J., Zalka, C.: Shor\u2019s discrete logarithm quantum algorithm for elliptic curves. Quantum Inf. Comput. 3(4), 317\u2013344 (2003)","journal-title":"Quantum Inf. Comput."},{"key":"11_CR41","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-1-4614-4139-7_10","volume-title":"Security and Privacy in Social Networks","author":"F Reid","year":"2013","unstructured":"Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: Altshuler, Y., Elovici, Y., Cremers, A.B., Aharony, N., Pentland, A. (eds.) Security and Privacy in Social Networks, pp. 197\u2013223. Springer, New York (2013)"},{"key":"11_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1007\/978-3-642-39884-1_2","volume-title":"Financial Cryptography and Data Security","author":"D Ron","year":"2013","unstructured":"Ron, D., Shamir, A.: Quantitative analysis of the full Bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6\u201324. Springer, Heidelberg (2013)"},{"key":"11_CR43","unstructured":"Standards for Efficient Cryptography: Sec 2: Recommended elliptic curve domain parameters version 2.0 (2010). http:\/\/www.secg.org\/sec2-v2.pdf"},{"key":"11_CR44","unstructured":"Tschorsch, F., Scheuermann, B.: Bitcoin and beyond: a technical survey on decentralized digital currencies. Cryptology ePrint Archive, Report 2015\/464 (2015). https:\/\/eprint.iacr.org\/2015\/464"},{"key":"11_CR45","unstructured":"Wiki, B.: Protocol rules, 11 March 2014. https:\/\/en.bitcoin.it\/wiki\/Protocol_rules. Accessed: 11 Feb 2016"},{"key":"11_CR46","unstructured":"Wiki, B.: Contingency plans, 15 May 2015. https:\/\/en.bitcoin.it\/wiki\/Contingency_plans. Accessed: 11 Feb 2016"},{"key":"11_CR47","unstructured":"Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. Cryptology ePrint Archive, Report 2014\/140 (2014). https:\/\/eprint.iacr.org\/2014\/140"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2016"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45741-3_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,15]],"date-time":"2021-09-15T02:46:52Z","timestamp":1631674012000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-45741-3_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319457406","9783319457413"],"references-count":47,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45741-3_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"15 September 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Heraklion","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Greece","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 September 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 September 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}