{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T10:12:06Z","timestamp":1767262326067,"version":"3.41.0"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319612034"},{"type":"electronic","value":"9783319612041"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-61204-1_2","type":"book-chapter","created":{"date-parts":[[2017,6,25]],"date-time":"2017-06-25T06:02:42Z","timestamp":1498370562000},"page":"20-38","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Simple Security Definitions for and Constructions of 0-RTT Key Exchange"],"prefix":"10.1007","author":[{"given":"Britta","family":"Hale","sequence":"first","affiliation":[]},{"given":"Tibor","family":"Jager","sequence":"additional","affiliation":[]},{"given":"Sebastian","family":"Lauer","sequence":"additional","affiliation":[]},{"given":"J\u00f6rg","family":"Schwenk","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,6,26]]},"reference":[{"key":"2_CR1","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Ashby, V. (ed.) ACM CCS 1993, 3\u20135 November 1993, Fairfax, Virginia, USA, pp. 62\u201373. ACM Press (1993)","DOI":"10.1145\/168588.168596"},{"key":"2_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"M Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232\u2013249. Springer, Heidelberg (1994). doi:10.1007\/3-540-48329-2_21"},{"key":"2_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1007\/978-3-662-46447-2_21","volume-title":"Public-Key Cryptography \u2013 PKC 2015","author":"F Bergsma","year":"2015","unstructured":"Bergsma, F., Jager, T., Schwenk, J.: One-round key exchange with strong security: an efficient and generic construction in the standard model. In: Katz, J. (ed.) PKC 2015. LNCS, vol. 9020, pp. 477\u2013494. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46447-2_21"},{"key":"2_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/978-3-662-44381-1_14","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"K Bhargavan","year":"2014","unstructured":"Bhargavan, K., Fournet, C., Kohlweiss, M., Pironti, A., Strub, P.-Y., Zanella-B\u00e9guelin, S.: Proving the TLS handshake secure (as it is). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 235\u2013255. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-44381-1_14"},{"key":"2_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1007\/BFb0024447","volume-title":"Crytography and Coding","author":"S Blake-Wilson","year":"1997","unstructured":"Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30\u201345. Springer, Heidelberg (1997). doi:10.1007\/BFb0024447"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Boneh, D., Shen, E., Waters, B.: Strongly unforgeable signatures based on computational Diffie-Hellman. In: Yung et al. [30], pp. 229\u2013240","DOI":"10.1007\/11745853_15"},{"key":"2_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-44987-6_28","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"R Canetti","year":"2001","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453\u2013474. Springer, Heidelberg (2001). doi:10.1007\/3-540-44987-6_28"},{"key":"2_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-540-78967-3_8","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"D Cash","year":"2008","unstructured":"Cash, D., Kiltz, E., Shoup, V.: The twin Diffie-Hellman problem and applications. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 127\u2013145. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-78967-3_8"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Cremers, C.: Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK. In: Cheung, B.S.N., Hui, L.C.K., Sandhu, R.S., Wong, D.S. (eds.) ASIACCS 2011, 22\u201324 March 2011, Hong Kong, China, pp. 80\u201391. ACM Press (2011)","DOI":"10.1145\/1966913.1966925"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/978-3-642-01957-9_2","volume-title":"Applied Cryptography and Network Security","author":"CJF Cremers","year":"2009","unstructured":"Cremers, C.J.F.: Session-state reveal is stronger than ephemeral key reveal: attacking the NAXOS authenticated key exchange protocol. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 20\u201333. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-01957-9_2"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Fischlin, M., G\u00fcnther, F.: Multi-stage key exchange and the case of Google\u2019s QUIC protocol. In: Ahn, G.-J., Yung, M., Li, N. (eds.) ACM CCS 2014, 3\u20137 November 2014, Scottsdale, AZ, USA, pp. 1193\u20131204. ACM Press (2014)","DOI":"10.1145\/2660267.2660308"},{"key":"2_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-642-36362-7_17","volume-title":"Public-Key Cryptography \u2013 PKC 2013","author":"ESV Freire","year":"2013","unstructured":"Freire, E.S.V., Hofheinz, D., Kiltz, E., Paterson, K.G.: Non-interactive key exchange. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 254\u2013271. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-36362-7_17"},{"key":"2_CR13","doi-asserted-by":"crossref","unstructured":"Green, M.D., Miers, I.: Forward secure asynchronous messaging from puncturable encryption. In: IEEE S&P 2015 [16], pp. 305\u2013320","DOI":"10.1109\/SP.2015.26"},{"key":"2_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1007\/978-3-319-56617-7_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"F G\u00fcnther","year":"2017","unstructured":"G\u00fcnther, F., Hale, B., Jager, T., Lauer, S.: 0-RTT key exchange with full forward secrecy. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 519\u2013548. Springer, Cham (2017). doi:10.1007\/978-3-319-56617-7_18"},{"key":"2_CR15","unstructured":"Hale, B., Jager, T., Lauer, S., Schwenk, J.: Simple security definitions for and constructions of 0-RTT key exchange. Cryptology ePrint Archive, Report 2015\/1214 (2015). http:\/\/eprint.iacr.org\/2015\/1214"},{"key":"2_CR16","unstructured":"IEEE Symposium on Security and Privacy, 17\u201321 May 2015, San Jose, CA, USA. IEEE Computer Society Press (2015)"},{"key":"2_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-32009-5_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T Jager","year":"2012","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273\u2013293. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-32009-5_17"},{"key":"2_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"546","DOI":"10.1007\/11535218_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"H Krawczyk","year":"2005","unstructured":"Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546\u2013566. Springer, Heidelberg (2005). doi:10.1007\/11535218_33"},{"key":"2_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/978-3-642-40041-4_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"H Krawczyk","year":"2013","unstructured":"Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 429\u2013448. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-40041-4_24"},{"key":"2_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-75670-5_1","volume-title":"Provable Security","author":"B LaMacchia","year":"2007","unstructured":"LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1\u201316. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-75670-5_1"},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"Lauter, K., Mityagin, A.: Security analysis of KEA authenticated key exchange protocol. In: Yung et al. [30], pp. 378\u2013394","DOI":"10.1007\/11745853_25"},{"issue":"2","key":"2_CR22","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1023\/A:1022595222606","volume":"28","author":"L Law","year":"2003","unstructured":"Law, L., Menezes, A., Minghua, Q., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Des. Codes Crypt. 28(2), 119\u2013134 (2003)","journal-title":"Des. Codes Crypt."},{"key":"2_CR23","doi-asserted-by":"crossref","unstructured":"Lychev, R., Jero, S., Boldyreva, A., Nita-Rotaru, C.: How secure and quick is QUIC? Provable security and performance analyses. In: IEEE S&P 2015 [16], pp. 214\u2013231","DOI":"10.1109\/SP.2015.21"},{"key":"2_CR24","unstructured":"NIST: SKIPJACK and KEA algorithm specifications (1998). http:\/\/csrc.nist.gov\/groups\/STM\/cavp\/documents\/skipjack\/skipjack.pdf"},{"key":"2_CR25","unstructured":"Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3: draft-ietf-tls-tls13-08. Technical report, August 2015. Expires 29 Feb 2016"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3: draft-ietf-tls-tls13-18. Technical report, October 2016. Expires 29 April 2017","DOI":"10.17487\/RFC8446"},{"key":"2_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-642-15317-4_15","volume-title":"Security and Cryptography for Networks","author":"AP Sarr","year":"2010","unstructured":"Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A new security model for authenticated key agreement. In: Garay, J.A., Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 219\u2013234. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-15317-4_15"},{"key":"2_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1007\/11967668_23","volume-title":"Topics in Cryptology \u2013 CT-RSA 2007","author":"R Steinfeld","year":"2006","unstructured":"Steinfeld, R., Pieprzyk, J., Wang, H.: How to strengthen any weakly unforgeable signature into a strongly unforgeable signature. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 357\u2013371. Springer, Heidelberg (2006). doi:10.1007\/11967668_23"},{"key":"2_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-642-24316-5_25","volume-title":"Provable Security","author":"K Yoneyama","year":"2011","unstructured":"Yoneyama, K., Zhao, Y.: Taxonomical security consideration of authenticated key exchange resilient to intermediate computation leakage. In: Boyen, X., Chen, X. (eds.) ProvSec 2011. LNCS, vol. 6980, pp. 348\u2013365. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-24316-5_25"},{"key":"2_CR30","series-title":"Lecture Notes in Computer Science","volume-title":"Public Key Cryptography - PKC 2006","year":"2006","unstructured":"Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.): PKC 2006. LNCS, vol. 3958. Springer, Heidelberg (2006)"},{"key":"2_CR31","doi-asserted-by":"crossref","unstructured":"Zhao, Y.: Identity-concealed authenticated encryption and key exchange. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) ACM CCS 2016, 24\u201328 October 2016, Vienna, Austria, pp. 1464\u20131479. ACM Press (2016)","DOI":"10.1145\/2976749.2978350"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-61204-1_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,20]],"date-time":"2025-06-20T00:57:10Z","timestamp":1750381030000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-61204-1_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319612034","9783319612041"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-61204-1_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"26 June 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACNS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Applied Cryptography and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Kanazawa","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 July 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 July 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"acns2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/cy2sec.comm.eng.osaka-u.ac.jp\/acns2017\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}