{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T16:34:20Z","timestamp":1759336460982,"version":"3.40.3"},"publisher-location":"Cham","reference-count":63,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319636962"},{"type":"electronic","value":"9783319636979"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-63697-9_15","type":"book-chapter","created":{"date-parts":[[2017,8,1]],"date-time":"2017-08-01T04:07:12Z","timestamp":1501560432000},"page":"427-461","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Anonymous Attestation with Subverted TPMs"],"prefix":"10.1007","author":[{"given":"Jan","family":"Camenisch","sequence":"first","affiliation":[]},{"given":"Manu","family":"Drijvers","sequence":"additional","affiliation":[]},{"given":"Anja","family":"Lehmann","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,8,2]]},"reference":[{"key":"15_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"688","DOI":"10.1007\/978-3-642-54242-8_29","volume-title":"Theory of Cryptography","author":"M Abe","year":"2014","unstructured":"Abe, M., Groth, J., Ohkubo, M., Tibouchi, M.: Unified, minimal and selectively randomizable structure-preserving signatures. In: Lindell, Y. (ed.) TCC 2014. LNCS, vol. 8349, pp. 688\u2013712. Springer, Heidelberg (2014). doi:10.1007\/978-3-642-54242-8_29"},{"key":"15_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1007\/978-3-642-32009-5_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"J Alwen","year":"2012","unstructured":"Alwen, J., Katz, J., Maurer, U., Zikas, V.: Collusion-preserving computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 124\u2013143. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-32009-5_9"},{"key":"15_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1007\/978-3-540-85174-5_28","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"J Alwen","year":"2008","unstructured":"Alwen, J., Shelat, A., Visconti, I.: Collusion-free protocols in the mediated model. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 497\u2013514. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-85174-5_28"},{"doi-asserted-by":"crossref","unstructured":"Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: CCS 2015 (2015)","key":"15_CR4","DOI":"10.1145\/2810103.2813635"},{"unstructured":"Ball, J., Borger, J., Greenwald, G.: Revealed: how US and UK spy agencies defeat internet privacy and security. Guardian Weekly, September 2013","key":"15_CR5"},{"key":"15_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/3-540-45682-1_33","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2001","author":"M Bellare","year":"2001","unstructured":"Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566\u2013582. Springer, Heidelberg (2001). doi:10.1007\/3-540-45682-1_33"},{"key":"15_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-662-44371-2_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"M Bellare","year":"2014","unstructured":"Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 1\u201319. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-44371-2_1"},{"unstructured":"Bellare, M., Sandhu, R.: The security of practical two-party RSA signature schemes. Cryptology ePrint Archive, Report 2001\/060 (2001)","key":"15_CR8"},{"issue":"3","key":"15_CR9","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/s10207-013-0191-z","volume":"12","author":"D Bernhard","year":"2013","unstructured":"Bernhard, D., Fuchsbauer, G., Ghadafi, E., Smart, N., Warinschi, B.: Anonymous attestation with user-controlled linkability. Int. J. Inf. Secur. 12(3), 219\u2013249 (2013)","journal-title":"Int. J. Inf. Secur."},{"key":"15_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"518","DOI":"10.1007\/978-3-642-38980-1_33","volume-title":"Applied Cryptography and Network Security","author":"D Bernhard","year":"2013","unstructured":"Bernhard, D., Fuchsbauer, G., Ghadafi, E.: Efficient signatures of knowledge and DAA in the standard model. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 518\u2013533. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-38980-1_33"},{"key":"15_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/BFb0054122","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201998","author":"M Blaze","year":"1998","unstructured":"Blaze, M., Bleumer, G., Strauss, M.: Divertible protocols and atomic proxy cryptography. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 127\u2013144. Springer, Heidelberg (1998). doi:10.1007\/BFb0054122"},{"issue":"4","key":"15_CR12","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D Boneh","year":"2004","unstructured":"Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. J. Crypt. 17(4), 297\u2013319 (2004)","journal-title":"J. Crypt."},{"key":"15_CR13","doi-asserted-by":"crossref","DOI":"10.7551\/mitpress\/5931.001.0001","volume-title":"Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy","author":"S Brands","year":"2000","unstructured":"Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)"},{"key":"15_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/3-540-48329-2_26","volume-title":"Advances in Cryptology \u2014 CRYPTO 1993","author":"S Brands","year":"1994","unstructured":"Brands, S.: Untraceable off-line cash in wallet with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302\u2013318. Springer, Heidelberg (1994). doi:10.1007\/3-540-48329-2_26"},{"doi-asserted-by":"crossref","unstructured":"Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: CCS 2004 (2004)","key":"15_CR15","DOI":"10.1145\/1030083.1030103"},{"key":"15_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"166","DOI":"10.1007\/978-3-540-68979-9_13","volume-title":"Trusted Computing - Challenges and Applications","author":"E Brickell","year":"2008","unstructured":"Brickell, E., Chen, L., Li, J.: A new direct anonymous attestation scheme from bilinear maps. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 166\u2013178. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-68979-9_13"},{"issue":"5","key":"15_CR17","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/s10207-009-0076-3","volume":"8","author":"E Brickell","year":"2009","unstructured":"Brickell, E., Chen, L., Li, J.: Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. Int. J. Inf. Secur. 8(5), 315\u2013330 (2009)","journal-title":"Int. J. Inf. Secur."},{"doi-asserted-by":"crossref","unstructured":"Brickell, E., Li, J.: A pairing-based DAA scheme further reducing TPM resources. Cryptology ePrint Archive, Report 2010\/067 (2010)","key":"15_CR18","DOI":"10.1007\/978-3-642-13869-0_12"},{"issue":"1","key":"15_CR19","first-page":"3","volume":"1","author":"E Brickell","year":"2011","unstructured":"Brickell, E., Li, J.: Enhanced privacy ID from bilinear pairing for hardware authentication and attestation. Int. J. Inf. Priv. Secur. Integr. 1(1), 3\u201333 (2011)","journal-title":"Int. J. Inf. Priv. Secur. Integr."},{"key":"15_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-46877-3_1","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1990","author":"MVD Burmester","year":"1991","unstructured":"Burmester, M.V.D., Desmedt, Y.: All languages in NP have divertible zero-knowledge proofs and arguments under cryptographic assumptions. In: Damg\u00e5rd, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 1\u201310. Springer, Heidelberg (1991). doi:10.1007\/3-540-46877-3_1"},{"unstructured":"Camenisch, J., Drijvers, M., Edgington, A., Lehmann, A., Lindemann, R., Urian, R.: FIDO ECDAA algorithm, implementation draft. https:\/\/fidoalliance.org\/specs\/fido-uaf-v1.1-id-20170202\/fido-ecdaa-algorithm-v1.1-id-20170202.html","key":"15_CR21"},{"doi-asserted-by":"crossref","unstructured":"Camenisch, J., Chen, L., Drijvers, M., Lehmann, A., Novick, D., Urian, R.: One TPM to bind them all: fixing TPM 2.0 for provably secure anonymous attestation. In: IEEE S&P 2017 (2017)","key":"15_CR22","DOI":"10.1109\/SP.2017.22"},{"key":"15_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-319-45572-3_1","volume-title":"Trust and Trustworthy Computing","author":"J Camenisch","year":"2016","unstructured":"Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation using the strong Diffie Hellman assumption revisited. In: Franz, M., Papadimitratos, P. (eds.) Trust 2016. LNCS, vol. 9824, pp. 1\u201320. Springer, Cham (2016). doi:10.1007\/978-3-319-45572-3_1"},{"doi-asserted-by":"crossref","unstructured":"Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation with subverted TPMs. Cryptology ePrint Archive, Report 2017\/200 (2017)","key":"15_CR24","DOI":"10.1007\/978-3-319-63697-9_15"},{"key":"15_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1007\/978-3-662-49387-8_10","volume-title":"Public-Key Cryptography \u2013 PKC 2016","author":"J Camenisch","year":"2016","unstructured":"Camenisch, J., Drijvers, M., Lehmann, A.: Universally composable direct anonymous attestation. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9615, pp. 234\u2013264. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-49387-8_10"},{"key":"15_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1007\/978-3-642-01001-9_25","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"J Camenisch","year":"2009","unstructured":"Camenisch, J., Kiayias, A., Yung, M.: On the portability of generalized schnorr proofs. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 425\u2013442. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-01001-9_25"},{"doi-asserted-by":"crossref","unstructured":"Camenisch, J., Lehmann, A.: (Un)linkable pseudonyms for governmental databases. In: CCS 2015 (2015)","key":"15_CR27","DOI":"10.1145\/2810103.2813658"},{"key":"15_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-540-45146-4_8","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"J Camenisch","year":"2003","unstructured":"Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126\u2013144. Springer, Heidelberg (2003). doi:10.1007\/978-3-540-45146-4_8"},{"key":"15_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"410","DOI":"10.1007\/BFb0052252","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201997","author":"J Camenisch","year":"1997","unstructured":"Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410\u2013424. Springer, Heidelberg (1997). doi:10.1007\/BFb0052252"},{"unstructured":"Canetti, R.: Universally composable signature, certification, and authentication. In: CSFW 2004 (2004)","key":"15_CR30"},{"doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000\/067 (2000)","key":"15_CR31","DOI":"10.1109\/SFCS.2001.959888"},{"key":"15_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1007\/978-3-642-32928-9_16","volume-title":"Security and Cryptography for Networks","author":"R Canetti","year":"2012","unstructured":"Canetti, R., Vald, M.: Universally composable security with local adversaries. In: Visconti, I., Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 281\u2013301. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-32928-9_16"},{"issue":"2","key":"15_CR33","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1038\/scientificamerican0892-96","volume":"267","author":"D Chaum","year":"1992","unstructured":"Chaum, D.: Achieving electronic privacy. Sci. Am. 267(2), 96\u2013101 (1992)","journal-title":"Sci. Am."},{"key":"15_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/3-540-48071-4_7","volume-title":"Advances in Cryptology \u2014 CRYPTO 1992","author":"D Chaum","year":"1993","unstructured":"Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89\u2013105. Springer, Heidelberg (1993). doi:10.1007\/3-540-48071-4_7"},{"issue":"2","key":"15_CR35","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/s10623-009-9334-7","volume":"55","author":"S Chatterjee","year":"2010","unstructured":"Chatterjee, S., Hankerson, D., Knapp, E., Menezes, A.: Comparing two pairing-based aggregate signature schemes. Des. Codes Crypt. 55(2), 141\u2013167 (2010)","journal-title":"Des. Codes Crypt."},{"key":"15_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"350","DOI":"10.1007\/978-3-642-16342-5_26","volume-title":"Information Security and Cryptology","author":"L Chen","year":"2010","unstructured":"Chen, L.: A DAA scheme requiring less TPM resources. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 350\u2013365. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-16342-5_26"},{"key":"15_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-85538-5_1","volume-title":"Pairing-Based Cryptography \u2013 Pairing 2008","author":"L Chen","year":"2008","unstructured":"Chen, L., Morrissey, P., Smart, N.P.: Pairings in trusted computing. In: Galbraith, S.D., Paterson, K.G. (eds.) Pairing 2008. LNCS, vol. 5209, pp. 1\u201317. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-85538-5_1"},{"key":"15_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/978-3-642-12510-2_16","volume-title":"Smart Card Research and Advanced Application","author":"L Chen","year":"2010","unstructured":"Chen, L., Page, D., Smart, N.P.: On the design and implementation of an efficient DAA scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223\u2013237. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-12510-2_16"},{"key":"15_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"844","DOI":"10.1007\/978-3-662-53887-6_31","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"R Chen","year":"2016","unstructured":"Chen, R., Mu, Y., Yang, G., Susilo, W., Guo, F., Zhang, M.: Cryptographic reverse firewall via malleable smooth projective hash functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 844\u2013876. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53887-6_31"},{"issue":"12","key":"15_CR40","first-page":"43","volume":"3","author":"X Chen","year":"2008","unstructured":"Chen, X., Feng, D.: Direct anonymous attestation for next generation TPM. J. Comput. 3(12), 43\u201350 (2008)","journal-title":"J. Comput."},{"unstructured":"Costan, V., Devadas, S.: Intel SGX explained. Cryptology ePrint Archive, Report 2016\/086 (2016)","key":"15_CR41"},{"key":"15_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1007\/3-540-48285-7_29","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1993","author":"RJF Cramer","year":"1994","unstructured":"Cramer, R.J.F., Pedersen, T.P.: Improved privacy in wallets with observers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 329\u2013343. Springer, Heidelberg (1994). doi:10.1007\/3-540-48285-7_29"},{"key":"15_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-662-53018-4_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"Y Dodis","year":"2016","unstructured":"Dodis, Y., Mironov, I., Stephens-Davidowitz, N.: Message transmission with reverse firewalls\u2014secure communication on corrupted machines. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 341\u2013372. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53018-4_13"},{"key":"15_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology","author":"T ElGamal","year":"1985","unstructured":"ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10\u201318. Springer, Heidelberg (1985). doi:10.1007\/3-540-39568-7_2"},{"key":"15_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology \u2014 CRYPTO 1986","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987). doi:10.1007\/3-540-47721-7_12"},{"key":"15_CR46","volume-title":"No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State","author":"G Greenwald","year":"2014","unstructured":"Greenwald, G.: No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. Metropolitan Books, New York (2014)"},{"key":"15_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"415","DOI":"10.1007\/978-3-540-78967-3_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"J Groth","year":"2008","unstructured":"Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415\u2013432. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-78967-3_24"},{"key":"15_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-662-53641-4_15","volume-title":"Theory of Cryptography","author":"C Hazay","year":"2016","unstructured":"Hazay, C., Polychroniadou, A., Venkitasubramaniam, M.: Composable security in the tamper-proof hardware model under minimal complexity. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9985, pp. 367\u2013399. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53641-4_15"},{"unstructured":"International Organization for Standardization: ISO\/IEC 20008\u20132: Information Technology - Security Techniques - Anonymous Digital Signatures - Part 2: Mechanisms Using a Group Public Key (2013)","key":"15_CR49"},{"unstructured":"International Organization for Standardization: ISO\/IEC 11889: Information Technology - Trusted Platform Module Library (2015)","key":"15_CR50"},{"key":"15_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/978-3-540-72540-4_7","volume-title":"Advances in Cryptology - EUROCRYPT 2007","author":"J Katz","year":"2007","unstructured":"Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115\u2013128. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-72540-4_7"},{"key":"15_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/978-3-540-28628-8_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"J Katz","year":"2004","unstructured":"Katz, J., Ostrovsky, R.: Round-optimal secure two-party computation. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 335\u2013354. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-28628-8_21"},{"key":"15_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"657","DOI":"10.1007\/978-3-662-46803-6_22","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"I Mironov","year":"2015","unstructured":"Mironov, I., Stephens-Davidowitz, N.: Cryptographic reverse firewalls. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 657\u2013686. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46803-6_22"},{"key":"15_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/3-540-46885-4_16","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1989","author":"T Okamoto","year":"1990","unstructured":"Okamoto, T., Ohta, K.: Divertible zero knowledge interactive proofs and commutative random self-reducibility. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 134\u2013149. Springer, Heidelberg (1990). doi:10.1007\/3-540-46885-4_16"},{"key":"15_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/3-540-48910-X_16","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1999","author":"P Paillier","year":"1999","unstructured":"Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223\u2013238. Springer, Heidelberg (1999). doi:10.1007\/3-540-48910-X_16"},{"unstructured":"Perlroth, N., Larson, J., Shane, S.: N.S.A. able to foil basic safeguards of privacy on web. The New York Times, September 2013","key":"15_CR56"},{"key":"15_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-662-53890-6_2","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"A Russell","year":"2016","unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Cliptography: clipping the power of kleptographic attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 34\u201364. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53890-6_2"},{"unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.: Destroying steganography via amalgamation: kleptographically CPA secure public key encryption. Cryptology ePrint Archive, Report 2016\/530 (2016)","key":"15_CR58"},{"unstructured":"Trusted Computing Group: TPM main specification version 1.2 (2004)","key":"15_CR59"},{"unstructured":"Trusted Computing Group: Trusted platform module library specification, family \u201c2.0\u201d (2014)","key":"15_CR60"},{"doi-asserted-by":"crossref","unstructured":"Yao, A.C.C.: Protocols for secure computations (extended abstract). In: FOCS 1982 (1982)","key":"15_CR61","DOI":"10.1109\/SFCS.1982.38"},{"key":"15_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/3-540-69053-0_6","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1997","author":"A Young","year":"1997","unstructured":"Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62\u201374. Springer, Heidelberg (1997). doi:10.1007\/3-540-69053-0_6"},{"key":"15_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1007\/BFb0052241","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201997","author":"A Young","year":"1997","unstructured":"Young, A., Yung, M.: The prevalence of kleptographic attacks on discrete-log based cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 264\u2013276. Springer, Heidelberg (1997). doi:10.1007\/BFb0052241"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-63697-9_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T20:08:13Z","timestamp":1710360493000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-63697-9_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319636962","9783319636979"],"references-count":63,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-63697-9_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"2 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iacr.org\/conferences\/crypto2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}