{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,19]],"date-time":"2025-09-19T08:14:34Z","timestamp":1758269674501,"version":"3.40.3"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319636962"},{"type":"electronic","value":"9783319636979"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-63697-9_16","type":"book-chapter","created":{"date-parts":[[2017,8,1]],"date-time":"2017-08-01T04:07:12Z","timestamp":1501560432000},"page":"462-494","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Hedging Public-Key Encryption in the Real World"],"prefix":"10.1007","author":[{"given":"Alexandra","family":"Boldyreva","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christopher","family":"Patton","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Shrimpton","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,8,2]]},"reference":[{"issue":"6","key":"16_CR1","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1049\/iet-ifs.2015.0500","volume":"10","author":"M Abdalla","year":"2016","unstructured":"Abdalla, M., Benhamouda, F., Pointcheval, D.: Public-key encryption indistinguishable under plaintext-checkable attacks. IET Inf. Secur. 10(6), 288\u2013303 (2016)","journal-title":"IET Inf. Secur."},{"key":"16_CR2","doi-asserted-by":"crossref","unstructured":"Acar, Y., Backes, M., Fahl, S., Garfinkel, S., Kim, D., Mazurek, M.L., Stransky, C.: Comparing the usability of cryptographic apis. In: Proceedings of the 38th IEEE Symposium on Security and Privacy (2017)","DOI":"10.1109\/SP.2017.52"},{"key":"16_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/3-540-45682-1_33","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2001","author":"M Bellare","year":"2001","unstructured":"Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 566\u2013582. Springer, Heidelberg (2001). doi:10.1007\/3-540-45682-1_33"},{"key":"16_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1007\/978-3-540-74143-5_30","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"M Bellare","year":"2007","unstructured":"Bellare, M., Boldyreva, A., O\u2019Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 535\u2013552. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-74143-5_30"},{"key":"16_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-642-10366-7_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M Bellare","year":"2009","unstructured":"Bellare, M., Brakerski, Z., Naor, M., Ristenpart, T., Segev, G., Shacham, H., Yilek, S.: Hedged public-key encryption: how to protect against bad randomness. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 232\u2013249. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-10366-7_14"},{"key":"16_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1007\/BFb0055718","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201998","author":"M Bellare","year":"1998","unstructured":"Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26\u201345. Springer, Heidelberg (1998). doi:10.1007\/BFb0055718"},{"key":"16_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1007\/978-3-662-46803-6_21","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"M Bellare","year":"2015","unstructured":"Bellare, M., Hoang, V.T.: Resisting randomness subversion: fast deterministic and hedged public-key encryption in the standard model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 627\u2013656. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46803-6_21"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: CCS 1993 Proceedings of the 1st ACM Conference on Computer and Communications Security (1993)","DOI":"10.1145\/168588.168596"},{"key":"16_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201994","author":"M Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92\u2013111. Springer, Heidelberg (1995). doi:10.1007\/BFb0053428"},{"key":"16_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework\u00a0for\u00a0code-based\u00a0game-playing\u00a0proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006). doi:10.1007\/11761679_25"},{"key":"16_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"729","DOI":"10.1007\/978-3-662-49890-3_28","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Tackmann, B.: Nonce-based cryptography: retaining security when randomness fails. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 729\u2013757. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-49890-3_28"},{"key":"16_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-642-42045-0_18","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"DJ Bernstein","year":"2013","unstructured":"Bernstein, D.J., Chang, Y.-A., Cheng, C.-M., Chou, L.-P., Heninger, N., Lange, T., Someren, N.: Factoring RSA keys from certified smart cards: Coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 341\u2013360. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-42045-0_18"},{"key":"16_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1007\/978-3-540-85174-5_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"A Boldyreva","year":"2008","unstructured":"Boldyreva, A., Fehr, S., O\u2019Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 335\u2013359. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-85174-5_19"},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Boldyreva, A., Patton, C., Shrimpton, T.: Hedging public-key encryption in the real world. Cryptology ePrint Archive, Report 2017\/510 (2017). http:\/\/eprint.iacr.org\/2017\/510","DOI":"10.1007\/978-3-319-63697-9_16"},{"key":"16_CR15","unstructured":"Brown, D.R.L.: A weak-randomizer attack on RSA-OAEP with $$e=3$$. Cryptology ePrint Archive, Report 2005\/189 (2005). http:\/\/eprint.iacr.org\/2005\/189"},{"key":"16_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"428","DOI":"10.1007\/978-3-662-46497-7_17","volume-title":"Theory of Cryptography","author":"C Brzuska","year":"2015","unstructured":"Brzuska, C., Farshim, P., Mittelbach, A.: Random-oracle uninstantiability from indistinguishability obfuscation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9015, pp. 428\u2013455. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46497-7_17"},{"key":"16_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/978-3-642-01001-9_20","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"J Camenisch","year":"2009","unstructured":"Camenisch, J., Chandran, N., Shoup, V.: A public key encryption scheme secure against key dependent chosen plaintext and adaptive chosen ciphertext attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 351\u2013368. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-01001-9_20"},{"key":"16_CR18","doi-asserted-by":"crossref","unstructured":"Checkoway, S., Maskiewicz, J., Garman, C., Fried, J., Cohney, S., Green, M., Heninger, N., Weinmann, R.P., Rescorla, E., Shacham, H.: A systematic analysis of the Juniper Dual EC incident. In: CCS 2016 Proceedings of the 23rd ACM Conference on Computer and Communications Security (2016)","DOI":"10.1145\/2976749.2978395"},{"key":"16_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-540-30576-7_11","volume-title":"Theory of Cryptography","author":"Y Dodis","year":"2005","unstructured":"Dodis, Y., Katz, J.: Chosen-ciphertext security of multiple encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 188\u2013209. Springer, Heidelberg (2005). doi:10.1007\/978-3-540-30576-7_11"},{"key":"16_CR20","doi-asserted-by":"crossref","unstructured":"Dodis, Y., Pointcheval, D., Ruhault, S., Vergniaud, D., Wichs, D.: Security analysis of pseudo-random number generators with input: \/dev\/random is not robust. In: CCS 2013 Proceedings of the 20th ACM Conference on Computer and Communications Security (2013)","DOI":"10.1145\/2508859.2516653"},{"issue":"1","key":"16_CR21","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1145\/1609956.1609966","volume":"13","author":"L Dorrendorf","year":"2009","unstructured":"Dorrendorf, L., Gutterman, Z., Pinkas, B.: Cryptanalysis of the random number generator of the windows operating system. ACM Trans. Inf. Syst. Secur. 13(1), 10 (2009)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"16_CR22","unstructured":"Duong, T., Kasper, E., Nguyen, Q.: Scaling Crypto Testing with Project Wycheproof. https:\/\/www.cs.bris.ac.uk\/Research\/CryptographySecurity\/RWC\/2017\/thai.duong.pdf"},{"key":"16_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology","author":"T ElGamal","year":"1985","unstructured":"ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10\u201318. Springer, Heidelberg (1985). doi:10.1007\/3-540-39568-7_2"},{"key":"16_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 99","author":"E Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537\u2013554. Springer, Heidelberg (1999). doi:10.1007\/3-540-48405-1_34"},{"issue":"2","key":"16_CR25","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/s00145-002-0204-y","volume":"17","author":"E Fujisaki","year":"2004","unstructured":"Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. J. Cryptol. 17(2), 81\u2013104 (2004)","journal-title":"J. Cryptol."},{"key":"16_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1007\/978-3-540-30574-3_5","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"Z Gutterman","year":"2005","unstructured":"Gutterman, Z., Malkhi, D.: Hold your sessions: an attack on java session-id generation. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 44\u201357. Springer, Heidelberg (2005). doi:10.1007\/978-3-540-30574-3_5"},{"key":"16_CR27","unstructured":"Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: USENIX 2012 Proceedings of the 21st USENIX Conference on Security Symposium (2012)"},{"key":"16_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-662-53890-6_10","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"VT Hoang","year":"2016","unstructured":"Hoang, V.T., Katz, J., O\u2019Neill, A., Zaheri, M.: Selective-opening security in the presence of randomness failures. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 278\u2013306. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53890-6_10"},{"key":"16_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1007\/978-3-642-14623-7_16","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"E Kiltz","year":"2010","unstructured":"Kiltz, E., O\u2019Neill, A., Smith, A.: Instantiability of RSA-OAEP under chosen-plaintext attack. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 295\u2013313. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-14623-7_16"},{"key":"16_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-642-36095-4_9","volume-title":"Topics in Cryptology \u2013 CT-RSA 2013","author":"K Michaelis","year":"2013","unstructured":"Michaelis, K., Meyer, C., Schwenk, J.: Randomly failed! the state of randomness in current java implementations. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 129\u2013144. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-36095-4_9"},{"key":"16_CR31","unstructured":"Mueller, M.: Debian OpenSSL predictable PRNG (2008). https:\/\/www.exploit-db.com\/exploits\/5622\/"},{"key":"16_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/978-3-642-54631-0_27","volume-title":"Public-Key Cryptography \u2013 PKC 2014","author":"KG Paterson","year":"2014","unstructured":"Paterson, K.G., Schuldt, J.C.N., Sibborn, D.L.: Related randomness attacks for public key encryption. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 465\u2013482. Springer, Heidelberg (2014). doi:10.1007\/978-3-642-54631-0_27"},{"key":"16_CR33","doi-asserted-by":"crossref","unstructured":"Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: STOC 2008 Proceedings of the 40th Annual ACM Symposium on Theory of Computing (2008)","DOI":"10.1145\/1374376.1374406"},{"key":"16_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/978-3-642-38348-9_6","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"A Raghunathan","year":"2013","unstructured":"Raghunathan, A., Segev, G., Vadhan, S.: Deterministic public-key encryption for adaptively chosen plaintext distributions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 93\u2013110. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-38348-9_6"},{"key":"16_CR35","unstructured":"Ristenpart, T., Yilek, S.: When good randomness goes bad: virtual machine reset vulnerabilities and hedging deployed cryptography. In: NDSS 2010 Proceedings of the 17th Annual Network and Distributed System Security Symposium (2010)"},{"issue":"4","key":"16_CR36","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1007\/s00145-002-0133-9","volume":"15","author":"V Shoup","year":"2002","unstructured":"Shoup, V.: OAEP reconsidered. J. Cryptol. 15(4), 223\u2013249 (2002)","journal-title":"J. Cryptol."},{"key":"16_CR37","unstructured":"Shoup, V.: ISO18033-2: An emerging standard for public-key encryption (final committee draft) (2004). http:\/\/shoup.net\/iso"},{"key":"16_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-642-11925-5_4","volume-title":"Topics in Cryptology - CT-RSA 2010","author":"S Yilek","year":"2010","unstructured":"Yilek, S.: Resettable public-key encryption: how to encrypt on a virtual machine. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 41\u201356. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-11925-5_4"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-63697-9_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T20:08:05Z","timestamp":1710360485000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-63697-9_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319636962","9783319636979"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-63697-9_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"2 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iacr.org\/conferences\/crypto2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}