{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,27]],"date-time":"2025-10-27T20:33:39Z","timestamp":1761597219453,"version":"3.37.3"},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540206804"},{"type":"electronic","value":"9783540245971"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003]]},"DOI":"10.1007\/978-3-540-24597-1_1","type":"book-chapter","created":{"date-parts":[[2010,7,29]],"date-time":"2010-07-29T07:39:20Z","timestamp":1280389160000},"page":"1-12","source":"Crossref","is-referenced-by-count":24,"title":["A Cryptographically Sound Security Proof of the Needham-Schroeder-Lowe Public-Key Protocol"],"prefix":"10.1007","author":[{"given":"Michael","family":"Backes","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Birgit","family":"Pfitzmann","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"1","key":"1_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1006\/inco.1998.2740","volume":"148","author":"M. Abadi","year":"1999","unstructured":"Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation\u00a0148(1), 1\u201370 (1999)","journal-title":"Information and Computation"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1007\/3-540-45500-0_4","volume-title":"Theoretical Aspects of Computer Software","author":"M. Abadi","year":"2001","unstructured":"Abadi, M., J\u00fcrjens, J.: Formal eavesdropping and its computational interpretation. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol.\u00a02215, pp. 82\u201394. Springer, Heidelberg (2001)"},{"issue":"2","key":"1_CR3","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1007\/s00145-001-0014-7","volume":"15","author":"M. Abadi","year":"2002","unstructured":"Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology\u00a015(2), 103\u2013127 (2002)","journal-title":"Journal of Cryptology"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"675","DOI":"10.1007\/3-540-36494-3_59","volume-title":"STACS 2003","author":"M. Backes","year":"2003","unstructured":"Backes, M., Jacobi, C.: Cryptographically sound and machine-assisted verification of security protocols. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol.\u00a02607, pp. 675\u2013686. Springer, Heidelberg (2003)"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Backes, M., Pfitzmann, B.: A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol. IACR Cryptology ePrint Archive 2003\/121 (June 2003), http:\/\/eprint.iacr.org\/","DOI":"10.1007\/978-3-540-24597-1_1"},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"Backes, M., Pfitzmann, B., Waidner, M.: A universally composable cryptographic library. IACR Cryptology ePrint Archive 2003\/015 (January 2003), http:\/\/eprint.iacr.org\/","DOI":"10.1145\/948138.948140"},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1007\/BFb0055718","volume-title":"Advances in Cryptology - CRYPTO \u201998","author":"M. Bellare","year":"1998","unstructured":"Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 26\u201345. Springer, Heidelberg (1998)"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology - CRYPTO \u201993","author":"M. Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In Advances in Cryptology. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol.\u00a0773, pp. 232\u2013249. Springer, Heidelberg (1994)"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Burrows, M., Abadi, M., Needham, R.: A logic for authentication. Technical Report 39, SRC DIGITAL (1990)","DOI":"10.1145\/74850.74852"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security:A new paradigm for cryptographic protocols. In: Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136\u2013145 (2001)","DOI":"10.1109\/SFCS.2001.959888"},{"issue":"2","key":"1_CR11","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D. Dolev","year":"1983","unstructured":"Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory\u00a029(2), 198\u2013208 (1983)","journal-title":"IEEE Transactions on Information Theory"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game \u2013 or \u2013 a completeness theorem for protocols with honest majority. In: Proc. 19th Annual ACM Symposium on Theory of Computing (STOC), pp. 218\u2013229 (1987)","DOI":"10.1145\/28395.28420"},{"key":"1_CR13","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1016\/0022-0000(84)90070-9","volume":"28","author":"S. Goldwasser","year":"1984","unstructured":"Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences\u00a028, 270\u2013299 (1984)","journal-title":"Journal of Computer and System Sciences"},{"issue":"1","key":"1_CR14","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1137\/0218012","volume":"18","author":"S. Goldwasser","year":"1989","unstructured":"Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing\u00a018(1), 186\u2013207 (1989)","journal-title":"SIAM Journal on Computing"},{"issue":"4","key":"1_CR15","doi-asserted-by":"publisher","first-page":"448","DOI":"10.1109\/49.17707","volume":"7","author":"R. Kemmerer","year":"1989","unstructured":"Kemmerer, R.: Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications\u00a07(4), 448\u2013457 (1989)","journal-title":"IEEE Journal on Selected Areas in Communications"},{"issue":"3","key":"1_CR16","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1016\/0020-0190(95)00144-2","volume":"56","author":"G. Lowe","year":"1995","unstructured":"Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters\u00a056(3), 131\u2013135 (1995)","journal-title":"Information Processing Letters"},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1007\/3-540-61042-1_43","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"G. Lowe","year":"1996","unstructured":"Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol.\u00a01055, pp. 147\u2013166. Springer, Heidelberg (1996)"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Meadows, C.: Using narrowing in the analysis of key management protocols. In: Proc. 10th IEEE Symposium on Security & Privacy, pp. 138\u2013147 (1989)","DOI":"10.1109\/SECPRI.1989.36288"},{"key":"1_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"351","DOI":"10.1007\/3-540-61770-1_46","volume-title":"Computer Security - ESORICS 96","author":"C. Meadows","year":"1996","unstructured":"Meadows, C.: Analyzing the Needham-Schroeder public key protocol: A comparison of two approaches. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol.\u00a01146, pp. 351\u2013364. Springer, Heidelberg (1996)"},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Millen, J.K.: The interrogator: A tool for cryptographic protocol security. In: Proc. 5th IEEE Symposium on Security & Privacy, pp. 134\u2013141 (1984)","DOI":"10.1109\/SP.1984.10003"},{"issue":"21","key":"1_CR21","doi-asserted-by":"publisher","first-page":"993","DOI":"10.1145\/359657.359659","volume":"12","author":"R. Needham","year":"1978","unstructured":"Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communications of the ACM\u00a012(21), 993\u2013999 (1978)","journal-title":"Communications of the ACM"},{"issue":"1","key":"1_CR22","first-page":"85","volume":"6","author":"L. Paulson","year":"1998","unstructured":"Paulson, L.: The inductive approach to verifying cryptographic protocols. Journal of Cryptology\u00a06(1), 85\u2013128 (1998)","journal-title":"Journal of Cryptology"},{"key":"1_CR23","unstructured":"Pfitzmann, B., Schunter, M., Waidner, M.: Provably secure certified mail. Research Report RZ 3207, IBM Research (2000), http:\/\/www.zurich.ibm.com\/security\/publications\/"},{"key":"1_CR24","doi-asserted-by":"crossref","unstructured":"Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proc. 22nd IEEE Symposium on Security & Privacy, pp. 184\u2013200 (2001)","DOI":"10.1109\/SECPRI.2001.924298"},{"key":"1_CR25","doi-asserted-by":"crossref","unstructured":"Schneider, S.: Verifying authentication protocols with CSP. In: Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pp. 3\u201317 (1997)","DOI":"10.1109\/CSFW.1997.596775"},{"issue":"3","key":"1_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/230908.230911","volume":"30","author":"P. Syverson","year":"1996","unstructured":"Syverson, P.: A new look at an old protocol. Operation Systems Review\u00a030(3), 1\u20134 (1996)","journal-title":"Operation Systems Review"},{"key":"1_CR27","doi-asserted-by":"crossref","unstructured":"Thayer Fabrega, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Why is a security protocol correct? In: Proc. 19th IEEE Symposium on Security & Privacy, pp. 160\u2013171 (1998)","DOI":"10.21236\/ADA459060"},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Warinschi, B.: Acomputational analysis of the Needham-Schroeder-(Lowe) protocol. In: Proc. 16th IEEE Computer Security Foundations Workshop (CSFW), pp. 248\u2013262 (2003)","DOI":"10.1109\/CSFW.2003.1212717"}],"container-title":["Lecture Notes in Computer Science","FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-24597-1_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,23]],"date-time":"2025-02-23T15:20:51Z","timestamp":1740324051000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-24597-1_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003]]},"ISBN":["9783540206804","9783540245971"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-24597-1_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2003]]}}}