{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T14:18:34Z","timestamp":1772893114396,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642103650","type":"print"},{"value":"9783642103667","type":"electronic"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-10366-7_14","type":"book-chapter","created":{"date-parts":[[2009,11,30]],"date-time":"2009-11-30T22:08:44Z","timestamp":1259618924000},"page":"232-249","source":"Crossref","is-referenced-by-count":101,"title":["Hedged Public-Key Encryption: How to Protect against Bad Randomness"],"prefix":"10.1007","author":[{"given":"Mihir","family":"Bellare","sequence":"first","affiliation":[]},{"given":"Zvika","family":"Brakerski","sequence":"additional","affiliation":[]},{"given":"Moni","family":"Naor","sequence":"additional","affiliation":[]},{"given":"Thomas","family":"Ristenpart","sequence":"additional","affiliation":[]},{"given":"Gil","family":"Segev","sequence":"additional","affiliation":[]},{"given":"Hovav","family":"Shacham","sequence":"additional","affiliation":[]},{"given":"Scott","family":"Yilek","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"14_CR1","series-title":"Lecture Notes in Computer Science","volume-title":"Topics in Cryptology - CT-RSA 2001","author":"M. Abdalla","year":"2001","unstructured":"Abdalla, M., Bellare, M., Rogaway, P.: The oracle diffie-hellman assumptions and an analysis of dhies. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol.\u00a02020, Springer, Heidelberg (2001)"},{"key":"14_CR2","unstructured":"Abeni, P., Bello, L., Bertacchini, M.: Exploiting DSA-1571: How to break PFS in SSL with EDH (July 2008), \n                    \n                      http:\/\/www.lucianobello.com.ar\/exploiting_DSA-1571\/index.html"},{"key":"14_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"499","DOI":"10.1007\/3-540-45022-X_42","volume-title":"Automata, Languages and Programming","author":"O. Baudron","year":"2000","unstructured":"Baudron, O., Pointcheval, D., Stern, J.: Extended notions of security for multicast public key cryptosystems. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol.\u00a01853, p. 499. Springer, Heidelberg (2000)"},{"key":"14_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/3-540-45682-1_33","volume-title":"Advances in Cryptology - ASIACRYPT 2001","author":"M. Bellare","year":"2001","unstructured":"Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D.: Key-privacy in public-key encryption. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol.\u00a02248, p. 566. Springer, Heidelberg (2001)"},{"key":"14_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/3-540-45539-6_18","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"M. Bellare","year":"2000","unstructured":"Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: Security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, p. 259. Springer, Heidelberg (2000)"},{"key":"14_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"535","DOI":"10.1007\/978-3-540-74143-5_30","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"M. Bellare","year":"2007","unstructured":"Bellare, M., Boldyreva, A., O\u2019Neill, A.: Deterministic and efficiently searchable encryption. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol.\u00a04622, pp. 535\u2013552. Springer, Heidelberg (2007)"},{"key":"14_CR7","doi-asserted-by":"crossref","unstructured":"Bellare, M., Brakerski, Z., Naor, M., Ristenpart, T., Segev, G., Shacham, H., Yilek, S.: Hedged public-key encryption: How to protect against bad randomness. IACR ePrint Archive (2009), Full Version of this paper","DOI":"10.1007\/978-3-642-10366-7_14"},{"key":"14_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"360","DOI":"10.1007\/978-3-540-85174-5_20","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"M. Bellare","year":"2008","unstructured":"Bellare, M., Fischlin, M., O\u2019Neill, A., Ristenpart, T.: Deterministic encryption: Definitional equivalences and constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol.\u00a05157, pp. 360\u2013378. Springer, Heidelberg (2008)"},{"key":"14_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M. Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The Security of Triple Encryption and a Framework\u00a0for\u00a0Code-Based\u00a0Game-Playing\u00a0Proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol.\u00a04004, pp. 409\u2013426. Springer, Heidelberg (2006)"},{"key":"14_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology - EUROCRYPT \u201994","author":"M. Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal asymmetric encryption \u2013 how to encrypt with RSA. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol.\u00a0950, pp. 92\u2013111. Springer, Heidelberg (1995)"},{"key":"14_CR11","volume-title":"FOCS 1982","author":"M. Blum","year":"1982","unstructured":"Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo random bits. In: FOCS 1982. IEEE, Los Alamitos (1982)"},{"key":"14_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1007\/978-3-540-85174-5_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"A. Boldyreva","year":"2008","unstructured":"Boldyreva, A., Fehr, S., O\u2019Neill, A.: On notions of security for deterministic encryption, and efficient constructions without random oracles. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol.\u00a05157, pp. 335\u2013359. Springer, Heidelberg (2008)"},{"key":"14_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/3-540-44647-8_17","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"D. Boneh","year":"2001","unstructured":"Boneh, D.: Simplified OAEP for the RSA and Rabin functions. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, p. 275. Springer, Heidelberg (2001)"},{"key":"14_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-70936-7_1","volume-title":"Theory of Cryptography","author":"C. Bosley","year":"2007","unstructured":"Bosley, C., Dodis, Y.: Does privacy require true randomness? In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol.\u00a04392, pp. 1\u201320. Springer, Heidelberg (2007)"},{"key":"14_CR15","unstructured":"Brown, D.R.: A weak randomizer attack on RSA-OAEP with e=3. IACR ePrint Archive (2005)"},{"key":"14_CR16","volume-title":"FOCS 2004","author":"Y. Dodis","year":"2004","unstructured":"Dodis, Y., Ong, S.J., Prabhakaran, M., Sahai, A.: On the (im)possibility of cryptography with imperfect randomness. In: FOCS 2004. IEEE, Los Alamitos (2004)"},{"issue":"1","key":"14_CR17","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1137\/060651380","volume":"38","author":"Y. Dodis","year":"2008","unstructured":"Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. SIAM Journal of Computing\u00a038(1), 97\u2013139 (2008)","journal-title":"SIAM Journal of Computing"},{"key":"14_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"556","DOI":"10.1007\/978-3-540-30576-7_30","volume-title":"Theory of Cryptography","author":"Y. Dodis","year":"2005","unstructured":"Dodis, Y., Smith, A.: Entropic security and the encryption of high entropy messages. In: Kilian, J. (ed.) TCC 2005. LNCS, vol.\u00a03378, pp. 556\u2013577. Springer, Heidelberg (2005)"},{"key":"14_CR19","volume-title":"CCS 2007","author":"L. Dorrendorf","year":"2007","unstructured":"Dorrendorf, L., Gutterman, Z., Pinkas, B.: Cryptanalysis of the windows random number generator. In: CCS 2007. ACM, New York (2007)"},{"key":"14_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-49162-7_5","volume-title":"Public Key Cryptography","author":"E. Fujisaki","year":"1999","unstructured":"Fujisaki, E., Okamoto, T.: How to enhance the security of public-key encryption at minimum cost. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol.\u00a01560, Springer, Heidelberg (1999)"},{"key":"14_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/3-540-39568-7_2","volume-title":"Advances in Cryptology","author":"T. El Gamal","year":"1985","unstructured":"El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol.\u00a0196, pp. 10\u201318. Springer, Heidelberg (1985)"},{"key":"14_CR22","unstructured":"Goldberg, I., Wagner, D.: Randomness in the Netscape browser. Dr. Dobb\u2019s Journal (January 1996)"},{"issue":"2","key":"14_CR23","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1016\/0022-0000(84)90070-9","volume":"28","author":"S. Goldwasser","year":"1984","unstructured":"Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences\u00a028(2), 270\u2013299 (1984)","journal-title":"Journal of Computer and System Sciences"},{"key":"14_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1007\/978-3-540-30574-3_5","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"Z. Gutterman","year":"2005","unstructured":"Gutterman, Z., Malkhi, D.: Hold your sessions: An attack on Java session-id generation. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol.\u00a03376, pp. 44\u201357. Springer, Heidelberg (2005)"},{"key":"14_CR25","doi-asserted-by":"crossref","unstructured":"Gutterman, Z., Pinkas, B., Reinman, T.: Analysis of the linux random number generator. In: IEEE Symposium on Security and Privacy, pp. 371\u2013385 (2006)","DOI":"10.1109\/SP.2006.5"},{"key":"14_CR26","volume-title":"STOC 1989","author":"R. Impagliazzo","year":"1989","unstructured":"Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: STOC 1989. ACM, New York (1989)"},{"key":"14_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/978-3-540-71039-4_19","volume-title":"Fast Software Encryption","author":"S. Kamara","year":"2008","unstructured":"Kamara, S., Katz, J.: How to encrypt with a malicious random number generator. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol.\u00a05086, pp. 303\u2013315. Springer, Heidelberg (2008)"},{"key":"14_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"421","DOI":"10.1007\/3-540-38424-3_31","volume-title":"Advances in Cryptology - CRYPTO \u201990","author":"J.L. McInnes","year":"1991","unstructured":"McInnes, J.L., Pinkas, B.: On the impossibility of private key cryptography with weakly random keys. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol.\u00a0537, pp. 421\u2013435. Springer, Heidelberg (1991)"},{"key":"14_CR29","unstructured":"Mueller, M.: Debian OpenSSL predictable PRNG bruteforce SSH exploit (May 2008), \n                    \n                      http:\/\/milw0rm.com\/exploits\/5622"},{"key":"14_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-642-01001-9_17","volume-title":"EUROCRYPT 2009","author":"K. Ouafi","year":"2009","unstructured":"Ouafi, K., Vaudenay, S.: Smashing SQUASH-0. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol.\u00a05479, pp. 134\u2013152. Springer, Heidelberg (2009)"},{"key":"14_CR31","volume-title":"STOC 2008","author":"C. Peikert","year":"2008","unstructured":"Peikert, C., Waters, B.: Lossy trapdoor functions and their applications. In: STOC 2008. ACM, New York (2008)"},{"key":"14_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"348","DOI":"10.1007\/978-3-540-25937-4_22","volume-title":"Fast Software Encryption","author":"P. Rogaway","year":"2004","unstructured":"Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol.\u00a03017, pp. 348\u2013359. Springer, Heidelberg (2004)"},{"key":"14_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P. Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol.\u00a04004, pp. 373\u2013390. Springer, Heidelberg (2006)"},{"key":"14_CR34","unstructured":"Rosen, A., Segev, G.: Efficient lossy trapdoor functions based on the composite residuosity assumption. Cryptology ePrint Archive, Report 2008\/134 (2008)"},{"key":"14_CR35","unstructured":"Waters, B.: Personal Communication to Hovav Shacham (December 2008)"},{"key":"14_CR36","volume-title":"IMC 2009","author":"S. Yilek","year":"2009","unstructured":"Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public: Results from the 2008 Debian OpenSSL vulnerability. In: IMC 2009. ACM, New York (to appear, 2009)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2009"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-10366-7_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T12:53:05Z","timestamp":1558270385000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-10366-7_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642103650","9783642103667"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-10366-7_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}