{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,1]],"date-time":"2026-06-01T19:44:35Z","timestamp":1780343075044,"version":"3.54.1"},"publisher-location":"Berlin, Heidelberg","reference-count":40,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642334801","type":"print"},{"value":"9783642334818","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-33481-8_9","type":"book-chapter","created":{"date-parts":[[2012,8,22]],"date-time":"2012-08-22T09:00:27Z","timestamp":1345626027000},"page":"159-176","source":"Crossref","is-referenced-by-count":124,"title":["The Security Impact of a New Cryptographic Library"],"prefix":"10.1007","author":[{"given":"Daniel J.","family":"Bernstein","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tanja","family":"Lange","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Peter","family":"Schwabe","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"key":"9_CR1","doi-asserted-by":"crossref","unstructured":"Albrecht, M.R., Paterson, K.G., Watson, G.J.: Plaintext recovery attacks against SSH. In: Evans, D., Myers, A. (eds.) 2009 IEEE Symposium on Security and Privacy, Proceedings, pp. 16\u201326. IEEE Computer Society (2009), \n \n http:\/\/www.isg.rhul.ac.uk\/~kp\/SandPfinal.pdf","DOI":"10.1109\/SP.2009.5"},{"key":"9_CR2","unstructured":"Alfardan, N.J., Paterson, K.G.: Plaintext-recovery attacks against datagram TLS. In: NDSS 2012 (to appear, 2012), \n \n http:\/\/www.isg.rhul.ac.uk\/~kp\/dtls.pdf"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Bacelar Almeida, J., Barbosa, M., Pinto, J.S., Vieira, B.: Formal verification of side channel countermeasures using self-composition. Science of Computer Programming (to appear), \n \n http:\/\/dx.doi.org\/10.1016\/j.scico.2011.10.008","DOI":"10.1016\/j.scico.2011.10.008"},{"key":"9_CR4","unstructured":"Apple. iPhone end user licence agreement. Copy distributed inside each iPhone 4; transcribed at \n \n http:\/\/rxt3ch.wordpress.com\/2011\/09\/27\/iphone-end-user-liscence-agreement-quick-refrence\/"},{"key":"9_CR5","unstructured":"Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management\u2014part 1: General (revised). NIST Special Publication 800-57 (2007), \n \n http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/documents\/SP800-57Part1_3-8-07.pdf"},{"key":"9_CR6","unstructured":"Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) Fast Software Encryption. LNCS, vol.\u00a03557, pp. 32\u201349. Springer (2005), \n \n http:\/\/cr.yp.to\/papers.html#poly1305"},{"key":"9_CR7","unstructured":"Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) Public Key Cryptography\u2014PKC 2006. LNCS, vol.\u00a03958, pp. 207\u2013228. Springer (2006), \n \n http:\/\/cr.yp.to\/papers.html#curve25519"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J.: The Salsa20 family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New stream cipher designs: the eSTREAM finalists. LNCS, vol.\u00a04986, pp. 84\u201397. Springer (2008), \n \n http:\/\/cr.yp.to\/papers.html#salsafamily","DOI":"10.1007\/978-3-540-68351-3_8"},{"key":"9_CR9","unstructured":"Bernstein, D.J.: DNSCurve: Usable security for DNS (2009), \n \n http:\/\/dnscurve.org\/"},{"key":"9_CR10","unstructured":"Bernstein, D.J.: CurveCP: Usable security for the Internet (2011), \n \n http:\/\/curvecp.org\/"},{"key":"9_CR11","unstructured":"Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol.\u00a06917, pp. 124\u2013142. Springer (2011), \n \n http:\/\/eprint.iacr.org\/2011\/368"},{"key":"9_CR12","unstructured":"Bernstein, D.J., Lange, T. (eds.): eBACS: ECRYPT benchmarking of cryptographic systems, \n \n http:\/\/bench.cr.yp.to"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Bernstein, D.J., Schwabe, P.: NEON crypto. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems: CHES 2012. LNCS, vol.\u00a07428, pp. 320\u2013339. Springer (2012), \n \n http:\/\/cr.yp.to\/papers.html#neoncrypto","DOI":"10.1007\/978-3-642-33027-8_19"},{"key":"9_CR14","doi-asserted-by":"crossref","unstructured":"Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS#1. In: Krawczyk, H. (ed.) Advances in Cryptology\u2014CRYPTO \u201998. LNCS, vol.\u00a01462, pp. 1\u201312. Springer (1998), \n \n http:\/\/www.bell-labs.com\/user\/bleichen\/papers\/pkcs.ps","DOI":"10.1007\/BFb0055716"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) Computer Security\u2014ESORICS 2011. LNCS, vol.\u00a06879, pp. 355\u2013371. Springer (2011), \n \n http:\/\/eprint.iacr.org\/2011\/232\/","DOI":"10.1007\/978-3-642-23822-2_20"},{"key":"9_CR16","unstructured":"\u201cBushing\u201d, Hector Martin \u201cmarcan\u201d Cantero, Boessenkool, S., Peter, S.: PS3 epic fail (2010), \n \n http:\/\/events.ccc.de\/congress\/2010\/Fahrplan\/attachments\/1780_27c3_console_hacking_2010.pdf"},{"key":"9_CR17","unstructured":"Chandramouli, R., Rose, S.: Secure domain name system (DNS) deployment guide. NIST Special Publication 800-81r1 (2010), \n \n http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-81r1\/sp-800-81r1.pdf"},{"key":"9_CR18","unstructured":"Daemen, J., Rijmen, V.: AES proposal: Rijndael, version 2 (1999), \n \n http:\/\/csrc.nist.gov\/archive\/aes\/rijndael\/Rijndael-ammended.pdf"},{"key":"9_CR19","unstructured":"Dempsky, M.: OpenDNS adopts DNSCurve, \n \n http:\/\/blog.opendns.com\/2010\/02\/23\/opendns-dnscurve\/"},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: A strengthened version of RIPEMD. In: Gollmann, D. (ed.) Fast Software Encryption. LNCS, vol.\u00a01039, pp. 71\u201382. Springer (1996)","DOI":"10.1007\/3-540-60865-6_44"},{"key":"9_CR21","unstructured":"ECRYPT. The eSTREAM project, \n \n http:\/\/www.ecrypt.eu.org\/stream\/"},{"key":"9_CR22","unstructured":"Gutmann, P.: cryptlib security toolkit, \n \n http:\/\/www.cs.auckland.ac.nz\/~pgut001\/cryptlib\/"},{"key":"9_CR23","unstructured":"Gutmann, P.: cryptlib security toolkit: version 3.4.1: user\u2019s guide and manual, \n \n ftp:\/\/ftp.franken.de\/pub\/crypt\/cryptlib\/manual.pdf"},{"key":"9_CR24","unstructured":"Josefsson, S.: Don\u2019t return different errors depending on content of decrypted PKCS#1. Commit to the GnuTLS library (2006), \n \n http:\/\/git.savannah.gnu.org\/gitweb\/?p=gnutls.git;a=commit;h=fc43c0d05ac450513b6dcb91949ab03eba49626a"},{"key":"9_CR25","unstructured":"Kaliski, B.: TWIRL and RSA key size, \n \n http:\/\/web.archive.org\/web\/20030618141458\/http:\/\/rsasecurity.com\/rsalabs\/technotes\/twirl.html"},{"key":"9_CR26","doi-asserted-by":"crossref","unstructured":"K\u00e4sper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) Cryptographic Hardware and Embedded Systems\u2014CHES 2009. LNCS, vol.\u00a05747, pp. 1\u201317. Springer (2009), \n \n http:\/\/cryptojedi.org\/papers\/#aesbs","DOI":"10.1007\/978-3-642-04138-9_1"},{"key":"9_CR27","unstructured":"Langley, A.: ctgrind\u2014checking that functions are constant time with Valgrind (2010), \n \n https:\/\/github.com\/agl\/ctgrind"},{"key":"9_CR28","doi-asserted-by":"crossref","unstructured":"Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The program counter security model: Automatic detection and removal of control-flow side channel attacks. In: Won, D., Kim, S. (eds.) Information Security and Cryptology: ICISC 2005. LNCS, vol.\u00a03935, pp. 156\u2013168. Springer (2005)","DOI":"10.1007\/11734727_14"},{"issue":"177","key":"9_CR29","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1090\/S0025-5718-1987-0866113-7","volume":"48","author":"P.L. Montgomery","year":"1987","unstructured":"Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation\u00a048(177), 243\u2013264 (1987), \n \n http:\/\/www.ams.org\/journals\/mcom\/1987-48-177\/S0025-5718-1987-0866113-7\/S0025-5718-1987-0866113-7.pdf","journal-title":"Mathematics of Computation"},{"key":"9_CR30","unstructured":"OpenSSL. OpenSSL: The open source toolkit for SSL\/TLS, \n \n http:\/\/www.openssl.org\/"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) Topics in Cryptology\u2014CT-RSA 2006. LNCS, vol.\u00a03860, pp. 1\u201320. Springer (2006)","DOI":"10.1007\/11605805_1"},{"key":"9_CR32","doi-asserted-by":"crossref","unstructured":"Shamir, A., Tromer, E.: Factoring large numbers with the TWIRL device. In: Boneh, D. (ed.) Advances in Cryptology\u2014CRYPTO 2003. LNCS, vol.\u00a02729, pp. 1\u201326. Springer (2003), \n \n http:\/\/tau.ac.il\/~tromer\/papers\/twirl.pdf","DOI":"10.1007\/978-3-540-45146-4_1"},{"key":"9_CR33","unstructured":"Smits, I.: QuickTun, \n \n http:\/\/wiki.ucis.nl\/QuickTun"},{"key":"9_CR34","unstructured":"Software in the Public Interest, Inc. Debian security advisory, DSA-1571-1 openssl\u2014predictable random number generator (2008), \n \n http:\/\/www.debian.org\/security\/2008\/dsa-1571"},{"key":"9_CR35","unstructured":"Solworth, J.A.: Ethos: an operating system which creates a culture of security, \n \n http:\/\/rites.uic.edu\/~solworth\/ethos.html"},{"key":"9_CR36","unstructured":"Sotirov, A., Stevens, M., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: MD5 considered harmful today (2008), \n \n http:\/\/www.win.tue.nl\/hashclash\/rogue-ca\/"},{"key":"9_CR37","doi-asserted-by":"crossref","unstructured":"Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collision for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) Advances in Cryptology\u2014CRYPTO 2009. LNCS, vol.\u00a05677, pp. 55\u201369. Springer (2009), \n \n http:\/\/eprint.iacr.org\/2009\/111\/","DOI":"10.1007\/978-3-642-03356-8_4"},{"key":"9_CR38","unstructured":"Tor project: Anonymity online, \n \n https:\/\/www.torproject.org\/"},{"issue":"1","key":"9_CR39","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/s00145-009-9049-y","volume":"23","author":"E. Tromer","year":"2010","unstructured":"Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. Journal of Cryptology\u00a023(1), 37\u201371 (2010)","journal-title":"Journal of Cryptology"},{"key":"9_CR40","unstructured":"Ulevitch, D.: Want to do something that matters? Then read on, \n \n http:\/\/blog.opendns.com\/2012\/02\/06\/dnscrypt-hackers-wanted\/"}],"container-title":["Lecture Notes in Computer Science","Progress in Cryptology \u2013 LATINCRYPT 2012"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-33481-8_9.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,4]],"date-time":"2021-05-04T12:12:02Z","timestamp":1620130322000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-33481-8_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642334801","9783642334818"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-33481-8_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012]]}}}