{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T03:15:41Z","timestamp":1773717341579,"version":"3.50.1"},"reference-count":29,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2017,2,13]],"date-time":"2017-02-13T00:00:00Z","timestamp":1486944000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"funder":[{"name":"ETH Research Grant ETH-30 09-3"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2018,3]]},"DOI":"10.1007\/s10623-017-0337-5","type":"journal-article","created":{"date-parts":[[2017,2,13]],"date-time":"2017-02-13T07:00:27Z","timestamp":1486969227000},"page":"481-516","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Strengthening the security of authenticated key exchange against bad randomness"],"prefix":"10.1007","volume":"86","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7220-6970","authenticated-orcid":false,"given":"Mich\u00e8le","family":"Feltz","sequence":"first","affiliation":[]},{"given":"Cas","family":"Cremers","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,2,13]]},"reference":[{"key":"337_CR1","unstructured":"Debian, Debian Security Advisory DSA-1571-1 openssl\u2014predictable random number generator. http:\/\/www.debian.org\/security\/2008\/dsa-1571 . Accessed 05 Nov 2013."},{"key":"337_CR2","doi-asserted-by":"crossref","unstructured":"Lenstra A., Hughes J., Augier M., Bos J., Kleinjung T., Wachter C.: Public keys. In: Advances in Cryptology (Crypto 2012). LNCS, vol. 7417, pp. 626\u2013642. Springer, Heidelberg (2012).","DOI":"10.1007\/978-3-642-32009-5_37"},{"key":"337_CR3","unstructured":"Marvin R.: Google admits an Android crypto PRNG flaw led to Bitcoin heist (2013). http:\/\/sdt.bz\/64008 Accessed 01 Oct 2013."},{"key":"337_CR4","unstructured":"Perlroth N., Larson J., Shane S.: N.S.A. able to foil basic safeguards of privacy on web. The New York Times (2013)."},{"key":"337_CR5","unstructured":"Koblitz N., Menezes A.: The random oracle model: a twenty-year retrospective. Cryptology ePrint Archive, Report 2015\/140 (2015). http:\/\/eprint.iacr.org\/ ."},{"key":"337_CR6","unstructured":"Bernstein D.J., Lange T., Niederhagen R.: Dual EC: a standardized back door. Cryptology ePrint Archive, Report 2015\/767 (2015). http:\/\/eprint.iacr.org\/ . Accessed July 2015."},{"key":"337_CR7","doi-asserted-by":"crossref","unstructured":"Pornin T.: Deterministic usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA), RFC 6979 (2013).","DOI":"10.17487\/rfc6979"},{"key":"337_CR8","doi-asserted-by":"crossref","unstructured":"Bellare M., Brakerski Z., Naor M., Ristenpart T., Segev G., Shacham H., Yilek S.: Hedged public-key encryption: how to protect against bad randomness. In: Advances in Cryptology (ASIACRYPT 2009). LNCS, pp. 232\u2013249. Springer, Heidelberg (2009).","DOI":"10.1007\/978-3-642-10366-7_14"},{"key":"337_CR9","doi-asserted-by":"crossref","unstructured":"Yilek S.: Resettable public-key encryption: how to encrypt on a virtual machine. In: Proceedings of the 2010 International Conference on Topics in Cryptology (CT-RSA\u201910), pp. 41\u201356. Springer, Berlin (2010).","DOI":"10.1007\/978-3-642-11925-5_4"},{"key":"337_CR10","doi-asserted-by":"crossref","unstructured":"LaMacchia B., Lauter K., Mityagin A.: Stronger security of authenticated key exchange. In: Susilo W., Liu J.K., Mu Y. (eds.) ProvSec\u201907. LNCS, vol. 4784, pp. 1\u201316. Springer, Berlin (2007).","DOI":"10.1007\/978-3-540-75670-5_1"},{"key":"337_CR11","doi-asserted-by":"crossref","unstructured":"Canetti R., Krawczyk H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann B. (ed.) EUROCRYPT\u201901. LNCS, vol. 2045, pp. 453\u2013474. Springer, London (2001).","DOI":"10.1007\/3-540-44987-6_28"},{"key":"337_CR12","doi-asserted-by":"publisher","unstructured":"Yang G., Duan S., Wong D.S., Tan C.H., Wang H.: Authenticated key exchange under bad randomness. In: Proceedings of the 15th International Conference on Financial Cryptography and Data Security. FC\u201911, pp. 113\u2013126. Springer, Berlin (2012). doi: 10.1007\/978-3-642-27576-0_10 .","DOI":"10.1007\/978-3-642-27576-0_10"},{"key":"337_CR13","unstructured":"Ristenpart T., Yilek S.: When good randomness goes bad: virtual machine reset vulnerabilities and hedging deployed cryptography. In: Proceedings of the Network and Distributed System Security Symposium (NDSS\u201910) (2010)."},{"key":"337_CR14","doi-asserted-by":"crossref","unstructured":"Kamara S., Katz J.: How to encrypt with a malicious random number generator. In: Fast Software Encryption. LNCS, vol. 5086, pp. 303\u2013315. Springer, Berlin (2008).","DOI":"10.1007\/978-3-540-71039-4_19"},{"key":"337_CR15","unstructured":"Bellare M., Tackmann B.: Nonce-based cryptography: retaining security when randomness fails. Cryptology ePrint Archive, Report 2016\/290 (2016). http:\/\/eprint.iacr.org\/ ."},{"key":"337_CR16","unstructured":"Krawczyk H.: HMQV: a high-performance secure Diffie\u2013Hellman protocol. In: Shoup, V. (ed.) Advances in Cryptology (CRYPTO 2005). LNCS, vol. 3621, pp. 546\u2013566. Springer, Berlin (2005)."},{"key":"337_CR17","unstructured":"Ustaoglu B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Cryptology ePrint Archive, Report 2007\/123, 2007, version June 22 (2009)."},{"key":"337_CR18","doi-asserted-by":"publisher","unstructured":"Blake-Wilson S., Johnson D., Menezes A.: Key agreement protocols and their security analysis. In: Darnell M. (ed.) Crytography and Coding. LNCS, vol. 1355, pp. 30\u201345. Springer, Berlin (1997). doi: 10.1007\/BFb0024447 .","DOI":"10.1007\/BFb0024447"},{"issue":"1","key":"337_CR19","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1007\/s10623-013-9852-1","volume":"74","author":"C Cremers","year":"2015","unstructured":"Cremers C., Feltz M.: Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal. Des. Codes Cryptogr. 74(1), 183\u2013218 (2015).","journal-title":"Des. Codes Cryptogr."},{"key":"337_CR20","doi-asserted-by":"publisher","unstructured":"Brzuska C., Fischlin M., Warinschi B., Williams S.: Composability of Bellare-Rogaway key exchange protocols. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS\u201911). pp. 51\u201362. ACM, New York (2011). doi: 10.1145\/2046707.2046716 .","DOI":"10.1145\/2046707.2046716"},{"key":"337_CR21","doi-asserted-by":"crossref","unstructured":"Boyd C., Cremers C., Feltz M., Paterson K., Poettering B., Stebila D.: ASICS: authenticated key exchange security incorporating certification systems. In: Crampton J., Jajodia S., Mayes K. (eds.) Computer Security (ESORICS 2013). LNCS, vol. 8134, pp. 381\u2013399. Springer, Berlin (2013).","DOI":"10.1007\/978-3-642-40203-6_22"},{"key":"337_CR22","doi-asserted-by":"crossref","unstructured":"Bellare M., Rogaway P.: Entity authentication and key distribution. In: 13th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO\u201993), pp. 232\u2013249. Springer, New York (1994).","DOI":"10.1007\/3-540-48329-2_21"},{"key":"337_CR23","doi-asserted-by":"crossref","unstructured":"Bellare M., Rogaway P.: Provably secure session key distribution: the three party case. In: 27th Annual ACM Symposium on Theory of Computing (STOC\u201995), pp. 57\u201366. ACM, New York (1995).","DOI":"10.1145\/225058.225084"},{"key":"337_CR24","doi-asserted-by":"crossref","unstructured":"Bellare M., Pointcheval D., Rogaway P.: Authenticated key exchange secure against dictionary attacks. In: 19th International Conference on Theory and Application of Cryptographic Techniques (EUROCRYPT\u201900), pp. 139\u2013155. Springer, Berlin (2000).","DOI":"10.1007\/3-540-45539-6_11"},{"key":"337_CR25","doi-asserted-by":"crossref","unstructured":"Cremers C., Feltz M.: Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal. In: Proceedings of the 17th European Conference on Research in Computer Security. ESORICS. Springer, Berlin (2012).","DOI":"10.1007\/978-3-642-33167-1_42"},{"key":"337_CR26","doi-asserted-by":"crossref","unstructured":"Okamoto T., Pointcheval D.: The gap-problems: a new class of problems for the security of cryptographic schemes. In: Kim K. (ed.) PKC\u20192001. LNCS, vol. 1992, pp. 104\u2013118. Springer, Berlin (2001).","DOI":"10.1007\/3-540-44586-2_8"},{"key":"337_CR27","unstructured":"Feltz M., Cremers C.: On the limits of authenticated key exchange security with an application to bad randomness. Cryptology ePrint Archive, Report 2014\/369 (2014). http:\/\/eprint.iacr.org\/ ."},{"key":"337_CR28","doi-asserted-by":"crossref","unstructured":"Choo K.-K.R., Boyd C., Hitchcock Y.: Examining indistinguishability-based proof models for key establishment protocols. In: Advances in Cryptology\u2014ASIACRYPT 2005, 11th International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, 4\u20138 Dec 2005, Proceedings. Lecture Notes in Computer Science, vol. 3788, pp. 585\u2013604. Springer, Berlin (2005).","DOI":"10.1007\/11593447_32"},{"key":"337_CR29","unstructured":"Schneier B., Fredrikson M., Kohno T., Ristenpart T.: Surreptitiously weakening cryptographic systems. Cryptology ePrint Archive, Report 2015\/097 (2015). http:\/\/eprint.iacr.org\/ . Accessed March 2015."}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10623-017-0337-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-017-0337-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-017-0337-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,18]],"date-time":"2019-09-18T12:15:41Z","timestamp":1568808941000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10623-017-0337-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,2,13]]},"references-count":29,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2018,3]]}},"alternative-id":["337"],"URL":"https:\/\/doi.org\/10.1007\/s10623-017-0337-5","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,2,13]]}}}