{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T14:17:59Z","timestamp":1766067479647,"version":"3.37.3"},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2022,3,5]],"date-time":"2022-03-05T00:00:00Z","timestamp":1646438400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,3,5]],"date-time":"2022-03-05T00:00:00Z","timestamp":1646438400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072054","61772326"],"award-info":[{"award-number":["62072054","61772326"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61802242","61802241"],"award-info":[{"award-number":["61802242","61802241"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2022,4]]},"DOI":"10.1007\/s10623-022-01019-1","type":"journal-article","created":{"date-parts":[[2022,3,5]],"date-time":"2022-03-05T17:02:34Z","timestamp":1646499754000},"page":"921-937","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Practical algorithm substitution attack on extractable signatures"],"prefix":"10.1007","volume":"90","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0553-113X","authenticated-orcid":false,"given":"Yi","family":"Zhao","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kaitai","family":"Liang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yanqi","family":"Zhao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bo","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yang","family":"Ming","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emmanouil","family":"Panaousis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,3,5]]},"reference":[{"key":"1019_CR1","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/j.tcs.2020.03.021","volume":"820","author":"G Ateniese","year":"2020","unstructured":"Ateniese G., Magri B., Venturi D.: Subversion-resilient signatures: Definitions, constructions and applications. Theor. Comput. Sci. 820, 91\u2013122 (2020).","journal-title":"Theor. Comput. Sci."},{"key":"1019_CR2","doi-asserted-by":"publisher","first-page":"68799","DOI":"10.1109\/ACCESS.2019.2918550","volume":"7","author":"J Baek","year":"2019","unstructured":"Baek J., Susilo W., Kim J., Chow Y.W.: Subversion in practice: How to efficiently undermine signatures. IEEE Access. 7, 68799\u201368811 (2019).","journal-title":"IEEE Access."},{"key":"1019_CR3","doi-asserted-by":"crossref","unstructured":"Bellare M., Goldreich O.: On defining proofs of knowledge. In: Brickell E.F. (ed.) Advances in Cryptology\u2014CRYPTO \u201992, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16\u201320, 1992, Proceedings. Lecture Notes in Computer Science vol. 740, pp. 390\u2013420. Springer (1992)","DOI":"10.1007\/3-540-48071-4_28"},{"key":"1019_CR4","doi-asserted-by":"crossref","unstructured":"Bellare M., Rogaway P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Denning D.E., Pyle R., Ganesan R., Sandhu R.S., Ashby V, (eds.) CCS \u201993, Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, USA, November 3-5, 1993. pp. 62\u201373. ACM (1993)","DOI":"10.1145\/168588.168596"},{"key":"1019_CR5","doi-asserted-by":"crossref","unstructured":"Bellare M., Rogaway P.: The exact security of digital signatures\u2014How to sign with RSA and rabin. In Maurer UM, (ed.) Advances in Cryptology - EUROCRYPT \u201996, International Conference on the Theory and Application of Cryptographic Techniques, Saragossa, Spain, May 12\u201316, 1996, Proceeding. Lecture Notes in Computer Science, vol. 1070, pp. 399\u2013416. Springer (1996)","DOI":"10.1007\/3-540-68339-9_34"},{"key":"1019_CR6","doi-asserted-by":"crossref","unstructured":"Bellare M., Hoang V.T., Keelveedhi S.: Instantiating random oracles via uces. In: Canetti R., Garay, J.A. (eds.) Advances in Cryptology - CRYPTO 2013 - 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18\u201322, 2013. Proceedings, Part II. Lecture Notes in Computer Science, vol. 8043, pp. 398\u2013415. Springer (2013)","DOI":"10.1007\/978-3-642-40084-1_23"},{"key":"1019_CR7","doi-asserted-by":"crossref","unstructured":"Bellare M., Paterson K.\u00a0G., Rogaway P.: Security of symmetric encryption against mass surveillance. In: International Cryptology Conference (2014)","DOI":"10.1007\/978-3-662-44371-2_1"},{"key":"1019_CR8","doi-asserted-by":"crossref","unstructured":"Bitansky N., Canetti R., Paneth O., Rosen A.: On the existence of extractable one-way functions. In: Shmoys D.B. (ed.) Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31\u2013June 03, 2014. pp. 505\u2013514. ACM (2014)","DOI":"10.1145\/2591796.2591859"},{"issue":"4","key":"1019_CR9","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1007\/s00145-004-0314-9","volume":"17","author":"D Boneh","year":"2004","unstructured":"Boneh D., Lynn B., Shacham H.: Short signatures from the weil pairing. J. Cryptol. 17(4), 297\u2013319 (2004).","journal-title":"J. Cryptol."},{"key":"1019_CR10","doi-asserted-by":"crossref","unstructured":"Canetti R., Dakdouk R.R.: Towards a theory of extractable functions. In: Reingold O, (ed.) Theory of Cryptography, 6th Theory of Cryptography Conference, TCC 2009, San Francisco, CA, USA, March 15\u201317, 2009, Proceedings. Lecture Notes in Computer Science, vol. 5444, pp. 595\u2013613. Springer (2009)","DOI":"10.1007\/978-3-642-00457-5_35"},{"key":"1019_CR11","unstructured":"Chi L., Chen R., Yi W., Wan, Y.: Asymmetric subversion attacks on signature schemes. (2018)"},{"key":"1019_CR12","doi-asserted-by":"crossref","unstructured":"Crescenzo G.D.: Equivocable and extractable commitment schemes. In: Cimato S, Galdi C, Persiano G, (eds.) Security in Communication Networks, Third International Conference, SCN 2002, Amalfi, Italy, September 11\u201313, 2002. Revised Papers. Lecture Notes in Computer Science, vol. 2576, pp. 74\u201387. Springer (2002)","DOI":"10.1007\/3-540-36413-7_6"},{"key":"1019_CR13","doi-asserted-by":"crossref","unstructured":"Groth J.: On the size of pairing-based non-interactive arguments. In: Fischlin M., Coron J.-S. (eds.) Advances in Cryptology - EUROCRYPT 2016 - 35th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Vienna, Austria, May 8\u201312, 2016, Proceedings, Part II. Lecture Notes in Computer Science, vol. 9666 , pp. 305\u2013326. Springer (2016)","DOI":"10.1007\/978-3-662-49896-5_11"},{"key":"1019_CR14","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1007\/s00145-011-9102-5","volume":"25","author":"D Hofheinz","year":"2011","unstructured":"Hofheinz D., Kiltz E.: Programmable hash functions and their applications. J. Cryptol. 25, 484\u2013527 (2011).","journal-title":"J. Cryptol."},{"key":"1019_CR15","doi-asserted-by":"crossref","unstructured":"Hohenberger S., Sahai A., Waters B.: Replacing a random oracle: Full domain hash from indistinguishability obfuscation. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 201\u2013220. Springer (2014)","DOI":"10.1007\/978-3-642-55220-5_12"},{"key":"1019_CR16","doi-asserted-by":"crossref","unstructured":"Kiayias A., Liu F.-H., Tselekounis Y.: Practical non-malleable codes from l-more extractable hash functions. In: Weippl E.R., Katzenbeisser S., Kruegel C., Myers A.C., Halevi S, (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24\u201328, 2016, pp. 1317\u20131328. ACM (2016)","DOI":"10.1145\/2976749.2978352"},{"key":"1019_CR17","unstructured":"Kravitz D.W.: Digital signature algorithm."},{"key":"1019_CR18","doi-asserted-by":"crossref","unstructured":"Mironov I., Stephens-Davidowitz N.: Cryptographic reverse firewalls. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques (2015)","DOI":"10.1007\/978-3-662-46803-6_22"},{"key":"1019_CR19","doi-asserted-by":"crossref","unstructured":"Pointcheval D., Stern J.: Security proofs for signature schemes. Advances in Cryptology - EUROCRYPT \u201996. Springer, Berlin (1996)","DOI":"10.1007\/3-540-68339-9_33"},{"issue":"3","key":"1019_CR20","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/s001450010003","volume":"13","author":"D Pointcheval","year":"2000","unstructured":"Pointcheval D., Stern J.: Security arguments for digital signatures and blind signatures. J. Cryptol. 13(3), 361\u2013396 (2000).","journal-title":"J. Cryptol."},{"key":"1019_CR21","doi-asserted-by":"crossref","unstructured":"Rackoff C., Simon D.R.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum J, (ed.) Advances in Cryptology - CRYPTO \u201991, 11th Annual International Cryptology Conference, Santa Barbara, California, USA, August 11\u201315, 1991, Proceedings. Lecture Notes in Computer Science, vol. 576, pp. 433\u2013444. Springer (1991)","DOI":"10.1007\/3-540-46766-1_35"},{"key":"1019_CR22","doi-asserted-by":"crossref","unstructured":"Schnorr C.-P.: Efficient identification and signatures for smart cards. In: Brassard G. (ed.) Advances in Cryptology - CRYPTO \u201989, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20\u201324, 1989, Proceedings. Lecture Notes in Computer Science, vol. 435, pp. 239\u2013252. Springer (1989)","DOI":"10.1007\/0-387-34805-0_22"},{"key":"1019_CR23","doi-asserted-by":"crossref","unstructured":"Wee H.: Efficient chosen-ciphertext security via extractable hash proofs. In: Rabin T. (ed.) Advances in Cryptology - CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15\u201319, 2010. Proceedings. Lecture Notes in Computer Science, vol. 6223, pp. 314\u2013332. Springer (2010)","DOI":"10.1007\/978-3-642-14623-7_17"},{"key":"1019_CR24","doi-asserted-by":"crossref","unstructured":"Young A., Yung M.: The dark side of \u201cblack-box\u201d cryptography or: Should we trust capstone? In: International Cryptology Conference on Advances in Cryptology (1996)","DOI":"10.1007\/3-540-68697-5_8"},{"key":"1019_CR25","doi-asserted-by":"crossref","unstructured":"Young A.L., Yung M.: The prevalence of kleptographic attacks on discret-log based cryptosystems. In: Advances in Cryptology - CRYPTO \u201997, 17th Annual International Cryptology Conference, Santa Barbara, California, USA, August 17\u201321, 1997, Proceedings. (1997)","DOI":"10.1007\/BFb0052241"},{"key":"1019_CR26","doi-asserted-by":"crossref","unstructured":"Zhandry M.: The magic of elfs. In: Robshaw M., Katz J. (eds.) Advances in Cryptology - CRYPTO 2016 - 36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14-18, 2016, Proceedings, Part I. Lecture Notes in Computer Science, vol. 9814, pp. 479\u2013508. Springer (2016)","DOI":"10.1007\/978-3-662-53018-4_18"}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-022-01019-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10623-022-01019-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-022-01019-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,3,25]],"date-time":"2022-03-25T19:14:14Z","timestamp":1648235654000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10623-022-01019-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,5]]},"references-count":26,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,4]]}},"alternative-id":["1019"],"URL":"https:\/\/doi.org\/10.1007\/s10623-022-01019-1","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"type":"print","value":"0925-1022"},{"type":"electronic","value":"1573-7586"}],"subject":[],"published":{"date-parts":[[2022,3,5]]},"assertion":[{"value":"5 January 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 January 2022","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 February 2022","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 March 2022","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}