{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T04:33:12Z","timestamp":1773117192653,"version":"3.50.1"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030842512","type":"print"},{"value":"9783030842529","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-84252-9_5","type":"book-chapter","created":{"date-parts":[[2021,8,10]],"date-time":"2021-08-10T23:04:26Z","timestamp":1628636666000},"page":"125-156","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":32,"title":["Provable Security Analysis of FIDO2"],"prefix":"10.1007","author":[{"given":"Manuel","family":"Barbosa","sequence":"first","affiliation":[]},{"given":"Alexandra","family":"Boldyreva","sequence":"additional","affiliation":[]},{"given":"Shan","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Bogdan","family":"Warinschi","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,8,11]]},"reference":[{"key":"5_CR1","unstructured":"FIDO Alliance. Client to authenticator protocol (CTAP) - proposed standard (2019). https:\/\/fidoalliance.org\/specs\/fido-v2.0-ps-20190130\/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html"},{"key":"5_CR2","unstructured":"Google 2-step verification (2020). https:\/\/www.google.com\/landing\/2step\/"},{"key":"5_CR3","unstructured":"Abdalla, M., Barbosa, M.: Perfect forward security of SPAKE2. Cryptology ePrint Archive, Report 2019\/1194 (2019). https:\/\/eprint.iacr.org\/2019\/1194"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Abdalla, M., Barbosa, M., Bradley, T., Jarecki, S., Katz, J., Xu, J.: Universally composable relaxed password authenticated key exchange. Cryptology ePrint Archive, Report 2020\/320 (2020). https:\/\/eprint.iacr.org\/2020\/320","DOI":"10.1007\/978-3-030-56784-2_10"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-540-30574-3_14","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"M Abdalla","year":"2005","unstructured":"Abdalla, M., Pointcheval, D.: Simple password-based encrypted key exchange protocols. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 191\u2013208. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-30574-3_14"},{"key":"5_CR6","unstructured":"Barbosa, M., Boldyreva, A., Chen, S., Warinschi, B.: Provable security analysis of FIDO2. Cryptology ePrint Archive, Report 2020\/756 (2020). https:\/\/eprint.iacr.org\/2020\/756"},{"key":"5_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602\u2013619. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11818175_36"},{"key":"5_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-68697-5_1","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1\u201315. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_1"},{"key":"5_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139\u2013155. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_11"},{"key":"5_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/3-540-48329-2_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"M Bellare","year":"1994","unstructured":"Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232\u2013249. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_21"},{"key":"5_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1007\/3-540-68339-9_34","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Rogaway, P.: The exact security of digital signatures-how to sign with RSA and rabin. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399\u2013416. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68339-9_34"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Boldyreva, A., Chen, S., Dupont, P.A., Pointcheval, D.: Human computing for handling strong corruptions in authenticated key exchange. In: CSF 2017, pp. 159\u2013175. IEEE (2017)","DOI":"10.1109\/CSF.2017.31"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Chen, S., Jero, S., Jagielski, M., Boldyreva, A., Nita-Rotaru, C.: Secure communication channel establishment: TLS 1.3 (over TCP fast open) versus QUIC. J. Cryptol. 34(3), 1\u201341 (2021)","DOI":"10.1007\/s00145-021-09389-w"},{"issue":"4","key":"5_CR14","doi-asserted-by":"publisher","first-page":"1914","DOI":"10.1007\/s00145-020-09360-1","volume":"33","author":"K Cohn-Gordon","year":"2020","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the Signal messaging protocol. J. Cryptol. 33(4), 1914\u20131983 (2020)","journal-title":"J. Cryptol."},{"key":"5_CR15","unstructured":"Consortium, W.W.W., et al.: Web authentication: an API for accessing public key credentials level 1\u2013W3C recommendation (2019). https:\/\/www.w3.org\/TR\/webauthn"},{"key":"5_CR16","first-page":"404","volume":"2012","author":"A Czeskis","year":"2012","unstructured":"Czeskis, A., Dietz, M., Kohno, T., Wallach, D., Balfanz, D.: Strengthening user authentication through opportunistic cryptographic identity assertions. CCS 2012, 404\u2013414 (2012)","journal-title":"CCS"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Davis, G.: The past, present, and future of password security (2018)","DOI":"10.1016\/S1353-4858(18)30069-2"},{"issue":"2","key":"5_CR18","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1109\/TIT.1983.1056650","volume":"29","author":"D Dolev","year":"1983","unstructured":"Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198\u2013208 (1983)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol. Cryptology ePrint Archive, Report 2020\/1044 (2020). https:\/\/eprint.iacr.org\/2020\/1044","DOI":"10.1007\/s00145-021-09384-1"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Dworkin, M.: Recommendation for block cipher modes of operation. methods and techniques. Technical report, National Inst of Standards and Technology Gaithersburg MD Computer security Div (2001)","DOI":"10.6028\/NIST.SP.800-38a"},{"key":"5_CR21","unstructured":"FIDO: Specifications overview. https:\/\/fidoalliance.org\/specifications\/"},{"key":"5_CR22","unstructured":"Gott, A.: LastPass reveals 8 truths about passwords in the new Password Expos\u00e9 (2017)"},{"key":"5_CR23","doi-asserted-by":"crossref","unstructured":"Guirat, I.B., Halpin, H.: Formal verification of the W3C web authentication protocol. In: 5th Annual Symposium and Bootcamp on Hot Topics in the Science of Security, p. 6. ACM (2018)","DOI":"10.1145\/3190619.3190640"},{"key":"5_CR24","doi-asserted-by":"crossref","unstructured":"Haase, B., Labrique, B.: AuCPace: efficient verifier-based PAKE protocol tailored for the IIoT. IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 1\u201348 (2019)","DOI":"10.46586\/tches.v2019.i2.1-48"},{"issue":"12","key":"5_CR25","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1109\/CC.2016.7897543","volume":"13","author":"K Hu","year":"2016","unstructured":"Hu, K., Zhang, Z.: Security analysis of an attractive online authentication standard: FIDO UAF protocol. China Commun. 13(12), 189\u2013198 (2016)","journal-title":"China Commun."},{"key":"5_CR26","doi-asserted-by":"publisher","unstructured":"Igoe, K., McGrew, D., Salter, M.: Fundamental elliptic-curve Cryptography Algorithms. RFC 6090 (2011). https:\/\/doi.org\/10.17487\/RFC6090","DOI":"10.17487\/RFC6090"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Jacomme, C., Kremer, S.: An extensive formal analysis of multi-factor authentication protocols. In: CSF 2018, pp. 1\u201315. IEEE (2018)","DOI":"10.1109\/CSF.2018.00008"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Jager, T., Kakvi, S.A., May, A.: On the security of the PKCS# 1 v1. 5 signature scheme. In: CCS 2018, pp. 1195\u20131208 (2018)","DOI":"10.1145\/3243734.3243798"},{"key":"5_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1007\/978-3-319-76581-5_15","volume-title":"Public-Key Cryptography \u2013 PKC 2018","author":"S Jarecki","year":"2018","unstructured":"Jarecki, S., Krawczyk, H., Shirvanian, M., Saxena, N.: Two-factor authentication with\u00a0end-to-end password security. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10770, pp. 431\u2013461. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76581-5_15"},{"key":"5_CR30","doi-asserted-by":"publisher","unstructured":"Moriarty, K., Kaliski, B., Jonsson, J., Rusch, A.: PKCS #1: RSA Cryptography Specifications Version 2.2. RFC 8017 (2016). https:\/\/doi.org\/10.17487\/RFC8017","DOI":"10.17487\/RFC8017"},{"key":"5_CR31","unstructured":"Nahorney, B.: Email threats 2017. Symantec, Internet Security Threat Report (2017)"},{"key":"5_CR32","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-319-67639-5_11","volume-title":"Digital Communication. Towards a Smart and Secure Future Internet","author":"C Panos","year":"2017","unstructured":"Panos, C., Malliaros, S., Ntantogian, C., Panou, A., Xenakis, C.: A security evaluation of FIDO\u2019s UAF protocol in mobile and embedded devices. In: Piva, A., Tinnirello, I., Morosi, S. (eds.) TIWDC 2017. CCIS, vol. 766, pp. 127\u2013142. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-67639-5_11"},{"key":"5_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1007\/978-3-319-75650-9_5","volume-title":"Foundations and Practice of Security","author":"O Pereira","year":"2018","unstructured":"Pereira, O., Rochet, F., Wiedling, C.: Formal analysis of the FIDO 1.x protocol. In: Imine, A., Fernandez, J.M., Marion, J.-Y., Logrippo, L., Garcia-Alfaro, J. (eds.) FPS 2017. LNCS, vol. 10723, pp. 68\u201382. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-75650-9_5"},{"key":"5_CR34","unstructured":"Verizon: 2017 data breach investigations report (2017). https:\/\/enterprise.verizon.com\/resources\/reports\/2017_dbir.pdf"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-84252-9_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,11]],"date-time":"2024-08-11T00:08:01Z","timestamp":1723334881000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-84252-9_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030842512","9783030842529"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-84252-9_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"11 August 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 August 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"41","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"426","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"103","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20.9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1 invited paper is also included.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}