{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,7]],"date-time":"2026-04-07T16:29:04Z","timestamp":1775579344366,"version":"3.50.1"},"reference-count":71,"publisher":"IEEE","license":[{"start":{"date-parts":[[2022,8,1]],"date-time":"2022-08-01T00:00:00Z","timestamp":1659312000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2022,8,1]],"date-time":"2022-08-01T00:00:00Z","timestamp":1659312000000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,8]]},"DOI":"10.1109\/csf54842.2022.9919674","type":"proceedings-article","created":{"date-parts":[[2022,11,3]],"date-time":"2022-11-03T21:29:20Z","timestamp":1667510960000},"page":"195-210","source":"Crossref","is-referenced-by-count":5,"title":["Contingent payments from two-party signing and verification for abelian groups"],"prefix":"10.1109","author":[{"given":"Sergiu","family":"Bursuc","sequence":"first","affiliation":[{"name":"University of Luxembourg,SnT"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sjouke","family":"Mauw","sequence":"additional","affiliation":[{"name":"University of Luxembourg,SnT and DCS"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/SFFCS.1999.814584"},{"key":"ref13","doi-asserted-by":"crossref","first-page":"421","DOI":"10.1007\/978-3-662-44381-1_24","article-title":"How to use Bitcoin to design fair protocols","volume":"8617","author":"bentov","year":"2014","journal-title":"Advances in Cryptology - CRYPTO 2014"},{"key":"ref56","first-page":"696","article-title":"The TAMARIN prover for the symbolic analysis of security protocols","volume":"8044","author":"meier","year":"2013","journal-title":"25th International Conference on Computer Aided Verification (CAV'13)"},{"key":"ref12","article-title":"Succinct non-interactive zero knowledge for a von Neumann architecture","author":"ben-sasson","year":"0","journal-title":"USENIX Security Symposium"},{"key":"ref59","author":"nakamoto","year":"2008","journal-title":"Bitcoin A Peer-to-Peer Electronic Cash System"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1561\/3300000004"},{"key":"ref58","author":"moreno-sanchez","year":"0","journal-title":"Scriptless scripts with ecdsa"},{"key":"ref14","first-page":"1","article-title":"Mechanizing game-based proofs of security protocols","volume":"33","author":"blanchet","year":"2012","journal-title":"Software Safety and Security - Tools for Analysis and Verification"},{"key":"ref53","first-page":"1837","author":"lindell","year":"0","journal-title":"Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1145\/3243734"},{"key":"ref55","author":"maxwell","year":"2016","journal-title":"The first successful zero-knowledge contingent payment"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.36"},{"key":"ref54","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2019.23330","article-title":"Anonymous multi-hop locks for blockchain scalability and interoperability","author":"malavolta","year":"2019","journal-title":"the Symposium on Network and Distributed System Security NDSS-95"},{"key":"ref10","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1007\/978-3-642-20901-7_2","article-title":"Secret-sharing schemes: A survey","volume":"6639","author":"beimel","year":"2011","journal-title":"Coding and Cryptology - Third International Workshop"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1007\/11745853_15"},{"key":"ref16","first-page":"236","article-title":"Timed commitments","volume":"1880","author":"boneh","year":"2000","journal-title":"Advances in Cryptology - CRYPTO"},{"key":"ref19","article-title":"Contingent payments from two-party signing and verification for abelian groups","author":"bursuc","year":"2022","journal-title":"Cryptology ePrint Archive Paper 2022\/719"},{"key":"ref18","first-page":"361","article-title":"Contingent payments on a public ledger: Models and reductions for automated verification","author":"bursuc","year":"2019","journal-title":"Computer Security - ESORICS 92"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.ic.2006.10.008"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2009.17"},{"key":"ref46","first-page":"427","article-title":"Stateful protocol composition","author":"andreas","year":"2018","journal-title":"European symposium on research in computer security"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2000.856923"},{"key":"ref48","author":"krawczyk","year":"2010","journal-title":"Hmac-based extract-and-expand key derivation function (hkdf) Technical report"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/s102070100002"},{"key":"ref42","first-page":"1179","author":"gennaro","year":"0","journal-title":"Fast multiparty threshold ECDSA with fast trustless setup"},{"key":"ref41","first-page":"281","article-title":"The Bitcoin backbone protocol: Analysis and applications","volume":"9057","author":"garay","year":"2015","journal-title":"Advances in Cryptology - Eurocrypt"},{"key":"ref44","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1007\/978-3-319-70972-7_18","article-title":"Escrow protocols for cryptocurrencies: How to buy physical goods using Bitcoin","volume":"10322","author":"goldfeder","year":"2017","journal-title":"Financial Cryptography and Data Security"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132757"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455788"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45741-3_14"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.23"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/11591191_38"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.35"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44774-1_8"},{"key":"ref6","doi-asserted-by":"crossref","first-page":"635","DOI":"10.1007\/978-3-030-92075-3_22","article-title":"Generalized channels from limited blockchain scripts and adaptor signatures","volume":"13091","author":"aumayr","year":"2021","journal-title":"Advances in Cryptology - ASIACRYPT 2021"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/49.839935"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00017"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2018.00033"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1016\/B978-0-444-88074-1.50011-1"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384749"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243857"},{"key":"ref31","first-page":"801","article-title":"Fastkitten: Practical smart contracts on bitcoin","author":"das","year":"2019","journal-title":"Proceedings of the 28th USENIX Conference on Security Symposium SEC'19"},{"key":"ref30","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1007\/978-3-540-39910-0_10","article-title":"Easy intruder deductions","volume":"2772","author":"comon-lundh","year":"2003","journal-title":"Verification Theory and Practice Essays Dedicated to Zohar Manna on the Occasion of His 64th Birthday"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.ic.2007.07.005"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31365-3_15"},{"key":"ref2","first-page":"83","article-title":"On the security of joint signature and encryption","volume":"2332","author":"hea an","year":"2002","journal-title":"Advances in Cryptology - Eurocrypt"},{"key":"ref1","year":"0","journal-title":"Additional material specifications in Tamarin"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354234"},{"key":"ref38","author":"fournier","year":"2019","journal-title":"One-time verifiably encrypted signatures a k a adaptor signatures"},{"key":"ref71","year":"2011","journal-title":"Zero Knowledge Contingent Payment Bitcoin Wiki"},{"key":"ref70","author":"wood","year":"2014","journal-title":"Ethereum A Secure Decentralised Generalised Transaction Ledger"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.2168\/LMCS-6(3:12)2010"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134092"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00065"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/LICS.2003.1210066"},{"key":"ref26","first-page":"364","article-title":"Limits on the security of coin flips when half the processors are faulty (extended abstract)","author":"cleve","year":"1986","journal-title":"Symposium on Theory of Computing"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.28"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.29"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48184-2_5"},{"key":"ref20","first-page":"93","article-title":"Optimistic fair secure computation","volume":"1880","author":"cachin","year":"2000","journal-title":"Advances in Cryptology - CRYPTO"},{"key":"ref63","first-page":"643","article-title":"Analysis of the blockchain protocol in asynchronous networks","volume":"10211","author":"pass","year":"2017","journal-title":"Advances in Cryptology - Eurocrypt"},{"key":"ref66","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00111"},{"key":"ref22","year":"0","journal-title":"Chainlink VRF On-chain verifiable randomness"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2012.25"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134060"},{"key":"ref28","doi-asserted-by":"crossref","first-page":"294","DOI":"10.1007\/978-3-540-32033-3_22","article-title":"The finite variant property: How to get rid of some algebraic properties","volume":"3467","author":"comon-lundh","year":"2005","journal-title":"Term Rewriting and Applications"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-016-9245-5"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/LICS.2003.1210067"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417888"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3046025"},{"key":"ref61","author":"pagnia","year":"1999","journal-title":"On the impossibility of fair exchange without a trusted third party Technical Report"}],"event":{"name":"2022 IEEE 35th Computer Security Foundations Symposium (CSF)","location":"Haifa, Israel","start":{"date-parts":[[2022,8,7]]},"end":{"date-parts":[[2022,8,10]]}},"container-title":["2022 IEEE 35th Computer Security Foundations Symposium (CSF)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9919409\/9919636\/09919674.pdf?arnumber=9919674","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,8]],"date-time":"2023-11-08T18:18:10Z","timestamp":1699467490000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9919674\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,8]]},"references-count":71,"URL":"https:\/\/doi.org\/10.1109\/csf54842.2022.9919674","relation":{},"subject":[],"published":{"date-parts":[[2022,8]]}}}