{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T23:52:57Z","timestamp":1769298777400,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,10,16]],"date-time":"2012-10-16T00:00:00Z","timestamp":1350345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,10,16]]},"DOI":"10.1145\/2382196.2382272","type":"proceedings-article","created":{"date-parts":[[2012,10,15]],"date-time":"2012-10-15T17:13:12Z","timestamp":1350321192000},"page":"724-735","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Verified security of redundancy-free encryption from Rabin and RSA"],"prefix":"10.1145","author":[{"given":"Gilles","family":"Barthe","sequence":"first","affiliation":[{"name":"IMDEA Software Institute, Madrid, Spain"}]},{"given":"David","family":"Pointcheval","sequence":"additional","affiliation":[{"name":"\u00c9cole Normale Sup\u00e9rieure, Paris, France"}]},{"given":"Santiago","family":"Zanella B\u00e9guelin","sequence":"additional","affiliation":[{"name":"Microsoft Research, Cambridge, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2012,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.5555\/647318.723498"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89255-7_22"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866350"},{"key":"e_1_3_2_1_4_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"71","DOI":"10.1007\/978-3-642-22792-9_5","volume-title":"Advances in Cryptology -- CRYPTO","author":"Barthe G.","year":"2011","unstructured":"G. Barthe , B. Gregoire , S. Heraud , and S. Zanella Beguelin . Computer-aided security proofs for the working cryptographer . In Advances in Cryptology -- CRYPTO 2011 , volume 6841 of Lecture Notes in Computer Science , pages 71 -- 90 . Springer , 2011. G. Barthe, B. Gregoire, S. Heraud, and S. Zanella Beguelin. Computer-aided security proofs for the working cryptographer. In Advances in Cryptology -- CRYPTO 2011, volume 6841 of Lecture Notes in Computer Science, pages 71--90. Springer, 2011."},{"key":"e_1_3_2_1_5_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"180","DOI":"10.1007\/978-3-642-19074-2_13","volume-title":"Topics in Cryptology -- CT-RSA","author":"Barthe G.","year":"2011","unstructured":"G. Barthe , B. Gregoire , Y. Lakhnech , and S. Zanella Beguelin . Beyond provable security. Verifiable IND-CCA security of OAEP . In Topics in Cryptology -- CT-RSA 2011 , volume 6558 of Lecture Notes in Computer Science , pages 180 -- 196 . Springer , 2011. G. Barthe, B. Gregoire, Y. Lakhnech, and S. Zanella Beguelin. Beyond provable security. Verifiable IND-CCA security of OAEP. In Topics in Cryptology -- CT-RSA 2011, volume 6558 of Lecture Notes in Computer Science, pages 180--196. Springer, 2011."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1480881.1480894"},{"key":"e_1_3_2_1_8_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1007\/BFb0055718","volume-title":"Advances in Cryptology -- CRYPTO","author":"Bellare M.","year":"1998","unstructured":"M. Bellare , A. Desai , D. Pointcheval , and P. Rogaway . Relations among notions of security for public-key encryption schemes . In Advances in Cryptology -- CRYPTO 1998 , volume 1462 of Lecture Notes in Computer Science , pages 26 -- 45 . Springer , 1998. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption schemes. In Advances in Cryptology -- CRYPTO 1998, volume 1462 of Lecture Notes in Computer Science, pages 26--45. Springer, 1998."},{"key":"e_1_3_2_1_9_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1007\/978-3-540-30539-2_4","volume-title":"Advances in Cryptology -- ASIACRYPT","author":"Bellare M.","year":"2004","unstructured":"M. Bellare and A. Palacio . Towards plaintext-aware public-key encryption without random oracles . In Advances in Cryptology -- ASIACRYPT 2004 , volume 3329 of Lecture Notes in Computer Science , pages 48 -- 62 . Springer , 2004. M. Bellare and A. Palacio. Towards plaintext-aware public-key encryption without random oracles. In Advances in Cryptology -- ASIACRYPT 2004, volume 3329 of Lecture Notes in Computer Science, pages 48--62. Springer, 2004."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/168588.168596"},{"key":"e_1_3_2_1_11_1","series-title":"Lecture Notes in Computer Science","first-page":"92","volume-title":"Advances in Cryptology -- EUROCRYPT","author":"Bellare M.","year":"1994","unstructured":"M. Bellare and P. Rogaway . Optimal asymmetric encryption . In Advances in Cryptology -- EUROCRYPT 1994 , volume 950 of Lecture Notes in Computer Science , pages 92 -- 111 . Springer , 1994. M. Bellare and P. Rogaway. Optimal asymmetric encryption. In Advances in Cryptology -- EUROCRYPT 1994, volume 950 of Lecture Notes in Computer Science, pages 92--111. Springer, 1994."},{"key":"e_1_3_2_1_12_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1007\/3-540-68339-9_34","volume-title":"Advances in Cryptology -- EUROCRYPT","author":"Bellare M.","year":"1996","unstructured":"M. Bellare and P. Rogaway . The exact security of digital signatures: How to sign with RSA and Rabin . In Advances in Cryptology -- EUROCRYPT 1996 , volume 1070 of Lecture Notes in Computer Science , pages 399 -- 416 . Springer , 1996. M. Bellare and P. Rogaway. The exact security of digital signatures: How to sign with RSA and Rabin. In Advances in Cryptology -- EUROCRYPT 1996, volume 1070 of Lecture Notes in Computer Science, pages 399--416. Springer, 1996."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/11761679_25"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/1793774.1793780"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.1"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28641-4_2"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/11818175_32"},{"key":"e_1_3_2_1_18_1","volume-title":"The Why3 platform. Version 0.71. Online -- http:\/\/why3.lri.fr","author":"Bobot F.","year":"2010","unstructured":"F. Bobot , J.-C. Filliatre , C. Marche , and A. Paskevich . The Why3 platform. Version 0.71. Online -- http:\/\/why3.lri.fr , 2010 . F. Bobot, J.-C. Filliatre, C. Marche, and A. Paskevich. The Why3 platform. Version 0.71. Online -- http:\/\/why3.lri.fr, 2010."},{"key":"e_1_3_2_1_19_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"275","DOI":"10.1007\/3-540-44647-8_17","volume-title":"Advances in Cryptology -- CRYPTO","author":"Boneh D.","year":"2001","unstructured":"D. Boneh . Simplified OAEP for the RSA and Rabin functions . In Advances in Cryptology -- CRYPTO 2001 , volume 2139 of Lecture Notes in Computer Science , pages 275 -- 291 . Springer , 2001. D. Boneh. Simplified OAEP for the RSA and Rabin functions. In Advances in Cryptology -- CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 275--291. Springer, 2001."},{"key":"e_1_3_2_1_20_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"485","DOI":"10.1007\/978-3-540-76900-2_30","volume-title":"Advances in Cryptology -- ASIACRYPT","author":"Boyen X.","year":"2007","unstructured":"X. Boyen . Miniature CCA2 PK encryption: Tight security without redundancy . In Advances in Cryptology -- ASIACRYPT 2007 , volume 4833 of Lecture Notes in Computer Science , pages 485 -- 501 . Springer , 2007. X. Boyen. Miniature CCA2 PK encryption: Tight security without redundancy. In Advances in Cryptology -- ASIACRYPT 2007, volume 4833 of Lecture Notes in Computer Science, pages 485--501. Springer, 2007."},{"key":"e_1_3_2_1_21_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1007\/3-540-68339-9_14","volume-title":"Advances in Cryptology -- EUROCRYPT","author":"Coppersmith D.","year":"1996","unstructured":"D. Coppersmith . Finding a small root of a univariate modular equation. In Advances in Cryptology -- EUROCRYPT 1996 , volume 1070 of Lecture Notes in Computer Science , pages 155 -- 165 . Springer , 1996. D. Coppersmith. Finding a small root of a univariate modular equation. In Advances in Cryptology -- EUROCRYPT 1996, volume 1070 of Lecture Notes in Computer Science, pages 155--165. Springer, 1996."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10817-010-9187-9"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455817"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/11761679_18"},{"key":"e_1_3_2_1_25_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"394","DOI":"10.1007\/3-540-44598-6_25","volume-title":"Advances in Cryptology -- CRYPTO","author":"Desai A.","year":"2000","unstructured":"A. Desai . New paradigms for constructing symmetric encryption schemes secure against chosen-ciphertext attack . In Advances in Cryptology -- CRYPTO 2000 , volume 1880 of Lecture Notes in Computer Science , pages 394 -- 412 . Springer , 2000. A. Desai. New paradigms for constructing symmetric encryption schemes secure against chosen-ciphertext attack. In Advances in Cryptology -- CRYPTO 2000, volume 1880 of Lecture Notes in Computer Science, pages 394--412. Springer, 2000."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/648116.746447"},{"key":"e_1_3_2_1_27_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"537","DOI":"10.1007\/3-540-48405-1_34","volume-title":"Advances in Cryptology -- CRYPTO","author":"Fujisaki E.","year":"1999","unstructured":"E. Fujisaki and T. Okamoto . Secure integration of asymmetric and symmetric encryption schemes . In Advances in Cryptology -- CRYPTO 1999 , volume 1666 of Lecture Notes in Computer Science , pages 537 -- 554 . Springer , 1999. E. Fujisaki and T. Okamoto. Secure integration of asymmetric and symmetric encryption schemes. In Advances in Cryptology -- CRYPTO 1999, volume 1666 of Lecture Notes in Computer Science, pages 537--554. Springer, 1999."},{"key":"e_1_3_2_1_28_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"260","DOI":"10.1007\/3-540-44647-8_16","volume-title":"Advances in Cryptology -- CRYPTO","author":"Fujisaki E.","year":"2001","unstructured":"E. Fujisaki , T. Okamoto , D. Pointcheval , and J. Stern . RSA-OAEP is secure under the RSA assumption . In Advances in Cryptology -- CRYPTO 2001 , volume 2139 of Lecture Notes in Computer Science , pages 260 -- 274 . Springer , 2001. E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is secure under the RSA assumption. In Advances in Cryptology -- CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 260--274. Springer, 2001."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/0022-0000(84)90070-9"},{"key":"e_1_3_2_1_31_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"548","DOI":"10.1007\/978-3-540-45146-4_32","volume-title":"Advances in Cryptology -- CRYPTO","author":"Herzog J.","year":"2003","unstructured":"J. Herzog , M. Liskov , and S. Micali . Plaintext awareness via key registration . In Advances in Cryptology -- CRYPTO 2003 , volume 2729 of Lecture Notes in Computer Science , pages 548 -- 564 . Springer , 2003. J. Herzog, M. Liskov, and S. Micali. Plaintext awareness via key registration. In Advances in Cryptology -- CRYPTO 2003, volume 2729 of Lecture Notes in Computer Science, pages 548--564. Springer, 2003."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/946243.946297"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/11496137_20"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/100216.100273"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.5555\/648118.746756"},{"key":"e_1_3_2_1_36_1","series-title":"Lecture Notes in Computer Science","first-page":"159","volume-title":"Topics in Cryptology -- CT-RSA","author":"Okamoto T.","year":"2001","unstructured":"T. Okamoto and D. Pointcheval . REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform . In Topics in Cryptology -- CT-RSA 2001 , volume 2020 of Lecture Notes in Computer Science , pages 159 -- 175 . Springer , 2001. T. Okamoto and D. Pointcheval. REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform. In Topics in Cryptology -- CT-RSA 2001, volume 2020 of Lecture Notes in Computer Science, pages 159--175. Springer, 2001."},{"key":"e_1_3_2_1_37_1","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology -- ASIACRYPT","author":"Phan D. H.","year":"2003","unstructured":"D. H. Phan and D. Pointcheval . Chosen-ciphertext security without redundancy . In Advances in Cryptology -- ASIACRYPT 2003 , volume 2894 of Lecture Notes in Computer Science , pages 1 -- 18 . Springer , 2003. D. H. Phan and D. Pointcheval. Chosen-ciphertext security without redundancy. In Advances in Cryptology -- ASIACRYPT 2003, volume 2894 of Lecture Notes in Computer Science, pages 1--18. Springer, 2003."},{"key":"e_1_3_2_1_38_1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1007\/978-3-540-30539-2_5","volume-title":"Advances in Cryptology -- ASIACRYPT","author":"Phan D. H.","year":"2004","unstructured":"D. H. Phan and D. Pointcheval . OAEP 3-round: A generic and secure asymmetric encryption padding . In Advances in Cryptology -- ASIACRYPT 2004 , volume 3329 of Lecture Notes in Computer Science , pages 63 -- 77 . Springer , 2004. D. H. Phan and D. Pointcheval. OAEP 3-round: A generic and secure asymmetric encryption padding. In Advances in Cryptology -- ASIACRYPT 2004, volume 3329 of Lecture Notes in Computer Science, pages 63--77. Springer, 2004."},{"key":"e_1_3_2_1_39_1","series-title":"Lecture Notes in Computer Science","first-page":"433","volume-title":"Advances in Cryptology -- CRYPTO","author":"Rackoff C.","year":"1991","unstructured":"C. Rackoff and D. R. Simon . Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack . In Advances in Cryptology -- CRYPTO 1991 , volume 576 of Lecture Notes in Computer Science , pages 433 -- 444 . Springer , 1992. C. Rackoff and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology -- CRYPTO 1991, volume 576 of Lecture Notes in Computer Science, pages 433--444. Springer, 1992."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/359340.359342"}],"event":{"name":"CCS'12: the ACM Conference on Computer and Communications Security","location":"Raleigh North Carolina USA","acronym":"CCS'12","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2012 ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382272","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2382196.2382272","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:34:48Z","timestamp":1750239288000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382272"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,10,16]]},"references-count":38,"alternative-id":["10.1145\/2382196.2382272","10.1145\/2382196"],"URL":"https:\/\/doi.org\/10.1145\/2382196.2382272","relation":{},"subject":[],"published":{"date-parts":[[2012,10,16]]},"assertion":[{"value":"2012-10-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}