{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T03:48:30Z","timestamp":1780717710003,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":36,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"DARPPA","award":["FA8750-12-2-0293"],"award-info":[{"award-number":["FA8750-12-2-0293"]}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["CCF-1521602"],"award-info":[{"award-number":["CCF-1521602"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3133974","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"2007-2020","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":38,"title":["Verified Correctness and Security of mbedTLS HMAC-DRBG"],"prefix":"10.1145","author":[{"given":"Katherine Q.","family":"Ye","sequence":"first","affiliation":[{"name":"Princeton University & Carnegie Mellon University, Princeton, NJ, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Matthew","family":"Green","sequence":"additional","affiliation":[{"name":"Johns Hopkins University, Baltimore, MD, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Naphat","family":"Sanguansin","sequence":"additional","affiliation":[{"name":"Princeton University, Princeton, NJ, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Lennart","family":"Beringer","sequence":"additional","affiliation":[{"name":"Princeton University, Princeton, NJ, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Adam","family":"Petcher","sequence":"additional","affiliation":[{"name":"Oracle, Boston, MA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andrew W.","family":"Appel","sequence":"additional","affiliation":[{"name":"Princeton University, Princeton, NJ, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2011.07.003"},{"key":"e_1_3_2_2_2_1","first-page":"1241","article-title":"Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC","volume":"2015","author":"Almeida Jos\u00e9 Bacelar","year":"2015","unstructured":"Jos\u00e9 Bacelar Almeida, Manuel Barbosa, Gilles Barthe, and Fran\u00e7ois Dupressoir. 2015. Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC. IACR Cryptology ePrint Archive 2015 (2015), 1241. http:\/\/eprint.iacr.org\/2015\/1241","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_2_3_1","volume-title":"Verifying Constant-Time Implementations. In 25th USENIX Security Symposium, USENIX Security 16","author":"Almeida Jos\u00e9 Bacelar","year":"2016","unstructured":"Jos\u00e9 Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Fran\u00e7ois Dupressoir, and Michael Emmi. 2016. Verifying Constant-Time Implementations. In 25th USENIX Security Symposium, USENIX Security 16, Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 53--70. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentatio\/almeida"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2701415"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781107256552"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660283"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40349-1_12"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/11818175_36"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/11761679_25"},{"key":"e_1_3_2_2_11_1","volume-title":"Verified Correctness and Security of OpenSSL HMAC. In 24th USENIX Security Symposium. USENIX Assocation, 207--221","author":"Beringer Lennart","unstructured":"Lennart Beringer, Adam Petcher, Katherine Q. Ye, and Andrew W. Appel. 2015. Verified Correctness and Security of OpenSSL HMAC. In 24th USENIX Security Symposium. USENIX Assocation, 207--221."},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-42045-0_18"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49301-4_17"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.37"},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978395"},{"key":"e_1_3_2_2_16_1","volume-title":"On the Practical Exploitability of Dual EC in TLS Implementations. In Usenix Security '14","author":"Checkoway Stephen","year":"2014","unstructured":"Stephen Checkoway, Ruben Niederhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Thomas Ristenpart, Daniel J. Bernstein, Jake Maskiewicz, Hovav Shacham, and Matthew Fredrikson. 2014. On the Practical Exploitability of Dual EC in TLS Implementations. In Usenix Security '14. USENIX Association, San Diego, CA, 319--335. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/checkoway"},{"key":"e_1_3_2_2_17_1","volume-title":"Lessons from the Debian\/OpenSSL Fiasco. (21","author":"Cox Russ","year":"2008","unstructured":"Russ Cox. 2008. Lessons from the Debian\/OpenSSL Fiasco. (21 May 2008). https:\/\/research.swtch.com\/openssl"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","unstructured":"Yevgeniy Dodis Chaya Ganesh Alexander Golovnev Ari Juels and Thomas Ristenpart. 2015. A formal treatment of backdoored pseudorandom generators. In EUROCRYPT (1). 101--126. 10.1007\/978-3-662-46800-5_5","DOI":"10.1007\/978-3-662-46800-5_5"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-28628-8_30"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978369"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368317"},{"key":"e_1_3_2_2_22_1","volume-title":"Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist. Ars Technica (14","author":"Goodin Dan","year":"2013","unstructured":"Dan Goodin. 2013. Google confirms critical Android crypto flaw used in $5,700 Bitcoin heist. Ars Technica (14 Aug. 2013). https:\/\/arstechnica.com\/security\/2013\/08\/google-confirms-critical-android-crypto-flaw-used-in-5700-bitcoin-heist\/"},{"key":"e_1_3_2_2_23_1","volume-title":"Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In 21st USENIX Security Symposium. USENIX Association, 205--220","author":"Heninger Nadia","unstructured":"Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2012. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In 21st USENIX Security Symposium. USENIX Association, 205--220."},{"key":"e_1_3_2_2_24_1","volume-title":"International Workshop on Information Security Applications. Springer, 278--291","author":"Hirose Shoichi","year":"2008","unstructured":"Shoichi Hirose. 2008. Security analysis of DRBG using HMAC in NIST SP 800-90. In International Workshop on Information Security Applications. Springer, 278--291."},{"key":"e_1_3_2_2_25_1","unstructured":"Fortinet Inc. 2016. CVE-2016--8492. Available at https:\/\/fortiguard.com\/advisory\/FG-IR-16-067|. (2016)."},{"key":"e_1_3_2_2_26_1","volume-title":"ISO 19790:2012: Security requirements for cryptographic modules.","author":"ISO.","year":"2012","unstructured":"ISO. 2012. ISO 19790:2012: Security requirements for cryptographic modules. Available at https:\/\/www.iso.org\/standard\/52906.html. (August 2012)."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14623-7_34"},{"key":"e_1_3_2_2_29_1","unstructured":"H. D. Moore. 2008. Debian OpenSSL Flaw. Available at https:\/\/hdm.io\/tools\/debian-openssl\/. (2008)."},{"key":"e_1_3_2_2_30_1","volume-title":"NIST RNG Cryptographic Toolkit.","author":"National Institute of Standards and Technology. 2014.","year":"2014","unstructured":"National Institute of Standards and Technology. 2014. NIST RNG Cryptographic Toolkit. Available at http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/rng\/. (July 2014)."},{"key":"e_1_3_2_2_31_1","unstructured":"National Institute of Standards and Technology. 2017. CAVP Testing: Random Number Generators. (2017). http:\/\/csrc.nist.gov\/groups\/STM\/cavp\/random-number-generation.html."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.FIPS.140-2"},{"key":"e_1_3_2_2_33_1","volume-title":"Able to Foil Basic Safeguards of Privacy on Web. The New York Times (6","author":"Perlroth Nicole","year":"2013","unstructured":"Nicole Perlroth, Jeff Larson, and Scott Shane. 2013. N.S.A. Able to Foil Basic Safeguards of Privacy on Web. The New York Times (6 Sept. 2013). http:\/\/www.nytimes.com\/2013\/09\/06\/us\/nsa-foils-much-internet-encryption.html"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-46666-7_4"},{"key":"e_1_3_2_2_36_1","first-page":"15","volume-title":"CRYPTO 2007 Rump Session. (Aug. 2007","author":"Shumow Dan","year":"2007","unstructured":"Dan Shumow and Niels Ferguson. 2007. On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng. CRYPTO 2007 Rump Session. (Aug. 2007). http:\/\/rump2007.cr.yp.to\/15-shumow.pdf"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/11586821_24"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/358198.358210"},{"key":"e_1_3_2_2_39_1","volume-title":"New Discovery Around Juniper Backdoor Raises More Questions About the Company WIRED.com (Jan","author":"Zetter Kim","year":"2016","unstructured":"Kim Zetter. 2016. New Discovery Around Juniper Backdoor Raises More Questions About the Company WIRED.com (Jan. 2016). https:\/\/www.wired.com\/2016\/01\/new-discovery-around-juniper-backdoor-raises-more-questions-about-the-company\/"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133974","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133974","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3133974","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:13:26Z","timestamp":1750212806000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3133974"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":36,"alternative-id":["10.1145\/3133956.3133974","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3133974","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}