{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T16:29:54Z","timestamp":1767889794198,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T00:00:00Z","timestamp":1572998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,6]]},"DOI":"10.1145\/3319535.3339813","type":"proceedings-article","created":{"date-parts":[[2019,11,7]],"date-time":"2019-11-07T13:08:32Z","timestamp":1573132112000},"page":"2165-2180","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["Seems Legit"],"prefix":"10.1145","author":[{"given":"Dennis","family":"Jackson","sequence":"first","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]},{"given":"Cas","family":"Cremers","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Germany"}]},{"given":"Katriel","family":"Cohn-Gordon","sequence":"additional","affiliation":[{"name":"Independent Scholar, London, United Kingdom"}]},{"given":"Ralf","family":"Sasse","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}]}],"member":"320","published-online":{"date-parts":[[2019,11,6]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"International Conference on the Theory and Applications of Cryptographic Techniques","volume":"2332","author":"An Jee Hea","year":"2002","unstructured":"Jee Hea An , Yevgeniy Dodis , and Tal Rabin . 2002 . On the Security of Joint Signature and Encryption. In Advances in Cryptology - EUROCRYPT 2002 , International Conference on the Theory and Applications of Cryptographic Techniques , Amsterdam, The Netherlands, April 28 - May 2, 2002, Proceedings (Lecture Notes in Computer Science), Lars R. Knudsen (Ed.), Vol. 2332 . Springer, 83--107. https:\/\/doi.org\/10.1007\/3--540--46035--7_6 10.1007\/3--540--46035--7_6 Jee Hea An, Yevgeniy Dodis, and Tal Rabin. 2002. On the Security of Joint Signature and Encryption. In Advances in Cryptology - EUROCRYPT 2002, International Conference on the Theory and Applications of Cryptographic Techniques, Amsterdam, The Netherlands, April 28 - May 2, 2002, Proceedings (Lecture Notes in Computer Science), Lars R. Knudsen (Ed.), Vol. 2332. Springer, 83--107. https:\/\/doi.org\/10.1007\/3--540--46035--7_6"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653672"},{"key":"e_1_3_2_2_3_1","volume-title":"9th International Conference, FOSSACS 2006, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2006, Vienna, Austria, March 25--31, 2006, Proceedings. 428--445","author":"Backes Michael","year":"2006","unstructured":"Michael Backes , Sebastian M\u00f6 dersheim, Birgit Pfitzmann , and Luca Vigan\u00f2 . 2006 . Symbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario. In Foundations of Software Science and Computation Structures , 9th International Conference, FOSSACS 2006, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2006, Vienna, Austria, March 25--31, 2006, Proceedings. 428--445 . https:\/\/doi.org\/10.1007\/11690634_29 10.1007\/11690634_29 Michael Backes, Sebastian M\u00f6 dersheim, Birgit Pfitzmann, and Luca Vigan\u00f2. 2006. Symbolic and Cryptographic Analysis of the Secure WS-ReliableMessaging Scenario. In Foundations of Software Science and Computation Structures, 9th International Conference, FOSSACS 2006, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2006, Vienna, Austria, March 25--31, 2006, Proceedings. 428--445. https:\/\/doi.org\/10.1007\/11690634_29"},{"key":"e_1_3_2_2_4_1","volume-title":"Remarks on the unknown key share attacks","author":"Baek Joonsang","year":"2000","unstructured":"Joonsang Baek and Kwangjo Kim . 2000. Remarks on the unknown key share attacks ., Vol. 83 , 12 ( 2000 ), 2766--2769. Joonsang Baek and Kwangjo Kim. 2000. Remarks on the unknown key share attacks., Vol. 83, 12 (2000), 2766--2769."},{"key":"e_1_3_2_2_5_1","first-page":"69","article-title":"Verification Methods for the Computationally Complete Symbolic Attacker Based on Indistinguishability","volume":"2016","author":"Bana Gergei","year":"2016","unstructured":"Gergei Bana and Rohit Chadha . 2016 . Verification Methods for the Computationally Complete Symbolic Attacker Based on Indistinguishability . IACR Cryptology ePrint Archive , Vol. 2016 (2016), 69 . http:\/\/eprint.iacr.org\/2016\/069 Gergei Bana and Rohit Chadha. 2016. Verification Methods for the Computationally Complete Symbolic Attacker Based on Indistinguishability. IACR Cryptology ePrint Archive, Vol. 2016 (2016), 69. http:\/\/eprint.iacr.org\/2016\/069","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28641-4_11"},{"key":"e_1_3_2_2_7_1","volume-title":"Proceedings (Lecture Notes in Computer Science), Phillip Rogaway (Ed.)","volume":"6841","author":"Barthe Gilles","year":"2011","unstructured":"Gilles Barthe , Benjamin Gr\u00e9 goire, Sylvain Heraud , and Santiago Zanella B\u00e9 guelin. 2011 . Computer-Aided Security Proofs for the Working Cryptographer. In Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14--18, 2011 . Proceedings (Lecture Notes in Computer Science), Phillip Rogaway (Ed.) , Vol. 6841 . Springer, 71--90. https:\/\/doi.org\/10.1007\/978--3--642--22792--9_5 10.1007\/978--3--642--22792--9_5 Gilles Barthe, Benjamin Gr\u00e9 goire, Sylvain Heraud, and Santiago Zanella B\u00e9 guelin. 2011. Computer-Aided Security Proofs for the Working Cryptographer. In Advances in Cryptology - CRYPTO 2011 - 31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14--18, 2011. Proceedings (Lecture Notes in Computer Science), Phillip Rogaway (Ed.), Vol. 6841. Springer, 71--90. https:\/\/doi.org\/10.1007\/978--3--642--22792--9_5"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243846"},{"key":"e_1_3_2_2_9_1","first-page":"753","article-title":"CryptHOL: Game-based Proofs in Higher-order Logic","volume":"2017","author":"Basin David A.","year":"2017","unstructured":"David A. Basin , Andreas Lochbihler , and S. Reza Sefidgar . 2017 . CryptHOL: Game-based Proofs in Higher-order Logic . IACR Cryptology ePrint Archive , Vol. 2017 (2017), 753 . http:\/\/eprint.iacr.org\/2017\/753 David A. Basin, Andreas Lochbihler, and S. Reza Sefidgar. 2017. CryptHOL: Game-based Proofs in Higher-order Logic. IACR Cryptology ePrint Archive, Vol. 2017 (2017), 753. http:\/\/eprint.iacr.org\/2017\/753","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-012-0027-1"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.26"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1111348.1111355"},{"key":"e_1_3_2_2_13_1","volume-title":"FC 2017, Sliema, Malta, April 3--7","volume":"10322","author":"Bhargavan Karthikeyan","year":"2017","unstructured":"Karthikeyan Bhargavan , Antoine Delignat-Lavaud , and Nadim Kobeissi . 2017 b. Formal Modeling and Verification for Domain Validation and ACME. In Financial Cryptography and Data Security - 21st International Conference , FC 2017, Sliema, Malta, April 3--7 , 2017, Revised Selected Papers (Lecture Notes in Computer Science), Aggelos Kiayias (Ed.) , Vol. 10322 . Springer, 561--578. https:\/\/doi.org\/10.1007\/978--3--319--70972--7_32 10.1007\/978--3--319--70972--7_32 Karthikeyan Bhargavan, Antoine Delignat-Lavaud, and Nadim Kobeissi. 2017b. Formal Modeling and Verification for Domain Validation and ACME. In Financial Cryptography and Data Security - 21st International Conference, FC 2017, Sliema, Malta, April 3--7, 2017, Revised Selected Papers (Lecture Notes in Computer Science), Aggelos Kiayias (Ed.), Vol. 10322. Springer, 561--578. https:\/\/doi.org\/10.1007\/978--3--319--70972--7_32"},{"key":"e_1_3_2_2_14_1","volume-title":"Third International Workshop, WS-FM 2006 Vienna, Austria, September 8--9, 2006, Proceedings. 88--106","author":"Bhargavan Karthikeyan","year":"1841","unstructured":"Karthikeyan Bhargavan , C\u00e9 dric Fournet , and Andrew D. Gordon . 2006. Verified Reference Implementations of WS-Security Protocols. In Web Services and Formal Methods , Third International Workshop, WS-FM 2006 Vienna, Austria, September 8--9, 2006, Proceedings. 88--106 . https:\/\/doi.org\/10.1007\/1 1841 197_6 10.1007\/11841197_6 Karthikeyan Bhargavan, C\u00e9 dric Fournet, and Andrew D. Gordon. 2006. Verified Reference Implementations of WS-Security Protocols. In Web Services and Formal Methods, Third International Workshop, WS-FM 2006 Vienna, Austria, September 8--9, 2006, Proceedings. 88--106. https:\/\/doi.org\/10.1007\/11841197_6"},{"key":"e_1_3_2_2_15_1","volume-title":"Second International Symposium, FMCO 2003","author":"Bhargavan Karthikeyan","year":"2003","unstructured":"Karthikeyan Bhargavan , C\u00e9 dric Fournet , Andrew D. Gordon , and Riccardo Pucella . 2003 . TulaFale: A Security Tool for Web Services. In Formal Methods for Components and Objects , Second International Symposium, FMCO 2003 , Leiden, The Netherlands, November 4--7 , 2003, Revised Lectures. 197--222. https:\/\/doi.org\/10.1007\/978--3--540--30101--1_9 10.1007\/978--3--540--30101--1_9 Karthikeyan Bhargavan, C\u00e9 dric Fournet, Andrew D. Gordon, and Riccardo Pucella. 2003. TulaFale: A Security Tool for Web Services. In Formal Methods for Components and Objects, Second International Symposium, FMCO 2003, Leiden, The Netherlands, November 4--7, 2003, Revised Lectures. 197--222. https:\/\/doi.org\/10.1007\/978--3--540--30101--1_9"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1452044.1452049"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-49162-7_12"},{"key":"e_1_3_2_2_18_1","volume-title":"An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001","author":"Blanchet Bruno","year":"2001","unstructured":"Bruno Blanchet . 2001 . An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001 ), 11--13 June 2001, Cape Breton, Nova Scotia, Canada. IEEE Computer Society, 82--96. https:\/\/doi.org\/10.1109\/CSFW. 2001.930138 10.1109\/CSFW.2001.930138 Bruno Blanchet. 2001. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), 11--13 June 2001, Cape Breton, Nova Scotia, Canada. IEEE Computer Society, 82--96. https:\/\/doi.org\/10.1109\/CSFW.2001.930138"},{"key":"e_1_3_2_2_19_1","volume-title":"26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20--24, 2006, Proceedings (Lecture Notes in Computer Science), Cynthia Dwork (Ed.)","volume":"4117","author":"Blanchet Bruno","year":"2006","unstructured":"Bruno Blanchet and David Pointcheval . 2006 . Automated Security Proofs with Sequences of Games. In Advances in Cryptology - CRYPTO 2006 , 26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20--24, 2006, Proceedings (Lecture Notes in Computer Science), Cynthia Dwork (Ed.) , Vol. 4117 . Springer, 537--554. https:\/\/doi.org\/10.1007\/1 1818175_32 10.1007\/11818175_32 Bruno Blanchet and David Pointcheval. 2006. Automated Security Proofs with Sequences of Games. In Advances in Cryptology - CRYPTO 2006, 26th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20--24, 2006, Proceedings (Lecture Notes in Computer Science), Cynthia Dwork (Ed.), Vol. 4117. Springer, 537--554. https:\/\/doi.org\/10.1007\/11818175_32"},{"key":"e_1_3_2_2_20_1","unstructured":"Bruno Blanchet Ben Smyth Vincent Cheval and Marc Sylvestre. 2018. ProVerif 2.00: Automatic Cryptographic Protocol Verifier User Manual and Tutorial. (2018). Version from 2018-05--16.  Bruno Blanchet Ben Smyth Vincent Cheval and Marc Sylvestre. 2018. ProVerif 2.00: Automatic Cryptographic Protocol Verifier User Manual and Tutorial. (2018). Version from 2018-05--16."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-005-0071-2"},{"key":"e_1_3_2_2_22_1","volume-title":"9th International Conference on Theory and Practice of Public-Key Cryptography","volume":"3958","author":"Boneh Dan","year":"2006","unstructured":"Dan Boneh , Emily Shen , and Brent Waters . 2006 . Strongly Unforgeable Signatures Based on Computational Diffie-Hellman. In Public Key Cryptography - PKC 2006 , 9th International Conference on Theory and Practice of Public-Key Cryptography , New York, NY, USA, April 24--26 , 2006, Proceedings (Lecture Notes in Computer Science), Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.), Vol. 3958 . Springer, 229--240. https:\/\/doi.org\/10.1007\/11745853_15 10.1007\/11745853_15 Dan Boneh, Emily Shen, and Brent Waters. 2006. Strongly Unforgeable Signatures Based on Computational Diffie-Hellman. In Public Key Cryptography - PKC 2006, 9th International Conference on Theory and Practice of Public-Key Cryptography, New York, NY, USA, April 24--26, 2006, Proceedings (Lecture Notes in Computer Science), Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.), Vol. 3958. Springer, 229--240. https:\/\/doi.org\/10.1007\/11745853_15"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-77050-3_10"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23394"},{"key":"e_1_3_2_2_25_1","volume-title":"Proceedings, Part I (Lecture Notes in Computer Science), Simon N. Foley, Dieter Gollmann, and Einar Snekkenes (Eds.)","volume":"10492","author":"Cremers Cas","year":"2017","unstructured":"Cas Cremers , Martin Dehnel-Wild , and Kevin Milner . 2017 a. Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5. In Computer Security - ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11--15, 2017 , Proceedings, Part I (Lecture Notes in Computer Science), Simon N. Foley, Dieter Gollmann, and Einar Snekkenes (Eds.) , Vol. 10492 . Springer, 389--407. https:\/\/doi.org\/10.1007\/978--3--319--66402--6_23 10.1007\/978--3--319--66402--6_23 Cas Cremers, Martin Dehnel-Wild, and Kevin Milner. 2017a. Secure Authentication in the Grid: A Formal Analysis of DNP3: SAv5. In Computer Security - ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11--15, 2017, Proceedings, Part I (Lecture Notes in Computer Science), Simon N. Foley, Dieter Gollmann, and Einar Snekkenes (Eds.), Vol. 10492. Springer, 389--407. https:\/\/doi.org\/10.1007\/978--3--319--66402--6_23"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134063"},{"key":"e_1_3_2_2_27_1","volume-title":"Resumption and Delayed Authentication. In IEEE Symposium on Security and Privacy, SP 2016","author":"Cremers Cas","year":"2016","unstructured":"Cas Cremers , Marko Horvat , Sam Scott , and Thyla van der Merwe. 2016. Automated Analysis and Verification of TLS 1.3: 0-RTT , Resumption and Delayed Authentication. In IEEE Symposium on Security and Privacy, SP 2016 , San Jose, CA, USA, May 22--26 , 2016 . IEEE Computer Society, 470--485. https:\/\/doi.org\/10.1109\/SP.2016.35 10.1109\/SP.2016.35 Cas Cremers, Marko Horvat, Sam Scott, and Thyla van der Merwe. 2016. Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication. In IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, May 22--26, 2016. IEEE Computer Society, 470--485. https:\/\/doi.org\/10.1109\/SP.2016.35"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2019.00013"},{"key":"e_1_3_2_2_29_1","volume-title":"Proceedings, Part II (Lecture Notes in Computer Science), Miroslaw Kutylowski and Jaideep Vaidya (Eds.)","volume":"8713","author":"Decker Christian","year":"2014","unstructured":"Christian Decker and Roger Wattenhofer . 2014 . Bitcoin Transaction Malleability and MtGox. In Computer Security - ESORICS 2014 - 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7--11, 2014 . Proceedings, Part II (Lecture Notes in Computer Science), Miroslaw Kutylowski and Jaideep Vaidya (Eds.) , Vol. 8713 . Springer, 313--326. https:\/\/doi.org\/10.1007\/978--3--319--11212--1_18 10.1007\/978--3--319--11212--1_18 Christian Decker and Roger Wattenhofer. 2014. Bitcoin Transaction Malleability and MtGox. In Computer Security - ESORICS 2014 - 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7--11, 2014. Proceedings, Part II (Lecture Notes in Computer Science), Miroslaw Kutylowski and Jaideep Vaidya (Eds.), Vol. 8713. Springer, 313--326. https:\/\/doi.org\/10.1007\/978--3--319--11212--1_18"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.58"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/BF00124891"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71209-1_41"},{"key":"e_1_3_2_2_33_1","volume-title":"Maude-NPA: Cryptographic protocol analysis modulo equational properties","author":"Escobar Santiago","unstructured":"Santiago Escobar , Catherine Meadows , and Jos\u00e9 Meseguer . 2009. Maude-NPA: Cryptographic protocol analysis modulo equational properties . In Foundations of Security Analysis and Design V. Springer , 1--50. Santiago Escobar, Catherine Meadows, and Jos\u00e9 Meseguer. 2009. Maude-NPA: Cryptographic protocol analysis modulo equational properties. In Foundations of Security Analysis and Design V. Springer, 1--50."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1137\/0217017"},{"key":"e_1_3_2_2_35_1","volume-title":"ACISP 2015, Brisbane, QLD, Australia, June 29 - July 1, 2015, Proceedings (Lecture Notes in Computer Science), Ernest Foo and Douglas Stebila (Eds.)","volume":"9144","author":"Felix","year":"1996","unstructured":"Felix G\u00fc nther and Bertram Poettering. 2015. Linkable Message Tagging: Solving the Key Distribution Problem of Signature Schemes. In Information Security and Privacy - 20th Australasian Conference , ACISP 2015, Brisbane, QLD, Australia, June 29 - July 1, 2015, Proceedings (Lecture Notes in Computer Science), Ernest Foo and Douglas Stebila (Eds.) , Vol. 9144 . Springer, 195--212. https:\/\/doi.org\/10.1007\/978--3--319-- 1996 2--7_12 10.1007\/978--3--319--19962--7_12 Felix G\u00fc nther and Bertram Poettering. 2015. Linkable Message Tagging: Solving the Key Distribution Problem of Signature Schemes. In Information Security and Privacy - 20th Australasian Conference, ACISP 2015, Brisbane, QLD, Australia, June 29 - July 1, 2015, Proceedings (Lecture Notes in Computer Science), Ernest Foo and Douglas Stebila (Eds.), Vol. 9144. Springer, 195--212. https:\/\/doi.org\/10.1007\/978--3--319--19962--7_12"},{"key":"e_1_3_2_2_36_1","unstructured":"ISO Central Secretary. 1999. Information technology security techniques - key management - Part 3: Mechanisms using asymmetric techniques.  ISO Central Secretary. 1999. Information technology security techniques - key management - Part 3: Mechanisms using asymmetric techniques."},{"key":"e_1_3_2_2_37_1","unstructured":"Dennis Jackson Cas Cremers Katriel Cohn-Gordon and Ralf Sasse. 2019. Supplementary Materials and Models. https:\/\/people.cispa.io\/cas.cremers\/downloads\/archives\/Tamarin_better_signatures.zip  Dennis Jackson Cas Cremers Katriel Cohn-Gordon and Ralf Sasse. 2019. Supplementary Materials and Models. https:\/\/people.cispa.io\/cas.cremers\/downloads\/archives\/Tamarin_better_signatures.zip"},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243798"},{"key":"e_1_3_2_2_39_1","volume-title":"It's possible to forge messages that cryptosignopen verifies if the public key is zero. https:\/\/github.com\/jedisct1\/libsodium\/issues\/112 Retrieved Feburary 2nd","year":"2019","unstructured":"jedisct1. 2016. It's possible to forge messages that cryptosignopen verifies if the public key is zero. https:\/\/github.com\/jedisct1\/libsodium\/issues\/112 Retrieved Feburary 2nd , 2019 from Issue 112 jedisct1\/libsodium. jedisct1. 2016. It's possible to forge messages that cryptosignopen verifies if the public key is zero. https:\/\/github.com\/jedisct1\/libsodium\/issues\/112 Retrieved Feburary 2nd, 2019 from Issue 112 jedisct1\/libsodium."},{"key":"e_1_3_2_2_40_1","first-page":"1","article-title":"Edwards-Curve Digital Signature Algorithm (EdDSA)","volume":"8032","author":"Josefsson Simon","year":"2017","unstructured":"Simon Josefsson and Ilari Liusvaara . 2017 . Edwards-Curve Digital Signature Algorithm (EdDSA) . RFC , Vol. 8032 (2017), 1 -- 60 . https:\/\/doi.org\/10.17487\/RFC8032 10.17487\/RFC8032 Simon Josefsson and Ilari Liusvaara. 2017. Edwards-Curve Digital Signature Algorithm (EdDSA). RFC, Vol. 8032 (2017), 1--60. https:\/\/doi.org\/10.17487\/RFC8032","journal-title":"RFC"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"crossref","unstructured":"B. Kaliski J. Jonsson and A. Rusch. 2016. PKCS# 1: RSA Cryptography Specifications Version 2.2 Section 9.2 Note 2. Technical Report.  B. Kaliski J. Jonsson and A. Rusch. 2016. PKCS# 1: RSA Cryptography Specifications Version 2.2 Section 9.2 Note 2. Technical Report.","DOI":"10.17487\/RFC8017"},{"key":"e_1_3_2_2_42_1","volume-title":"Introduction to Modern Cryptography","author":"Katz Jonathan","unstructured":"Jonathan Katz and Yehuda Lindell . 2014. Introduction to Modern Cryptography , Second Edition .CRC Press . Jonathan Katz and Yehuda Lindell. 2014. Introduction to Modern Cryptography, Second Edition .CRC Press."},{"key":"e_1_3_2_2_43_1","volume-title":"Yih-Chun Hu, and Adrian Perrig.","author":"Hyun-Jin Kim Tiffany","year":"2016","unstructured":"Tiffany Hyun-Jin Kim , Cristina Basescu , Limin Jia , Soo Bum Lee , Yih-Chun Hu, and Adrian Perrig. 2016 . Lightweight source authentication and path validation. In ACM SIGCOMM Computer Communication Review (2014), Vol. 44 . ACM , 271--282. Tiffany Hyun-Jin Kim, Cristina Basescu, Limin Jia, Soo Bum Lee, Yih-Chun Hu, and Adrian Perrig. 2016. Lightweight source authentication and path validation. In ACM SIGCOMM Computer Communication Review (2014), Vol. 44. ACM, 271--282."},{"key":"e_1_3_2_2_44_1","volume-title":"Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach. In 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017","author":"Kobeissi Nadim","year":"2017","unstructured":"Nadim Kobeissi , Karthikeyan Bhargavan , and Bruno Blanchet . 2017 . Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach. In 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017 , Paris, France, April 26--28 , 2017. IEEE, 435--450. https:\/\/doi.org\/10.1109\/EuroSP.2017.38 10.1109\/EuroSP.2017.38 Nadim Kobeissi, Karthikeyan Bhargavan, and Bruno Blanchet. 2017. Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach. In 2017 IEEE European Symposium on Security and Privacy, EuroS&P 2017, Paris, France, April 26--28, 2017. IEEE, 435--450. https:\/\/doi.org\/10.1109\/EuroSP.2017.38"},{"key":"e_1_3_2_2_45_1","first-page":"11","article-title":"Formal Proof for the Correctness of RSA-PSS","volume":"2006","author":"Lindenberg Christina","year":"2006","unstructured":"Christina Lindenberg , Kai Wirt , and Johannes A. Buchmann . 2006 . Formal Proof for the Correctness of RSA-PSS . IACR Cryptology ePrint Archive , Vol. 2006 (2006), 11 . http:\/\/eprint.iacr.org\/2006\/011 Christina Lindenberg, Kai Wirt, and Johannes A. Buchmann. 2006. Formal Proof for the Correctness of RSA-PSS. IACR Cryptology ePrint Archive, Vol. 2006 (2006), 11. http:\/\/eprint.iacr.org\/2006\/011","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1023\/B:DESI.0000036250.18062.3f"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-67080-5"},{"key":"e_1_3_2_2_48_1","volume-title":"Third International Conference, ACNS 2005, New York, NY, USA, June 7--10, 2005, Proceedings (Lecture Notes in Computer Science), John Ioannidis, Angelos D. Keromytis, and Moti Yung (Eds.)","volume":"3531","author":"Pornin Thomas","unstructured":"Thomas Pornin and Julien P. Stern . 2005. Digital Signatures Do Not Guarantee Exclusive Ownership. In Applied Cryptography and Network Security , Third International Conference, ACNS 2005, New York, NY, USA, June 7--10, 2005, Proceedings (Lecture Notes in Computer Science), John Ioannidis, Angelos D. Keromytis, and Moti Yung (Eds.) , Vol. 3531 . 138--150. https:\/\/doi.org\/10.1007\/11496137_10 10.1007\/11496137_10 Thomas Pornin and Julien P. Stern. 2005. Digital Signatures Do Not Guarantee Exclusive Ownership. In Applied Cryptography and Network Security, Third International Conference, ACNS 2005, New York, NY, USA, June 7--10, 2005, Proceedings (Lecture Notes in Computer Science), John Ioannidis, Angelos D. Keromytis, and Moti Yung (Eds.), Vol. 3531. 138--150. https:\/\/doi.org\/10.1007\/11496137_10"},{"key":"e_1_3_2_2_49_1","volume-title":"Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties. In 25th IEEE Computer Security Foundations Symposium, CSF 2012","author":"Schmidt Benedikt","year":"2012","unstructured":"Benedikt Schmidt , Simon Meier , Cas J. F. Cremers , and David A. Basin . 2012 . Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties. In 25th IEEE Computer Security Foundations Symposium, CSF 2012 , Cambridge, MA, USA, June 25--27 , 2012 , Stephen Chong (Ed.). IEEE Computer Society, 78--94. https:\/\/doi.org\/10.1109\/CSF.2012.25 10.1109\/CSF.2012.25 Benedikt Schmidt, Simon Meier, Cas J. F. Cremers, and David A. Basin. 2012. Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties. In 25th IEEE Computer Security Foundations Symposium, CSF 2012, Cambridge, MA, USA, June 25--27, 2012, Stephen Chong (Ed.). IEEE Computer Society, 78--94. https:\/\/doi.org\/10.1109\/CSF.2012.25"},{"key":"e_1_3_2_2_50_1","volume-title":"22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 18--22, 2002, Proceedings (Lecture Notes in Computer Science), Moti Yung (Ed.)","volume":"2442","author":"Stern Jacques","unstructured":"Jacques Stern , David Pointcheval , John Malone-Lee , and Nigel P. Smart . 2002. Flaws in Applying Proof Methodologies to Signature Schemes. In Advances in Cryptology - CRYPTO 2002 , 22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 18--22, 2002, Proceedings (Lecture Notes in Computer Science), Moti Yung (Ed.) , Vol. 2442 . Springer, 93--110. https:\/\/doi.org\/10.1007\/3--540--45708--9_7 10.1007\/3--540--45708--9_7 Jacques Stern, David Pointcheval, John Malone-Lee, and Nigel P. Smart. 2002. Flaws in Applying Proof Methodologies to Signature Schemes. In Advances in Cryptology - CRYPTO 2002, 22nd Annual International Cryptology Conference, Santa Barbara, California, USA, August 18--22, 2002, Proceedings (Lecture Notes in Computer Science), Moti Yung (Ed.), Vol. 2442. Springer, 93--110. https:\/\/doi.org\/10.1007\/3--540--45708--9_7"},{"key":"e_1_3_2_2_51_1","unstructured":"Tamarin Team. 2016. Tamarin-Prover Manual -- Security Protocol Analysis in the Symbolic Model.  Tamarin Team. 2016. Tamarin-Prover Manual -- Security Protocol Analysis in the Symbolic Model."},{"key":"e_1_3_2_2_52_1","volume-title":"6th International Workshop on Theory and Practice in Public Key Cryptography","author":"Vaudenay Serge","year":"2003","unstructured":"Serge Vaudenay . 2003 . The Security of DSA and ECDSA. In Public Key Cryptography - PKC 2003 , 6th International Workshop on Theory and Practice in Public Key Cryptography , Miami, FL, USA, January 6--8 , 2003, Proceedings. 309--323. https:\/\/doi.org\/10.1007\/3--540--36288--6_23 10.1007\/3--540--36288--6_23 Serge Vaudenay. 2003. The Security of DSA and ECDSA. In Public Key Cryptography - PKC 2003, 6th International Workshop on Theory and Practice in Public Key Cryptography, Miami, FL, USA, January 6--8, 2003, Proceedings. 309--323. https:\/\/doi.org\/10.1007\/3--540--36288--6_23"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660349"},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134043"}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","location":"London United Kingdom","acronym":"CCS '19","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3339813","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3339813","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:24:01Z","timestamp":1750202641000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3339813"}},"subtitle":["Automated Analysis of Subtle Attacks on Protocols that Use Signatures"],"short-title":[],"issued":{"date-parts":[[2019,11,6]]},"references-count":54,"alternative-id":["10.1145\/3319535.3339813","10.1145\/3319535"],"URL":"https:\/\/doi.org\/10.1145\/3319535.3339813","relation":{},"subject":[],"published":{"date-parts":[[2019,11,6]]},"assertion":[{"value":"2019-11-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}