{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T14:44:40Z","timestamp":1773153880054,"version":"3.50.1"},"reference-count":66,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2025,2,22]],"date-time":"2025-02-22T00:00:00Z","timestamp":1740182400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key R&D Program of China","doi-asserted-by":"crossref","award":["2021YFB3100100"],"award-info":[{"award-number":["2021YFB3100100"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"crossref"}]},{"name":"SOAR Prize from The University of Sydney, and research"},{"name":"Stellar Foundation, Ethereum Foundation and Protocol Labs"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2025,5,31]]},"abstract":"\n The cloud has become pervasive, and we ask: how can we protect cloud data against the cloud itself? For secure user-to-user communication via a cloud server, End-to-End encryption has been formally studied, building on existing TLS channels without requiring new primitives. However, enabling user-to-same-user secure outsourced data storage\u2013solving the analogous problem of \u201cprivacy from the server\u201d while (1) relying on existing infrastructure and (2) supporting user mobility, remains open. Existing proposals, like password-protected secret sharing, target the same goal but are incompatible with existing cloud storage services. Specifically, they lack the simplicity needed to directly utilize existing cloud\n storage<\/jats:italic>\n without requiring changes on the cloud side.\n <\/jats:p>\n \n Here, we propose a novel system for securely storing private data in existing cloud storage with the help of a key server (necessary, given the requirements). In our system, user data is secure against threats from the cloud server, the key server, and illegitimate users. Only the legitimate user can access the data on any device using a correct passphrase. Most importantly, our system does not require the storage server to support any newly programmable operations. Moreover, leveraging the existing App login, our system requires only one passphrase, which never leaves the user\u2019s device and remains hidden from both servers. The security is proved under formal models, and its efficiency is demonstrated by experiments conducted on Amazon S3. Notably, a preliminary variant, based on our principles, was deployed by Snapchat in their\n My Eyes Only<\/jats:italic>\n module, serving hundreds of millions of users!\n <\/jats:p>","DOI":"10.1145\/3707460","type":"journal-article","created":{"date-parts":[[2024,12,6]],"date-time":"2024-12-06T11:04:51Z","timestamp":1733483091000},"page":"1-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["End-to-Same-End Encryption: Modularly Augmenting an App with an Efficient, Portable, and Blind Cloud Storage"],"prefix":"10.1145","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3183-158X","authenticated-orcid":false,"given":"Long","family":"Chen","sequence":"first","affiliation":[{"name":"Institute of Software Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1413-7273","authenticated-orcid":false,"given":"Ya-Nan","family":"Li","sequence":"additional","affiliation":[{"name":"School of Computer Science, The University of Sydney, Sydney, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1113-6352","authenticated-orcid":false,"given":"Qiang","family":"Tang","sequence":"additional","affiliation":[{"name":"School of Computer Science, The University of Sydney, Sydney, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0848-0873","authenticated-orcid":false,"given":"Moti","family":"Yung","sequence":"additional","affiliation":[{"name":"Google Inc., New York, United States and Columbia University, New York, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,2,22]]},"reference":[{"key":"e_1_3_2_2_2","first-page":"61","volume-title":"ESORICS","author":"Abdalla Michel","year":"2016","unstructured":"Michel Abdalla, Mario Cornejo, Anca Nitulescu, and David Pointcheval. 2016. Robust password-protected secret sharing. In ESORICS. Springer, Berlin, 61\u201379."},{"key":"e_1_3_2_3_2","first-page":"261","volume-title":"IACR International Conference on Public-Key Cryptography","author":"Albrecht Martin R.","year":"2021","unstructured":"Martin R. Albrecht, Alex Davidson, Amit Deo, and Nigel P. Smart. 2021. Round-optimal verifiable oblivious pseudorandom functions from ideal lattices. In IACR International Conference on Public-Key Cryptography. Springer, 261\u2013289."},{"key":"e_1_3_2_4_2","volume-title":"https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/API\/Type_API_Reference.html","year":"2020","unstructured":"AWS. 2020. https:\/\/docs.aws.amazon.com\/AmazonS3\/latest\/API\/Type_API_Reference.htmlAccessed July 30, 2020."},{"key":"e_1_3_2_5_2","article-title":"Amazon EBS Pricing","year":"2020","unstructured":"AWS. 2020. Amazon EBS Pricing. https:\/\/aws.amazon.com\/ebs\/pricingAccessed July 31, 2020.","journal-title":"https:\/\/aws.amazon.com\/ebs\/pricing"},{"key":"e_1_3_2_6_2","article-title":"Amazon EC2 On-Demand Pricing","year":"2020","unstructured":"AWS. 2020. Amazon EC2 On-Demand Pricing. https:\/\/aws.amazon.com\/ec2\/pricing\/on-demandAccessed July 30, 2020.","journal-title":"https:\/\/aws.amazon.com\/ec2\/pricing\/on-demand"},{"key":"e_1_3_2_7_2","first-page":"433","volume-title":"CCS","author":"Bagherzandi Ali","year":"2011","unstructured":"Ali Bagherzandi, Stanislaw Jarecki, Nitesh Saxena, and Yanbin Lu. 2011. Password-protected secret sharing. In CCS. ACM, New York, 433\u2013444."},{"key":"e_1_3_2_8_2","first-page":"1213","volume-title":"USENIX Security","author":"Biondo Andrea","year":"2018","unstructured":"Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2018. The guard\u2019s dilemma: Efficient code-reuse attacks against intel SGX. In USENIX Security. USENIX Association, Berkeley, 1213\u20131227."},{"key":"e_1_3_2_9_2","first-page":"292","volume-title":"EuroS&P","author":"Biryukov Alex","year":"2016","unstructured":"Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich. 2016. Argon2: New generation of memory-hard functions for password hashing and other applications. In EuroS&P. IEEE, New York, 292\u2013302."},{"key":"e_1_3_2_10_2","first-page":"220","volume-title":"ASIACRYPT","author":"Boneh Dan","year":"2016","unstructured":"Dan Boneh, Henry Corrigan-Gibbs, and Stuart Schechter. 2016. Balloon hashing: A memory-hard function providing provable protection against sequential attacks. In ASIACRYPT. Springer, Berlin, 220\u2013248."},{"key":"e_1_3_2_11_2","first-page":"520","volume-title":"International Conference on the Theory and Application of Cryptology and Information Security","author":"Boneh Dan","year":"2020","unstructured":"Dan Boneh, Dmitry Kogan, and Katharine Woo. 2020. Oblivious pseudorandom functions from isogenies. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 520\u2013550."},{"key":"e_1_3_2_12_2","unstructured":"Jad S. Boutros Jiayuan Ma Filipe Jorge Marques de Almeida and Marcel M. Yung. 2019. Device Independent Encrypted Content Access System. US Patent 10 341 304."},{"key":"e_1_3_2_13_2","doi-asserted-by":"crossref","first-page":"228","DOI":"10.1145\/1533057.1533089","volume-title":"ASIACCS","author":"Boyen Xavier","year":"2009","unstructured":"Xavier Boyen. 2009. Hidden credential retrieval from a reusable password. In ASIACCS. ACM, New York, 228\u2013238."},{"key":"e_1_3_2_14_2","first-page":"12","volume-title":"WOOT","author":"Brasser Ferdinand","year":"2017","unstructured":"Ferdinand Brasser, Urs M\u00fcller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure: SGX cache attacks are practical. In WOOT. USENIX Association, Berkeley, 12 pages."},{"key":"e_1_3_2_15_2","first-page":"283","volume-title":"PKC","author":"Camenisch Jan","year":"2015","unstructured":"Jan Camenisch, Robert R. Enderlein, and Gregory Neven. 2015. Two-server password-authenticated secret sharing UC-secure against transient corruptions. In PKC. Springer, Berlin, 283\u2013307."},{"key":"e_1_3_2_16_2","first-page":"256","volume-title":"CRYPTO","author":"Camenisch Jan","year":"2014","unstructured":"Jan Camenisch, Anja Lehmann, Anna Lysyanskaya, and Gregory Neven. 2014. Memento: How to reconstruct your secrets from a single password in a hostile environment. In CRYPTO. Springer, Berlin, 256\u2013275."},{"key":"e_1_3_2_17_2","first-page":"525","volume-title":"CCS","author":"Camenisch Jan","year":"2012","unstructured":"Jan Camenisch, Anna Lysyanskaya, and Gregory Neven. 2012. Practical yet universally composable two-server password-authenticated secret sharing. In CCS. ACM, New York, 525\u2013536."},{"key":"e_1_3_2_18_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"590","DOI":"10.1007\/978-3-030-64840-4_20","volume-title":"ASIACRYPT (3)","author":"Chen Long","year":"2020","unstructured":"Long Chen, Yanan Li, and Qiang Tang. 2020. CCA updatable encryption against malicious re-encryption attacks. In ASIACRYPT (3)(Lecture Notes in Computer Science, Vol. 12493). Springer, 590\u2013620."},{"key":"e_1_3_2_19_2","article-title":"Occam\u2019s Razor in Software Development","author":"Coder Kaizen","year":"2020","unstructured":"Kaizen Coder. 2020. Occam\u2019s Razor in Software Development. https:\/\/www.cirdangroup.com\/cirdan-blog\/occams-razor-in-software-developmentAccessed January 12, 2020.","journal-title":"https:\/\/www.cirdangroup.com\/cirdan-blog\/occams-razor-in-software-development"},{"key":"e_1_3_2_20_2","first-page":"1121","volume-title":"14th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201920)","author":"Dauterman Emma","year":"2020","unstructured":"Emma Dauterman, Henry Corrigan-Gibbs, and David Mazi\u00e8res. 2020. \\(\\lbrace\\) SafetyPin \\(\\rbrace\\) : Encrypted backups with \\(\\lbrace\\) Human-Memorable \\(\\rbrace\\) secrets. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201920). USENIX Association, Berkeley, 1121\u20131138."},{"key":"e_1_3_2_21_2","article-title":"Dropbox for Java Developers","year":"2020","unstructured":"Dropbox. 2020. Dropbox for Java Developers. https:\/\/www.dropbox.com\/developers\/documentation\/javaAccessed July 30, 2020.","journal-title":"https:\/\/www.dropbox.com\/developers\/documentation\/java"},{"key":"e_1_3_2_22_2","first-page":"547","volume-title":"USENIX Security","author":"Everspaugh Adam","year":"2015","unstructured":"Adam Everspaugh, Rahul Chaterjee, Samuel Scott, Ari Juels, and Thomas Ristenpart. 2015. The Pythia PRF service. In USENIX Security. USENIX Association, Berkeley, 547\u2013562."},{"key":"e_1_3_2_23_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"98","DOI":"10.1007\/978-3-319-63697-9_4","volume-title":"CRYPTO (3)","author":"Everspaugh Adam","year":"2017","unstructured":"Adam Everspaugh, Kenneth G. Paterson, Thomas Ristenpart, and Samuel Scott. 2017. Key rotation for authenticated encryption. In CRYPTO (3)(Lecture Notes in Computer Science, Vol. 10403). Springer, 98\u2013129."},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30576-7_17"},{"key":"e_1_3_2_25_2","article-title":"Cloud Storage Client Libraries","year":"2020","unstructured":"Google. 2020. Cloud Storage Client Libraries. https:\/\/cloud.google.com\/storage\/docs\/reference\/librariesAccessed July 30, 2020.","journal-title":"https:\/\/cloud.google.com\/storage\/docs\/reference\/libraries"},{"key":"e_1_3_2_26_2","article-title":"The role of Occam\u2019s razor in agile software development","author":"Group Cirdan","year":"2020","unstructured":"Cirdan Group. 2020. The role of Occam\u2019s razor in agile software development. https:\/\/www.cirdangroup.com\/cirdan-blog\/occams-razor-in-software-developmentAccessed January 12, 2020.","journal-title":"https:\/\/www.cirdangroup.com\/cirdan-blog\/occams-razor-in-software-development"},{"key":"e_1_3_2_27_2","doi-asserted-by":"crossref","unstructured":"Eran Hammer-Lahav. 2010. The OAuth 1.0 Protocol.","DOI":"10.17487\/rfc5849"},{"key":"e_1_3_2_28_2","doi-asserted-by":"crossref","unstructured":"Dick Hardt. 2012. The OAuth 2.0 Authorization Framework.","DOI":"10.17487\/rfc6749"},{"key":"e_1_3_2_29_2","article-title":"Manage Passwords","author":"Help Google Chrome","year":"2021","unstructured":"Google Chrome Help. 2021. Manage Passwords. Website. https:\/\/support.google.com\/chrome\/answer\/95606?co=GENIE.Platform","journal-title":"Website"},{"key":"e_1_3_2_30_2","article-title":"IBM HSM Products","author":"Security IBM","year":"2018","unstructured":"IBM Security. 2018. IBM HSM Products. https:\/\/www.ibm.com\/security\/cryptocards","journal-title":"https:\/\/www.ibm.com\/security\/cryptocards"},{"key":"e_1_3_2_31_2","article-title":"Set up iCloud Keychain","author":"Inc. Apple","year":"2021","unstructured":"Apple Inc.2021. Set up iCloud Keychain. Website. SetupiCloudKeychain.","journal-title":"Website"},{"key":"e_1_3_2_32_2","article-title":"Everything you want to know about TikTok","year":"2017","unstructured":"Intricately. 2017. Everything you want to know about TikTok. https:\/\/my.intricately.com\/companies\/tiktokOnline; accessed 6 January 2020.","journal-title":"https:\/\/my.intricately.com\/companies\/tiktok"},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32009-5_17"},{"key":"e_1_3_2_34_2","first-page":"233","volume-title":"ASIACRYPT","author":"Jarecki Stanislaw","year":"2014","unstructured":"Stanislaw Jarecki, Aggelos Kiayias, and Hugo Krawczyk. 2014. Round-optimal password-protected secret sharing and T-PAKE in the password-only model. In ASIACRYPT. Springer, Berlin, 233\u2013253."},{"key":"e_1_3_2_35_2","first-page":"276","volume-title":"EuroS&P","author":"Jarecki Stanislaw","year":"2016","unstructured":"Stanislaw Jarecki, Aggelos Kiayias, Hugo Krawczyk, and Jiayu Xu. 2016. Highly-efficient and composable password-protected secret sharing (or: How to protect your bitcoin wallet online). In EuroS&P. IEEE, New York, 276\u2013291."},{"key":"e_1_3_2_36_2","first-page":"39","volume-title":"ACNS","author":"Jarecki Stanis\u0142aw","year":"2017","unstructured":"Stanis\u0142aw Jarecki, Aggelos Kiayias, Hugo Krawczyk, and Jiayu Xu. 2017. TOPPSS: Cost-minimal password-protected secret sharing based on threshold OPRF. In ACNS. Springer, Berlin, 39\u201358."},{"key":"e_1_3_2_37_2","first-page":"379","volume-title":"CCS","author":"Jarecki Stanislaw","year":"2019","unstructured":"Stanislaw Jarecki, Hugo Krawczyk, and Jason Resch. 2019. Updatable oblivious key management for storage systems. In CCS. ACM, New York, 379\u2013393."},{"key":"e_1_3_2_38_2","article-title":"Do Snapchat Memories Take Up Space on Your Phone?","author":"Jones Brandon","year":"2017","unstructured":"Brandon Jones. 2017. Do Snapchat Memories Take Up Space on Your Phone? https:\/\/www.psafe.com\/en\/blog\/snapchat-memories-take-space-phone\/Online; accessed 6 January 2020.","journal-title":"https:\/\/www.psafe.com\/en\/blog\/snapchat-memories-take-space-phone\/"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40041-4_24"},{"key":"e_1_3_2_40_2","article-title":"How Private Is Your Public Cloud? Stacking Up Google, Microsoft and AWS Data Privacy","author":"Kuranda Sarah","year":"2016","unstructured":"Sarah Kuranda. 2016. How Private Is Your Public Cloud? Stacking Up Google, Microsoft and AWS Data Privacy. https:\/\/www.crn.com\/news\/cloud\/300081714\/how-private-is-your-public-cloud-stacking-up-google-microsoft-and-aws-data-privacy.htmOnline; accessed 6 January 2020.","journal-title":"https:\/\/www.crn.com\/news\/cloud\/300081714\/how-private-is-your-public-cloud-stacking-up-google-microsoft-and-aws-data-privacy.htm"},{"key":"e_1_3_2_41_2","first-page":"1405","volume-title":"USENIX Security","author":"Lai Russell W. F.","year":"2018","unstructured":"Russell W. F. Lai, Christoph Egger, Manuel Reinert, Sherman S. M. Chow, Matteo Maffei, and Dominique Schr\u00f6der. 2018. Simple password-hardened encryption services. In USENIX Security. USENIX Association, Berkeley, 1405\u20131421."},{"key":"e_1_3_2_42_2","first-page":"899","volume-title":"USENIX Security","author":"Lai Russell W. F.","year":"2017","unstructured":"Russell W. F. Lai, Christoph Egger, Dominique Schr\u00f6der, and Sherman S. M. Chow. 2017. Phoenix: Rebirth of a cryptographic password-hardening service. In USENIX Security. USENIX Association, Berkeley, 899\u2013916."},{"key":"e_1_3_2_43_2","first-page":"385","volume-title":"CRYPTO","author":"MacKenzie Philip","year":"2002","unstructured":"Philip MacKenzie, Thomas Shrimpton, and Markus Jakobsson. 2002. Threshold password-authenticated key exchange. In CRYPTO. Springer, Berlin, 385\u2013400."},{"key":"e_1_3_2_44_2","first-page":".","article-title":"Federated learning: Collaborative machine learning without centralized training data","volume":"3","author":"McMahan Brendan","year":"2017","unstructured":"Brendan McMahan and Daniel Ramage. 2017. Federated learning: Collaborative machine learning without centralized training data. Google Research Blog 3 (2017), .","journal-title":"Google Research Blog"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-55035-5_18"},{"key":"e_1_3_2_46_2","article-title":"How Facebook Moved 20 Billion Instagram Photos Without You Noticing","author":"Metz Cade","year":"2014","unstructured":"Cade Metz. 2014. How Facebook Moved 20 Billion Instagram Photos Without You Noticing. https:\/\/www.wired.com\/2014\/06\/facebook-instagram\/Online; accessed 6 January 2020.","journal-title":"https:\/\/www.wired.com\/2014\/06\/facebook-instagram\/"},{"key":"e_1_3_2_47_2","article-title":"Azure Storage Libraries for Java","year":"2020","unstructured":"Microsoft. 2020. Azure Storage Libraries for Java. https:\/\/docs.microsoft.com\/en-us\/java\/api\/overview\/azure\/storagePublished February 13, 2020.","journal-title":"https:\/\/docs.microsoft.com\/en-us\/java\/api\/overview\/azure\/storage"},{"key":"e_1_3_2_48_2","unstructured":"D. Moody. 2016. Post-quantum Cryptography: NIST\u2019s Plans for the Future. Presentation at PKC 2016."},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8018"},{"key":"e_1_3_2_50_2","first-page":"47","volume-title":"ADC","author":"Mugridge Rick","year":"2003","unstructured":"Rick Mugridge. 2003. Test driven development and the scientific method. In ADC. IEEE, New York, 47\u201352."},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.5555\/795663.796378"},{"key":"e_1_3_2_52_2","first-page":"227","volume-title":"USENIX ATC","author":"Oleksenko Oleksii","year":"2018","unstructured":"Oleksii Oleksenko, Bohdan Trach, Robert Krahn, Mark Silberstein, and Christof Fetzer. 2018. Varys: Protecting SGX enclaves from practical side-channel attacks. In USENIX ATC. USENIX Association, Berkeley, 227\u2013240."},{"key":"e_1_3_2_53_2","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1007\/978-3-030-44223-1_5","volume-title":"International Conference on Post-Quantum Cryptography","author":"Paquin Christian","year":"2020","unstructured":"Christian Paquin, Douglas Stebila, and Goutam Tamvada. 2020. Benchmarking post-quantum cryptography in TLS. In International Conference on Post-Quantum Cryptography. Springer, 72\u201391."},{"key":"e_1_3_2_54_2","first-page":"295","volume-title":"CCS","author":"Pearman Sarah","year":"2017","unstructured":"Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, and Alain Forget. 2017. Let\u2019s go in for a closer look: Observing passwords in their natural habitat. In CCS. ACM, New York, 295\u2013310."},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7914"},{"key":"e_1_3_2_56_2","first-page":"1192","volume-title":"CCS","author":"Schneider Jonas","year":"2016","unstructured":"Jonas Schneider, Nils Fleischhacker, Dominique Schr\u00f6der, and Michael Backes. 2016. Efficient cryptographic password hardening services from partially oblivious commitments. In CCS. ACM, New York, 1192\u20131203."},{"key":"e_1_3_2_57_2","volume-title":"2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Schwabe Peter","year":"2020","unstructured":"Peter Schwabe, Douglas Stebila, and Thom Wiggers. 2020. Post-quantum TLS without handshake signatures. In 2020 ACM SIGSAC Conference on Computer and Communications Security."},{"key":"e_1_3_2_58_2","article-title":"How WhatsApp is Enabling End-to-end Encrypted Backups","author":"Security WhatsApp","year":"2021","unstructured":"WhatsApp Security. 2021. How WhatsApp is Enabling End-to-end Encrypted Backups. Website. https:\/\/www.whatsapp.com\/security\/WhatsApp_Security_Encrypted_Backups_Whitepaper.pdf","journal-title":"Website"},{"key":"e_1_3_2_59_2","first-page":"1094","volume-title":"ICDCS","author":"Shirvanian Maliheh","year":"2017","unstructured":"Maliheh Shirvanian, Stanislaw Jareckiy, Hugo Krawczykz, and Nitesh Saxena. 2017. Sphinx: A password store that perfectly hides passwords from itself. In ICDCS. IEEE, New York, 1094\u20131104."},{"key":"e_1_3_2_60_2","article-title":"How to Use My Eyes Only","year":"2020","unstructured":"Snapchat. 2020. How to Use My Eyes Only. https:\/\/support.snapchat.com\/en-US\/a\/my-eyes-onlyAccessed July 22, 2020.","journal-title":"https:\/\/support.snapchat.com\/en-US\/a\/my-eyes-only"},{"key":"e_1_3_2_61_2","article-title":"Occam\u2019s Razor: The Simplest Solution is Always the Best","author":"Soegaard Mads","year":"2020","unstructured":"Mads Soegaard. 2020. Occam\u2019s Razor: The Simplest Solution is Always the Best. https:\/\/www.cirdangroup.com\/cirdan-blog\/occams-razor-in-software-developmentAccessed January 12, 2020.","journal-title":"https:\/\/www.cirdangroup.com\/cirdan-blog\/occams-razor-in-software-development"},{"key":"e_1_3_2_62_2","first-page":"15","article-title":"Universal 2nd factor (U2F) overview","author":"Srinivas Sampath","year":"2015","unstructured":"Sampath Srinivas, Dirk Balfanz, Eric Tiffany, FIDO Alliance, and Alexei Czeskis. 2015. Universal 2nd factor (U2F) overview. FIDO Alliance Proposed Standard . (2015), 15 pages.","journal-title":"FIDO Alliance Proposed Standard"},{"key":"e_1_3_2_63_2","first-page":"1","volume-title":"SysTEXSOSP","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A practical attack framework for precise enclave execution control. In SysTEXSOSP. ACM, New York, 1\u20136."},{"key":"e_1_3_2_64_2","first-page":"385","article-title":"The EU general data protection regulation (GDPR)","author":"Voigt Paul","year":"2017","unstructured":"Paul Voigt and Axel Von dem Bussche. 2017. The EU general data protection regulation (GDPR). A Practical Guide, 1st Ed., Cham: Springer International Publishing . (2017), 385 pages.","journal-title":"A Practical Guide, 1st Ed., Cham: Springer International Publishing"},{"key":"e_1_3_2_65_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-24177-7_23"},{"key":"e_1_3_2_66_2","first-page":"1242","volume-title":"CCS","author":"Wang Ding","year":"2016","unstructured":"Ding Wang, Zijian Zhang, Ping Wang, Jeff Yan, and Xinyi Huang. 2016. Targeted online password guessing: An underestimated threat. In CCS. ACM, New York, 1242\u20131254."},{"key":"e_1_3_2_67_2","first-page":"153","volume-title":"AsiaCCS","author":"Zhang Lin","year":"2016","unstructured":"Lin Zhang, Zhenfeng Zhang, and Xuexian Hu. 2016. UC-secure two-server password-based authentication protocol and its applications. In AsiaCCS. ACM, New York, 153\u2013164."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3707460","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3707460","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:38Z","timestamp":1750295858000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3707460"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,22]]},"references-count":66,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,5,31]]}},"alternative-id":["10.1145\/3707460"],"URL":"https:\/\/doi.org\/10.1145\/3707460","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,22]]},"assertion":[{"value":"2022-12-28","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-11-27","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-02-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}