{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,10,7]],"date-time":"2023-10-07T12:21:26Z","timestamp":1696681286415},"reference-count":77,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"3","license":[{"start":{"date-parts":[[2020,7,1]],"date-time":"2020-07-01T00:00:00Z","timestamp":1593561600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,7,1]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Users\u2019 devices, e.g., smartphones or laptops, are typically incapable of securely storing and processing cryptographic keys.We present T<jats:sc>andem<\/jats:sc>, a novel set of protocols for securing cryptographic keys with support from a central server. T<jats:sc>andem<\/jats:sc>uses<jats:italic>one-time-use key-share tokens<\/jats:italic>to preserve users\u2019 privacy with respect to a malicious central server. Additionally, T<jats:sc>andem<\/jats:sc>enables users to block their keys if they lose their device, and it enables the server to limit how often an adversary can use an unblocked key. We prove T<jats:sc>andem<\/jats:sc>\u2019s security and privacy properties, apply T<jats:sc>andem<\/jats:sc>to attributebased credentials, and implement a T<jats:sc>andem<\/jats:sc>proof of concept to show that it causes little overhead.<\/jats:p>","DOI":"10.2478\/popets-2020-0055","type":"journal-article","created":{"date-parts":[[2020,8,28]],"date-time":"2020-08-28T14:44:00Z","timestamp":1598625840000},"page":"327-355","source":"Crossref","is-referenced-by-count":0,"title":["Tandem: Securing Keys by Using a Central Server While Preserving Privacy"],"prefix":"10.56553","volume":"2020","author":[{"given":"Wouter","family":"Lueks","sequence":"first","affiliation":[{"name":"SPRING Lab , EPFL"}]},{"given":"Brinda","family":"Hampiholi","sequence":"additional","affiliation":[{"name":"Philips Research, all work done while a PhD student at Radboud University"}]},{"given":"Greg","family":"Alp\u00e1r","sequence":"additional","affiliation":[{"name":"Open University of the Netherlands, and Radboud University"}]},{"given":"Carmela","family":"Troncoso","sequence":"additional","affiliation":[{"name":"SPRING Lab, EPFL"}]}],"member":"35752","published-online":{"date-parts":[[2020,8,17]]},"reference":[{"key":"2022062314354555145_j_popets-2020-0055_ref_001_w2aab3b7c28b1b6b1ab1ab1Aa","unstructured":"[1] Timothy G. Abbott, Katherine J. Lai, Michael R. Lieberman, and Eric C. Price. 2007. Browser-Based Attacks on Tor. In PETS 2007."},{"key":"2022062314354555145_j_popets-2020-0055_ref_002_w2aab3b7c28b1b6b1ab1ab2Aa","doi-asserted-by":"crossref","unstructured":"[2] Tolga Acar, Mira Belenkiy, and Alptekin K\u00fcp\u00e7\u00fc. 2013. Single password authentication. Computer Networks 57, 13 (2013).10.1016\/j.comnet.2013.05.007","DOI":"10.1016\/j.comnet.2013.05.007"},{"key":"2022062314354555145_j_popets-2020-0055_ref_003_w2aab3b7c28b1b6b1ab1ab3Aa","doi-asserted-by":"crossref","unstructured":"[3] Jes\u00fas F. Almansa, Ivan Damg\u00e5rd, and Jesper Buus Nielsen. 2006. Simplified Threshold-RSA with Adaptive and Proactive Security. In EUROCRYPT 2006.10.1007\/11761679_35","DOI":"10.1007\/11761679_35"},{"key":"2022062314354555145_j_popets-2020-0055_ref_004_w2aab3b7c28b1b6b1ab1ab4Aa","unstructured":"[4] Gergely Alp\u00e1r, Fabian van den Broek, Brinda Hampiholi, Bart Jacobs, Wouter Lueks, and Sietse Ringers. 2017. IRMA: Practical, Decentralized and Privacy-friendly Identity Management Using Smartphones. In HotPETs 2017."},{"key":"2022062314354555145_j_popets-2020-0055_ref_005_w2aab3b7c28b1b6b1ab1ab5Aa","unstructured":"[5] Android security website. 2017. Developing third party applications with Trusty TEE. https:\/\/source.android.com\/security\/trusty\/#third-party_trusty_applications. (2017)."},{"key":"2022062314354555145_j_popets-2020-0055_ref_006_w2aab3b7c28b1b6b1ab1ab6Aa","unstructured":"[6] D. F. Aranha and C. P. L. Gouv\u00eaa. 2020. RELIC is an Efficient Library for Cryptography. https:\/\/github.com\/relictoolkit\/relic. (2020)."},{"key":"2022062314354555145_j_popets-2020-0055_ref_007_w2aab3b7c28b1b6b1ab1ab7Aa","doi-asserted-by":"crossref","unstructured":"[7] Erinn Atwater and Urs Hengartner. 2016. Shatter: Using Threshold Cryptography to Protect Single Users with Multiple Devices. In WISEC 2016.10.1145\/2939918.2939932","DOI":"10.1145\/2939918.2939932"},{"key":"2022062314354555145_j_popets-2020-0055_ref_008_w2aab3b7c28b1b6b1ab1ab8Aa","unstructured":"[8] Man Ho Au, Willy Susilo, and Yi Mu. 2006. Constant-Size Dynamic k-TAA. In SCN 2006."},{"key":"2022062314354555145_j_popets-2020-0055_ref_009_w2aab3b7c28b1b6b1ab1ab9Aa","unstructured":"[9] Man Ho Au, Patrick P. Tsang, and Apu Kapadia. 2011. PEREA: Practical TTP-free Revocation of Repeatedly Misbehaving Anonymous Users. TISSEC (2011)."},{"key":"2022062314354555145_j_popets-2020-0055_ref_010_w2aab3b7c28b1b6b1ab1ac10Aa","doi-asserted-by":"crossref","unstructured":"[10] Foteini Baldimtsi and Anna Lysyanskaya. 2013. Anonymous credentials light. In CCS 2013.10.1145\/2508859.2516687","DOI":"10.1145\/2508859.2516687"},{"key":"2022062314354555145_j_popets-2020-0055_ref_011_w2aab3b7c28b1b6b1ab1ac11Aa","doi-asserted-by":"crossref","unstructured":"[11] Ero Balsa, Carmela Troncoso, and Claudia D\u00edaz. 2012. OBPWS: Obfuscation-Based Private Web Search. In S&P 2012.10.1109\/SP.2012.36","DOI":"10.1109\/SP.2012.36"},{"key":"2022062314354555145_j_popets-2020-0055_ref_012_w2aab3b7c28b1b6b1ab1ac12Aa","doi-asserted-by":"crossref","unstructured":"[12] Manuel Barbosa, Dario Catalano, and Dario Fiore. 2017. Labeled Homomorphic Encryption: Scalable and Privacy-Preserving Processing of Outsourced Data. In ESORICS 2017.10.1007\/978-3-319-66402-6_10","DOI":"10.1007\/978-3-319-66402-6_10"},{"key":"2022062314354555145_j_popets-2020-0055_ref_013_w2aab3b7c28b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] Mihir Bellare and Shafi Goldwasser. 1997. Verifiable Partial Key Escrow. In CCS 1997.10.1145\/266420.266439","DOI":"10.1145\/266420.266439"},{"key":"2022062314354555145_j_popets-2020-0055_ref_014_w2aab3b7c28b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] Patrik Bichsel, Jan Camenisch, Gregory Neven, Nigel P. Smart, and Bogdan Warinschi. 2010. Get Shorty via Group Signatures without Encryption. In SCN 2010.10.1007\/978-3-642-15317-4_24","DOI":"10.1007\/978-3-642-15317-4_24"},{"key":"2022062314354555145_j_popets-2020-0055_ref_015_w2aab3b7c28b1b6b1ab1ac15Aa","doi-asserted-by":"crossref","unstructured":"[15] Dan Boneh, Xuhua Ding, and Gene Tsudik. 2004. Finegrained Control of Security Capabilities. TOIT (2004).10.1145\/967030.967033","DOI":"10.1145\/967030.967033"},{"key":"2022062314354555145_j_popets-2020-0055_ref_016_w2aab3b7c28b1b6b1ab1ac16Aa","unstructured":"[16] Dan Boneh, Xuhua Ding, Gene Tsudik, and Chi-Ming Wong. 2001. A Method for Fast Revocation of Public Key Certificates and Security Capabilities. In USENIX 2001."},{"key":"2022062314354555145_j_popets-2020-0055_ref_017_w2aab3b7c28b1b6b1ab1ac17Aa","unstructured":"[17] Colin Boyd. 1989. Digital Multisignatures. Cryptography and Coding (1989)."},{"key":"2022062314354555145_j_popets-2020-0055_ref_018_w2aab3b7c28b1b6b1ab1ac18Aa","doi-asserted-by":"crossref","unstructured":"[18] Stefan A Brands. 2000. Rethinking public key infrastructures and digital certificates: building in privacy. MIT Press.10.7551\/mitpress\/5931.001.0001","DOI":"10.7551\/mitpress\/5931.001.0001"},{"key":"2022062314354555145_j_popets-2020-0055_ref_019_w2aab3b7c28b1b6b1ab1ac19Aa","doi-asserted-by":"crossref","unstructured":"[19] Gilles Brassard, David Chaum, and Claude Cr\u00e9peau. 1988. Minimum Disclosure Proofs of Knowledge. J. Comput. Syst. Sci. (1988).10.1016\/0022-0000(88)90005-0","DOI":"10.1016\/0022-0000(88)90005-0"},{"key":"2022062314354555145_j_popets-2020-0055_ref_020_w2aab3b7c28b1b6b1ab1ac20Aa","doi-asserted-by":"crossref","unstructured":"[20] Ahto Buldas, Aivo J\u00fcrgenson, Aivo Kalu, and Mart Oruaas. 2017. Server-Supported RSA Signatures for Mobile Devices. In ESORICS 2017.10.1007\/978-3-319-66402-6_19","DOI":"10.1007\/978-3-319-66402-6_19"},{"key":"2022062314354555145_j_popets-2020-0055_ref_021_w2aab3b7c28b1b6b1ab1ac21Aa","doi-asserted-by":"crossref","unstructured":"[21] Jan Camenisch and Els Van Herreweghen. 2002. Design and Implementation of the Idemix Anonymous Credential System. In CCS 2002.10.1145\/586110.586114","DOI":"10.1145\/586110.586114"},{"key":"2022062314354555145_j_popets-2020-0055_ref_022_w2aab3b7c28b1b6b1ab1ac22Aa","doi-asserted-by":"crossref","unstructured":"[22] Jan Camenisch, Susan Hohenberger, Markulf Kohlweiss, Anna Lysyanskaya, and Mira Meyerovich. 2006. How to Win the Clone Wars: Efficient Periodic n-times Anonymous Authentication. In CCS 2006.10.1145\/1180405.1180431","DOI":"10.1145\/1180405.1180431"},{"key":"2022062314354555145_j_popets-2020-0055_ref_023_w2aab3b7c28b1b6b1ab1ac23Aa","doi-asserted-by":"crossref","unstructured":"[23] Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya. 2005. Compact E-Cash. In EUROCRYPT 2005.10.1007\/11426639_18","DOI":"10.1007\/11426639_18"},{"key":"2022062314354555145_j_popets-2020-0055_ref_024_w2aab3b7c28b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] Jan Camenisch, Markulf Kohlweiss, and Claudio Soriente. 2009. An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials. In PKC 2009.10.1007\/978-3-642-00468-1_27","DOI":"10.1007\/978-3-642-00468-1_27"},{"key":"2022062314354555145_j_popets-2020-0055_ref_025_w2aab3b7c28b1b6b1ab1ac25Aa","doi-asserted-by":"crossref","unstructured":"[25] Jan Camenisch, Anja Lehmann, and Gregory Neven. 2015. Optimal Distributed Password Verification. In CCS 2015.10.1145\/2810103.2813722","DOI":"10.1145\/2810103.2813722"},{"key":"2022062314354555145_j_popets-2020-0055_ref_026_w2aab3b7c28b1b6b1ab1ac26Aa","doi-asserted-by":"crossref","unstructured":"[26] Jan Camenisch, Anja Lehmann, Gregory Neven, and Kai Samelin. 2016. Virtual Smart Cards: How to Sign with a Password and a Server. In SCN 2016.10.1007\/978-3-319-44618-9_19","DOI":"10.1007\/978-3-319-44618-9_19"},{"key":"2022062314354555145_j_popets-2020-0055_ref_027_w2aab3b7c28b1b6b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] Jan Camenisch and Anna Lysyanskaya. 2002. A Signature Scheme with Efficient Protocols. In SCN 2002.10.1007\/3-540-36413-7_20","DOI":"10.1007\/3-540-36413-7_20"},{"key":"2022062314354555145_j_popets-2020-0055_ref_028_w2aab3b7c28b1b6b1ab1ac28Aa","doi-asserted-by":"crossref","unstructured":"[28] Jan Camenisch and Anna Lysyanskaya. 2004. Signature Schemes and Anonymous Credentials from Bilinear Maps. In CRYPTO 2004.10.1007\/978-3-540-28628-8_4","DOI":"10.1007\/978-3-540-28628-8_4"},{"key":"2022062314354555145_j_popets-2020-0055_ref_029_w2aab3b7c28b1b6b1ab1ac29Aa","doi-asserted-by":"crossref","unstructured":"[29] Ran Canetti, Hugo Krawczyk, and Jesper Buus Nielsen. 2003. Relaxing Chosen-Ciphertext Security. In CRYPTO 2003.10.1007\/978-3-540-45146-4_33","DOI":"10.1007\/978-3-540-45146-4_33"},{"key":"2022062314354555145_j_popets-2020-0055_ref_030_w2aab3b7c28b1b6b1ab1ac30Aa","unstructured":"[30] David Chaum, Amos Fiat, and Moni Naor. Untraceable Electronic Cash. In CRYPTO \u201988."},{"key":"2022062314354555145_j_popets-2020-0055_ref_031_w2aab3b7c28b1b6b1ab1ac31Aa","doi-asserted-by":"crossref","unstructured":"[31] Richard Chow and Philippe Golle. 2009. Faking Contextual Data for Fun, Profit, and Privacy. In WPES 2009.10.1145\/1655188.1655204","DOI":"10.1145\/1655188.1655204"},{"key":"2022062314354555145_j_popets-2020-0055_ref_032_w2aab3b7c28b1b6b1ab1ac32Aa","unstructured":"[32] Sanchari Das, Andrew Dingman, and L Jean Camp. 2018. Why Johnny Doesn\u2019t Use Two Factor A Two-Phase Usability Study of the FIDO U2FSecurity Key. In FC 2018."},{"key":"2022062314354555145_j_popets-2020-0055_ref_033_w2aab3b7c28b1b6b1ab1ac33Aa","doi-asserted-by":"crossref","unstructured":"[33] Yvo Desmedt. 1987. Society and Group Oriented Cryptography: A New Concept. In CRYPTO \u201987.10.1007\/3-540-48184-2_8","DOI":"10.1007\/3-540-48184-2_8"},{"key":"2022062314354555145_j_popets-2020-0055_ref_034_w2aab3b7c28b1b6b1ab1ac34Aa","unstructured":"[34] Yvo Desmedt and Yair Frankel. 1991. Shared Generation of Authenticators and Signatures (Extended Abstract). In CRYPTO \u201991."},{"key":"2022062314354555145_j_popets-2020-0055_ref_035_w2aab3b7c28b1b6b1ab1ac35Aa","doi-asserted-by":"crossref","unstructured":"[35] Roger Dingledine, Nick Mathewson, and Paul F. Syverson. 2004. Tor: The Second-Generation Onion Router. In USENIX 2004.10.21236\/ADA465464","DOI":"10.21236\/ADA465464"},{"key":"2022062314354555145_j_popets-2020-0055_ref_036_w2aab3b7c28b1b6b1ab1ac36Aa","doi-asserted-by":"crossref","unstructured":"[36] Jack Doerner, Yashvanth Kondi, Eysa Lee, and Abhi Shelat. 2018. Secure Two-party Threshold ECDSA from ECDSA Assumptions. In S&P 2018.10.1109\/SP.2018.00036","DOI":"10.1109\/SP.2018.00036"},{"key":"2022062314354555145_j_popets-2020-0055_ref_037_w2aab3b7c28b1b6b1ab1ac37Aa","doi-asserted-by":"crossref","unstructured":"[37] Jan-Erik Ekberg, Kari Kostiainen, and N. Asokan. 2014. The Untapped Potential of Trusted Execution Environments on Mobile Devices. In S&P 2014.10.1109\/MSP.2014.38","DOI":"10.1109\/MSP.2014.38"},{"key":"2022062314354555145_j_popets-2020-0055_ref_038_w2aab3b7c28b1b6b1ab1ac38Aa","unstructured":"[38] Taher ElGamal. 1984. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In CRYPTO \u201984."},{"key":"2022062314354555145_j_popets-2020-0055_ref_039_w2aab3b7c28b1b6b1ab1ac39Aa","unstructured":"[39] Adam Everspaugh, Rahul Chatterjee, Samuel Scott, Ari Juels, and Thomas Ristenpart. 2015. The Pythia PRF Service. In USENIX 2015."},{"key":"2022062314354555145_j_popets-2020-0055_ref_040_w2aab3b7c28b1b6b1ab1ac40Aa","doi-asserted-by":"crossref","unstructured":"[40] Rosario Gennaro and Steven Goldfeder. 2018. Fast Multiparty Threshold ECDSA with Fast Trustless Setup. In CCS 2018.10.1145\/3243734.3243859","DOI":"10.1145\/3243734.3243859"},{"key":"2022062314354555145_j_popets-2020-0055_ref_041_w2aab3b7c28b1b6b1ab1ac41Aa","doi-asserted-by":"crossref","unstructured":"[41] Rosario Gennaro, Steven Goldfeder, and Arvind Narayanan. 2016. Threshold-Optimal DSA\/ECDSA Signatures and an Application to Bitcoin Wallet Security. In ACNS 2016.10.1007\/978-3-319-39555-5_9","DOI":"10.1007\/978-3-319-39555-5_9"},{"key":"2022062314354555145_j_popets-2020-0055_ref_042_w2aab3b7c28b1b6b1ab1ac42Aa","doi-asserted-by":"crossref","unstructured":"[42] Rosario Gennaro, Stanislaw Jarecki, Hugo Krawczyk, and Tal Rabin. 2007. Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. J. Cryptology (2007).10.1007\/s00145-006-0347-3","DOI":"10.1007\/s00145-006-0347-3"},{"key":"2022062314354555145_j_popets-2020-0055_ref_043_w2aab3b7c28b1b6b1ab1ac43Aa","doi-asserted-by":"crossref","unstructured":"[43] Rosario Gennaro, Tal Rabin, Stanislaw Jarecki, and Hugo Krawczyk. 2000. Robust and Efficient Sharing of RSA Functions. J. of Cryptology (2000).10.1007\/s001459910011","DOI":"10.1007\/s001459910011"},{"key":"2022062314354555145_j_popets-2020-0055_ref_044_w2aab3b7c28b1b6b1ab1ac44Aa","doi-asserted-by":"crossref","unstructured":"[44] Steven Goldfeder, Harry A. Kalodner, Dillon Reisman, and Arvind Narayanan. 2018. When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies. PoPETs (2018).10.1515\/popets-2018-0038","DOI":"10.1515\/popets-2018-0038"},{"key":"2022062314354555145_j_popets-2020-0055_ref_045_w2aab3b7c28b1b6b1ab1ac45Aa","doi-asserted-by":"crossref","unstructured":"[45] Carmit Hazay, Gert L\u00e6ss\u00f8e Mikkelsen, Tal Rabin, and Tomas Toft. 2012. Efficient RSA Key Generation and Threshold Paillier in the Two-Party Setting. In CT-RSA 2012.10.1007\/978-3-642-27954-6_20","DOI":"10.1007\/978-3-642-27954-6_20"},{"key":"2022062314354555145_j_popets-2020-0055_ref_046_w2aab3b7c28b1b6b1ab1ac46Aa","doi-asserted-by":"crossref","unstructured":"[46] Ryan Henry and Ian Goldberg. 2013. Thinking inside the BLAC box: smarter protocols for faster anonymous blacklisting. In WPES 2013. 71\u201382.10.1145\/2517840.2517855","DOI":"10.1145\/2517840.2517855"},{"key":"2022062314354555145_j_popets-2020-0055_ref_047_w2aab3b7c28b1b6b1ab1ac47Aa","unstructured":"[47] Alex Hern. 2015. Stagefright: new Android vulnerability dubbed \u2018heartbleed for mobile\u2019. The Guardian (2015). https:\/\/www.theguardian.com\/technology\/2015\/jul\/28\/stagefright-android-vulnerability-heartbleed-mobile"},{"key":"2022062314354555145_j_popets-2020-0055_ref_048_w2aab3b7c28b1b6b1ab1ac48Aa","doi-asserted-by":"crossref","unstructured":"[48] Devris Isler and Alptekin K\u00fcp\u00e7\u00fc. 2017. Threshold Single Password Authentication. In DPM 2017.10.1007\/978-3-319-67816-0_9","DOI":"10.1007\/978-3-319-67816-0_9"},{"key":"2022062314354555145_j_popets-2020-0055_ref_049_w2aab3b7c28b1b6b1ab1ac49Aa","unstructured":"[49] Husam Al Jawaheri, Mashael Al Sabah, Yazan Boshmaf, and Aiman Erbad. 2018. When A Small Leak Sinks A Great Ship: Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis. (2018). arXiv:1801.07501"},{"key":"2022062314354555145_j_popets-2020-0055_ref_050_w2aab3b7c28b1b6b1ab1ac50Aa","doi-asserted-by":"crossref","unstructured":"[50] Marc Joye and Beno\u00eet Libert. 2013. Efficient Cryptosystems from 2k -th Power Residue Symbols. In EUROCRYPT 2013.10.1007\/978-3-642-38348-9_5","DOI":"10.1007\/978-3-642-38348-9_5"},{"key":"2022062314354555145_j_popets-2020-0055_ref_051_w2aab3b7c28b1b6b1ab1ac51Aa","doi-asserted-by":"crossref","unstructured":"[51] Marcel Keller, Gert L\u00e6ss\u00f8e Mikkelsen, and Andy Rupp. 2012. Efficient Threshold Zero-Knowledge with Applications to User-Centric Protocols. In ICITS 2012.10.1007\/978-3-642-32284-6_9","DOI":"10.1007\/978-3-642-32284-6_9"},{"key":"2022062314354555145_j_popets-2020-0055_ref_052_w2aab3b7c28b1b6b1ab1ac52Aa","unstructured":"[52] Kim Zetter, WIRED magazine. 2016. How the top 5 PC makers open your laptop to hackers. https:\/\/www.wired.com\/2016\/05\/2036876\/. (2016)."},{"key":"2022062314354555145_j_popets-2020-0055_ref_053_w2aab3b7c28b1b6b1ab1ac53Aa","doi-asserted-by":"crossref","unstructured":"[53] Junzuo Lai, Robert H. Deng, Changshe Ma, Kouichi Sakurai, and Jian Weng. 2016. CCA-Secure Keyed-Fully Homomorphic Encryption. In PKC 2016.10.1007\/978-3-662-49384-7_4","DOI":"10.1007\/978-3-662-49384-7_4"},{"key":"2022062314354555145_j_popets-2020-0055_ref_054_w2aab3b7c28b1b6b1ab1ac54Aa","doi-asserted-by":"crossref","unstructured":"[54] Beno\u00eet Libert and Jean-Jacques Quisquater. 2003. Efficient Revocation and Threshold Pairing-based Cryptosystems. In PODC 2003.10.1145\/872035.872059","DOI":"10.1145\/872035.872059"},{"key":"2022062314354555145_j_popets-2020-0055_ref_055_w2aab3b7c28b1b6b1ab1ac55Aa","unstructured":"[55] Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In USENIX 2018. 973\u2013990."},{"key":"2022062314354555145_j_popets-2020-0055_ref_056_w2aab3b7c28b1b6b1ab1ac56Aa","unstructured":"[56] Philip D. MacKenzie and Michael K. Reiter. 2001. Networked Cryptographic Devices Resilient to Capture. In S&P 2001."},{"key":"2022062314354555145_j_popets-2020-0055_ref_057_w2aab3b7c28b1b6b1ab1ac57Aa","unstructured":"[57] Philip D. MacKenzie and Michael K. Reiter. 2004. Twoparty Generation of DSA Signatures. Int. J. Inf. Sec. (2004)."},{"key":"2022062314354555145_j_popets-2020-0055_ref_058_w2aab3b7c28b1b6b1ab1ac58Aa","doi-asserted-by":"crossref","unstructured":"[58] Claudio Marforio, Nikolaos Karapanos, Claudio Soriente, Kari Kostiainen, and Srdjan Capkun. 2013. Secure Enrollment and Practical Migration for Mobile Trusted Execution Environments. In SPSM\u201913.10.1145\/2516760.2516764","DOI":"10.1145\/2516760.2516764"},{"key":"2022062314354555145_j_popets-2020-0055_ref_059_w2aab3b7c28b1b6b1ab1ac59Aa","doi-asserted-by":"crossref","unstructured":"[59] Brian McGillion, Tanel Dettenborn, Thomas Nyman, and N. Asokan. 2015. Open-TEE - An Open Virtual Trusted Execution Environment. In TrustCom 2015.10.1109\/Trustcom.2015.400","DOI":"10.1109\/Trustcom.2015.400"},{"key":"2022062314354555145_j_popets-2020-0055_ref_060_w2aab3b7c28b1b6b1ab1ac60Aa","doi-asserted-by":"crossref","unstructured":"[60] Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin. 2013. Zerocoin: Anonymous Distributed E-Cash from Bitcoin. In S&P 2013.10.1109\/SP.2013.34","DOI":"10.1109\/SP.2013.34"},{"key":"2022062314354555145_j_popets-2020-0055_ref_061_w2aab3b7c28b1b6b1ab1ac61Aa","doi-asserted-by":"crossref","unstructured":"[61] Lasse \u00d8verlier and Paul F. Syverson. 2006. Locating Hidden Servers. In S&P 2006.10.1109\/SP.2006.24","DOI":"10.1109\/SP.2006.24"},{"key":"2022062314354555145_j_popets-2020-0055_ref_062_w2aab3b7c28b1b6b1ab1ac62Aa","unstructured":"[62] Pascal Paillier. 1999. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In EUROCRYPT \u201999."},{"key":"2022062314354555145_j_popets-2020-0055_ref_063_w2aab3b7c28b1b6b1ab1ac63Aa","unstructured":"[63] Torben P. Pedersen. 1991. A Threshold Cryptosystem without a Trusted Party (Extended Abstract). In EUROCRYPT \u201991."},{"key":"2022062314354555145_j_popets-2020-0055_ref_064_w2aab3b7c28b1b6b1ab1ac64Aa","unstructured":"[64] Torben P. Pedersen. 1991. Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. In CRYPTO \u201991."},{"key":"2022062314354555145_j_popets-2020-0055_ref_065_w2aab3b7c28b1b6b1ab1ac65Aa","doi-asserted-by":"crossref","unstructured":"[65] Roel Peeters, Svetla Nikova, and Bart Preneel. 2008. Practical RSA threshold decryption for things that think. In WISSec 2008.","DOI":"10.1145\/1572532.1572557"},{"key":"2022062314354555145_j_popets-2020-0055_ref_066_w2aab3b7c28b1b6b1ab1ac66Aa","unstructured":"[66] Ania M. Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis. 2017. The Loopix Anonymity System. In USENIX 2017."},{"key":"2022062314354555145_j_popets-2020-0055_ref_067_w2aab3b7c28b1b6b1ab1ac67Aa","unstructured":"[67] Manoj Prabhakaran and Mike Rosulek. 2008. Homomorphic Encryption with CCA Security. In ICALP 2008."},{"key":"2022062314354555145_j_popets-2020-0055_ref_068_w2aab3b7c28b1b6b1ab1ac68Aa","doi-asserted-by":"crossref","unstructured":"[68] Tal Rabin. 1998. A Simplified Approach to Threshold and Proactive RSA. In CRYPTO \u201998.10.1007\/BFb0055722","DOI":"10.1007\/BFb0055722"},{"key":"2022062314354555145_j_popets-2020-0055_ref_069_w2aab3b7c28b1b6b1ab1ac69Aa","unstructured":"[69] Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, and John C. Mitchell. 2005. Stronger Password Authentication Using Browser Extensions. In USENIX 2005."},{"key":"2022062314354555145_j_popets-2020-0055_ref_070_w2aab3b7c28b1b6b1ab1ac70Aa","doi-asserted-by":"crossref","unstructured":"[70] Ravi S. Sandhu and Xinwen Zhang. 2005. Peer-to-peer access control architecture using trusted computing technology. In SACMAT 2005.10.1145\/1063979.1064005","DOI":"10.1145\/1063979.1064005"},{"key":"2022062314354555145_j_popets-2020-0055_ref_071_w2aab3b7c28b1b6b1ab1ac71Aa","doi-asserted-by":"crossref","unstructured":"[71] Alfredo De Santis, Giovanni Di Crescenzo, and Giuseppe Persiano. 2000. Necessary and Sufficient Assumptions for Non-iterative Zero-Knowledge Proofs of Knowledge for All NP Relations. In ICALP 2000.10.1007\/3-540-45022-X_38","DOI":"10.1007\/3-540-45022-X_38"},{"key":"2022062314354555145_j_popets-2020-0055_ref_072_w2aab3b7c28b1b6b1ab1ac72Aa","doi-asserted-by":"crossref","unstructured":"[72] Victor Shoup. 2000. Practical Threshold Signatures. In EUROCRYPT 2000.10.1007\/3-540-45539-6_15","DOI":"10.1007\/3-540-45539-6_15"},{"key":"2022062314354555145_j_popets-2020-0055_ref_073_w2aab3b7c28b1b6b1ab1ac73Aa","doi-asserted-by":"crossref","unstructured":"[73] Victor Shoup and Rosario Gennaro. 2002. Securing Threshold Cryptosystems against Chosen Ciphertext Attack. J. Cryptology (2002).10.1007\/s00145-001-0020-9","DOI":"10.1007\/s00145-001-0020-9"},{"key":"2022062314354555145_j_popets-2020-0055_ref_074_w2aab3b7c28b1b6b1ab1ac74Aa","doi-asserted-by":"crossref","unstructured":"[74] Patrick P. Tsang, Man Ho Au, Apu Kapadia, and Sean W. Smith. 2010. BLAC: Revoking Repeatedly Misbehaving Anonymous Users without Relying on TTPs. TISSEC (2010).10.1145\/1880022.1880033","DOI":"10.1145\/1880022.1880033"},{"key":"2022062314354555145_j_popets-2020-0055_ref_075_w2aab3b7c28b1b6b1ab1ac75Aa","unstructured":"[75] Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Cl\u00e9mentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. 2016. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In CCS 2016."},{"key":"2022062314354555145_j_popets-2020-0055_ref_076_w2aab3b7c28b1b6b1ab1ac76Aa","doi-asserted-by":"crossref","unstructured":"[76] Xiao Wang, Samuel Ranellucci, and Jonathan Katz. 2017. Authenticated Garbling and Efficient Maliciously Secure Two-Party Computation. In SIGSAC 2017.10.1145\/3133956.3134053","DOI":"10.1145\/3133956.3134053"},{"key":"2022062314354555145_j_popets-2020-0055_ref_077_w2aab3b7c28b1b6b1ab1ac77Aa","unstructured":"[77] Andrew Chi-Chih Yao. 1986. How to Generate and Exchange Secrets (Extended Abstract). In FOCS \u201986."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/content.sciendo.com\/view\/journals\/popets\/2020\/3\/article-p327.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2020-0055","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,6]],"date-time":"2023-10-06T12:57:57Z","timestamp":1696597077000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2020\/popets-2020-0055.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,1]]},"references-count":77,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2020,8,17]]},"published-print":{"date-parts":[[2020,7,1]]}},"alternative-id":["10.2478\/popets-2020-0055"],"URL":"https:\/\/doi.org\/10.2478\/popets-2020-0055","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,7,1]]}}}