康步荣  等:抗随机数后门攻击的密码算法                                                             2899


        [19]     Bellare M, Boldyreva A, O’Neill A. Deterministic and efficiently searchable encryption. In: Menezes A, ed. Proc. of the Advances
             in Cryptology (CRYPTO 2007). Berlin: Springer-Verlag, 2007. 535−552. [doi: 10.1007/978-3-540-74143-5_30]
        [20]     Boldyreva A, Fehr S, O’Neill A. On notions of security for deterministic encryption, and efficient constructions without random
             oracles. In: Wagner D, ed. Proc. of the Advances in Cryptology (CRYPTO 2008). Berlin: Springer-Verlag, 2008. 335−359. [doi:
             10.1007/978-3-540-85174-5_19]
        [21]     Rogaway  P.  Authenticated-encryption with associated-data.  In:  Proc.  of  the  9th ACM Conf. on Computer and Communications
             Security. ACM, 2002. 98−107. [doi: 10.1145/586110.586125]
        [22]     Rogaway P, Shrimpton T. A provable-security treatment of the key-wrap problem. In: Vaudenay S, ed. Proc. of the Advances in
             Cryptology (EUROCRYPT 2006). Berlin: Springer-Verlag, 2006. 373−390. [doi: 10.1007/11761679_23]
        [23]     Young A, Yung M. Kleptography: Using cryptography against cryptography. In: Fumy W, ed. Proc. of the Advances in Cryptology
             (EUROCRYPT’97). Berlin: Springer-Verlag, 1997. 62−74. [doi: 10.1007/3-540-69053-0_6]
        [24]     Young A,  Yung  M.  The dark side  of “black-box”  cryptography or: Should  we trust  capstone? In:  Koblitz  N,  ed. Proc. of the
             Advances in Cryptology (CRYPTO’96). Berlin: Springer-Verlag, 1996. 89−103. [doi: 10.1007/3-540-68697-5_8]
        [25]     Bellare M, Jaeger J, Kane D. Mass-surveillance without the state: Strongly undetectable algorithm-substitution attacks. In: Proc. of
             the 22nd  ACM SIGSAC  Conf. on  Computer  and Communications Security. ACM, 2015. 1431−1440. [doi:  10.1145/2810103.
             2813681]
        [26]     Bellare  M, Hoang  VT.  Resisting randomness subversion: Fast deterministic  and hedged public-key  encryption in the standard
             model. In: Oswald E, Fischlin M, eds. Proc. of the Advances in Cryptology (EUROCRYPT 2015). Berlin: Springer-Verlag, 2015.
             627−656. [doi: 10.1007/978-3-662-46803-6_21]
        [27]     Bellare M, Paterson KG, Rogaway P. Security of symmetric encryption against mass surveillance. In: Garay JA, Gennaro R, eds.
             Proc. of the Advances in Cryptology (CRYPTO 2014). Berlin: Springer-Verlag, 2014. 1−19. [doi: 10.1007/978-3-662-44371-2_1]
        [28]     Russell A, Tang Q, Yung M, Zhou HS. Cliptography: Clipping the power of kleptographic attacks. In: Cheon J, Takagi T, eds. Proc.
             of the Advances in Cryptology (ASIACRYPT 2016). Berlin: Springer-Verlag, 2016. 34−64. [doi: 10.1007/978-3-662-53890-6_2]
        [29]     Dodis Y, Mironov I, Stephens-Davidowitz N. Message transmission  with reverse firewalls-secure  communication on  corrupted
             machines.  In:  Robshaw  M,  Katz J,  eds. Proc. of the Advances in Cryptology (CRYPTO 2016).  Berlin: Springer-Verlag, 2016.
             341−372. [doi: 10.1007/978-3-662-53018-4_13]
        [30]     Mironov I, Stephens-Davidowitz  N.  Cryptographic reverse firewalls. In:  Oswald  E, Fischlin  M,  eds. Proc. of the  Advances in
             Cryptology (EUROCRYPT 2015). Berlin: Springer-Verlag, 2015. 657−686. [doi: 10.1007/978-3-662-46803-6_22]
        [31]     Russell  A, Tang Q, Yung M,  et  al. Destroying steganography  via amalgamation: Kleptographically CPA  secure  public  key
             encryption. Cryptology ePrint Archive: Report, 2016/530, 2016.
        [32]     Russell  A, Tang Q, Yung M,  et  al.  Generic semantic security  against  a kleptographic  adversary. In: Proc. of the 2017  ACM
             SIGSAC Conf. on Computer and Communications Security. ACM, 2017. 907−922. [doi: 10.1145/3133956.3133993]
        [33]     Lepinksi M, Micali S. Collusion-free protocols. In: Proc. of the 37th ACM Symp. on Theory of Computing. ACM, 2005. 543−552.
             [doi: 10.1145/1060590.1060671]
        [34]     Bellare M, Jaeger J, Kane D. Mass-surveillance without the state: Strongly undetectable algorithm-substitution attacks. In: Proc. of
             the 22nd  ACM SIGSAC  Conf. on  Computer  and Communications Security. ACM, 2015. 1431−1440. [doi:  10.1145/2810103.
             2813681]
        [35]     Mironov  I, Stephens-Davidowitz  N.  Cryptographic reverse firewalls. In: Proc. of the  Annual Int’l  Conf. on the  Theory  and
             Applications of Cryptographic Techniques. Berlin: Springer-Verlag, 2015. 657−686.
        [36]     Prabhakaran M, Rosulek M. Rerandomizable RCCA encryption.  In: Menezes A, ed.  Proc.  of  the Advances  in Cryptology
             (CRYPTO 2007). Berlin: Springer-Verlag, 2007. [doi: 10.1007/978-3-540-74143-5_29]
        [37]     Chen  R,  Mu Y,  Yang G, Susilo  W,  Guo F,  Zhang M.  Cryptographic reverse firewall via  malleable smooth projective Hash
             functions. In: Cheon J, Takagi T, eds. Proc. of the Advances in Cryptology (ASIACRYPT 2016). Berlin: Springer-Verlag, 2016.
             844−876. [doi: 10.1007/978-3-662-53887-6_31]
        [38]     Groth  J. Rerandomizable and  replayable adaptive chosen ciphertext attack  secure cryptosystems.  In: Naor M, ed.  Proc.  of  the
             Theory of Cryptography (TCC 2004). Berlin: Springer-Verlag, 2004. 152−170. [doi: 10.1007/978-3-540-24638-1_9]