[1] |
KRAWCZYK H , . HMQV:a high-performance secure Diffie-Hellman protocol[C]// The International Cryptology Conference. 2005: 546-566.
|
[2] |
CUI Y , LI T , LIU C ,et al. Innovating transport with QUIC:design approaches and research challenges[J]. IEEE Internet Computing, 2017,21(2): 72-76.
|
[3] |
RESCORLA E . The transport layer security(TLS)protocol version 13-draft-ietf-tls-tls13-07[DB/OL]. .
|
[4] |
FISCHLIN M , GüNTHER F , . Multi-stage key exchange and the case of Google's QUIC protocol[C]// The ACM CCS. 2014: 1193-1204.
|
[5] |
KRAWCZYK H , WEE H . The OPTLS protocol and TLS 13[C]// The IEEE European Symposium on Security and Privacy. 2016: 81-96.
|
[6] |
CREMERS C , HORVAT M , SCOTT S ,et al. Automated analysis and verification of TLS 1.3:0-RTT,resumption and delayed authentication[C]// Security and Privacy. 2016: 470-485.
|
[7] |
RESCORLA E . The transport layer security(TLS)protocol version 1.3-draft-ietf-tls-tls13-10[EB/OL]. .
|
[8] |
FISCHLIN M , GüNTHER F , . Replay attacks on zero round-trip time:the case of the TLS 1.3 handshake candidates[C]// IEEE European Symposium on Security and Privacy. 2017: 82-113.
|
[9] |
HALE B , JAGER T , LAUER S ,et al. Simple security definitions for and constructions of 0-RTT key exchange[C]// The International Conference on Applied Cryptography and Network Security. 2017: 20-38.
|
[10] |
CANETTI R , HALEVI S , KATZ J . A forward-secure public-key encryption scheme[J]. Journal of Cryptology, 2007,20(3): 265-294.
|
[11] |
POINTCHEVAL D , SANDERS O . Forward secure non-interactive key exchange[C]// The International Conference on Security and Cryptography for Networks. 2014: 21-39.
|
[12] |
HALE B , JAGER T , LAUER S ,et al. Simple security definitions for and constructions of 0-RTT key exchange[C]// The International Conference on Applied Cryptography and Network Security. 2017: 20-38.
|
[13] |
COHN-GORDON K , CREMERS C , GARRATT L . On postcompromise security[C]// Computer Security Foundations Symposium. 2016: 164-178.
|
[14] |
GüNTHER F , HALE B , JAGER T ,et al. 0-RTT key exchange with full forward secrecy[C]// The International Conference on the Theory and Applications of Cryptographic Techniques. 2017: 519-548.
|
[15] |
DELIGNAT-LAVAUD A , FOURNET C , KOHLWEISS M ,et al. Implementing and proving the TLS 1.3 record layer[C]// The 2017 Security and Privacy. 2017: 463-482.
|
[16] |
BHARGAVAN K , BLANCHET B , KOBEISSI N . Verified models and reference implementations for the TLS 1.3 standard candidate[C]// The 2017 Security and Privacy. 2017: 402-422.
|
[17] |
RESCORLA E . The transport layer security(TLS)protocol version 1.3-draft-ietf-tls-tls13-13[DB/OL]. .
|
[18] |
RESCORLA E . The transport layer security(TLS)protocol version 1.3-draft-ietftls-tls13-12[DB/OL]. .
|
[19] |
RESCORLA E . The transport layer security(TLS)protocol version 1.3-draft-ietf-tls-tls13-18[DB/OL]. .
|
[20] |
KRAWCZYK H , . The order of encryption and authentication for protecting communications(or:how secure is SSL?)[C]// CRYPTO. 2001: 310-331.
|
[21] |
GOLDREICH O , GOLDWASSER S , MICALI S . How to construct random functions[C]// Foundations of Computer Science. 1984: 464-479.
|
[22] |
KRAWCZYK H , . Cryptographic extraction and key derivation:the HKDF scheme[C]// CRYPTO. 2010: 631-648.
|
[23] |
GROTH J , . Simulation-sound NIZK proofs for a practical language and constant size group signatures[C]// The International Conference on Theory and Application of Cryptology and Information Security. 2006: 444-459.
|
[24] |
BLAZY O , KILTZ E , PAN J . (Hierarchical) Identity-based encryption from affine message authentication[C]// The International Cryptology Conference. 2014: 408-425.
|