{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2019:3LCHMNYDTYUJDPHUCDPPBCPQVV","short_pith_number":"pith:3LCHMNYD","canonical_record":{"source":{"id":"1904.07550","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-04-16T09:28:06Z","cross_cats_sorted":[],"title_canon_sha256":"7d8fcbda797d3dfde567d7b7a94e49a8bdcb22118016f60c0af2ee306805d216","abstract_canon_sha256":"b5096acf687aa36f20740961e00fb22432d359a75c13f28add86c5cd29926f69"},"schema_version":"1.0"},"canonical_sha256":"dac47637039e2891bcf410def089f0ad517e318e7c5b1b2edf12b80aaf462d0e","source":{"kind":"arxiv","id":"1904.07550","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1904.07550","created_at":"2026-05-17T23:48:19Z"},{"alias_kind":"arxiv_version","alias_value":"1904.07550v2","created_at":"2026-05-17T23:48:19Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1904.07550","created_at":"2026-05-17T23:48:19Z"},{"alias_kind":"pith_short_12","alias_value":"3LCHMNYDTYUJ","created_at":"2026-05-18T12:33:07Z"},{"alias_kind":"pith_short_16","alias_value":"3LCHMNYDTYUJDPHU","created_at":"2026-05-18T12:33:07Z"},{"alias_kind":"pith_short_8","alias_value":"3LCHMNYD","created_at":"2026-05-18T12:33:07Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2019:3LCHMNYDTYUJDPHUCDPPBCPQVV","target":"record","payload":{"canonical_record":{"source":{"id":"1904.07550","kind":"arxiv","version":2},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-04-16T09:28:06Z","cross_cats_sorted":[],"title_canon_sha256":"7d8fcbda797d3dfde567d7b7a94e49a8bdcb22118016f60c0af2ee306805d216","abstract_canon_sha256":"b5096acf687aa36f20740961e00fb22432d359a75c13f28add86c5cd29926f69"},"schema_version":"1.0"},"canonical_sha256":"dac47637039e2891bcf410def089f0ad517e318e7c5b1b2edf12b80aaf462d0e","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:48:19.555456Z","signature_b64":"5VfUknLi2ym4QRzedVWNO/r5fSqpY3TvSMR3PohCm45cvGJAQXfGQ9blxOAxnsx91C7s691lSLDK5/XbjpMrBw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"dac47637039e2891bcf410def089f0ad517e318e7c5b1b2edf12b80aaf462d0e","last_reissued_at":"2026-05-17T23:48:19.554906Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:48:19.554906Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1904.07550","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:48:19Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Yds2uuJzXnCczlMLl/e8RvMm40dYz9lweNvYx1daFI/o5qYN8XwgU+IfKz33C5XH+VfPTYlhm7Ck9lFgsh4+Bg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-19T05:35:48.894528Z"},"content_sha256":"ff45cbd6b03301c43f589de972142b55f95fcd0f1f5ff9add1593593e4aeb8a1","schema_version":"1.0","event_id":"sha256:ff45cbd6b03301c43f589de972142b55f95fcd0f1f5ff9add1593593e4aeb8a1"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2019:3LCHMNYDTYUJDPHUCDPPBCPQVV","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Re: What's Up Johnny? -- Covert Content Attacks on Email End-to-End Encryption","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Damian Poddebniak, Jens M\\\"uller, J\\\"org Schwenk, Marcus Brinkmann, Sebastian Schinzel","submitted_at":"2019-04-16T09:28:06Z","abstract_excerpt":"We show practical attacks against OpenPGP and S/MIME encryption and digital signatures in the context of email. Instead of targeting the underlying cryptographic primitives, our attacks abuse legitimate features of the MIME standard and HTML, as supported by email clients, to deceive the user regarding the actual message content. We demonstrate how the attacker can unknowingly abuse the user as a decryption oracle by replying to an unsuspicious looking email. Using this technique, the plaintext of hundreds of encrypted emails can be leaked at once. Furthermore, we show how users could be trick"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1904.07550","kind":"arxiv","version":2},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:48:19Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"MXmfvBIyEo4jer3WnHJC35URtHwmsz+2UEhjQKEJ5NId+gfsPLEIYQ002AnsNMBRvbkYwTCiDFu8AR4jcBCDCg==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-19T05:35:48.895228Z"},"content_sha256":"2a46ab916f0e77d820a0b03b2df33330fc5e1b16dec5bb7bd68267ec7c86e272","schema_version":"1.0","event_id":"sha256:2a46ab916f0e77d820a0b03b2df33330fc5e1b16dec5bb7bd68267ec7c86e272"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/3LCHMNYDTYUJDPHUCDPPBCPQVV/bundle.json","state_url":"https://pith.science/pith/3LCHMNYDTYUJDPHUCDPPBCPQVV/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/3LCHMNYDTYUJDPHUCDPPBCPQVV/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-19T05:35:48Z","links":{"resolver":"https://pith.science/pith/3LCHMNYDTYUJDPHUCDPPBCPQVV","bundle":"https://pith.science/pith/3LCHMNYDTYUJDPHUCDPPBCPQVV/bundle.json","state":"https://pith.science/pith/3LCHMNYDTYUJDPHUCDPPBCPQVV/state.json","well_known_bundle":"https://pith.science/.well-known/pith/3LCHMNYDTYUJDPHUCDPPBCPQVV/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2019:3LCHMNYDTYUJDPHUCDPPBCPQVV","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"b5096acf687aa36f20740961e00fb22432d359a75c13f28add86c5cd29926f69","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-04-16T09:28:06Z","title_canon_sha256":"7d8fcbda797d3dfde567d7b7a94e49a8bdcb22118016f60c0af2ee306805d216"},"schema_version":"1.0","source":{"id":"1904.07550","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1904.07550","created_at":"2026-05-17T23:48:19Z"},{"alias_kind":"arxiv_version","alias_value":"1904.07550v2","created_at":"2026-05-17T23:48:19Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1904.07550","created_at":"2026-05-17T23:48:19Z"},{"alias_kind":"pith_short_12","alias_value":"3LCHMNYDTYUJ","created_at":"2026-05-18T12:33:07Z"},{"alias_kind":"pith_short_16","alias_value":"3LCHMNYDTYUJDPHU","created_at":"2026-05-18T12:33:07Z"},{"alias_kind":"pith_short_8","alias_value":"3LCHMNYD","created_at":"2026-05-18T12:33:07Z"}],"graph_snapshots":[{"event_id":"sha256:2a46ab916f0e77d820a0b03b2df33330fc5e1b16dec5bb7bd68267ec7c86e272","target":"graph","created_at":"2026-05-17T23:48:19Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"We show practical attacks against OpenPGP and S/MIME encryption and digital signatures in the context of email. Instead of targeting the underlying cryptographic primitives, our attacks abuse legitimate features of the MIME standard and HTML, as supported by email clients, to deceive the user regarding the actual message content. We demonstrate how the attacker can unknowingly abuse the user as a decryption oracle by replying to an unsuspicious looking email. Using this technique, the plaintext of hundreds of encrypted emails can be leaked at once. Furthermore, we show how users could be trick","authors_text":"Damian Poddebniak, Jens M\\\"uller, J\\\"org Schwenk, Marcus Brinkmann, Sebastian Schinzel","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-04-16T09:28:06Z","title":"Re: What's Up Johnny? -- Covert Content Attacks on Email End-to-End Encryption"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1904.07550","kind":"arxiv","version":2},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ff45cbd6b03301c43f589de972142b55f95fcd0f1f5ff9add1593593e4aeb8a1","target":"record","created_at":"2026-05-17T23:48:19Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"b5096acf687aa36f20740961e00fb22432d359a75c13f28add86c5cd29926f69","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2019-04-16T09:28:06Z","title_canon_sha256":"7d8fcbda797d3dfde567d7b7a94e49a8bdcb22118016f60c0af2ee306805d216"},"schema_version":"1.0","source":{"id":"1904.07550","kind":"arxiv","version":2}},"canonical_sha256":"dac47637039e2891bcf410def089f0ad517e318e7c5b1b2edf12b80aaf462d0e","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"dac47637039e2891bcf410def089f0ad517e318e7c5b1b2edf12b80aaf462d0e","first_computed_at":"2026-05-17T23:48:19.554906Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:48:19.554906Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"5VfUknLi2ym4QRzedVWNO/r5fSqpY3TvSMR3PohCm45cvGJAQXfGQ9blxOAxnsx91C7s691lSLDK5/XbjpMrBw==","signature_status":"signed_v1","signed_at":"2026-05-17T23:48:19.555456Z","signed_message":"canonical_sha256_bytes"},"source_id":"1904.07550","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ff45cbd6b03301c43f589de972142b55f95fcd0f1f5ff9add1593593e4aeb8a1","sha256:2a46ab916f0e77d820a0b03b2df33330fc5e1b16dec5bb7bd68267ec7c86e272"],"state_sha256":"25587c629e61362a3d3a8cda516d7414cf698db4d7316c9bc7e7850436c9cf2b"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"jg0TDeDz5P2nX80GdLrAYYfJeFlZi4HSR/uihYspwPvzrYHLz41xVz8siQE8mSiBAU21CNgIoWnpuvraaaDoAw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-19T05:35:48.896774Z","bundle_sha256":"e0f1b1d2864b0868a74f29c241fe90c6dcd025726c0e26e8072b68a1326ec06d"}}