{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2018:HJKVHDMISLMPI2IY6EZFXM2SNG","short_pith_number":"pith:HJKVHDMI","canonical_record":{"source":{"id":"1806.06881","kind":"arxiv","version":5},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-18T18:32:35Z","cross_cats_sorted":[],"title_canon_sha256":"c15408f93edab3a2c01143c4cb02a9fb4bbf7a1b59567ad4a1d6f6b508dc0528","abstract_canon_sha256":"bfe12bd63bc2436c809007c3491f3b0829ac049728d58b44751e6451c7820042"},"schema_version":"1.0"},"canonical_sha256":"3a55538d8892d8f46918f1325bb35269a9fb6fce226b9573833dae97d5ffd422","source":{"kind":"arxiv","id":"1806.06881","version":5},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1806.06881","created_at":"2026-05-17T23:50:07Z"},{"alias_kind":"arxiv_version","alias_value":"1806.06881v5","created_at":"2026-05-17T23:50:07Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1806.06881","created_at":"2026-05-17T23:50:07Z"},{"alias_kind":"pith_short_12","alias_value":"HJKVHDMISLMP","created_at":"2026-05-18T12:32:28Z"},{"alias_kind":"pith_short_16","alias_value":"HJKVHDMISLMPI2IY","created_at":"2026-05-18T12:32:28Z"},{"alias_kind":"pith_short_8","alias_value":"HJKVHDMI","created_at":"2026-05-18T12:32:28Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2018:HJKVHDMISLMPI2IY6EZFXM2SNG","target":"record","payload":{"canonical_record":{"source":{"id":"1806.06881","kind":"arxiv","version":5},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-18T18:32:35Z","cross_cats_sorted":[],"title_canon_sha256":"c15408f93edab3a2c01143c4cb02a9fb4bbf7a1b59567ad4a1d6f6b508dc0528","abstract_canon_sha256":"bfe12bd63bc2436c809007c3491f3b0829ac049728d58b44751e6451c7820042"},"schema_version":"1.0"},"canonical_sha256":"3a55538d8892d8f46918f1325bb35269a9fb6fce226b9573833dae97d5ffd422","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:50:07.212544Z","signature_b64":"rpq/phRmgLp31MHIRWWg1FPXzTcJxakIzpcH0fB5nJLp8wNlAn+x57aKcSEHVCdvCJ89knw37W9710/9cMx0Aw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"3a55538d8892d8f46918f1325bb35269a9fb6fce226b9573833dae97d5ffd422","last_reissued_at":"2026-05-17T23:50:07.211905Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:50:07.211905Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"1806.06881","source_version":5,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:50:07Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"VOsAvfowq9IRV2I0R/coNVwvkKlehATvlGbxp96nRyfpPfzLimsuSaUFk3/n2+8kXPBZB46aPhf/J5Av5C4dDw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-28T18:27:36.768865Z"},"content_sha256":"17336fce89a01c85e5b4d7e4d815e04aa0fde1d57b8f7d8b755d0c0a4f2331f8","schema_version":"1.0","event_id":"sha256:17336fce89a01c85e5b4d7e4d815e04aa0fde1d57b8f7d8b755d0c0a4f2331f8"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2018:HJKVHDMISLMPI2IY6EZFXM2SNG","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Danfeng (Daphne) Yao, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, Sazzadur Rahaman, Sharmin Afrose, Ya Xiao","submitted_at":"2018-06-18T18:32:35Z","abstract_excerpt":"Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic API calls in massive-sized (e.g., millions of LoC) Java programs is not new. However, hindered by the practical difficulty of reducing false positives without compromising analysis quality, this goal has not been accomplished. State-of-the-art crypto API screening solutions are not designed to operate on a large scale.\n  Our technical innovation is a set of fast and highly accurate slic"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1806.06881","kind":"arxiv","version":5},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-17T23:50:07Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"I/MGaY01JIk8QuhdVep5f8yotrmPJbvf8UBvF26u3IQe/fxzixRDM2/586Hxb/HjFJ27xl/zyfszwYjhOPSVBw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-05-28T18:27:36.769623Z"},"content_sha256":"10b38620b3bc512eb9df29b6d51e51d7d4aa6c5a998a4460622b11bd53efaf91","schema_version":"1.0","event_id":"sha256:10b38620b3bc512eb9df29b6d51e51d7d4aa6c5a998a4460622b11bd53efaf91"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/HJKVHDMISLMPI2IY6EZFXM2SNG/bundle.json","state_url":"https://pith.science/pith/HJKVHDMISLMPI2IY6EZFXM2SNG/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/HJKVHDMISLMPI2IY6EZFXM2SNG/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-05-28T18:27:36Z","links":{"resolver":"https://pith.science/pith/HJKVHDMISLMPI2IY6EZFXM2SNG","bundle":"https://pith.science/pith/HJKVHDMISLMPI2IY6EZFXM2SNG/bundle.json","state":"https://pith.science/pith/HJKVHDMISLMPI2IY6EZFXM2SNG/state.json","well_known_bundle":"https://pith.science/.well-known/pith/HJKVHDMISLMPI2IY6EZFXM2SNG/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2018:HJKVHDMISLMPI2IY6EZFXM2SNG","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"bfe12bd63bc2436c809007c3491f3b0829ac049728d58b44751e6451c7820042","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-18T18:32:35Z","title_canon_sha256":"c15408f93edab3a2c01143c4cb02a9fb4bbf7a1b59567ad4a1d6f6b508dc0528"},"schema_version":"1.0","source":{"id":"1806.06881","kind":"arxiv","version":5}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"1806.06881","created_at":"2026-05-17T23:50:07Z"},{"alias_kind":"arxiv_version","alias_value":"1806.06881v5","created_at":"2026-05-17T23:50:07Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1806.06881","created_at":"2026-05-17T23:50:07Z"},{"alias_kind":"pith_short_12","alias_value":"HJKVHDMISLMP","created_at":"2026-05-18T12:32:28Z"},{"alias_kind":"pith_short_16","alias_value":"HJKVHDMISLMPI2IY","created_at":"2026-05-18T12:32:28Z"},{"alias_kind":"pith_short_8","alias_value":"HJKVHDMI","created_at":"2026-05-18T12:32:28Z"}],"graph_snapshots":[{"event_id":"sha256:10b38620b3bc512eb9df29b6d51e51d7d4aa6c5a998a4460622b11bd53efaf91","target":"graph","created_at":"2026-05-17T23:50:07Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"paper":{"abstract_excerpt":"Cryptographic API misuses, such as exposed secrets, predictable random numbers, and vulnerable certificate verification, seriously threaten software security. The vision of automatically screening cryptographic API calls in massive-sized (e.g., millions of LoC) Java programs is not new. However, hindered by the practical difficulty of reducing false positives without compromising analysis quality, this goal has not been accomplished. State-of-the-art crypto API screening solutions are not designed to operate on a large scale.\n  Our technical innovation is a set of fast and highly accurate slic","authors_text":"Danfeng (Daphne) Yao, Fahad Shaon, Ke Tian, Miles Frantz, Murat Kantarcioglu, Sazzadur Rahaman, Sharmin Afrose, Ya Xiao","cross_cats":[],"headline":"","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-18T18:32:35Z","title":"CryptoGuard: High Precision Detection of Cryptographic Vulnerabilities in Massive-sized Java Projects"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1806.06881","kind":"arxiv","version":5},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:17336fce89a01c85e5b4d7e4d815e04aa0fde1d57b8f7d8b755d0c0a4f2331f8","target":"record","created_at":"2026-05-17T23:50:07Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"bfe12bd63bc2436c809007c3491f3b0829ac049728d58b44751e6451c7820042","cross_cats_sorted":[],"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"cs.CR","submitted_at":"2018-06-18T18:32:35Z","title_canon_sha256":"c15408f93edab3a2c01143c4cb02a9fb4bbf7a1b59567ad4a1d6f6b508dc0528"},"schema_version":"1.0","source":{"id":"1806.06881","kind":"arxiv","version":5}},"canonical_sha256":"3a55538d8892d8f46918f1325bb35269a9fb6fce226b9573833dae97d5ffd422","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"3a55538d8892d8f46918f1325bb35269a9fb6fce226b9573833dae97d5ffd422","first_computed_at":"2026-05-17T23:50:07.211905Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-17T23:50:07.211905Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"rpq/phRmgLp31MHIRWWg1FPXzTcJxakIzpcH0fB5nJLp8wNlAn+x57aKcSEHVCdvCJ89knw37W9710/9cMx0Aw==","signature_status":"signed_v1","signed_at":"2026-05-17T23:50:07.212544Z","signed_message":"canonical_sha256_bytes"},"source_id":"1806.06881","source_kind":"arxiv","source_version":5}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:17336fce89a01c85e5b4d7e4d815e04aa0fde1d57b8f7d8b755d0c0a4f2331f8","sha256:10b38620b3bc512eb9df29b6d51e51d7d4aa6c5a998a4460622b11bd53efaf91"],"state_sha256":"43b212adf66b3eb64c4d904fcba4f100bc53183214f9074a1585155704b404e3"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"kVVyMLHj+kqfsq1A/vulmqUQinnk2ge1grQiWh2utUnIf0O7xPh/s1mPKqq4qyN5+FVUT+/wM1bLG7t3+KNGCQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-05-28T18:27:36.773327Z","bundle_sha256":"a5bb5c3faa8f252f645ff430285d3ded0fa648fd5739b0d3750c03544ac0b714"}}