{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T12:17:49Z","timestamp":1771330669574,"version":"3.50.1"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030109691","type":"print"},{"value":"9783030109707","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-10970-7_12","type":"book-chapter","created":{"date-parts":[[2019,1,12]],"date-time":"2019-01-12T10:12:15Z","timestamp":1547287935000},"page":"257-277","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Fault Attacks on Nonce-Based Authenticated Encryption: Application to Keyak and Ketje"],"prefix":"10.1007","author":[{"given":"Christoph","family":"Dobraunig","sequence":"first","affiliation":[]},{"given":"Stefan","family":"Mangard","sequence":"additional","affiliation":[]},{"given":"Florian","family":"Mendel","sequence":"additional","affiliation":[]},{"given":"Robert","family":"Primas","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,1,13]]},"reference":[{"key":"12_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1007\/978-3-319-66787-4_9","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2017","author":"S Anceau","year":"2017","unstructured":"Anceau, S., Bleuet, P., Cl\u00e9di\u00e8re, J., Maingault, L., Rainard, J., Tucoulou, R.: Nanofocused X-ray beam to reprogram secure circuits. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 175\u2013188. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_9"},{"issue":"2","key":"12_CR2","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1109\/JPROC.2005.862424","volume":"94","author":"H Bar-El","year":"2006","unstructured":"Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer\u2019s apprentice guide to fault attacks. Proc. IEEE 94(2), 370\u2013382 (2006). https:\/\/doi.org\/10.1109\/JPROC.2005.862424","journal-title":"Proc. IEEE"},{"key":"12_CR3","unstructured":"Bellare, M., Rogaway, P., Wagner, D.A.: EAX: a conventional authenticated-encryption mode. Cryptology ePrint Archive, Report 2003\/069 (2003). http:\/\/eprint.iacr.org\/2003\/069"},{"key":"12_CR4","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission (Version 3.0) (2011). http:\/\/keccak.noekeon.org\/Keccak-submission-3.pdf"},{"key":"12_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/978-3-642-28496-0_19","volume-title":"Selected Areas in Cryptography","author":"G Bertoni","year":"2012","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320\u2013337. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28496-0_19"},{"key":"12_CR6","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Ketje v2. https:\/\/keccak.team\/files\/Ketjev2-doc2.0.pdf"},{"key":"12_CR7","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Keyak v2. https:\/\/keccak.team\/files\/Keyakv2-doc2.2.pdf"},{"key":"12_CR8","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: Keccak code package. https:\/\/github.com\/gvanas\/KeccakCodePackage. Accessed 05 Dec 2017"},{"key":"12_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/3-540-44598-6_8","volume-title":"Advances in Cryptology \u2014 CRYPTO 2000","author":"I Biehl","year":"2000","unstructured":"Biehl, I., Meyer, B., M\u00fcller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131\u2013146. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44598-6_8"},{"key":"12_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/BFb0052259","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201997","author":"E Biham","year":"1997","unstructured":"Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513\u2013525. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0052259"},{"key":"12_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/3-540-69053-0_4","volume-title":"Advances in Cryptology\u2014EUROCRYPT 1997","author":"D Boneh","year":"1997","unstructured":"Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37\u201351. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_4"},{"key":"12_CR12","unstructured":"CAESAR committee: CAESAR: Competition for authenticated encryption: Security, applicability, and robustness (2014). http:\/\/competitions.cr.yp.to\/caesar.html"},{"key":"12_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-74735-2_13","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2007","author":"C Clavier","year":"2007","unstructured":"Clavier, C.: Secret external encodings do not prevent transient fault analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 181\u2013194. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74735-2_13"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Dobraunig, C., Eichlseder, M., Gross, H., Mangard, S., Mendel, F., Primas, R.: Statistical ineffective fault attacks on masked AES with fault countermeasures. Cryptology ePrint Archive, Report 2018\/357 (2018). https:\/\/eprint.iacr.org\/2018\/357","DOI":"10.1007\/978-3-030-03329-3_11"},{"key":"12_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/978-3-662-53887-6_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"C Dobraunig","year":"2016","unstructured":"Dobraunig, C., Eichlseder, M., Korak, T., Lomn\u00e9, V., Mendel, F.: Statistical fault attacks on nonce-based authenticated encryption schemes. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 369\u2013395. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_14"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Dobraunig, C., Eichlseder, M., Korak, T., Mangard, S., Mendel, F., Primas, R.: SIFA: exploiting ineffective fault inductions on symmetric cryptography. In: IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2018, no. 3, pp. 547\u2013572, August 2018. https:\/\/tches.iacr.org\/index.php\/TCHES\/article\/view\/7286","DOI":"10.46586\/tches.v2018.i3.547-572"},{"key":"12_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"490","DOI":"10.1007\/978-3-662-48800-3_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"C Dobraunig","year":"2015","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F.: Heuristic tool for linear cryptanalysis with applications to CAESAR candidates. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 490\u2013509. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48800-3_20"},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Fuhr, T., Jaulmes, \u00c9., Lomn\u00e9, V., Thillard, A.: Fault attacks on AES with faulty ciphertexts only. In: Fischer, W., Schmidt, J.M. (eds.) FDTC 2013, pp. 108\u2013118. IEEE Computer Society (2013)","DOI":"10.1109\/FDTC.2013.18"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Maurine, P.: Techniques for EM fault injection: equipments and experimental results. In: Bertoni, G., Gierlichs, B. (eds.) FDTC 2012, pp. 3\u20134. IEEE Computer Society (2012)","DOI":"10.1109\/FDTC.2012.21"},{"key":"12_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"DA McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The security and performance of the Galois\/Counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343\u2013355. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30556-9_27"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"McKay, K.A., Bassham, L., Turan, M.S., Mouha, N.: NISTIR 8114: report on lightweight cryptography (2017). https:\/\/doi.org\/10.6028\/NIST.IR.8114","DOI":"10.6028\/NIST.IR.8114"},{"key":"12_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/978-3-662-48800-3_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"B Mennink","year":"2015","unstructured":"Mennink, B., Reyhanitabar, R., Viz\u00e1r, D.: Security of full-state keyed sponge and duplex: applications to authenticated encryption. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 465\u2013489. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48800-3_19"},{"key":"12_CR23","unstructured":"National Institute of Standards and Technology: FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Federal Information Processing Standards Publication 202, U.S. Department of Commerce, August 2015. http:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.202.pdf"},{"key":"12_CR24","unstructured":"National Institute of Standards and Technology: DRAFT submissionrequirements and evaluation criteria for the lightweight cryptographystandardization process (2018). https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/Draft-LWC-Submission-Requirements-April2018.pdf"},{"key":"12_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-3-540-45238-6_7","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2003","author":"G Piret","year":"2003","unstructured":"Piret, G., Quisquater, J.-J.: A differential fault attack technique against SPN structures, with application to the AES and Khazad. In: Walter, C.D., Ko\u00e7, \u00c7.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77\u201388. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45238-6_7"},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: CCS 2002, pp. 98\u2013107. ACM (2002)","DOI":"10.1145\/586110.586125"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: Reiter, M.K., Samarati, P. (eds.) CCS 2001, pp. 196\u2013205. ACM (2001)","DOI":"10.1145\/501983.502011"},{"key":"12_CR28","doi-asserted-by":"crossref","unstructured":"Ronen, E., Shamir, A., Weingarten, A.O., O\u2019Flynn, C.: IoT goes nuclear: creating a ZigBee chain reaction. In: SP 2017, pp. 195\u2013212. IEEE Computer Society (2017)","DOI":"10.1109\/SP.2017.14"},{"key":"12_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"417","DOI":"10.1007\/978-3-319-31301-6_24","volume-title":"Selected Areas in Cryptography - SAC 2015","author":"D Saha","year":"2016","unstructured":"Saha, D., Chowdhury, D.R.: Scope: on the side channel vulnerability of releasing unverified plaintexts. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 417\u2013438. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-31301-6_24"},{"key":"12_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"581","DOI":"10.1007\/978-3-662-53140-2_28","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2016","author":"D Saha","year":"2016","unstructured":"Saha, D., Chowdhury, D.R.: EnCounter: on breaking the nonce barrier in differential fault analysis with a case-study on PAEQ. In: Gierlichs, B., Poschmann, A. (eds.) CHES 2016. LNCS, vol. 9813, pp. 581\u2013601. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53140-2_28"},{"key":"12_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-319-13039-2_12","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2014","author":"D Saha","year":"2014","unstructured":"Saha, D., Kuila, S., Roy Chowdhury, D.: EscApe: diagonal fault analysis of APE. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 197\u2013216. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13039-2_12"},{"key":"12_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1007\/3-540-36400-5_2","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2002","author":"SP Skorobogatov","year":"2003","unstructured":"Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski, B.S., Ko\u00e7, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2\u201312. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-36400-5_2"},{"key":"12_CR33","doi-asserted-by":"crossref","unstructured":"Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM) (2003)","DOI":"10.17487\/rfc3610"},{"issue":"9","key":"12_CR34","doi-asserted-by":"publisher","first-page":"967","DOI":"10.1109\/12.869328","volume":"49","author":"SM Yen","year":"2000","unstructured":"Yen, S.M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967\u2013970 (2000)","journal-title":"IEEE Trans. Comput."}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography \u2013 SAC 2018"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-10970-7_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,12]],"date-time":"2023-01-12T01:04:49Z","timestamp":1673485489000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-10970-7_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030109691","9783030109707"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-10970-7_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"13 January 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SAC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Selected Areas in Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Calgary, AB","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sacrypt2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ucalgary.ca\/cpsc\/selected-areas-cryptography\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"57","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"22","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}