{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T23:12:13Z","timestamp":1757545933887,"version":"3.37.3"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030351984"},{"type":"electronic","value":"9783030351991"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-35199-1_2","type":"book-chapter","created":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:02:46Z","timestamp":1575849766000},"page":"22-41","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Subverting Decryption in AEAD"],"prefix":"10.1007","author":[{"given":"Marcel","family":"Armour","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6525-5141","authenticated-orcid":false,"given":"Bertram","family":"Poettering","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,11,18]]},"reference":[{"issue":"3","key":"2_CR1","doi-asserted-by":"crossref","first-page":"152","DOI":"10.46586\/tosc.v2019.i3.152-168","volume":"2019","author":"M Armour","year":"2019","unstructured":"Armour, M., Poettering, B.: Substitution attacks against message authentication. IACR Trans. Symmetric Cryptol. 2019(3), 152\u2013168 (2019). https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/8361","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"2_CR2","unstructured":"Armour, M., Poettering, B.: Substitution attacks against message authentication. Cryptology ePrint Archive, Report 2019\/989 (2019). http:\/\/eprint.iacr.org\/2019\/989"},{"key":"2_CR3","unstructured":"Armour, M., Poettering, B.: Subverting decryption in AEAD. Cryptology ePrint Archive, Report 2019\/987 (2019). http:\/\/eprint.iacr.org\/2019\/987"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Ateniese, G., Magri, B., Venturi, D.: Subversion-resilient signature schemes. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015: 22nd Conference on Computer and Communications Security, pp. 364\u2013375. ACM Press, October 2015","DOI":"10.1145\/2810103.2813635"},{"key":"2_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"627","DOI":"10.1007\/978-3-662-46803-6_21","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"M Bellare","year":"2015","unstructured":"Bellare, M., Hoang, V.T.: Resisting randomness subversion: fast deterministic and hedged public-key encryption in the standard model. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 627\u2013656. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46803-6_21"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Bellare, M., Jaeger, J., Kane, D.: Mass-surveillance without the state: Strongly undetectable algorithm-substitution attacks. In: Ray, I., Li, N., Kruegel, C. (eds.) ACM CCS 2015: 22nd Conference on Computer and Communications Security, pp. 1431\u20131440. ACM Press, October 2015","DOI":"10.1145\/2810103.2813681"},{"key":"2_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/978-3-662-53018-4_14","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Kane, D., Rogaway, P.: Big-key symmetric encryption: resisting key exfiltration. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 373\u2013402. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_14"},{"key":"2_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-662-44371-2_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"M Bellare","year":"2014","unstructured":"Bellare, M., Paterson, K.G., Rogaway, P.: Security of symmetric encryption against mass surveillance. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 1\u201319. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_1"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Berndt, S., Liskiewicz, M.: Algorithm substitution attacks from a steganographic perspective. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017: 24th Conference on Computer and Communications Security, pp. 1649\u20131660. ACM Press (2017)","DOI":"10.1145\/3133956.3133981"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-662-43933-3_19","volume-title":"Fast Software Encryption","author":"A Boldyreva","year":"2014","unstructured":"Boldyreva, A., Degabriele, J.P., Paterson, K.G., Stam, M.: On symmetric encryption with distinguishable decryption failures. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 367\u2013390. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-43933-3_19"},{"key":"2_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"427","DOI":"10.1007\/978-3-319-63697-9_15","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"J Camenisch","year":"2017","unstructured":"Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous attestation with subverted TPMs. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 427\u2013461. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_15"},{"key":"2_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1007\/978-3-662-48116-5_28","volume-title":"Fast Software Encryption","author":"JP Degabriele","year":"2015","unstructured":"Degabriele, J.P., Farshim, P., Poettering, B.: A more cautious approach to security against mass surveillance. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 579\u2013598. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48116-5_28"},{"key":"2_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/978-3-662-46800-5_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"Y Dodis","year":"2015","unstructured":"Dodis, Y., Ganesh, C., Golovnev, A., Juels, A., Ristenpart, T.: A formal treatment of backdoored pseudorandom generators. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 101\u2013126. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_5"},{"key":"2_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-662-53018-4_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"Y Dodis","year":"2016","unstructured":"Dodis, Y., Mironov, I., Stephens-Davidowitz, N.: Message transmission with reverse firewalls\u2014secure communication on corrupted machines. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 341\u2013372. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_13"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J.: SP 800\u201338D: recommendation for block cipher modes of operation: Galois\/Counter Mode (GCM) and GMAC. US National Institute of Standards and Technology (2007)","DOI":"10.6028\/NIST.SP.800-38d"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Fischlin, M., Janson, C., Mazaheri, S.: Backdoored hash functions: immunizing HMAC and HKDF. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 105\u2013118. IEEE (2018)","DOI":"10.1109\/CSF.2018.00015"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Fischlin, M., Mazaheri, S.: Self-guarding cryptographic protocols against algorithm substitution attacks. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 76\u201390. IEEE (2018)","DOI":"10.1109\/CSF.2018.00013"},{"key":"2_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/10958513_13","volume-title":"Information Security","author":"E-J Goh","year":"2003","unstructured":"Goh, E.-J., Boneh, D., Pinkas, B., Golle, P.: The design and implementation of protocol-based hidden key recovery. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 165\u2013179. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/10958513_13"},{"key":"2_CR19","unstructured":"Krovetz, T., Rogaway, P.: The OCB authenticated-encryption algorithm (2014). https:\/\/tools.ietf.org\/html\/rfc7253"},{"key":"2_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"507","DOI":"10.1007\/978-3-319-98989-1_25","volume-title":"Computer Security","author":"H Ma","year":"2018","unstructured":"Ma, H., Zhang, R., Yang, G., Song, Z., Sun, S., Xiao, Y.: Concessive online\/offline attribute based encryption with cryptographic reverse firewalls\u2014secure and efficient fine-grained access control on corrupted machines. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018, Part II. LNCS, vol. 11099, pp. 507\u2013526. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-98989-1_25"},{"key":"2_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"657","DOI":"10.1007\/978-3-662-46803-6_22","volume-title":"Advances in Cryptology - EUROCRYPT 2015","author":"I Mironov","year":"2015","unstructured":"Mironov, I., Stephens-Davidowitz, N.: Cryptographic reverse firewalls. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 657\u2013686. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46803-6_22"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) ACM CCS 2002: 9th Conference on Computer and Communications Security, pp. 98\u2013107. ACM Press, November 2002","DOI":"10.1145\/586123.586125"},{"key":"2_CR23","unstructured":"Rogaway, P.: The moral character of cryptographic work. Cryptology ePrint Archive, Report 2015\/1162 (2015). http:\/\/eprint.iacr.org\/2015\/1162"},{"key":"2_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-662-53890-6_2","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"A Russell","year":"2016","unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Cliptography: clipping the power of kleptographic attacks. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part II. LNCS, vol. 10032, pp. 34\u201364. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53890-6_2"},{"key":"2_CR25","unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.S.: Destroying steganography via amalgamation: kleptographically CPA secure public key encryption. Cryptology ePrint Archive, Report 2016\/530 (2016). http:\/\/eprint.iacr.org\/2016\/530"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.S.: Generic semantic security against a kleptographic adversary. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017: 24th Conference on Computer and Communications Security, pp. 907\u2013922. ACM Press, October\/November 2017","DOI":"10.1145\/3133956.3133993"},{"key":"2_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/978-3-319-96881-0_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"A Russell","year":"2018","unstructured":"Russell, A., Tang, Q., Yung, M., Zhou, H.-S.: Correcting subverted random oracles. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 241\u2013271. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_9"},{"key":"2_CR28","unstructured":"Schneier, B., Fredrikson, M., Kohno, T., Ristenpart, T.: Surreptitiously weakening cryptographic systems. Cryptology ePrint Archive, Report 2015\/097 (2015). http:\/\/eprint.iacr.org\/2015\/097"},{"key":"2_CR29","first-page":"51","volume-title":"Advances in Cryptology \u2013 CRYPTO\u201983","author":"GJ Simmons","year":"1983","unstructured":"Simmons, G.J.: The prisoners\u2019 problem and the subliminal channel. In: Chaum, D. (ed.) Advances in Cryptology \u2013 CRYPTO\u201983, pp. 51\u201367. Plenum Press, New York (1983)"},{"key":"2_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/3-540-68697-5_8","volume-title":"Advances in Cryptology \u2014 CRYPTO 96","author":"A Young","year":"1996","unstructured":"Young, A., Yung, M.: The dark side of \u201c\u2019black-box\u201d cryptography or: should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89\u2013103. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_8"},{"key":"2_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/3-540-69053-0_6","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 97","author":"A Young","year":"1997","unstructured":"Young, A., Yung, M.: Kleptography: using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62\u201374. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/3-540-69053-0_6"},{"key":"2_CR32","unstructured":"Zhu, B.: AES-GCM-Python (2013). https:\/\/github.com\/bozhu\/AES-GCM-Python\/blob\/master\/aes_gcm.py"}],"container-title":["Lecture Notes in Computer Science","Cryptography and Coding"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-35199-1_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,2,11]],"date-time":"2021-02-11T01:01:03Z","timestamp":1613005263000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-35199-1_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030351984","9783030351991"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-35199-1_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"18 November 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IMACC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IMA International Conference on Cryptography and Coding","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oxford","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 December 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 December 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ima2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ima.org.uk\/11167\/17th-ima-international-conference-on-cryptography-and-coding\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"31","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"55% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"7","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}