{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T04:26:36Z","timestamp":1769919996544,"version":"3.49.0"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030816513","type":"print"},{"value":"9783030816520","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-81652-0_20","type":"book-chapter","created":{"date-parts":[[2021,7,20]],"date-time":"2021-07-20T06:26:19Z","timestamp":1626762379000},"page":"512-534","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Nonce-Misuse Security of the SAEF Authenticated Encryption Mode"],"prefix":"10.1007","author":[{"given":"Elena","family":"Andreeva","sequence":"first","affiliation":[]},{"given":"Amit Singh","family":"Bhati","sequence":"additional","affiliation":[]},{"given":"Damian","family":"Viz\u00e1r","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,7,21]]},"reference":[{"key":"20_CR1","unstructured":"Andreeva, E., et al.: COLM v1 (2014). https:\/\/competitions.cr.yp.to\/round3\/colmv1.pdf"},{"key":"20_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/978-3-030-34621-8_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"E Andreeva","year":"2019","unstructured":"Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., Viz\u00e1r, D.: Forkcipher: a new primitive for authenticated encryption of very short messages. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 153\u2013182. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34621-8_6"},{"key":"20_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-63697-9_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"T Ashur","year":"2017","unstructured":"Ashur, T., Dunkelman, O., Luykx, A.: Boosting authenticated encryption robustness with minimal modifications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 3\u201333. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_1"},{"key":"20_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-662-53008-5_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"C Beierle","year":"2016","unstructured":"Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123\u2013153. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_5"},{"key":"20_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/3-540-44647-8_18","volume-title":"Advances in Cryptology \u2014 CRYPTO 2001","author":"M Bellare","year":"2001","unstructured":"Bellare, M., Boldyreva, A., Knudsen, L., Namprempre, C.: Online ciphers and the hash-CBC construction. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 292\u2013309. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44647-8_18"},{"key":"20_CR6","doi-asserted-by":"publisher","unstructured":"Bellizia, D., et al.: Spook: sponge-based leakage-resistant authenticated encryption with a masked tweakable block cipher. IACR Tran. Symmetric Cryptol. 2020(S1), 295\u2013349 (2020). https:\/\/doi.org\/10.13154\/tosc.v2020.iS1.295-349. https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/8623","DOI":"10.13154\/tosc.v2020.iS1.295-349"},{"key":"20_CR7","unstructured":"Bernstein, D.J.: Cryptographic competitions: CAESAR. http:\/\/competitions.cr.yp.to"},{"key":"20_CR8","unstructured":"B\u00f6ck, H., Zauner, A., Devlin, S., Somorovsky, J., Jovanovic, P.: Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS. In: 10th USENIX Workshop on Offensive Technologies (2016)"},{"key":"20_CR9","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: ASCON v1.2 (2014). https:\/\/competitions.cr.yp.to\/round3\/asconv12.pdf"},{"key":"20_CR10","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J.: SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois\/Counter Mode (GCM) and GMAC (2007)","DOI":"10.6028\/NIST.SP.800-38d"},{"key":"20_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/978-3-642-34047-5_12","volume-title":"Fast Software Encryption","author":"E Fleischmann","year":"2012","unstructured":"Fleischmann, E., Forler, C., Lucks, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196\u2013215. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_12"},{"key":"20_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/978-3-540-24654-1_11","volume-title":"Selected Areas in Cryptography","author":"P-A Fouque","year":"2004","unstructured":"Fouque, P.-A., Joux, A., Martinet, G., Valette, F.: Authenticated on-line encryption. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 145\u2013159. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24654-1_11"},{"key":"20_CR13","doi-asserted-by":"crossref","unstructured":"Guillaume Endignoux, D.V.: Linking Online Misuse-Resistant Authenticated Encryption and Blockwise Attack Models. Cryptology ePrint Archive, Report 2017\/184 (2017). https:\/\/eprint.iacr.org\/2017\/184","DOI":"10.46586\/tosc.v2016.i2.125-144"},{"key":"20_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-662-46800-5_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"VT Hoang","year":"2015","unstructured":"Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 15\u201344. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_2"},{"key":"20_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/978-3-662-47989-6_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"VT Hoang","year":"2015","unstructured":"Hoang, V.T., Reyhanitabar, R., Rogaway, P., Viz\u00e1r, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 493\u2013517. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_24"},{"key":"20_CR16","unstructured":"Hongjun, W., Tao, H.: TinyJAMBU: A Family of Lightweight Authenticated Encryption Algorithms (2019). https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/round-1\/spec-doc\/TinyJAMBU-spec.pdf"},{"key":"20_CR17","doi-asserted-by":"publisher","unstructured":"Iwata, T., Khairallah, M., Minematsu, K., Peyrin, T.: Duel of the titans: the romulus and remus families of lightweight AEAD algorithms. IACR Trans. Symmetric Cryptol. 2020(1), 43\u2013120 (2020). https:\/\/doi.org\/10.13154\/tosc.v2020.i1.43-120. https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/8560","DOI":"10.13154\/tosc.v2020.i1.43-120"},{"key":"20_CR18","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T., Seurin, Y.: Deoxys v1.41 v1 (2016). https:\/\/competitions.cr.yp.to\/round3\/deoxysv141.pdf"},{"key":"20_CR19","unstructured":"Krovetz, T., Rogaway, P.: OCB v1.1 (2014). https:\/\/competitions.cr.yp.to\/round3\/ocbv11.pdf"},{"key":"20_CR20","unstructured":"O\u2019Donnell, L.: 2 Million IoT Devices Vulnerable to Complete Takeover. Threatpost (2019). https:\/\/threatpost.com\/iot-devices-vulnerable-takeover\/144167\/"},{"key":"20_CR21","unstructured":"O\u2019Donnell, L.: Serious Security Flaws Found in Children\u2019s Connected Toys. Threatpost (2019). https:\/\/threatpost.com\/serious-security-flaws-found-in-childrens-connected-toys\/151020\/"},{"key":"20_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/978-3-642-04159-4_21","volume-title":"Selected Areas in Cryptography","author":"J Patarin","year":"2009","unstructured":"Patarin, J.: The \u201cCoefficients H\u2019\u2019 technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328\u2013345. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_21"},{"key":"20_CR23","unstructured":"Purnal, A., Andreeva, E., Roy, A., Viz\u00e1r, D.: What the fork: implementation aspects of a forkcipher. In: NIST Lightweight Cryptography Workshop 2019 (2019)"},{"key":"20_CR24","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 98\u2013107 (2002)","DOI":"10.1145\/586110.586125"},{"key":"20_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_23"},{"key":"20_CR26","doi-asserted-by":"crossref","unstructured":"Rogaway, P., Shrimpton, T.: Deterministic authenticated-encryption: a provable-security treatment of the key-wrap problem. IACR Cryptology ePrint Archive 2006, 221 (2006)","DOI":"10.1007\/11761679_23"},{"key":"20_CR27","doi-asserted-by":"crossref","unstructured":"Vanhoef, M., Piessens, F.: Key reinstallation attacks: forcing nonce reuse in WPA2. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1313\u20131328. ACM (2017)","DOI":"10.1145\/3133956.3134027"},{"key":"20_CR28","unstructured":"Wu, H.: ACORN v3 (2014). https:\/\/competitions.cr.yp.to\/round3\/acornv3.pdf"},{"key":"20_CR29","unstructured":"Wu, H., Huang, T.: MORUS v2 (2014). https:\/\/competitions.cr.yp.to\/round3\/morusv2.pdf"},{"key":"20_CR30","unstructured":"Wu, H., Preneel, B.: AEGIS v1.1 (2014). https:\/\/competitions.cr.yp.to\/round3\/aegisv11.pdf"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-81652-0_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,19]],"date-time":"2025-07-19T22:02:38Z","timestamp":1752962558000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-81652-0_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030816513","9783030816520"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-81652-0_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"21 July 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SAC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Selected Areas in Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sacrypt2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sac2020.ca\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"iChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"52% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3-5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6-8","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}