{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T10:54:31Z","timestamp":1778064871616,"version":"3.51.4"},"publisher-location":"Cham","reference-count":79,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031683848","type":"print"},{"value":"9783031683855","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-68385-5_14","type":"book-chapter","created":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T08:02:51Z","timestamp":1723795371000},"page":"425-462","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["The Committing Security of\u00a0MACs with\u00a0Applications to\u00a0Generic Composition"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2883-4870","authenticated-orcid":false,"given":"Ritam","family":"Bhaumik","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8729-6163","authenticated-orcid":false,"given":"Bishwajit","family":"Chakraborty","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7230-2057","authenticated-orcid":false,"given":"Wonseok","family":"Choi","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2672-7331","authenticated-orcid":false,"given":"Avijit","family":"Dutta","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2658-3251","authenticated-orcid":false,"given":"J\u00e9r\u00f4me","family":"Govinden","sequence":"additional","affiliation":[]},{"given":"Yaobin","family":"Shen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,8,17]]},"reference":[{"key":"14_CR1","unstructured":"Albertini, A., Duong, T., Gueron, S., K\u00f6lbl, S., Luykx, A., Schmieg, S.: How to abuse and fix authenticated encryption without key commitment. In: Butler, K.R.B., Thomas, K. (eds.) USENIX Security 2022, pp. 3291\u20133308. USENIX Association, August 2022"},{"key":"14_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1007\/978-3-642-25516-8_10","volume-title":"Cryptography and Coding","author":"E Andreeva","year":"2011","unstructured":"Andreeva, E., Stam, M.: The symbiosis between collision and preimage resistance. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 152\u2013171. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25516-8_10"},{"key":"14_CR3","doi-asserted-by":"publisher","unstructured":"Backendal, M., Bellare, M., G\u00fcnther, F., Scarlata, M.: When messages are keys: Is HMAC a dual-PRF? In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO\u00a02023, Part\u00a0III. LNCS, vol. 14083, pp. 661\u2013693. Springer, Heidelberg (2023). https:\/\/doi.org\/10.1007\/978-3-031-38548-3_22","DOI":"10.1007\/978-3-031-38548-3_22"},{"key":"14_CR4","unstructured":"Bellare, M., et al.: Ask your cryptographer if context-committing AEAD is right for you. Presented at the IACR Real World Crypto Symposium (2023)"},{"key":"14_CR5","doi-asserted-by":"publisher","unstructured":"Bellare, M., Hoang, V.T.: Efficient schemes for committing authenticated encryption. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT\u00a02022, Part\u00a0II. LNCS, vol. 13276, pp. 845\u2013875. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-07085-3_29","DOI":"10.1007\/978-3-031-07085-3_29"},{"key":"14_CR6","unstructured":"Bellare, M., Hoang, V.T., Wu, C.: The landscape of committing authenticated encryption. Presented at the Third NIST Workshop on Block Cipher Modes of Operation (2023)"},{"key":"14_CR7","doi-asserted-by":"publisher","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT\u00a02000. LNCS, vol.\u00a01976, pp. 531\u2013545. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44448-3_41","DOI":"10.1007\/3-540-44448-3_41"},{"key":"14_CR8","doi-asserted-by":"publisher","unstructured":"Bellare, M., Pietrzak, K., Rogaway, P.: Improved security analyses for CBC MACs. In: Shoup, V. (ed.) CRYPTO\u00a02005. LNCS, vol.\u00a03621, pp. 527\u2013545. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_32","DOI":"10.1007\/11535218_32"},{"key":"14_CR9","doi-asserted-by":"publisher","unstructured":"Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy and Meier [72], pp. 389\u2013407. https:\/\/doi.org\/10.1007\/978-3-540-25937-4_25","DOI":"10.1007\/978-3-540-25937-4_25"},{"key":"14_CR10","doi-asserted-by":"publisher","unstructured":"Bernstein, D.J.: The poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE\u00a02005. LNCS, vol.\u00a03557, pp. 32\u201349. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11502760_3","DOI":"10.1007\/11502760_3"},{"key":"14_CR11","doi-asserted-by":"publisher","unstructured":"Berti, F.: Reconsidering generic composition: the modes A10, A11 and A12 are insecure. In: Simpson, L., Baee, M.A.R. (eds.) ACISP 2023. LNCS, vol. 13915, pp. 157\u2013176. Springer, Heidelberg (2023). https:\/\/doi.org\/10.1007\/978-3-031-35486-1_8","DOI":"10.1007\/978-3-031-35486-1_8"},{"key":"14_CR12","doi-asserted-by":"publisher","unstructured":"Berti, F., Pereira, O., Peters, T.: Reconsidering generic composition: the tag-then-encrypt case. In: Chakraborty, D., Iwata, T. (eds.) INDOCRYPT\u00a02018. LNCS, vol. 11356, pp. 70\u201390. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-030-05378-9_4","DOI":"10.1007\/978-3-030-05378-9_4"},{"key":"14_CR13","doi-asserted-by":"publisher","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol.\u00a07118, pp. 320\u2013337. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-28496-0_19","DOI":"10.1007\/978-3-642-28496-0_19"},{"key":"14_CR14","doi-asserted-by":"publisher","unstructured":"Boesgaard, M., Christensen, T., Zenner, E.: Badger - a fast and provably secure MAC. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol.\u00a03531, pp. 176\u2013191. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11496137_13","DOI":"10.1007\/11496137_13"},{"key":"14_CR15","unstructured":"Bourdrez, D., Krawczyk, D.H., Lewi, K., Wood, C.A.: The OPAQUE asymmetric PAKE protocol. Internet-Draft draft-irtf-cfrg-opaque-13, Internet Engineering Task Force, December 2023. https:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-opaque\/13\/, work in Progress"},{"key":"14_CR16","doi-asserted-by":"publisher","unstructured":"Chan, J., Rogaway, P.: On committing authenticated-encryption. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS\u00a02022, Part\u00a0II. LNCS, vol. 13555, pp. 275\u2013294. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-17146-8_14","DOI":"10.1007\/978-3-031-17146-8_14"},{"key":"14_CR17","doi-asserted-by":"publisher","unstructured":"Chattopadhyay, S., Jha, A., Nandi, M.: Fine-tuning the ISO\/IEC standard LightMAC. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT\u00a02021, Part\u00a0III. LNCS, vol. 13092, pp. 490\u2013519. Springer, Heidelberg (2021). https:\/\/doi.org\/10.1007\/978-3-030-92078-4_17","DOI":"10.1007\/978-3-030-92078-4_17"},{"key":"14_CR18","doi-asserted-by":"publisher","unstructured":"Chattopadhyay, S., Jha, A., Nandi, M.: Towards tight security bounds for OMAC, XCBC and TMAC. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0I. LNCS, vol. 13791, pp. 348\u2013378. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22963-3_12","DOI":"10.1007\/978-3-031-22963-3_12"},{"key":"14_CR19","doi-asserted-by":"publisher","unstructured":"Chen, L.: Recommendation for key derivation using pseudorandom functions. NIST Special Publication (SP) 800-108 Rev.1 (2022). https:\/\/doi.org\/10.6028\/NIST.SP.800-108r1-upd1","DOI":"10.6028\/NIST.SP.800-108r1-upd1"},{"key":"14_CR20","unstructured":"Daemen, J., Mella, S., Van\u00a0Assche, G.: Committing authenticated encryption based on shake. Cryptology ePrint Archive (2023)"},{"key":"14_CR21","doi-asserted-by":"publisher","unstructured":"Degabriele, J.P., Fischlin, M., Govinden, J.: The indifferentiability of the duplex and its practical applications. In: Guo, J., Steinfeld, R. (eds.) International Conference on the Theory and Application of Cryptology and Information Security, pp. 237\u2013269. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-981-99-8742-9_8","DOI":"10.1007\/978-981-99-8742-9_8"},{"key":"14_CR22","doi-asserted-by":"publisher","unstructured":"Degabriele, J.P., Govinden, J., G\u00fcnther, F., Paterson, K.G.: The security of ChaCha20-Poly1305 in the multi-user setting. In: Vigna, G., Shi, E. (eds.) ACM CCS 2021, pp. 1981\u20132003. ACM Press, November 2021. https:\/\/doi.org\/10.1145\/3460120.3484814","DOI":"10.1145\/3460120.3484814"},{"issue":"3","key":"14_CR23","doi-asserted-by":"publisher","first-page":"397","DOI":"10.1109\/PROC.1979.11256","volume":"67","author":"W Diffie","year":"1979","unstructured":"Diffie, W., Hellman, M.E.: Privacy and authentication: an introduction to cryptography. Proc. IEEE 67(3), 397\u2013427 (1979)","journal-title":"Proc. IEEE"},{"key":"14_CR24","doi-asserted-by":"publisher","unstructured":"Dodis, Y., Grubbs, P., Ristenpart, T., Woodage, J.: Fast message franking: from invisible salamanders to encryptment. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO\u00a02018, Part\u00a0I. LNCS, vol. 10991, pp. 155\u2013186. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_6","DOI":"10.1007\/978-3-319-96884-1_6"},{"key":"14_CR25","doi-asserted-by":"publisher","unstructured":"Dodis, Y., Ristenpart, T., Steinberger, J.P., Tessaro, S.: To hash or not to hash again? (In)differentiability results for $$H^2$$ and HMAC. In: Safavi-Naini and Canetti [73], pp. 348\u2013366. https:\/\/doi.org\/10.1007\/978-3-642-32009-5_21","DOI":"10.1007\/978-3-642-32009-5_21"},{"key":"14_CR26","doi-asserted-by":"publisher","unstructured":"Dworkin, M.: Recommendation for block cipher modes of operation: the CMAC mode for authentication. NIST Special Publication (SP) 800-38B (2005). https:\/\/doi.org\/10.6028\/NIST.SP.800-38B","DOI":"10.6028\/NIST.SP.800-38B"},{"key":"14_CR27","doi-asserted-by":"publisher","unstructured":"Dworkin, M.: Recommendation for block cipher modes of operation: Galois\/Counter Mode (GCM) and GMAC. Technical report. NIST Special Publication (SP) 800-38D, National Institute of Standards and Technology (2007). https:\/\/doi.org\/10.6028\/NIST.SP.800-38D","DOI":"10.6028\/NIST.SP.800-38D"},{"key":"14_CR28","doi-asserted-by":"publisher","unstructured":"Dworkin, M.: Recommendation for block cipher modes of operation: the CCM mode for authentication and confidentiality. Technical report. NIST Special Publication (SP) 800-38C, National Institute of Standards and Technology (2007). https:\/\/doi.org\/10.6028\/NIST.SP.800-38C","DOI":"10.6028\/NIST.SP.800-38C"},{"key":"14_CR29","unstructured":"Ehrsam, W.F., Meyer, C.H., Smith, J.L., Tuchman, W.L.: Message verification and transmission error detection by block chaining, 14 February 1978. uS Patent 4,074,066,"},{"key":"14_CR30","doi-asserted-by":"publisher","unstructured":"Farshim, P., Orlandi, C., Ro\u015fie, R.: Security of symmetric primitives under incorrect usage of keys. IACR Trans. Symm. Cryptol. 2017(1), 449\u2013473 (2017). https:\/\/doi.org\/10.13154\/tosc.v2017.i1.449-473","DOI":"10.13154\/tosc.v2017.i1.449-473"},{"key":"14_CR31","doi-asserted-by":"publisher","unstructured":"Figueiredo, R., Z\u00faquete, A., Oliveira\u00a0e Silva, T.: Massively parallel identification of privacy-preserving vehicle RFID tags. In: Saxena, N., Sadeghi, A.R. (eds.) International Workshop on Radio Frequency Identification: Security and Privacy Issues, RFIDSec 2015. LNCS, vol. 8651, pp. 36\u201353. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13066-8_3","DOI":"10.1007\/978-3-319-13066-8_3"},{"key":"14_CR32","doi-asserted-by":"publisher","unstructured":"Grubbs, P., Lu, J., Ristenpart, T.: Message franking via committing authenticated encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO\u00a02017, Part\u00a0III. LNCS, vol. 10403, pp. 66\u201397. Springer, Heidelberg (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_3","DOI":"10.1007\/978-3-319-63697-9_3"},{"key":"14_CR33","doi-asserted-by":"publisher","unstructured":"Harkins, D.: Synthetic Initialization Vector (SIV) Authenticated Encryption Using the Advanced Encryption Standard (AES). RFC 5297, October 2008. https:\/\/doi.org\/10.17487\/RFC5297, https:\/\/www.rfc-editor.org\/info\/rfc5297","DOI":"10.17487\/RFC5297"},{"key":"14_CR34","doi-asserted-by":"publisher","unstructured":"Hoang, V.T., Tessaro, S., Thiruvengadam, A.: The multi-user security of GCM, revisited: tight bounds for nonce randomization. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1429\u20131440. ACM Press, October 2018. https:\/\/doi.org\/10.1145\/3243734.3243816","DOI":"10.1145\/3243734.3243816"},{"key":"14_CR35","doi-asserted-by":"publisher","unstructured":"IEEE: IEEE Standard for Authenticated Encryption with Length Expansion for Storage Devices. IEEE Std 1619.1-2018 (Revision of IEEE Std 1619.1-2007) (2019). https:\/\/doi.org\/10.1109\/IEEESTD.2019.8637991","DOI":"10.1109\/IEEESTD.2019.8637991"},{"key":"14_CR36","unstructured":"ISO: ISO\/IEC: Information technology \u2013 Security techniques \u2013 Entity authentication \u2013 Part 4: Mechanisms using a cryptographic check function. ISO\/IEC 9798-4:1999, International Organization for Standardization (1999)"},{"key":"14_CR37","unstructured":"ISO: ISO\/IEC: Information technology \u2013 Security techniques \u2013 Message Authentication Codes (MACs) \u2013 Part 1: Mechanisms using a block cipher. ISO\/IEC 9797-1:2011, International Organization for Standardization (2011)"},{"key":"14_CR38","unstructured":"ISO: ISO\/IEC: Information technology \u2013 Security techniques \u2013 Message Authentication Codes (MACs) \u2013 Part 3: Mechanisms using a universal hash-function. ISO\/IEC 9797-3:2011, International Organization for Standardization (2011)"},{"key":"14_CR39","unstructured":"ISO: ISO: Banking and related financial services \u2013 Key wrap using AES. ISO 20038:2017, International Organization for Standardization (2017)"},{"key":"14_CR40","unstructured":"ISO: ISO\/IEC: Information technology \u2013 Lightweight cryptography \u2013 Part 6: Message authentication codes (MACs). ISO\/IEC 29192-6:2019, International Organization for Standardization (2019)"},{"key":"14_CR41","unstructured":"ISO: Information security \u2013 authenticated encryption. Standard ISO\/IEC 19772:2020, International Organization for Standardization, Geneva, CH (2020). https:\/\/www.iso.org\/standard\/81550.html"},{"key":"14_CR42","unstructured":"ISO: ISO\/IEC: Information technology \u2013 Security techniques \u2013 Message Authentication Codes (MACs) \u2013 Part 2: Mechanisms using a dedicated hash-function. ISO\/IEC 9797-1:2021, International Organization for Standardization (2021)"},{"key":"14_CR43","unstructured":"ISO: ISO\/IEC: Information technology \u2013 Automatic identification and data capture techniques \u2013 Part 11: Crypto suite PRESENT-80 security services for air interface communications. ISO\/IEC 29167-11:2023, International Organization for Standardization (2023)"},{"key":"14_CR44","doi-asserted-by":"publisher","unstructured":"Iwata, T., Kurosawa, K.: OMAC: one-key CBC MAC. In: Johansson, T. (ed.) FSE\u00a02003. LNCS, vol.\u00a02887, pp. 129\u2013153. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-39887-5_11","DOI":"10.1007\/978-3-540-39887-5_11"},{"key":"14_CR45","doi-asserted-by":"publisher","unstructured":"Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini and Canetti [73], pp. 31\u201349. https:\/\/doi.org\/10.1007\/978-3-642-32009-5_3","DOI":"10.1007\/978-3-642-32009-5_3"},{"key":"14_CR46","doi-asserted-by":"publisher","unstructured":"Jarecki, S., Krawczyk, H., Xu, J.: OPAQUE: an asymmetric PAKE protocol secure against pre-computation attacks. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT\u00a02018, Part\u00a0III. LNCS, vol. 10822, pp. 456\u2013486. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_15","DOI":"10.1007\/978-3-319-78372-7_15"},{"key":"14_CR47","unstructured":"Jha, A., Nandi, M.: Revisiting structure graph and its applications to CBC-MAC and EMAC. IACR Cryptol. ePrint Arch., p.\u00a0161 (2016). http:\/\/eprint.iacr.org\/2016\/161"},{"key":"14_CR48","unstructured":"Kr\u00e4mer, J., Struck, P., Weish\u00e4upl, M.: Committing authenticated encryption: Sponges vs. Block-ciphers in the case of the NIST LWC finalists. Cryptology ePrint Archive (2023)"},{"key":"14_CR49","doi-asserted-by":"publisher","unstructured":"Krawczyk, D.H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104, February 1997. https:\/\/doi.org\/10.17487\/RFC2104, https:\/\/www.rfc-editor.org\/info\/rfc2104","DOI":"10.17487\/RFC2104"},{"key":"14_CR50","doi-asserted-by":"publisher","unstructured":"Krawczyk, D.H., Eronen, P.: HMAC-based Extract-and-Expand Key Derivation Function (HKDF). RFC 5869, May 2010. https:\/\/doi.org\/10.17487\/RFC5869, https:\/\/www.rfc-editor.org\/info\/rfc5869","DOI":"10.17487\/RFC5869"},{"key":"14_CR51","doi-asserted-by":"publisher","unstructured":"Krovetz, T., Rogaway, P.: The OCB Authenticated-Encryption Algorithm. RFC 7253, May 2014. https:\/\/doi.org\/10.17487\/RFC7253, https:\/\/www.rfc-editor.org\/info\/rfc7253","DOI":"10.17487\/RFC7253"},{"key":"14_CR52","unstructured":"Len, J., Grubbs, P., Ristenpart, T.: Partitioning oracle attacks. Cryptology ePrint Archive, Report 2020\/1491 (2020). https:\/\/eprint.iacr.org\/2020\/1491"},{"key":"14_CR53","unstructured":"Len, J., Grubbs, P., Ristenpart, T.: Partitioning oracle attacks. In: Bailey, M., Greenstadt, R. (eds.) USENIX Security 2021, pp. 195\u2013212. USENIX Association, August 2021"},{"key":"14_CR54","doi-asserted-by":"publisher","unstructured":"Len, J., Grubbs, P., Ristenpart, T.: Authenticated encryption with key identification. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT\u00a02022, Part\u00a0III. LNCS, vol. 13793, pp. 181\u2013209. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22969-5_7","DOI":"10.1007\/978-3-031-22969-5_7"},{"key":"14_CR55","doi-asserted-by":"publisher","unstructured":"Luykx, A., Preneel, B., Tischhauser, E., Yasuda, K.: A MAC mode for lightweight block ciphers. In: Peyrin, T. (ed.) FSE\u00a02016. LNCS, vol.\u00a09783, pp. 43\u201359. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-52993-5_3","DOI":"10.1007\/978-3-662-52993-5_3"},{"key":"14_CR56","unstructured":"Mattsson, J.P., Smeets, B., Thormarker, E.: Proposals for standardization of encryption schemes. Presented at the Third NIST Workshop on Block Cipher Modes of Operation (2023)"},{"key":"14_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"DA McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The security and performance of the Galois\/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343\u2013355. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30556-9_27"},{"key":"14_CR58","doi-asserted-by":"publisher","unstructured":"Menda, S., Len, J., Grubbs, P., Ristenpart, T.: Context discovery and commitment attacks - how to break CCM, EAX, SIV, and more. In: Hazay, C., Stam, M. (eds.) EUROCRYPT\u00a02023, Part\u00a0IV. LNCS, vol. 14007, pp. 379\u2013407. Springer, Heidelberg (2023). https:\/\/doi.org\/10.1007\/978-3-031-30634-1_13","DOI":"10.1007\/978-3-031-30634-1_13"},{"key":"14_CR59","doi-asserted-by":"publisher","unstructured":"Molnar, D., Soppera, A., Wagner, D.: A scalable, delegatable pseudonym protocol enabling ownership transfer of RFID tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol.\u00a03897, pp. 276\u2013290. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11693383_19","DOI":"10.1007\/11693383_19"},{"key":"14_CR60","doi-asserted-by":"publisher","unstructured":"Molnar, D., Wagner, D.: Privacy and security in library RFID: issues, practices, and architectures. In: Atluri, V., Pfitzmann, B., McDaniel, P. (eds.) ACM CCS 2004, pp. 210\u2013219. ACM Press, October 2004. https:\/\/doi.org\/10.1145\/1030083.1030112","DOI":"10.1145\/1030083.1030112"},{"key":"14_CR61","doi-asserted-by":"publisher","unstructured":"Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A.M. (eds.) SAC 2014. LNCS, vol.\u00a08781, pp. 306\u2013323. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-319-13051-4_19","DOI":"10.1007\/978-3-319-13051-4_19"},{"issue":"4","key":"14_CR62","doi-asserted-by":"publisher","first-page":"420","DOI":"10.46586\/tosc.v2023.i4.420-451","volume":"2023","author":"Y Naito","year":"2023","unstructured":"Naito, Y., Sasaki, Y., Sugawara, T.: Committing security of Ascon: cryptanalysis on primitive and proof on mode. IACR Trans. Symmetric Cryptol. 2023(4), 420\u2013451 (2023)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"14_CR63","doi-asserted-by":"publisher","unstructured":"Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT\u00a02014. LNCS, vol.\u00a08441, pp. 257\u2013274. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55220-5_15","DOI":"10.1007\/978-3-642-55220-5_15"},{"key":"14_CR64","doi-asserted-by":"publisher","unstructured":"Nandi, M.: Improved security analysis for OMAC as a pseudorandom function. J. Math. Cryptol. 3(2), 133\u2013148 (2009). https:\/\/doi.org\/10.1515\/JMC.2009.006","DOI":"10.1515\/JMC.2009.006"},{"key":"14_CR65","doi-asserted-by":"publisher","unstructured":"Nandi, M.: Bernstein bound on WCS is tight - repairing Luykx-Preneel optimal forgeries. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO\u00a02018, Part\u00a0II. LNCS, vol. 10992, pp. 213\u2013238. Springer, Heidelberg (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_8","DOI":"10.1007\/978-3-319-96881-0_8"},{"key":"14_CR66","doi-asserted-by":"publisher","unstructured":"Nir, Y., Langley, A.: ChaCha20 and Poly1305 for IETF Protocols. RFC 8439, June 2018. https:\/\/doi.org\/10.17487\/RFC8439, https:\/\/www.rfc-editor.org\/info\/rfc8439","DOI":"10.17487\/RFC8439"},{"key":"14_CR67","doi-asserted-by":"publisher","unstructured":"Perrig, A., Canetti, R., Song, D., Tygar, P.D., Briscoe, B.: Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction. RFC 4082, June 2005. https:\/\/doi.org\/10.17487\/RFC4082, https:\/\/www.rfc-editor.org\/info\/rfc4082","DOI":"10.17487\/RFC4082"},{"key":"14_CR68","doi-asserted-by":"publisher","unstructured":"Perrig, A., Canetti, R., Tygar, J.D., Song, D.X.: Efficient authentication and signing of multicast streams over lossy channels. In: 2000 IEEE Symposium on Security and Privacy, pp. 56\u201373. IEEE Computer Society Press, May 2000. https:\/\/doi.org\/10.1109\/SECPRI.2000.848446","DOI":"10.1109\/SECPRI.2000.848446"},{"key":"14_CR69","doi-asserted-by":"publisher","unstructured":"Preneel, B., van Oorschot, P.C.: MDx-MAC and building fast MACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol.\u00a0963, pp. 1\u201314. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/3-540-44750-4_1","DOI":"10.1007\/3-540-44750-4_1"},{"key":"14_CR70","doi-asserted-by":"publisher","unstructured":"Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT\u00a02004. LNCS, vol.\u00a03329, pp. 16\u201331. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30539-2_2","DOI":"10.1007\/978-3-540-30539-2_2"},{"key":"14_CR71","doi-asserted-by":"publisher","unstructured":"Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy and Meier [72], pp. 371\u2013388. https:\/\/doi.org\/10.1007\/978-3-540-25937-4_24","DOI":"10.1007\/978-3-540-25937-4_24"},{"key":"14_CR72","unstructured":"Roy, B.K., Meier, W. (eds.): FSE 2004, LNCS, vol. 3017. Springer, Heidelberg (2004)"},{"key":"14_CR73","unstructured":"Safavi-Naini, R., Canetti, R. (eds.): CRYPTO 2012, LNCS, vol. 7417. Springer, Heidelberg (2012)"},{"key":"14_CR74","doi-asserted-by":"publisher","unstructured":"Shoup, V.: On fast and provably secure message authentication based on universal hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol.\u00a01109, pp. 313\u2013328. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_24","DOI":"10.1007\/3-540-68697-5_24"},{"key":"14_CR75","unstructured":"St\u00e4ubl, M.: Actually Good Encryption? Confusing Users by Changing Nonces. Semester project, Department of Computer Science, ETH Z\u00fcrich, July 2022. https:\/\/ethz.ch\/content\/dam\/ethz\/special-interest\/infk\/inst-infsec\/appliedcrypto\/education\/theses\/project_MircoStauble.pdf"},{"key":"14_CR76","doi-asserted-by":"publisher","unstructured":"Struck, P., Weish\u00e4upl, M.: Constructing committing and leakage-resilient authenticated encryption. IACR Trans. Symmetric Cryptol. 2024(1), 497\u2013528 (2024). https:\/\/doi.org\/10.46586\/tosc.v2024.i1.497-528, https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/11414","DOI":"10.46586\/tosc.v2024.i1.497-528"},{"issue":"4","key":"14_CR77","doi-asserted-by":"publisher","first-page":"1400","DOI":"10.1109\/TWC.2008.061012","volume":"7","author":"CC Tan","year":"2008","unstructured":"Tan, C.C., Sheng, B., Li, Q.: Secure and serverless RFID authentication and search protocols. IEEE Trans. Wireless Commun. 7(4), 1400\u20131407 (2008)","journal-title":"IEEE Trans. Wireless Commun."},{"key":"14_CR78","doi-asserted-by":"publisher","unstructured":"Wegman, M.N., Carter, L.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265\u2013279 (1981). https:\/\/doi.org\/10.1016\/0022-0000(81)90033-7","DOI":"10.1016\/0022-0000(81)90033-7"},{"key":"14_CR79","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/978-3-540-39881-3_18","volume-title":"Security in Pervasive Computing","author":"SA Weis","year":"2004","unstructured":"Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., M\u00fcller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201\u2013212. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-39881-3_18"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-68385-5_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T08:06:58Z","timestamp":1723795618000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-68385-5_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031683848","9783031683855"],"references-count":79,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-68385-5_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"17 August 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}