{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T21:02:40Z","timestamp":1757624560548,"version":"3.44.0"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783032019004"},{"type":"electronic","value":"9783032019011"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-032-01901-1_6","type":"book-chapter","created":{"date-parts":[[2025,8,16]],"date-time":"2025-08-16T08:44:54Z","timestamp":1755333894000},"page":"172-199","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Breaking the\u00a0IEEE Encryption Standard XCB-AES in\u00a0Two Queries"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0843-4885","authenticated-orcid":false,"given":"Amit Singh","family":"Bhati","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0964-8711","authenticated-orcid":false,"given":"Elena","family":"Andreeva","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,8,17]]},"reference":[{"issue":"3","key":"6_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.46586\/tosc.v2021.i3.1-35","volume":"2021","author":"E Andreeva","year":"2021","unstructured":"Andreeva, E., Bhati, A.S., Preneel, B., Viz\u00e1r, D.: 1, 2, 3, Fork: counter mode variants based on a generalized forkcipher. IACR Trans. Symmetric Cryptol. 2021(3), 1\u201335 (2021)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"6_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"512","DOI":"10.1007\/978-3-030-81652-0_20","volume-title":"Selected Areas in Cryptography","author":"E Andreeva","year":"2021","unstructured":"Andreeva, E., Bhati, A.S., Viz\u00e1r, D.: Nonce-misuse security of the SAEF authenticated encryption mode. In: Dunkelman, O., Jacobson, Jr., M.J., O\u2019Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 512\u2013534. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-81652-0_20"},{"key":"6_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1007\/978-3-662-45611-8_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"E Andreeva","year":"2014","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to securely release unverified plaintext in authenticated encryption. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 105\u2013125. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_6"},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Andreeva, E., Cogliati, B., Lallemand, V., Minier, M., Purnal, A., Roy, A.: Masked iterate-fork-iterate: a new design paradigm for tweakable expanding pseudorandom function. In: 22nd International Conference on Applied Cryptography and Network Security (2024)","DOI":"10.1007\/978-3-031-54773-7_17"},{"key":"6_CR5","unstructured":"Andreeva, E., Deprez, A., Pittevils, J., Roy, A., Bhati, A.S., Viz\u00e1r, D.: New results and insighs on forkAE. In: NIST LWC Workshop (2020)"},{"key":"6_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/978-3-030-34621-8_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"E Andreeva","year":"2019","unstructured":"Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., Viz\u00e1r, D.: Forkcipher: a new primitive for authenticated encryption of very short messages. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 153\u2013182. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34621-8_6"},{"key":"6_CR7","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-33491-7_1","volume-title":"2023","author":"E Andreeva","year":"2023","unstructured":"Andreeva, E., Weninger, A.: A forkcipher-based pseudo-random number generator. In: Tibouchi, M., Wang, X. (eds.) 2023. LNCS, vol. 13906, pp. 3\u201331. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-33491-7_1"},{"key":"6_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-63697-9_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"T Ashur","year":"2017","unstructured":"Ashur, T., Dunkelman, O., Luykx, A.: Boosting authenticated encryption robustness with minimal modifications. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 3\u201333. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_1"},{"key":"6_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/3-540-44448-3_24","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317\u2013330. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44448-3_24"},{"key":"6_CR10","unstructured":"Bellare, M., Rogaway, P.: Code-based game-playing proofs and the security of triple encryption. EUROCRYPT 2006 (2006)"},{"key":"6_CR11","unstructured":"Bernstein, D.J.: Cryptographic competitions: CAESAR. http:\/\/competitions.cr.yp.to"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Berti, F., Standaert, F.X., Levi, I.: Authenticity in the presence of leakage using a forkcipher. Cryptology ePrint Archive, Paper 2024\/1325 (2024)","DOI":"10.62056\/abksr-10k"},{"key":"6_CR13","unstructured":"Bhati, A.S., Andreeva, E., M\u00fcller, S., Vizar, D.: Sonikku: Gotta Speed, Keed! A Family of Fast and Secure MACs. Cryptology ePrint Archive, Paper 2024\/1980 (2024)"},{"key":"6_CR14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-031-71073-5_6","volume-title":"SCN 2024","author":"AS Bhati","year":"2024","unstructured":"Bhati, A.S., Andreeva, E., Viz\u00e1r, D.: OAE-RUP: a strong online AEAD security notion and its application to SAEF. In: Galdi, C., Phan, D.H. (eds.) SCN 2024. LNCS, vol. 14974, pp. 117\u2013139. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-71073-5_6"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Bhati, A.S., Dufka, A., Andreeva, E., Roy, A., Preneel, B.: $$\\sf Skye$$: an expanding PRF based Fast KDF and its applications. In: 19th ACM ASIA Conference on Computer and Communications Security. ACM (2024)","DOI":"10.1145\/3634737.3637673"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Bhati, A.S., Pohle, E., Abidin, A., Andreeva, E., Preneel, B.: Let\u2019s Go Eevee! A friendly and suitable family of AEAD modes for IoT-to-cloud secure computation. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, pp. 2546\u20132560 (2023)","DOI":"10.1145\/3576915.3623091"},{"key":"6_CR17","unstructured":"Bhati, A.S., Verbauwhede, M., Andreeva, E.: Breaking, repairing and enhancing XCBv2 into the tweakable enciphering mode GEM. Cryptology ePrint Archive, Paper 2024\/1554 (2024)"},{"key":"6_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-030-03326-2_12","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"R Bhaumik","year":"2018","unstructured":"Bhaumik, R., List, E., Nandi, M.: ZCZ\u00a0\u2013\u00a0achieving n-bit SPRP security with a minimal number of tweakable-block-cipher calls. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11272, pp. 336\u2013366. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03326-2_12"},{"key":"6_CR19","unstructured":"Chakraborty, D., Ghosh, S., L\u00f3pez, C.M., Sarkar, P.: FAST: disk encryption and beyond. Cryptology ePrint Archive (2017)"},{"issue":"4","key":"6_CR20","doi-asserted-by":"publisher","first-page":"439","DOI":"10.1007\/s12095-015-0127-8","volume":"7","author":"D Chakraborty","year":"2015","unstructured":"Chakraborty, D., Hernandez-Jimenez, V., Sarkar, P.: Another look at XCB. Cryptogr. Commun. 7(4), 439\u2013468 (2015). https:\/\/doi.org\/10.1007\/s12095-015-0127-8","journal-title":"Cryptogr. Commun."},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Chang, D., et al.: Release of unverified plaintext: tight unified model and application to ANYDAE. IACR Trans. Sym. Cryptol., 119\u2013146 (2019)","DOI":"10.46586\/tosc.v2019.i4.119-146"},{"issue":"4","key":"6_CR22","first-page":"1","volume":"2021","author":"B Cogliati","year":"2021","unstructured":"Cogliati, B., Ethan, J., Lallemand, V., Lee, B., Lee, J., Minier, M.: CTET+: a beyond-birthday-bound secure tweakable enciphering scheme using a single pseudorandom permutation. IACR Trans. Sym. Cryptol. 2021(4), 1\u201335 (2021)","journal-title":"IACR Trans. Sym. Cryptol."},{"key":"6_CR23","unstructured":"Crowley, P., Huckleberry, N., Biggers, E.: Length-preserving encryption with HCTR2. Cryptology ePrint Archive (2021)"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Datta, N., Dutta, A., List, E., Mandal, S.: FEDT: forkcipher-based leakage-resilient beyond-birthday-secure AE. IACR Commun. Cryptol. (2024)","DOI":"10.62056\/akgyl86bm"},{"key":"6_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/978-3-319-78372-7_9","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"JP Degabriele","year":"2018","unstructured":"Degabriele, J.P., Stam, M.: Untagging Tor: a formal treatment of onion encryption. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10822, pp. 259\u2013293. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78372-7_9"},{"key":"6_CR26","doi-asserted-by":"crossref","unstructured":"Gueron, S., Lindell, Y.: GCM-SIV: full nonce misuse-resistant authenticated encryption at under one cycle per byte. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 109\u2013119 (2015)","DOI":"10.1145\/2810103.2813613"},{"key":"6_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-540-30556-9_25","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"S Halevi","year":"2004","unstructured":"Halevi, S.: EME*: extending EME to handle arbitrary-length messages with associated data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315\u2013327. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30556-9_25"},{"key":"6_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/978-3-540-74143-5_23","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"S Halevi","year":"2007","unstructured":"Halevi, S.: Invertible universal hashing and the TET encryption mode. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 412\u2013429. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74143-5_23"},{"key":"6_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/978-3-540-24660-2_23","volume-title":"Topics in Cryptology \u2013 CT-RSA 2004","author":"S Halevi","year":"2004","unstructured":"Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292\u2013304. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24660-2_23"},{"key":"6_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-662-46800-5_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"VT Hoang","year":"2015","unstructured":"Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 15\u201344. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_2"},{"key":"6_CR31","unstructured":"Hoang, V.T., Krovetz, T., Rogaway, P.: AEZ v5: authenticated encryption by enciphering. CAESAR Competition (2017)"},{"key":"6_CR32","unstructured":"IEEE 1619.2: IEEE standard for wide-block encryption for shared storage media (2011)"},{"key":"6_CR33","unstructured":"IEEE Security in Storage Working Group (SISWG) (2025). https:\/\/sagroups.ieee.org\/siswg\/"},{"key":"6_CR34","unstructured":"Khairallah, M.: CLRW1$$^3$$ is not secure beyond the birthday bound: breaking TNT with $$O(2^{n\/2})$$ queries. Cryptology ePrint Archive (2023)"},{"key":"6_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-45708-9_3","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"M Liskov","year":"2002","unstructured":"Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31\u201346. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45708-9_3"},{"key":"6_CR36","unstructured":"McGrew, D., Viega, J.: The Galois\/counter mode of operation (GCM). submission to NIST Modes of Operation Process (2004)"},{"key":"6_CR37","unstructured":"McGrew, D.A., Fluhrer, S.R.: The extended codebook (XCB) mode of operation. Cryptology ePrint Archive (2004)"},{"key":"6_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-3-540-77360-3_20","volume-title":"Selected Areas in Cryptography","author":"DA McGrew","year":"2007","unstructured":"McGrew, D.A., Fluhrer, S.R.: The security of the extended codebook (XCB) mode of operation. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 311\u2013327. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-77360-3_20"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Mouha, N., Dworkin, M.: Report on the block cipher modes of operation in the NIST SP 800\u201338 series. Technical report, National Institute of Standards and Technology (2023)","DOI":"10.6028\/NIST.IR.8459.ipd"},{"key":"6_CR40","unstructured":"Nandi, M.: An efficient SPRP-secure construction based on pseudo random involution. Cryptology ePrint Archive (2008)"},{"key":"6_CR41","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/s00145-001-0008-5","volume":"15","author":"M Naor","year":"2002","unstructured":"Naor, M., Reingold, O.: Constructing pseudo-random permutations with a prescribed structure. J. Cryptol. 15, 97\u2013102 (2002)","journal-title":"J. Cryptol."},{"key":"6_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_23"},{"key":"6_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"180","DOI":"10.1007\/978-3-540-76788-6_15","volume-title":"Information Security and Cryptology - ICISC 2007","author":"P Sarkar","year":"2007","unstructured":"Sarkar, P.: Improving upon the TET mode of operation. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 180\u2013192. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-76788-6_15"},{"key":"6_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"405","DOI":"10.1007\/978-3-642-42033-7_21","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"T Shrimpton","year":"2013","unstructured":"Shrimpton, T., Terashima, R.S.: A modular framework for building variable-input-length tweakable ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 405\u2013423. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-42033-7_21"},{"key":"6_CR45","unstructured":"The23rd Raccoon: Analysis of the relative severity of tagging attacks (2012). http:\/\/archives.seul.org\/or\/dev\/Mar-2012\/msg00019.html"},{"key":"6_CR46","doi-asserted-by":"crossref","unstructured":"Wang, P., Mao, S., Xu, R., Jing, J., Wang, Y.: How to recover the full plaintext of XCB. Cryptology ePrint Archive, Paper 2024\/1527 (2024)","DOI":"10.1007\/978-3-032-01901-1_8"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-01901-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T14:57:34Z","timestamp":1757429854000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-01901-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783032019004","9783032019011"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-01901-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"17 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}