{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T09:08:18Z","timestamp":1761815298598,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783032081230"},{"type":"electronic","value":"9783032081247"}],"license":[{"start":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T00:00:00Z","timestamp":1761868800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T00:00:00Z","timestamp":1761868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-08124-7_3","type":"book-chapter","created":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T08:23:05Z","timestamp":1761812585000},"page":"45-65","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["The Multi-user Security of\u00a0GCM-SST and\u00a0Further Enhancements"],"prefix":"10.1007","author":[{"given":"Yusuke","family":"Naito","sequence":"first","affiliation":[]},{"given":"Yu","family":"Sasaki","sequence":"additional","affiliation":[]},{"given":"Takeshi","family":"Sugawara","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,31]]},"reference":[{"key":"3_CR1","unstructured":"3GPP TS 33 501: Security architecture and procedures for 5g system (2024). https:\/\/portal.3gpp.org\/desktopmodules\/Specifications\/SpecificationDetails.aspx?specificationId=3169"},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Ashur, T., Dunkelman, O., Luykx, A.: Boosting authenticated encryption robustness with minimal modifications. IACR Cryptol. ePrint Arch. 239 (2017). http:\/\/eprint.iacr.org\/2017\/239","DOI":"10.1007\/978-3-319-63697-9_1"},{"key":"3_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1007\/BFb0054132","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201998","author":"M Bellare","year":"1998","unstructured":"Bellare, M., Krovetz, T., Rogaway, P.: Luby-Rackoff backwards: increasing security by making block ciphers non-invertible. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 266\u2013280. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054132"},{"key":"3_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-662-53018-4_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Tackmann, B.: The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 247\u2013276. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_10"},{"issue":"3","key":"3_CR5","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1016\/S0020-0190(02)00269-7","volume":"84","author":"E Biham","year":"2002","unstructured":"Biham, E.: How to decrypt or even substitute des-encrypted messages in $$2^{28}$$ steps. Inf. Process. Lett. 84(3), 117\u2013124 (2002)","journal-title":"Inf. Process. Lett."},{"key":"3_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"468","DOI":"10.1007\/978-3-319-78381-9_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"P Bose","year":"2018","unstructured":"Bose, P., Hoang, V.T., Tessaro, S.: Revisiting AES-GCM-SIV: multi-user security, faster key derivation, and better bounds. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 468\u2013499. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_18"},{"key":"3_CR7","unstructured":"Campagna, M., Maximov, A., Mattsson, J.P.: Galois Counter Mode with Secure Short Tags (GCM-SST). draft-mattsson-cfrg-aes-gcm-sst-18 (2023). https:\/\/datatracker.ietf.org\/doc\/draft-mattsson-cfrg-aes-gcm-sst\/18\/"},{"key":"3_CR8","doi-asserted-by":"publisher","unstructured":"Chen, Y.L., Choi, W., Lee, C.: Improved multi-user security using the squared-ratio method. In: CRYPTO 2023. LNCS, vol. 14082, pp. 694\u2013724. Springer, Heidelberg (2023). https:\/\/doi.org\/10.1007\/978-3-031-38545-2_23","DOI":"10.1007\/978-3-031-38545-2_23"},{"key":"3_CR9","doi-asserted-by":"publisher","unstructured":"Choi, W., Kim, H., Lee, J., Lee, Y.: Multi-user security of the sum of truncated random permutations. In: ASIACRYPT 2022. LNCS, vol. 13792, pp. 682\u2013710. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22966-4_23","DOI":"10.1007\/978-3-031-22966-4_23"},{"key":"3_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-662-53018-4_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"B Cogliati","year":"2016","unstructured":"Cogliati, B., Seurin, Y.: EWCDM: an efficient, beyond-birthday secure, nonce-misuse resistant MAC. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 121\u2013149. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_5"},{"key":"3_CR11","doi-asserted-by":"crossref","unstructured":"Degabriele, J.P., Govinden, J., G\u00fcnther, F., Paterson, K.G.: The security of chacha20-poly1305 in the multi-user setting. In: CCS 2021, pp. 1981\u20132003. ACM (2021)","DOI":"10.1145\/3460120.3484814"},{"key":"3_CR12","doi-asserted-by":"publisher","unstructured":"Dinur, I.: Combining outputs of a random permutation: New constructions and tight security bounds by fourier analysis. In: EUROCRYPT 2025. LNCS, vol. 15601, pp. 244\u2013273. Springer, Heidelberg (2025). https:\/\/doi.org\/10.1007\/978-3-031-91107-1_9","DOI":"10.1007\/978-3-031-91107-1_9"},{"key":"3_CR13","doi-asserted-by":"crossref","unstructured":"Dworkin, M.: NIST Special Publication 800-38D: Recommendation for block cipher modes of operation: Galois\/counter mode (GCM) and GMAC (2007). https:\/\/csrc.nist.gov\/pubs\/sp\/800\/38\/d\/final","DOI":"10.6028\/NIST.SP.800-38d"},{"key":"3_CR14","unstructured":"Ferguson, N.: Authentication weaknesses in gcm (2005). https:\/\/csrc.nist.gov\/csrc\/media\/projects\/block-cipher-techniques\/documents\/bcm\/comments\/cwc-gcm\/ferguson2.pdf"},{"key":"3_CR15","unstructured":"Gueron, S.: Intel advanced encryption standard (AES) new instructions set (2010). https:\/\/www.intel.com\/content\/dam\/doc\/white-paper\/advanced-encryption-standard-new-instructions-set-paper.pdf"},{"key":"3_CR16","unstructured":"Gueron, S., Kounavis, M.E.: Intel carry-less multiplication instruction and its usage for computing the GCM mode (2014). https:\/\/www.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/clmul-wp-rev-2-02-2014-04-20.pdf"},{"key":"3_CR17","first-page":"1","volume":"8452","author":"S Gueron","year":"2019","unstructured":"Gueron, S., Langley, A., Lindell, Y.: AES-GCM-SIV: nonce misuse-resistant authenticated encryption. RFC 8452, 1\u201342 (2019)","journal-title":"RFC"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Gueron, S., Lindell, Y.: Better bounds for block cipher modes of operation via nonce-based key derivation. In: CCS 2017, pp. 1019\u20131036. ACM (2017)","DOI":"10.1145\/3133956.3133992"},{"key":"3_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/978-3-030-56784-2_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"A Gunsing","year":"2020","unstructured":"Gunsing, A., Mennink, B.: The summation-truncation hybrid: reusing discarded bits for free. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 187\u2013217. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56784-2_7"},{"key":"3_CR20","unstructured":"G\u00fcnther, F., Thomson, M., Wood, C.A.: Usage Limits on AEAD Algorithms (2025). https:\/\/datatracker.ietf.org\/doc\/html\/draft-irtf-cfrg-aead-limits-10"},{"key":"3_CR21","doi-asserted-by":"crossref","unstructured":"Hoang, V.T., Tessaro, S., Thiruvengadam, A.: The multi-user security of GCM, revisited: tight bounds for nonce randomization. In: CCS 2018, pp. 1429\u20131440. ACM (2018)","DOI":"10.1145\/3243734.3243816"},{"key":"3_CR22","unstructured":"Inoue, A., Jha, A., Mennink, B., Minematsu, K.: Generic security of GCM-SST. Cryptology ePrint Archive, Paper 2024\/1928 (2024). https:\/\/eprint.iacr.org\/2024\/1928"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. IACR Cryptol. ePrint Arch. 188 (2006)","DOI":"10.1007\/11799313_20"},{"key":"3_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-642-32009-5_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T Iwata","year":"2012","unstructured":"Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 31\u201349. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_3"},{"key":"3_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"575","DOI":"10.1007\/978-3-319-70697-9_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"A Luykx","year":"2017","unstructured":"Luykx, A., Mennink, B., Paterson, K.G.: Analyzing multi-key security degradation. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 575\u2013605. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70697-9_20"},{"key":"3_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"DA McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The security and performance of the galois\/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343\u2013355. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30556-9_27"},{"key":"3_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"556","DOI":"10.1007\/978-3-319-63697-9_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"B Mennink","year":"2017","unstructured":"Mennink, B., Neves, S.: Encrypted Davies-Meyer and its dual: towards optimal security using mirror theory. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 556\u2013583. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_19"},{"key":"3_CR28","unstructured":"Naito, Y., Sasaki, Y., Sugawara, T.: Tight multi-user security of CCM and enhancement by tag-based key derivation applied to GCM and CCM. Cryptology ePrint Archive, Paper 2025\/953 (2025). https:\/\/eprint.iacr.org\/2025\/953"},{"key":"3_CR29","doi-asserted-by":"crossref","unstructured":"Naito, Y., Sasaki, Y., Sugawara, T., Yasuda, K.: The multi-user security of triple encryption, revisited: exact security, strengthening, and application to TDES. In: CCS 2022. ACM (2022)","DOI":"10.1145\/3548606.3560674"},{"key":"3_CR30","unstructured":"National Institute of Standards and Technology: Announcement of Proposal to Revise SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois\/Counter Mode (GCM) and GMAC (2023). https:\/\/www.nist.gov\/news-events\/news\/2023\/08\/announcement-proposal-revise-sp-800-38d-recommendation-block-cipher-modes"},{"key":"3_CR31","unstructured":"National Institute of Standards and Technology: Pre-Draft Call for Comments: GCM and GMAC Block Cipher Modes of Operation (2025). https:\/\/csrc.nist.gov\/pubs\/sp\/800\/38\/d\/r1\/iprd"},{"key":"3_CR32","unstructured":"National Institute of Standards and Technology: PRE-DRAFT Call for Comments: NIST Launches Development of Cryptographic Accordions. NIST SP 800-197A (Initial Preliminary Draft) (2025). https:\/\/csrc.nist.gov\/pubs\/sp\/800\/197\/a\/iprd"},{"key":"3_CR33","unstructured":"Nyberg, K., Gilbert, H., Robshaw, M.: Galois MAC with forgery probability close to ideal (2005). https:\/\/csrc.nist.gov\/csrc\/media\/projects\/block-cipher-techniques\/documents\/bcm\/comments\/general-comments\/papers\/nyberg_gilbert_and_robshaw.pdf"},{"key":"3_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/978-3-642-04159-4_21","volume-title":"Selected Areas in Cryptography","author":"J Patarin","year":"2009","unstructured":"Patarin, J.: The \u201cCoefficients H\u2019\u2019 technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328\u2013345. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_21"},{"key":"3_CR35","doi-asserted-by":"publisher","unstructured":"Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446, 1\u2013160 (2018). https:\/\/doi.org\/10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"3_CR36","doi-asserted-by":"crossref","unstructured":"Rescorla, E., Tschofenig, H., Modadugu, N.: The datagram transport layer security (DTLS) protocol version 1.3 \u2013 draft-ietf-tls-dtls13-43 (2021). https:\/\/tools.ietf.org\/html\/draft-ietf-tls-dtls13-43","DOI":"10.17487\/RFC9147"},{"key":"3_CR37","doi-asserted-by":"publisher","unstructured":"Thomson, M., Turner, S.: Using TLS to secure QUIC. RFC 9001, 1\u201352 (2021). https:\/\/doi.org\/10.17487\/RFC9001","DOI":"10.17487\/RFC9001"},{"key":"3_CR38","doi-asserted-by":"crossref","unstructured":"Zhang, X., Shen, Y., Wang, L.: Multi-user security of CCM authenticated encryption mode. In: CCS 2024, pp. 4331\u20134345. ACM (2024)","DOI":"10.1145\/3658644.3670385"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-08124-7_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T09:03:17Z","timestamp":1761814997000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-08124-7_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,31]]},"ISBN":["9783032081230","9783032081247"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-08124-7_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025,10,31]]},"assertion":[{"value":"31 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Seoul","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Korea (Republic of)","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isc25.skku.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}