{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T02:44:47Z","timestamp":1767321887895,"version":"3.48.0"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032105356","type":"print"},{"value":"9783032105363","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-10536-3_8","type":"book-chapter","created":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T02:41:12Z","timestamp":1767321672000},"page":"209-234","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Blockcipher-Based Key Commitment for\u00a0Nonce-Derived Schemes"],"prefix":"10.1007","author":[{"given":"Panos","family":"Kampanakis","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3432-7899","authenticated-orcid":false,"given":"Shai","family":"Halevi","sequence":"additional","affiliation":[]},{"given":"Nevine","family":"Ebeid","sequence":"additional","affiliation":[]},{"given":"Matt","family":"Campagna","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,1,2]]},"reference":[{"key":"8_CR1","unstructured":"Albertini, A.,\u00a0Duong, T.,\u00a0Gueron, S.,\u00a0K\u00f6lbl, S.,\u00a0Luykx, A.,\u00a0Schmieg, S.: How to abuse and fix authenticated encryption without key commitment. In: Butler, K.R.B.,\u00a0Thomas, K. (eds.) 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, 10-12August 2022, pp. 3291\u20133308. USENIX Association (2022)"},{"key":"8_CR2","unstructured":"Arciszewski, S.: AES with Galois Extended Mode (AES-GEM). NIST Workshop on the Requirements for an Accordion Cipher Mode (2024). https:\/\/csrc.nist.gov\/csrc\/media\/Events\/2024\/accordion-cipher-mode-workshop-2024\/documents\/papers\/galois-extended-mode.pdf"},{"key":"8_CR3","series-title":"pp","doi-asserted-by":"publisher","first-page":"845","DOI":"10.1007\/978-3-031-07085-3_29","volume-title":"Advances in Cryptology - EUROCRYPT 2022","author":"M Bellare","year":"2022","unstructured":"Bellare, M., Hoang, V.T.: Efficient schemes for committing authenticated encryption. In: Dunkelman, O., Dziembowski, S. (eds.) Advances in Cryptology - EUROCRYPT 2022. pp, pp. 845\u2013875. Springer International Publishing, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07085-3_29"},{"key":"8_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531\u2013545. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44448-3_41"},{"key":"8_CR5","unstructured":"Benhamouda, F.,\u00a0Halevi, S.,\u00a0Kampanakis, P.,\u00a0Krawczyk, H.: BlockCipher-based key derivation without PRP\/PRF switching. Cryptology ePrint Archive, Paper 2025\/878 (2025)"},{"key":"8_CR6","unstructured":"Bhaumik, R., Degabriele, J.P.: Pencil: a domain-extended PRF with full $$n$$-bit security for strengthening GCM and more. Cryptology ePrint Archive, Paper 2025\/383 (2025)"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Campagna, M.,\u00a0Gueron, S.: Key management systems at the cloud scale. Cryptography 3(3) (2019)","DOI":"10.3390\/cryptography3030023"},{"key":"8_CR8","unstructured":"Celi, C.: ACVP SP800-108 Key derivation function JSON specification. nist.gov (2024). https:\/\/pages.nist.gov\/ACVP\/draft-celi-acvp-kbkdf.html"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Chen, L.: Recommendation for key derivation using pseudorandom functions. NIST Special Publication 800-108 Rev1 Upd1 (2024). https:\/\/doi.org\/10.6028\/NIST.SP.800-108r1-upd1","DOI":"10.6028\/NIST.SP.800-108r1-upd1"},{"key":"8_CR10","unstructured":"Common Criteria Recognition Arrangement (CCRA) Members. Common Criteria for Information Technology Security Evaluation. commoncriteriaportal.org (2024). https:\/\/www.commoncriteriaportal.org\/index.cfm"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"Dworkin, M.: Recommendation for block cipher modes of operation: Galois\/counter mode (GCM) and GMAC. Technical Report NIST Special Publication (SP) 800-38D (Final), November 28, 2007, U.S. Department of Commerce, Washington, D.C. (2007)","DOI":"10.6028\/NIST.SP.800-38d"},{"issue":"1","key":"8_CR12","doi-asserted-by":"publisher","first-page":"449","DOI":"10.46586\/tosc.v2017.i1.449-473","volume":"2017","author":"P Farshim","year":"2017","unstructured":"Farshim, P., Orlandi, C., Rosie, R.: Security of symmetric primitives under incorrect usage of keys. IACR Trans. Symmetric Cryptol. 2017(1), 449\u2013473 (2017)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"8_CR13","unstructured":"Valsorda, F.: XAES-256-GCM. Personal Blog (2024). https:\/\/words.filippo.io\/dispatches\/xaes-256-gcm\/"},{"key":"8_CR14","unstructured":"Valsorda, F.: XAES-256-GCM specification. GitHub (2024). https:\/\/github.com\/C2SP\/C2SP\/blob\/main\/XAES-256-GCM.md"},{"key":"8_CR15","unstructured":"Gueron, S.: Key committing AEADs. Cryptology ePrint Archive, Paper 2020\/1153 (2020). https:\/\/eprint.iacr.org\/2020\/1153"},{"key":"8_CR16","unstructured":"Gueron, S.: Double Nonce Derive Key AES-GCM (DNDK-GCM). Internet-Draft draft-gueron-cfrg-dndkgcm-01, Internet Engineering Task Force (2024). Work in Progress"},{"key":"8_CR17","unstructured":"Gueron, S.: Double Nonce Derive Key AES-GCM (DNDK-GCM). Internet-Draft draft-gueron-cfrg-dndkgcm-02, Internet Engineering Task Force (2025). Work in Progress"},{"key":"8_CR18","unstructured":"Gueron, S.,\u00a0Ristenpart, T.: DNDK: combining nonce and key derivation for fast and scalable AEAD. Cryptology ePrint Archive, Paper 2025\/785 (2025)"},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"Hoang, V.T.,\u00a0Tessaro, S.,\u00a0Thiruvengadam, A.: The multi-user security of GCM, revisited: tight bounds for nonce randomization. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1429\u20131440, New York, NY, USA (2018). Association for Computing Machinery","DOI":"10.1145\/3243734.3243816"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Iwata, T.,\u00a0Ohashi, K.,\u00a0Minematsu, K.: Breaking and repairing GCM security proofs. Cryptology ePrint Archive, Paper 2012\/438 (2012)","DOI":"10.1007\/978-3-642-32009-5_3"},{"key":"8_CR21","unstructured":"Kampanakis, P.,\u00a0Crocket, E.,\u00a0Campagna, M.,\u00a0Petcher, A.,\u00a0Gueron, S.: Practical Challenges with AES-GCM and the need for a new cipher. NIST 3rd Workshop on Block Cipher Modes of Operation (2023). https:\/\/csrc.nist.gov\/csrc\/media\/Events\/2023\/third-workshop-on-block-cipher-modes-of-operation\/documents\/accepted-papers\/Practical%20Challenges%20with%20AES-GCM.pdf"},{"key":"8_CR22","unstructured":"Len, J.,\u00a0Grubbs, P.,\u00a0Ristenpart, T.: Partitioning oracle attacks. In: Bailey, M.D.,\u00a0Greenstadt, R. (eds.) 30th USENIX Security Symposium, USENIX Security 2021, 11-13 August 2021, pp. 195\u2013212. USENIX Association (2021)"},{"key":"8_CR23","unstructured":"Luykx, A., Paterson, K.G.: Limits on authenticated encryption use in TLS. Cryptology ePrint Archive, Paper 2024\/051 (2024)"},{"key":"8_CR24","series-title":"pp","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1007\/978-3-031-30634-1_13","volume-title":"Advances in Cryptology - EUROCRYPT 2023","author":"S Menda","year":"2023","unstructured":"Menda, S., Len, J., Grubbs, P., Ristenpart, T.: Context discovery and commitment attacks. In: Hazay, C., Stam, M. (eds.) Advances in Cryptology - EUROCRYPT 2023. pp, pp. 379\u2013407. Springer Nature Switzerland, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30634-1_13"},{"key":"8_CR25","unstructured":"National Institute of Standards and Technology. Security Requirements for Cryptographic Modules. csrc.nist.gov (2019). https:\/\/csrc.nist.gov\/pubs\/fips\/140-3\/final"},{"key":"8_CR26","unstructured":"NIST: NIST Workshop on the requirements for an accordion cipher mode 2024. Workshop Report. NIST NIST Interagency Report (2024). https:\/\/nvlpubs.nist.gov\/nistpubs\/ir\/2024\/NIST.IR.8537.pdf"},{"key":"8_CR27","unstructured":"NIST: Pre-draft call for comments: GCM and GMAC block cipher modes of operation. NIST SP 800-38D Rev. 1 (Initial Preliminary Draft) (2024). https:\/\/csrc.nist.gov\/pubs\/sp\/800\/38\/d\/r1\/iprd"},{"key":"8_CR28","unstructured":"NIST: PRE-DRAFT Call for Comments: NIST proposes to standardize a wider variant of AES. NIST SP 800-197 (Initial Preliminary Draft) (2024). https:\/\/csrc.nist.gov\/pubs\/sp\/800\/197\/iprd"},{"issue":"2","key":"8_CR29","doi-asserted-by":"publisher","first-page":"85","DOI":"10.46586\/tosc.v2024.i2.85-117","volume":"2024","author":"R Takeuchi","year":"2024","unstructured":"Takeuchi, R., Todo, Y., Iwata, T.: Key recovery, universal forgery, and committing attacks against revised Rocca: how finalization affects security. IACR Trans. Symmetric Cryptol. 2024(2), 85\u2013117 (2024)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"8_CR30","unstructured":"Tribble, A.: Improved client-side encryption: explicit KeyIds and key commitment. AWS Security Blog (2020). https:\/\/aws.amazon.com\/blogs\/security\/improved-client-side-encryption-explicit-keyids-and-key-commitment"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography \u2013 SAC 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-10536-3_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T02:41:15Z","timestamp":1767321675000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-10536-3_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032105356","9783032105363"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-10536-3_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"2 January 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SAC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Selected Areas in Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toronto, ON","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"32","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sacrypt2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sacworkshop.org\/SAC25\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}