{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,12]],"date-time":"2026-02-12T12:49:46Z","timestamp":1770900586931,"version":"3.50.1"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319294841","type":"print"},{"value":"9783319294858","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-29485-8_4","type":"book-chapter","created":{"date-parts":[[2016,2,1]],"date-time":"2016-02-01T05:33:40Z","timestamp":1454304820000},"page":"55-71","source":"Crossref","is-referenced-by-count":23,"title":["From Stateless to Stateful: Generic Authentication and Authenticated Encryption Constructions with Application to TLS"],"prefix":"10.1007","author":[{"given":"Colin","family":"Boyd","sequence":"first","affiliation":[]},{"given":"Britta","family":"Hale","sequence":"additional","affiliation":[]},{"given":"Stig Frode","family":"Mj\u00f8lsnes","sequence":"additional","affiliation":[]},{"given":"Douglas","family":"Stebila","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,2,2]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Albrecht, M.R., Paterson, K.G., Watson, G.J.: Plaintext recovery attacks against SSH. In: 2009 IEEE Symposium on Security and Privacy, pp. 16\u201326. IEEE Computer Society Press, May 2009","DOI":"10.1109\/SP.2009.5"},{"key":"4_CR2","unstructured":"Badertscher, C., Matt, C., Maurer, U., Rogaway, P., Tackmann, B.: Augmented secure channels and the goal of the TLS 1.3 record layer. Cryptology ePrint Archive, Report 2015\/394 (2015). \n                      http:\/\/eprint.iacr.org\/2015\/394"},{"key":"4_CR3","doi-asserted-by":"crossref","unstructured":"Bellare, M., Kohno, T., Namprempre, C.: Authenticated encryption in SSH: provably fixing the SSH binary packet protocol. In: Atluri, V. (ed.) CCS 2002, pp. 1\u201311. ACM Press, November 2002","DOI":"10.1145\/586110.586112"},{"key":"4_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531\u2013545. Springer, Heidelberg (2000)"},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"682","DOI":"10.1007\/978-3-642-29011-4_40","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Boldyreva","year":"2012","unstructured":"Boldyreva, A., Degabriele, J.P., Paterson, K.G., Stam, M.: Security of symmetric encryption in the presence of ciphertext fragmentation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 682\u2013699. Springer, Heidelberg (2012)"},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-44987-6_28","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"R Canetti","year":"2001","unstructured":"Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453\u2013474. Springer, Heidelberg (2001)"},{"key":"4_CR7","unstructured":"Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5426 (2008). \n                      https:\/\/tools.ietf.org\/html\/rfc5426"},{"key":"4_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"545","DOI":"10.1007\/978-3-662-48000-7_27","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"M Fischlin","year":"2015","unstructured":"Fischlin, M., G\u00fcnther, F., Marson, G.A., Paterson, K.G.: Data is a stream: security of stream-based channels. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 545\u2013564. Springer, Heidelberg (2015)"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/978-3-642-34047-5_12","volume-title":"Fast Software Encryption","author":"E Fleischmann","year":"2012","unstructured":"Fleischmann, E., Forler, C., Lucks, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196\u2013215. Springer, Heidelberg (2012)"},{"key":"4_CR10","unstructured":"Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption: AEZ and the problem that it solves. Cryptology ePrint Archive, Report 2014\/793 (2014). \n                      http:\/\/eprint.iacr.org\/2014\/793"},{"key":"4_CR11","unstructured":"Hoang, V.T., Reyhanitabar, R., Rogaway, P., Viz\u00e1r, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance. Cryptology ePrint Archive, Report 2015\/189 (2015). \n                      http:\/\/eprint.iacr.org\/2015\/189"},{"key":"4_CR12","unstructured":"IEEE 802.11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (2012). \n                      http:\/\/dx.org\/10.1109\/IEEESTD.2012.6178212"},{"key":"4_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-32009-5_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T Jager","year":"2012","unstructured":"Jager, T., Kohlar, F., Sch\u00e4ge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273\u2013293. Springer, Heidelberg (2012)"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"284","DOI":"10.1007\/3-540-44706-7_20","volume-title":"Fast Software Encryption","author":"J Katz","year":"2001","unstructured":"Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284\u2013299. Springer, Heidelberg (2001)"},{"key":"4_CR15","unstructured":"Kent, S.: IP Authentication Header, RFC 4302 (2005). \n                      https:\/\/tools.ietf.org\/html\/rfc4302"},{"key":"4_CR16","unstructured":"Kohno, T., Palacio, A., Black, J.: Building secure cryptographic transforms, or how to encrypt and MAC. Cryptology ePrint Archive, Report 2003\/177 (2003). \n                      http:\/\/eprint.iacr.org\/2003\/177"},{"key":"4_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/3-540-44647-8_19","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"H Krawczyk","year":"2001","unstructured":"Krawczyk, H.: The order of encryption and authentication for protecting communications (or: how secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310\u2013331. Springer, Heidelberg (2001)"},{"key":"4_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/978-3-642-40041-4_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"H Krawczyk","year":"2013","unstructured":"Krawczyk, H., Paterson, K.G., Wee, H.: On the security of the TLS protocol: a systematic analysis. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 429\u2013448. Springer, Heidelberg (2013)"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Lychev, R., Jero, S., Boldyreva, A., Nita-Rotaru, C.: How secure and quick is QUIC? Provable security and performance analyses. In: 2015 IEEE Symposium on Security and Privacy, pp. 214\u2013231. IEEE Computer Society Press, May 2015","DOI":"10.1109\/SP.2015.21"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Maurer, U., Tackmann, B.: On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) CCS 2010, pp. 505\u2013515. ACM Press, October 2010","DOI":"10.1145\/1866307.1866364"},{"key":"4_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/3-540-36178-2_32","volume-title":"Advances in Cryptology - ASIACRYPT 2002","author":"C Namprempre","year":"2002","unstructured":"Namprempre, C.: Secure channels based on authenticated encryption schemes: a simple characterization. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 515\u2013532. Springer, Heidelberg (2002)"},{"key":"4_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"372","DOI":"10.1007\/978-3-642-25385-0_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"KG Paterson","year":"2011","unstructured":"Paterson, K.G., Ristenpart, T., Shrimpton, T.: Tag size Does matter: attacks and proofs for the TLS record protocol. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 372\u2013389. Springer, Heidelberg (2011)"},{"key":"4_CR23","unstructured":"Rescorla, E., Modadugu, N.: Datagram Transport Layer Security, RFC 4347 (2006). \n                      https:\/\/tools.ietf.org\/html\/rfc4347"},{"key":"4_CR24","unstructured":"Rescorla, E., Modadugu, N.: Datagram Transport Layer Security Version 1.2, RFC 6347 (2012). \n                      https:\/\/tools.ietf.org\/html\/rfc6347"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) CCS 2002, pp. 98\u2013107. ACM Press, November 2002","DOI":"10.1145\/586110.586125"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: CCS 2001, pp. 196\u2013205. ACM Press, November 2001","DOI":"10.1145\/501983.502011"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006)"},{"key":"4_CR28","unstructured":"Shrimpton, T.: A characterization of authenticated-encryption as a form of chosen-ciphertext security. Cryptology ePrint Archive, Report 2004\/272 (2004). \n                      http:\/\/eprint.iacr.org\/2004\/272"},{"key":"4_CR29","unstructured":"The Chromium Projects: QUIC, a multiplexed stream transport over UDP. \n                      https:\/\/www.chromium.org\/quic\n                      \n                    . Accessed 2015"}],"container-title":["Lecture Notes in Computer Science","Topics in Cryptology - CT-RSA 2016"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-29485-8_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T08:36:42Z","timestamp":1559378202000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-29485-8_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319294841","9783319294858"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-29485-8_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]}}}