{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:56:34Z","timestamp":1771700194196,"version":"3.50.1"},"publisher-location":"Cham","reference-count":50,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319598697","type":"print"},{"value":"9783319598703","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-59870-3_2","type":"book-chapter","created":{"date-parts":[[2017,5,29]],"date-time":"2017-05-29T22:14:17Z","timestamp":1496096057000},"page":"19-37","source":"Crossref","is-referenced-by-count":7,"title":["Reforgeability of Authenticated Encryption Schemes"],"prefix":"10.1007","author":[{"given":"Christian","family":"Forler","sequence":"first","affiliation":[]},{"given":"Eik","family":"List","sequence":"additional","affiliation":[]},{"given":"Stefan","family":"Lucks","sequence":"additional","affiliation":[]},{"given":"Jakob","family":"Wenzel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,31]]},"reference":[{"key":"2_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"762","DOI":"10.1007\/978-3-662-46800-5_29","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"MA Abdelraheem","year":"2015","unstructured":"Abdelraheem, M.A., Beelen, P., Bogdanov, A., Tischhauser, E.: Twisted polynomials and forgery attacks on GCM. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 762\u2013786. Springer, Heidelberg (2015). doi: 10.1007\/978-3-662-46800-5_29"},{"key":"2_CR2","unstructured":"Abed, F., Fluhrer, S., Foley, J., Forler, C., List, E., Lucks, S., McGrew, D., Wenzel, J.: The POET Family of On-Line Authenticated Encryption Schemes (2014). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR3","unstructured":"Andreeva, E., Bogdanov, A., Datta, N., Luykx, A., Mennink, B., Nandi, M., Tischhauser, E., Yasuda, K.: COLM v1 (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR4","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: AES-COPA (2014). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR5","unstructured":"Aumasson, J.-P., Jovanovic, P., Neves, S.: NORX (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-68697-5_1","volume-title":"Advances in Cryptology \u2014 CRYPTO 1996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1\u201315. Springer, Heidelberg (1996). doi: 10.1007\/3-540-68697-5_1"},{"key":"2_CR7","first-page":"309","volume":"2004","author":"M Bellare","year":"2004","unstructured":"Bellare, M., Goldreich, O., Mityagin, A.: The power of verification queries in message authentication and authenticated encryption. IACR Cryptology ePrint Arch. 2004, 309 (2004)","journal-title":"IACR Cryptology ePrint Arch."},{"issue":"3","key":"2_CR8","doi-asserted-by":"crossref","first-page":"362","DOI":"10.1006\/jcss.1999.1694","volume":"61","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61(3), 362\u2013399 (2000)","journal-title":"J. Comput. Syst. Sci."},{"key":"2_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1007\/978-3-540-25937-4_25","volume-title":"Fast Software Encryption","author":"M Bellare","year":"2004","unstructured":"Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389\u2013407. Springer, Heidelberg (2004). doi: 10.1007\/978-3-540-25937-4_25"},{"key":"2_CR10","unstructured":"Bernstein, D.J.: CAESAR Call for Submissions, Final, 27 January 2014. http:\/\/competitions.cr.yp.to\/caesar-call.html"},{"key":"2_CR11","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. ECRYPT Hash Function Workshop (2007)"},{"key":"2_CR12","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Keer, R., Van Assche, G.: CAESAR submission, Ketje v2 (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-642-03317-9_21","volume-title":"Fast Software Encryption","author":"J Black","year":"2009","unstructured":"Black, J., Cochran, M.: MAC reforgeability. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 345\u2013362. Springer, Heidelberg (2009). doi: 10.1007\/978-3-642-03317-9_21"},{"key":"2_CR14","unstructured":"Datta, N., Nandi, M.: ELmD (2014). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR15","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon v1.2 (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J.: SP 800\u201338C. Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. Technical report, Gaithersburg, MD, United States (2004)","DOI":"10.6028\/NIST.SP.800-38b-2005"},{"key":"2_CR17","unstructured":"Ferguson, N.: Collision Attacks on OCB. Unpublished manuscript (2002). http:\/\/www.cs.ucdavis.edu\/rogaway\/ocb\/links.htm"},{"key":"2_CR18","unstructured":"Ferguson, N.: Authentication weaknesses in GCM (2005). http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/BCM\/documents\/comments\/CWC-GCM\/Ferguson2.pdf"},{"key":"2_CR19","unstructured":"Forler, C., List, E., Lucks, S., Wenzel, J.: Reforgeability of Authenticated Encryption Schemes. Cryptology ePrint Archive, Report 2017\/332 (2017). http:\/\/eprint.iacr.org\/2017\/332"},{"key":"2_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-540-68914-0_25","volume-title":"Applied Cryptography and Network Security","author":"P-A Fouque","year":"2008","unstructured":"Fouque, P.-A., Martinet, G., Valette, F., Zimmer, S.: On the security of the CCM encryption mode and of a slight variant. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 411\u2013428. Springer, Heidelberg (2008). doi: 10.1007\/978-3-540-68914-0_25"},{"key":"2_CR21","unstructured":"Peeters, M., Bertoni, G., Daemen, J., Van Assche, G., Van Keer, R.: CAESAR submission, Keyak v2 (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-540-85174-5_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"H Handschuh","year":"2008","unstructured":"Handschuh, H., Preneel, B.: Key-recovery attacks on universal hash function based MAC algorithms. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 144\u2013161. Springer, Heidelberg (2008). doi: 10.1007\/978-3-540-85174-5_9"},{"key":"2_CR23","unstructured":"Hoang, V.T., Krovetz, T., Rogaway, P.: AEZ v4.2: Authenticated Encryption by Enciphering (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR24","unstructured":"Iwata, T., Minematsu, K., Guo, J., Morioka, S.: CLOC and SILC v3 (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-642-32009-5_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T Iwata","year":"2012","unstructured":"Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 31\u201349. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-32009-5_3"},{"key":"2_CR26","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T., Seurin, Y.: Deoxys v1.41 (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR27","unstructured":"Westerlund, M., Mattsson, J.: Authentication Key Recovery on Galois Counter Mode (GCM). Cryptology ePrint Archive, Report 2015\/477 (2015). http:\/\/eprint.iacr.org\/2015\/477"},{"key":"2_CR28","unstructured":"Joux, A.: Authentication Failures in NIST version of GCM. NIST Comment (2006)"},{"key":"2_CR29","doi-asserted-by":"crossref","unstructured":"Kohno, T., Viega, J., Whiting, D.: CWC: a high-performance conventional authenticated encryption mode. In: FSE, pp. 408\u2013426, 2004","DOI":"10.1007\/978-3-540-25937-4_26"},{"key":"2_CR30","unstructured":"Krovetz, T., Rogaway, P.: OCB (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"258","DOI":"10.1007\/978-3-319-52153-4_15","volume-title":"Topics in Cryptology \u2013 CT-RSA 2017","author":"E List","year":"2017","unstructured":"List, E., Nandi, M.: Revisiting full-PRF-secure PMAC and using it for beyond-birthday authenticated encryption. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 258\u2013274. Springer, Cham (2017). doi: 10.1007\/978-3-319-52153-4_15"},{"key":"2_CR32","first-page":"79","volume":"2015","author":"L Jiqiang","year":"2015","unstructured":"Jiqiang, L.: On the security of the COPA and marble authenticated encryption algorithms against (almost) universal forgery attack. IACR Cryptology ePrint Arch. 2015, 79 (2015)","journal-title":"IACR Cryptology ePrint Arch."},{"key":"2_CR33","doi-asserted-by":"crossref","unstructured":"Lucks, S.: A failure-friendly design principle for hash functions. In: Proceedings of the Advances in Cryptology - ASIACRYPT 2005, 11th International Conference on the Theory and Application of Cryptology and Information Security, Chennai, India, December 4\u20138, 2005, pp. 474\u2013494 (2005)","DOI":"10.1007\/11593447_26"},{"key":"2_CR34","unstructured":"McGrew, D., Viega, J.: The Galois\/Counter Mode of Operation (GCM). Submission to NIST (2004). http:\/\/csrc.nist.gov\/CryptoToolkit\/modes\/proposedmodes\/gcm\/gcm-spec.pdf"},{"key":"2_CR35","first-page":"161","volume":"2005","author":"DA McGrew","year":"2005","unstructured":"McGrew, D.A., Fluhrer, S.R.: Multiple forgery attacks against message authentication codes. IACR Cryptology ePrint Arch. 2005, 161 (2005)","journal-title":"IACR Cryptology ePrint Arch."},{"key":"2_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"DA McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The security and performance of the Galois\/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343\u2013355. Springer, Heidelberg (2004). doi: 10.1007\/978-3-540-30556-9_27"},{"key":"2_CR37","unstructured":"Minematsu, K.: AES-OTR v3.1 (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-642-55220-5_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"C Namprempre","year":"2014","unstructured":"Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257\u2013274. Springer, Heidelberg (2014). doi: 10.1007\/978-3-642-55220-5_15"},{"key":"2_CR39","unstructured":"Nandi, M.: Revisiting security claims of XLS and COPA. Cryptology ePrint Archive, Report 2015\/444 (2015). http:\/\/eprint.iacr.org\/2015\/444"},{"key":"2_CR40","unstructured":"Nikoli\u0107, I.: Tiaoxin-346 (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-662-43933-3_15","volume-title":"Fast Software Encryption","author":"G Procter","year":"2014","unstructured":"Procter, G., Cid, C.: On weak keys and forgery attacks against polynomial-based MAC schemes. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 287\u2013304. Springer, Heidelberg (2014). doi: 10.1007\/978-3-662-43933-3_15"},{"key":"2_CR42","unstructured":"Rogaway, P., Wagner, D.: A Critique of CCM. Cryptology ePrint Archive, Report 2003\/070 (2003). http:\/\/eprint.iacr.org\/2003\/070"},{"key":"2_CR43","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: ACM Conference on Computer and Communications Security, pp. 98\u2013107 (2002)","DOI":"10.1145\/586110.586125"},{"key":"2_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-540-25937-4_22","volume-title":"Fast Software Encryption","author":"P Rogaway","year":"2004","unstructured":"Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348\u2013358. Springer, Heidelberg (2004). doi: 10.1007\/978-3-540-25937-4_22"},{"key":"2_CR45","doi-asserted-by":"crossref","unstructured":"Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: ACM Conference on Computer and Communications Security, pp. 196\u2013205 (2001)","DOI":"10.1145\/501983.502011"},{"key":"2_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"216","DOI":"10.1007\/978-3-642-34047-5_13","volume-title":"Fast Software Encryption","author":"M-JO Saarinen","year":"2012","unstructured":"Saarinen, M.-J.O.: Cycling attacks on GCM, GHASH and other polynomial MACs and hashes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 216\u2013225. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-34047-5_13"},{"key":"2_CR47","unstructured":"Hongjun, W.: A Lightweight Authenticated Cipher (v3) (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR48","unstructured":"Wu, H., Huang, T.: The Authenticated Cipher MORUS (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR49","unstructured":"Wu, H., Huang, T.: The JAMBU Lightweight Authentication Encryption Mode (v2.1) (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"},{"key":"2_CR50","unstructured":"Wu, H., Preneel, B.: AEGIS: A Fast Authenticated Encryption Algorithm (v1,1) (2016). http:\/\/competitions.cr.yp.to\/caesar-submissions.html"}],"container-title":["Lecture Notes in Computer Science","Information Security and Privacy"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-59870-3_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,25]],"date-time":"2019-09-25T02:49:35Z","timestamp":1569379775000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-59870-3_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319598697","9783319598703"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-59870-3_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}