{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:19:38Z","timestamp":1780633178529,"version":"3.54.1"},"publisher-location":"Cham","reference-count":74,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319636962","type":"print"},{"value":"9783319636979","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-63697-9_1","type":"book-chapter","created":{"date-parts":[[2017,8,1]],"date-time":"2017-08-01T04:07:12Z","timestamp":1501560432000},"page":"3-33","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":40,"title":["Boosting Authenticated Encryption Robustness with Minimal Modifications"],"prefix":"10.1007","author":[{"given":"Tomer","family":"Ashur","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Orr","family":"Dunkelman","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Atul","family":"Luykx","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2017,8,2]]},"reference":[{"key":"1_CR1","unstructured":"ISO\/IEC JTC 1\/SC 27 19772:2009 Information technology \u2013 Security techniques \u2013 Authenticated encryption. International Organization for Standardization, Geneva, Switzerland"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"23","DOI":"10.1007\/978-3-662-52993-5_2","volume-title":"Fast Software Encryption","author":"F Abed","year":"2016","unstructured":"Abed, F., Forler, C., List, E., Lucks, S., Wenzel, J.: RIV for robust authenticated encryption. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 23\u201342. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-52993-5_2"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda K.: How to securely release unverified plaintext in authenticated encryption. In: Sarkar, P., Iwata, T. (eds.) [70], pp. 105\u2013125","DOI":"10.1007\/978-3-662-45611-8_6"},{"key":"1_CR4","doi-asserted-by":"crossref","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and authenticated online ciphers. In: Sako, K., Sarkar, P. (eds.) [69], pp. 424\u2013443","DOI":"10.1007\/978-3-642-42033-7_22"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Barwell, G., Page, D., Stam, M.: Rogue decryption failures: reconciling AE robustness notions. In: Groth, J. (ed.) [29], pp. 94\u2013111","DOI":"10.1007\/978-3-319-27239-9_6"},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) [60], pp. 531\u2013545","DOI":"10.1007\/3-540-44448-3_41"},{"issue":"4","key":"1_CR7","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1007\/s00145-008-9026-x","volume":"21","author":"M Bellare","year":"2008","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. J. Cryptol. 21(4), 469\u2013491 (2008)","journal-title":"J. Cryptol."},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/3-540-48519-8_17","volume-title":"Fast Software Encryption","author":"M Bellare","year":"1999","unstructured":"Bellare, M., Rogaway, P.: On the construction of variable-input-length ciphers. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 231\u2013244. Springer, Heidelberg (1999). doi:10.1007\/3-540-48519-8_17"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) [60], pp. 317\u2013330","DOI":"10.1007\/3-540-44448-3_24"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) [74], pp. 409\u2013426","DOI":"10.1007\/11761679_25"},{"key":"1_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-662-53018-4_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Tackmann, B.: The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 247\u2013276. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53018-4_10"},{"key":"1_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1007\/11502760_3","volume-title":"Fast Software Encryption","author":"DJ Bernstein","year":"2005","unstructured":"Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32\u201349. Springer, Heidelberg (2005). doi:10.1007\/11502760_3"},{"key":"1_CR13","unstructured":"Bernstein, D.J.: ChaCha, a variant of Salsa20 (2008). http:\/\/cr.yp.to\/papers.html#chacha"},{"key":"1_CR14","unstructured":"Bernstein, D.J.: 2015.11.20: break a dozen secret keys, get a million more for free. The cr.yp.to blog (2015). https:\/\/blog.cr.yp.to\/20151120-batchattacks.html"},{"key":"1_CR15","unstructured":"Bernstein, D.J.: CAESAR use cases. In: Google Groups: Cryptographic Competitions (2016). https:\/\/groups.google.com\/forum\/#!topic\/crypto-competitions\/DLv193SPSDc"},{"issue":"3","key":"1_CR16","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1016\/S0020-0190(02)00269-7","volume":"84","author":"E Biham","year":"2002","unstructured":"Biham, E.: How to decrypt or even substitute des-encrypted messages in $$2^{28}$$ steps. Inf. Process. Lett. 84(3), 117\u2013124 (2002)","journal-title":"Inf. Process. Lett."},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/11693383_8","volume-title":"Selected Areas in Cryptography","author":"A Biryukov","year":"2006","unstructured":"Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved time-memory trade-offs with multiple data. In: Preneel, B., Tavares, S.E. (eds.) SAC 2005. LNCS, vol. 3897, pp. 110\u2013127. Springer, Heidelberg (2006). doi:10.1007\/11693383_8"},{"key":"1_CR18","unstructured":"B\u00f6ck, H., Zauner, A., Devlin, S., Somorovsky, J., Jovanovic, P.: Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS. In: 10th USENIX Workshop on Offensive Technologies, WOOT 16, Austin, TX, 8\u20139 August 2016. USENIX Association (2016)"},{"key":"1_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-662-43933-3_19","volume-title":"Fast Software Encryption","author":"A Boldyreva","year":"2014","unstructured":"Boldyreva, A., Degabriele, J.P., Paterson, K.G., Stam, M.: On symmetric encryption with distinguishable decryption failures. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 367\u2013390. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-43933-3_19"},{"key":"1_CR20","unstructured":"CAESAR: Competition for authenticated encryption: security, applicability, and robustness, May 2014. http:\/\/competitions.cr.yp.to\/caesar.html"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1007\/978-3-642-28496-0_18","volume-title":"Selected Areas in Cryptography","author":"S Chatterjee","year":"2012","unstructured":"Chatterjee, S., Menezes, A., Sarkar, P.: Another look at tightness. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 293\u2013319. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-28496-0_18"},{"key":"1_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-11799-2_17","volume-title":"Theory of Cryptography","author":"J-S Coron","year":"2010","unstructured":"Coron, J.-S., Dodis, Y., Mandal, A., Seurin, Y.: A domain extender for the ideal cipher. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 273\u2013289. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-11799-2_17"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: the second-generation onion router. In: Blaze, M. (ed.) Proceedings of the 13th USENIX Security Symposium, 9\u201313 August 2004, San Diego, CA, USA, pp. 303\u2013320. USENIX (2004)","DOI":"10.21236\/ADA465464"},{"key":"1_CR24","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J.: Sp 800\u201338d. recommendation for block cipher modes of operation: galois\/counter mode (gcm) and gmac (2007)","DOI":"10.6028\/NIST.SP.800-38d"},{"key":"1_CR25","unstructured":"Ferguson, N.: Collision attacks on OCB. http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/BCM\/documents\/comments\/General_Comments\/papers\/Ferguson.pdf"},{"key":"1_CR26","unstructured":"Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The skein hash function family. http:\/\/skein-hash.info\/"},{"key":"1_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/978-3-642-34047-5_12","volume-title":"Fast Software Encryption","author":"E Fleischmann","year":"2012","unstructured":"Fleischmann, E., Forler, C., Lucks, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196\u2013215. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-34047-5_12"},{"key":"1_CR28","doi-asserted-by":"crossref","unstructured":"Fouque, P., Joux, A., Mavromati, C.: Multi-user collisions: applications to discrete logarithm, even-mansour and PRINCE. In: Sarkar, P., Iwata, T. (eds.) [70], pp. 420\u2013438","DOI":"10.1007\/978-3-662-45611-8_22"},{"key":"1_CR29","series-title":"Lecture Notes in Computer Science","volume-title":"Cryptography and Coding","year":"2015","unstructured":"Groth, J. (ed.): IMACC 2015. LNCS, vol. 9496. Springer, Cham (2015)"},{"key":"1_CR30","unstructured":"Gueron, S.: AES-GCM software performance on the current high end CPUs as a performance baseline for CAESAR competition. Directions in Authenticated Ciphers (DIAC) (2013)"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Gueron, S., Lindell, Y.: GCM-SIV: full nonce misuse-resistant authenticated encryption at under one cycle per byte. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, 12\u201316 October 2015, pp. 109\u2013119. ACM (2015)","DOI":"10.1145\/2810103.2813613"},{"key":"1_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/978-3-540-24660-2_23","volume-title":"Topics in Cryptology \u2013 CT-RSA 2004","author":"S Halevi","year":"2004","unstructured":"Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292\u2013304. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-24660-2_23"},{"key":"1_CR33","unstructured":"Hirose, S., Sasaki, Y., Yasuda, K.: Iv-fv authenticated encryption and triplet-robust decryption. In: Early Symmetric Crypto, ESC 2015, Clervaux, Luxembourg, 12\u201316 January 2015"},{"key":"1_CR34","first-page":"260","volume":"2017","author":"S Hirose","year":"2017","unstructured":"Hirose, S., Sasaki, Y., Yasuda, K.: Message-recovery macs and verification-unskippable AE. IACR Cryptol. ePrint Arch. 2017, 260 (2017)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"1_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-662-46800-5_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"VT Hoang","year":"2015","unstructured":"Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 15\u201344. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46800-5_2"},{"key":"1_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/978-3-662-47989-6_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"VT Hoang","year":"2015","unstructured":"Hoang, V.T., Reyhanitabar, R., Rogaway, P., Viz\u00e1r, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 493\u2013517. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-47989-6_24"},{"key":"1_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-319-47422-9_15","volume-title":"Provable Security","author":"K Imamura","year":"2016","unstructured":"Imamura, K., Minematsu, K., Iwata, T.: Integrity analysis of authenticated encryption based on stream ciphers. In: Chen, L., Han, J. (eds.) ProvSec 2016. LNCS, vol. 10005, pp. 257\u2013276. Springer, Cham (2016). doi:10.1007\/978-3-319-47422-9_15"},{"key":"1_CR38","doi-asserted-by":"crossref","unstructured":"Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) [68], pp. 31\u201349","DOI":"10.1007\/978-3-642-32009-5_3"},{"key":"1_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1007\/978-3-662-45608-8_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"J Jean","year":"2014","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274\u2013288. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-45608-8_15"},{"key":"1_CR40","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T.: Deoxys v1.3. CAESAR submissions (2015). http:\/\/competitions.cr.yp.to\/round2\/deoxysv13.pdf"},{"key":"1_CR41","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T.: Joltik v1.3. CAESAR submissions (2015). http:\/\/competitions.cr.yp.to\/round2\/joltikv13.pdf"},{"key":"1_CR42","unstructured":"Joux, A.: Comments on the draft GCM specification \u2013 authentication failuresin NIST version of GCM. http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/BCM\/documents\/comments\/800-38_Series-Drafts\/GCM\/Joux_comments.pdf"},{"key":"1_CR43","doi-asserted-by":"crossref","unstructured":"Krovetz, T., Rogaway, P.: The OCB authenticated-encryption algorithm, June 2013. http:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-ocb","DOI":"10.17487\/rfc7253"},{"key":"1_CR44","doi-asserted-by":"crossref","unstructured":"Krovetz, T., Rogaway, P.: The OCB authenticated-encryption algorithm. RFC 7253, May 2014","DOI":"10.17487\/rfc7253"},{"key":"1_CR45","doi-asserted-by":"crossref","unstructured":"Landecker, W., Shrimpton, T., Terashima, R.S.: Tweakable blockciphers with beyond birthday-bound security. In: Safavi-Naini, R., Canetti, R. (ed.) [68], pp. 14\u201330","DOI":"10.1007\/978-3-642-32009-5_2"},{"key":"1_CR46","series-title":"Lecture Notes in Computer Science","volume-title":"Fast Software Encryption","year":"2015","unstructured":"Leander, G. (ed.): FSE 2015. LNCS, vol. 9054. Springer, Heidelberg (2015)"},{"issue":"3","key":"1_CR47","doi-asserted-by":"publisher","first-page":"588","DOI":"10.1007\/s00145-010-9073-y","volume":"24","author":"M Liskov","year":"2011","unstructured":"Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. J. Cryptol. 24(3), 588\u2013613 (2011)","journal-title":"J. Cryptol."},{"key":"1_CR48","unstructured":"Mathewson, N.: Cryptographic directions in Tor: past and future. In: Real World Cryptography Conference (2016)"},{"key":"1_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"DA McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The security and performance of the galois\/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343\u2013355. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-30556-9_27"},{"key":"1_CR50","first-page":"193","volume":"2004","author":"DA McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The security and performance of the galois\/counter mode of operation (full version). IACR Cryptol. ePrint Arch. 2004, 193 (2004)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"1_CR51","doi-asserted-by":"crossref","unstructured":"Mennink, B.: Optimally secure tweakable blockciphers. In: Leander, G. (ed.) [46], pp. 428\u2013448","DOI":"10.1007\/978-3-662-48116-5_21"},{"key":"1_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1007\/978-3-642-03317-9_19","volume-title":"Fast Software Encryption","author":"K Minematsu","year":"2009","unstructured":"Minematsu, K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 308\u2013326. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-03317-9_19"},{"key":"1_CR53","unstructured":"Minematsu, K., Iwata, T.: More on generic composition. In: Early Symmetric Crypto (ESC) 2015, pp. 69\u201371 (2015)"},{"key":"1_CR54","doi-asserted-by":"crossref","unstructured":"Minematsu, K., Iwata, T.: Tweak-length extension for tweakable blockciphers. In: Groth, J. (ed.) [29], pp. 77\u201393","DOI":"10.1007\/978-3-319-27239-9_5"},{"key":"1_CR55","unstructured":"National Institute of Standards and Technology: DES Modes of Operation. FIPS 81, December 1980"},{"key":"1_CR56","doi-asserted-by":"crossref","unstructured":"Nir, Y., Langley, A.: ChaCha20 and Poly1305 for IETF protocols. RFC 7539, May 2015","DOI":"10.17487\/RFC7539"},{"key":"1_CR57","unstructured":"NIST Special Publication 800\u201338A: Recommendation for block cipher modes of operation - Modes and techniques. National Institute of Standards and Technology (2001)"},{"key":"1_CR58","doi-asserted-by":"crossref","unstructured":"Niwa, Y., Ohashi, K., Minematsu, K., Iwata, T.: GCM security bounds reconsidered. In: Leander, G. (ed.) [46], pp. 385\u2013407","DOI":"10.1007\/978-3-662-48116-5_19"},{"key":"1_CR59","first-page":"214","volume":"2015","author":"Y Niwa","year":"2015","unstructured":"Niwa, Y., Ohashi, K., Minematsu, K., Iwata, T.: GCM security bounds reconsidered. IACR Cryptol. ePrint Arch. 2015, 214 (2015)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"1_CR60","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2000","year":"2000","unstructured":"Okamoto, T. (ed.): ASIACRYPT 2000. LNCS, vol. 1976. Springer, Heidelberg (2000)"},{"key":"1_CR61","first-page":"613","volume":"2014","author":"G Procter","year":"2014","unstructured":"Procter, G.: A security analysis of the composition of chacha20 and poly1305. IACR Cryptol. ePrint Arch. 2014, 613 (2014)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"1_CR62","unstructured":"Procter, G.: The design and analysis of symmetric cryptosystems. Ph.D. thesis (2015)"},{"key":"1_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"396","DOI":"10.1007\/978-3-662-53887-6_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"R Reyhanitabar","year":"2016","unstructured":"Reyhanitabar, R., Vaudenay, S., Viz\u00e1r, D.: Authenticated encryption with variable stretch. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 396\u2013425. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53887-6_15"},{"key":"1_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-30539-2_2","volume-title":"Advances in Cryptology - ASIACRYPT 2004","author":"P Rogaway","year":"2004","unstructured":"Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16\u201331. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-30539-2_2"},{"issue":"3","key":"1_CR65","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1145\/937527.937529","volume":"6","author":"P Rogaway","year":"2003","unstructured":"Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365\u2013403 (2003)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"1_CR66","doi-asserted-by":"crossref","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) [74], pp. 373\u2013390","DOI":"10.1007\/11761679_23"},{"key":"1_CR67","first-page":"221","volume":"2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: Deterministic authenticated-encryption: a provable-security treatment of the key-wrap problem. IACR Cryptol. ePrint Arch. 2006, 221 (2006)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"1_CR68","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","year":"2012","unstructured":"Safavi-Naini, R., Canetti, R. (eds.): CRYPTO 2012. LNCS, vol. 7417. Springer, Heidelberg (2012)"},{"key":"1_CR69","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology - ASIACRYPT 2013","year":"2013","unstructured":"Sako, K., Sarkar, P. (eds.): ASIACRYPT 2013. LNCS, vol. 8269. Springer, Heidelberg (2013)"},{"key":"1_CR70","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","year":"2014","unstructured":"Sarkar, P., Iwata, T. (eds.): ASIACRYPT 2014. LNCS, vol. 8873. Springer, Heidelberg (2014)"},{"key":"1_CR71","doi-asserted-by":"crossref","unstructured":"Shrimpton, T., Terashima, R.S.: A modular framework for building variable-input-length tweakable ciphers. In: Sako, K., Sarkar,P. (eds.) [69], pp. 405\u2013423","DOI":"10.1007\/978-3-642-42033-7_21"},{"key":"1_CR72","doi-asserted-by":"crossref","unstructured":"Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: 1997 IEEE Symposium on Security and Privacy, 4\u20137 May 1997, Oakland, CA, USA, pp. 44\u201354. IEEE Computer Society (1997)","DOI":"10.1109\/SECPRI.1997.601314"},{"key":"1_CR73","unstructured":"The 23 Raccoons. Analysis of the Relative Severity of Tagging Attacks, March 2012. Email to the Tor developers mailing list https:\/\/lists.torproject.org\/pipermail\/tor-dev\/2012-March\/003347.html"},{"key":"1_CR74","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology - EUROCRYPT 2006","year":"2006","unstructured":"Vaudenay, S. (ed.): EUROCRYPT 2006. LNCS, vol. 4004. Springer, Heidelberg (2006)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-63697-9_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T19:21:41Z","timestamp":1750792901000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-63697-9_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319636962","9783319636979"],"references-count":74,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-63697-9_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"2 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iacr.org\/conferences\/crypto2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}