{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,2]],"date-time":"2026-07-02T16:17:18Z","timestamp":1783009038494,"version":"3.54.5"},"publisher-location":"Cham","reference-count":65,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319636962","type":"print"},{"value":"9783319636979","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-63697-9_3","type":"book-chapter","created":{"date-parts":[[2017,8,1]],"date-time":"2017-08-01T04:07:12Z","timestamp":1501560432000},"page":"66-97","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":77,"title":["Message Franking via Committing Authenticated Encryption"],"prefix":"10.1007","author":[{"given":"Paul","family":"Grubbs","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jiahui","family":"Lu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Thomas","family":"Ristenpart","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2017,8,2]]},"reference":[{"key":"3_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"480","DOI":"10.1007\/978-3-642-11799-2_28","volume-title":"Theory of Cryptography","author":"M Abdalla","year":"2010","unstructured":"Abdalla, M., Bellare, M., Neven, G.: Robust encryption. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 480\u2013497. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-11799-2_28"},{"key":"3_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602\u2013619. Springer, Heidelberg (2006). doi:10.1007\/11818175_36"},{"key":"3_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-68697-5_1","volume-title":"Advances in Cryptology \u2014 CRYPTO 96","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1\u201315. Springer, Heidelberg (1996). doi:10.1007\/3-540-68697-5_1"},{"key":"3_CR4","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: The cascade construction and its concrete security. In: Proceedings of the 37th Annual Symposium on Foundations of Computer Science, 1996, pp. 514\u2013523. IEEE (1996)"},{"key":"3_CR5","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: HMAC: Keyed-hashing for message authentication. Internet Request for Comment RFC, 2104 (1997)"},{"key":"3_CR6","unstructured":"Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: Foundations of Computer Science (FOCS) (1997)"},{"key":"3_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"645","DOI":"10.1007\/978-3-642-29011-4_38","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"M Bellare","year":"2012","unstructured":"Bellare, M., Dowsley, R., Waters, B., Yilek, S.: Standard security does not imply security against selective-opening. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 645\u2013662. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-29011-4_38"},{"key":"3_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-01001-9_1","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"M Bellare","year":"2009","unstructured":"Bellare, M., Hofheinz, D., Yilek, S.: Possibility and impossibility results for encryption and commitment secure under selective opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1\u201335. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-01001-9_1"},{"key":"3_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531\u2013545. Springer, Heidelberg (2000). doi:10.1007\/3-540-44448-3_41"},{"key":"3_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/11935230_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Ristenpart, T.: Multi-property-preserving hash domain extension and the EMD transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 299\u2013314. Springer, Heidelberg (2006). doi:10.1007\/11935230_20"},{"key":"3_CR11","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM CCS (1993)","DOI":"10.1145\/168588.168596"},{"key":"3_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/3-540-44448-3_24","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317\u2013330. Springer, Heidelberg (2000). doi:10.1007\/3-540-44448-3_24"},{"key":"3_CR13","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: EUROCRYPT (2006)","DOI":"10.1007\/11761679_25"},{"key":"3_CR14","unstructured":"Bellare, M., Singh, A.C., Jaeger, J., Nyayapati, M., Stepanovs, I.: Ratcheted encryption and key exchange: The security of messaging. Cryptology ePrint Archive, Report 2016\/1028 (2016). http:\/\/eprint.iacr.org\/2016\/1028"},{"key":"3_CR15","unstructured":"Bernstein, D.J.: ChaCha, a variant of Salsa20. https:\/\/cr.yp.to\/chacha\/chacha-20080128.pdf"},{"key":"3_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1007\/11502760_3","volume-title":"Fast Software Encryption","author":"DJ Bernstein","year":"2005","unstructured":"Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32\u201349. Springer, Heidelberg (2005). doi:10.1007\/11502760_3"},{"key":"3_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"216","DOI":"10.1007\/3-540-48405-1_14","volume-title":"Advances in Cryptology \u2014 CRYPTO 99","author":"J Black","year":"1999","unstructured":"Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: fast and secure message authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 216\u2013233. Springer, Heidelberg (1999). doi:10.1007\/3-540-48405-1_14"},{"key":"3_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"384","DOI":"10.1007\/3-540-46035-7_25","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"J Black","year":"2002","unstructured":"Black, J., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384\u2013397. Springer, Heidelberg (2002). doi:10.1007\/3-540-46035-7_25"},{"key":"3_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/3-540-36492-7_6","volume-title":"Selected Areas in Cryptography","author":"J Black","year":"2003","unstructured":"Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62\u201375. Springer, Heidelberg (2003). doi:10.1007\/3-540-36492-7_6"},{"key":"3_CR20","doi-asserted-by":"crossref","unstructured":"Borisov, N., Goldberg, I., Brewer, E.: Off-the-record communication, or, why not to use PGP. In: ACM Workshop on Privacy in the Electronic Society (2004)","DOI":"10.1145\/1029179.1029200"},{"key":"3_CR21","doi-asserted-by":"crossref","unstructured":"Brassard, G., Chaum, D., Cr\u00e9peau, C.: Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37, 156\u2013189 (1988)","DOI":"10.1016\/0022-0000(88)90005-0"},{"key":"3_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1007\/BFb0052229","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201997","author":"R Canetti","year":"1997","unstructured":"Canetti, R., Dwork, C., Naor, M., Ostrovsky, R.: Deniable encryption. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 90\u2013104. Springer, Heidelberg (1997). doi:10.1007\/BFb0052229"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: STOC (1996)","DOI":"10.1145\/237814.238015"},{"key":"3_CR24","doi-asserted-by":"crossref","unstructured":"Canetti, R., Poburinnaya, O., Raykova, M.: Optimal-rate non-committing encryption in a CRS model. IACR Cryptology ePrint Archive (2016)","DOI":"10.1007\/978-3-319-70700-6_8"},{"key":"3_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-642-10366-7_17","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"SG Choi","year":"2009","unstructured":"Choi, S.G., Dachman-Soled, D., Malkin, T., Wee, H.: Improved non-committing encryption with applications to adaptively secure protocols. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 287\u2013302. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-10366-7_17"},{"key":"3_CR26","doi-asserted-by":"crossref","unstructured":"Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. IACR ePrint Archive (2016)","DOI":"10.1109\/EuroSP.2017.27"},{"key":"3_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"432","DOI":"10.1007\/3-540-44598-6_27","volume-title":"Advances in Cryptology \u2014 CRYPTO 2000","author":"I Damg\u00e5rd","year":"2000","unstructured":"Damg\u00e5rd, I., Nielsen, J.B.: Improved non-committing encryption schemes based on a general complexity assumption. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 432\u2013450. Springer, Heidelberg (2000). doi:10.1007\/3-540-44598-6_27"},{"key":"3_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-642-32009-5_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"Y Dodis","year":"2012","unstructured":"Dodis, Y., Ristenpart, T., Steinberger, J., Tessaro, S.: To hash or not to hash again? (in)differentiability results for $$H^{2}$$ and HMAC. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 348\u2013366. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-32009-5_21"},{"key":"3_CR29","doi-asserted-by":"crossref","unstructured":"Dolev, D., Dwork, C., Naor, M.: Nonmalleable cryptography. SIAM Review (2003)","DOI":"10.1137\/S0036144503429856"},{"key":"3_CR30","unstructured":"Facebook. Facebook Messenger app (2016). https:\/\/www.messenger.com\/"},{"key":"3_CR31","unstructured":"Facebook. Messenger Secret Conversations technical whitepaper (2016). https:\/\/fbnewsroomus.files.wordpress.com\/2016\/07\/secret_conversations_whitepaper-1.pdf"},{"key":"3_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"352","DOI":"10.1007\/978-3-642-36362-7_22","volume-title":"Public-Key Cryptography \u2013 PKC 2013","author":"P Farshim","year":"2013","unstructured":"Farshim, P., Libert, B., Paterson, K.G., Quaglia, E.A.: Robust encryption, revisited. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 352\u2013368. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-36362-7_22"},{"issue":"1","key":"3_CR33","doi-asserted-by":"crossref","first-page":"449","DOI":"10.46586\/tosc.v2017.i1.449-473","volume":"2017","author":"P Farshim","year":"2017","unstructured":"Farshim, P., Orlandi, C., Rosie, R.: Security of symmetric primitives under incorrect usage of keys. IACR Trans. Symmetric Cryptology 2017(1), 449\u2013473 (2017)","journal-title":"IACR Trans. Symmetric Cryptology"},{"key":"3_CR34","doi-asserted-by":"crossref","unstructured":"Garay, J.A., Wichs, D., Zhou, H.-S.: Somewhat non-committing encryption and efficient adaptively secure oblivious transfer. IACR Cryptology ePrint Archive (2008)","DOI":"10.1007\/978-3-642-03356-8_30"},{"key":"3_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"505","DOI":"10.1007\/978-3-642-03356-8_30","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"JA Garay","year":"2009","unstructured":"Garay, J.A., Wichs, D., Zhou, H.-S.: Somewhat non-committing encryption and efficient adaptively secure oblivious transfer. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 505\u2013523. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-03356-8_30"},{"key":"3_CR36","unstructured":"Gertner, Y., Herzberg, A.: Committing encryption and publicly-verifiable signcryption. IACR Cryptology ePrint Archive (2003)"},{"key":"3_CR37","doi-asserted-by":"crossref","unstructured":"Halevi, S., Krawczyk, H.: Security under key-dependent inputs. In: ACM CCS (2007)","DOI":"10.1145\/1315245.1315303"},{"key":"3_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1007\/978-3-662-48797-6_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"C Hazay","year":"2015","unstructured":"Hazay, C., Patra, A., Warinschi, B.: Selective opening security for receivers. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 443\u2013469. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-48797-6_19"},{"key":"3_CR39","unstructured":"Hearn, M.: Modern anti-spam and E2E crypto. https:\/\/moderncrypto.org\/mail-archive\/messaging\/2014\/000780.html"},{"key":"3_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"591","DOI":"10.1007\/978-3-662-46494-6_24","volume-title":"Theory of Cryptography","author":"B Hemenway","year":"2015","unstructured":"Hemenway, B., Ostrovsky, R., Rosen, A.: Non-committing encryption from $$\\Phi $$-hiding. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 591\u2013608. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46494-6_24"},{"key":"3_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-540-39887-5_11","volume-title":"Fast Software Encryption","author":"T Iwata","year":"2003","unstructured":"Iwata, T., Kurosawa, K.: OMAC: one-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129\u2013153. Springer, Heidelberg (2003). doi:10.1007\/978-3-540-39887-5_11"},{"key":"3_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/3-540-44647-8_19","volume-title":"Advances in Cryptology \u2014 CRYPTO 2001","author":"H Krawczyk","year":"2001","unstructured":"Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How Secure Is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310\u2013331. Springer, Heidelberg (2001). doi:10.1007\/3-540-44647-8_19"},{"key":"3_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"972","DOI":"10.1007\/11902140_101","volume-title":"Computer and Information Sciences \u2013 ISCIS 2006","author":"F Lei","year":"2006","unstructured":"Lei, F., Chen, W., Chen, K.: A non-committing encryption scheme based on quadratic residue. In: Levi, A., Sava\u015f, E., Yenig\u00fcn, H., Balc\u0131soy, S., Sayg\u0131n, Y. (eds.) ISCIS 2006. LNCS, vol. 4263, pp. 972\u2013980. Springer, Heidelberg (2006). doi:10.1007\/11902140_101"},{"key":"3_CR44","unstructured":"Marlinspike, M.: libsignal protocol (Java) (2016). https:\/\/github.com\/WhisperSystems\/libsignal-protocol-java"},{"key":"3_CR45","unstructured":"Marlinspike, M., Perrin, T.: The Double Ratchet algorithm. https:\/\/whispersystems.org\/docs\/specifications\/doubleratchet\/doubleratchet.pdf"},{"key":"3_CR46","unstructured":"McGrew, D., Viega, J.: The galois\/counter mode of operation (gcm). Submission to NIST Modes of Operation Process 20 (2004)"},{"key":"3_CR47","unstructured":"Millican, J.: Challenges of E2E Encryption in Facebook Messenger. Real World Cryptography Conference (2017). https:\/\/www.realworldcrypto.com\/rwc2017\/program"},{"key":"3_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"501","DOI":"10.1007\/978-3-642-17373-8_29","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"P Mohassel","year":"2010","unstructured":"Mohassel, P.: A closer look at anonymity and robustness in encryption schemes. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 501\u2013518. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-17373-8_29"},{"key":"3_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/3-540-45708-9_8","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"JB Nielsen","year":"2002","unstructured":"Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111\u2013126. Springer, Heidelberg (2002). doi:10.1007\/3-540-45708-9_8"},{"key":"3_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"525","DOI":"10.1007\/978-3-642-22792-9_30","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"A O\u2019Neill","year":"2011","unstructured":"O\u2019Neill, A., Peikert, C., Waters, B.: Bi-deniable public-key encryption. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 525\u2013542. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-22792-9_30"},{"key":"3_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"372","DOI":"10.1007\/978-3-642-25385-0_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"KG Paterson","year":"2011","unstructured":"Paterson, K.G., Ristenpart, T., Shrimpton, T.: Tag Size Does matter: attacks and proofs for the TLS record protocol. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 372\u2013389. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-25385-0_20"},{"key":"3_CR52","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: ACM CCS (2002)","DOI":"10.1145\/586110.586125"},{"key":"3_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-30539-2_2","volume-title":"Advances in Cryptology - ASIACRYPT 2004","author":"P Rogaway","year":"2004","unstructured":"Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16\u201331. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-30539-2_2"},{"key":"3_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-540-25937-4_22","volume-title":"Fast Software Encryption","author":"P Rogaway","year":"2004","unstructured":"Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348\u2013358. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-25937-4_22"},{"key":"3_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006). doi:10.1007\/11761679_23"},{"key":"3_CR56","doi-asserted-by":"crossref","unstructured":"Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: NDSS. The Internet Society (2014)","DOI":"10.14722\/ndss.2014.23379"},{"key":"3_CR57","doi-asserted-by":"crossref","unstructured":"Stinson, D.R.: Universal hashing and authentication codes. Designs, Codes and Cryptography (1994)","DOI":"10.1007\/BF01388651"},{"key":"3_CR58","unstructured":"Wang, L., Pass, R., Shelat, A., Ristenpart, T.: Secure channel injection and anonymous proofs of account ownership. Cryptology ePrint Archive, Report 2016\/925 (2016). http:\/\/eprint.iacr.org\/2016\/925"},{"key":"3_CR59","doi-asserted-by":"crossref","unstructured":"Wegman, M.N., Lawrence Carter, J.: New hash functions and their use in authentication and set equality. Journal of computer and system sciences (1981)","DOI":"10.1016\/0022-0000(81)90033-7"},{"key":"3_CR60","unstructured":"Whatsapp. Whatsapp (2016). https:\/\/www.whatsapp.com\/"},{"key":"3_CR61","unstructured":"Wikipedia. Signal (software) (2016). https:\/\/en.wikipedia.org\/wiki\/Signal_(software)"},{"key":"3_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/978-3-642-14081-5_9","volume-title":"Information Security and Privacy","author":"H Zhu","year":"2010","unstructured":"Zhu, H., Araragi, T., Nishide, T., Sakurai, K.: Adaptive and composable non-committing encryptions. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 135\u2013144. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-14081-5_9"},{"key":"3_CR63","doi-asserted-by":"crossref","unstructured":"Zhu, H., Araragi, T., Nishide, T., Sakurai, K.: Universally composable non-committing encryptions in the presence of adaptive adversaries. In: SECRYPT (2010)","DOI":"10.1007\/978-3-642-14081-5_9"},{"key":"3_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"418","DOI":"10.1007\/978-3-642-10628-6_27","volume-title":"Progress in Cryptology - INDOCRYPT 2009","author":"H Zhu","year":"2009","unstructured":"Zhu, H., Bao, F.: Non-committing encryptions based on oblivious naor-pinkas cryptosystems. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 418\u2013429. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-10628-6_27"},{"key":"3_CR65","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"52","DOI":"10.1007\/978-3-642-21518-6_4","volume-title":"Information Security and Cryptology","author":"H Zhu","year":"2011","unstructured":"Zhu, H., Bao, F.: Error-free, multi-bit non-committing encryption with constant round complexity. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 52\u201361. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-21518-6_4"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-63697-9_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T20:06:52Z","timestamp":1710360412000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-63697-9_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319636962","9783319636979"],"references-count":65,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-63697-9_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"2 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iacr.org\/conferences\/crypto2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}