{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T21:03:55Z","timestamp":1769720635872,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":41,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662456071","type":"print"},{"value":"9783662456088","type":"electronic"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-662-45611-8_6","type":"book-chapter","created":{"date-parts":[[2014,11,14]],"date-time":"2014-11-14T10:34:07Z","timestamp":1415961247000},"page":"105-125","source":"Crossref","is-referenced-by-count":73,"title":["How to Securely Release Unverified Plaintext in Authenticated Encryption"],"prefix":"10.1007","author":[{"given":"Elena","family":"Andreeva","sequence":"first","affiliation":[]},{"given":"Andrey","family":"Bogdanov","sequence":"additional","affiliation":[]},{"given":"Atul","family":"Luykx","sequence":"additional","affiliation":[]},{"given":"Bart","family":"Mennink","sequence":"additional","affiliation":[]},{"given":"Nicky","family":"Mouha","sequence":"additional","affiliation":[]},{"given":"Kan","family":"Yasuda","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"6_CR1","doi-asserted-by":"crossref","unstructured":"AlFardan, N.J., Paterson, K.G.: Lucky Thirteen: Breaking the TLS and DTLS Record Protocols. In: IEEE Symposium on Security and Privacy, pp. 526\u2013540. IEEE Computer Society (2013)","DOI":"10.1109\/SP.2013.42"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography. In: FSE. LNCS, Springer (2014)","DOI":"10.1007\/978-3-662-46706-0_9"},{"key":"6_CR3","doi-asserted-by":"crossref","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to Securely Release Unverified Plaintext in Authenticated Encryption. Cryptology ePrint Archive, Report 2014\/144 (2014), full version of this paper","DOI":"10.1007\/978-3-662-45611-8_6"},{"key":"6_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1007\/978-3-642-42033-7_22","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"E. Andreeva","year":"2013","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and Authenticated Online Ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol.\u00a08269, pp. 424\u2013443. Springer, Heidelberg (2013)"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A Concrete Security Treatment of Symmetric Encryption. In: FOCS, pp. 394\u2013403. IEEE Computer Society (1997)","DOI":"10.1109\/SFCS.1997.646128"},{"key":"6_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"610","DOI":"10.1007\/978-3-642-22792-9_35","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"M. Bellare","year":"2011","unstructured":"Bellare, M., Keelveedhi, S.: Authenticated and Misuse-Resistant Encryption of Key-Dependent Data. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol.\u00a06841, pp. 610\u2013629. Springer, Heidelberg (2011)"},{"issue":"2","key":"6_CR7","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1145\/996943.996945","volume":"7","author":"M. Bellare","year":"2004","unstructured":"Bellare, M., Kohno, T., Namprempre, C.: Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt-and-mac paradigm. ACM Tr. Inf. Sys. Sec.\u00a07(2), 206\u2013241 (2004)","journal-title":"ACM Tr. Inf. Sys. Sec."},{"key":"6_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/3-540-69053-0_13","volume-title":"Advances in Cryptology - EUROCRYPT \u201997","author":"M. Bellare","year":"1997","unstructured":"Bellare, M., Micciancio, D.: A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol.\u00a01233, pp. 163\u2013192. Springer, Heidelberg (1997)"},{"key":"6_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"M. Bellare","year":"2000","unstructured":"Bellare, M., Namprempre, C.: Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol.\u00a01976, pp. 531\u2013545. Springer, Heidelberg (2000)"},{"key":"6_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1007\/978-3-540-30539-2_4","volume-title":"Advances in Cryptology - ASIACRYPT 2004","author":"M. Bellare","year":"2004","unstructured":"Bellare, M., Palacio, A.: Towards Plaintext-Aware Public-Key Encryption Without Random Oracles. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol.\u00a03329, pp. 48\u201362. Springer, Heidelberg (2004)"},{"key":"6_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology - EUROCRYPT \u201994","author":"M. Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol.\u00a0950, pp. 92\u2013111. Springer, Heidelberg (1995)"},{"key":"6_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/3-540-44448-3_24","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"M. Bellare","year":"2000","unstructured":"Bellare, M., Rogaway, P.: Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol.\u00a01976, pp. 317\u2013330. Springer, Heidelberg (2000)"},{"key":"6_CR13","unstructured":"Bellare, M., Rogaway, P.: Introduction to modern cryptography. In: UCSD CSE 207 Course Notes (September 2005)"},{"key":"6_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/978-3-642-28496-0_19","volume-title":"Selected Areas in Cryptography","author":"G. Bertoni","year":"2012","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol.\u00a07118, pp. 320\u2013337. Springer, Heidelberg (2012)"},{"key":"6_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"447","DOI":"10.1007\/978-3-662-43933-3_23","volume-title":"Fast Software Encryption","author":"A. Bogdanov","year":"2014","unstructured":"Bogdanov, A., Mendel, F., Regazzoni, F., Rijmen, V., Tischhauser, E.: ALE: AES-Based Lightweight Authenticated Encryption. In: Moriai, S. (ed.) FSE 2013. LNCS, vol.\u00a08424, pp. 447\u2013466. Springer, Heidelberg (2014)"},{"key":"6_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"682","DOI":"10.1007\/978-3-642-29011-4_40","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A. Boldyreva","year":"2012","unstructured":"Boldyreva, A., Degabriele, J.P., Paterson, K.G., Stam, M.: Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol.\u00a07237, pp. 682\u2013699. Springer, Heidelberg (2012)"},{"key":"6_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-662-43933-3_19","volume-title":"Fast Software Encryption","author":"A. Boldyreva","year":"2014","unstructured":"Boldyreva, A., Degabriele, J.P., Paterson, K.G., Stam, M.: On Symmetric Encryption with Distinguishable Decryption Failures. In: Moriai, S. (ed.) FSE 2013. LNCS, vol.\u00a08424, pp. 367\u2013390. Springer, Heidelberg (2014)"},{"key":"6_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1007\/978-3-540-45146-4_34","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"B. Canvel","year":"2003","unstructured":"Canvel, B., Hiltgen, A.P., Vaudenay, S., Vuagnoux, M.: Password Interception in a SSL\/TLS Channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.\u00a02729, pp. 583\u2013599. Springer, Heidelberg (2003)"},{"key":"6_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"394","DOI":"10.1007\/3-540-44598-6_25","volume-title":"Advances in Cryptology - CRYPTO 2000","author":"A. Desai","year":"2000","unstructured":"Desai, A.: New Paradigms for Constructing Symmetric Encryption Schemes Secure against Chosen-Ciphertext Attack. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol.\u00a01880, pp. 394\u2013412. Springer, Heidelberg (2000)"},{"key":"6_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/978-3-642-34047-5_12","volume-title":"Fast Software Encryption","author":"E. Fleischmann","year":"2012","unstructured":"Fleischmann, E., Forler, C., Lucks, S.: McOE: A Family of Almost Foolproof On-Line Authenticated Encryption Schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol.\u00a07549, pp. 196\u2013215. Springer, Heidelberg (2012)"},{"key":"6_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1007\/978-3-540-24654-1_11","volume-title":"Selected Areas in Cryptography","author":"P.-A. Fouque","year":"2004","unstructured":"Fouque, P.-A., Joux, A., Martinet, G., Valette, F.: Authenticated On-Line Encryption. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol.\u00a03006, pp. 145\u2013159. Springer, Heidelberg (2004)"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Goldwasser, S., Micali, S.: Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Partial Information. In: STOC 1982, pp. 365\u2013377. ACM (1982)","DOI":"10.1145\/800070.802212"},{"key":"6_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-642-05445-7_20","volume-title":"Selected Areas in Cryptography","author":"T. Iwata","year":"2009","unstructured":"Iwata, T., Yasuda, K.: BTM: A Single-Key, Inverse-Cipher-Free Mode for Deterministic Authenticated Encryption. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol.\u00a05867, pp. 313\u2013330. Springer, Heidelberg (2009)"},{"key":"6_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"394","DOI":"10.1007\/978-3-642-03317-9_24","volume-title":"Fast Software Encryption","author":"T. Iwata","year":"2009","unstructured":"Iwata, T., Yasuda, K.: HBS: A Single-Key Mode of Operation for Deterministic Authenticated Encryption. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol.\u00a05665, pp. 394\u2013415. Springer, Heidelberg (2009)"},{"key":"6_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/3-540-45708-9_2","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"A. Joux","year":"2002","unstructured":"Joux, A., Martinet, G., Valette, F.: Blockwise-Adaptive Attackers: Revisiting the (In)Security of Some Provably Secure Encryption Models: CBC, GEM, IACBC. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, pp. 17\u201330. Springer, Heidelberg (2002)"},{"key":"6_CR26","doi-asserted-by":"crossref","unstructured":"Katz, J., Yung, M.: Complete characterization of security notions for probabilistic private-key encryption. In: STOC, pp. 245\u2013254. ACM (2000)","DOI":"10.1145\/335305.335335"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Krovetz, T., Rogaway, P.: The OCB Authenticated-Encryption Algorithm (June 2013), http:\/\/datatracker.ietf.org\/doc\/draft-irtf-cfrg-ocb","DOI":"10.17487\/rfc7253"},{"key":"6_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"D.A. McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The Security and Performance of the Galois\/Counter Mode (GCM) of Operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol.\u00a03348, pp. 343\u2013355. Springer, Heidelberg (2004)"},{"key":"6_CR29","doi-asserted-by":"crossref","unstructured":"NIST: DES Modes of Operation. FIPS 81 (December 1980)","DOI":"10.3817\/1280046081"},{"key":"6_CR30","unstructured":"Paterson, K.G., AlFardan, N.J.: Plaintext-Recovery Attacks Against Datagram TLS. In: NDSS. The Internet Society (2012)"},{"key":"6_CR31","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: ACM Conference on Computer and Communications Security 2002, pp. 98\u2013107. ACM (2002)","DOI":"10.1145\/586110.586125"},{"key":"6_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-540-25937-4_22","volume-title":"Fast Software Encryption","author":"P. Rogaway","year":"2004","unstructured":"Rogaway, P.: Nonce-Based Symmetric Encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol.\u00a03017, pp. 348\u2013359. Springer, Heidelberg (2004)"},{"issue":"3","key":"6_CR33","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1145\/937527.937529","volume":"6","author":"P. Rogaway","year":"2003","unstructured":"Rogaway, P., Bellare, M., Black, J.: OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. ACM Tr. Inf. Sys. Sec.\u00a06(3), 365\u2013403 (2003)","journal-title":"ACM Tr. Inf. Sys. Sec."},{"key":"6_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P. Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A Provable-Security Treatment of the Key-Wrap Problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol.\u00a04004, pp. 373\u2013390. Springer, Heidelberg (2006)"},{"key":"6_CR35","unstructured":"Rogaway, P., Wagner, D.: A Critique of CCM. Cryptology ePrint Archive, Report 2003\/070 (2003)"},{"key":"6_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"405","DOI":"10.1007\/978-3-642-42033-7_21","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"T. Shrimpton","year":"2013","unstructured":"Shrimpton, T., Terashima, R.S.: A modular framework for building variable-input-length tweakable ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol.\u00a08269, pp. 405\u2013423. Springer, Heidelberg (2013)"},{"key":"6_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"146","DOI":"10.1007\/978-3-540-79104-1_11","volume-title":"Information Security Practice and Experience","author":"P.P. Tsang","year":"2008","unstructured":"Tsang, P.P., Smith, S.W.: Secure cryptographic precomputation with insecure memory. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol.\u00a04991, pp. 146\u2013160. Springer, Heidelberg (2008)"},{"key":"6_CR38","unstructured":"Tsang, P.P., Solomakhin, R.V., Smith, S.W.: Authenticated streamwise on-line encryption. Dartmouth Computer Science Technical Report TR2009-640 (2009)"},{"key":"6_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"534","DOI":"10.1007\/3-540-46035-7_35","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"S. Vaudenay","year":"2002","unstructured":"Vaudenay, S.: Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS.. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.\u00a02332, pp. 534\u2013546. Springer, Heidelberg (2002)"},{"key":"6_CR40","doi-asserted-by":"crossref","unstructured":"Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). Request For Comments 3610 (2003)","DOI":"10.17487\/rfc3610"},{"key":"6_CR41","series-title":"LNCS","first-page":"185","volume-title":"SAC.","author":"H. Wu","year":"2013","unstructured":"Wu, H., Preneel, B.: AEGIS: A Fast Authenticated Encryption Algorithm. In: Lange, T., Lauter, K., Lison\u011bk, P. (eds.) SAC 2013. LNCS, vol.\u00a08282, pp. 185\u2013202. Springer, Heidelberg (2013)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2014"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-45611-8_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,13]],"date-time":"2025-05-13T17:53:29Z","timestamp":1747158809000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-45611-8_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783662456071","9783662456088"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-45611-8_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}