{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T21:26:20Z","timestamp":1769721980952,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":66,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662479889","type":"print"},{"value":"9783662479896","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-662-47989-6_24","type":"book-chapter","created":{"date-parts":[[2015,7,30]],"date-time":"2015-07-30T22:36:05Z","timestamp":1438295765000},"page":"493-517","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":34,"title":["Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance"],"prefix":"10.1007","author":[{"given":"Viet Tung","family":"Hoang","sequence":"first","affiliation":[]},{"given":"Reza","family":"Reyhanitabar","sequence":"additional","affiliation":[]},{"given":"Phillip","family":"Rogaway","sequence":"additional","affiliation":[]},{"given":"Damian","family":"Viz\u00e1r","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,8,1]]},"reference":[{"key":"24_CR1","unstructured":"Abed, F., Fluhrer, S., Foley, J., Forler, C., List, E., Lucks, S., McGrew, D., Wenzel, J.: The POET Family of On-Line Authenticated Encryption Schemes (Version 1.01). CAESAR submission (2014)"},{"key":"24_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"205","DOI":"10.1007\/978-3-662-46706-0_11","volume-title":"Fast Software Encryption","author":"F Abed","year":"2015","unstructured":"Abed, F., Fluhrer, S., Forler, C., List, E., Lucks, S., McGrew, D., Wenzel, J.: Pipelineable on-line encryption. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 205\u2013223. Springer, Heidelberg (2015)"},{"key":"24_CR3","unstructured":"Abed, F., Forler, C., List, E., Lucks, S., Wenzel, J.: Don\u2019t Panic! The Cryptographer\u2019s Guide to Robust (On-line) Encryption: Draft, 11 March 2015"},{"key":"24_CR4","unstructured":"Abed, F., Forler, C., Lucks, S.: General Overview of the First-Round CAESAR Candidates for Authenticated Encryption. Cryptology ePrint report 2014\/792 (2014)"},{"key":"24_CR5","unstructured":"Alizadeh, J., Aref, M. R., Bagheri, N.: Artemia v1. CAESAR submission (2014)"},{"key":"24_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"168","DOI":"10.1007\/978-3-662-46706-0_9","volume-title":"Fast Software Encryption","author":"E Andreeva","year":"2015","unstructured":"Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: APE: authenticated permutation-based encryption for lightweight cryptography. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 168\u2013186. Springer, Heidelberg (2015)"},{"key":"24_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1007\/978-3-662-45611-8_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"E Andreeva","year":"2014","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to securely release unverified plaintext in authenticated encryption. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 105\u2013125. Springer, Heidelberg (2014)"},{"key":"24_CR8","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: AES-COPA v. 1. CAESAR submission (2014)"},{"key":"24_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1007\/978-3-642-42033-7_22","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"E Andreeva","year":"2013","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and authenticated online ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 424\u2013443. Springer, Heidelberg (2013)"},{"key":"24_CR10","doi-asserted-by":"crossref","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable (Authenticated) Online Ciphers. DIAC presentation (2013)","DOI":"10.1007\/978-3-642-42033-7_22"},{"key":"24_CR11","unstructured":"Andreeva, E., Luykx, A., Mennink, B., Yasuda, K.: AES-COBRA v1. CAESAR submission (2014)"},{"key":"24_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1007\/978-3-662-46706-0_10","volume-title":"Fast Software Encryption","author":"E Andreeva","year":"2015","unstructured":"Andreeva, E., Luykx, A., Mennink, B., Yasuda, K.: COBRA: a parallelizable authenticated online cipher without block cipher inverse. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 187\u2013203. Springer, Heidelberg (2015)"},{"key":"24_CR13","unstructured":"Aumasson, J.P., Jovanovic, P., Neves, S.: NORX v1. CAESAR submission (2014)"},{"key":"24_CR14","unstructured":"Authenticated Encryption Zoo. \n                      https:\/\/aezoo.compute.dtu.dk"},{"key":"24_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/3-540-44647-8_18","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"M Bellare","year":"2001","unstructured":"Bellare, M., Boldyreva, A., Knudsen, L.R., Namprempre, C.: Online ciphers and the Hash-CBC construction. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 292\u2013309. Springer, Heidelberg (2001)"},{"key":"24_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/3-540-44448-3_24","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317\u2013330. Springer, Heidelberg (2000)"},{"key":"24_CR17","unstructured":"Bernstein, D.: Cryptographic competitions: CAESAR. \n                      http:\/\/competitions.cr.yp.to"},{"key":"24_CR18","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Keyak v1. CAESAR submission (2014)"},{"key":"24_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/978-3-642-28496-0_19","volume-title":"Selected Areas in Cryptography","author":"G Bertoni","year":"2012","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320\u2013337. Springer, Heidelberg (2012)"},{"key":"24_CR20","unstructured":"Kavun, E.B., Lauridsen, M., Leander, G., Rechberger, C., Schwabe, P., Yal\u00e7\u0131n, T.: Pr\u00f8st v1.1. CAESAR submission (2014)"},{"key":"24_CR21","doi-asserted-by":"crossref","unstructured":"Bogdanov, A., Lauridsen, M., Tischhauser, E.: AES-Based Authenticated Encryption Modes in Parallel High-Performance Software. DIAC presentation (2014)","DOI":"10.1007\/978-3-662-43933-3_23"},{"key":"24_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"682","DOI":"10.1007\/978-3-642-29011-4_40","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Boldyreva","year":"2012","unstructured":"Boldyreva, A., Degabriele, J.P., Paterson, K.G., Stam, M.: Security of symmetric encryption in the presence of ciphertext fragmentation. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 682\u2013699. Springer, Heidelberg (2012)"},{"key":"24_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-24660-2_1","volume-title":"Topics in Cryptology \u2013 CT-RSA 2004","author":"A Boldyreva","year":"2004","unstructured":"Boldyreva, A., Taesombut, N.: Online encryption schemes: new security notions and constructions. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 1\u201314. Springer, Heidelberg (2004)"},{"key":"24_CR24","unstructured":"Chakraborti, A., Nandi, M.: TriviA-ck-v1. CAESAR submission. (2014)"},{"key":"24_CR25","unstructured":"Datta, N., Nandi, M.: ELmD v1.0. CAESAR submission. (2014)"},{"key":"24_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1007\/978-3-319-08344-5_20","volume-title":"Information Security and Privacy","author":"N Datta","year":"2014","unstructured":"Datta, N., Nandi, M.: \n                      \n                        \n                      \n                      $$\\sf ELmE$$\n                      \n                        \n                          ELmE\n                        \n                      \n                    : a misuse resistant parallel authenticated encryption. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 306\u2013321. Springer, Heidelberg (2014)"},{"key":"24_CR27","unstructured":"Duong, T., Rizzo, J.: Here Come The \n                      \n                        \n                      \n                      $$\\oplus $$\n                      \n                        \n                          \u2295\n                        \n                      \n                     Ninjas. Manuscript (2011)"},{"key":"24_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/978-3-642-34047-5_12","volume-title":"Fast Software Encryption","author":"E Fleischmann","year":"2012","unstructured":"Fleischmann, E., Forler, C., Lucks, S.: McOE: A family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196\u2013215. Springer, Heidelberg (2012)"},{"key":"24_CR29","doi-asserted-by":"crossref","unstructured":"Fleischmann, E., Forler, C., Lucks, S., Wenzel, J.: McOE: A Foolproof On-line Authenticated Encryption Scheme. Cryptology ePrint report 2011\/644 (2013)","DOI":"10.1007\/978-3-642-34047-5_12"},{"key":"24_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24654-1_11","volume-title":"Selected Areas in Cryptography","author":"P-A Fouque","year":"2004","unstructured":"Fouque, P.-A., Joux, A., Martinet, G., Valette, F.: Authenticated on-line encryption. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006. Springer, Heidelberg (2004)"},{"key":"24_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"362","DOI":"10.1007\/978-3-540-39887-5_26","volume-title":"Fast Software Encryption","author":"P-A Fouque","year":"2003","unstructured":"Fouque, P.-A., Martinet, G., Poupard, G.: Practical symmetric on-line encryption. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 362\u2013375. Springer, Heidelberg (2003)"},{"key":"24_CR32","unstructured":"Guo, J.: Marble Specification Version 1.0. CAESAR submission (2014). Also DIAC presentation (2014)"},{"key":"24_CR33","doi-asserted-by":"crossref","unstructured":"Hoang, V.T., Reyhanitabar, R., Rogaway, P., Viz\u00e1r, D: Online Authenticated-Encryption and its Nonce-Reuse Misuse-Resistance. Cryptology ePrint Archive, Report 2015\/189 (2015)","DOI":"10.1007\/978-3-662-47989-6_24"},{"key":"24_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1007\/978-3-662-46800-5_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"VT Hoang","year":"2015","unstructured":"Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 15\u201344. Springer, Heidelberg (2015)"},{"key":"24_CR35","unstructured":"Iwata, I., Minematsu, K., Guo, J., Morioka, S.: CLOC: Compact Low-Overhead CFB. CAESAR submission. (2014)"},{"key":"24_CR36","unstructured":"Iwata, T., Minematsu, K., Guo, J., Morioka, S., Kobayashi, E.: SILC: SImple Lightweight CFB. CAESAR submission. (2014)"},{"key":"24_CR37","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T.: Deoxys v1. CAESAR submission. (2014)"},{"key":"24_CR38","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T.: Joltik v1. CAESAR submission. (2014)"},{"key":"24_CR39","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T.: KIASU v1. CAESAR submission. (2014)"},{"key":"24_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/3-540-45708-9_2","volume-title":"Advances in cryptology - crypto 2002","author":"A Joux","year":"2002","unstructured":"Joux, A., Martinet, G., Valette, F.: Blockwise-adaptive attackers: revisiting the (In)security of some provably secure encryption modes: CBC, GEM, IACBC. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 17\u201330. Springer, Heidelberg (2002)"},{"key":"24_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"284","DOI":"10.1007\/3-540-44706-7_20","volume-title":"Fast Software Encryption","author":"J Katz","year":"2001","unstructured":"Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284\u2013299. Springer, Heidelberg (2001)"},{"key":"24_CR42","doi-asserted-by":"crossref","unstructured":"Krovetz, T., Rogaway, P.: The OCB Authenticated-Encryption Algorithm. RFC 7253. Internet Research Task Force (IRTF) and Crypto Forum Research Group (CFRG) (2014)","DOI":"10.17487\/rfc7253"},{"issue":"3","key":"24_CR43","doi-asserted-by":"publisher","first-page":"588","DOI":"10.1007\/s00145-010-9073-y","volume":"24","author":"M Liskov","year":"2011","unstructured":"Liskov, M., Rivest, R., Wagner, D.: Tweakable Block Ciphers. J. Cryptology 24(3), 588\u2013614 (2011)","journal-title":"J. Cryptology"},{"key":"24_CR44","unstructured":"Lucks, S.: Personal communication (2014)"},{"key":"24_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"205","DOI":"10.1007\/978-3-662-46706-0_11","volume-title":"Fast Software Encryption","author":"F Abed","year":"2015","unstructured":"Abed, F., Fluhrer, S., Forler, C., List, E., Lucks, S., McGrew, D., Wenzel, J.: Pipelineable on-line encryption. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 205\u2013223. Springer, Heidelberg (2015)"},{"key":"24_CR46","unstructured":"Miaw, W.: Netflix\/msl (2014). \n                      https:\/\/github.com\/Netflix\/msl\/wiki"},{"key":"24_CR47","unstructured":"Minematsu, K.: AES-OTR v1. CAESAR submission (2014)"},{"key":"24_CR48","doi-asserted-by":"crossref","unstructured":"Minematsu, K.: Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions. Cryptology ePrint Archive, Report 2013\/628 (2013)","DOI":"10.1007\/978-3-642-55220-5_16"},{"key":"24_CR49","unstructured":"M\u00f6ller, B.: Security of CBC Ciphersuites in SSL\/TLS: Problems and Countermeasures. http:\/\/web.archive.org\/web\/20120630143111\/\n                      http:\/\/www.openssl.org\/~bodo\/tls-cbc.txt"},{"key":"24_CR50","unstructured":"Morawiecki, P., Gaj, K., Homsirikamol, E., Matusiewicz, K., Pieprzyk, J., Rogawski, M., Srebrny, M., W\u00f3jcik, M.: ICEPOLE v1. CAESAR submission (2014)"},{"key":"24_CR51","doi-asserted-by":"crossref","unstructured":"Recacha, F.: ++AE v1.0. CAESAR submission (2014)","DOI":"10.4324\/9781315746173-1"},{"key":"24_CR52","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-Encryption with Associated-Data. In: ACM CCS 2002, pp. 98\u2013107. ACM Press (2002)","DOI":"10.1145\/586110.586125"},{"key":"24_CR53","unstructured":"Rogaway, P.: Problems with Proposed IP Cryptography. Manuscript (1995)"},{"key":"24_CR54","doi-asserted-by":"crossref","unstructured":"Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: ACM CCS 2001, pp. 196\u2013205. ACM Press (2001)","DOI":"10.1145\/502010.502011"},{"key":"24_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006)"},{"key":"24_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/978-3-642-19074-2_16","volume-title":"Topics in Cryptology \u2013 CT-RSA 2011","author":"P Rogaway","year":"2011","unstructured":"Rogaway, P., Zhang, H.: Online ciphers from tweakable blockciphers. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 237\u2013249. Springer, Heidelberg (2011)"},{"key":"24_CR57","unstructured":"Saarinen, M.-J.O.: The CBEAMr1 Authenticated Encryption Algorithm. CAESAR submission (2014)"},{"key":"24_CR58","unstructured":"Saarinen, M.-J.O.: The STRIBOBr 1 Authenticated Encryption Algorithm. CAESAR submission (2014)"},{"key":"24_CR59","unstructured":"Sasaki, Y., Todo, Y., Aoki, K., Naito, Y., Sugawara, T., Murakami, Y., Matsui, M., Hirose, S.: Minalpher v1. CAESAR submission (2014)"},{"key":"24_CR60","unstructured":"Touset, S.: Streaming API to Authenticated Encryption. Cryptography Stack Exchange, 16 January 2013. \n                      http:\/\/crypto.stackexchange.com\/questions\/6008"},{"key":"24_CR61","unstructured":"Tsang, P., Solomakhin, R., Smith, S.: Authenticated Streamwise On-line Encryption. Dartmouth Computer Science Technical report TR2009-640 (2009)"},{"key":"24_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"534","DOI":"10.1007\/3-540-46035-7_35","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"S Vaudenay","year":"2002","unstructured":"Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534\u2013545. Springer, Heidelberg (2002)"},{"key":"24_CR63","doi-asserted-by":"crossref","unstructured":"Wang, L.: SHELL v1. CAESAR submission (2014)","DOI":"10.4324\/9781315746173-1"},{"key":"24_CR64","unstructured":"Wu, H., Huang, T.: JAMBU Lightweight Authenticated Encryption Mode and AES-JAMBU (v1). CAESAR submission (2014)"},{"key":"24_CR65","unstructured":"Wu, H., Huang, T.: The Authenticated Cipher MORUS (v1). CAESAR submission (2014)"},{"key":"24_CR66","unstructured":"Zhang, L, Wu, W., Sui, H., Wang, P.: iFeed[AES] v1. CAESAR submission (2014)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology -- CRYPTO 2015"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-47989-6_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,9]],"date-time":"2019-08-09T20:05:34Z","timestamp":1565381134000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-47989-6_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783662479889","9783662479896"],"references-count":66,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-47989-6_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"1 August 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}