{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,7]],"date-time":"2026-01-07T22:52:55Z","timestamp":1767826375573,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662530177","type":"print"},{"value":"9783662530184","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-53018-4_10","type":"book-chapter","created":{"date-parts":[[2016,7,20]],"date-time":"2016-07-20T10:02:12Z","timestamp":1469008932000},"page":"247-276","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":81,"title":["The Multi-user Security of Authenticated Encryption: AES-GCM in TLS 1.3"],"prefix":"10.1007","author":[{"given":"Mihir","family":"Bellare","sequence":"first","affiliation":[]},{"given":"Bj\u00f6rn","family":"Tackmann","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,7,21]]},"reference":[{"key":"10_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/978-3-319-26059-4_5","volume-title":"Provable Security","author":"C Badertscher","year":"2015","unstructured":"Badertscher, C., Matt, C., Maurer, U., Rogaway, P., Tackmann, B.: Augmented secure channels and the goal of the TLS 1.3 record layer. In: AU, M.-H., et al. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 85\u2013104. Springer, Heidelberg (2015). doi: 10.1007\/978-3-319-26059-4_5"},{"key":"10_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/978-3-662-49890-3_22","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Bernstein, D.J., Tessaro, S.: Hash-function based PRFs: AMAC and its multi-user security. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 566\u2013595. Springer, Heidelberg (2016). doi: 10.1007\/978-3-662-49890-3_22"},{"key":"10_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/3-540-45539-6_18","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259\u2013274. Springer, Heidelberg (2000)"},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: the cascade construction and its concrete security. In: 37th FOCS, pp. 514\u2013523. IEEE Computer Society Press, October 1996","DOI":"10.1109\/SFCS.1996.548510"},{"key":"10_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531\u2013545. Springer, Heidelberg (2000)"},{"key":"10_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006)"},{"key":"10_CR7","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1007\/978-3-662-53018-4_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"Mihir Bellare","year":"2016","unstructured":"Bellare, M., Tackmann, B.: The multi-user security of authenticated encryption: AES-GCM in TLS 1.3. Cryptology ePrint Archive, Report 2016\/564 (2016). http:\/\/eprint.iacr.org\/"},{"key":"10_CR8","unstructured":"Bernstein, D.J.: Multi-user Schnorr security, revisited. Cryptology ePrint Archive, Report 2015\/996 (2015). http:\/\/eprint.iacr.org\/2015\/996"},{"key":"10_CR9","doi-asserted-by":"crossref","unstructured":"Boyarsky, M.K.: Public-key cryptography and password protocols: the multi-user case. In: ACM CCS 1999, pp. 63\u201372. ACM Press, November 1999","DOI":"10.1145\/319709.319719"},{"key":"10_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1007\/978-3-540-71677-8_9","volume-title":"Public Key Cryptography \u2013 PKC 2007","author":"Y Dodis","year":"2007","unstructured":"Dodis, Y., Lee, P.J., Yum, D.H.: Optimistic fair exchange in a multi-user setting. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 118\u2013133. Springer, Heidelberg (2007)"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Dworkin, M.: Recommendation for block cipher modes of operation: the CCM mode for authentication and confidentiality. NIST Special, Publication 800-38C, May 2004","DOI":"10.6028\/NIST.SP.800-38b-2005"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"Dworkin, M.: Recommendation for block cipher modes of operation: Galois\/Counter Mode (GCM) and GMAC. NIST Special, Publication 800-38D, November 2007","DOI":"10.6028\/NIST.SP.800-38d"},{"issue":"3","key":"10_CR13","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151\u2013162 (1997)","journal-title":"J. Cryptol."},{"key":"10_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"545","DOI":"10.1007\/978-3-662-48000-7_27","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"M Fischlin","year":"2015","unstructured":"Fischlin, M., G\u00fcnther, F., Marson, G.A., Paterson, K.G.: Data is a stream: security of stream-based channels. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 545\u2013564. Springer, Heidelberg (2015)"},{"key":"10_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"420","DOI":"10.1007\/978-3-662-45611-8_22","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"P-A Fouque","year":"2014","unstructured":"Fouque, P.-A., Joux, A., Mavromati, C.: Multi-user collisions: applications to discrete logarithm, even-mansour and PRINCE. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 420\u2013438. Springer, Heidelberg (2014)"},{"issue":"5","key":"10_CR16","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1016\/S0020-0190(01)00338-6","volume":"83","author":"S Galbraith","year":"2002","unstructured":"Galbraith, S., Malone-Lee, J., Smart, N.P.: Public key signatures in the multi-user setting. Inf. Process. Lett. 83(5), 263\u2013266 (2002)","journal-title":"Inf. Process. Lett."},{"key":"10_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1007\/978-3-540-79263-5_7","volume-title":"Topics in Cryptology \u2013 CT-RSA 2008","author":"Q Huang","year":"2008","unstructured":"Huang, Q., Yang, G., Wong, D.S., Susilo, W.: Efficient optimistic fair exchange secure in the multi-user setting and chosen-key model without random oracles. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 106\u2013120. Springer, Heidelberg (2008)"},{"key":"10_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-642-32009-5_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"T Iwata","year":"2012","unstructured":"Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 31\u201349. Springer, Heidelberg (2012)"},{"issue":"1","key":"10_CR19","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/s001450010015","volume":"14","author":"J Kilian","year":"2001","unstructured":"Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search (an analysis of DESX). J. Cryptol. 14(1), 17\u201335 (2001)","journal-title":"J. Cryptol."},{"key":"10_CR20","unstructured":"Kiltz, E., Masny, D., Pan, J.: Optimal security proofs for signatures from identification schemes. Cryptology ePrint Archive, Report 2016\/191 (2016). http:\/\/eprint.iacr.org\/"},{"key":"10_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/3-540-48658-5_15","volume-title":"Advances in Cryptology - CRYPTO 1994","author":"H Krawczyk","year":"1994","unstructured":"Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129\u2013139. Springer, Heidelberg (1994)"},{"key":"10_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-642-21702-9_18","volume-title":"Fast Software Encryption","author":"T Krovetz","year":"2011","unstructured":"Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306\u2013327. Springer, Heidelberg (2011)"},{"key":"10_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/3-540-46035-7_8","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"UM Maurer","year":"2002","unstructured":"Maurer, U.M.: Indistinguishability of random systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110\u2013132. Springer, Heidelberg (2002)"},{"key":"10_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"DA McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The security and performance of the Galois\/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343\u2013355. Springer, Heidelberg (2004)"},{"key":"10_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/978-3-662-47989-6_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"N Mouha","year":"2015","unstructured":"Mouha, N., Luykx, A.: Multi-key security: the even-mansour construction revisited. In: Gennaro, R., Robshaw, M.J.B. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 209\u2013223. Springer, Heidelberg (2015)"},{"key":"10_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-642-55220-5_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"C Namprempre","year":"2014","unstructured":"Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257\u2013274. Springer, Heidelberg (2014)"},{"key":"10_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1007\/978-3-662-48116-5_19","volume-title":"Fast Software Encryption","author":"Y Niwa","year":"2015","unstructured":"Niwa, Y., Ohashi, K., Minematsu, K., Iwata, T.: GCM security bounds reconsidered. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 385\u2013407. Springer, Heidelberg (2015)"},{"key":"10_CR28","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: Atluri, V. (ed.) ACM CCS 2002, pp. 98\u2013107. ACM Press, November 2002","DOI":"10.1145\/586110.586125"},{"key":"10_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-30539-2_2","volume-title":"Advances in Cryptology - ASIACRYPT 2004","author":"P Rogaway","year":"2004","unstructured":"Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16\u201331. Springer, Heidelberg (2004)"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Rogaway, P., Bellare, M.: Robust computational secret sharing and a unified account of classical secret-sharing goals. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM CCS 2007, pp. 172\u2013184. ACM Press, October 2007","DOI":"10.1145\/1315245.1315268"},{"key":"10_CR31","doi-asserted-by":"crossref","unstructured":"Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: a block-cipher mode of operation for efficient authenticated encryption. In: ACM CCS 2001, pp. 196\u2013205. ACM Press, November 2001","DOI":"10.1145\/501983.502011"},{"key":"10_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006)"},{"key":"10_CR33","unstructured":"Smith, B.: Pull request: removing the AEAD explicit IV. Mail to IETF TLS Working Group, March 2015"},{"key":"10_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1007\/978-3-662-48800-3_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"S Tessaro","year":"2015","unstructured":"Tessaro, S.: Optimally secure block ciphers from ideal primitives. In: Iwata, T., et al. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 437\u2013462. Springer, Heidelberg (2015). doi: 10.1007\/978-3-662-48800-3_18"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2016"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-53018-4_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T02:59:32Z","timestamp":1749005972000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-53018-4_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662530177","9783662530184"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-53018-4_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"21 July 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"36","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}