{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T08:41:51Z","timestamp":1765960911376,"version":"3.41.0"},"publisher-location":"Berlin, Heidelberg","reference-count":62,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783662530177"},{"type":"electronic","value":"9783662530184"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-53018-4_2","type":"book-chapter","created":{"date-parts":[[2016,7,20]],"date-time":"2016-07-20T10:02:12Z","timestamp":1469008932000},"page":"33-63","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":74,"title":["Counter-in-Tweak: Authenticated Encryption Modes for Tweakable Block Ciphers"],"prefix":"10.1007","author":[{"given":"Thomas","family":"Peyrin","sequence":"first","affiliation":[]},{"given":"Yannick","family":"Seurin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,7,21]]},"reference":[{"key":"2_CR1","unstructured":"CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness. http:\/\/competitions.cr.yp.to\/caesar.html"},{"key":"2_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"205","DOI":"10.1007\/978-3-662-46706-0_11","volume-title":"Fast Software Encryption","author":"F Abed","year":"2015","unstructured":"Abed, F., Fluhrer, S., Forler, C., List, E., Lucks, S., McGrew, D., Wenzel, J.: Pipelineable on-line encryption. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 205\u2013223. Springer, Heidelberg (2015)"},{"key":"2_CR3","doi-asserted-by":"crossref","unstructured":"AlFardan, N.J., Paterson, K.G., Lucky thirteen: breaking the TLS and DTLS record protocols. In: Security and Privacy - SP 2013, pp. 526\u2013540 (2013)","DOI":"10.1109\/SP.2013.42"},{"key":"2_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1007\/978-3-662-45611-8_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"E Andreeva","year":"2014","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to securely release unverified plaintext in authenticated encryption. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 105\u2013125. Springer, Heidelberg (2014)"},{"key":"2_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"424","DOI":"10.1007\/978-3-642-42033-7_22","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"E Andreeva","year":"2013","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Tischhauser, E., Yasuda, K.: Parallelizable and authenticated online ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 424\u2013443. Springer, Heidelberg (2013)"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Asharov, G., Naor, M., Segev, G., Shahaf, I., Encryption, S.S.: Optimal locality in linear space via two-dimensional balanced allocations. IACR Cryptology ePrint Archive, Report 2016\/251 (2016). To appear at STOC 2016","DOI":"10.1145\/2897518.2897562"},{"key":"2_CR7","doi-asserted-by":"crossref","unstructured":"Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: FOCS 1997, pp. 394\u2013403 (1997)","DOI":"10.1109\/SFCS.1997.646128"},{"key":"2_CR8","unstructured":"Bellare, M., Impagliazzo, R.: A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion. IACR Cryptology ePrint Archive, Report 1999\/024 (1999)"},{"issue":"3","key":"2_CR9","doi-asserted-by":"publisher","first-page":"362","DOI":"10.1006\/jcss.1999.1694","volume":"61","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61(3), 362\u2013399 (2000)","journal-title":"J. Comput. Syst. Sci."},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531\u2013545. Springer, Heidelberg (2000)"},{"key":"2_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/3-540-44448-3_24","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317\u2013330. Springer, Heidelberg (2000)"},{"key":"2_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1007\/978-3-540-25937-4_25","volume-title":"Fast Software Encryption","author":"M Bellare","year":"2004","unstructured":"Bellare, M., Rogaway, P., Wagner, D.: The EAX mode of operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389\u2013407. Springer, Heidelberg (2004)"},{"key":"2_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"384","DOI":"10.1007\/3-540-46035-7_25","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"JA Black","year":"2002","unstructured":"Black, J.A., Rogaway, P.: A block-cipher mode of operation for parallelizable message authentication. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 384\u2013397. Springer, Heidelberg (2002)"},{"key":"2_CR14","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1007\/978-1-4757-0602-4_7","volume-title":"Advances in Cryptology","author":"Gilles Brassard","year":"1983","unstructured":"Brassard, G.: On computationally secure authentication tags requiring short secret shared keys. In: CRYPTO 1982, pp. 79\u201386 (1982)"},{"key":"2_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-55220-5_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"S Chen","year":"2014","unstructured":"Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327\u2013350. Springer, Heidelberg (2014)"},{"key":"2_CR16","series-title":"Lecture Notes in Computer Science","first-page":"285","volume-title":"Fast Software Encryption","author":"B Cogliati","year":"2014","unstructured":"Cogliati, B., Lampe, R., Patarin, J.: The indistinguishability of the XOR of $$k$$ permutations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 285\u2013302. Springer, Heidelberg (2014)"},{"key":"2_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/978-3-642-20465-4_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"Y Dodis","year":"2011","unstructured":"Dodis, Y., Steinberger, J.: Domain extension for MACs beyond the birthday barrier. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 323\u2013342. Springer, Heidelberg (2011)"},{"key":"2_CR18","unstructured":"Duong, T., Rizzo, J.: Here come the $$\\oplus $$ Ninjas. Unpublished manuscript (2011). https:\/\/bug665814.bugzilla.mozilla.org\/attachment.cgi?id=540839"},{"key":"2_CR19","unstructured":"Ferguson, N.: Collision attacks on OCB. Unpublished manuscript (2002). http:\/\/www.cs.ucdavis.edu\/~rogaway\/ocb\/fe02.pdf"},{"key":"2_CR20","unstructured":"Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein hash function family. SHA3 Submission to NIST (Round 3) (2010)"},{"key":"2_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/978-3-642-34047-5_12","volume-title":"Fast Software Encryption","author":"E Fleischmann","year":"2012","unstructured":"Fleischmann, E., Forler, C., Lucks, S.: McOE: a family of almost foolproof on-line authenticated encryption schemes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 196\u2013215. Springer, Heidelberg (2012)"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/3-540-45473-X_8","volume-title":"Fast Software Encryption","author":"VD Gligor","year":"2002","unstructured":"Gligor, V.D., Donescu, P.: Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, p. 92. Springer, Heidelberg (2002)"},{"issue":"4","key":"2_CR23","doi-asserted-by":"publisher","first-page":"792","DOI":"10.1145\/6490.6503","volume":"33","author":"O Goldreich","year":"1986","unstructured":"Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792\u2013807 (1986)","journal-title":"J. ACM"},{"key":"2_CR24","unstructured":"Grosso, V., Leurent, G., Standaert, F.-X., Varici, K., Durvaux, F., Gaspar, L., Kerckhof, S.: SCREAM and iSCREAM. Submitted to CAESAR (2014)"},{"key":"2_CR25","doi-asserted-by":"crossref","unstructured":"Gueron, S., Lindell, Y.: GCM-SIV: full nonce misuse-resistant authenticated encryption atunder one cycle per byte. In: ACM CCS 2015, pp. 109\u2013119 (2015)","DOI":"10.1145\/2810103.2813613"},{"key":"2_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1007\/978-3-662-46800-5_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"VT Hoang","year":"2015","unstructured":"Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 15\u201344. Springer, Heidelberg (2015)"},{"key":"2_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/978-3-662-47989-6_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"VT Hoang","year":"2015","unstructured":"Hoang, V.T., Reyhanitabar, R., Rogaway, P., Viz\u00e1r, D.: Online authenticated-encryption and its nonce-reuse misuse-resistance. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 493\u2013517. Springer, Heidelberg (2015)"},{"key":"2_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/11799313_20","volume-title":"Fast Software Encryption","author":"T Iwata","year":"2006","unstructured":"Iwata, T.: New blockcipher modes of operation with beyond the birthday bound security. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310\u2013327. Springer, Heidelberg (2006)"},{"key":"2_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1007\/978-3-540-68164-9_9","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2008","author":"T Iwata","year":"2008","unstructured":"Iwata, T.: Authenticated encryption mode for beyond the birthday bound security. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 125\u2013142. Springer, Heidelberg (2008)"},{"key":"2_CR30","unstructured":"Jean, J., Nikolic, I., Peyrin, T.: Deoxys v1. Submitted to the CAESAR competition (2014)"},{"key":"2_CR31","unstructured":"Jean, J., Nikolic, I., Peyrin, T.: Joltik v1. Submitted to the CAESAR competition (2014)"},{"key":"2_CR32","unstructured":"Jean, J., Nikolic, I., Peyrin, T.: KIASU v1. Submitted to the CAESAR competition (2014)"},{"key":"2_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"274","DOI":"10.1007\/978-3-662-45608-8_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"J Jean","year":"2014","unstructured":"Jean, J., Nikolic, I., Peyrin, T.: Tweaks and keys for blockciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 274\u2013288. Springer, Heidelberg (2014)"},{"key":"2_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1007\/3-540-44987-6_32","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"CS Jutla","year":"2001","unstructured":"Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529\u2013544. Springer, Heidelberg (2001)"},{"issue":"4","key":"2_CR35","doi-asserted-by":"publisher","first-page":"547","DOI":"10.1007\/s00145-008-9024-z","volume":"21","author":"CS Jutla","year":"2008","unstructured":"Jutla, C.S.: Encryption modes with almost free message integrity. J. Cryptol. 21(4), 547\u2013578 (2008). Earlier version at EUROCRYPT 2001","journal-title":"J. Cryptol."},{"issue":"1","key":"2_CR36","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/s00145-005-0310-8","volume":"19","author":"J Katz","year":"2006","unstructured":"Katz, J., Yung, M.: Characterization of security notions for probabilistic private-key encryption. J. Cryptol. 19(1), 67\u201395 (2006)","journal-title":"J. Cryptol."},{"key":"2_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/3-540-44647-8_19","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"H Krawczyk","year":"2001","unstructured":"Krawczyk, H.: The order of encryption and authentication for protecting communications (or: how secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 310\u2013331. Springer, Heidelberg (2001)"},{"key":"2_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-642-21702-9_18","volume-title":"Fast Software Encryption","author":"T Krovetz","year":"2011","unstructured":"Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306\u2013327. Springer, Heidelberg (2011)"},{"key":"2_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1007\/978-3-662-43933-3_8","volume-title":"Fast Software Encryption","author":"R Lampe","year":"2014","unstructured":"Lampe, R., Seurin, Y.: Tweakable blockciphers with asymptotically optimal security. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 133\u2013152. Springer, Heidelberg (2014)"},{"key":"2_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1007\/978-3-642-32009-5_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"W Landecker","year":"2012","unstructured":"Landecker, W., Shrimpton, T., Terashima, R.S.: Tweakable blockciphers with beyond birthday-bound security. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 14\u201330. Springer, Heidelberg (2012)"},{"key":"2_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-45708-9_3","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"M Liskov","year":"2002","unstructured":"Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31\u201346. Springer, Heidelberg (2002)"},{"key":"2_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"470","DOI":"10.1007\/3-540-45539-6_34","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"S Lucks","year":"2000","unstructured":"Lucks, S.: The sum of PRPs is a secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470\u2013484. Springer, Heidelberg (2000)"},{"key":"2_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"DA McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The security and performance of the Galois\/counter mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343\u2013355. Springer, Heidelberg (2004)"},{"key":"2_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"428","DOI":"10.1007\/978-3-662-48116-5_21","volume-title":"Fast Software Encryption","author":"B Mennink","year":"2015","unstructured":"Mennink, B.: Optimally secure tweakable blockciphers. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 428\u2013448. Springer, Heidelberg (2015)"},{"key":"2_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1007\/978-3-642-03317-9_19","volume-title":"Fast Software Encryption","author":"K Minematsu","year":"2009","unstructured":"Minematsu, K.: Beyond-birthday-bound security based on tweakable block cipher. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 308\u2013326. Springer, Heidelberg (2009)"},{"key":"2_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/978-3-642-55220-5_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"C Namprempre","year":"2014","unstructured":"Namprempre, C., Rogaway, P., Shrimpton, T.: Reconsidering generic composition. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 257\u2013274. Springer, Heidelberg (2014)"},{"key":"2_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-540-85093-9_22","volume-title":"Information Theoretic Security","author":"J Patarin","year":"2008","unstructured":"Patarin, J.: A proof of security in $$O(2^n)$$ for the Xor of two random permutations. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 232\u2013248. Springer, Heidelberg (2008)"},{"key":"2_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/978-3-642-04159-4_21","volume-title":"Selected Areas in Cryptography","author":"J Patarin","year":"2009","unstructured":"Patarin, J.: The \u201cCoefficients H\u201d technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328\u2013345. Springer, Heidelberg (2009)"},{"key":"2_CR49","unstructured":"Patarin, J.: Security in $$O(2^n)$$ for the Xor of two random permutations: proof with the standard $$H$$ technique. IACR Cryptology ePrint Archive, Report 2013\/368 (2013)"},{"key":"2_CR50","doi-asserted-by":"crossref","unstructured":"Peyrin, T., Seurin, Y.: Counter-in-Tweak: authenticated encryption modes for tweakable block ciphers. Full version of this paper. http:\/\/eprint.iacr.org\/2015\/1049","DOI":"10.1007\/978-3-662-53018-4_2"},{"key":"2_CR51","doi-asserted-by":"crossref","unstructured":"Rogaway, P.: Authenticated-encryption with associated-data. In: ACM CCS 2002, pp. 98\u2013107 (2002)","DOI":"10.1145\/586110.586125"},{"key":"2_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-30539-2_2","volume-title":"Advances in Cryptology - ASIACRYPT 2004","author":"P Rogaway","year":"2004","unstructured":"Rogaway, P.: Efficient instantiations of tweakable blockciphers and refinements to modes OCB and PMAC. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 16\u201331. Springer, Heidelberg (2004)"},{"key":"2_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-540-25937-4_22","volume-title":"Fast Software Encryption","author":"P Rogaway","year":"2004","unstructured":"Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348\u2013359. Springer, Heidelberg (2004)"},{"issue":"3","key":"2_CR54","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1145\/937527.937529","volume":"6","author":"P Rogaway","year":"2003","unstructured":"Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6(3), 365\u2013403 (2003)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"2_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006)"},{"key":"2_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"313","DOI":"10.1007\/3-540-68697-5_24","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"V Shoup","year":"1996","unstructured":"Shoup, V.: On fast and provably secure message authentication based on universal hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 313\u2013328. Springer, Heidelberg (1996)"},{"key":"2_CR57","unstructured":"Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. IACR Cryptology ePrint Archive, Report 2004\/332 (2004)"},{"key":"2_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"405","DOI":"10.1007\/978-3-642-42033-7_21","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"T Shrimpton","year":"2013","unstructured":"Shrimpton, T., Terashima, R.S.: A modular framework for building variable-input-length tweakable ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 405\u2013423. Springer, Heidelberg (2013)"},{"key":"2_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"534","DOI":"10.1007\/3-540-46035-7_35","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"S Vaudenay","year":"2002","unstructured":"Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS $$..$$. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534\u2013546. Springer, Heidelberg (2002)"},{"issue":"3","key":"2_CR60","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1016\/0022-0000(81)90033-7","volume":"22","author":"MN Wegman","year":"1981","unstructured":"Wegman, M.N., Carter, L.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265\u2013279 (1981)","journal-title":"J. Comput. Syst. Sci."},{"key":"2_CR61","unstructured":"Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). Submission to NIST (2002). http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/BCM\/documents\/proposedmodes\/ccm\/ccm.pdf"},{"key":"2_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"596","DOI":"10.1007\/978-3-642-22792-9_34","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"K Yasuda","year":"2011","unstructured":"Yasuda, K.: A new variant of PMAC: beyond the birthday bound. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 596\u2013609. Springer, Heidelberg (2011)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2016"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-53018-4_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T02:59:56Z","timestamp":1749005996000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-53018-4_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662530177","9783662530184"],"references-count":62,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-53018-4_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"21 July 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"36","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}