{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T04:11:21Z","timestamp":1776399081527,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,10,24]],"date-time":"2016-10-24T00:00:00Z","timestamp":1477267200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978423","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T12:46:35Z","timestamp":1477399595000},"page":"456-467","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":103,"title":["On the Practical (In-)Security of 64-bit Block Ciphers"],"prefix":"10.1145","author":[{"given":"Karthikeyan","family":"Bhargavan","sequence":"first","affiliation":[{"name":"Inria, Paris, France"}]},{"given":"Ga\u00ebtan","family":"Leurent","sequence":"additional","affiliation":[{"name":"Inria, Paris, France"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"M.\n      Abdalla\n     and \n      M.\n      Bellare\n  . \n  Increasing the lifetime of a key: a comparative analysis of the security of re-keying techniques\n  . In T. Okamoto editor ASIACRYPT \n  2000 volume \n  1976\n   of \n  LNCS pages \n  546\n  --\n  559\n  . \n  Springer Heidelberg Dec. 2000.   M. Abdalla and M. Bellare. Increasing the lifetime of a key: a comparative analysis of the security of re-keying techniques. In T. Okamoto editor ASIACRYPT 2000 volume 1976 of LNCS pages 546--559. Springer Heidelberg Dec. 2000.","DOI":"10.1007\/3-540-44448-3_42"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813707"},{"key":"e_1_3_2_1_3_1","first-page":"305","volume-title":"On the Security of RC4 in TLS","author":"AlFardan N. J.","year":"2013","unstructured":"N. J. AlFardan , D. J. Bernstein , K. G. Paterson , B. Poettering , and J. C. N. Schuldt . On the Security of RC4 in TLS . In S. T. King, editor, USENIX Security, pages 305 -- 320 . USENIX Association , 2013 . N. J. AlFardan, D. J. Bernstein, K. G. Paterson, B. Poettering, and J. C. N. Schuldt. On the Security of RC4 in TLS. In S. T. King, editor, USENIX Security, pages 305--320. USENIX Association, 2013."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.42"},{"key":"e_1_3_2_1_5_1","volume-title":"DROWN: Breaking TLS using SSLv2","author":"Aviram N.","year":"2016","unstructured":"N. Aviram , S. Schinzel , J. Somorovsky , N. Heninger , M. Dankel , J. Steube , L. Valenta , D. Adrian , J. A. Halderman , V. Dukhovni , E. Kasper , S. Cohney , S. Engels , C. Paar , and Y. Shavitt . DROWN: Breaking TLS using SSLv2 , 2016 . https:\/\/drownattack.com. N. Aviram, S. Schinzel, J. Somorovsky, N. Heninger, M. Dankel, J. Steube, L. Valenta, D. Adrian, J. A. Halderman, V. Dukhovni, E. Kasper, S. Cohney, S. Engels, C. Paar, and Y. Shavitt. DROWN: Breaking TLS using SSLv2, 2016. https:\/\/drownattack.com."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/795663.796360"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"M.\n      Bellare J.\n      Kilian and \n      P.\n      Rogaway\n  . \n  The security of cipher block chaining\n  . In Y. Desmedt editor CRYPTO'94 volume \n  839\n   of \n  LNCS pages \n  341\n  --\n  358\n  . \n  Springer Heidelberg Aug. \n  1994\n  .   M. Bellare J. Kilian and P. Rogaway. The security of cipher block chaining. In Y. Desmedt editor CRYPTO'94 volume 839 of LNCS pages 341--358. Springer Heidelberg Aug. 1994.","DOI":"10.1007\/3-540-48658-5_32"},{"key":"e_1_3_2_1_8_1","first-page":"4344","article-title":"The Secure Shell (SSH) Transport Layer Encryption Modes","author":"Bellare M.","year":"2006","unstructured":"M. Bellare , T. Kohno , and C. Namprempre . The Secure Shell (SSH) Transport Layer Encryption Modes . IETF RFC 4344 , 2006 . M. Bellare, T. Kohno, and C. Namprempre. The Secure Shell (SSH) Transport Layer Encryption Modes. IETF RFC 4344, 2006.","journal-title":"IETF RFC"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.39"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23418"},{"key":"e_1_3_2_1_11_1","volume-title":"This POODLE Bites: Exploiting The SSL 3.0 Fallback","author":"Bodo Moller K. K.","year":"2014","unstructured":"K. K. Bodo Moller , Thai Duong . This POODLE Bites: Exploiting The SSL 3.0 Fallback , 2014 . https:\/\/www.openssl.org\/ bodo\/ssl-poodle.pdf. K. K. Bodo Moller, Thai Duong. This POODLE Bites: Exploiting The SSL 3.0 Fallback, 2014. https:\/\/www.openssl.org\/ bodo\/ssl-poodle.pdf."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74735-2_31"},{"key":"e_1_3_2_1_13_1","first-page":"5246","article-title":"The Transport Layer Security (TLS) Protocol Version 1.2","author":"Dierks T.","year":"2008","unstructured":"T. Dierks and E. Rescorla . The Transport Layer Security (TLS) Protocol Version 1.2 . IETF RFC 5246 , 2008 . T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. IETF RFC 5246, 2008.","journal-title":"IETF RFC"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1979.11256"},{"key":"e_1_3_2_1_15_1","volume-title":"Here come the \u00f8plus ninjas. Unpublished manuscript","author":"Duong T.","year":"2011","unstructured":"T. Duong and J. Rizzo . Here come the \u00f8plus ninjas. Unpublished manuscript , 2011 . T. Duong and J. Rizzo. Here come the \u00f8plus ninjas. Unpublished manuscript, 2011."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-38a"},{"issue":"4","key":"e_1_3_2_1_17_1","first-page":"343","article-title":"On the evolution of random graphs","volume":"38","author":"Erdos P.","year":"1961","unstructured":"P. Erdos and A. R\u00e9nyi . On the evolution of random graphs . Bull. Inst. Internat. Statist , 38 ( 4 ): 343 -- 347 , 1961 . P. Erdos and A. R\u00e9nyi. On the evolution of random graphs. Bull. Inst. Internat. Statist, 38(4):343--347, 1961.","journal-title":"Bull. Inst. Internat. Statist"},{"key":"e_1_3_2_1_18_1","first-page":"6071","article-title":"IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap","author":"Frankel S.","year":"2011","unstructured":"S. Frankel and S. Krishnan . IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap . IETF RFC 6071 , 2011 . S. Frankel and S. Krishnan. IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. IETF RFC 6071, 2011.","journal-title":"IETF RFC"},{"key":"e_1_3_2_1_19_1","first-page":"113","volume-title":"Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS","author":"Garman C.","year":"2015","unstructured":"C. Garman , K. G. Paterson , and T. V. der Merwe . Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS . In J. Jung and T. Holz, editors, USENIX Security, pages 113 -- 128 . USENIX Association , 2015 . C. Garman, K. G. Paterson, and T. V. der Merwe. Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS. In J. Jung and T. Holz, editors, USENIX Security, pages 113--128. USENIX Association, 2015."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/11894063_4"},{"key":"e_1_3_2_1_21_1","volume-title":"On the Assessment of Cryptographic Techniques and Key Lengths","year":"2014","unstructured":"On the Assessment of Cryptographic Techniques and Key Lengths , 4 th edition. ISO\/IEC JTC 1\/SC 27 Standing Document 12, May 2014 . Available online: http:\/\/www.din.de\/blob\/78392\/6f4bbd95d0cf11d1b32784948039600b\/sc27-sd12-data.pdf. On the Assessment of Cryptographic Techniques and Key Lengths, 4th edition. ISO\/IEC JTC 1\/SC 27 Standing Document 12, May 2014. Available online: http:\/\/www.din.de\/blob\/78392\/6f4bbd95d0cf11d1b32784948039600b\/sc27-sd12-data.pdf.","edition":"4"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/11799313_20"},{"key":"e_1_3_2_1_23_1","volume-title":"Internet Draft","author":"Langley A.","year":"2015","unstructured":"A. Langley , N. Modadugu , and B. Moeller . Transport Layer Security (TLS) False Start . Internet Draft , Nov. 2015 . https:\/\/tools.ietf.org\/html\/draft-ietf-tls-falsestart-01. A. Langley, N. Modadugu, and B. Moeller. Transport Layer Security (TLS) False Start. Internet Draft, Nov. 2015. https:\/\/tools.ietf.org\/html\/draft-ietf-tls-falsestart-01."},{"key":"e_1_3_2_1_24_1","volume-title":"Limits on authenticated encryption use in TLS, march","author":"Luykx A.","year":"2016","unstructured":"A. Luykx and K. G. Paterson . Limits on authenticated encryption use in TLS, march 2016 . http:\/\/www.isg.rhul.ac.uk\/kp\/TLS-AEbounds.pdf. A. Luykx and K. G. Paterson. Limits on authenticated encryption use in TLS, march 2016. http:\/\/www.isg.rhul.ac.uk\/kp\/TLS-AEbounds.pdf."},{"key":"e_1_3_2_1_25_1","volume-title":"Fast Software Encryption Workshop (FSE), 2013","author":"McGrew D.","year":"2012","unstructured":"D. McGrew . Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes . In Fast Software Encryption Workshop (FSE), 2013 . https:\/\/eprint.iacr.org\/ 2012 \/623. D. McGrew. Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes. In Fast Software Encryption Workshop (FSE), 2013. https:\/\/eprint.iacr.org\/2012\/623."},{"key":"e_1_3_2_1_26_1","first-page":"7321","article-title":"Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)","author":"McGrew D.","year":"2014","unstructured":"D. McGrew and P. Hoffman . Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH) . IETF RFC 7321 , 2014 . D. McGrew and P. Hoffman. Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH). IETF RFC 7321, 2014.","journal-title":"IETF RFC"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/s001450010009"},{"key":"e_1_3_2_1_28_1","volume-title":"EKOparty Security Conference","volume":"2012","author":"Rizzo J.","year":"2012","unstructured":"J. Rizzo and T. Duong . The crime attack . In EKOparty Security Conference , volume 2012 , 2012 . J. Rizzo and T. Duong. The crime attack. In EKOparty Security Conference, volume 2012, 2012."},{"key":"e_1_3_2_1_29_1","volume-title":"Problems with Proposed IP Cryptography. Unpublished draft","author":"Rogaway P.","year":"1995","unstructured":"P. Rogaway . Problems with Proposed IP Cryptography. Unpublished draft , 1995 . http:\/\/web.cs.ucdavis.edu\/ rogaway\/papers\/draft-rogaway-ipsec-comments-00.txt. P. Rogaway. Problems with Proposed IP Cryptography. Unpublished draft, 1995. http:\/\/web.cs.ucdavis.edu\/ rogaway\/papers\/draft-rogaway-ipsec-comments-00.txt."},{"key":"e_1_3_2_1_30_1","volume-title":"CRYPREC","author":"Rogaway P.","year":"2011","unstructured":"P. Rogaway . Evaluation of Some Blockcipher Modes of Operation. Technical report , CRYPREC , Feb 2011 . P. Rogaway. Evaluation of Some Blockcipher Modes of Operation. Technical report, CRYPREC, Feb 2011."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/PL00003816"},{"key":"e_1_3_2_1_32_1","first-page":"97","volume-title":"All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS","author":"Vanhoef M.","year":"2015","unstructured":"M. Vanhoef and F. Piessens . All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS . In J. Jung and T. Holz, editors, USENIX Security, pages 97 -- 112 . USENIX Association , 2015 . M. Vanhoef and F. Piessens. All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS. In J. Jung and T. Holz, editors, USENIX Security, pages 97--112. USENIX Association, 2015."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"K.\n      Yasuda\n    . \n      A\n     new variant of PMAC\n  : \n  Beyond the birthday bound\n  . In P. Rogaway editor CRYPTO \n  2011 volume \n  6841\n   of \n  LNCS pages \n  596\n  --\n  609\n  . \n  Springer Heidelberg Aug. 2011.   K. Yasuda. A new variant of PMAC: Beyond the birthday bound. In P. Rogaway editor CRYPTO 2011 volume 6841 of LNCS pages 596--609. Springer Heidelberg Aug. 2011.","DOI":"10.1007\/978-3-642-22792-9_34"},{"key":"e_1_3_2_1_34_1","first-page":"4253","article-title":"The Secure Shell (SSH) Transport Layer Protocol","author":"Ylonen T.","year":"2006","unstructured":"T. Ylonen and C. Lonvick . The Secure Shell (SSH) Transport Layer Protocol . IETF RFC 4253 , 2006 . T. Ylonen and C. Lonvick. The Secure Shell (SSH) Transport Layer Protocol. IETF RFC 4253, 2006.","journal-title":"IETF RFC"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978423","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978423","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:49:54Z","timestamp":1750218594000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978423"}},"subtitle":["Collision Attacks on HTTP over TLS and OpenVPN"],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":34,"alternative-id":["10.1145\/2976749.2978423","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978423","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}