{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T11:42:30Z","timestamp":1777376550468,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,11,12]],"date-time":"2021-11-12T00:00:00Z","timestamp":1636675200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,11,12]]},"DOI":"10.1145\/3460120.3484814","type":"proceedings-article","created":{"date-parts":[[2021,11,13]],"date-time":"2021-11-13T12:05:33Z","timestamp":1636805133000},"page":"1981-2003","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":21,"title":["The Security of ChaCha20-Poly1305 in the Multi-User Setting"],"prefix":"10.1145","author":[{"given":"Jean Paul","family":"Degabriele","sequence":"first","affiliation":[{"name":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"}]},{"given":"J\u00e9r\u00f4me","family":"Govinden","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Darmstadt, Darmstadt, Germany"}]},{"given":"Felix","family":"G\u00fcnther","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}]},{"given":"Kenneth G.","family":"Paterson","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}]}],"member":"320","published-online":{"date-parts":[[2021,11,13]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--662--46800--5_29"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.4230\/LIPIcs.ISAAC.2018.35"},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-68339-9_34"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53018-4_10"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/11502760_3"},{"key":"e_1_3_2_2_6_1","unstructured":"Daniel J Bernstein. 2005 b. Salsa20 specification. eSTREAM Project algorithm description http:\/\/www.ecrypt.eu.org\/stream\/salsa20pf.html (2005)."},{"key":"e_1_3_2_2_7_1","volume-title":"Workshop Record of SASC","volume":"8","author":"Bernstein Daniel J","year":"2008","unstructured":"Daniel J Bernstein. 2008. ChaCha, a variant of Salsa20. In Workshop Record of SASC, Vol. 8. 3--5."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0020-0190(02)00269--7"},{"key":"e_1_3_2_2_9_1","volume-title":"Selected Areas in Cryptography","author":"Biryukov Alex","unstructured":"Alex Biryukov, Sourav Mukhopadhyay, and Palash Sarkar. 2006. Improved Time-Memory Trade-Offs with Multiple Data. In Selected Areas in Cryptography, Bart Preneel and Stafford Tavares (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 110--127."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-78381-9_18"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642--55220--5_19"},{"key":"e_1_3_2_2_12_1","volume-title":"Robust Channels: Handling Unreliable Networks in the Record Layers of QUIC and DTLS 1.3. Cryptology ePrint Archive, Report 2020\/718. https:\/\/eprint.iacr.org\/2020\/718.","author":"Fischlin Marc","year":"2020","unstructured":"Marc Fischlin, Felix G\u00fcnther, and Christian Janson. 2020. Robust Channels: Handling Unreliable Networks in the Record Layers of QUIC and DTLS 1.3. Cryptology ePrint Archive, Report 2020\/718. https:\/\/eprint.iacr.org\/2020\/718."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.dam.2021.01.029"},{"key":"e_1_3_2_2_14_1","volume-title":"Wood","author":"G\u00fcnther Felix","year":"2021","unstructured":"Felix G\u00fcnther, Martin Thomson, and Christopher A. Wood. 2021. Usage Limits on AEAD Algorithms -- draft-irtf-cfrg-aead-limits-03. https:\/\/datatracker.ietf.org\/doc\/html\/draft-irtf-cfrg-aead-limits-03."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243816"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642--32009--5_3"},{"key":"e_1_3_2_2_17_1","unstructured":"KryptosLogic. 2021. Faster Poly1305 key multicollisions. Kryptos Logic Blog. https:\/\/www.kryptoslogic.com\/blog\/2021\/01\/faster-poly1305-key-multicollisions."},{"key":"e_1_3_2_2_18_1","unstructured":"A Langley. 2013. ChaCha20 and Poly1305 based Cipher suites for TLS draft-agl-tls-chacha20poly1305-00. IETF Internet Draft. https:\/\/tools.ietf.org\/html\/draft-agl-tls-chacha20poly1305-00."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--70697--9_20"},{"key":"e_1_3_2_2_20_1","volume-title":"Limits on authenticated encryption use in TLS. Personal webpage: http:\/\/www. isg. rhul. ac. uk\/ kp\/TLS-AEbounds. pdf","author":"Luykx Atul","year":"2015","unstructured":"Atul Luykx and Kenneth G Paterson. 2015. Limits on authenticated encryption use in TLS. Personal webpage: http:\/\/www. isg. rhul. ac. uk\/ kp\/TLS-AEbounds. pdf (2015)."},{"key":"e_1_3_2_2_21_1","volume-title":"The Security and Performance of the Galois\/Counter Mode (GCM) of Operation. In INDOCRYPT 2004 (LNCS","volume":"355","author":"David","unstructured":"David A. McGrew and John Viega. 2004. The Security and Performance of the Galois\/Counter Mode (GCM) of Operation. In INDOCRYPT 2004 (LNCS, Vol. 3348), Anne Canteaut and Kapalee Viswanathan (Eds.). Springer, Heidelberg, 343--355."},{"key":"e_1_3_2_2_22_1","volume-title":"Complexity of lattice problems: a cryptographic perspective","author":"Micciancio Daniele","unstructured":"Daniele Micciancio and Shafi Goldwasser. 2012. Complexity of lattice problems: a cryptographic perspective. Vol. 671. Springer Science & Business Media."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","unstructured":"Y. Nir and A. Langley. 2018. ChaCha20 and Poly1305 for IETF Protocols. RFC 8439 (Informational). https:\/\/doi.org\/10.17487\/RFC8439","DOI":"10.17487\/RFC8439"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--662--48116--5_19"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--642-04159--4_21"},{"key":"e_1_3_2_2_26_1","unstructured":"Gordon Procter. 2014. A Security Analysis of the Composition of ChaCha20 and Poly1305. Cryptology ePrint Archive Report 2014\/613. https:\/\/eprint.iacr.org\/2014\/613."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-014--9178--9"},{"key":"e_1_3_2_2_28_1","volume-title":"Randomization and Approximation Techniques in Computer Science, Michael Luby, Jos\u00e9 D","author":"Raab Martin","unstructured":"Martin Raab and Angelika Steger. 1998. \"Balls into Bins\" -- A Simple and Tight Analysis. In Randomization and Approximation Techniques in Computer Science, Michael Luby, Jos\u00e9 D. P. Rolim, and Maria Serna (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 159--170."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","unstructured":"E. Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (Proposed Standard). https:\/\/doi.org\/10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"crossref","unstructured":"Eric Rescorla Hannes Tschofenig and Nagendra Modadugu. 2021. The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 -- draft-ietf-tls-dtls13--43. https:\/\/tools.ietf.org\/html\/draft-ietf-tls-dtls13--43.","DOI":"10.17487\/RFC9147"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9001"}],"event":{"name":"CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security","location":"Virtual Event Republic of Korea","acronym":"CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484814","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460120.3484814","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T20:47:46Z","timestamp":1763498866000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460120.3484814"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,12]]},"references-count":31,"alternative-id":["10.1145\/3460120.3484814","10.1145\/3460120"],"URL":"https:\/\/doi.org\/10.1145\/3460120.3484814","relation":{},"subject":[],"published":{"date-parts":[[2021,11,12]]},"assertion":[{"value":"2021-11-13","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}