This paper provides efficient authenticated-encryption (AE) schemes in which a ciphertext is
a commitment to the key. These are extended, at minimal additional cost, to schemes where …

We initiate the study of multi-user (mu) security of authenticated encryption (AE) schemes as
a way to rigorously formulate, and answer, questions about the “randomized nonce” …

This paper revisits the multi-user (mu) security of symmetric encryption, from the perspective
of delivering an analysis of the AES-GCM-SIV AEAD scheme. Our end result shows that its …

A new approach to invariant subspaces and nonlinear invariants is developed. This results
in both theoretical insights and practical attacks on block ciphers. It is shown that, with minor …

Contents Page 1 CRITICAL PERSPECTIVES ON PROVABLE SECURITY: FIFTEEN YEARS OF
“ANOTHER LOOK” PAPERS NEAL KOBLITZ AND ALFRED MENEZES Abstract. We give an …

The ChaCha20-Poly1305 AEAD scheme is being increasingly widely deployed in practice.
Practitioners need proven security bounds in order to set data limits and rekeying intervals …

This paper presents a provably secure, higher-order, and leakage-resilient (LR) rekeying
scheme named LR Rekeying with Random oracle Repetition (LR4), along with a …

We draw attention to a gap between theory and usage of nonce-based symmetric
encryption, under which the way the former treats nonces can result in violation of privacy in …

In Internet security protocols including TLS 1.3, KEMTLS, MLS and Noise, HMAC is being
assumed to be a dual-PRF, meaning a PRF not only when keyed conventionally (through its …

Multi-user (mu) security considers large-scale attackers (eg, state actors) that given access
to a number of sessions, attempt to compromise at least one of them. Mu security of …