E. Andreeva, A. Bogdanov, A. Luykx, B. Mennink, N. Mouha et al., How to Securely Release Unverified Plaintext in Authenticated Encryption, PART I, vol.8873, pp.105-125, 2014.

T. Ashur, O. Dunkelman, and A. Luykx, Boosting Authenticated Encryption Robustness with Minimal Modifications, Part III, vol.10403, pp.3-33, 2017.

M. Bellare and C. Namprempre, Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm, LNCS, pp.531-545, 1976.

K. Bhargavan and G. Leurent, On the practical (in-)security of 64-bit block ciphers: Collision attacks on HTTP over TLS and OpenVPN, ACM CCS 2016, pp.456-467, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01404208

D. G. Cantor and H. Zassenhaus, A new algorithm for factoring polynomials over finite fields. Mathematics of Computation pp, pp.587-592, 1981.

C. Chaigneau and H. Gilbert, Is AEZ v4.1 sufficiently resilient against key-recovery attacks?, IACR Trans. Symm. Cryptol, vol.2016, issue.1, pp.114-133, 2016.
URL : https://hal.archives-ouvertes.fr/hal-02163304

T. Dierks and C. Allen, RFC 2246 -The TLS Protocol Version 1.0. Internet Activities Board, 1999.

M. Dworkin, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. National Institute of Standards and Technology. SP 800-38D, 2007.

N. Ferguson, Collision attacks on OCB. Comment to NIST, 2002.

T. Fuhr, G. Leurent, and V. Suder, Collision attacks against CAESAR candidatesforgery and key-recovery against AEZ and Marble, ASIACRYPT 2015, Part II, vol.9453, pp.510-532, 2015.

V. Gligor and P. Donescu, Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes, LNCS, vol.2355, pp.92-108, 2001.

S. Gueron, Y. :. Lindell, and . Gcm-siv, Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp.109-119, 2015.

S. Halevi and P. Rogaway, A Parallelizable Enciphering Mode, RSA 2004, vol.2964, pp.292-304

A. Inoue, T. Iwata, K. Minematsu, and B. Poettering, Cryptanalysis of OCB2: attacks on authenticity and confidentiality. IACR Cryptology ePrint Archive, p.311, 2019.

T. Iwata, K. Ohashi, and K. Minematsu, Breaking and repairing GCM security proofs, CRYPTO 2012, vol.7417, pp.31-49, 2012.

A. Joux, Comments on the Draft GCM Specification -Authentication Failures in NIST Version of GCM

C. Jutla, Encryption Modes with Almost Free Message Integrity, EUROCRYPT 2001, vol.2045, pp.529-544

G. Leurent, T. Peyrin, and L. Wang, New generic attacks against hash-based MACs, ASIACRYPT 2013, Part II, vol.8270, pp.1-20, 2013.

G. Leurent and F. Sibleyras, The missing difference problem, and its applications to counter mode encryption, EUROCRYPT 2018, Part II, vol.10821, pp.745-770, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01953390

M. Liskov, R. L. Rivest, and D. Wagner, Tweakable Block Ciphers, vol.2442, pp.31-46

A. Luykx and B. Preneel, Optimal forgeries against polynomial-based MACs and GCM, EUROCRYPT 2018, Part I. LNCS, vol.10820, pp.445-467, 2018.

B. Mennink, Optimally Secure Tweakable Blockciphers, vol.9054, pp.428-448, 2015.

K. Minematsu and T. Iwata, Tweak-length extension for tweakable blockciphers, 15th IMA International Conference on Cryptography and Coding, vol.9496, pp.77-93, 2015.

M. Nandi, Bernstein bound on WCS is tight -repairing luykx-preneel optimal forgeries, CRYPTO 2018, Part II, vol.10992, pp.213-238, 2018.

T. Peyrin and L. Wang, Generic universal forgery attack on iterative hash-based MACs, EUROCRYPT 2014, vol.8441, pp.147-164, 2014.

R. C. Phan, Mini-AES): A Testbed for Cryptanalysis Students, Mini Advanced Encryption Standard, 2002.

B. Preneel and P. C. Van-oorschot, On the security of two MAC algorithms, EUROCRYPT'96, vol.1070, pp.19-32, 1996.

P. Rogaway, M. Bellare, and J. Black, OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption, Transactions on Information and System Security, vol.6, issue.3, pp.365-403, 2003.

P. Rogaway and T. Shrimpton, A Provable-Security Treatment of the Key-Wrap Problem, vol.4004, pp.373-390

T. Shrimpton and R. S. Terashima, A Modular Framework for Building Variable-Input-Length Tweakable Ciphers, ASIACRYPT 2013, Part I, vol.8269, pp.405-423

J. Sung, D. Hong, and S. Lee, Key recovery attacks on the RMAC, TMAC, and IACBC, ACISP 03, vol.2727, pp.265-273, 2003.

M. N. Wegman and L. Carter, New Hash Functions and Their Use in Authentication and Set Equality, Journal of Computer and System Sciences, vol.22, pp.265-279, 1981.

, National Institute of Standards and Technology, FIPS, vol.197, 2001.

, The CAESAR committee: CAESAR: Competition for Authenticated Encryption: Security, Applicability, and Robustness

, IEEE Standard for Local and Metropolitan Area Networks Media Access Control (MAC) Security, IEEE Std, vol.802, pp.1-2006, 2006.

, Information Technology -Security Techniques -Authenticated Encryption, 2009.

, NIST: Lightweight Cryptography

, Internet Protocol Security (IPsec) Minimum Essential Interoperability Requirements, 2010.

, Sage Documentation. SageMath Help. Retrieved, vol.6, 2017.