1. M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In ASIACRYPT, pages 531-545, 2000. Revised in: J. Crypt., 2008.

2. D. J. Bernstein. ChaCha, a variant of Salsa20. 28 Jan 2008 manuscript; see also https://cr.yp.to/chacha.html.

3. D. J. Bernstein. The Poly1305-AES Message-Authentication Code. In Fast Software Encryption, pages 32-49, 2005. See also https://cr.yp.to/mac.html.

4. J. Black. Authenticated encryption. In Encyclopedia of Cryptography and Security. Springer (editor: Henk C.A. van Tilborg), 2005. Manuscript also online, dated 12 Nov 2003.

5. D. Boneh. Twenty years of attacks on the RSA cryptosystem. Notices of AMS, 46(2):203-213, 1999.