M. Armour and B. Poettering, “Substitution Attacks against Message Authentication”, ToSC, vol. 2019, no. 3, pp. 152–168, Sep. 2019, doi: 10.13154/tosc.v2019.i3.152-168.