diff --git a/exam/ex.tex b/exam/ex.tex
index 1d3df4d..f48f261 100644
--- a/exam/ex.tex
+++ b/exam/ex.tex
@@ -75,7 +75,12 @@
     \item EWCDM is based on a pseudorandom permutation (i.e. block cipher) and
       an almost xor-universal (AXU) hash function (one-way function).
 
-    \item \TODO
+    \item Yes, the authors delivered a security proof. The proof assumes that
+      the encryption function $E$ is a secure pseudorandom permutation for the
+      case of a nonce-misusing adversary. This requirement on the security of
+      $E$ is not present if the adversary is nonce-respecting. Additionally, the
+      distinguisher is computationally unbounded and never repeats a query.
+
     \item \TODO
     \item \TODO
     \item \TODO