Security and cryptography conferences accept papers that “evaluate, systematize and contextualize existing knowledge.” These include survey papers, evaluate competing approaches, etc. rather than doing incremental research.

todo: