{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,28]],"date-time":"2026-02-28T13:00:45Z","timestamp":1772283645680,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540281146","type":"print"},{"value":"9783540318705","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005]]},"DOI":"10.1007\/11535218_26","type":"book-chapter","created":{"date-parts":[[2010,12,20]],"date-time":"2010-12-20T18:20:34Z","timestamp":1292869234000},"page":"430-448","source":"Crossref","is-referenced-by-count":299,"title":["Merkle-Damg\u00e5rd Revisited: How to Construct a Hash Function"],"prefix":"10.1007","author":[{"given":"Jean-S\u00e9bastien","family":"Coron","sequence":"first","affiliation":[]},{"given":"Yevgeniy","family":"Dodis","sequence":"additional","affiliation":[]},{"given":"C\u00e9cile","family":"Malinaud","sequence":"additional","affiliation":[]},{"given":"Prashant","family":"Puniya","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"26_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"252","DOI":"10.1007\/3-540-48405-1_16","volume-title":"Advances in Cryptology - CRYPTO \u201999","author":"J.H. An","year":"1999","unstructured":"An, J.H., Bellare, M.: Constructing VIL-MACs from FIL-MACs: Message Authentication under Weakened Assumptions. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol.\u00a01666, pp. 252\u2013269. Springer, Heidelberg (1999)"},{"key":"26_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/978-3-540-24676-3_11","volume-title":"Advances in Cryptology - EUROCRYPT 2004","author":"M. Bellare","year":"2004","unstructured":"Bellare, M., Boldyreva, A., Palacio, A.: An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol.\u00a03027, pp. 171\u2013188. Springer, Heidelberg (2004)"},{"key":"26_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1007\/3-540-48658-5_32","volume-title":"Advances in Cryptology - CRYPTO \u201994","author":"M. Bellare","year":"1994","unstructured":"Bellare, M., Kilian, J., Rogaway, P.: The Security of Cipher Block Chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol.\u00a0839, pp. 341\u2013358. Springer, Heidelberg (1994)"},{"key":"26_CR4","volume-title":"Proceedings of the First Annual Conference on Computer and Commmunications Security","author":"M. Bellare","year":"1993","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical\u00a0: a paradigm for designing efficient protocols. In: Proceedings of the First Annual Conference on Computer and Commmunications Security. ACM, New York (1993)"},{"key":"26_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1007\/3-540-68339-9_34","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"M. Bellare","year":"1996","unstructured":"Bellare, M., Rogaway, P.: The exact security of digital signatures - How to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol.\u00a01070, pp. 399\u2013416. Springer, Heidelberg (1996)"},{"key":"26_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/BFb0053428","volume-title":"Advances in Cryptology - EUROCRYPT \u201994","author":"M. Bellare","year":"1995","unstructured":"Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol.\u00a0950, pp. 92\u2013111. Springer, Heidelberg (1995)"},{"key":"26_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"470","DOI":"10.1007\/BFb0052256","volume-title":"Advances in Cryptology - CRYPTO \u201997","author":"M. Bellare","year":"1997","unstructured":"Bellare, M., Rogaway, P.: Collision-Resistant Hashing: Towards Making UOWHFs Practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol.\u00a01294, pp. 470\u2013484. Springer, Heidelberg (1997)"},{"key":"26_CR8","first-page":"514","volume-title":"Proc. 37th FOCS","author":"M. Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom Functions Re-visited: The Cascade Construction and Its Concrete Security. In: Proc. 37th FOCS, pp. 514\u2013523. IEEE, Los Alamitos (1996)"},{"key":"26_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/3-540-45708-9_21","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"J. Black","year":"2002","unstructured":"Black, J., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, p. 320. Springer, Heidelberg (2002)"},{"key":"#cr-split#-26_CR10.1","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: Proceedings of the 42nd Symposium on Foundations of Computer Science, FOCS (2001);","DOI":"10.1109\/SFCS.2001.959888"},{"key":"#cr-split#-26_CR10.2","unstructured":"Cryptology ePrint Archive, Report 2000\/067, http:\/\/eprint.iacr.org\/"},{"key":"26_CR11","volume-title":"STOC 1998","author":"R. Canetti","year":"1998","unstructured":"Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: STOC 1998. ACM, New York (1998)"},{"key":"26_CR12","doi-asserted-by":"crossref","unstructured":"Canetti, R., Goldreich, O., Halevi, S.: On the random oracle methodology as applied to Length-Restricted Signature Schemes. In: Proceedings of Theory of Cryptology Conference, pp. 40\u201357 (2004)","DOI":"10.1007\/978-3-540-24638-1_3"},{"key":"26_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"I. Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.: Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 416\u2013427. Springer, Heidelberg (1990)"},{"key":"26_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"494","DOI":"10.1007\/978-3-540-28628-8_30","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"Y. Dodis","year":"2004","unstructured":"Dodis, Y., Gennaro, R., H\u00e5stad, J., Krawczyk, H., Rabin, T.: Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol.\u00a03152, pp. 494\u2013510. Springer, Heidelberg (2004)"},{"key":"26_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"449","DOI":"10.1007\/11535218_27","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"Y. Dodis","year":"2005","unstructured":"Dodis, Y., Oliveira, R., Pietrzak, K.: On the Generic Insecurity of the Full Domain Hash. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 449\u2013466. Springer, Heidelberg (2005)"},{"key":"26_CR16","unstructured":"FIPS 180-1, Secure hash standard, Federal Information Processing Standards Publication 180-1, U.S. Department of Commerce\/N.I.S.T., National Technical Information Service, Springfield, Virginia, April 17 (1995) (supersedes FIPS PUB 180)"},{"key":"26_CR17","unstructured":"National Institute of Standards and Technology (NIST). Secure hash standard. FIPS 180-2 (August 2002)"},{"key":"26_CR18","unstructured":"RFC 1321, The MD5 message-digest algorithm, Internet Request for Comments 1321, R.L. Rivest (April 1992)"},{"key":"26_CR19","doi-asserted-by":"crossref","unstructured":"Goldwasser, S., Tauman, Y.: On the (In)security of the Fiat-Shamir Paradigm. In: Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science, pp. 102\u2013114 (2003)","DOI":"10.1109\/SFCS.2003.1238185"},{"key":"26_CR20","unstructured":"Handschuh, H., Naccache, D.: SHACAL. In: Preneel, B. (ed.) First Open NESSIE Workshop, Leuven, Belgium, November 13-14 (2000)"},{"key":"26_CR21","doi-asserted-by":"crossref","unstructured":"Luby, M., Rackoff, C.: How to construct pseudo-random permutations from pseudo-random functions. SIAM J. Comput.\u00a017(2) (April 1988)","DOI":"10.1137\/0217022"},{"key":"26_CR22","unstructured":"Lucks, S.: Design Principles for Iterated Hash Functions, available at E-Print Archive, http:\/\/eprint.iacr.org\/2004\/253"},{"key":"26_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography","author":"U. Maurer","year":"2004","unstructured":"Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol.\u00a02951, pp. 21\u201339. Springer, Heidelberg (2004)"},{"key":"26_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"472","DOI":"10.1007\/11523468_39","volume-title":"Automata, Languages and Programming","author":"U. Maurer","year":"2005","unstructured":"Maurer, U., Sjodin, J.: Single-key AIL-MACs from any FIL-MAC. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol.\u00a03580, pp. 472\u2013484. Springer, Heidelberg (2005)"},{"key":"26_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"R. Merkle","year":"1990","unstructured":"Merkle, R.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 428\u2013446. Springer, Heidelberg (1990)"},{"key":"26_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/3-540-45708-9_8","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"J.B. Nielsen","year":"2002","unstructured":"Nielsen, J.B.: Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-Committing Encryption Case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, pp. 111\u2013126. Springer, Heidelberg (2002)"},{"key":"26_CR27","unstructured":"PKCS #1 v2.1, RSA Cryptography Standard (draft), document available at http:\/\/www.rsa.security.com\/rsalabs\/pkcs"},{"key":"26_CR28","first-page":"184","volume-title":"IEEE Symposium on Security and Privacy","author":"B. Pfitzmann","year":"2001","unstructured":"Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, pp. 184\u2013200. IEEE Computer Society Press, Los Alamitos (2001)"},{"key":"26_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology - CRYPTO \u201993","author":"B. Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol.\u00a0773, pp. 368\u2013378. Springer, Heidelberg (1994)"},{"key":"26_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1007\/3-540-45539-6_32","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"V. Shoup","year":"2000","unstructured":"Shoup, V.: A composition theorem for universal one-way hash functions. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol.\u00a01807, pp. 445\u2013452. Springer, Heidelberg (2000)"},{"key":"26_CR31","first-page":"88","volume-title":"Proceedings of the IEEE Symposium on Information Security and Privacy","author":"R. Winternitz","year":"1984","unstructured":"Winternitz, R.: A secure one-way hash function built from DES. In: Proceedings of the IEEE Symposium on Information Security and Privacy, pp. 88\u201390. IEEE Press, Los Alamitos (1984)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2005"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11535218_26.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,28]],"date-time":"2025-02-28T23:59:43Z","timestamp":1740787183000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11535218_26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005]]},"ISBN":["9783540281146","9783540318705"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/11535218_26","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2005]]}}}