{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T07:01:07Z","timestamp":1777964467782,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540345466","type":"print"},{"value":"9783540345473","type":"electronic"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11761679_12","type":"book-chapter","created":{"date-parts":[[2006,7,4]],"date-time":"2006-07-04T14:11:19Z","timestamp":1152022279000},"page":"183-200","source":"Crossref","is-referenced-by-count":116,"title":["Herding Hash Functions and the Nostradamus Attack"],"prefix":"10.1007","author":[{"given":"John","family":"Kelsey","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tadayoshi","family":"Kohno","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"12_CR1","first-page":"62","volume-title":"ACM CCS 1993","author":"M. Bellare","year":"1993","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS 1993, pp. 62\u201373. ACM Press, New York (1993)"},{"key":"12_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1007\/978-3-540-28628-8_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"E. Biham","year":"2004","unstructured":"Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol.\u00a03152, pp. 290\u2013305. Springer, Heidelberg (2004)"},{"key":"12_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1007\/11426639_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"E. Biham","year":"2005","unstructured":"Biham, E., Chen, R., Joux, A., Carribault, P., Lemuet, C., Jalby, W.: Collisions of SHA-0 and Reduced SHA-1. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 36\u201357. Springer, Heidelberg (2005)"},{"key":"12_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/3-540-45353-9_11","volume-title":"Topics in Cryptology - CT-RSA 2001","author":"D.R. Brown","year":"2001","unstructured":"Brown, D.R., Johnson, D.B.: Hash functions based on block ciphers. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol.\u00a02020, p. 126. Springer, Heidelberg (2001)"},{"key":"12_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J.-S. Coron","year":"2005","unstructured":"Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 430\u2013448. Springer, Heidelberg (2005)"},{"key":"12_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"I. Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 416\u2013427. Springer, Heidelberg (1990)"},{"key":"12_CR7","unstructured":"Daum, M., Lucks, S.: Attacking hash functions by poisoned messages: The story of Alice and her boss (2005), http:\/\/www.cits.rub.de\/MD5Collisions"},{"key":"12_CR8","unstructured":"Dean, R.D.: Formal Aspects of Mobile Code Security. PhD thesis, Princeton University (January 1999)"},{"key":"12_CR9","unstructured":"Gebhardt, M., Illies, G., Schindler, W.: A note on practical value of single hash collisions for special file formats. NIST Cryptographic Hash Workshop, No published proceedings (2005), available online at: http:\/\/www.csrc.nist.gov\/pki\/HashWorkshop\/2005\/Oct31_Presentations\/Illies_NIST_05.pdf"},{"key":"12_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-540-28628-8_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"A. Joux","year":"2004","unstructured":"Joux, A.: Multicollisions in iterated hash functions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol.\u00a03152, pp. 306\u2013316. Springer, Heidelberg (2004)"},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Kaminsky, D.: MD5 to be considered harmful someday. Cryptology ePrint Archive, Report, 2004\/357 (2004), http:\/\/eprint.iacr.org\/","DOI":"10.1016\/B978-193183620-3\/50016-6"},{"key":"12_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1007\/11426639_28","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J. Kelsey","year":"2005","unstructured":"Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2 n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 474\u2013490. Springer, Heidelberg (2005)"},{"key":"12_CR13","unstructured":"Klima, V.: Finding MD5 collisions on a notebook PC using multi-message modifications. Cryptology ePrint Archive, Report, 2005\/102 (2005), http:\/\/eprint.iacr.org\/"},{"key":"12_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/3-540-47555-9_5","volume-title":"Advances in Cryptology - EUROCRYPT \u201992","author":"X. Lai","year":"1993","unstructured":"Lai, X., Massey, J.L.: Hash functions based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol.\u00a0658, pp. 55\u201370. Springer, Heidelberg (1993)"},{"key":"12_CR15","unstructured":"Lenstra, A., Wang, X., de Weger, B.: Colliding X.509 certificates. Cryptology ePrint Archive, Report, 2005\/067 (2005), http:\/\/eprint.iacr.org\/"},{"key":"12_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"R.C. Merkle","year":"1990","unstructured":"Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 428\u2013446. Springer, Heidelberg (1990)"},{"key":"12_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/3-540-46877-3_30","volume-title":"Advances in Cryptology - EUROCRYPT \u201990","author":"S. Miyaguchi","year":"1991","unstructured":"Miyaguchi, S., Ohta, K., Iwata, M.: Confirmation that some hash functions are not collision free. In: Damg\u00e5rd, I.B. (ed.) EUROCRYPT 1990. LNCS, vol.\u00a0473, pp. 326\u2013343. Springer, Heidelberg (1991)"},{"key":"12_CR18","unstructured":"Preneel, B.: Personal communication (2005)"},{"key":"12_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1007\/978-3-540-30574-3_6","volume-title":"Topics in Cryptology \u2013 CT-RSA 2005","author":"V. Rijmen","year":"2005","unstructured":"Rijmen, V., Oswald, E.: Update on SHA-1. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol.\u00a03376, pp. 58\u201371. Springer, Heidelberg (2005)"},{"issue":"1","key":"12_CR20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/PL00003816","volume":"12","author":"P. Oorschot van","year":"1999","unstructured":"van Oorschot, P., Wiener, M.: Parallel collision search with cryptanalytic applications. Journal of Cryptology\u00a012(1), 1\u201328 (1999)","journal-title":"Journal of Cryptology"},{"key":"12_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11426639_1","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X. Wang","year":"2005","unstructured":"Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 1\u201318. Springer, Heidelberg (2005)"},{"key":"12_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/11535218_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X. Wang","year":"2005","unstructured":"Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 17\u201336. Springer, Heidelberg (2005)"},{"key":"12_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11426639_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X. Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 19\u201335. Springer, Heidelberg (2005)"},{"key":"12_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11535218_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X. Wang","year":"2005","unstructured":"Wang, X., Yu, H., Yin, Y.L.: Efficient collision search attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 1\u201316. Springer, Heidelberg (2005)"},{"issue":"3","key":"12_CR25","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1080\/0161-117991854025","volume":"3","author":"G. Yuval","year":"1979","unstructured":"Yuval, G.: How to swindle Rabin. Cryptologia\u00a03(3), 187\u2013189 (1979)","journal-title":"Cryptologia"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology - EUROCRYPT 2006"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11761679_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,4,19]],"date-time":"2019-04-19T19:50:01Z","timestamp":1555703401000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11761679_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540345466","9783540345473"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/11761679_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006]]}}}