{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T15:54:55Z","timestamp":1774022095351,"version":"3.50.1"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031159817","type":"print"},{"value":"9783031159824","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-15982-4_24","type":"book-chapter","created":{"date-parts":[[2022,10,11]],"date-time":"2022-10-11T04:40:54Z","timestamp":1665463254000},"page":"717-747","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":21,"title":["Simplified MITM Modeling for\u00a0Permutations: New (Quantum) Attacks"],"prefix":"10.1007","author":[{"given":"Andr\u00e9","family":"Schrottenloher","sequence":"first","affiliation":[]},{"given":"Marc","family":"Stevens","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,10,12]]},"reference":[{"key":"24_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-642-04159-4_7","volume-title":"Selected Areas in Cryptography","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Sasaki, Yu.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103\u2013119. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_7"},{"key":"24_CR2","unstructured":"Aumasson, J.P., et al.: SPHINCS+: submission to the NIST post-quantum project (2015)"},{"issue":"4","key":"24_CR3","first-page":"318","volume":"2019","author":"Z Bao","year":"2019","unstructured":"Bao, Z., Ding, L., Guo, J., Wang, H., Zhang, W.: Improved meet-in-the-middle preimage attacks against AES hashing modes. IACR Trans. Symmetric Cryptol. 2019(4), 318\u2013347 (2019)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"24_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"771","DOI":"10.1007\/978-3-030-77870-5_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"Z Bao","year":"2021","unstructured":"Bao, Z., et al.: Automatic search of meet-in-the-middle preimage attacks on AES-like hashing. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part I. LNCS, vol. 12696, pp. 771\u2013804. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_27"},{"key":"24_CR5","first-page":"575","volume":"2021","author":"Z Bao","year":"2021","unstructured":"Bao, Z., Guo, J., Shi, D., Tu, Y.: MITM meets guess-and-determine: further improved preimage attacks against AES-like hashing. IACR Cryptol. ePrint Arch. 2021, 575 (2021)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"24_CR6","doi-asserted-by":"crossref","unstructured":"Beierle, C., et al.: Schwaemm and Esch: lightweight authenticated encryption and hashing using the Sparkle permutation family. Submission to the NIST lightweight standardization process (second round) (2019)","DOI":"10.46586\/tosc.v2020.iS1.208-261"},{"issue":"S1","key":"24_CR7","doi-asserted-by":"publisher","first-page":"208","DOI":"10.46586\/tosc.v2020.iS1.208-261","volume":"2020","author":"C Beierle","year":"2020","unstructured":"Beierle, C., et al.: Lightweight AEAD and hashing using the Sparkle permutation family. IACR Trans. Symmetric Cryptol. 2020(S1), 208\u2013261 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"24_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/978-3-319-66787-4_15","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2017","author":"DJ Bernstein","year":"2017","unstructured":"Bernstein, D.J., et al.: Gimli: a cross-platform permutation. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 299\u2013320. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_15"},{"issue":"S1","key":"24_CR9","doi-asserted-by":"publisher","first-page":"5","DOI":"10.46586\/tosc.v2020.iS1.5-30","volume":"2020","author":"T Beyne","year":"2020","unstructured":"Beyne, T., Chen, Y.L., Dobraunig, C., Mennink, B.: Dumbo, jumbo, and delirium: parallel authenticated encryption for the lightweight circus. IACR Trans. Symmetric Cryptol. 2020(S1), 5\u201330 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"24_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"455","DOI":"10.1007\/978-3-662-47989-6_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"C Blondeau","year":"2015","unstructured":"Blondeau, C., Peyrin, T., Wang, L.: Known-key distinguisher on full PRESENT. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 455\u2013474. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_22"},{"key":"24_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1007\/978-3-642-23951-9_21","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2011","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Kne\u017eevi\u0107, M., Leander, G., Toz, D., Var\u0131c\u0131, K., Verbauwhede, I.: spongent: a lightweight hash function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312\u2013325. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23951-9_21"},{"issue":"10","key":"24_CR12","doi-asserted-by":"publisher","first-page":"2041","DOI":"10.1109\/TC.2012.196","volume":"62","author":"A Bogdanov","year":"2013","unstructured":"Bogdanov, A., Knezevic, M., Leander, G., Toz, D., Varici, K., Verbauwhede, I.: SPONGENT: the design space of lightweight cryptographic hashing. IEEE Trans. Comput. 62(10), 2041\u20132053 (2013)","journal-title":"IEEE Trans. Comput."},{"key":"24_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"450","DOI":"10.1007\/978-3-540-74735-2_31","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2007","author":"A Bogdanov","year":"2007","unstructured":"Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450\u2013466. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74735-2_31"},{"key":"24_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/978-3-642-19574-7_16","volume-title":"Selected Areas in Cryptography","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229\u2013240. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19574-7_16"},{"key":"24_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1007\/978-3-642-22497-3_8","volume-title":"Information Security and Privacy","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Shibutani, K.: Double SP-functions: enhanced generalized feistel networks. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 106\u2013119. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22497-3_8"},{"key":"24_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-642-22792-9_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"C Bouillaguet","year":"2011","unstructured":"Bouillaguet, C., Derbez, P., Fouque, P.-A.: Automatic search of attacks on round-reduced AES and applications. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 169\u2013187. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_10"},{"key":"24_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"136","DOI":"10.1007\/978-3-319-03515-4_9","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2013","author":"D Chang","year":"2013","unstructured":"Chang, D., Kumar, A., Sanadhya, S.: Security analysis of GFN: 8-round distinguisher for 4-branch type-2 GFN. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 136\u2013148. Springer, Cham (2013). https:\/\/doi.org\/10.1007\/978-3-319-03515-4_9"},{"key":"24_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-85174-5_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"J-S Coron","year":"2008","unstructured":"Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1\u201320. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85174-5_1"},{"key":"24_CR19","unstructured":"Daemen, J., Rijmen, V.: AES proposal: Rijndael. Submission to the NIST AES competition (1999)"},{"key":"24_CR20","doi-asserted-by":"publisher","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/978-3-662-04722-4","DOI":"10.1007\/978-3-662-04722-4"},{"key":"24_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"IB Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416\u2013427. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_39"},{"key":"24_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-662-53008-5_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"P Derbez","year":"2016","unstructured":"Derbez, P., Fouque, P.-A.: Automatic search of meet-in-the-middle and impossible differential attacks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 157\u2013184. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_6"},{"issue":"6","key":"24_CR23","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1109\/C-M.1977.217750","volume":"10","author":"W Diffie","year":"1977","unstructured":"Diffie, W., Hellman, M.E.: Special feature exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6), 74\u201384 (1977)","journal-title":"Computer"},{"key":"24_CR24","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon v1.2. Submission to NIST-LWC (2nd Round) (2019)"},{"key":"24_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-030-84252-9_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"X Dong","year":"2021","unstructured":"Dong, X., Hua, J., Sun, S., Li, Z., Wang, X., Hu, L.: Meet-in-the-middle attacks revisited: key-recovery, collision, and preimage attacks. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part III. LNCS, vol. 12827, pp. 278\u2013308. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84252-9_10"},{"key":"24_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-540-77026-8_8","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2007","author":"O Dunkelman","year":"2007","unstructured":"Dunkelman, O., Sekar, G., Preneel, B.: Improved meet-in-the-middle attacks on reduced-round DES. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 86\u2013100. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-77026-8_8"},{"issue":"4","key":"24_CR27","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/s00145-021-09413-z","volume":"34","author":"A Fl\u00f3rez-Guti\u00e9rrez","year":"2021","unstructured":"Fl\u00f3rez-Guti\u00e9rrez, A., Leurent, G., Naya-Plasencia, M., Perrin, L., Schrottenloher, A., Sibleyras, F.: Internal symmetries and linear properties: full-permutation distinguishers and improved collisions on Gimli. J. Cryptol. 34(4), 45 (2021)","journal-title":"J. Cryptol."},{"key":"24_CR28","unstructured":"Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schl\u00e4ffer, M., Thomsen, S.S.: Gr\u00f8stl-a SHA-3 candidate. Submission to the SHA-3 competition (2011)"},{"key":"24_CR29","unstructured":"Gleixner, A., et al.: The SCIP Optimization Suite 6.0. Technical report, Optimization Online (2018)"},{"key":"24_CR30","doi-asserted-by":"crossref","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: STOC, pp. 212\u2013219. ACM (1996)","DOI":"10.1145\/237814.237866"},{"key":"24_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-662-53887-6_4","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"S Gueron","year":"2016","unstructured":"Gueron, S., Mouha, N.: Simpira\u00a0v2: a family of efficient permutations using the AES round function. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 95\u2013125. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_4"},{"key":"24_CR32","unstructured":"Gueron, S., Mouha, N.: SPHINCS-Simpira: fast stateless hash-based signatures with post-quantum security. IACR Cryptol. ePrint Arch., 645 (2017)"},{"key":"24_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-642-17373-8_4","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Guo","year":"2010","unstructured":"Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56\u201375. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_4"},{"key":"24_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/978-3-030-45724-2_9","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"A Hosoyamada","year":"2020","unstructured":"Hosoyamada, A., Sasaki, Yu.: Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part II. LNCS, vol. 12106, pp. 249\u2013279. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_9"},{"key":"24_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1007\/978-3-030-84242-0_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"A Hosoyamada","year":"2021","unstructured":"Hosoyamada, A., Sasaki, Yu.: Quantum collision attacks on reduced SHA-256 and SHA-512. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 616\u2013646. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_22"},{"key":"24_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1007\/978-3-642-21702-9_17","volume-title":"Fast Software Encryption","author":"T Isobe","year":"2011","unstructured":"Isobe, T.: A single-key attack on the full GOST block cipher. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 290\u2013305. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21702-9_17"},{"key":"24_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"202","DOI":"10.1007\/978-3-642-35999-6_14","volume-title":"Selected Areas in Cryptography","author":"T Isobe","year":"2013","unstructured":"Isobe, T., Shibutani, K.: All subkeys recovery attack on block ciphers: extending meet-in-the-middle approach. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 202\u2013221. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-35999-6_14"},{"key":"24_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-642-34047-5_15","volume-title":"Fast Software Encryption","author":"D Khovratovich","year":"2012","unstructured":"Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on Skein-512 and the SHA-2 family. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 244\u2013263. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_15"},{"key":"24_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1007\/978-3-319-79063-3_10","volume-title":"Post-Quantum Cryptography","author":"S K\u00f6lbl","year":"2018","unstructured":"K\u00f6lbl, S.: Putting wings on SPHINCS. In: Lange, T., Steinwandt, R. (eds.) PQCrypto 2018. LNCS, vol. 10786, pp. 205\u2013226. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-79063-3_10"},{"issue":"2","key":"24_CR40","first-page":"1","volume":"2016","author":"S K\u00f6lbl","year":"2016","unstructured":"K\u00f6lbl, S., Lauridsen, M.M., Mendel, F., Rechberger, C.: Haraka v2 - efficient short-input hashing for post-quantum applications. IACR Trans. Symmetric Cryptol. 2016(2), 1\u201329 (2016)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"24_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"RC Merkle","year":"1990","unstructured":"Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428\u2013446. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_40"},{"issue":"2","key":"24_CR42","doi-asserted-by":"publisher","first-page":"222","DOI":"10.46586\/tosc.v2021.i2.222-248","volume":"2021","author":"B Ni","year":"2021","unstructured":"Ni, B., Dong, X., Jia, K., You, Q.: (Quantum) collision attacks on reduced Simpira v2. IACR Trans. Symmetric Cryptol. 2021(2), 222\u2013248 (2021)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"24_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"B Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368\u2013378. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_31"},{"key":"24_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/978-3-642-21702-9_22","volume-title":"Fast Software Encryption","author":"Yu Sasaki","year":"2011","unstructured":"Sasaki, Yu.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378\u2013396. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21702-9_22"},{"key":"24_CR45","doi-asserted-by":"crossref","unstructured":"Schrottenloher, A., Stevens, M.: Simplified MITM modeling for permutations: New (quantum) attacks. Cryptology ePrint Archive, Report 2022\/189 (2022)","DOI":"10.1007\/978-3-031-15982-4_24"},{"key":"24_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-3-642-13858-4_2","volume-title":"Fast Software Encryption","author":"T Suzaki","year":"2010","unstructured":"Suzaki, T., Minematsu, K.: Improving the generalized feistel. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 19\u201339. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13858-4_2"},{"issue":"7","key":"24_CR47","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11432-016-0165-6","volume":"60","author":"G Zhang","year":"2017","unstructured":"Zhang, G., Liu, M.: Sci. China Inf. Sci. 60(7), 1\u201313 (2017). https:\/\/doi.org\/10.1007\/s11432-016-0165-6","journal-title":"Sci. China Inf. Sci."},{"key":"24_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1007\/0-387-34805-0_42","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"Y Zheng","year":"1990","unstructured":"Zheng, Y., Matsumoto, T., Imai, H.: On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461\u2013480. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_42"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-15982-4_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:06:03Z","timestamp":1760133963000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-15982-4_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031159817","9783031159824"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-15982-4_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"12 October 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"42","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}