{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T17:05:46Z","timestamp":1767978346997,"version":"3.49.0"},"publisher-location":"Cham","reference-count":51,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031385476","type":"print"},{"value":"9783031385483","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-38548-3_22","type":"book-chapter","created":{"date-parts":[[2023,8,8]],"date-time":"2023-08-08T19:02:27Z","timestamp":1691521347000},"page":"661-693","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["When Messages Are Keys: Is HMAC a\u00a0Dual-PRF?"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8677-8301","authenticated-orcid":false,"given":"Matilda","family":"Backendal","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8765-5573","authenticated-orcid":false,"given":"Mihir","family":"Bellare","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8495-6610","authenticated-orcid":false,"given":"Felix","family":"G\u00fcnther","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0000-6285-6259","authenticated-orcid":false,"given":"Matteo","family":"Scarlata","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,8,9]]},"reference":[{"key":"22_CR1","doi-asserted-by":"publisher","unstructured":"Angel, Y., Dowling, B., H\u00fclsing, A., Schwabe, P., Weber, F.: Post quantum noise. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) ACM CCS 2022, pp. 97\u2013109. ACM Press (2022). https:\/\/doi.org\/10.1145\/3548606.3560577","DOI":"10.1145\/3548606.3560577"},{"key":"22_CR2","unstructured":"Aviram, N., Dowling, B., Komargodski, I., Paterson, K.G., Ronen, E., Yogev, E.: Practical (post-quantum) key combiners from one-wayness and applications to TLS. Cryptology ePrint Archive, Report 2022\/065 (2022). https:\/\/eprint.iacr.org\/2022\/065"},{"key":"22_CR3","doi-asserted-by":"crossref","unstructured":"Backendal, M., Bellare, M., G\u00fcnther, F., Scarlata, M.: When messages are keys: Is HMAC a dual-PRF? (full version). Cryptology ePrint Archive, Paper 2023\/861 (2023). https:\/\/eprint.iacr.org\/2023\/861","DOI":"10.1007\/978-3-031-38548-3_22"},{"key":"22_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1007\/978-3-662-46706-0_14","volume-title":"Fast Software Encryption","author":"M Barbosa","year":"2015","unstructured":"Barbosa, M., Farshim, P.: The related-key analysis of Feistel constructions. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 265\u2013284. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46706-0_14"},{"key":"22_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602\u2013619. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11818175_36"},{"issue":"4","key":"22_CR6","doi-asserted-by":"publisher","first-page":"844","DOI":"10.1007\/s00145-014-9185-x","volume":"28","author":"M Bellare","year":"2014","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: security without collision resistance. J. Cryptol. 28(4), 844\u2013878 (2014). https:\/\/doi.org\/10.1007\/s00145-014-9185-x","journal-title":"J. Cryptol."},{"key":"22_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1007\/978-3-662-49890-3_22","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"M Bellare","year":"2016","unstructured":"Bellare, M., Bernstein, D.J., Tessaro, S.: Hash-function based PRFs: AMAC and its multi-user security. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 566\u2013595. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49890-3_22"},{"key":"22_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-68697-5_1","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1\u201315. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_1"},{"key":"22_CR9","doi-asserted-by":"publisher","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: the cascade construction and its concrete security. In: 37th FOCS, pp. 514\u2013523. IEEE Computer Society Press (1996). https:\/\/doi.org\/10.1109\/SFCS.1996.548510","DOI":"10.1109\/SFCS.1996.548510"},{"key":"22_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1007\/3-540-39200-9_31","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2003","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491\u2013506. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-39200-9_31"},{"key":"22_CR11","unstructured":"Bellare, M., Lysyanskaya, A.: Symmetric and dual PRFs from standard assumptions: A generic validation of an HMAC assumption. Cryptology ePrint Archive, Report 2015\/1198 (2015). https:\/\/eprint.iacr.org\/2015\/1198"},{"key":"22_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework\u00a0for\u00a0code-based\u00a0game-playing\u00a0proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_25"},{"key":"22_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"398","DOI":"10.1007\/3-540-48285-7_34","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201993","author":"E Biham","year":"1994","unstructured":"Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398\u2013409. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48285-7_34"},{"key":"22_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/11605805_2","volume-title":"Topics in Cryptology \u2013 CT-RSA 2006","author":"E Biham","year":"2006","unstructured":"Biham, E., Dunkelman, O., Keller, N.: Related-key impossible differential attacks on 8-round AES-192. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 21\u201333. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11605805_2"},{"key":"22_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/11967668_2","volume-title":"Topics in Cryptology \u2013 CT-RSA 2007","author":"E Biham","year":"2006","unstructured":"Biham, E., Dunkelman, O., Keller, N.: A simple related-key attack on the full SHACAL-1. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 20\u201330. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11967668_2"},{"key":"22_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-030-25510-7_12","volume-title":"Post-Quantum Cryptography","author":"N Bindel","year":"2019","unstructured":"Bindel, N., Brendel, J., Fischlin, M., Goncalves, B., Stebila, D.: Hybrid key encapsulation mechanisms and authenticated key exchange. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 206\u2013226. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-25510-7_12"},{"key":"22_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-10366-7_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"A Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1\u201318. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_1"},{"key":"22_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-642-03356-8_14","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"A Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D., Nikoli\u0107, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231\u2013249. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_14"},{"issue":"4","key":"22_CR19","doi-asserted-by":"publisher","first-page":"850","DOI":"10.1137\/0213053","volume":"13","author":"M Blum","year":"1984","unstructured":"Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudorandom bits. SIAM J. Comput. 13(4), 850\u2013864 (1984)","journal-title":"SIAM J. Comput."},{"key":"22_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"468","DOI":"10.1007\/978-3-319-78381-9_18","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"P Bose","year":"2018","unstructured":"Bose, P., Hoang, V.T., Tessaro, S.: Revisiting AES-GCM-SIV: multi-user security, faster key derivation, and better bounds. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 468\u2013499. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_18"},{"key":"22_CR21","doi-asserted-by":"publisher","unstructured":"Brzuska, C., Cornelissen, E., Kohbrok, K.: Security analysis of the MLS key derivation. In: 2022 IEEE Symposium on Security and Privacy, pp. 2535\u20132553. IEEE Computer Society Press (2022). https:\/\/doi.org\/10.1109\/SP46214.2022.9833678","DOI":"10.1109\/SP46214.2022.9833678"},{"key":"22_CR22","doi-asserted-by":"publisher","unstructured":"Brzuska, C., Delignat-Lavaud, A., Egger, C., Fournet, C., Kohbrok, K., Kohlweiss, M.: Key-schedule security for the TLS 1.3 standard. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022, Part I. LNCS, vol. 13791, pp. 621\u2013650. Springer, Heidelberg (2022). https:\/\/doi.org\/10.1007\/978-3-031-22963-3_21","DOI":"10.1007\/978-3-031-22963-3_21"},{"key":"22_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"IB Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416\u2013427. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_39"},{"key":"22_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-642-32009-5_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"Y Dodis","year":"2012","unstructured":"Dodis, Y., Ristenpart, T., Steinberger, J., Tessaro, S.: To hash or not to hash again? (in)differentiability results for H2 and HMAC. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 348\u2013366. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_21"},{"issue":"4","key":"22_CR25","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-021-09384-1","volume":"34","author":"B Dowling","year":"2021","unstructured":"Dowling, B., Fischlin, M., G\u00fcnther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol. J. Cryptol. 34(4), 1\u201369 (2021). https:\/\/doi.org\/10.1007\/s00145-021-09384-1","journal-title":"J. Cryptol."},{"key":"22_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1007\/978-3-540-74462-7_3","volume-title":"Selected Areas in Cryptography","author":"O Dunkelman","year":"2007","unstructured":"Dunkelman, O., Keller, N., Kim, J.: Related-key rectangle attack on the full SHACAL-1. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 28\u201344. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74462-7_3"},{"key":"22_CR27","unstructured":"Farrell, S.: [Cfrg] erratum for hmac what do we think... IRTF Crypto Forum Research Group mailing list. https:\/\/mailarchive.ietf.org\/arch\/msg\/cfrg\/hxj9UM2LdBy2eipAJX2idjQuxhk\/ (2017)"},{"key":"22_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1007\/978-3-662-44371-2_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"P Ga\u017ei","year":"2014","unstructured":"Ga\u017ei, P., Pietrzak, K., Ryb\u00e1r, M.: The exact PRF-security of NMAC and HMAC. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 113\u2013130. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_7"},{"issue":"4","key":"22_CR29","doi-asserted-by":"publisher","first-page":"792","DOI":"10.1145\/6490.6503","volume":"33","author":"O Goldreich","year":"1986","unstructured":"Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792\u2013807 (1986)","journal-title":"J. ACM"},{"issue":"4","key":"22_CR30","doi-asserted-by":"publisher","first-page":"1364","DOI":"10.1137\/S0097539793244708","volume":"28","author":"J H\u00e5stad","year":"1999","unstructured":"H\u00e5stad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364\u20131396 (1999)","journal-title":"SIAM J. Comput."},{"key":"22_CR31","doi-asserted-by":"publisher","unstructured":"Hoang, V.T., Tessaro, S., Thiruvengadam, A.: The multi-user security of GCM, revisited: tight bounds for nonce randomization. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 1429\u20131440. ACM Press (2018). https:\/\/doi.org\/10.1145\/3243734.3243816","DOI":"10.1145\/3243734.3243816"},{"key":"22_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/11502760_25","volume-title":"Fast Software Encryption","author":"S Hong","year":"2005","unstructured":"Hong, S., Kim, J., Lee, S., Preneel, B.: Related-key rectangle attacks on reduced versions of SHACAL-1 and AES-192. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 368\u2013383. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11502760_25"},{"key":"22_CR33","doi-asserted-by":"publisher","unstructured":"H\u00fclsing, A., Ning, K.C., Schwabe, P., Weber, F., Zimmermann, P.R.: Post-quantum WireGuard. In: 2021 IEEE Symposium on Security and Privacy, pp. 304\u2013321. IEEE Computer Society Press (2021). https:\/\/doi.org\/10.1109\/SP40001.2021.00030","DOI":"10.1109\/SP40001.2021.00030"},{"key":"22_CR34","series-title":"LNCS","first-page":"233","volume-title":"ICICS 97","author":"J Kelsey","year":"1997","unstructured":"Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Okamoto, T., Qing, S. (eds.) ICICS 97. LNCS, vol. 1334, pp. 233\u2013246. Springer, Heidelberg (Nov (1997)"},{"key":"22_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"225","DOI":"10.1007\/978-3-540-74619-5_15","volume-title":"Fast Software Encryption","author":"J Kim","year":"2007","unstructured":"Kim, J., Hong, S., Preneel, B.: Related-key rectangle attacks on reduced AES-192 and AES-256. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 225\u2013241. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74619-5_15"},{"key":"22_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/3-540-57220-1_62","volume-title":"Advances in Cryptology \u2014 AUSCRYPT \u201992","author":"LR Knudsen","year":"1993","unstructured":"Knudsen, L.R.: Cryptanalysis of LOKI 91. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 196\u2013208. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-57220-1_62"},{"key":"22_CR37","doi-asserted-by":"publisher","unstructured":"Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. RFC 2104 (Informational) (1997). https:\/\/doi.org\/10.17487\/RFC2104. https:\/\/www.rfc-editor.org\/rfc\/rfc2104.txt, updated by RFC 6151","DOI":"10.17487\/RFC2104"},{"key":"22_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1007\/978-3-642-14623-7_34","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"H Krawczyk","year":"2010","unstructured":"Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 631\u2013648. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14623-7_34"},{"key":"22_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"575","DOI":"10.1007\/978-3-319-70697-9_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"A Luykx","year":"2017","unstructured":"Luykx, A., Mennink, B., Paterson, K.G.: Analyzing multi-key security degradation. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 575\u2013605. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70697-9_20"},{"key":"22_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/3-540-46035-7_8","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2002","author":"U Maurer","year":"2002","unstructured":"Maurer, U.: Indistinguishability of random systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110\u2013132. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-46035-7_8"},{"key":"22_CR41","unstructured":"Memisyazici, E.: RFC Erratum on RFC 2104, \u201cHMAC: Keyed-Hashing for Message Authentication\u201d. RFC Errata, Errata ID: 4809. https:\/\/www.rfc-editor.org\/errata_search.php?rfc=2104&eid=4809 (2016)"},{"key":"22_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/0-387-34805-0_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"RC Merkle","year":"1990","unstructured":"Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218\u2013238. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_21"},{"key":"22_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-540-24660-2_2","volume-title":"Topics in Cryptology \u2013 CT-RSA 2004","author":"RC-W Phan","year":"2004","unstructured":"Phan, R.C.-W.: Related-key attacks on triple-DES and DESX variants. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 15\u201324. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24660-2_2"},{"key":"22_CR44","doi-asserted-by":"publisher","unstructured":"Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446 (Proposed Standard) (2018). https:\/\/doi.org\/10.17487\/RFC8446. https:\/\/www.rfc-editor.org\/rfc\/rfc8446.txt","DOI":"10.17487\/RFC8446"},{"key":"22_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/11958239_14","volume-title":"Progress in Cryptology - VIETCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P.: Formalizing human ignorance. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 211\u2013228. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11958239_14"},{"key":"22_CR46","doi-asserted-by":"publisher","unstructured":"Schwabe, P., Stebila, D., Wiggers, T.: Post-quantum TLS without handshake signatures. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) ACM CCS 2020, pp. 1461\u20131480. ACM Press (2020). https:\/\/doi.org\/10.1145\/3372297.3423350","DOI":"10.1145\/3372297.3423350"},{"key":"22_CR47","doi-asserted-by":"publisher","unstructured":"of Standards, N.I., Technology: The keyed-hash message authentication code (HMAC). Tech. Rep. Federal Information Processing Standards Publications (FIPS PUBS) 198\u20131, U.S. Department of Commerce, Washington, D.C. (2008). https:\/\/doi.org\/10.6028\/NIST.FIPS.198-1","DOI":"10.6028\/NIST.FIPS.198-1"},{"key":"22_CR48","doi-asserted-by":"publisher","unstructured":"of Standards, N.I., Technology: Secure hash standard (SHS). Tech. Rep. Federal Information Processing Standards Publications (FIPS PUBS) 180\u20134, U.S. Department of Commerce, Washington, D.C. (2015). https:\/\/doi.org\/10.6028\/NIST.FIPS.180-4","DOI":"10.6028\/NIST.FIPS.180-4"},{"key":"22_CR49","unstructured":"Stebila, D., Fluhrer, S., Gueron, S.: Hybrid key exchange in TLS 1.3 - draft-ietf-tls-hybrid-design-05. https:\/\/datatracker.ietf.org\/doc\/html\/draft-ietf-tls-hybrid-design-05 (2022)"},{"key":"22_CR50","doi-asserted-by":"publisher","unstructured":"Yao, A.C.C.: Theory and applications of trapdoor functions (extended abstract). In: 23rd FOCS, pp. 80\u201391. IEEE Computer Society Press (1982). https:\/\/doi.org\/10.1109\/SFCS.1982.45","DOI":"10.1109\/SFCS.1982.45"},{"key":"22_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-540-74462-7_2","volume-title":"Selected Areas in Cryptography","author":"W Zhang","year":"2007","unstructured":"Zhang, W., Wu, W., Zhang, L., Feng, D.: Improved related-key impossible differential attacks on reduced-round AES-192. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 15\u201327. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74462-7_2"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-38548-3_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,26]],"date-time":"2025-07-26T22:02:55Z","timestamp":1753567375000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-38548-3_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031385476","9783031385483"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-38548-3_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"9 August 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"43","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"479","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"124","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}