{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T15:54:36Z","timestamp":1774022076762,"version":"3.50.1"},"publisher-location":"Cham","reference-count":60,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031683848","type":"print"},{"value":"9783031683855","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-68385-5_1","type":"book-chapter","created":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T08:02:51Z","timestamp":1723795371000},"page":"3-37","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Generic MitM Attack Frameworks on\u00a0Sponge Constructions"],"prefix":"10.1007","author":[{"given":"Xiaoyang","family":"Dong","sequence":"first","affiliation":[]},{"given":"Boxin","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Lingyue","family":"Qin","sequence":"additional","affiliation":[]},{"given":"Qingliang","family":"Hou","sequence":"additional","affiliation":[]},{"given":"Shun","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Xiaoyun","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,8,17]]},"reference":[{"key":"1_CR1","unstructured":"Aagaard, M., AlTawy, R., Gong, G., Mandal, K., Rohit, R.: ACE: an authenticated encryption and hash algorithm. Submission to NIST-LWC (announced as round 2 candidate on August 30, 2019) (2019)"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-642-04159-4_7","volume-title":"Selected Areas in Cryptography","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Sasaki, Yu.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103\u2013119. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_7"},{"key":"1_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"771","DOI":"10.1007\/978-3-030-77870-5_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"Z Bao","year":"2021","unstructured":"Bao, Z., et al.: Automatic search of meet-in-the-middle preimage attacks on AES-like hashing. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part I. LNCS, vol. 12696, pp. 771\u2013804. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_27"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1007\/978-3-031-15802-5_3","volume-title":"CRYPTO 2022, Part I","author":"Z Bao","year":"2022","unstructured":"Bao, Z., Guo, J., Shi, D., Tu, Y.: Superposition Meet-in-the-Middle Attacks: Updates on Fundamental Security of AES-like Hashing. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part I. LNCS, vol. 13507, pp. 64\u201393. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15802-5_3"},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"Beierle, C., et al.: Schwaemm and Esch: lightweight authenticated encryption and hashing using the Sparkle permutation family. NIST Lightweight Cryptography (2019)","DOI":"10.46586\/tosc.v2020.iS1.208-261"},{"key":"1_CR6","unstructured":"Bernstein, D.J., et al.: SPHINCS+: submission to the NIST post-quantum project (2017)"},{"key":"1_CR7","unstructured":"Bernstein, D.J., et\u00a0al.: Gimli. Submission to the NIST Lightweight Cryptography project (2019). https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/round-1\/spec-doc\/gimli-spec.pdf"},{"issue":"30","key":"1_CR8","first-page":"320","volume":"3","author":"G Bertoni","year":"2009","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak sponge function family main document. Submission NIST 3(30), 320\u2013337 (2009)","journal-title":"Submission NIST"},{"key":"1_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1007\/978-3-642-25385-0_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344\u2013371. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_19"},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1007\/978-3-642-23951-9_21","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2011","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Kne\u017eevi\u0107, M., Leander, G., Toz, D., Var\u0131c\u0131, K., Verbauwhede, I.: spongent: a lightweight hash function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312\u2013325. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23951-9_21"},{"key":"1_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/978-3-642-19574-7_16","volume-title":"Selected Areas in Cryptography","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229\u2013240. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19574-7_16"},{"key":"1_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-642-22792-9_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"C Bouillaguet","year":"2011","unstructured":"Bouillaguet, C., Derbez, P., Fouque, P.-A.: Automatic search of attacks on round-reduced AES and applications. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 169\u2013187. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_10"},{"key":"1_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1007\/978-3-031-38548-3_9","volume-title":"CRYPTO 2023, Part III","author":"C Boura","year":"2023","unstructured":"Boura, C., David, N., Derbez, P., Leander, G., Naya-Plasencia, M.: Differential meet-in-the-middle cryptanalysis. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023, Part III. LNCS, vol. 14083, pp. 240\u2013272. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38548-3_9"},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-642-40041-4_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"A Canteaut","year":"2013","unstructured":"Canteaut, A., Naya-Plasencia, M., Vayssi\u00e8re, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 222\u2013240. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_13"},{"issue":"S1","key":"1_CR15","doi-asserted-by":"publisher","first-page":"60","DOI":"10.46586\/tosc.v2020.iS1.60-87","volume":"2020","author":"J Daemen","year":"2020","unstructured":"Daemen, J., Hoffert, S., Peeters, M., Van Assche, G., Van Keer, R.: Xoodyak, a lightweight cryptographic scheme. IACR Trans. Symmetric Cryptol. 2020(S1), 60\u201387 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"issue":"S1","key":"1_CR16","doi-asserted-by":"publisher","first-page":"262","DOI":"10.46586\/tosc.v2020.iS1.262-294","volume":"2020","author":"J Daemen","year":"2020","unstructured":"Daemen, J., Massolino, P.M.C., Mehrdad, A., Rotella, Y.: The subterranean 2.0 cipher suite. IACR Trans. Symmetric Cryptol. 2020(S1), 262\u2013294 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"IB Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416\u2013427. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_39"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Degr\u00e9, M., Derbez, P., Lahaye, L., Schrottenloher, A.: New models for the cryptanalysis of ASCON. IACR Cryptol. ePrint Arch., p. 298 (2024)","DOI":"10.46586\/tosc.v2024.i1.135-157"},{"key":"1_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-662-53008-5_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"P Derbez","year":"2016","unstructured":"Derbez, P., Fouque, P.-A.: Automatic search of meet-in-the-middle and impossible differential attacks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 157\u2013184. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_6"},{"issue":"6","key":"1_CR20","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1109\/C-M.1977.217750","volume":"10","author":"W Diffie","year":"1977","unstructured":"Diffie, W., Hellman, M.E.: Special feature exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6), 74\u201384 (1977)","journal-title":"Computer"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"374","DOI":"10.1007\/978-3-030-77870-5_14","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"I Dinur","year":"2021","unstructured":"Dinur, I.: Cryptanalytic applications of the polynomial method for solving multivariate equation systems over GF(2). In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part I. LNCS, vol. 12696, pp. 374\u2013403. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_14"},{"key":"1_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1007\/978-3-642-32009-5_42","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"I Dinur","year":"2012","unstructured":"Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 719\u2013740. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_42"},{"key":"1_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"442","DOI":"10.1007\/978-3-642-34047-5_25","volume-title":"Fast Software Encryption","author":"I Dinur","year":"2012","unstructured":"Dinur, I., Dunkelman, O., Shamir, A.: New attacks on Keccak-224 and Keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 442\u2013461. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_25"},{"key":"1_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-662-43933-3_12","volume-title":"Fast Software Encryption","author":"I Dinur","year":"2014","unstructured":"Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 219\u2013240. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-43933-3_12"},{"issue":"3","key":"1_CR25","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/s00145-021-09398-9","volume":"34","author":"C Dobraunig","year":"2021","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon v.12: lightweight authenticated encryption and hashing. J. Cryptol. 34(3), 33 (2021)","journal-title":"J. Cryptol."},{"key":"1_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-030-84252-9_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"X Dong","year":"2021","unstructured":"Dong, X., Hua, J., Sun, S., Li, Z., Wang, X., Hu, L.: Meet-in-the-middle attacks revisited: key-recovery, collision, and preimage attacks. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part III. LNCS, vol. 12827, pp. 278\u2013308. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84252-9_10"},{"key":"1_CR27","doi-asserted-by":"crossref","unstructured":"Dong, X., Zhao, B., Qin, L., Hou, Q., Zhang, S., Wang, X.: Generic mitm attack frameworks on sponge constructions. IACR Cryptol. ePrint Arch., p. 604 (2024)","DOI":"10.1007\/978-3-031-68385-5_1"},{"key":"1_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-540-77026-8_8","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2007","author":"O Dunkelman","year":"2007","unstructured":"Dunkelman, O., Sekar, G., Preneel, B.: Improved meet-in-the-middle attacks on reduced-round DES. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 86\u2013100. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-77026-8_8"},{"key":"1_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1007\/978-3-662-47989-6_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"T Espitau","year":"2015","unstructured":"Espitau, T., Fouque, P.-A., Karpman, P.: Higher-order differential meet-in-the-middle preimage attacks on SHA-1 and BLAKE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 683\u2013701. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_33"},{"issue":"4","key":"1_CR30","doi-asserted-by":"publisher","first-page":"636","DOI":"10.1145\/321420.321422","volume":"14","author":"W Robert","year":"1967","unstructured":"Robert, W.: Floyd. Nondeterministic algorithms. J. ACM 14(4), 636\u2013644 (1967)","journal-title":"J. ACM"},{"key":"1_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/978-3-662-46706-0_4","volume-title":"Fast Software Encryption","author":"T Fuhr","year":"2015","unstructured":"Fuhr, T., Minaud, B.: Match box meet-in-the-middle attack against KATAN. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 61\u201381. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46706-0_4"},{"issue":"3","key":"1_CR32","doi-asserted-by":"publisher","first-page":"102","DOI":"10.46586\/tosc.v2021.i3.102-136","volume":"2021","author":"D G\u00e9rault","year":"2021","unstructured":"G\u00e9rault, D., Peyrin, T., Tan, Q.Q.: Exploring differential-based distinguishers and forgeries for ASCON. IACR Trans. Symmetric Cryptol. 2021(3), 102\u2013136 (2021)","journal-title":"IACR Trans. Symmetric Cryptol."},{"issue":"1","key":"1_CR33","doi-asserted-by":"publisher","first-page":"228","DOI":"10.1007\/s00145-019-09313-3","volume":"33","author":"J Guo","year":"2020","unstructured":"Guo, J., Liao, G., Liu, G., Liu, M., Qiao, K., Song, L.: Practical collision attacks against round-reduced SHA-3. J. Cryptol. 33(1), 228\u2013270 (2020)","journal-title":"J. Cryptol."},{"key":"1_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-642-17373-8_4","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Guo","year":"2010","unstructured":"Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56\u201375. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_4"},{"key":"1_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-642-22792-9_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"J Guo","year":"2011","unstructured":"Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222\u2013239. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_13"},{"key":"1_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1007\/978-3-031-09234-3_12","volume-title":"Applied Cryptography and Network Security","author":"H Hadipour","year":"2022","unstructured":"Hadipour, H., Eichlseder, M.: Autoguess: a tool for finding guess-and-determine attacks and key bridges. In: Ateniese, G., Venturi, D. (eds.) ACNS 2022. LNCS, vol. 13269, pp. 230\u2013250. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-09234-3_12"},{"key":"1_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"544","DOI":"10.1007\/978-3-642-34961-4_33","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"D Khovratovich","year":"2012","unstructured":"Khovratovich, D.: Bicliques for permutations: collision and preimage attacks in stronger settings. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 544\u2013561. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_33"},{"key":"1_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"392","DOI":"10.1007\/978-3-642-29011-4_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"D Khovratovich","year":"2012","unstructured":"Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-bicliques: cryptanalysis of full IDEA. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 392\u2013410. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_24"},{"key":"1_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-642-32009-5_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"S Knellwolf","year":"2012","unstructured":"Knellwolf, S., Khovratovich, D.: New preimage attacks against reduced SHA-1. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 367\u2013383. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_22"},{"issue":"2","key":"1_CR40","first-page":"1","volume":"2016","author":"S K\u00f6lbl","year":"2016","unstructured":"K\u00f6lbl, S., Lauridsen, M.M., Mendel, F., Rechberger, C.: Haraka v2 - efficient short-input hashing for post-quantum applications. IACR Trans. Symmetric Cryptol. 2016(2), 1\u201329 (2016)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/978-3-031-15985-5_7","volume-title":"CRYPTO 2022 , Part IV","author":"C Lefevre","year":"2022","unstructured":"Lefevre, C., Mennink, B.: Tight preimage resistance of the sponge construction. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022 , Part IV. LNCS, vol. 13510, pp. 185\u2013204. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15985-5_7"},{"key":"1_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1007\/978-3-642-34047-5_16","volume-title":"Fast Software Encryption","author":"J Li","year":"2012","unstructured":"Li, J., Isobe, T., Shibutani, K.: Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 264\u2013286. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_16"},{"key":"1_CR43","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"637","DOI":"10.1007\/978-3-030-73103-8_45","volume-title":"Advances in Information and Communication","author":"G Liu","year":"2021","unstructured":"Liu, G., Lu, J., Li, H., Tang, P., Qiu, W.: Preimage attacks against lightweight scheme Xoodyak based on deep learning. In: Arai, K. (ed.) FICC 2021. AISC, vol. 1364, pp. 637\u2013648. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-73103-8_45"},{"key":"1_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/0-387-34805-0_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"RC Merkle","year":"1990","unstructured":"Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218\u2013238. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_21"},{"key":"1_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-642-22792-9_11","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"M Naya-Plasencia","year":"2011","unstructured":"Naya-Plasencia, M.: How to improve rebound attacks. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 188\u2013205. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_11"},{"key":"1_CR46","unstructured":"The U.S. National\u00a0Institute of\u00a0Standards and Technology. SHA-3 standard: Permutation-based hash and extendable-output functions. Federal Information Processing Standard, FIPS 202, 5th August 2015"},{"key":"1_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"B Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368\u2013378. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_31"},{"key":"1_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1007\/978-3-031-30634-1_6","volume-title":"EUROCRYPT 2023, Part IV","author":"L Qin","year":"2023","unstructured":"Qin, L., Hua, J., Dong, X., Yan, H., Wang, X.: Meet-in-the-middle preimage attacks on sponge-based hashing. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part IV. LNCS, vol. 14007, pp. 158\u2013188. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30634-1_6"},{"key":"1_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-3-319-97916-8_15","volume-title":"Advances in Information and Computer Security","author":"Yu Sasaki","year":"2018","unstructured":"Sasaki, Yu.: Integer linear programming for three-subset meet-in-the-middle attacks: application to GIFT. In: Inomata, A., Yasuda, K. (eds.) IWSEC 2018. LNCS, vol. 11049, pp. 227\u2013243. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-97916-8_15"},{"key":"1_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/978-3-642-21702-9_22","volume-title":"Fast Software Encryption","author":"Yu Sasaki","year":"2011","unstructured":"Sasaki, Yu.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378\u2013396. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21702-9_22"},{"key":"1_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-642-01001-9_8","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"Yu Sasaki","year":"2009","unstructured":"Sasaki, Yu., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134\u2013152. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-01001-9_8"},{"key":"1_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"562","DOI":"10.1007\/978-3-642-34961-4_34","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"Yu Sasaki","year":"2012","unstructured":"Sasaki, Yu., Wang, L., Wu, S., Wu, W.: Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 562\u2013579. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_34"},{"key":"1_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1007\/978-3-031-15982-4_24","volume-title":"CRYPTO 2022 , Part III","author":"A Schrottenloher","year":"2022","unstructured":"Schrottenloher, A., Stevens, M.: Simplified MITM modeling for permutations: new (quantum) attacks. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022 , Part III. LNCS, vol. 13509, pp. 717\u2013747. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15982-4_24"},{"key":"1_CR54","doi-asserted-by":"crossref","unstructured":"Schrottenloher, A., Stevens, M.: Simplified modeling of MITM attacks for block ciphers: new (quantum) attacks. IACR Cryptol. ePrint Arch., p. 816 (2023)","DOI":"10.46586\/tosc.v2023.i3.146-183"},{"issue":"1","key":"1_CR55","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/PL00003816","volume":"12","author":"PC van Oorschot","year":"1999","unstructured":"van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1\u201328 (1999)","journal-title":"J. Cryptol."},{"key":"1_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/11535218_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17\u201336. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_2"},{"key":"1_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11426639_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19\u201335. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_2"},{"key":"1_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"307","DOI":"10.1007\/978-3-662-48324-4_16","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2015","author":"G Yang","year":"2015","unstructured":"Yang, G., Zhu, B., Suder, V., Aagaard, M.D., Gong, G.: The Simeck family of lightweight block ciphers. In: G\u00fcneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 307\u2013329. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48324-4_16"},{"key":"1_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/978-3-031-30634-1_8","volume-title":"EUROCRYPT 2023, Part IV","author":"Z Zhang","year":"2023","unstructured":"Zhang, Z., Hou, C., Liu, M.: Collision attacks on round-reduced SHA-3 using conditional internal differentials. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023, Part IV. LNCS, vol. 14007, pp. 220\u2013251. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30634-1_8"},{"key":"1_CR60","unstructured":"Zong, R., Dong, X., Wang, X.: Collision attacks on round-reduced Gimli-Hash\/Ascon-Xof\/Ascon-Hash. Cryptol. ePrint Arch., Paper 2019\/111"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-68385-5_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,26]],"date-time":"2024-11-26T19:37:48Z","timestamp":1732649868000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-68385-5_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031683848","9783031683855"],"references-count":60,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-68385-5_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"17 August 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}