{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:33:34Z","timestamp":1742913214993,"version":"3.40.3"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031683848"},{"type":"electronic","value":"9783031683855"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-68385-5_4","type":"book-chapter","created":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T08:02:51Z","timestamp":1723795371000},"page":"105-138","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Improving Generic Attacks Using Exceptional Functions"],"prefix":"10.1007","author":[{"given":"Xavier","family":"Bonnetain","sequence":"first","affiliation":[]},{"given":"Rachelle","family":"Heim Boissier","sequence":"additional","affiliation":[]},{"given":"Ga\u00ebtan","family":"Leurent","sequence":"additional","affiliation":[]},{"given":"Andr\u00e9","family":"Schrottenloher","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,8,17]]},"reference":[{"key":"4_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1007\/978-3-642-05445-7_25","volume-title":"Selected Areas in Cryptography","author":"E Andreeva","year":"2009","unstructured":"Andreeva, E., Bouillaguet, C., Dunkelman, O., Kelsey, J.: Herding, second preimage and trojan message attacks beyond Merkle-Damg\u00e5rd. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 393\u2013414. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-05445-7_25"},{"key":"4_CR2","unstructured":"Aumasson, J.P., Jovanovic, P., Neves, S.: NORX v3. Submission to the Caesar competition (2016). https:\/\/competitions.cr.yp.to\/round3\/norxv30.pdf"},{"issue":"3","key":"4_CR3","doi-asserted-by":"publisher","first-page":"742","DOI":"10.1007\/s00145-019-09328-w","volume":"33","author":"Z Bao","year":"2020","unstructured":"Bao, Z., Dinur, I., Guo, J., Leurent, G., Wang, L.: Generic attacks on hash combiners. J. Cryptol. 33(3), 742\u2013823 (2020). https:\/\/doi.org\/10.1007\/s00145-019-09328-w","journal-title":"J. Cryptol."},{"key":"4_CR4","doi-asserted-by":"publisher","unstructured":"Bao, Z., Guo, J., Li, S., Pham, P.: Evaluating the security of merkle-damg\u00e5rd hash functions and combiners in quantum settings. In: NSS. LNCS, vol. 13787, pp. 687\u2013711. Springer (2022). https:\/\/doi.org\/10.1007\/978-3-031-23020-2_39","DOI":"10.1007\/978-3-031-23020-2_39"},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/978-3-319-63715-0_14","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"Z Bao","year":"2017","unstructured":"Bao, Z., Wang, L., Guo, J., Gu, D.: Functional graph revisited: updates on (Second) preimage attacks on hash combiners. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 404\u2013427. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63715-0_14"},{"key":"4_CR6","doi-asserted-by":"publisher","unstructured":"Benedikt, B.J., Fischlin, M., Huppert, M.: Nostradamus goes quantum. In: Agrawal, S., Lin, D. (eds.) Advances in Cryptology \u2013 ASIACRYPT\u00a02022, Part\u00a0III. LNCS, vol. 13793, pp. 583\u2013613. Springer, Heidelberg (2022).https:\/\/doi.org\/10.1007\/978-3-031-22969-5_20","DOI":"10.1007\/978-3-031-22969-5_20"},{"issue":"4","key":"4_CR7","doi-asserted-by":"publisher","first-page":"766","DOI":"10.1137\/0218053","volume":"18","author":"CH Bennett","year":"1989","unstructured":"Bennett, C.H.: Time\/space trade-offs for reversible computation. SIAM J. Comput. 18(4), 766\u2013776 (1989)","journal-title":"SIAM J. Comput."},{"key":"4_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/978-3-642-28496-0_19","volume-title":"Selected Areas in Cryptography","author":"G Bertoni","year":"2012","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320\u2013337. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28496-0_19"},{"key":"4_CR9","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions (2011), https:\/\/keccak.team\/files\/CSF-0.1.pdf"},{"key":"4_CR10","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/s10623-010-9481-x","volume":"64","author":"SR Blackburn","year":"2012","unstructured":"Blackburn, S.R., Stinson, D.R., Upadhyay, J.: On the complexity of the herding attack and some related attacks on hash functions. Des. Codes Crypt. 64, 171\u2013193 (2012)","journal-title":"Des. Codes Crypt."},{"key":"4_CR11","doi-asserted-by":"publisher","unstructured":"Bonnetain, X., Chailloux, A., Schrottenloher, A., Shen, Y.: Finding many collisions via reusable quantum walks: Application to lattice sieving. In: Hazay, C., Stam, M. (eds.) Advances in Cryptology \u2013 EUROCRYPT\u00a02023, Part\u00a0V. LNCS, vol. 14008, pp. 221\u2013251. Springer, Heidelberg(2023). https:\/\/doi.org\/10.1007\/978-3-031-30589-4_8","DOI":"10.1007\/978-3-031-30589-4_8"},{"key":"4_CR12","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1090\/conm\/305\/05215","volume":"305","author":"G Brassard","year":"2002","unstructured":"Brassard, G., Hoyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. Contemp. Math. 305, 53\u201374 (2002)","journal-title":"Contemp. Math."},{"key":"4_CR13","doi-asserted-by":"publisher","unstructured":"Brassard, G., H\u00f8yer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Lucchesi, C.L., Moura, A.V. (eds.) LATIN 1998. LNCS, vol.\u00a01380, pp. 163\u2013169. Springer (1998). https:\/\/doi.org\/10.1007\/BFB0054319","DOI":"10.1007\/BFB0054319"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"606","DOI":"10.1007\/978-3-319-70697-9_21","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"J Daemen","year":"2017","unstructured":"Daemen, J., Mennink, B., Van Assche, G.: Full-state keyed duplex with built-in multi-user support. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 606\u2013637. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70697-9_21"},{"key":"4_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"IB Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: a design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416\u2013427. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_39"},{"key":"4_CR16","unstructured":"Dean, R.D.: Formal aspects of mobile code security. Ph.D. thesis (1999)"},{"key":"4_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/3-540-48184-2_21","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201987","author":"JM DeLaurentis","year":"1988","unstructured":"DeLaurentis, J.M.: Components and cycles of a random function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 231\u2013242. Springer, Heidelberg (1988). https:\/\/doi.org\/10.1007\/3-540-48184-2_21"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Dierks, T., Allen, C.: RFC 2246 - The TLS Protocol Version 1.0. Internet Activities Board (Jan 1999)","DOI":"10.17487\/rfc2246"},{"key":"4_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1007\/978-3-662-49890-3_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"I Dinur","year":"2016","unstructured":"Dinur, I.: New attacks on the concatenation and XOR hash combiners. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 484\u2013508. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49890-3_19"},{"key":"4_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/978-3-662-53008-5_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"I Dinur","year":"2016","unstructured":"Dinur, I., Dunkelman, O., Keller, N., Shamir, A.: Memory-efficient algorithms for finding needles in haystacks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 185\u2013206. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_7"},{"key":"4_CR21","doi-asserted-by":"publisher","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon v1.2: lightweight authenticated encryption and hashing. J. Cryptol. 34(3), 33 (2021). https:\/\/doi.org\/10.1007\/s00145-021-09398-9","DOI":"10.1007\/s00145-021-09398-9"},{"key":"4_CR22","doi-asserted-by":"publisher","unstructured":"Dong, X., Li, S., Pham, P., Zhang, G.: Quantum attacks on hash constructions with low quantum random access memory. In: ASIACRYPT (3). LNCS, vol. 14440, pp. 3\u201333. Springer (2023).https:\/\/doi.org\/10.1007\/978-981-99-8727-6_1","DOI":"10.1007\/978-981-99-8727-6_1"},{"key":"4_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1007\/3-540-46885-4_34","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201989","author":"P Flajolet","year":"1990","unstructured":"Flajolet, P., Odlyzko, A.M.: Random mapping statistics. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 329\u2013354. Springer, Heidelberg (1990). https:\/\/doi.org\/10.1007\/3-540-46885-4_34"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Flajolet, P., Sedgewick, R.: Analytic Combinatorics. Cambridge University Press (2009). http:\/\/www.cambridge.org\/uk\/catalogue\/catalogue.asp?isbn=9780521898065","DOI":"10.1017\/CBO9780511801655"},{"key":"4_CR25","doi-asserted-by":"publisher","unstructured":"Gilbert, H., Heim Boissier, R., Khati, L., Rotella, Y.: Generic attack on duplex-based AEAD modes using random function statistics. In: Hazay, C., Stam, M. (eds.) EUROCRYPT\u00a02023, Part\u00a0IV. LNCS, vol. 14007, pp. 348\u2013378. Springer, Heidelberg (2023). https:\/\/doi.org\/10.1007\/978-3-031-30634-1_12","DOI":"10.1007\/978-3-031-30634-1_12"},{"key":"4_CR26","doi-asserted-by":"publisher","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: 28th Annual ACM Symposium on Theory of Computing, 22\u201324 May, pp. 212\u2013219. ACM Press, Philadephia, PA, USA (1996). https:\/\/doi.org\/10.1145\/237814.237866","DOI":"10.1145\/237814.237866"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/978-3-662-44371-2_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"J Guo","year":"2014","unstructured":"Guo, J., Peyrin, T., Sasaki, Yu., Wang, L.: Updates on generic attacks against HMAC and NMAC. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 131\u2013148. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44371-2_8"},{"key":"4_CR28","doi-asserted-by":"publisher","unstructured":"Harris, B.: Probability distributions related to random mappings. Annals Math. Stat. 31(4), 1045\u20131062 (1960). https:\/\/doi.org\/10.1214\/aoms\/1177705677","DOI":"10.1214\/aoms\/1177705677"},{"key":"4_CR29","unstructured":"Jha, A., Nandi, M.: Some cryptanalytic results on zipper hash and concatenated hash. Cryptology ePrint Archive, Paper 2015\/973 (2015), https:\/\/eprint.iacr.org\/2015\/973"},{"key":"4_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-540-28628-8_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"A Joux","year":"2004","unstructured":"Joux, A.: Multicollisions in iterated hash functions. application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306\u2013316. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-28628-8_19"},{"key":"4_CR31","doi-asserted-by":"publisher","unstructured":"Joux, A.: Algorithmic Cryptanalysis. Chapman and Hall\/CRC (2009). https:\/\/doi.org\/10.1201\/9781420070033","DOI":"10.1201\/9781420070033"},{"key":"4_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/11761679_12","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"J Kelsey","year":"2006","unstructured":"Kelsey, J., Kohno, T.: Herding hash functions and the nostradamus attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183\u2013200. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_12"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1007\/11426639_28","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J Kelsey","year":"2005","unstructured":"Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474\u2013490. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_28"},{"key":"4_CR34","unstructured":"Knill, E.: An analysis of bennett\u2019s pebble game. CoRR abs\/math\/9508218 (1995)"},{"key":"4_CR35","unstructured":"Lefevre, C.: A note on adversarial online complexity in security proofs of duplex-based authenticated encryption modes. soon to appear on Eprint (2024)"},{"key":"4_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-42045-0_1","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"G Leurent","year":"2013","unstructured":"Leurent, G., Peyrin, T., Wang, L.: New generic attacks against hash-based MACs. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 1\u201320. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-42045-0_1"},{"key":"4_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-662-46800-5_14","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"G Leurent","year":"2015","unstructured":"Leurent, G., Wang, L.: The sum can be weaker than each part. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 345\u2013367. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_14"},{"key":"4_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"358","DOI":"10.1007\/978-3-540-74462-7_25","volume-title":"Selected Areas in Cryptography","author":"M Liskov","year":"2007","unstructured":"Liskov, M.: Constructing an ideal hash function from weak ideal compression functions. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 358\u2013375. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74462-7_25"},{"key":"4_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1007\/3-540-38424-3_34","volume-title":"Advances in Cryptology-CRYPT0\u2019 90","author":"RC Merkle","year":"1991","unstructured":"Merkle, R.C.: Fast software encryption functions. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 477\u2013501. Springer, Heidelberg (1991). https:\/\/doi.org\/10.1007\/3-540-38424-3_34"},{"key":"4_CR40","unstructured":"Moon, J.W.: Counting Labelled Trees. Canadian Mathematical Congress 1970, William Clowes and Sons (1970)"},{"key":"4_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1007\/978-3-642-55220-5_9","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"T Peyrin","year":"2014","unstructured":"Peyrin, T., Wang, L.: Generic universal forgery attack on iterative hash-based MACs. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 147\u2013164. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55220-5_9"},{"key":"4_CR42","unstructured":"de\u00a0Wolf, R.: Quantum computing: Lecture notes (2019)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-68385-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,16]],"date-time":"2024-08-16T08:05:46Z","timestamp":1723795546000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-68385-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031683848","9783031683855"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-68385-5_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"17 August 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2024\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}