{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T02:39:51Z","timestamp":1767321591712,"version":"3.48.0"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032105356","type":"print"},{"value":"9783032105363","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-10536-3_1","type":"book-chapter","created":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T02:36:42Z","timestamp":1767321402000},"page":"3-25","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Preimage-Type Attacks for\u00a0Reduced Ascon-Hash: Application to\u00a0Ed25519"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2329-7631","authenticated-orcid":false,"given":"Marcel","family":"Nageler","sequence":"first","affiliation":[]},{"given":"Lorenz","family":"Schmid","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8750-7423","authenticated-orcid":false,"given":"Maria","family":"Eichlseder","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,1,2]]},"reference":[{"key":"1_CR1","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. Ecrypt Hash Workshop 2007 (2007). https:\/\/keccak.team\/files\/SpongeFunctions.pdf"},{"key":"1_CR2","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions (2011). https:\/\/keccak.team\/files\/CSF-0.1.pdf"},{"key":"1_CR3","doi-asserted-by":"publisher","unstructured":"Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In PKC 2006, volume 3958 of LNCS, pp. 207\u2013228. Springer (2006). https:\/\/doi.org\/10.1007\/11745853_14","DOI":"10.1007\/11745853_14"},{"issue":"8","key":"1_CR4","doi-asserted-by":"publisher","first-page":"2197","DOI":"10.1007\/s10623-024-01383-0","volume":"92","author":"S Baek","year":"2024","unstructured":"Baek, S., Kim, G., Kim, J.: Preimage attacks on reduced-round Ascon-XOF. Des. Codes Cryptogr. 92(8), 2197\u20132217 (2024). https:\/\/doi.org\/10.1007\/s10623-024-01383-0","journal-title":"Des. Codes Cryptogr."},{"key":"1_CR5","doi-asserted-by":"publisher","unstructured":"Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In: CRYPTO \u201996, volume 1109 of LNCS, pp. 129\u2013142. Springer (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_11","DOI":"10.1007\/3-540-68697-5_11"},{"key":"1_CR6","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon v1. Submission to the CAESAR competition (2014). https:\/\/competitions.cr.yp.to\/round1\/asconv1.pdf"},{"key":"1_CR7","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon v1.2. Submission to the NIST lightweight cryptography competition (2019). https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/round-1\/spec-doc\/ascon-spec.pdf"},{"key":"1_CR8","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Preliminary analysis of Ascon-XOF and Ascon-Hash. IACR Cryptology ePrint Archive, Paper 2024\/908 (2019). https:\/\/eprint.iacr.org\/2024\/908"},{"issue":"3","key":"1_CR9","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s00145-021-09398-9","volume":"34","author":"C Dobraunig","year":"2021","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon v1.2: lightweight authenticated encryption and hashing. J. Cryptol. 34(3), 1\u201342 (2021). https:\/\/doi.org\/10.1007\/s00145-021-09398-9","journal-title":"J. Cryptol."},{"key":"1_CR10","doi-asserted-by":"publisher","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon MAC, PRF, and short-input PRF \u2013 lightweight, fast, and efficient pseudorandom functions. In: CT-RSA 2024, volume 14643 of LNCS, pp. 381\u2013403. Springer (2024). https:\/\/doi.org\/10.1007\/978-3-031-58868-6_15","DOI":"10.1007\/978-3-031-58868-6_15"},{"key":"1_CR11","doi-asserted-by":"publisher","unstructured":"Dong, X., Guo, J., Li, S., Pham, P., Zhang, T.: Improved meet-in-the-middle Nostradamus attacks on AES-like hashing. IACR Trans. Symmetric Cryptol. 2024(1), 158\u2013187 (2024). https:\/\/doi.org\/10.46586\/tosc.v2024.i1.158-187","DOI":"10.46586\/tosc.v2024.i1.158-187"},{"key":"1_CR12","doi-asserted-by":"publisher","unstructured":"Dong, X., Zhao, B., Qin, L., Hou, Q., Zhang, S., Wang, X.: Generic MitM attack frameworks on sponge constructions. In: CRYPTO 2024, volume 14923 of LNCS, pp. 3\u201337. Springer (2024). https:\/\/doi.org\/10.1007\/978-3-031-68385-5_1","DOI":"10.1007\/978-3-031-68385-5_1"},{"key":"1_CR13","unstructured":"Fu, Q., Luo, Y., Yang, Q., Song, L.: Preimage and collision attacks on reduced Ascon using algebraic strategies. IACR Cryptology ePrint Archive, Paper 2023\/1453 (2023). https:\/\/eprint.iacr.org\/2023\/1453"},{"key":"1_CR14","doi-asserted-by":"publisher","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: CRYPTO \u201986, volume 263 of LNCS, pp. 186\u2013194. Springer (1986). https:\/\/doi.org\/10.1007\/3-540-47721-7_12","DOI":"10.1007\/3-540-47721-7_12"},{"key":"1_CR15","doi-asserted-by":"publisher","unstructured":"Guo, J., Liu, M., Song, L.: Linear structures: applications to cryptanalysis of round-reduced Keccak. In: ASIACRYPT 2016, volume 10031 of LNCS, pp. 249\u2013274 (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_9","DOI":"10.1007\/978-3-662-53887-6_9"},{"key":"1_CR16","doi-asserted-by":"publisher","unstructured":"Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: CRYPTO \u201996, volume 1109 of LNCS, pp. 201\u2013215. Springer (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_16","DOI":"10.1007\/3-540-68697-5_16"},{"key":"1_CR17","doi-asserted-by":"publisher","unstructured":"Josefsson, S., Liusvaara, I.: Edwards-curve digital signature algorithm (EdDSA). RFC 8032 (2017). https:\/\/doi.org\/10.17487\/rfc8032","DOI":"10.17487\/rfc8032"},{"key":"1_CR18","doi-asserted-by":"publisher","unstructured":"Kelsey, J., Kohno, T.: Herding hash functions and the Nostradamus attack. In: EUROCRYPT 2006, volume 4004 of LNCS, pp. 183\u2013200. Springer (2006). https:\/\/doi.org\/10.1007\/11761679_12","DOI":"10.1007\/11761679_12"},{"key":"1_CR19","doi-asserted-by":"publisher","unstructured":"Li, H., He, L., Chen, S., Guo, J., Qiu, W.: Automatic preimage attack framework on Ascon using a linearize-and-guess approach. IACR Trans. Symmetric Cryptol. 2023(3), 74\u2013100 (2023). https:\/\/doi.org\/10.46586\/tosc.v2023.i3.74-100","DOI":"10.46586\/tosc.v2023.i3.74-100"},{"key":"1_CR20","doi-asserted-by":"publisher","unstructured":"Lefevre, C., Mennink, B.: Tight preimage resistance of the sponge construction. In: CRYPTO 2022, volume 13510 of LNCS, pp. 185\u2013204. Springer (2022). https:\/\/doi.org\/10.1007\/978-3-031-15985-5_7","DOI":"10.1007\/978-3-031-15985-5_7"},{"key":"1_CR21","unstructured":"Mattsson, J.P., Selander, G., Paavolainen, S., Karako\u00e7, F., Tiloca, M., Moskowitz, R.: Proposals for standardization of the Ascon family. NIST Lightweight Cryptography Workshop 2023 (2023)"},{"key":"1_CR22","doi-asserted-by":"publisher","unstructured":"National Institute of Standards and Technology. Digital signature standard (DSS). Technical Report Federal Information Processing Standards Publications (FIPS) 186-5 (2023). https:\/\/doi.org\/10.6028\/nist.fips.186-5","DOI":"10.6028\/nist.fips.186-5"},{"key":"1_CR23","doi-asserted-by":"publisher","unstructured":"National Institute of Standards and Technology. Ascon-based lightweight cryptography standards for constrained devices: Authenticated encryption, hash, and extendable output functions. Technical Report NIST Special Publication (SP) 800-232 (2025). https:\/\/doi.org\/10.6028\/nist.sp.800-232","DOI":"10.6028\/nist.sp.800-232"},{"key":"1_CR24","doi-asserted-by":"publisher","unstructured":"Niu, Z., Hu, K., Sun, S., Zhang, Z., Wang, M.: Speeding up preimage and key-recovery attacks with highly biased differential-linear approximations. In: CRYPTO 2024, volume 14923 of LNCS, pp. 73\u2013104. Springer (2024). https:\/\/doi.org\/10.1007\/978-3-031-68385-5_3","DOI":"10.1007\/978-3-031-68385-5_3"},{"issue":"1","key":"1_CR25","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1515\/jmc.2009.004","volume":"3","author":"G Neven","year":"2009","unstructured":"Neven, G., Smart, N.P., Warinschi, B.: Hash function requirements for Schnorr signatures. J. Math. Cryptol. 3(1), 69\u201387 (2009). https:\/\/doi.org\/10.1515\/jmc.2009.004","journal-title":"J. Math. Cryptol."},{"key":"1_CR26","doi-asserted-by":"publisher","unstructured":"Qin, L., Hua, J., Dong, X., Yan, H., Wang, X.: Meet-in-the-middle preimage attacks on sponge-based hashing. In: EUROCRYPT 2023, volume 14007 of LNCS, pp. 158\u2013188. Springer (2023). https:\/\/doi.org\/10.1007\/978-3-031-30634-1_6","DOI":"10.1007\/978-3-031-30634-1_6"},{"key":"1_CR27","doi-asserted-by":"publisher","unstructured":"Schnorr, C.-P.: Efficient identification and signatures for smart cards. In: CRYPTO \u201989, volume 435 of LNCS, pp. 239\u2013252. Springer (1989). https:\/\/doi.org\/10.1007\/0-387-34805-0_22","DOI":"10.1007\/0-387-34805-0_22"},{"key":"1_CR28","doi-asserted-by":"publisher","unstructured":"Schmid, L.: Preimages for Ascon-Xof in EdDSA. Master\u2019s thesis, Graz University of Technology (2025). https:\/\/doi.org\/10.3217\/6jv2t-pgn22","DOI":"10.3217\/6jv2t-pgn22"},{"key":"1_CR29","doi-asserted-by":"publisher","unstructured":"Zhang, Z., Sun, S., Wang, C., Hu, L.: Classical and quantum meet-in-the-middle Nostradamus attacks on AES-like hashing. IACR Trans. Symmetric Cryptol. 2023(2), 224\u2013252 (2023). https:\/\/doi.org\/10.46586\/tosc.v2023.i2.224-252","DOI":"10.46586\/tosc.v2023.i2.224-252"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography \u2013 SAC 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-10536-3_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T02:36:43Z","timestamp":1767321403000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-10536-3_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032105356","9783032105363"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-10536-3_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"2 January 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SAC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Selected Areas in Cryptography","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toronto, ON","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Canada","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"32","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sacrypt2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/sacworkshop.org\/SAC25\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}