{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T23:12:15Z","timestamp":1778022735179,"version":"3.51.4"},"publisher-location":"Cham","reference-count":62,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032253323","type":"print"},{"value":"9783032253330","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-25333-0_14","type":"book-chapter","created":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T22:36:59Z","timestamp":1778020619000},"page":"394-423","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["How to\u00a0Build a\u00a0Short-Input Random Oracle from\u00a0Public Random Permutations"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2883-4870","authenticated-orcid":false,"given":"Ritam","family":"Bhaumik","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-9761-1192","authenticated-orcid":false,"given":"Nilanjan","family":"Datta","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2672-7331","authenticated-orcid":false,"given":"Avijit","family":"Dutta","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5957-2837","authenticated-orcid":false,"given":"Ashwin","family":"Jha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-2357-0198","authenticated-orcid":false,"given":"Sougata","family":"Mandal","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6679-1878","authenticated-orcid":false,"given":"Bart","family":"Mennink","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-8395-4925","authenticated-orcid":false,"given":"Hrithik","family":"Nandi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9549-4538","authenticated-orcid":false,"given":"Yaobin","family":"Shen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,6]]},"reference":[{"key":"14_CR1","unstructured":"Albertini, A., Duong, T., Gueron, S., K\u00f6lbl, S., Luykx, A., Schmieg, S.: How to abuse and fix authenticated encryption without key commitment. In: USENIX Security Symposium 2022, pp. 3291\u20133308. USA, USENIX Association (2022). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/albertini"},{"key":"14_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-662-48800-3_17","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"S Banik","year":"2015","unstructured":"Banik, S., et al.: Midori: A Block Cipher for Low Energy. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 411\u2013436. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48800-3_17"},{"key":"14_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/978-3-319-96884-1_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"M Barbosa","year":"2018","unstructured":"Barbosa, M., Farshim, P.: Indifferentiable Authenticated Encryption. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 187\u2013220. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_7"},{"key":"14_CR4","unstructured":"Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK Families of Lightweight Block Ciphers. Cryptology ePrint Archive, Paper 2013\/404 (2013). https:\/\/eprint.iacr.org\/2013\/404"},{"key":"14_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-662-53008-5_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"C Beierle","year":"2016","unstructured":"Beierle, C., et al.: The SKINNY Family of Block Ciphers and Its Low-Latency Variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123\u2013153. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_5"},{"key":"14_CR6","doi-asserted-by":"publisher","unstructured":"Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: FOCS 1997, pp. 394\u2013403. IEEE Comput. Soc. (1997). https:\/\/doi.org\/10.1109\/SFCS.1997.646128","DOI":"10.1109\/SFCS.1997.646128"},{"key":"14_CR7","doi-asserted-by":"publisher","unstructured":"Bellare, M., Hoang, V.T.: Efficient Schemes for Committing Authenticated Encryption. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13276, pp. 845\u2013875. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07085-3_29","DOI":"10.1007\/978-3-031-07085-3_29"},{"key":"14_CR8","unstructured":"Bellare, M., Impagliazzo, R.: A tool for obtaining tighter security analyses of pseudorandom function based constructions, with applications to PRP to PRF conversion. Cryptology ePrint Archive, Report 1999\/024 (1999). http:\/\/eprint.iacr.org\/1999\/024"},{"key":"14_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1007\/BFb0054132","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201998","author":"M Bellare","year":"1998","unstructured":"Bellare, M., Krovetz, T., Rogaway, P.: Luby-Rackoff backwards: Increasing security by making block ciphers non-invertible. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 266\u2013280. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054132"},{"key":"14_CR10","doi-asserted-by":"publisher","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM-CCS 1993, pp. 62\u201373. ACM (1993). https:\/\/doi.org\/10.1145\/168588.168596","DOI":"10.1145\/168588.168596"},{"key":"14_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The Security of Triple Encryption and a Framework\u00a0for\u00a0Code-Based\u00a0Game-Playing\u00a0Proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_25"},{"key":"14_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-78967-3_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"G Bertoni","year":"2008","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the Indifferentiability of the Sponge Construction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181\u2013197. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_11"},{"key":"14_CR13","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge Functions. Ecrypt Hash Workshop 2007 (2007)"},{"key":"14_CR14","doi-asserted-by":"publisher","unstructured":"Bhargavan, K., Leurent, G.: On the practical (In-)Security of 64-bit block ciphers: collision attacks on HTTP over TLS and OpenVPN. In: ACM-CCS 2016, pp. 456\u2013467. ACM (2016). https:\/\/doi.org\/10.1145\/2976749.2978423","DOI":"10.1145\/2976749.2978423"},{"key":"14_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/978-3-319-78381-9_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"S Bhattacharya","year":"2018","unstructured":"Bhattacharya, S., Nandi, M.: Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the $$\\chi ^2$$ Method. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 387\u2013412. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78381-9_15"},{"key":"14_CR16","doi-asserted-by":"publisher","unstructured":"Bhattacharya, S., Nandi, M.: Revisiting variable output length XOR pseudorandom function. IACR Trans. Symmetric Cryptol. 2018(1), 314\u2013335 (2018). https:\/\/doi.org\/10.13154\/TOSC.V2018.I1.314-335","DOI":"10.13154\/TOSC.V2018.I1.314-335"},{"key":"14_CR17","doi-asserted-by":"publisher","unstructured":"Bhaumik, R., Chakraborty, B., Choi, W., Dutta, A., Govinden, J., Shen, Y.: The Committing Security of MACs with Applications to Generic Composition. In: Reyzin, L., Stebila, D. (eds.) CRYPTO 2024. LNCS, vol. 14923, pp. 425\u2013462. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68385-5_14","DOI":"10.1007\/978-3-031-68385-5_14"},{"key":"14_CR18","doi-asserted-by":"publisher","unstructured":"Bhaumik, R., Cogliati, B., Ethan, J., Jha, A.: On quantum secure compressing pseudorandom functions. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT 2023. LNCS, vol. 14440, pp. 34\u201366. Springer (2023). https:\/\/doi.org\/10.1007\/978-981-99-8727-6_2","DOI":"10.1007\/978-981-99-8727-6_2"},{"key":"14_CR19","unstructured":"Bhaumik, R., et al.: How to build a short-input random oracle from public random permutations. Cryptology ePrint Archive, Paper 2026\/336 (2026). https:\/\/eprint.iacr.org\/2026\/336"},{"key":"14_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"450","DOI":"10.1007\/978-3-540-74735-2_31","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2007","author":"A Bogdanov","year":"2007","unstructured":"Bogdanov, A., et al.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450\u2013466. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74735-2_31"},{"key":"14_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-642-34961-4_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"J Borghoff","year":"2012","unstructured":"Borghoff, J., et al.: PRINCE \u2013 A Low-Latency Block Cipher for Pervasive Computing Applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208\u2013225. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_14"},{"key":"14_CR22","doi-asserted-by":"publisher","unstructured":"Bui, D., Carozza, E., Couteau, G., Goudarzi, D., Joux, A.: Faster signatures from MPC-in-the-head. In: Chung, KM., Sasaki, Y. (eds.) ASIACRYPT 2024. LNCS, vol. 15484, pp. 396\u2013428. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-981-96-0875-1_13","DOI":"10.1007\/978-981-96-0875-1_13"},{"key":"14_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1007\/978-3-642-04138-9_20","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2009","author":"C De Canni\u00e8re","year":"2009","unstructured":"De Canni\u00e8re, C., Dunkelman, O., Kne\u017eevi\u0107, M.: KATAN and KTANTAN \u2014 A Family of Small and Efficient Hardware-Oriented Block Ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272\u2013288. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04138-9_20"},{"key":"14_CR24","doi-asserted-by":"publisher","unstructured":"Chan, J., Rogaway, P.: On Committing Authenticated-Encryption. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) ESORICS 2022. LNCS, vol. 13555, pp. 275\u2013294. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-17146-8_14","DOI":"10.1007\/978-3-031-17146-8_14"},{"key":"14_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"520","DOI":"10.1007\/978-3-030-92078-4_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"YL Chen","year":"2021","unstructured":"Chen, Y.L., Mennink, B., Preneel, B.: Categorization of Faulty Nonce Misuse Resistant Message Authentication. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13092, pp. 520\u2013550. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92078-4_18"},{"key":"14_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1007\/978-3-030-34578-5_7","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"W Choi","year":"2019","unstructured":"Choi, W., Lee, B., Lee, J.: Indifferentiability of Truncated Random Permutations. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 175\u2013195. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34578-5_7"},{"key":"14_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/978-3-662-46706-0_15","volume-title":"Fast Software Encryption","author":"B Cogliati","year":"2015","unstructured":"Cogliati, B., Lampe, R., Patarin, J.: The Indistinguishability of the XOR of $$k$$ Permutations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 285\u2013302. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46706-0_15"},{"key":"14_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-662-53018-4_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"B Cogliati","year":"2016","unstructured":"Cogliati, B., Seurin, Y.: EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse Resistant MAC. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 121\u2013149. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_5"},{"issue":"12","key":"14_CR29","doi-asserted-by":"publisher","first-page":"2703","DOI":"10.1007\/s10623-018-0470-9","volume":"86","author":"B Cogliati","year":"2018","unstructured":"Cogliati, B., Seurin, Y.: Analysis of the single-permutation encrypted Davies-Meyer construction. Des. Codes Cryptogr. 86(12), 2703\u20132723 (2018). https:\/\/doi.org\/10.1007\/s10623-018-0470-9","journal-title":"Des. Codes Cryptogr."},{"key":"14_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J-S Coron","year":"2005","unstructured":"Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd Revisited: How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430\u2013448. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_26"},{"key":"14_CR31","doi-asserted-by":"publisher","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Cham (2002). https:\/\/doi.org\/10.1007\/978-3-662-04722-4","DOI":"10.1007\/978-3-662-04722-4"},{"key":"14_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1007\/978-3-319-63697-9_17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"W Dai","year":"2017","unstructured":"Dai, W., Hoang, V.T., Tessaro, S.: Information-Theoretic Indistinguishability via the Chi-Squared Method. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 497\u2013523. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_17"},{"key":"14_CR33","doi-asserted-by":"publisher","unstructured":"Datta, N., Dutta, A., Mandal, S., Nandi, H.: Sequential indifferentiability of STH and EDM. IACR Commun. Cryptol. 2(2), 28 (2025). https:\/\/doi.org\/10.62056\/A3N59QXQI","DOI":"10.62056\/A3N59QXQI"},{"key":"14_CR34","doi-asserted-by":"publisher","unstructured":"Dinur, I.: Tight indistinguishability bounds for the xor of independent random permutations by fourier analysis. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024. LNCS, vol. 14651, pp. 33\u201362. Springer (2024). https:\/\/doi.org\/10.1007\/978-3-031-58716-0_2","DOI":"10.1007\/978-3-031-58716-0_2"},{"key":"14_CR35","doi-asserted-by":"publisher","unstructured":"Dodis, Y., Pietrzak, K., Puniya, P.: A new mode of operation for block ciphers and length-preserving MACs. In: EUROCRYPT 2008, pp. 198\u2013219 (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_12","DOI":"10.1007\/978-3-540-78967-3_12"},{"key":"14_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-642-32009-5_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"Y Dodis","year":"2012","unstructured":"Dodis, Y., Ristenpart, T., Steinberger, J., Tessaro, S.: To Hash or Not to Hash Again? (In)Differentiability Results for H2 and HMAC. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 348\u2013366. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_21"},{"issue":"9","key":"14_CR37","doi-asserted-by":"publisher","first-page":"6218","DOI":"10.1109\/TIT.2022.3171178","volume":"68","author":"A Dutta","year":"2022","unstructured":"Dutta, A., Nandi, M., Saha, A.: Proof of Mirror Theory for $$\\xi _{\\rm max }=2$$. IEEE Trans. Inf. Theory 68(9), 6218\u20136232 (2022). https:\/\/doi.org\/10.1109\/TIT.2022.3171178","journal-title":"IEEE Trans. Inf. Theory"},{"key":"14_CR38","doi-asserted-by":"crossref","unstructured":"Dworkin, M.: Recommendation for Block Cipher Modes of Operation Methods and Techniques (2001). https:\/\/tsapps.nist.gov\/publication\/get_pdf.cfm?pub_id=51031","DOI":"10.6028\/NIST.SP.800-38a"},{"key":"14_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 86","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How To Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987). https:\/\/doi.org\/10.1007\/3-540-47721-7_12"},{"key":"14_CR40","unstructured":"Gilboa, S., Gueron, S.: The Advantage of Truncated Permutations. CoRR abs\/1610.02518 (2016). http:\/\/arxiv.org\/abs\/1610.02518"},{"key":"14_CR41","doi-asserted-by":"publisher","unstructured":"Goldreich, O., Goldwasser, S., Micali, S.: How to Construct Random Functions (Extended Abstract). In: FOCS 1984, pp. 464\u2013479. In: IEEE Computer Society (1984). https:\/\/doi.org\/10.1109\/SFCS.1984.715949","DOI":"10.1109\/SFCS.1984.715949"},{"key":"14_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1007\/978-3-319-63697-9_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"P Grubbs","year":"2017","unstructured":"Grubbs, P., Lu, J., Ristenpart, T.: Message Franking via Committing Authenticated Encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 66\u201397. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_3"},{"key":"14_CR43","doi-asserted-by":"publisher","unstructured":"Gunsing, A.: Block-Cipher-Based Tree Hashing. In: CRYPTO 2022. LNCS, vol. 13510, pp. 205\u2013233. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15985-5_8","DOI":"10.1007\/978-3-031-15985-5_8"},{"key":"14_CR44","doi-asserted-by":"publisher","unstructured":"Gunsing, A., Bhaumik, R., Jha, A., Mennink, B., Shen, Y.: Revisiting the Indifferentiability of the Sum of Permutations. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023. LNCS, vol. 14083, pp. 628\u2013660. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38548-3_21","DOI":"10.1007\/978-3-031-38548-3_21"},{"key":"14_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/978-3-030-56784-2_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2020","author":"A Gunsing","year":"2020","unstructured":"Gunsing, A., Mennink, B.: The Summation-Truncation Hybrid: Reusing Discarded Bits for Free. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 187\u2013217. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-56784-2_7"},{"issue":"6","key":"14_CR46","doi-asserted-by":"publisher","first-page":"1297","DOI":"10.1007\/s10623-018-0528-8","volume":"87","author":"C Guo","year":"2019","unstructured":"Guo, C., Shen, Y., Wang, L., Gu, D.: Beyond-birthday secure domain-preserving PRFs from a single permutation. Des. Codes Cryptogr. 87(6), 1297\u20131322 (2019). https:\/\/doi.org\/10.1007\/s10623-018-0528-8","journal-title":"Des. Codes Cryptogr."},{"key":"14_CR47","doi-asserted-by":"publisher","unstructured":"Hall, C., Wagner, D.A., Kelsey, J., Schneier, B.: Building PRFs from PRPs. In: Krawczyk, H. (eds.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 370\u2013389. Springer, Cham (1998). https:\/\/doi.org\/10.1007\/BFB0055742","DOI":"10.1007\/BFB0055742"},{"key":"14_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"310","DOI":"10.1007\/11799313_20","volume-title":"Fast Software Encryption","author":"T Iwata","year":"2006","unstructured":"Iwata, T.: New Blockcipher Modes of Operation with Beyond the Birthday Bound Security. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 310\u2013327. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11799313_20"},{"key":"14_CR49","unstructured":"Iwata, T., Viz\u00e1r, D., Mennink, B.: CENC is Optimally Secure. Cryptology ePrint Archive, Paper 2016\/1087 (2016). https:\/\/eprint.iacr.org\/2016\/1087"},{"issue":"6","key":"14_CR50","doi-asserted-by":"publisher","first-page":"4050","DOI":"10.1109\/TIT.2017.2679757","volume":"63","author":"J Lee","year":"2017","unstructured":"Lee, J.: Indifferentiability of the sum of random permutations toward optimal security. IEEE Trans. Inf. Theory 63(6), 4050\u20134054 (2017). https:\/\/doi.org\/10.1109\/TIT.2017.2679757","journal-title":"IEEE Trans. Inf. Theory"},{"key":"14_CR51","doi-asserted-by":"publisher","unstructured":"Lefevre, C.: Indifferentiability of the sponge construction with a restricted number of message blocks. IACR Trans. Symmetric Cryptol. 2023(1), 224\u2013243 (2023). https:\/\/doi.org\/10.46586\/TOSC.V2023.I1.224-243","DOI":"10.46586\/TOSC.V2023.I1.224-243"},{"key":"14_CR52","unstructured":"Len, J., Grubbs, P., Ristenpart, T.: Partitioning oracle attacks. In: USENIX Security Symposium, 2021, pp. 195\u2013212. USENIX Association (2021). https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/len"},{"key":"14_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"470","DOI":"10.1007\/3-540-45539-6_34","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"S Lucks","year":"2000","unstructured":"Lucks, S.: The Sum of PRPs Is a Secure PRF. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 470\u2013484. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_34"},{"key":"14_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/978-3-642-17401-8_6","volume-title":"Progress in Cryptology - INDOCRYPT 2010","author":"A Mandal","year":"2010","unstructured":"Mandal, A., Patarin, J., Nachef, V.: Indifferentiability beyond the Birthday Bound for the Xor of Two Public Random Permutations. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 69\u201381. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17401-8_6"},{"key":"14_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography","author":"U Maurer","year":"2004","unstructured":"Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21\u201339. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24638-1_2"},{"key":"14_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"556","DOI":"10.1007\/978-3-319-63697-9_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"B Mennink","year":"2017","unstructured":"Mennink, B., Neves, S.: Encrypted Davies-Meyer and Its Dual: Towards Optimal Security Using Mirror Theory. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 556\u2013583. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_19"},{"key":"14_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"619","DOI":"10.1007\/978-3-319-28166-7_30","volume-title":"Applied Cryptography and Network Security","author":"B Mennink","year":"2015","unstructured":"Mennink, B., Preneel, B.: On the XOR of Multiple Random Permutations. In: Malkin, T., Kolesnikov, V., Lewko, A.B., Polychronakis, M. (eds.) ACNS 2015. LNCS, vol. 9092, pp. 619\u2013634. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-28166-7_30"},{"key":"14_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-030-45721-1_8","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"M Nandi","year":"2020","unstructured":"Nandi, M.: Mind the Composition: Birthday Bound Attacks on EWCDMD and SoKAC21. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 203\u2013220. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_8"},{"key":"14_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-540-85093-9_22","volume-title":"Information Theoretic Security","author":"J Patarin","year":"2008","unstructured":"Patarin, J.: A Proof of Security in O(2n) for the Xor of Two Random Permutations. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 232\u2013248. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85093-9_22"},{"key":"14_CR60","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/978-3-642-04159-4_21","volume-title":"Selected Areas in Cryptography","author":"J Patarin","year":"2009","unstructured":"Patarin, J.: The \u201cCoefficients H\u2019\u2019 Technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328\u2013345. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_21"},{"issue":"4","key":"14_CR61","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/s00200-017-0326-y","volume":"28","author":"J Patarin","year":"2017","unstructured":"Patarin, J.: Mirror theory and cryptography. Appl. Algebra Eng. Commun. Comput. 28(4), 321\u2013338 (2017). https:\/\/doi.org\/10.1007\/s00200-017-0326-y","journal-title":"Appl. Algebra Eng. Commun. Comput."},{"key":"14_CR62","doi-asserted-by":"crossref","unstructured":"Suzuki, K., Yasuda, K.: On the security of the cryptographic mask generation functions standardized by ANSI, IEEE, ISO\/IEC, and NIST. NTT Technical Review (2012). https:\/\/www.ntt-review.jp\/archive\/ntttechnical. php?contents=ntr201211ra2.pdf&mode=show_pdf","DOI":"10.53829\/ntr201211ra2"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2026"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-25333-0_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T22:37:07Z","timestamp":1778020627000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-25333-0_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032253323","9783032253330"],"references-count":62,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-25333-0_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"6 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Rome","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Italy","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2026","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 May 2026","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 May 2026","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"45","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2026","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2026\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}