{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,12]],"date-time":"2026-06-12T10:16:42Z","timestamp":1781259402474,"version":"3.54.1"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319636962","type":"print"},{"value":"9783319636979","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-63697-9_18","type":"book-chapter","created":{"date-parts":[[2017,8,1]],"date-time":"2017-08-01T04:07:12Z","timestamp":1501560432000},"page":"524-555","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Indifferentiability of Iterated Even-Mansour Ciphers with Non-idealized Key-Schedules: Five Rounds Are Necessary and Sufficient"],"prefix":"10.1007","author":[{"given":"Yuanxi","family":"Dai","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yannick","family":"Seurin","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"John","family":"Steinberger","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Aishwarya","family":"Thiruvengadam","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2017,8,2]]},"reference":[{"key":"18_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/978-3-642-40041-4_29","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"E Andreeva","year":"2013","unstructured":"Andreeva, E., Bogdanov, A., Dodis, Y., Mennink, B., Steinberger, J.P.: On the indifferentiability of key-alternating ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 531\u2013550. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-40041-4_29"},{"key":"18_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-662-43933-3_18","volume-title":"Fast Software Encryption","author":"E Andreeva","year":"2014","unstructured":"Andreeva, E., Bogdanov, A., Mennink, B.: Towards understanding the known-key security of block ciphers. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 348\u2013366. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-43933-3_18"},{"key":"18_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1007\/3-540-39200-9_31","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2003","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491\u2013506. Springer, Heidelberg (2003). doi:10.1007\/3-540-39200-9_31"},{"key":"18_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-45539-6_11","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139\u2013155. Springer, Heidelberg (2000). doi:10.1007\/3-540-45539-6_11"},{"key":"18_CR5","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: ACM Conference on Computer and Communications Security, pp. 62\u201373 (1993)","DOI":"10.1145\/168588.168596"},{"key":"18_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006). doi:10.1007\/11761679_25. Full version: http:\/\/eprint.iacr.org\/2004\/331"},{"issue":"4","key":"18_CR7","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/BF00203965","volume":"7","author":"E Biham","year":"1994","unstructured":"Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229\u2013246 (1994)","journal-title":"J. Cryptol."},{"key":"18_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-642-03356-8_14","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"A Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D., Nikoli\u0107, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231\u2013249. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-03356-8_14"},{"key":"18_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/11799313_21","volume-title":"Fast Software Encryption","author":"J Black","year":"2006","unstructured":"Black, J.: The ideal-cipher model, revisited: an uninstantiable blockcipher-based hash function. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 328\u2013340. Springer, Heidelberg (2006). doi:10.1007\/11799313_21"},{"key":"18_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/3-540-45708-9_21","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"J Black","year":"2002","unstructured":"Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320\u2013335. Springer, Heidelberg (2002). doi:10.1007\/3-540-45708-9_21"},{"key":"18_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-642-29011-4_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Bogdanov","year":"2012","unstructured":"Bogdanov, A., Knudsen, L.R., Leander, G., Standaert, F.-X., Steinberger, J., Tischhauser, E.: Key-alternating ciphers in a provable setting: encryption using a small number of public permutations - (Extended abstract). In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 45\u201362. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-29011-4_5"},{"key":"18_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-662-44371-2_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"S Chen","year":"2014","unstructured":"Chen, S., Lampe, R., Lee, J., Seurin, Y., Steinberger, J.: Minimizing the two-round Even-Mansour cipher. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 39\u201356. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-44371-2_3. Full version: http:\/\/eprint.iacr.org\/2014\/443"},{"key":"18_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-55220-5_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"S Chen","year":"2014","unstructured":"Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327\u2013350. Springer, Heidelberg (2014). doi:10.1007\/978-3-642-55220-5_19. Full version: http:\/\/eprint.iacr.org\/2013\/222"},{"key":"18_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"584","DOI":"10.1007\/978-3-662-46800-5_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"B Cogliati","year":"2015","unstructured":"Cogliati, B., Seurin, Y.: On the provable security of the iterated Even-Mansour cipher against related-key and chosen-key attacks. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 584\u2013613. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46800-5_23. Full version: http:\/\/eprint.iacr.org\/2015\/069"},{"key":"18_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"494","DOI":"10.1007\/978-3-662-52993-5_25","volume-title":"Fast Software Encryption","author":"B Cogliati","year":"2016","unstructured":"Cogliati, B., Seurin, Y.: Strengthening the known-key security notion for block ciphers. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 494\u2013513. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-52993-5_25"},{"issue":"1","key":"18_CR16","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/s00145-014-9189-6","volume":"29","author":"J Coron","year":"2016","unstructured":"Coron, J., Holenstein, T., K\u00fcnzler, R., Patarin, J., Seurin, Y., Tessaro, S.: How to build an ideal cipher: the indifferentiability of the Feistel construction. J. Cryptol. 29(1), 61\u2013114 (2016)","journal-title":"J. Cryptol."},{"key":"18_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J-S Coron","year":"2005","unstructured":"Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd revisited: how to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430\u2013448. Springer, Heidelberg (2005). doi:10.1007\/11535218_26"},{"key":"18_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-85174-5_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"J-S Coron","year":"2008","unstructured":"Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1\u201320. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-85174-5_1"},{"key":"18_CR19","unstructured":"Dai, Y., Seurin, Y., Steinberger, J.P., Thiruvengadam, A.: Five rounds are sufficient and necessary for the indifferentiability of iterated Even-Mansour. IACR Cryptology ePrint Archive, Report 2017\/042 (2017). http:\/\/eprint.iacr.org\/2017\/042"},{"key":"18_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-662-53018-4_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"Y Dai","year":"2016","unstructured":"Dai, Y., Steinberger, J.: Indifferentiability of 8-round Feistel networks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 95\u2013120. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53018-4_4. Full version: http:\/\/eprint.iacr.org\/2015\/1069"},{"key":"18_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"664","DOI":"10.1007\/978-3-642-38348-9_39","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"G Demay","year":"2013","unstructured":"Demay, G., Ga\u017ei, P., Hirt, M., Maurer, U.: Resource-restricted indifferentiability. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 664\u2013683. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-38348-9_39. Full version: http:\/\/eprint.iacr.org\/2012\/613"},{"key":"18_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1007\/3-540-44598-6_23","volume-title":"Advances in Cryptology \u2014 CRYPTO 2000","author":"A Desai","year":"2000","unstructured":"Desai, A.: The security of all-or-nothing encryption: protecting against exhaustive key search. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 359\u2013375. Springer, Heidelberg (2000). doi:10.1007\/3-540-44598-6_23"},{"key":"18_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"679","DOI":"10.1007\/978-3-662-49896-5_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"Y Dodis","year":"2016","unstructured":"Dodis, Y., Stam, M., Steinberger, J., Liu, T.: Indifferentiability of confusion-diffusion networks. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 679\u2013704. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-49896-5_24"},{"key":"18_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-642-29011-4_21","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"O Dunkelman","year":"2012","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: Minimalism in cryptography: the Even-Mansour scheme revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 336\u2013354. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-29011-4_21"},{"issue":"3","key":"18_CR25","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151\u2013162 (1997)","journal-title":"J. Cryptol."},{"key":"18_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"342","DOI":"10.1007\/978-3-662-48116-5_17","volume-title":"Fast Software Encryption","author":"P Farshim","year":"2015","unstructured":"Farshim, P., Procter, G.: The related-key security of iterated Even\u2013Mansour ciphers. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 342\u2013363. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-48116-5_17. Full version: http:\/\/eprint.iacr.org\/2014\/953"},{"key":"18_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 86","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How To prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987). doi:10.1007\/3-540-47721-7_12"},{"key":"18_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"364","DOI":"10.1007\/3-540-36178-2_23","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2002","author":"L Granboulan","year":"2002","unstructured":"Granboulan, L.: Short signatures in the random oracle model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 364\u2013378. Springer, Heidelberg (2002). doi:10.1007\/3-540-36178-2_23"},{"key":"18_CR29","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/s10623-015-0132-0","volume":"81","author":"C Guo","year":"2015","unstructured":"Guo, C., Lin, D.: Separating invertible key derivations from non-invertible ones: sequential indifferentiability of 3-round Even-Mansour. Designs Codes Cryptogr. 81, 109\u2013129 (2015). http:\/\/dx.doi.org\/10.1007\/s10623-015-0132-0","journal-title":"Designs Codes Cryptogr."},{"key":"18_CR30","unstructured":"Guo, C., Lin, D.: Indifferentiability of 3-round Even-Mansour with random oracle key derivation. IACR Cryptology ePrint Archive, Report 2016\/894 (2016). http:\/\/eprint.iacr.org\/2016\/894"},{"key":"18_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-53018-4_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"VT Hoang","year":"2016","unstructured":"Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 3\u201332. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53018-4_1"},{"key":"18_CR32","doi-asserted-by":"crossref","unstructured":"Holenstein, T., K\u00fcnzler, R., Tessaro, S.: The equivalence of the random oracle model and the ideal cipher model, revisited. In: Fortnow, L., Vadhan, S.P. (eds.) Symposium on Theory of Computing - STOC 2011, pp. 89\u201398. ACM (2011). Full version http:\/\/arxiv.org\/abs\/1011.1264","DOI":"10.1145\/1993636.1993650"},{"key":"18_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"427","DOI":"10.1007\/978-3-540-25937-4_27","volume-title":"Fast Software Encryption","author":"T Iwata","year":"2004","unstructured":"Iwata, T., Kohno, T.: New security proofs for the 3GPP confidentiality and integrity algorithms. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 427\u2013445. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-25937-4_27"},{"key":"18_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"252","DOI":"10.1007\/3-540-68697-5_20","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"J Kilian","year":"1996","unstructured":"Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 252\u2013267. Springer, Heidelberg (1996). doi:10.1007\/3-540-68697-5_20"},{"key":"18_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-540-76900-2_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2007","author":"LR Knudsen","year":"2007","unstructured":"Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315\u2013324. Springer, Heidelberg (2007). doi:10.1007\/978-3-540-76900-2_19"},{"key":"18_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/3-540-47555-9_5","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201992","author":"X Lai","year":"1993","unstructured":"Lai, X., Massey, J.L.: Hash functions based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55\u201370. Springer, Heidelberg (1993). doi:10.1007\/3-540-47555-9_5"},{"key":"18_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-642-34961-4_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"R Lampe","year":"2012","unstructured":"Lampe, R., Patarin, J., Seurin, Y.: An asymptotically tight security analysis of the iterated Even-Mansour cipher. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 278\u2013295. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-34961-4_18"},{"key":"18_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/978-3-642-42033-7_23","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"R Lampe","year":"2013","unstructured":"Lampe, R., Seurin, Y.: How to construct an ideal cipher from a small set of public permutations. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 444\u2013463. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-42033-7_23"},{"key":"18_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/978-3-642-28914-9_16","volume-title":"Theory of Cryptography","author":"A Mandal","year":"2012","unstructured":"Mandal, A., Patarin, J., Seurin, Y.: On the public indifferentiability and correlation intractability of the 6-round Feistel construction. In: Cramer, R. (ed.) TCC 2012. LNCS, vol. 7194, pp. 285\u2013302. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-28914-9_16. Full version: http:\/\/eprint.iacr.org\/2011\/496"},{"key":"18_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography","author":"U Maurer","year":"2004","unstructured":"Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21\u201339. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-24638-1_2"},{"key":"18_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"RC Merkle","year":"1990","unstructured":"Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428\u2013446. Springer, New York (1990). doi:10.1007\/0-387-34805-0_40"},{"key":"18_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"B Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368\u2013378. Springer, Heidelberg (1994). doi:10.1007\/3-540-48329-2_31"},{"key":"18_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/978-3-642-20465-4_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"T Ristenpart","year":"2011","unstructured":"Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with composition: limitations of the indifferentiability framework. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 487\u2013506. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-20465-4_27"},{"key":"18_CR44","unstructured":"Seurin, Y.: Primitives et protocoles cryptographiques \u00e0 s\u00e9curit\u00e9 prouv\u00e9e. Ph.D. thesis, Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines, France (2009)"},{"key":"18_CR45","unstructured":"Steinberger, J.: Improved security bounds for key-alternating ciphers via Hellinger distance. IACR Cryptology ePrint Archive, Report 2012\/481 (2012). http:\/\/eprint.iacr.org\/2012\/481"},{"key":"18_CR46","doi-asserted-by":"crossref","unstructured":"Winternitz, R.S.: A secure one-way hash function built from DES. In: IEEE Symposium on Security and Privacy, pp. 88\u201390 (1984)","DOI":"10.1109\/SP.1984.10027"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-63697-9_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T20:08:26Z","timestamp":1710360506000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-63697-9_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319636962","9783319636979"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-63697-9_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"2 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"37","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iacr.org\/conferences\/crypto2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}