{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T21:09:22Z","timestamp":1769720962080,"version":"3.49.0"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319706962","type":"print"},{"value":"9783319706979","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-70697-9_21","type":"book-chapter","created":{"date-parts":[[2017,11,17]],"date-time":"2017-11-17T18:27:49Z","timestamp":1510943269000},"page":"606-637","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":30,"title":["Full-State Keyed Duplex with Built-In Multi-user Support"],"prefix":"10.1007","author":[{"given":"Joan","family":"Daemen","sequence":"first","affiliation":[]},{"given":"Bart","family":"Mennink","sequence":"additional","affiliation":[]},{"given":"Gilles","family":"Van Assche","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,11,18]]},"reference":[{"key":"21_CR1","doi-asserted-by":"crossref","unstructured":"Andreeva, E., Bogdanov, A., Luykx, A., Mennink, B., Mouha, N., Yasuda, K.: How to securely release unverified plaintext in authenticated encryption. In: Sarkar and Iwata [45], pp. 105\u2013125","DOI":"10.1007\/978-3-662-45611-8_6"},{"key":"21_CR2","doi-asserted-by":"crossref","unstructured":"Andreeva, E., Daemen, J., Mennink, B., Van Assche, G.: Security of keyed sponge constructions using a modular proof approach. In: Leander [36], pp. 364\u2013384","DOI":"10.1007\/978-3-662-48116-5_18"},{"key":"21_CR3","unstructured":"Aumasson, J., Jovanovic, P., Neves, S.: NORX v3.0 (2016). Submission to CAESAR Competition. https:\/\/competitions.cr.yp.to\/round3\/norxv30.pdf"},{"key":"21_CR4","doi-asserted-by":"crossref","unstructured":"Bellare, M., Bernstein, D.J., Tessaro, S.: Hash-function based PRFs: AMAC and its multi-user security. In: Fischlin and Coron [28], pp. 566\u2013595","DOI":"10.1007\/978-3-662-49890-3_22"},{"key":"21_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/3-540-45539-6_18","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259\u2013274. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-45539-6_18"},{"key":"21_CR6","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM CCS 1993, pp. 62\u201373. ACM (1993)","DOI":"10.1145\/168588.168596"},{"key":"21_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1007\/11502760_3","volume-title":"Fast Software Encryption","author":"DJ Bernstein","year":"2005","unstructured":"Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32\u201349. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11502760_3"},{"key":"21_CR8","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop 2007, May 2007"},{"key":"21_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-78967-3_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"G Bertoni","year":"2008","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181\u2013197. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_11"},{"key":"21_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-642-15031-9_3","volume-title":"Cryptographic Hardware and Embedded Systems, CHES 2010","author":"G Bertoni","year":"2010","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge-based pseudo-random number generators. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 33\u201347. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15031-9_3"},{"key":"21_CR11","doi-asserted-by":"crossref","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri and Vaudenay [39], pp. 320\u2013337","DOI":"10.1007\/978-3-642-28496-0_19"},{"key":"21_CR12","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference, January 2011"},{"key":"21_CR13","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the security of the keyed sponge construction. In: Symmetric Key Encryption Workshop, February 2011"},{"key":"21_CR14","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Permutation-based encryption, authentication and authenticated encryption. In: Directions in Authenticated Ciphers, July 2012"},{"key":"21_CR15","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Ketje V2, September 2016"},{"key":"21_CR16","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Ketje V2, document version 2.2, September 2016"},{"issue":"3","key":"21_CR17","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1016\/S0020-0190(02)00269-7","volume":"84","author":"E Biham","year":"2002","unstructured":"Biham, E.: How to decrypt or even substitute DES-encrypted messages in $${2}^{\\text{28 }}$$ steps. Inf. Process. Lett. 84(3), 117\u2013124 (2002)","journal-title":"Inf. Process. Lett."},{"key":"21_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/11693383_8","volume-title":"Selected Areas in Cryptography","author":"A Biryukov","year":"2006","unstructured":"Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved time-memory trade-offs with multiple data. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 110\u2013127. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11693383_8"},{"key":"21_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1007\/978-3-642-23951-9_21","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2011","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Kne\u017eevi\u0107, M., Leander, G., Toz, D., Var\u0131c\u0131, K., Verbauwhede, I.: spongent: a lightweight hash function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312\u2013325. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23951-9_21"},{"key":"21_CR20","unstructured":"CAESAR: Competition for authenticated encryption: security, applicability, and robustness, November 2014. http:\/\/competitions.cr.yp.to\/caesar.html"},{"key":"21_CR21","unstructured":"Chang, D., Dworkin, M., Hong, S., Kelsey, J., Nandi, M.: A keyed sponge construction with pseudorandomness in the standard model. In: NIST SHA-3 Workshop, March 2012"},{"key":"21_CR22","doi-asserted-by":"crossref","unstructured":"Chatterjee, S., Menezes, A., Sarkar, P.: Another look at tightness. In: Miri and Vaudenay [39], pp. 293\u2013319","DOI":"10.1007\/978-3-642-28496-0_18"},{"key":"21_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-55220-5_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"S Chen","year":"2014","unstructured":"Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327\u2013350. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55220-5_19"},{"key":"21_CR24","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon v1.2 (2016). Submission to CAESAR Competition. http:\/\/ascon.iaik.tugraz.at"},{"key":"21_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/3-540-57332-1_17","volume-title":"Advances in Cryptology \u2014 ASIACRYPT \u201991","author":"S Even","year":"1993","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 210\u2013224. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-57332-1_17"},{"issue":"3","key":"21_CR26","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151\u2013162 (1997)","journal-title":"J. Cryptol."},{"key":"21_CR27","unstructured":"FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions (2015)"},{"key":"21_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49890-3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","year":"2016","unstructured":"Fischlin, M., Coron, J.-S. (eds.): EUROCRYPT 2016, Part I. LNCS, vol. 9665. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49890-3"},{"key":"21_CR29","doi-asserted-by":"crossref","unstructured":"Ga\u017ei, P., Pietrzak, K., Tessaro, S.: The exact PRF security of truncation: tight bounds for keyed sponges and truncated CBC. In: Gennaro and Robshaw [31], pp. 368\u2013387","DOI":"10.1007\/978-3-662-47989-6_18"},{"key":"21_CR30","doi-asserted-by":"crossref","unstructured":"Ga\u017ei, P., Tessaro, S.: Provably robust sponge-based PRNGs and KDFs. In: Fischlin and Coron [28], pp. 87\u2013116 (2016)","DOI":"10.1007\/978-3-662-49890-3_4"},{"key":"21_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47989-6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","year":"2015","unstructured":"Gennaro, R., Robshaw, M. (eds.): CRYPTO 2015, Part I. LNCS, vol. 9215. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6"},{"key":"21_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-642-22792-9_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"J Guo","year":"2011","unstructured":"Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222\u2013239. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_13"},{"key":"21_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-53018-4_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"VT Hoang","year":"2016","unstructured":"Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part I. LNCS, vol. 9814, pp. 3\u201332. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_1"},{"key":"21_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1007\/11593447_19","volume-title":"Advances in Cryptology - ASIACRYPT 2005","author":"J Hong","year":"2005","unstructured":"Hong, J., Sarkar, P.: New applications of time memory data tradeoffs. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 353\u2013372. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11593447_19"},{"key":"21_CR35","doi-asserted-by":"crossref","unstructured":"Jovanovic, P., Luykx, A., Mennink, B.: Beyond 2\n            c\/2 security in sponge-based authenticated encryption modes. In: Sarkar and Iwata [45], pp. 85\u2013104","DOI":"10.1007\/978-3-662-45611-8_5"},{"key":"21_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48116-5","volume-title":"Fast Software Encryption","year":"2015","unstructured":"Leander, G. (ed.): FSE 2015. LNCS, vol. 9054. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48116-5"},{"key":"21_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography","author":"U Maurer","year":"2004","unstructured":"Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21\u201339. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-24638-1_2"},{"key":"21_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/978-3-662-48800-3_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"B Mennink","year":"2015","unstructured":"Mennink, B., Reyhanitabar, R., Viz\u00e1r, D.: Security of full-state keyed sponge and duplex: applications to authenticated encryption. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015, Part II. LNCS, vol. 9453, pp. 465\u2013489. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48800-3_19"},{"key":"21_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28496-0","volume-title":"Selected Areas in Cryptography","year":"2012","unstructured":"Miri, A., Vaudenay, S. (eds.): SAC 2011. LNCS, vol. 7118. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28496-0"},{"key":"21_CR40","doi-asserted-by":"crossref","unstructured":"Mouha, N., Luykx, A.: Multi-key security: the Even-Mansour construction revisited. In: Gennaro and Robshaw [31], pp. 209\u2013223","DOI":"10.1007\/978-3-662-47989-6_10"},{"key":"21_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-319-13051-4_19","volume-title":"Selected Areas in Cryptography \u2013 SAC 2014","author":"N Mouha","year":"2014","unstructured":"Mouha, N., Mennink, B., Van Herrewege, A., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306\u2013323. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13051-4_19"},{"key":"21_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-52993-5_1","volume-title":"Fast Software Encryption","author":"Y Naito","year":"2016","unstructured":"Naito, Y., Yasuda, K.: New bounds for keyed sponges with extendable output: independence between capacity and message length. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 3\u201322. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-52993-5_1"},{"key":"21_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/978-3-642-04159-4_21","volume-title":"Selected Areas in Cryptography","author":"J Patarin","year":"2009","unstructured":"Patarin, J.: The \u201cCoefficients H\u201d technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328\u2013345. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_21"},{"key":"21_CR44","doi-asserted-by":"crossref","unstructured":"Reyhanitabar, R., Vaudenay, S., Viz\u00e1r, D.: Boosting OMD for almost free authentication of associated data. In: Leander [36], pp. 411\u2013427","DOI":"10.1007\/978-3-662-48116-5_20"},{"key":"21_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45611-8","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","year":"2014","unstructured":"Sarkar, P., Iwata, T. (eds.): ASIACRYPT 2014, Part I. LNCS, vol. 8873. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8"},{"key":"21_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1007\/978-3-319-16715-2_19","volume-title":"Topics in Cryptology \u2014 CT-RSA 2015","author":"Y Sasaki","year":"2015","unstructured":"Sasaki, Y., Yasuda, K.: How to incorporate associated data in sponge-based authenticated encryption. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 353\u2013370. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-16715-2_19"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2017"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-70697-9_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T15:30:29Z","timestamp":1710343829000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-70697-9_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319706962","9783319706979"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-70697-9_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"18 November 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Hong Kong","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 December 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 December 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/asiacrypt.iacr.org\/2017\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}