{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T14:17:39Z","timestamp":1772893059176,"version":"3.50.1"},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319968834","type":"print"},{"value":"9783319968841","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-96884-1_6","type":"book-chapter","created":{"date-parts":[[2018,7,24]],"date-time":"2018-07-24T10:33:49Z","timestamp":1532428429000},"page":"155-186","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":59,"title":["Fast Message Franking: From Invisible Salamanders to Encryptment"],"prefix":"10.1007","author":[{"given":"Yevgeniy","family":"Dodis","sequence":"first","affiliation":[]},{"given":"Paul","family":"Grubbs","sequence":"additional","affiliation":[]},{"given":"Thomas","family":"Ristenpart","sequence":"additional","affiliation":[]},{"given":"Joanne","family":"Woodage","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,7,25]]},"reference":[{"key":"6_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"480","DOI":"10.1007\/978-3-642-11799-2_28","volume-title":"Theory of Cryptography","author":"M Abdalla","year":"2010","unstructured":"Abdalla, M., Bellare, M., Neven, G.: Robust encryption. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 480\u2013497. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-11799-2_28"},{"key":"6_CR2","doi-asserted-by":"crossref","unstructured":"Bellare, M., Jaeger, J., Len, J.: Better than advertised: improved collision-resistance guarantees for MD-based hash functions. In: ACM CCS (2017)","DOI":"10.1145\/3133956.3134087"},{"key":"6_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1007\/3-540-39200-9_31","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2003","author":"M Bellare","year":"2003","unstructured":"Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491\u2013506. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-39200-9_31"},{"key":"6_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531\u2013545. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/3-540-44448-3_41"},{"key":"6_CR5","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak sponge function family main document. Submission to NIST SHA3 (2009)"},{"key":"6_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/978-3-642-28496-0_19","volume-title":"Selected Areas in Cryptography","author":"G Bertoni","year":"2012","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320\u2013337. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-28496-0_19"},{"key":"6_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-10366-7_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"A Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1\u201318. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_1"},{"key":"6_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-642-03356-8_14","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"A Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D., Nikoli\u0107, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231\u2013249. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_14"},{"key":"6_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"526","DOI":"10.1007\/11426639_31","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J Black","year":"2005","unstructured":"Black, J., Cochran, M., Shrimpton, T.: On the impossibility of highly-efficient blockcipher-based hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 526\u2013541. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_31"},{"key":"6_CR10","first-page":"156","volume":"37","author":"G Brassard","year":"1988","unstructured":"Brassard, G., Chaum, D., Cr\u00e9peau, C.: Minimum disclosure proofs of knowledge. JCSS 37, 156\u2013189 (1988)","journal-title":"JCSS"},{"key":"6_CR11","unstructured":"Advanced Micro Devices: The ZEN microarchitecture (2016). https:\/\/www.amd.com\/en\/technologies\/zen-core"},{"key":"6_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1007\/3-540-39200-9_19","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2003","author":"Y Dodis","year":"2003","unstructured":"Dodis, Y., An, J.H.: Concealment and its applications to authenticated encryption. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 312\u2013329. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-39200-9_19"},{"key":"6_CR13","unstructured":"Facebook: Facebook Messenger app (2016). https:\/\/www.messenger.com\/"},{"key":"6_CR14","unstructured":"Facebook: Messenger Secret Conversations Technical Whitepaper (2016)"},{"key":"6_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"352","DOI":"10.1007\/978-3-642-36362-7_22","volume-title":"Public-Key Cryptography \u2013 PKC 2013","author":"P Farshim","year":"2013","unstructured":"Farshim, P., Libert, B., Paterson, K.G., Quaglia, E.A.: Robust encryption, revisited. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 352\u2013368. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36362-7_22"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Farshim, P., Orlandi, C., Rosie, R: Security of symmetric primitives under incorrect usage of keys. In: FSE (2017)","DOI":"10.46586\/tosc.v2017.i1.449-473"},{"key":"6_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1007\/978-3-319-63697-9_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"P Grubbs","year":"2017","unstructured":"Grubbs, P., Lu, J., Ristenpart, T.: Message franking via committing authenticated encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 66\u201397. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_3"},{"key":"6_CR18","unstructured":"Gulley, S., Gopal, V., Yap, K., Feghali, W., Guilford, J.: Intel SHA extensions (2013). https:\/\/software.intel.com\/en-us\/articles\/intel-sha-extensions"},{"key":"6_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-642-17373-8_4","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Guo","year":"2010","unstructured":"Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56\u201375. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_4"},{"key":"6_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/11818175_3","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"S Halevi","year":"2006","unstructured":"Halevi, S., Krawczyk, H.: Strengthening digital signatures via randomized hashing. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 41\u201359. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11818175_3"},{"key":"6_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/11502760_25","volume-title":"Fast Software Encryption","author":"S Hong","year":"2005","unstructured":"Hong, S., Kim, J., Lee, S., Preneel, B.: Related-key rectangle attacks on reduced versions of SHACAL-1 and AES-192. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 368\u2013383. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11502760_25"},{"key":"6_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1007\/3-540-44987-6_32","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"CS Jutla","year":"2001","unstructured":"Jutla, C.S.: Encryption modes with almost free message integrity. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 529\u2013544. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_32"},{"key":"6_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-642-34047-5_15","volume-title":"Fast Software Encryption","author":"D Khovratovich","year":"2012","unstructured":"Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on Skein-512 and the SHA-2 family. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 244\u2013263. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_15"},{"key":"6_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-540-27800-9_11","volume-title":"Information Security and Privacy","author":"J Kim","year":"2004","unstructured":"Kim, J., Kim, G., Hong, S., Lee, S., Hong, D.: The related-key rectangle attack \u2013 application to SHACAL-1. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 123\u2013136. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-27800-9_11"},{"key":"6_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1007\/978-3-540-30556-9_15","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"J Kim","year":"2004","unstructured":"Kim, J., Kim, G., Lee, S., Lim, J., Song, J.: Related-key attacks on reduced rounds of SHACAL-2. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 175\u2013190. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30556-9_15"},{"key":"6_CR26","unstructured":"Lamberger, M., Mendel, F.: Higher-order differential attack on reduced SHA-256. IACR ePrint, Report 2011\/037 (2011)"},{"key":"6_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/11836810_7","volume-title":"Information Security","author":"J Lu","year":"2006","unstructured":"Lu, J., Kim, J., Keller, N., Dunkelman, O.: Related-key rectangle attack on 42-round SHACAL-2. In: Katsikas, S.K., L\u00f3pez, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 85\u2013100. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11836810_7"},{"key":"6_CR28","unstructured":"McGrew, D., Viega, J.: The Galois\/counter mode of operation (GCM). In: NIST Modes of Operation (2004)"},{"key":"6_CR29","unstructured":"Millican, J.: Personal communication, Feb 2018"},{"key":"6_CR30","unstructured":"Millican, J.: Challenges of E2E Encryption in Facebook Messenger. RWC (2017)"},{"key":"6_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology \u2014 CRYPTO 1993","author":"B Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368\u2013378. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_31"},{"key":"6_CR32","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1145\/937527.937529","volume":"6","author":"P Rogaway","year":"2003","unstructured":"Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM TISSEC 6, 365\u2013403 (2003)","journal-title":"ACM TISSEC"},{"key":"6_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1007\/11761679_23","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"P Rogaway","year":"2006","unstructured":"Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373\u2013390. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_23"},{"key":"6_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1007\/978-3-540-85174-5_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"P Rogaway","year":"2008","unstructured":"Rogaway, P., Steinberger, J.: Constructing cryptographic hash functions from fixed-key blockciphers. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 433\u2013450. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-85174-5_24"},{"key":"6_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/978-3-540-78967-3_13","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"P Rogaway","year":"2008","unstructured":"Rogaway, P., Steinberger, J.: Security\/efficiency tradeoffs for permutation-based hashing. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 220\u2013236. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_13"},{"key":"6_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/978-3-540-89754-5_8","volume-title":"Progress in Cryptology - INDOCRYPT 2008","author":"SK Sanadhya","year":"2008","unstructured":"Sanadhya, S.K., Sarkar, P.: New collision attacks against up to 24-step SHA-2. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 91\u2013103. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-89754-5_8"},{"key":"6_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1007\/978-3-540-70583-3_52","volume-title":"Automata, Languages and Programming","author":"T Shrimpton","year":"2008","unstructured":"Shrimpton, T., Stam, M.: Building a collision-resistant compression function from non-compressing primitives. In: Aceto, L., Damg\u00e5rd, I., Goldberg, L.A., Halld\u00f3rsson, M.M., Ing\u00f3lfsd\u00f3ttir, A., Walukiewicz, I. (eds.) ICALP 2008. LNCS, vol. 5126, pp. 643\u2013654. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-70583-3_52"},{"key":"6_CR38","unstructured":"Open Whisper Systems: Signal (2016). https:\/\/signal.org\/"},{"key":"6_CR39","unstructured":"van der Linde, W.: Parallel SHA-256 in NEON for use in hash-based signatures. BSc thesis, Radboud University (2016)"},{"key":"6_CR40","unstructured":"Whatsapp: Whatsapp (2016). https:\/\/www.whatsapp.com\/"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2018"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-96884-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T10:31:50Z","timestamp":1710325910000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-96884-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319968834","9783319968841"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-96884-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"25 July 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara, CA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 August 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 August 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"38","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/crypto.iacr.org\/2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}