{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:59:20Z","timestamp":1773511160162,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540851738","type":"print"},{"value":"9783540851745","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-85174-5_9","type":"book-chapter","created":{"date-parts":[[2008,8,20]],"date-time":"2008-08-20T12:32:02Z","timestamp":1219235522000},"page":"144-161","source":"Crossref","is-referenced-by-count":69,"title":["Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms"],"prefix":"10.1007","author":[{"given":"Helena","family":"Handschuh","sequence":"first","affiliation":[]},{"given":"Bart","family":"Preneel","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"9_CR1","unstructured":"3GPP TS 35.216, Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2; Document 2: SNOW 3G specification (March 2006)"},{"key":"9_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M. Bellare","year":"2006","unstructured":"Bellare, M.: New Proofs for NMAC and HMAC: Security without Collision-Resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol.\u00a04117, pp. 602\u2013619. Springer, Heidelberg (2006)"},{"key":"9_CR3","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"M. Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol.\u00a01109, pp. 1\u201315. Springer, Heidelberg (1996)"},{"key":"9_CR4","unstructured":"Bellare, M., Goldreich, O., Mityagin, A.: The Power of Verification Queries in Message Authentication and Authenticated Encryption. November 18 (2004), http:\/\/eprint.iacr.org\/2004\/309"},{"key":"9_CR5","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1007\/3-540-48658-5_32","volume-title":"Advances in Cryptology - CRYPTO \u201994","author":"M. Bellare","year":"1994","unstructured":"Bellare, M., Kilian, J., Rogaway, P.: The Security of Cipher Block Chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994, vol.\u00a0839, pp. 341\u2013358. Springer, Heidelberg (1994)"},{"key":"9_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1007\/11502760_3","volume-title":"Fast Software Encryption","author":"D.J. Bernstein","year":"2005","unstructured":"Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol.\u00a03557, pp. 32\u201349. Springer, Heidelberg (2005), http:\/\/cr.yp.to\/talks\/2005.02.15\/slides.pdf"},{"key":"9_CR7","unstructured":"Bernstein, D.J.: Polynomial Evaluation and Message Authentication, October 22 (2007) http:\/\/cr.yp.to\/papers.html#pema"},{"key":"9_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"331","DOI":"10.1007\/3-540-48329-2_28","volume-title":"Advances in Cryptology - CRYPTO \u201993","author":"J. Bierbrauer","year":"1994","unstructured":"Bierbrauer, J., Johansson, T., Kabatianskii, G., Smeets, B.: On Families of Hash Functions via Geometric Codes and Concatenation. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol.\u00a0773, pp. 331\u2013342. Springer, Heidelberg (1994)"},{"key":"9_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1007\/3-540-48405-1_14","volume-title":"Advances in Cryptology - CRYPTO \u201999","author":"J. Black","year":"1999","unstructured":"Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and Secure Message Authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol.\u00a01666, pp. 216\u2013233. Springer, Heidelberg (1999)"},{"key":"9_CR10","unstructured":"Black, J., Cochran, M.: MAC Reforgeability, November 27 (2007), http:\/\/eprint.iacr.org\/2006\/095"},{"key":"9_CR11","first-page":"79","volume-title":"Crypto 1982","author":"G. Brassard","year":"1983","unstructured":"Brassard, G.: On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Crypto 1982, pp. 79\u201386. Plenum Press, New York (1983)"},{"key":"9_CR12","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1016\/0022-0000(79)90044-8","volume":"18","author":"J.L. Carter","year":"1979","unstructured":"Carter, J.L., Wegman, M.N.: Universal classes of hash functions. Journal of Computer and System Sciences\u00a018, 143\u2013154 (1979)","journal-title":"Journal of Computer and System Sciences"},{"key":"9_CR13","first-page":"65","volume":"2","author":"B. Boer den","year":"1993","unstructured":"den Boer, B.: A Simple and Key-Economical Unconditional Authentication Scheme. Journal of Computer Security\u00a02, 65\u201371 (1993)","journal-title":"Journal of Computer Security"},{"key":"9_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"414","DOI":"10.1007\/978-3-540-74619-5_26","volume-title":"Fast Software Encryption","author":"Y. Dodis","year":"2007","unstructured":"Dodis, Y., Pietrzak, K.: Improving the Security of MACs via Randomized Message Preprocessing. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol.\u00a04593, pp. 414\u2013433. Springer, Heidelberg (2007)"},{"key":"9_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"234","DOI":"10.1007\/3-540-48405-1_15","volume-title":"Advances in Cryptology - CRYPTO \u201999","author":"M. Etzel","year":"1999","unstructured":"Etzel, M., Patel, S., Ramzan, Z.: Square Hash: Fast Message Authentication via Optimized Universal Hash Functions. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol.\u00a01666, pp. 234\u2013251. Springer, Heidelberg (1999)"},{"key":"9_CR16","unstructured":"Ferguson, N.: Authentication Weaknesses in GCM (May 20, 2005), http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/BCM\/documents\/comments\/CWC-GCM\/Ferguson2.pdf"},{"key":"9_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1007\/BFb0052345","volume-title":"Fast Software Encryption","author":"S. Halevi","year":"1997","unstructured":"Halevi, S., Krawczyk, H.: MMH: Software Message Authentication in the Gbit\/second Rates. In: Biham, E. (ed.) FSE 1997. LNCS, vol.\u00a01267, pp. 172\u2013189. Springer, Heidelberg (1997)"},{"key":"9_CR18","unstructured":"ISO\/IEC\u00a09797, Information Technology \u2013 Security Techniques \u2013 Message Authentication Codes (MACs) \u2013 Part 1: Mechanisms using a Block Cipher, ISO\/IEC (1999)"},{"key":"9_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/978-3-540-39887-5_11","volume-title":"Fast Software Encryption","author":"T. Iwata","year":"2003","unstructured":"Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol.\u00a02887, pp. 129\u2013153. Springer, Heidelberg (2003)"},{"key":"9_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1007\/3-540-69053-0_12","volume-title":"Advances in Cryptology - EUROCRYPT \u201997","author":"T. Johansson","year":"1997","unstructured":"Johansson, T.: Bucket Hashing with a Small Key Size. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol.\u00a01233, pp. 149\u2013162. Springer, Heidelberg (1997)"},{"key":"9_CR21","unstructured":"Joux, A.: Authentication Failures in NIST Version of GCM (2006), http:\/\/csrc.nist.gov\/CryptoToolkit\/modes\/"},{"issue":"2","key":"9_CR22","doi-asserted-by":"publisher","first-page":"566","DOI":"10.1109\/18.485725","volume":"IT42","author":"G.A. Kabatianskii","year":"1996","unstructured":"Kabatianskii, G.A., Johansson, T., Smeets, B.: On the Cardinality of Systematic A-codes via Error Correcting Codes. IEEE Trans. on Information Theory\u00a0IT42(2), 566\u2013578 (1996)","journal-title":"IEEE Trans. on Information Theory"},{"issue":"12","key":"9_CR23","doi-asserted-by":"publisher","first-page":"1484","DOI":"10.1109\/TC.2005.195","volume":"54","author":"J.-P. Kaps","year":"2005","unstructured":"Kaps, J.-P., Y\u00fcksel, K., Sunar, B.: Energy Scalable Universal Hashing. IEEE Trans. on Computers\u00a054(12), 1484\u20131495 (2005)","journal-title":"IEEE Trans. on Computers"},{"issue":"1","key":"9_CR24","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1049\/el:19970028","volume":"33","author":"L. Knudsen","year":"1997","unstructured":"Knudsen, L.: Chosen-text Attack on CBC-MAC. Electronics Letters\u00a033(1), 48\u201349 (1997)","journal-title":"Electronics Letters"},{"key":"9_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"408","DOI":"10.1007\/978-3-540-25937-4_26","volume-title":"Fast Software Encryption","author":"T. Kohno","year":"2004","unstructured":"Kohno, T., Viega, J., Whiting, D.: CWC: A High-Performance Conventional Authenticated Encryption Mode. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol.\u00a03017, pp. 408\u2013426. Springer, Heidelberg (2004)"},{"key":"9_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/3-540-48658-5_15","volume-title":"Advances in Cryptology - CRYPTO \u201994","author":"H. Krawczyk","year":"1994","unstructured":"Krawczyk, H.: LFSR-based Hashing and Authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol.\u00a0839, pp. 129\u2013139. Springer, Heidelberg (1994)"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Krovetz, T.: UMAC: Message Authentication Code using Universal Hashing. IETF, RFC\u00a04418 (informational) (March 2006)","DOI":"10.17487\/rfc4418"},{"key":"9_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-540-74462-7_23","volume-title":"Selected Areas in Cryptography","author":"T. Krovetz","year":"2007","unstructured":"Krovetz, T.: Message Authentication on 64-bit Architectures. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol.\u00a04356, pp. 327\u2013341. Springer, Heidelberg (2007)"},{"key":"9_CR29","unstructured":"McGrew, D.A., Fluhrer, S.: Multiple Forgery Attacks against Message Authentication Codes, http:\/\/eprint.iacr.org\/2005\/161"},{"key":"9_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"D.A. McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The Security and Performance of the Galois\/Counter Mode (GCM) of Operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol.\u00a03348, pp. 343\u2013355. Springer, Heidelberg (2004)"},{"key":"9_CR31","unstructured":"National Institute of Standards and Technology (NIST), SP\u00a0800-38D, Recommendation for Block Cipher Modes of Operation: Galois\/Counter Mode (GCM) and GMAC, November 2007 (earlier drafts published in May 2005, April 2006, June 2007)"},{"issue":"3","key":"9_CR32","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/s001450010009","volume":"13","author":"E. Petrank","year":"2000","unstructured":"Petrank, E., Rackoff, C.: CBC MAC for Real-time Data Sources. Journal of Cryptology\u00a013(3), 315\u2013338 (2000)","journal-title":"Journal of Cryptology"},{"key":"9_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1007\/0-387-34805-0_15","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"B. Preneel","year":"1990","unstructured":"Preneel, B., Bosselaers, A., Govaerts, R., Vandewalle, J.: A Chosen Text Attack on The Modified Cryptographic Checksum Algorithm of Cohen and Huang. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 154\u2013163. Springer, Heidelberg (1990)"},{"issue":"1","key":"9_CR34","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1109\/18.746787","volume":"IT-45","author":"B. Preneel","year":"1999","unstructured":"Preneel, B., van Oorschot, P.C.: On the Security of Iterated Message Authentication Codes. IEEE Trans. on Information Theory\u00a0IT-45(1), 188\u2013199 (1999)","journal-title":"IEEE Trans. on Information Theory"},{"key":"9_CR35","first-page":"381","volume-title":"Contemporary Cryptology: The Science of Information Integrity","author":"G.J. Simmons","year":"1991","unstructured":"Simmons, G.J.: A Survey of Information Authentication. In: Simmons, G.J. (ed.) Contemporary Cryptology: The Science of Information Integrity, pp. 381\u2013419. IEEE Press, Los Alamitos (1991)"},{"issue":"4","key":"9_CR36","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/BF01388651","volume":"4","author":"D.R. Stinson","year":"1994","unstructured":"Stinson, D.R.: Universal Hashing and Authentication Codes. Designs, Codes, and Cryptography\u00a04(4), 369\u2013380 (1994)","journal-title":"Designs, Codes, and Cryptography"},{"issue":"3","key":"9_CR37","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1016\/0022-0000(81)90033-7","volume":"22","author":"M.N. Wegman","year":"1981","unstructured":"Wegman, M.N., Carter, J.L.: New Hash Functions and their Use in Authentication and Set Equality. Journal of Computer and System Sciences\u00a022(3), 265\u2013279 (1981)","journal-title":"Journal of Computer and System Sciences"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2008"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-85174-5_9.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:22:33Z","timestamp":1606184553000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-85174-5_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540851738","9783540851745"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-85174-5_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}