{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,24]],"date-time":"2026-01-24T23:47:32Z","timestamp":1769298452048,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":17,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642054433","type":"print"},{"value":"9783642054457","type":"electronic"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-05445-7_25","type":"book-chapter","created":{"date-parts":[[2009,11,3]],"date-time":"2009-11-03T10:03:23Z","timestamp":1257242603000},"page":"393-414","source":"Crossref","is-referenced-by-count":19,"title":["Herding, Second Preimage and Trojan Message Attacks beyond Merkle-Damg\u00e5rd"],"prefix":"10.1007","author":[{"given":"Elena","family":"Andreeva","sequence":"first","affiliation":[]},{"given":"Charles","family":"Bouillaguet","sequence":"additional","affiliation":[]},{"given":"Orr","family":"Dunkelman","sequence":"additional","affiliation":[]},{"given":"John","family":"Kelsey","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"25_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1007\/978-3-540-78967-3_16","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"E. Andreeva","year":"2008","unstructured":"Andreeva, E., Bouillaguet, C., Fouque, P.A., Hoch, J.J., Kelsey, J., Shamir, A., Zimmer, S.: Second Preimage Attacks on Dithered Hash Functions. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol.\u00a04965, pp. 270\u2013288. Springer, Heidelberg (2008)"},{"key":"25_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"470","DOI":"10.1007\/BFb0052256","volume-title":"Advances in Cryptology - CRYPTO \u201997","author":"M. Bellare","year":"1997","unstructured":"Bellare, M., Rogaway, P.: Collision-Resistant Hashing: Towards Making UOWHFs Practical. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol.\u00a01294, pp. 470\u2013484. Springer, Heidelberg (1997)"},{"key":"25_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/11693383_8","volume-title":"Selected Areas in Cryptography","author":"A. Biryukov","year":"2006","unstructured":"Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved time-memory trade-offs with multiple data. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol.\u00a03897, pp. 110\u2013127. Springer, Heidelberg (2006)"},{"key":"25_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-44448-3_1","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"A. Biryukov","year":"2000","unstructured":"Biryukov, A., Shamir, A.: Cryptanalytic time\/memory\/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol.\u00a01976, pp. 1\u201313. Springer, Heidelberg (2000)"},{"key":"25_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1007\/3-540-39799-X_2","volume-title":"Advances in Cryptology","author":"D. Coppersmith","year":"1986","unstructured":"Coppersmith, D.: Another birthday attack. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol.\u00a0218, pp. 14\u201317. Springer, Heidelberg (1986)"},{"key":"25_CR6","unstructured":"Dean, R.D.: Formal Aspects of Mobile Code Security. PhD thesis, Princeton University (January 1999)"},{"key":"25_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/11799313_12","volume-title":"Fast Software Encryption","author":"J.J. Hoch","year":"2006","unstructured":"Hoch, J.J., Shamir, A.: Breaking the ice - finding multicollisions in iterated concatenated and expanded (ice) hash functions. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol.\u00a04047, pp. 179\u2013194. Springer, Heidelberg (2006)"},{"key":"25_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1007\/978-3-540-28628-8_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"A. Joux","year":"2004","unstructured":"Joux, A.: Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol.\u00a03152, pp. 306\u2013316. Springer, Heidelberg (2004)"},{"key":"25_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/11761679_12","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"J. Kelsey","year":"2006","unstructured":"Kelsey, J., Kohno, T.: Herding Hash Functions and the Nostradamus Attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol.\u00a04004, pp. 183\u2013200. Springer, Heidelberg (2006)"},{"key":"25_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"474","DOI":"10.1007\/11426639_28","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J. Kelsey","year":"2005","unstructured":"Kelsey, J., Schneier, B.: Second Preimages on n-Bit Hash Functions for Much Less than 2\n                    n\n                   Work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 474\u2013490. Springer, Heidelberg (2005)"},{"key":"25_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"358","DOI":"10.1007\/978-3-540-74462-7_25","volume-title":"Selected Areas in Cryptography","author":"M. Liskov","year":"2007","unstructured":"Liskov, M.: Constructing an Ideal Hash Function from Weak Ideal Compression Functions. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol.\u00a04356, pp. 358\u2013375. Springer, Heidelberg (2007)"},{"key":"25_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"R.C. Merkle","year":"1990","unstructured":"Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 428\u2013446. Springer, Heidelberg (1990)"},{"issue":"2","key":"25_CR13","doi-asserted-by":"publisher","first-page":"759","DOI":"10.1109\/TIT.2006.889721","volume":"53","author":"M. Nandi","year":"2007","unstructured":"Nandi, M., Stinson, D.R.: Multicollision attacks on some generalized sequential hash functions. IEEE Transactions on Information Theory\u00a053(2), 759\u2013767 (2007)","journal-title":"IEEE Transactions on Information Theory"},{"key":"25_CR14","doi-asserted-by":"crossref","unstructured":"Rivest, R.L.: The MD5 message-digest algorithm. RFC1321 (April 1992)","DOI":"10.17487\/rfc1321"},{"key":"25_CR15","unstructured":"Rivest, R.L., Agre, B., Bailey, D.V., Crutchfield, C., Dodis, Y., Fleming, K.E., Khan, A., Krishnamurthy, J., Lin, Y., Reyzin, L., Shen, E., Sukha, J., Sutherland, D., Tromer, E., Yin, Y.L.: The md6 hash function, a proposal to nist for sha-3 (2008)"},{"issue":"16","key":"25_CR16","doi-asserted-by":"publisher","first-page":"2174","DOI":"10.1016\/j.dam.2007.05.005","volume":"155","author":"P. Sarkar","year":"2007","unstructured":"Sarkar, P.: Construction of universal one-way hash functions: Tree hashing revisited. Discrete Applied Mathematics\u00a0155(16), 2174\u20132180 (2007)","journal-title":"Discrete Applied Mathematics"},{"key":"25_CR17","doi-asserted-by":"crossref","unstructured":"Stevens, M., Sotirov, A., Appelbaum, J., Lenstra, A., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for md5 and the creation of a rogue ca certificate. Cryptology ePrint Archive, Report 2009\/111 (2009), \n                    \n                      http:\/\/eprint.iacr.org\/","DOI":"10.1007\/978-3-642-03356-8_4"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-05445-7_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,29]],"date-time":"2020-01-29T11:34:49Z","timestamp":1580297689000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-05445-7_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642054433","9783642054457"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-05445-7_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}