{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T18:56:31Z","timestamp":1725562591643},"publisher-location":"Berlin, Heidelberg","reference-count":105,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642147050"},{"type":"electronic","value":"9783642147067"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-14706-7_4","type":"book-chapter","created":{"date-parts":[[2010,8,11]],"date-time":"2010-08-11T05:14:43Z","timestamp":1281503683000},"page":"36-54","source":"Crossref","is-referenced-by-count":6,"title":["Cryptography for Network Security: Failures, Successes and Challenges"],"prefix":"10.1007","author":[{"given":"Bart","family":"Preneel","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"4_CR1","unstructured":"ANSI X9.19, Financial Institution Retail Message Authentication, American Bankers Association (August 13, 1986)"},{"key":"4_CR2","unstructured":"ANSI X9.52, Triple Data Encryption Algorithm Modes of Operation, American Bankers Association (1998)"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"600","DOI":"10.1007\/978-3-540-45146-4_35","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"E. Barkan","year":"2003","unstructured":"Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.\u00a02729, pp. 600\u2013616. Springer, Heidelberg (2003)"},{"key":"4_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M. Bellare","year":"2006","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: Security without collision resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol.\u00a04117, pp. 602\u2013619. Springer, Heidelberg (2006)"},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"M. Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol.\u00a01109, pp. 1\u201315. Springer, Heidelberg (1996)"},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/3-540-44448-3_41","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"M. Bellare","year":"2000","unstructured":"Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol.\u00a01976, pp. 531\u2013545. Springer, Heidelberg (2000)"},{"key":"4_CR7","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1145\/168588.168596","volume-title":"Proceedings ACM Conference on Computer and Communications Security","author":"M. Bellare","year":"1993","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings ACM Conference on Computer and Communications Security, pp. 62\u201373. ACM Press, New York (1993)"},{"key":"4_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1007\/3-540-68339-9_34","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"M. Bellare","year":"1996","unstructured":"Bellare, M., Rogaway, P.: The exact security of digital signatures \u2013 How to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol.\u00a01070, pp. 399\u2013416. Springer, Heidelberg (1996)"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1007\/11502760_3","volume-title":"Fast Software Encryption","author":"D.J. Bernstein","year":"2005","unstructured":"Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol.\u00a03557, pp. 32\u201349. Springer, Heidelberg (2005)"},{"key":"4_CR10","unstructured":"Bernstein, D.J.: Cache-timing attacks on AES (2005) (preprint), http:\/\/cr.yp.to\/papers.html#cachetiming"},{"key":"4_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-10366-7_1","volume-title":"Asiacrypt 2009","author":"A. Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol.\u00a05912, pp. 1\u201318. Springer, Heidelberg (2009)"},{"key":"4_CR12","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1007\/0-387-23483-7_15","volume-title":"Encyclopedia of Cryptography and Security","author":"J. Black","year":"2005","unstructured":"Black, J.: Authenticated encryption. In: van Tilborg, H. (ed.) Encyclopedia of Cryptography and Security, pp. 11\u201321. Springer, Heidelberg (2005)"},{"key":"4_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1007\/3-540-48405-1_14","volume-title":"Advances in Cryptology - CRYPTO \u201999","author":"J. Black","year":"1999","unstructured":"Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and secure message authentication. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol.\u00a01666, pp. 216\u2013233. Springer, Heidelberg (1999)"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/3-540-44598-6_12","volume-title":"Advances in Cryptology - CRYPTO 2000","author":"J. Black","year":"2000","unstructured":"Black, J., Rogaway, P.: CBC-MACs for arbitrary length messages. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol.\u00a01880, pp. 197\u2013215. Springer, Heidelberg (2000)"},{"key":"4_CR15","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO \u201998","author":"D. Bleichenbacher","year":"1998","unstructured":"Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 1\u201312. Springer, Heidelberg (1998)"},{"key":"4_CR16","unstructured":"Bleichenbacher, D.: Forging some RSA signatures with pencil and paper. Presented at the Rump Session of Crypto 2006 (2006)"},{"key":"4_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1007\/3-540-69053-0_4","volume-title":"Advances in Cryptology - EUROCRYPT \u201997","author":"D. Boneh","year":"1997","unstructured":"Boneh, D., DeMillo, R., Lipton, R.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol.\u00a01233, pp. 37\u201351. Springer, Heidelberg (1997)"},{"key":"4_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1007\/3-540-44448-3_3","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"D. Boneh","year":"2000","unstructured":"Boneh, D., Joux, A., Nguyen, P.Q.: Why textbook ElGamal and RSA encryption are insecure. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol.\u00a01976, pp. 30\u201343. Springer, Heidelberg (2000)"},{"issue":"1","key":"4_CR19","first-page":"24","volume":"22","author":"A. Bosselaers","year":"1997","unstructured":"Bosselaers, A., Dobbertin, H., Preneel, B.: The RIPEMD-160 cryptographic hash function. Dr. Dobb\u2019s Journal\u00a022(1), 24\u201328 (1997)","journal-title":"Dr. Dobb\u2019s Journal"},{"key":"4_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1007\/978-3-540-45146-4_34","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"B. Canvel","year":"2003","unstructured":"Canvel, B., Hiltgen, A.P., Vaudenay, S., Vuagnoux, M.: Password interception in a SSL\/TLS Channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.\u00a02729, pp. 583\u2013599. Springer, Heidelberg (2003)"},{"key":"4_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/11935230_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"S. Contini","year":"2006","unstructured":"Contini, S., Lin, Y.L.: Forgery and partial key recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol.\u00a04284, pp. 37\u201353. Springer, Heidelberg (2006)"},{"key":"4_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J.-S. Coron","year":"2005","unstructured":"Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd revisited: how to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 430\u2013448. Springer, Heidelberg (2005)"},{"key":"4_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/3-540-39200-9_21","volume-title":"Advances in Cryptology \u2013 EUROCRPYT 2003","author":"N. Courtois","year":"2003","unstructured":"Courtois, N., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol.\u00a02656, pp. 345\u2013359. Springer, Heidelberg (2003)"},{"key":"4_CR24","volume-title":"AES \u2013 The Advanced Encryption Standard","author":"J. Daemen","year":"2001","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael. In: AES \u2013 The Advanced Encryption Standard. Springer, Heidelberg (2001)"},{"key":"4_CR25","doi-asserted-by":"publisher","first-page":"335","DOI":"10.1109\/SP.2007.8","volume-title":"IEEE Symposium on Security and Privacy","author":"J.P. Degabriele","year":"2007","unstructured":"Degabriele, J.P., Paterson, K.G.: Attacking the IPsec standards in encryption only configurations. In: IEEE Symposium on Security and Privacy, pp. 335\u2013349. IEEE, Los Alamitos (2007)"},{"key":"4_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1007\/3-540-48285-7_26","volume-title":"Advances in Cryptology - EUROCRYPT \u201993","author":"B. Boer den","year":"1994","unstructured":"den Boer, B., Bosselaers, A.: Collisions for the compression function of MD5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol.\u00a0765, pp. 293\u2013304. Springer, Heidelberg (1994)"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5246 (August 2008)","DOI":"10.17487\/rfc5246"},{"key":"4_CR28","doi-asserted-by":"crossref","DOI":"10.7551\/mitpress\/5572.001.0001","volume-title":"Privacy on the Line. The Policy of Wiretapping and Encryption","author":"W. Diffie","year":"2007","unstructured":"Diffie, W., Landau, S.: Privacy on the Line. The Policy of Wiretapping and Encryption, 2nd edn. MIT Press, Cambridge (2007)","edition":"2"},{"issue":"2","key":"4_CR29","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1007\/BF00124891","volume":"2","author":"W. Diffie","year":"1992","unstructured":"Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Designs, Codes, and Cryptography\u00a02(2), 107\u2013125 (1992)","journal-title":"Designs, Codes, and Cryptography"},{"issue":"2","key":"4_CR30","first-page":"1","volume":"2","author":"H. Dobbertin","year":"1996","unstructured":"Dobbertin, H.: The status of MD5 after a recent attack. CryptoBytes\u00a02(2), 1\u20136 (Summer 1996)","journal-title":"CryptoBytes"},{"key":"4_CR31","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology, Proceedings Crypto 2010","author":"O. Dunkelman","year":"2010","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: A practical-time attack on the KASUMI cryptosystem used in GSM and 3G telephony. In: Rabin, T. (ed.) Advances in Cryptology, Proceedings Crypto 2010. LNCS. Springer, Heidelberg (2010) (in print)"},{"key":"4_CR32","unstructured":"EU Network of Excellence ECRYPT II, Yearly Report on Algorithms and Keysizes (2009-2010), http:\/\/www.ecrypt.eu.org"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1007\/3-540-36492-7_5","volume-title":"Selected Areas in Cryptography","author":"P. Ekdahl","year":"2003","unstructured":"Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol.\u00a02595, pp. 47\u201361. Springer, Heidelberg (2003)"},{"key":"4_CR34","unstructured":"Electronic Frontier Foundation, Cracking DES, Secrets of Encryption Research, Wiretap Politics & Chip Design. O\u2019Reilly & Associates, Sebastopol (1998), Source code of the implementation described in the book can be downloaded from https:\/\/www.cosic.esat.kuleuven.ac.be\/des\/"},{"key":"4_CR35","unstructured":"EU Directive 1999\/93\/EC, Community framework for electronic signatures (December 13, 1999)"},{"key":"4_CR36","unstructured":"FIPS 180, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180, NIST, U.S. Dept. of Commerce (May 11, 1993)"},{"key":"4_CR37","unstructured":"FIPS 180-1, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180-1, NIST, U.S. Dept. of Commerce (April 17, 1995)"},{"key":"4_CR38","unstructured":"FIPS 180-2, Secure Hash Standard, Federal Information Processing Standard (FIPS), Publication 180-2, NIST U.S. Dept. of Commerce (August 26, 2002) (Change notice 1 published on December 1, 2003)"},{"key":"4_CR39","unstructured":"FIPS 197, Advanced Encryption Standard, Federal Information Processing Standard, NIST, U.S. Dept. of Commerce (November 26, 2001)"},{"key":"4_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-45537-X_1","volume-title":"Selected Areas in Cryptography","author":"S. Fluhrer","year":"2001","unstructured":"Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol.\u00a02259, pp. 1\u201324. Springer, Heidelberg (2001)"},{"key":"4_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/978-3-540-74143-5_2","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"P.-A. Fouque","year":"2007","unstructured":"Fouque, P.-A., Leurent, G., Nguyen, P.Q.: Full key-recovery attacks on HMAC\/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol.\u00a04622, pp. 13\u201330. Springer, Heidelberg (2007)"},{"key":"4_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/3-540-44647-8_16","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"E. Fujisaki","year":"2001","unstructured":"Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, pp. 260\u2013274. Springer, Heidelberg (2001)"},{"key":"4_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"92","DOI":"10.1007\/3-540-45473-X_8","volume-title":"Fast Software Encryption","author":"V.D. Gligor","year":"2002","unstructured":"Gligor, V.D., Donescu, P.: Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Matsui, M. (ed.) FSE 2001. LNCS, vol.\u00a02355, pp. 92\u2013108. Springer, Heidelberg (2002)"},{"key":"4_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"51","DOI":"10.1007\/978-3-642-03317-9_4","volume-title":"FSE 2009","author":"S. Gueron","year":"2009","unstructured":"Gueron, S.: Intel\u2019s new AES instructions for enhanced performance and security. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol.\u00a05665, pp. 51\u201366. Springer, Heidelberg (2009)"},{"key":"4_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1007\/978-3-540-85174-5_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"H. Handschuh","year":"2008","unstructured":"Handschuh, H., Preneel, B.: Key-recovery attacks on universal hash function based MAC algorithms. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol.\u00a05157, pp. 144\u2013161. Springer, Heidelberg (2008)"},{"key":"4_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1007\/11593447_19","volume-title":"Advances in Cryptology - ASIACRYPT 2005","author":"J. Hong","year":"2005","unstructured":"Hong, J., Sarkar, P.: New applications of time memory data tradeoffs. In: Roy, B.K. (ed.) ASIACRYPT 2005. LNCS, vol.\u00a03788, pp. 353\u2013372. Springer, Heidelberg (2005)"},{"key":"4_CR47","unstructured":"IEEE P1363, Standard Specifications for Public Key Cryptography (2000)"},{"key":"4_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/978-3-642-04159-4_18","volume-title":"Selected Areas in Cryptography","author":"S. Indesteege","year":"2009","unstructured":"Indesteege, S., Mendel, F., Preneel, B., Rechberger, C.: Collisions and other nonrandom properties for step-reduced SHA-256. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol.\u00a05381, pp. 276\u2013293. Springer, Heidelberg (2009)"},{"key":"4_CR49","unstructured":"ISO\/IEC 7816, Information technology \u2013 Identification cards \u2013 Integrated circuit(s) cards with contacts \u2013 Part 4: Interindustry commands for interchange (1997)"},{"key":"4_CR50","unstructured":"ISO\/IEC 9797, Information technology \u2013 Security techniques \u2013 Message Authentication Codes (MACs), Part 1: Mechanisms using a block cipher, 1999, Part 2: Mechanisms using a hash-function (2002)"},{"key":"4_CR51","unstructured":"ISO\/IEC 10118, Information technology \u2013 Security techniques \u2013 Hash-functions, Part 1: General (2000), Part 2: Hash-functions using an n-bit block cipher algorithm (2000), Part 3: Dedicated hash-functions (2004), Part 4: Hash-functions using modular arithmetic (1998)"},{"key":"4_CR52","unstructured":"ISO\/IEC 14888-3, Information technology \u2013 Security techniques \u2013 Digital signatures with appendix, Part 3: Certificate-based mechanisms (2006)"},{"key":"4_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1007\/978-3-540-39887-5_11","volume-title":"Fast Software Encryption","author":"T. Iwata","year":"2003","unstructured":"Iwata, T., Kurosawa, K.: OMAC: One key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol.\u00a02887, pp. 129\u2013153. Springer, Heidelberg (2003)"},{"key":"4_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1007\/978-3-540-28628-8_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"A. Joux","year":"2004","unstructured":"Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M.K. (ed.) CRYPTO 2004. LNCS, vol.\u00a03152, pp. 306\u2013316. Springer, Heidelberg (2004)"},{"key":"4_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-04138-9_1","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2009","author":"E. K\u00e4sper","year":"2009","unstructured":"K\u00e4sper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol.\u00a05747, pp. 1\u201317. Springer, Heidelberg (2009)"},{"key":"4_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"284","DOI":"10.1007\/3-540-44706-7_20","volume-title":"Fast Software Encryption","author":"J. Katz","year":"2001","unstructured":"Katz, J., Yung, M.: Unforgeable encryption and chosen ciphertext secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol.\u00a01978, pp. 284\u2013299. Springer, Heidelberg (2001)"},{"key":"4_CR57","doi-asserted-by":"crossref","unstructured":"Kaufman, C.: Internet Key Exchange (IKEv2) Protocol, RFC 4306 (December 2005)","DOI":"10.17487\/rfc4306"},{"key":"4_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1007\/3-540-68697-5_19","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"J. Kelsey","year":"1996","unstructured":"Kelsey, J., Schneier, B., Wagner, D.: Key-schedule cryptoanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol.\u00a01109, pp. 237\u2013251. Springer, Heidelberg (1996)"},{"key":"4_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1007\/11832072_17","volume-title":"Security and Cryptography for Networks","author":"J. Kim","year":"2006","unstructured":"Kim, J., Biryukov, A., Preneel, B., Hong, S.: On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 security in communication networks. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol.\u00a04116, pp. 242\u2013256. Springer, Heidelberg (2006)"},{"key":"4_CR60","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in Cryptology, Proceedings Crypto 2010","author":"T. Kleinjung","year":"2010","unstructured":"Kleinjung, T., Aoki, K., Franke, J., Lenstra, A.K., Thom\u00e9, E., Bos, J.W., Gaudry, P., Kruppa, A., Montgomery, P.L., Osvik, D.A., te Riele, H., Timofeev, A., Zimmerman, P.: Factorization of a 768-bit RSA modulus, Advances in Cryptology. In: Rabin, T. (ed.) Advances in Cryptology, Proceedings Crypto 2010. LNCS, Springer, Heidelberg (2010)"},{"key":"4_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-642-10366-7_8","volume-title":"Asiacrypt 2009","author":"M. Lamberger","year":"2009","unstructured":"Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schl\u00e4ffer, M.: Rebound distinguishers: results on the full Whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol.\u00a05912, pp. 126\u2013143. Springer, Heidelberg (2009)"},{"key":"4_CR62","unstructured":"Lano, J.: Cryptanalysis and Design of Synchronous Stream Ciphers, PhD Thesis, COSIC, K.U.Leuven (June 2006)"},{"issue":"4","key":"4_CR63","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1007\/s00145-001-0009-4","volume":"14","author":"A.K. Lenstra","year":"2001","unstructured":"Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Cryptology\u00a014(4), 255\u2013293 (2001)","journal-title":"J. Cryptology"},{"key":"4_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/978-3-540-71039-4_26","volume-title":"Fast Software Encryption","author":"G. Leurent","year":"2008","unstructured":"Leurent, G.: MD4 is not one-way. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol.\u00a05086, pp. 412\u2013428. Springer, Heidelberg (2008)"},{"key":"4_CR65","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1007\/11535218_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"Y. Lu","year":"2005","unstructured":"Lu, Y., Meier, W., Vaudenay, S.: The conditional correlation attack: A practical attack on Bluetooth encryption. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 97\u2013117. Springer, Heidelberg (2005)"},{"key":"4_CR66","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1007\/3-540-44647-8_14","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"J. Manger","year":"2001","unstructured":"Manger, J.: A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS#1 v2.0. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, pp. 230\u2013238. Springer, Heidelberg (2001)"},{"key":"4_CR67","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-71039-4_2","volume-title":"Fast Software Encryption","author":"S. Manuel","year":"2008","unstructured":"Manuel, S., Peyrin, T.: Collisions on SHA-0 in one hour. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol.\u00a05086, pp. 16\u201335. Springer, Heidelberg (2008)"},{"issue":"2","key":"4_CR68","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1007\/BF00196792","volume":"3","author":"S.M. Matyas","year":"1991","unstructured":"Matyas, S.M.: Key Processing with Control Vectors. J. Cryptology\u00a03(2), 113\u2013136 (1991)","journal-title":"J. Cryptology"},{"key":"4_CR69","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"D. McGrew","year":"2004","unstructured":"McGrew, D., Viega, J.: The security and performance of the Galois\/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol.\u00a03348, pp. 343\u2013355. Springer, Heidelberg (2004), Full paper http:\/\/eprint.iacr.org\/2004\/193\/"},{"issue":"3","key":"4_CR70","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/BF02252874","volume":"1","author":"W. Meier","year":"1989","unstructured":"Meier, W., Staffelbach, O.: Fast correlation attacks on stream ciphers. J. Cryptology\u00a01(3), 159\u2013176 (1989)","journal-title":"J. Cryptology"},{"key":"4_CR71","volume-title":"Handbook of Applied Cryptography","author":"A.J. Menezes","year":"1997","unstructured":"Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)"},{"key":"4_CR72","unstructured":"NIST Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher (May 2004)"},{"key":"4_CR73","unstructured":"NIST Special Publication 800-38B, Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication (May 2005)"},{"key":"4_CR74","unstructured":"NIST Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality (May 2004)"},{"key":"4_CR75","unstructured":"NIST Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation: Galois\/Counter Mode (GCM) and GMAC (November 2007)"},{"key":"4_CR76","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11605805_1","volume-title":"Topics in Cryptology \u2013 CT-RSA 2006","author":"D. Osvik","year":"2006","unstructured":"Osvik, D., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol.\u00a03860, pp. 1\u201320. Springer, Heidelberg (2006), Extended version at www.wisdom.weizmann.ac.il\/~tromer\/papers\/cache.pdf"},{"key":"4_CR77","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1007\/978-3-540-24582-7_4","volume-title":"Progress in Cryptology - INDOCRYPT 2003","author":"S. Paul","year":"2003","unstructured":"Paul, S., Preneel, B.: Analysis of non-fortuitous predictive states of the RC4 key stream Generator. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol.\u00a02904, pp. 30\u201347. Springer, Heidelberg (2003)"},{"issue":"3","key":"4_CR78","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/s001450010009","volume":"13","author":"E. Petrank","year":"2000","unstructured":"Petrank, E., Rackoff, C.: CBC MAC for real-time data sources. J. Cryptology\u00a013(3), 315\u2013338 (2000)","journal-title":"J. Cryptology"},{"key":"4_CR79","doi-asserted-by":"crossref","unstructured":"Preneel, B.: The first 30 years of cryptographic hash functions and the NIST SHA-3 competition. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol.\u00a05985, pp. 1\u201314. Springer, Heidelberg (2010)","DOI":"10.1007\/978-3-642-11925-5_1"},{"key":"4_CR80","unstructured":"Preneel, B., Biryukov, A., De Canni\u00e8re, C., \u00d6rs, S.B., Oswald, E., Van Rompay, B., Granboulan, L., Dottax, E., Martinet, G., Murphy, S., Dent, A., Shipsey, R., Swart, C., White, J., Dichtl, M., Pyka, S., Schafheutle, M., Serf, P., Biham, E., Barkan, E., Braziler, Y., Dunkelman, O., Furman, V., Kenigsberg, D., Stolin, J., Quisquater, J.-J., Ciet, M., Sica, F., Raddum, H., Knudsen, L., Parker, M.: Final report of NESSIE, New European Schemes for Signatures, Integrity, and Encryption. LNCS. Springer, Heidelberg (in print)"},{"key":"4_CR81","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/3-540-60590-8","volume-title":"Advances in Cryptology - CRYPTO \u201995","author":"B. Preneel","year":"1995","unstructured":"Preneel, B., van Oorschot, P.C.: MDx-MAC and building fast MACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol.\u00a0963, pp. 1\u201314. Springer, Heidelberg (1995)"},{"key":"4_CR82","doi-asserted-by":"crossref","unstructured":"Rivest, R.L.: The MD5 message-digest algorithm, RFC 1321 (April 1992)","DOI":"10.17487\/rfc1321"},{"issue":"2","key":"4_CR83","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"R.L. Rivest","year":"1978","unstructured":"Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications ACM\u00a021(2), 120\u2013126 (1978)","journal-title":"Communications ACM"},{"key":"4_CR84","series-title":"Lecture Notes in Computer Science","first-page":"119","volume-title":"New Stream Cipher Designs \u2013 The eSTREAM Finalists","year":"2008","unstructured":"Robshaw, M.J.B., Billet, O. (eds.): New Stream Cipher Designs. LNCS, vol.\u00a04986, pp. 119\u2013139. Springer, Heidelberg (2008)"},{"key":"4_CR85","first-page":"195","volume-title":"ACM Conference on Computer and Communications Security","author":"P. Rogaway","year":"2001","unstructured":"Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: ACM Conference on Computer and Communications Security, pp. 195\u2013205. ACM Press, New York (2001)"},{"key":"4_CR86","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1007\/978-3-540-25937-4_24","volume-title":"Fast Software Encryption","author":"P. Rogaway","year":"2004","unstructured":"Rogaway, P., Shrimpton, T.: Cryptographic hash function basics: Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B.K., Meier, W. (eds.) FSE 2004. LNCS, vol.\u00a03017, pp. 371\u2013388. Springer, Heidelberg (2004)"},{"key":"4_CR87","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-82865-2","volume-title":"Analysis and Design of Stream Ciphers","author":"R.A. Rueppel","year":"1986","unstructured":"Rueppel, R.A.: Analysis and Design of Stream Ciphers. Springer, Heidelberg (1986)"},{"key":"4_CR88","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/978-3-540-89754-5_8","volume-title":"Progress in Cryptology - INDOCRYPT 2008","author":"S.K. Sanadhya","year":"2008","unstructured":"Sanadhya, S.K., Sarkar, P.: New collision attacks against up to 24-step SHA-2. In: Roy Chowdhury, D., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol.\u00a05365, pp. 91\u2013103. Springer, Heidelberg (2008)"},{"key":"4_CR89","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-642-01001-9_8","volume-title":"Eurocrypt 2009","author":"Y. Sasaki","year":"2010","unstructured":"Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol.\u00a05479, pp. 134\u2013152. Springer, Heidelberg (2010)"},{"key":"4_CR90","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-45146-4_1","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"A. Shamir","year":"2003","unstructured":"Shamir, A., Tromer, E.: Factoring large numbers with the TWIRL device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol.\u00a02729, pp. 1\u201326. Springer, Heidelberg (2003)"},{"key":"4_CR91","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/3-540-44647-8_15","volume-title":"Advances in Cryptology - CRYPTO 2001","author":"V. Shoup","year":"2001","unstructured":"Shoup, V.: OAEP reconsidered. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol.\u00a02139, pp. 239\u2013259. Springer, Heidelberg (2001)"},{"volume-title":"Contemporary Cryptology: The Science of Information Integrity","year":"1991","key":"4_CR92","unstructured":"Simmons, G.J. (ed.): Contemporary Cryptology: The Science of Information Integrity. IEEE Press, Los Alamitos (1991)"},{"key":"4_CR93","series-title":"Lecture Notes in Computer Science","first-page":"55","volume-title":"CRYPTO 2009","author":"A. Sotirov","year":"2009","unstructured":"Sotirov, A., Stevens, M., Appelbaum, J., Lenstra, A.K., Molnar, D., Osvik, D.A., de Weger, B.: Short chosen-prefix collisions for MD5 and the creation of a rogue CA certificate. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol.\u00a05677, pp. 55\u201369. Springer, Heidelberg (2009)"},{"key":"4_CR94","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-540-45238-6_6","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2003","author":"Y. Tsunoo","year":"2003","unstructured":"Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Walter, C.D., Ko\u00e7, \u00c7.K., Paar, C. (eds.) CHES 2003. LNCS, vol.\u00a02779, pp. 62\u201376. Springer, Heidelberg (2003)"},{"key":"4_CR95","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"318","DOI":"10.1007\/3-540-46877-3_29","volume-title":"Advances in Cryptology - EUROCRYPT \u201990","author":"P.C. Oorschot van","year":"1991","unstructured":"van Oorschot, P.C., Wiener, M.J.: A known plaintext attack on two-key triple encryption. In: Damg\u00e5rd, I.B. (ed.) EUROCRYPT 1990. LNCS, vol.\u00a0473, pp. 318\u2013325. Springer, Heidelberg (1991)"},{"issue":"1","key":"4_CR96","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/PL00003816","volume":"12","author":"P.C. Oorschot van","year":"1999","unstructured":"van Oorschot, P.C., Wiener, M.: Parallel collision search with cryptanalytic applications. J. Cryptology\u00a012(1), 1\u201328 (1999)","journal-title":"J. Cryptology"},{"key":"4_CR97","series-title":"Lecture Notes in Computer Science","first-page":"17","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X. Wang","year":"2005","unstructured":"Wang, X., Lin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 17\u201336. Springer, Heidelberg (2005)"},{"key":"4_CR98","series-title":"Lecture Notes in Computer Science","first-page":"19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X. Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 19\u201335. Springer, Heidelberg (2005)"},{"key":"4_CR99","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-642-01001-9_7","volume-title":"Eurocrypt 2009","author":"X. Wang","year":"2010","unstructured":"Wang, X., Yu, H., Wang, W., Zhang, H., Zhan, T.: Cryptanalysis on HMAC\/NMACMD5 and MD5-MAC. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol.\u00a05479, pp. 121\u2013133. Springer, Heidelberg (2010)"},{"key":"4_CR100","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/3-540-45661-9_14","volume-title":"Fast Software Encryption","author":"D. Watanabe","year":"2002","unstructured":"Watanabe, D., Furuya, S., Yoshida, H., Takaragi, K., Preneel, B.: A new keystream generator MUGI. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol.\u00a02365, pp. 179\u2013194. Springer, Heidelberg (2002)"},{"issue":"3","key":"4_CR101","doi-asserted-by":"publisher","first-page":"265","DOI":"10.1016\/0022-0000(81)90033-7","volume":"22","author":"M.N. Wegman","year":"1981","unstructured":"Wegman, M.N., Carter, J.L.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences\u00a022(3), 265\u2013279 (1981)","journal-title":"Journal of Computer and System Sciences"},{"key":"4_CR102","doi-asserted-by":"crossref","unstructured":"Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM), RFC 3610 (September 2003)","DOI":"10.17487\/rfc3610"},{"key":"#cr-split#-4_CR103.1","unstructured":"Wiener, M.J.: Efficient DES key search. Presented at the Rump Session of Crypto 1993 (1993);"},{"key":"#cr-split#-4_CR103.2","unstructured":"Stallings, W. (ed.): Reprinted in Practical Cryptography for Data Internetworks, pp. 31???79. IEEE Computer Society, Los Alamitos (1996)"},{"key":"4_CR104","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11599371_1","volume-title":"Cryptology and Network Security","author":"H. Yu","year":"2005","unstructured":"Yu, H., Wang, G., Zhang, G., Wang, X.: The Second-Preimage Attack on MD4. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol.\u00a03810, pp. 1\u201312. Springer, Heidelberg (2005)"}],"container-title":["Lecture Notes in Computer Science","Computer Network Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-14706-7_4.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,23]],"date-time":"2020-11-23T21:56:36Z","timestamp":1606168596000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-14706-7_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642147050","9783642147067"],"references-count":105,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-14706-7_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}