{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T08:39:39Z","timestamp":1765960779859},"publisher-location":"Berlin, Heidelberg","reference-count":56,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642400407"},{"type":"electronic","value":"9783642400414"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-40041-4_29","type":"book-chapter","created":{"date-parts":[[2013,8,14]],"date-time":"2013-08-14T09:04:31Z","timestamp":1376471071000},"page":"531-550","source":"Crossref","is-referenced-by-count":62,"title":["On the Indifferentiability of Key-Alternating Ciphers"],"prefix":"10.1007","author":[{"given":"Elena","family":"Andreeva","sequence":"first","affiliation":[]},{"given":"Andrey","family":"Bogdanov","sequence":"additional","affiliation":[]},{"given":"Yevgeniy","family":"Dodis","sequence":"additional","affiliation":[]},{"given":"Bart","family":"Mennink","sequence":"additional","affiliation":[]},{"given":"John P.","family":"Steinberger","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"29_CR1","unstructured":"Brachtl, B., Coppersmith, D., Hyden, M., Matyas, S., Meyer, C., Oseas, J., Pilpel, S., Schilling, M.: Data authentication using modification detection codes based on a public one-way encryption function, U.S.Patent No 4.908.861 (1990)"},{"key":"29_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/11799313_14","volume-title":"Fast Software Encryption","author":"S. Hirose","year":"2006","unstructured":"Hirose, S.: Some Plausible Constructions of Double-Block-Length Hash Functions. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol.\u00a04047, pp. 210\u2013225. Springer, Heidelberg (2006)"},{"key":"29_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/3-540-47555-9_5","volume-title":"Advances in Cryptology - EUROCRYPT \u201992","author":"X. Lai","year":"1993","unstructured":"Lai, X., Massey, J.L.: Hash Functions Based on Block Ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol.\u00a0658, pp. 55\u201370. Springer, Heidelberg (1993)"},{"key":"29_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology - CRYPTO \u201993","author":"B. Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash Functions Based on Block Ciphers: A Synthetic Approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol.\u00a0773, pp. 368\u2013378. Springer, Heidelberg (1994)"},{"key":"29_CR5","doi-asserted-by":"crossref","unstructured":"Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random Generation from one-way functions. In: ACM Symposium on Theory of Computing, STOC, Seattle, Washington, USA, pp. 12\u201324. ACM (1989)","DOI":"10.1145\/73007.73009"},{"key":"29_CR6","unstructured":"Goldreich, O., Goldwasser, S., Micali, S.: How to Construct Random Functions. In: 25th Annual Symposium on Foundations of Computer Science, FOCS, West Palm Beach, Florida, USA, pp. 464\u2013479. IEEE Computer Society (1984)"},{"key":"29_CR7","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1137\/0217022","volume":"17","author":"M. Luby","year":"1988","unstructured":"Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal of Computing\u00a017, 373\u2013386 (1988)","journal-title":"SIAM Journal of Computing"},{"key":"29_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/978-3-642-13190-5_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"A. Biryukov","year":"2010","unstructured":"Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., Shamir, A.: Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol.\u00a06110, pp. 299\u2013319. Springer, Heidelberg (2010)"},{"key":"29_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-10366-7_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"A. Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D.: Related-Key Cryptanalysis of the Full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol.\u00a05912, pp. 1\u201318. Springer, Heidelberg (2009)"},{"key":"29_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-642-03356-8_14","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"A. Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D., Nikoli\u0107, I.: Distinguisher and Related-Key Attack on the Full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol.\u00a05677, pp. 231\u2013249. Springer, Heidelberg (2009)"},{"key":"29_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1007\/978-3-642-25385-0_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"A. Bogdanov","year":"2011","unstructured":"Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique Cryptanalysis of the Full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol.\u00a07073, pp. 344\u2013371. Springer, Heidelberg (2011)"},{"key":"29_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/3-540-45708-9_21","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"J. Black","year":"2002","unstructured":"Black, J., Rogaway, P., Shrimpton, T.: Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol.\u00a02442, pp. 320\u2013335. Springer, Heidelberg (2002)"},{"key":"29_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"359","DOI":"10.1007\/3-540-44598-6_23","volume-title":"Advances in Cryptology - CRYPTO 2000","author":"A. Desai","year":"2000","unstructured":"Desai, A.: The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol.\u00a01880, pp. 359\u2013375. Springer, Heidelberg (2000)"},{"key":"29_CR14","series-title":"Lecture Notes in Computer Science","first-page":"201","volume-title":"Advances in Cryptology - ASIACRYPT \u201991","author":"S. Even","year":"1993","unstructured":"Even, S., Mansour, Y.: A Construction of a Cipher from a Single Pseudorandom Permutation. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol.\u00a0739, pp. 201\u2013224. Springer, Heidelberg (1993)"},{"key":"29_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"364","DOI":"10.1007\/3-540-36178-2_23","volume-title":"Advances in Cryptology - ASIACRYPT 2002","author":"L. Granboulan","year":"2002","unstructured":"Granboulan, L.: Short Signatures in the Random Oracle Model. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol.\u00a02501, pp. 364\u2013378. Springer, Heidelberg (2002)"},{"key":"29_CR16","unstructured":"Jonsson, J.: An OAEP Variant With a Tight Security Proof. Cryptology ePrint Archive. Report 2002\/034 (2002)"},{"key":"29_CR17","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/s001450010015","volume":"14","author":"J. Kilian","year":"2001","unstructured":"Kilian, J., Rogaway, P.: How to Protect DES against Exhaustive Key Search (An Analysis of DESX). Journal of Cryptology\u00a014, 17\u201335 (2001)","journal-title":"Journal of Cryptology"},{"key":"29_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-40061-5_1","volume-title":"Advances in Cryptology - ASIACRYPT 2003","author":"D.H. Phan","year":"2003","unstructured":"Phan, D.H., Pointcheval, D.: Chosen-Ciphertext Security without Redundancy. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol.\u00a02894, pp. 1\u201318. Springer, Heidelberg (2003)"},{"key":"29_CR19","doi-asserted-by":"crossref","unstructured":"Winternitz, R.S.: A Secure One-Way Hash Function Built from DES. In: IEEE Symposium on Security and Privacy, pp. 88\u201390. IEEE Computer Society (1984)","DOI":"10.1109\/SP.1984.10027"},{"key":"29_CR20","unstructured":"Handschuh, H., Naccache, D.: SHACAL. Submission to the NESSIE Project (2000)"},{"key":"29_CR21","unstructured":"Handschuh, H., Naccache, D.: SHACAL: A Family of Block Ciphers. Submission to the NESSIE Project (2002)"},{"key":"29_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/11799313_21","volume-title":"Fast Software Encryption","author":"J. Black","year":"2006","unstructured":"Black, J.: The Ideal-Cipher Model, Revisited: An Uninstantiable Blockcipher-Based Hash Function. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol.\u00a04047, pp. 328\u2013340. Springer, Heidelberg (2006)"},{"key":"29_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography","author":"U. Maurer","year":"2004","unstructured":"Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol.\u00a02951, pp. 21\u201339. Springer, Heidelberg (2004)"},{"key":"29_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J.S. Coron","year":"2005","unstructured":"Coron, J.S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd Revisited: How to Construct a Hash Function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 430\u2013448. Springer, Heidelberg (2005)"},{"key":"29_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/978-3-642-20465-4_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"T. Ristenpart","year":"2011","unstructured":"Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with Composition: Limitations of the Indifferentiability Framework. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol.\u00a06632, pp. 487\u2013506. Springer, Heidelberg (2011)"},{"key":"29_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"I. Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.: A Design Principle for Hash Functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 416\u2013427. Springer, Heidelberg (1990)"},{"key":"29_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"R.C. Merkle","year":"1990","unstructured":"Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 428\u2013446. Springer, Heidelberg (1990)"},{"key":"29_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/11935230_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"M. Bellare","year":"2006","unstructured":"Bellare, M., Ristenpart, T.: Multi-Property-Preserving Hash Domain Extension and the EMD Transform. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol.\u00a04284, pp. 299\u2013314. Springer, Heidelberg (2006)"},{"key":"29_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1007\/11935230_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"D. Chang","year":"2006","unstructured":"Chang, D., Lee, S., Nandi, M., Yung, M.: Indifferentiable Security Analysis of Popular Hash Functions with Prefix-Free Padding. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol.\u00a04284, pp. 283\u2013298. Springer, Heidelberg (2006)"},{"key":"29_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-85174-5_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"J.S. Coron","year":"2008","unstructured":"Coron, J.S., Patarin, J., Seurin, Y.: The Random Oracle Model and the Ideal Cipher Model are Equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol.\u00a05157, pp. 1\u201320. Springer, Heidelberg (2008)"},{"key":"29_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1007\/11681878_10","volume-title":"Theory of Cryptography","author":"Y. Dodis","year":"2006","unstructured":"Dodis, Y., Puniya, P.: On the Relation Between the Ideal Cipher and the Random Oracle Models. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol.\u00a03876, pp. 184\u2013206. Springer, Heidelberg (2006)"},{"key":"29_CR32","unstructured":"Seurin, Y.: Primitives et protocoles cryptographiques \u00e0 s\u00e9curit\u00e9 prouv\u00e9e. PhD thesis, Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines, France (2009)"},{"key":"29_CR33","doi-asserted-by":"crossref","unstructured":"Holenstein, T., K\u00fcnzler, R., Tessaro, S.: The equivalence of the random oracle model and the ideal cipher model, revisited. In: ACM Symposium on Theory of Computing, STOC, San Jose, CA, USA, pp. 89\u201398. ACM (2011)","DOI":"10.1145\/1993636.1993650"},{"key":"29_CR34","unstructured":"Aumasson, J., Henzen, L., Meier, W., Phan, R.: SHA-3 proposal BLAKE. Submission to NIST\u2019s SHA-3 Competition (2010)"},{"key":"29_CR35","unstructured":"Ferguson, N., Lucks, S., Schneier, B., Whiting, D., Bellare, M., Kohno, T., Callas, J., Walker, J.: The Skein Hash Function Family. Submission to NIST\u2019s SHA-3 Competition (2010)"},{"key":"29_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/3-540-60590-8_21","volume-title":"Fast Software Encryption","author":"J. Daemen","year":"1995","unstructured":"Daemen, J., Govaerts, R., Vandewalle, J.: Correlation Matrices. In: Preneel, B. (ed.) FSE 1994. LNCS, vol.\u00a01008, pp. 275\u2013285. Springer, Heidelberg (1995)"},{"key":"29_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/3-540-45325-3_20","volume-title":"Cryptography and Coding","author":"J. Daemen","year":"2001","unstructured":"Daemen, J., Rijmen, V.: The Wide Trail Design Strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol.\u00a02260, pp. 222\u2013238. Springer, Heidelberg (2001)"},{"key":"29_CR38","doi-asserted-by":"crossref","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer (2002)","DOI":"10.1007\/978-3-662-04722-4"},{"key":"29_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-642-29011-4_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A. Bogdanov","year":"2012","unstructured":"Bogdanov, A., Knudsen, L.R., Leander, G., Standaert, F.X., Steinberger, J., Tischhauser, E.: Key-Alternating Ciphers in a Provable Setting: Encryption Using a Small Number of Public Permutations. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol.\u00a07237, pp. 45\u201362. Springer, Heidelberg (2012)"},{"key":"29_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-642-29011-4_21","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"O. Dunkelman","year":"2012","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: Minimalism in Cryptography: The Even-Mansour Scheme Revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol.\u00a07237, pp. 336\u2013354. Springer, Heidelberg (2012)"},{"key":"29_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-540-78967-3_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"Y. Dodis","year":"2008","unstructured":"Dodis, Y., Pietrzak, K., Puniya, P.: A New Mode of Operation for Block Ciphers and Length-Preserving MACs. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol.\u00a04965, pp. 198\u2013219. Springer, Heidelberg (2008)"},{"key":"29_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/978-3-642-03317-9_7","volume-title":"Fast Software Encryption","author":"Y. Dodis","year":"2009","unstructured":"Dodis, Y., Reyzin, L., Rivest, R., Shen, E.: Indifferentiability of Permutation-Based Compression Functions and Tree-Based Modes of Operation, with Applications to MD6. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol.\u00a05665, pp. 104\u2013121. Springer, Heidelberg (2009)"},{"key":"29_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-11799-2_17","volume-title":"Theory of Cryptography","author":"J.S. Coron","year":"2010","unstructured":"Coron, J.S., Dodis, Y., Mandal, A., Seurin, Y.: A Domain Extender for the Ideal Cipher. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol.\u00a05978, pp. 273\u2013289. Springer, Heidelberg (2010)"},{"key":"29_CR44","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Assche, G.: The KECCAK sponge function family. Submission to NIST\u2019s SHA-3 Competition (2011)"},{"key":"29_CR45","unstructured":"Gauravaram, P., Knudsen, L., Matusiewicz, K., Mendel, F., Rechberger, C., Schl\u00e4ffer, M., Thomsen, S.: Gr\u00f8stl \u2013 a SHA-3 candidate. Submission to NIST\u2019s SHA-3 Competition (2011)"},{"key":"29_CR46","unstructured":"Wu, H.: The Hash Function JH. Submission to NIST\u2019s SHA-3 Competition (2011)"},{"key":"29_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1007\/978-3-540-85174-5_24","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"P. Rogaway","year":"2008","unstructured":"Rogaway, P., Steinberger, J.P.: Constructing Cryptographic Hash Functions from Fixed-Key Blockciphers. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol.\u00a05157, pp. 433\u2013450. Springer, Heidelberg (2008)"},{"key":"29_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/978-3-540-78967-3_13","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"P. Rogaway","year":"2008","unstructured":"Rogaway, P., Steinberger, J.P.: Security\/Efficiency Tradeoffs for Permutation-Based Hashing. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol.\u00a04965, pp. 220\u2013236. Springer, Heidelberg (2008)"},{"key":"29_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-78967-3_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"G. Bertoni","year":"2008","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the Indifferentiability of the Sponge Construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol.\u00a04965, pp. 181\u2013197. Springer, Heidelberg (2008)"},{"key":"29_CR50","doi-asserted-by":"publisher","first-page":"1992","DOI":"10.1109\/TIT.2011.2173655","volume":"58","author":"J. Lee","year":"2012","unstructured":"Lee, J., Hong, D.: Collision Resistance of the JH Hash Function. IEEE Transactions on Information Theory\u00a058, 1992\u20131995 (2012)","journal-title":"IEEE Transactions on Information Theory"},{"key":"29_CR51","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/978-3-642-40041-4_29","volume-title":"CRYPTO 2013","author":"E. Andreeva","year":"2013","unstructured":"Andreeva, E., Bogdanov, A., Dodis, Y., Mennink, B., Steinberger, J.P.: On the Indifferentiability of Key-Alternating Ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol.\u00a08042, pp. 531\u2013550. Springer, Heidelberg (2013), Cryptology ePrint Archive, Report 2013\/061"},{"key":"29_CR52","doi-asserted-by":"crossref","unstructured":"Lampe, R., Seurin, Y.: How to Construct an Ideal Cipher from a Small Set of Public Permutations. Cryptology ePrint Archive. Report 2013\/255 (2013)","DOI":"10.1007\/978-3-642-42033-7_23"},{"key":"29_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-642-01001-9_22","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"Y. Dodis","year":"2009","unstructured":"Dodis, Y., Ristenpart, T., Shrimpton, T.: Salvaging Merkle-Damg\u00e5rd for Practical Applications. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol.\u00a05479, pp. 371\u2013388. Springer, Heidelberg (2009)"},{"key":"29_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1007\/978-3-642-32009-5_5","volume-title":"CRYPTO 2012","author":"E. Miles","year":"2012","unstructured":"Miles, E., Viola, E.: Substitution-Permutation Networks, Pseudorandom Functions, and Natural Proofs. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol.\u00a07417, pp. 68\u201385. Springer, Heidelberg (2012)"},{"key":"29_CR55","doi-asserted-by":"crossref","unstructured":"Knudsen, L.: Block Ciphers - The Basics, ECRYPT II Summer School on Design and Security of Cryptographic Algorithms and Devices (2011) (invited talk)","DOI":"10.1007\/978-3-642-17342-4_4"},{"key":"29_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"664","DOI":"10.1007\/978-3-642-38348-9_39","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"G. Demay","year":"2013","unstructured":"Demay, G., Ga\u017ei, P., Hirt, M., Maurer, U.: Resource-Restricted Indifferentiability. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol.\u00a07881, pp. 664\u2013683. Springer, Heidelberg (2013)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2013"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-40041-4_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,16]],"date-time":"2019-05-16T15:51:44Z","timestamp":1558021904000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-40041-4_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642400407","9783642400414"],"references-count":56,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-40041-4_29","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}