{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,5]],"date-time":"2025-10-05T04:35:41Z","timestamp":1759638941126,"version":"3.40.4"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642413827"},{"type":"electronic","value":"9783642413834"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41383-4_6","type":"book-chapter","created":{"date-parts":[[2013,11,11]],"date-time":"2013-11-11T09:37:33Z","timestamp":1384162653000},"page":"83-98","source":"Crossref","is-referenced-by-count":12,"title":["Generic State-Recovery and Forgery Attacks on ChopMD-MAC and on NMAC\/HMAC"],"prefix":"10.1007","author":[{"given":"Yusuke","family":"Naito","sequence":"first","affiliation":[]},{"given":"Yu","family":"Sasaki","sequence":"additional","affiliation":[]},{"given":"Lei","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Kan","family":"Yasuda","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"6_CR1","unstructured":"Barreto, P.S.L.M., Rijmen, V.: The Whirlpool hashing function. NESSIE (2003)"},{"key":"6_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M. Bellare","year":"2006","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: Security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol.\u00a04117, pp. 602\u2013619. Springer, Heidelberg (2006)"},{"key":"6_CR3","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"M. Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol.\u00a01109, pp. 1\u201315. Springer, Heidelberg (1996)"},{"key":"6_CR4","doi-asserted-by":"crossref","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: The cascade construction and its concrete security. In: FOCS 1996, pp. 514\u2013523. IEEE Computer Society (1996)","DOI":"10.1109\/SFCS.1996.548510"},{"key":"6_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/978-3-540-71039-4_27","volume-title":"Fast Software Encryption","author":"D. Chang","year":"2008","unstructured":"Chang, D., Nandi, M.: Improved indifferentiability security analysis of chopMD hash function. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol.\u00a05086, pp. 429\u2013443. Springer, Heidelberg (2008)"},{"key":"6_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/11935230_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"S. Contini","year":"2006","unstructured":"Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol.\u00a04284, pp. 37\u201353. Springer, Heidelberg (2006)"},{"key":"6_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J.-S. Coron","year":"2005","unstructured":"Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd revisited: How to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol.\u00a03621, pp. 430\u2013448. Springer, Heidelberg (2005)"},{"key":"6_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"I.B. Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 416\u2013427. Springer, Heidelberg (1990)"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Daubignard, M., Fouque, P.-A., Lakhnech, Y.: Generic indifferentiability proofs of hash designs. In: Chong, S. (ed.) CSF 2012, pp. 340\u2013353. IEEE (2012)","DOI":"10.1109\/CSF.2012.13"},{"key":"6_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/3-540-60865-6_44","volume-title":"Fast Software Encryption","author":"H. Dobbertin","year":"1996","unstructured":"Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: A strengthened version of RIPEMD. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol.\u00a01039, pp. 71\u201382. Springer, Heidelberg (1996)"},{"key":"6_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/978-3-642-03356-8_16","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"Y. Dodis","year":"2009","unstructured":"Dodis, Y., Steinberger, J.: Message authentication codes from unpredictable block ciphers. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol.\u00a05677, pp. 267\u2013285. Springer, Heidelberg (2009)"},{"key":"6_CR12","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: ALRED blues: New attacks on AES-based MAC\u2019s. Cryptology ePrint Archive, Report 2011\/095 (2011)"},{"key":"6_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/978-3-540-74143-5_2","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"P.-A. Fouque","year":"2007","unstructured":"Fouque, P.-A., Leurent, G., Nguyen, P.Q.: Full key-recovery attacks on HMAC\/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol.\u00a04622, pp. 13\u201330. Springer, Heidelberg (2007)"},{"key":"6_CR14","unstructured":"Gallagher, P.: Secure hash standard (SHS). FIPS PUB 180-3, NIST (2008)"},{"key":"6_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1007\/11832072_17","volume-title":"Security and Cryptography for Networks","author":"J. Kim","year":"2006","unstructured":"Kim, J., Biryukov, A., Preneel, B., Hong, S.: On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract). In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol.\u00a04116, pp. 242\u2013256. Springer, Heidelberg (2006)"},{"key":"6_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/978-3-540-71039-4_12","volume-title":"Fast Software Encryption","author":"E. Lee","year":"2008","unstructured":"Lee, E., Chang, D., Kim, J., Sung, J., Hong, S.: Second preimage attack on 3-Pass HAVAL and partial key-recovery attacks on HMAC\/NMAC-3-Pass HAVAL. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol.\u00a05086, pp. 189\u2013206. Springer, Heidelberg (2008)"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Leurent, G., Peyrin, T., Wang, L.: New Generic Attacks Against Hash-based MACs. In: ASIACRYPT 2013 (2013)","DOI":"10.1007\/978-3-642-42045-0_1"},{"key":"6_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography","author":"U. Maurer","year":"2004","unstructured":"Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol.\u00a02951, pp. 21\u201339. Springer, Heidelberg (2004)"},{"key":"6_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"R.C. Merkle","year":"1990","unstructured":"Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol.\u00a0435, pp. 428\u2013446. Springer, Heidelberg (1990)"},{"key":"6_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"580","DOI":"10.1007\/978-3-642-34961-4_35","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"T. Peyrin","year":"2012","unstructured":"Peyrin, T., Sasaki, Y., Wang, L.: Generic related-key attacks for HMAC. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol.\u00a07658, pp. 580\u2013597. Springer, Heidelberg (2012)"},{"issue":"3","key":"6_CR21","first-page":"347","volume":"14","author":"C. Rechberger","year":"2008","unstructured":"Rechberger, C., Rijmen, V.: New results on NMAC\/HMAC when instantiated with popular hash functions. J. UCS\u00a014(3), 347\u2013376 (2008)","journal-title":"J. UCS"},{"key":"6_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/978-3-540-77366-5_13","volume-title":"Financial Cryptography and Data Security","author":"C. Rechberger","year":"2007","unstructured":"Rechberger, C., Rijmen, V.: On authentication with HMAC and non-random properties. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol.\u00a04886, pp. 119\u2013133. Springer, Heidelberg (2007)"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with composition: Limitations of indifferentiability and universal composability. Cryptology ePrint Archive, Report 2011\/339 (2011)","DOI":"10.1007\/978-3-642-20465-4_27"},{"key":"6_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/978-3-642-20465-4_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"T. Ristenpart","year":"2011","unstructured":"Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with composition: Limitations of the indifferentiability framework. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol.\u00a06632, pp. 487\u2013506. Springer, Heidelberg (2011)"},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Rivest, R.L.: The MD5 message-digest algorithm. RFC 1321, IETF (1992)","DOI":"10.17487\/rfc1321"},{"key":"6_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-642-29011-4_25","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"Y. Sasaki","year":"2012","unstructured":"Sasaki, Y.: Cryptanalyses on a Merkle-Damg\u00e5rd based MAC\u2014almost universal forgery and distinguishing-H attacks. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol.\u00a07237, pp. 411\u2013427. Springer, Heidelberg (2012)"},{"key":"6_CR27","doi-asserted-by":"crossref","unstructured":"Sasaki, Y., Wang, L.: Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5. In: Selected Areas in Cryptography (2013)","DOI":"10.1007\/978-3-662-43414-7_25"},{"key":"6_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/11927587_5","volume-title":"Information Security and Cryptology \u2013 ICISC 2006","author":"K. Suzuki","year":"2006","unstructured":"Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multi-collisions. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol.\u00a04296, pp. 29\u201340. Springer, Heidelberg (2006)"},{"issue":"1","key":"6_CR29","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1093\/ietfec\/e91-a.1.39","volume":"91-A","author":"K. Suzuki","year":"2008","unstructured":"Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday paradox for multi-collisions. IEICE Transactions\u00a091-A(1), 39\u201345 (2008)","journal-title":"IEICE Transactions"},{"key":"6_CR30","doi-asserted-by":"crossref","unstructured":"Tsudik, G.: Message authentication with one-way hash functions. In: INFOCOM 1992, vol.\u00a03, pp. 2055\u20132059. IEEE (1992)","DOI":"10.1109\/INFCOM.1992.263477"},{"key":"6_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/978-3-540-78967-3_14","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"L. Wang","year":"2008","unstructured":"Wang, L., Ohta, K., Kunihiro, N.: New key-recovery attacks on HMAC\/NMAC-MD4 and NMAC-MD5. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol.\u00a04965, pp. 237\u2013253. Springer, Heidelberg (2008)"},{"key":"6_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-642-01001-9_7","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"X. Wang","year":"2009","unstructured":"Wang, X., Yu, H., Wang, W., Zhang, H., Zhan, T.: Cryptanalysis on HMAC\/NMAC-MD5 and MD5-MAC. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol.\u00a05479, pp. 121\u2013133. Springer, Heidelberg (2009)"}],"container-title":["Lecture Notes in Computer Science","Advances in Information and Computer Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41383-4_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T20:09:06Z","timestamp":1746043746000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41383-4_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642413827","9783642413834"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41383-4_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}