{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,2]],"date-time":"2025-05-02T16:46:18Z","timestamp":1746204378276},"publisher-location":"Berlin, Heidelberg","reference-count":49,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783662434130"},{"type":"electronic","value":"9783662434147"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-662-43414-7_25","type":"book-chapter","created":{"date-parts":[[2014,5,20]],"date-time":"2014-05-20T14:57:06Z","timestamp":1400597826000},"page":"493-512","source":"Crossref","is-referenced-by-count":5,"title":["Improved Single-Key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5"],"prefix":"10.1007","author":[{"given":"Yu","family":"Sasaki","sequence":"first","affiliation":[]},{"given":"Lei","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,5,21]]},"reference":[{"key":"25_CR1","unstructured":"Rivest, R.L.: Request for Comments 1321: The MD5 Message Digest Algorithm. The Internet Engineering Task Force (1992). \n                      http:\/\/www.ietf.org\/rfc\/rfc1321.txt"},{"key":"25_CR2","unstructured":"U.S. Department of Commerce, National Institute of Standards and Technology: Secure Hash Standard (SHS) (Federal Information Processing Standards Publication 180\u20133) (2008). \n                      http:\/\/csrc.nist.gov\/publications\/fips\/fips180-3\/fips180-3_final.pdf"},{"issue":"5","key":"25_CR3","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1145\/141809.141812","volume":"22","author":"G Tsudik","year":"1992","unstructured":"Tsudik, G.: Message authentication with one-way hash functions. ACM SIGCOMM Comput. Commun. Rev. 22(5), 29\u201338 (1992)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"25_CR4","series-title":"LNCS","first-page":"1","volume-title":"CRYPTO 1995","author":"B Preneel","year":"1995","unstructured":"Preneel, B., van Oorschot, P.C.: MDx-MAC and building fast MACs from hash functions. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 1\u201314. Springer, Heidelberg (1995)"},{"key":"25_CR5","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"CRYPTO 2005","author":"J-S Coron","year":"2005","unstructured":"Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd revisited: how to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430\u2013448. Springer, Heidelberg (2005)"},{"key":"25_CR6","unstructured":"U.S. Department of Commerce, National Institute of Standards and Technology: Federal Register, vol. 72, no. 212, November 2, 2007\/Notices (2007). \n                      http:\/\/csrc.nist.gov\/groups\/ST\/hash\/documents\/FR_Notice_Nov07.pdf"},{"key":"25_CR7","series-title":"LNCS","first-page":"1","volume-title":"CRYPTO 1996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1\u201315. Springer, Heidelberg (1996)"},{"key":"25_CR8","unstructured":"Kaliski Jr., B.S., Robshaw, M.J.B.: Message authentication with MD5. Technical report, CryptoBytes (1995)"},{"key":"25_CR9","unstructured":"Metzger, P., Simpson, W.A.: Request for Comments 1852: IP Authentication using Keyed SHA. The Internet Engineering Task Force (1995). \n                      http:\/\/www.ietf.org\/rfc\/rfc1852.txt"},{"key":"25_CR10","series-title":"LNCS","first-page":"19","volume-title":"EUROCRYPT 1996","author":"B Preneel","year":"1996","unstructured":"Preneel, B., van Oorschot, P.C.: On the security of two MAC algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 19\u201332. Springer, Heidelberg (1996)"},{"key":"25_CR11","unstructured":"U.S. Department of Commerce, National Institute of Standards and Technology: The Keyed-Hash Message Authentication Code (HMAC) (Federal Information Processing Standards Publication 198), July 2008. \n                      http:\/\/csrc.nist.gov\/publications\/fips\/fips198-1\/FIPS-198-1_final.pdf"},{"key":"25_CR12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"CRYPTO 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602\u2013619. Springer, Heidelberg (2006)"},{"key":"25_CR13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1007\/978-3-540-77026-8_3","volume-title":"INDOCRYPT 2007","author":"K Yasuda","year":"2007","unstructured":"Yasuda, K.: Multilane HMAC\u2014 security beyond the birthday limit. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 18\u201332. Springer, Heidelberg (2007)"},{"key":"25_CR14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"216","DOI":"10.1007\/978-3-540-76900-2_13","volume-title":"ASIACRYPT 2007","author":"K Yasuda","year":"2007","unstructured":"Yasuda, K.: Boosting Merkle-Damg\u00e5rd hashing for message authentication. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 216\u2013231. Springer, Heidelberg (2007)"},{"key":"25_CR15","series-title":"LNCS","first-page":"355","volume-title":"ACISP 2007","author":"K Yasuda","year":"2007","unstructured":"Yasuda, K.: \u201cSandwich\u201d is indeed secure: how to authenticate a message with just one hashing. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 355\u2013369. Springer, Heidelberg (2007)"},{"key":"25_CR16","series-title":"LNCS","first-page":"443","volume-title":"ISC 2009","author":"K Yasuda","year":"2009","unstructured":"Yasuda, K.: HMAC without the \u201csecond\u201d key. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 443\u2013458. Springer, Heidelberg (2009)"},{"key":"25_CR17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1007\/978-3-540-77026-8_31","volume-title":"INDOCRYPT 2007","author":"P Gauravaram","year":"2007","unstructured":"Gauravaram, P., Okeya, K.: An update on the side channel cryptanalysis of MACs based on cryptographic hash functions. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 393\u2013403. Springer, Heidelberg (2007)"},{"key":"25_CR18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"580","DOI":"10.1007\/978-3-642-34961-4_35","volume-title":"ASIACRYPT 2012","author":"T Peyrin","year":"2012","unstructured":"Peyrin, T., Sasaki, Y., Wang, L.: Generic related-key attacks for HMAC. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 580\u2013597. Springer, Heidelberg (2012)"},{"key":"25_CR19","series-title":"LNCS","first-page":"353","volume-title":"SAC 2002","author":"S Patel","year":"2003","unstructured":"Patel, S.: An efficient MAC for short messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 353\u2013368. Springer, Heidelberg (2003)"},{"key":"25_CR20","series-title":"LNCS","first-page":"309","volume-title":"FSE 2007","author":"G Leurent","year":"2007","unstructured":"Leurent, G.: Message freedom in MD4 and MD5 collisions: application to APOP. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 309\u2013328. Springer, Heidelberg (2007)"},{"key":"25_CR21","series-title":"LNCS","first-page":"1","volume-title":"CT-RSA 2008","author":"Y Sasaki","year":"2008","unstructured":"Sasaki, Y., Wang, L., Ohta, K., Kunihiro, N.: Security of MD5 challenge and response: extension of APOP password recovery attack. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 1\u201318. Springer, Heidelberg (2008)"},{"key":"25_CR22","unstructured":"Sasaki, Y., Yamamoto, G., Aoki, K.: Practical password recovery on an MD5 challenge and response. Cryptology ePrint Archive, Report 2007\/101 (2007). \n                      http:\/\/eprint.iacr.org\/2007\/101"},{"key":"25_CR23","series-title":"LNCS","first-page":"3","volume-title":"IWSEC 2009","author":"L Wang","year":"2009","unstructured":"Wang, L., Sasaki, Y., Sakiyama, K., Ohta, K.: Bit-free collision: application to APOP attack. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 3\u201321. Springer, Heidelberg (2009)"},{"key":"25_CR24","doi-asserted-by":"crossref","unstructured":"Myers, J., Rose, M.: Post office protocol - version 3. RFC 1939 (Standard), May 1996. Updated by RFCs 1957, 2449. \n                      http:\/\/www.ietf.org\/rfc\/rfc1939.txt","DOI":"10.17487\/rfc1939"},{"key":"25_CR25","series-title":"LNCS","first-page":"242","volume-title":"SCN 2006","author":"J-S Kim","year":"2006","unstructured":"Kim, J.-S., Biryukov, A., Preneel, B., Hong, S.H.: On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (extended abstract). In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 242\u2013256. Springer, Heidelberg (2006)"},{"key":"25_CR26","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/11935230_3","volume-title":"ASIACRYPT 2006","author":"S Contini","year":"2006","unstructured":"Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37\u201353. Springer, Heidelberg (2006)"},{"key":"25_CR27","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/978-3-540-74143-5_2","volume-title":"CRYPTO 2007","author":"P-A Fouque","year":"2007","unstructured":"Fouque, P.-A., Leurent, G., Nguyen, P.Q.: Full key-recovery attacks on HMAC\/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 13\u201330. Springer, Heidelberg (2007)"},{"key":"25_CR28","series-title":"LNCS","first-page":"189","volume-title":"FSE 2008","author":"E Lee","year":"2008","unstructured":"Lee, E., Chang, D., Kim, J.-S., Sung, J., Hong, S.H.: Second preimage attack on 3-Pass HAVAL and partial key-recovery attacks on HMAC\/NMAC-3-pass HAVAL. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 189\u2013206. Springer, Heidelberg (2008)"},{"key":"25_CR29","series-title":"LNCS","first-page":"119","volume-title":"FC 2007 and USEC 2007","author":"C Rechberger","year":"2007","unstructured":"Rechberger, C., Rijmen, V.: On authentication with HMAC and Non-random properties. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 119\u2013133. Springer, Heidelberg (2007)"},{"issue":"3","key":"25_CR30","first-page":"347","volume":"14","author":"C Rechberger","year":"2008","unstructured":"Rechberger, C., Rijmen, V.: New results on NMAC\/HMAC when instantiated with popular hash functions. J. Univ. Comput. Sci. 14(3), 347\u2013376 (2008)","journal-title":"J. Univ. Comput. Sci."},{"key":"25_CR31","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/978-3-540-78967-3_14","volume-title":"EUROCRYPT 2008","author":"L Wang","year":"2008","unstructured":"Wang, L., Ohta, K., Kunihiro, N.: New key-recovery attacks on HMAC\/NMAC-MD4 and NMAC-MD5. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 237\u2013253. Springer, Heidelberg (2008)"},{"key":"25_CR32","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-642-01001-9_7","volume-title":"EUROCRYPT 2009","author":"X Wang","year":"2009","unstructured":"Wang, X., Yu, H., Wang, W., Zhang, H., Zhan, T.: Cryptanalysis on HMAC\/NMAC-MD5 and MD5-MAC. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 121\u2013133. Springer, Heidelberg (2009)"},{"key":"25_CR33","series-title":"LNCS","first-page":"87","volume-title":"FSE 2007","author":"H Wu","year":"2007","unstructured":"Wu, H., Preneel, B.: Differential-linear attacks against the stream cipher phelix. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 87\u2013100. Springer, Heidelberg (2007)"},{"key":"25_CR34","series-title":"LNCS","first-page":"293","volume-title":"EUROCRYPT 1993","author":"B Boer den","year":"1994","unstructured":"den Boer, B., Bosselaers, A.: Collisions for the compression function of MD-5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293\u2013304. Springer, Heidelberg (1994)"},{"key":"25_CR35","unstructured":"Klima, V.: Tunnels in hash functions: MD5 collisions within a minute. IACR Cryptology ePrint Archive: Report 2006\/105 (2006). \n                      http:\/\/eprint.iacr.org\/2006\/105.pdf"},{"key":"25_CR36","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11426639_2","volume-title":"EUROCRYPT 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19\u201335. Springer, Heidelberg (2005)"},{"key":"25_CR37","unstructured":"Xie, T., Feng, D.: How to find weak input differences for MD5 collision attacks. Cryptology ePrint Archive, Report 2009\/223 (2009) Version 20090530:102049. \n                      http:\/\/eprint.iacr.org\/2009\/223"},{"key":"25_CR38","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11935230_1","volume-title":"ASIACRYPT 2006","author":"C Canni\u00e8re De","year":"2006","unstructured":"De Canni\u00e8re, C., Rechberger, C.: Finding SHA-1 characteristics: general results and applications. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 1\u201320. Springer, Heidelberg (2006)"},{"key":"25_CR39","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-642-10366-7_9","volume-title":"ASIACRYPT 2009","author":"F Mendel","year":"2009","unstructured":"Mendel, F., Rechberger, C., Schl\u00e4ffer, M.: MD5 Is weaker than weak: attacks on concatenated combiners. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 144\u2013161. Springer, Heidelberg (2009)"},{"issue":"6","key":"25_CR40","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1109\/C-M.1977.217750","volume":"10","author":"W Diffie","year":"1977","unstructured":"Diffie, W., Hellman, M.E.: Exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6), 74\u201384 (1977)","journal-title":"Computer"},{"key":"25_CR41","series-title":"LNCS","first-page":"229","volume-title":"SAC 2010","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 229\u2013240. Springer, Heidelberg (2011)"},{"key":"25_CR42","series-title":"LNCS","first-page":"202","volume-title":"SAC 2012","author":"T Isobe","year":"2013","unstructured":"Isobe, T., Shibutani, K.: All subkeys recovery attack on block ciphers: extending meet-in-the-middle approach. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 202\u2013221. Springer, Heidelberg (2013)"},{"key":"25_CR43","series-title":"LNCS","first-page":"103","volume-title":"SAC 2008","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Sasaki, Y.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103\u2013119. Springer, Heidelberg (2009)"},{"key":"25_CR44","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-642-01001-9_8","volume-title":"EUROCRYPT 2009","author":"Y Sasaki","year":"2009","unstructured":"Sasaki, Y., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134\u2013152. Springer, Heidelberg (2009)"},{"key":"25_CR45","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"578","DOI":"10.1007\/978-3-642-10366-7_34","volume-title":"ASIACRYPT 2009","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L.: Preimages for step-reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578\u2013597. Springer, Heidelberg (2009)"},{"key":"25_CR46","volume-title":"Handbook of Applied Cryptography","author":"AJ Menezes","year":"1997","unstructured":"Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)"},{"key":"25_CR47","series-title":"LNCS","first-page":"368","volume-title":"CRYPTO 1993","author":"B Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368\u2013378. Springer, Heidelberg (1994)"},{"key":"25_CR48","series-title":"LNCS","first-page":"432","volume-title":"ACISP 2006","author":"K Okeya","year":"2006","unstructured":"Okeya, K.: Side channel attacks against HMACs based on block-cipher based hash functions. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 432\u2013443. Springer, Heidelberg (2006)"},{"issue":"1","key":"25_CR49","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1093\/ietfec\/e91-a.1.168","volume":"91\u2013A","author":"K Okeya","year":"2008","unstructured":"Okeya, K.: Side channel attacks against hash-based MACs with PGV compression functions. IEICE Transactions 91\u2013A(1), 168\u2013175 (2008)","journal-title":"IEICE Transactions"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography -- SAC 2013"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-43414-7_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,26]],"date-time":"2019-05-26T21:37:45Z","timestamp":1558906665000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-43414-7_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783662434130","9783662434147"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-43414-7_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}