{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T09:28:30Z","timestamp":1743067710763,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":43,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783662467053"},{"type":"electronic","value":"9783662467060"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-662-46706-0_29","type":"book-chapter","created":{"date-parts":[[2015,4,17]],"date-time":"2015-04-17T22:15:01Z","timestamp":1429308901000},"page":"571-590","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Equivalent Key Recovery Attacks Against HMAC and NMAC with Whirlpool Reduced to 7 Rounds"],"prefix":"10.1007","author":[{"given":"Jian","family":"Guo","sequence":"first","affiliation":[]},{"given":"Yu","family":"Sasaki","sequence":"additional","affiliation":[]},{"given":"Lei","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Meiqin","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Long","family":"Wen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,4,19]]},"reference":[{"key":"29_CR1","unstructured":"Rijmen, V., Barreto, P.S.L.M.: The WHIRLPOOL Hashing Function. Submitted to NISSIE, September 2000"},{"key":"29_CR2","unstructured":"NESSIE: New European Schemes for Signatures, Integrity, and Encryption. IST-1999-12324. \n                      http:\/\/cryptonessie.org\/"},{"key":"29_CR3","unstructured":"Dai, W.: Crypto++ library. \n                      http:\/\/www.cryptopp.com\/"},{"key":"29_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/978-3-642-03317-9_16","volume-title":"Fast Software Encryption","author":"F Mendel","year":"2009","unstructured":"Mendel, F., Rechberger, C., Schl\u00e4ffer, M., Thomsen, S.S.: The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Gr\u00f8stl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260\u2013276. Springer, Heidelberg (2009)"},{"key":"29_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-642-10366-7_8","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M Lamberger","year":"2009","unstructured":"Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schl\u00e4ffer, M.: Rebound Distinguishers: Results on the Full Whirlpool Compression Function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126\u2013143. Springer, Heidelberg (2009)"},{"issue":"2","key":"29_CR6","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/s00145-013-9166-5","volume":"28","author":"M Lamberger","year":"2009","unstructured":"Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schl\u00e4ffer, M.: The Rebound Attack and Subspace Distinguishers: Application to Whirlpool. J. Cryptol. 28(2), 257\u2013296 (2009)","journal-title":"J. Cryptol."},{"key":"29_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/978-3-642-21702-9_22","volume-title":"Fast Software Encryption","author":"Y Sasaki","year":"2011","unstructured":"Sasaki, Y.: Meet-in-the-Middle Preimage Attacks on AES Hashing Modes and an Application to Whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378\u2013396. Springer, Heidelberg (2011)"},{"key":"29_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1007\/978-3-642-34047-5_8","volume-title":"FSE 2012","author":"S Wu","year":"2012","unstructured":"Wu, S., Feng, D., Wu, W., Guo, J., Dong, L., Zou, J.: (Pseudo) Preimage Attack on Round-Reduced Gr\u00f8stl Hash Function and Others. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 127\u2013145. Springer, Heidelberg (2012)"},{"key":"29_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"562","DOI":"10.1007\/978-3-642-34961-4_34","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"Y Sasaki","year":"2012","unstructured":"Sasaki, Y., Wang, L., Wu, S., Wu, W.: Investigating Fundamental Security Requirements on Whirlpool: Improved Preimage and Collision Attacks. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 562\u2013579. Springer, Heidelberg (2012)"},{"key":"29_CR10","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying Hash Functions for Message Authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1\u201315. Springer, Heidelberg (1996)"},{"key":"29_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/3-540-68339-9_3","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"B Preneel","year":"1996","unstructured":"Preneel, B., van Oorschot, P.C.: On the Security of Two MAC Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 19\u201332. Springer, Heidelberg (1996)"},{"key":"29_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"580","DOI":"10.1007\/978-3-642-34961-4_35","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"T Peyrin","year":"2012","unstructured":"Peyrin, T., Sasaki, Y., Wang, L.: Generic Related-Key Attacks for HMAC. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 580\u2013597. Springer, Heidelberg (2012)"},{"key":"29_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1007\/978-3-642-41383-4_6","volume-title":"Advances in Information and Computer Security","author":"Y Naito","year":"2013","unstructured":"Naito, Y., Sasaki, Y., Wang, L., Yasuda, K.: Generic State-Recovery and Forgery Attacks on ChopMD-MAC and on NMAC\/HMAC. In: Sakiyama, K., Terada, M. (eds.) IWSEC 2013. LNCS, vol. 8231, pp. 83\u201398. Springer, Heidelberg (2013)"},{"key":"29_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-42045-0_1","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"G Leurent","year":"2013","unstructured":"Leurent, G., Peyrin, T., Wang, L.: New Generic Attacks Against Hash-based MACs. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 1\u201320. Springer, Heidelberg (2013)"},{"key":"29_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/11935230_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"S Contini","year":"2006","unstructured":"Contini, S., Yin, Y.L.: Forgery and Partial Key-recovery Attacks on HMAC and NMAC Using Hash Collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37\u201353. Springer, Heidelberg (2006)"},{"key":"29_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/978-3-540-74143-5_2","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"P-A Fouque","year":"2007","unstructured":"Fouque, P.-A., Leurent, G., Nguyen, P.Q.: Full Key-recovery Attacks on HMAC\/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 13\u201330. Springer, Heidelberg (2007)"},{"key":"29_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/978-3-540-77366-5_13","volume-title":"Financial Cryptography and Data Security","author":"C Rechberger","year":"2007","unstructured":"Rechberger, C., Rijmen, V.: On Authentication with HMAC and Non-random Properties. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 119\u2013133. Springer, Heidelberg (2007)"},{"key":"29_CR18","first-page":"347","volume":"14","author":"C Rechberger","year":"2008","unstructured":"Rechberger, C., Rijmen, V.: New Results on NMAC\/HMAC When Instantiated With Popular Hash Functions. J. UCS 14, 347\u2013376 (2008)","journal-title":"J. UCS"},{"key":"29_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/978-3-540-71039-4_12","volume-title":"Fast Software Encryption","author":"E Lee","year":"2008","unstructured":"Lee, E., Chang, D., Kim, J.-S., Sung, J., Hong, S.H.: Second Preimage Attack on 3-Pass HAVAL and Partial Key-recovery Attacks on HMAC\/NMAC-3-Pass HAVAL. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 189\u2013206. Springer, Heidelberg (2008)"},{"key":"29_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/978-3-642-00843-6_25","volume-title":"Information Security Practice and Experience","author":"H Yu","year":"2009","unstructured":"Yu, H., Wang, X.: Full Key-recovery Attack on the HMAC\/NMAC Based on 3 and 4-Pass HAVAL. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 285\u2013297. Springer, Heidelberg (2009)"},{"key":"29_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1007\/978-3-662-43414-7_25","volume-title":"Selected Areas in Cryptography \u2013 SAC 2013","author":"Y Sasaki","year":"2014","unstructured":"Sasaki, Y., Wang, L.: Improved Single-key Distinguisher on HMAC-MD5 and Key Recovery Attacks on Sandwich-MAC-MD5. In: Lange, T., Lauter, K., Lison\u011bk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 493\u2013512. Springer, Heidelberg (2014)"},{"key":"29_CR22","unstructured":"European Union Agency for Network and Information Security: Algorithms, key sizes and parameters report, October 2013. \n                      http:\/\/www.enisa.europa.eu\/"},{"key":"29_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-642-42045-0_2","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"J Guo","year":"2013","unstructured":"Guo, J., Sasaki, Y., Wang, L., Wu, S.: Cryptanalysis of HMAC\/NMAC-Whirlpool. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 21\u201340. Springer, Heidelberg (2013)"},{"key":"29_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-642-38348-9_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"P Derbez","year":"2013","unstructured":"Derbez, P., Fouque, P.-A., Jean, J.: Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371\u2013387. Springer, Heidelberg (2013)"},{"key":"29_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1007\/978-3-642-17373-8_10","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"O Dunkelman","year":"2010","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: Improved Single-Key Attacks on 8-Round AES-192 and AES-256 [43]. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158\u2013176. Springer, Heidelberg (2010)"},{"key":"29_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/11535218_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17\u201336. Springer, Heidelberg (2005)"},{"key":"29_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-642-32009-5_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"S Knellwolf","year":"2012","unstructured":"Knellwolf, S., Khovratovich, D.: New Preimage Attacks Against Reduced SHA-1. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 367\u2013383. Springer, Heidelberg (2012)"},{"key":"29_CR28","doi-asserted-by":"crossref","unstructured":"Krawczyk, H.: RFC: HMAC-Based Extract-and-Expand Key Derivation Function (HKDF), May 2010. \n                      https:\/\/tools.ietf.org\/html\/rfc5869.txt","DOI":"10.17487\/rfc5869"},{"key":"29_CR29","unstructured":"U.S. Department of Commerce, National Institute of Standards and Technology: The Keyed-hash Message Authentication Code (HMAC) (Federal Information Processing Standards Publication 198), July 2008. \n                      http:\/\/csrc.nist.gov\/publications\/fips\/fips198-1\/FIPS-198-1_final.pdf"},{"key":"29_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M.: New Proofs for NMAC and HMAC: Security Without Collision-Resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602\u2013619. Springer, Heidelberg (2006)"},{"issue":"5","key":"29_CR31","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1145\/141809.141812","volume":"22","author":"G Tsudik","year":"1992","unstructured":"Tsudik, G.: Message Authentication with One-Way Hash Functions. SIGCOMM Comput. Commun. Rev. 22(5), 29\u201338 (1992)","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"29_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"578","DOI":"10.1007\/978-3-642-10366-7_34","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Y., Wang, L.: Preimages for Step-Reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578\u2013597. Springer, Heidelberg (2009)"},{"key":"29_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-642-17373-8_4","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Guo","year":"2010","unstructured":"Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced Meet-in-the-middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2 [43]. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56\u201375. Springer, Heidelberg (2010)"},{"key":"29_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1007\/978-3-642-22497-3_31","volume-title":"Information Security and Privacy","author":"L Wei","year":"2011","unstructured":"Wei, L., Rechberger, C., Guo, J., Wu, H., Wang, H., Ling, S.: Improved Meet-in-the-middle Cryptanalysis of KTANTAN (Poster). In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 433\u2013438. Springer, Heidelberg (2011)"},{"key":"29_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1007\/3-540-39799-X_16","volume-title":"Advances in Cryptology CRYPTO \u201985","author":"D Chaum","year":"1986","unstructured":"Chaum, D., Evertse, J.-H.: Cryptanalysis of DES with a Reduced Number of Rounds. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 192\u2013211. Springer, Heidelberg (1986)"},{"key":"29_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/978-3-540-71039-4_7","volume-title":"Fast Software Encryption","author":"H Demirci","year":"2008","unstructured":"Demirci, H., Sel\u00e7uk, A.A.: A Meet-in-the-Middle Attack on 8-Round AES. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 116\u2013126. Springer, Heidelberg (2008)"},{"key":"29_CR37","unstructured":"Gilbert, H., Minier, M.: A Collision Attack on 7 Rounds Rijndael. In: Third AES Candidate Conference (AES3), New York, pp. 230\u2013241 (2000)"},{"key":"29_CR38","unstructured":"Daemen, J., Rijmen, V.: AES Proposal: Rijndael (1998)"},{"key":"29_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-540-76900-2_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2007","author":"LR Knudsen","year":"2007","unstructured":"Knudsen, L.R., Rijmen, V.: Known-Key Distinguishers for Some Block Ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315\u2013324. Springer, Heidelberg (2007)"},{"key":"29_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-642-21031-0_17","volume-title":"Information Security Practice and Experience","author":"Y Wei","year":"2011","unstructured":"Wei, Y., Lu, J., Hu, Y.: Meet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher Under 192 Key Bits. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 222\u2013232. Springer, Heidelberg (2011)"},{"key":"29_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/978-3-540-73458-1_26","volume-title":"Information Security and Privacy","author":"K Yasuda","year":"2007","unstructured":"Yasuda, K.: Sandwich Is Indeed Secure: How to Authenticate a Message with Just One Hashing. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 355\u2013369. Springer, Heidelberg (2007)"},{"key":"29_CR42","unstructured":"Kaliski Jr., B.S., Robshaw, M.J.B.: Message Authentication with MD5. Technical report, CryptoBytes (1995)"},{"key":"29_CR43","series-title":"Lecture Notes in Computer Science","volume-title":"Advances in cryptology","year":"2010","unstructured":"Abe, M. (ed.): ASIACRYPT 2010. LNCS, vol. 6477. Springer, Heidelberg (2010)"}],"container-title":["Lecture Notes in Computer Science","Fast Software Encryption"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-46706-0_29","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T23:36:57Z","timestamp":1558309017000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-46706-0_29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783662467053","9783662467060"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-46706-0_29","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"19 April 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}