{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,15]],"date-time":"2026-07-15T03:37:53Z","timestamp":1784086673820,"version":"3.55.0"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662467992","type":"print"},{"value":"9783662468005","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-662-46800-5_15","type":"book-chapter","created":{"date-parts":[[2015,4,13]],"date-time":"2015-04-13T04:29:09Z","timestamp":1428899349000},"page":"368-397","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":252,"title":["SPHINCS: Practical Stateless Hash-Based Signatures"],"prefix":"10.1007","author":[{"given":"Daniel J.","family":"Bernstein","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Daira","family":"Hopwood","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andreas","family":"H\u00fclsing","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tanja","family":"Lange","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Ruben","family":"Niederhagen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Louiza","family":"Papachristodoulou","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michael","family":"Schneider","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Peter","family":"Schwabe","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zooko","family":"Wilcox-O\u2019Hearn","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2015,4,14]]},"reference":[{"key":"15_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"489","DOI":"10.1007\/978-3-642-34931-7_28","volume-title":"Progress in Cryptology - INDOCRYPT 2012","author":"J-P Aumasson","year":"2012","unstructured":"Aumasson, J.-P., Bernstein, D.J.: SipHash: A Fast Short-Input PRF. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 489\u2013508. Springer, Heidelberg (2012)"},{"key":"15_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"470","DOI":"10.1007\/978-3-540-71039-4_30","volume-title":"Fast Software Encryption","author":"J-P Aumasson","year":"2008","unstructured":"Aumasson, J.-P., Fischer, S., Khazaei, S., Meier, W., Rechberger, C.: New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 470\u2013488. Springer, Heidelberg (2008)"},{"key":"15_CR3","unstructured":"Aumasson, J.-P., Henzen, L., Meier, W., Phan, R.C.-W.: SHA-3 proposal BLAKE. Submission to NIST (2008). \n                      http:\/\/131002.net\/blake\/blake.pdf"},{"key":"15_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/978-3-642-38980-1_8","volume-title":"Applied Cryptography and Network Security","author":"J-P Aumasson","year":"2013","unstructured":"Aumasson, J.-P., Neves, S., Wilcox-O\u2019Hearn, Z., Winnerlein, C.: BLAKE2: Simpler, Smaller, Fast as MD5. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 119\u2013135. Springer, Heidelberg (2013)"},{"key":"15_CR5","unstructured":"Bernstein, D.J.: What output size resists collisions in a xor of independent expansions? ECRYPT Hash Workshop (2007)"},{"key":"15_CR6","unstructured":"Bernstein, D.J.: ChaCha, a variant of Salsa20. In: SASC 2008: The State of the Art of Stream Ciphers (2008)"},{"key":"15_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1007\/978-3-540-68351-3_8","volume-title":"New Stream Cipher Designs","author":"DJ Bernstein","year":"2008","unstructured":"Bernstein, D.J.: The Salsa20 Family of Stream Ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84\u201397. Springer, Heidelberg (2008)"},{"key":"15_CR8","unstructured":"Bernstein, D.J.: Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete? In: Workshop Record of SHARCS\u201909: Special-purpose Hardware for Attacking Cryptographic Systems (2009)"},{"key":"15_CR9","unstructured":"Bernstein, D.J.: Extending the Salsa20 nonce. In: Symmetric Key Encryption Workshop 2011 (2011)"},{"key":"15_CR10","unstructured":"Bernstein, D.J., Lange, T.: eBACS: ECRYPT benchmarking of cryptographic systems. \n                      http:\/\/bench.cr.yp.to\n                      \n                     (accessed May 25, 2014)"},{"key":"15_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-642-42045-0_17","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"DJ Bernstein","year":"2013","unstructured":"Bernstein, D.J., Lange, T.: Non-uniform Cracks in the Concrete: The Power of Free Precomputation. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 321\u2013340. Springer, Heidelberg (2013)"},{"key":"15_CR12","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Sponge functions. In: ECRYPT Hash Workshop (2007)"},{"key":"15_CR13","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The road from Panama to Keccak via RadioGat\u00fan, Dagstuhl Seminar Proceedings (2009)"},{"key":"15_CR14","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Keyak 1 (2014)"},{"key":"15_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-642-25405-5_8","volume-title":"Post-Quantum Cryptography","author":"J Buchmann","year":"2011","unstructured":"Buchmann, J., Dahmen, E., H\u00fclsing, A.: XMSS - A Practical Forward Secure Signature Scheme Based on Minimal Security Assumptions. In: Yang, B.-Y. (ed.) PQCrypto 2011. LNCS, vol. 7071, pp. 117\u2013129. Springer, Heidelberg (2011)"},{"key":"15_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/978-3-540-72738-5_3","volume-title":"Applied Cryptography and Network Security","author":"J Buchmann","year":"2007","unstructured":"Buchmann, J., Dahmen, E., Klintsevich, E., Okeya, K., Vuillaume, C.: Merkle Signatures with Virtually Unlimited Signature Capacity. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 31\u201345. Springer, Heidelberg (2007)"},{"key":"15_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1007\/11941378_25","volume-title":"Progress in Cryptology - INDOCRYPT 2006","author":"J Buchmann","year":"2006","unstructured":"Buchmann, J., Garc\u00eda, L.C.C., Dahmen, E., D\u00f6ring, M., Klintsevich, E.: CMSS \u2013 An Improved Merkle Signature Scheme. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 349\u2013363. Springer, Heidelberg (2006)"},{"key":"15_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-540-88403-3_8","volume-title":"Post-Quantum Cryptography","author":"E Dahmen","year":"2008","unstructured":"Dahmen, E., Okeya, K., Takagi, T., Vuillaume, C.: Digital Signatures Out of Second-Preimage Resistant Hash Functions. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 109\u2013123. Springer, Heidelberg (2008)"},{"key":"15_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-642-40041-4_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"L Ducas","year":"2013","unstructured":"Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice Signatures and Bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 40\u201356. Springer, Heidelberg (2013)"},{"key":"15_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-642-29011-4_21","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"O Dunkelman","year":"2012","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: Minimalism in Cryptography: The Even-Mansour Scheme Revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 336\u2013354. Springer, Heidelberg (2012)"},{"issue":"3","key":"15_CR21","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. Journal of Cryptology 10(3), 151\u2013161 (1997)","journal-title":"Journal of Cryptology"},{"key":"15_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-47721-7_8","volume-title":"Advances in Cryptology - CRYPTO \u201986","author":"O Goldreich","year":"1987","unstructured":"Goldreich, O.: Two Remarks Concerning the Goldwasser-Micali-Rivest Signature Scheme. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 104\u2013110. Springer, Heidelberg (1987)"},{"key":"15_CR23","unstructured":"Goldreich, O.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)"},{"issue":"2","key":"15_CR24","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1137\/0217017","volume":"17","author":"S Goldwasser","year":"1988","unstructured":"Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing 17(2), 281\u2013308 (1988)","journal-title":"SIAM Journal on Computing"},{"key":"15_CR25","unstructured":"H\u00fclsing, A.: Practical Forward Secure Signatures using Minimal Security Assumptions. PhD thesis, TU Darmstadt (2013)"},{"key":"15_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"173","DOI":"10.1007\/978-3-642-38553-7_10","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2013","author":"A H\u00fclsing","year":"2013","unstructured":"H\u00fclsing, A.: W-OTS+ \u2013 Shorter Signatures for Hash-Based Signature Schemes. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 173\u2013188. Springer, Heidelberg (2013)"},{"key":"15_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1007\/978-3-642-40588-4_14","volume-title":"Security Engineering and Intelligence Informatics","author":"A H\u00fclsing","year":"2013","unstructured":"H\u00fclsing, A., Rausch, L., Buchmann, J.: Optimal parameters for XMSS\n                      \n                        \n                      \n                      $$^{MT}$$\n                    . In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds.) CD-ARES Workshops 2013. LNCS, vol. 8128, pp. 194\u2013208. Springer, Heidelberg (2013)"},{"issue":"1","key":"15_CR28","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/s001450010015","volume":"14","author":"J Kilian","year":"2001","unstructured":"Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search (an analysis of DESX). Journal of Cryptology 14(1), 17\u201335 (2001)","journal-title":"Journal of Cryptology"},{"key":"15_CR29","unstructured":"Kurosawa, K.: Power of a public random permutation and its application to authenticated-encryption. Cryptology ePrint Archive, Report 2002\/127 (2002)"},{"key":"15_CR30","unstructured":"Lamport, L.: Constructing digital signatures from a one way function. Technical Report SRI-CSL-98, SRI International Computer Science Laboratory (1979)"},{"key":"15_CR31","unstructured":"Langley, A.: TLS symmetric crypto (2014). \n                      https:\/\/www.imperialviolet.org\/2014\/02\/27\/tlssymmetriccrypto.html"},{"key":"15_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"218","DOI":"10.1007\/0-387-34805-0_21","volume-title":"Advances in Cryptology - CRYPTO \u201989","author":"RC Merkle","year":"1990","unstructured":"Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218\u2013238. Springer, Heidelberg (1990)"},{"key":"15_CR33","doi-asserted-by":"crossref","unstructured":"Pieprzyk, J., Wang, H., Xing, C.: Multiple-time signature schemes against adaptive chosen message attacks. In: Matsui, M., Zuccherato, R. (eds.) SAC 2003. LNCS 3006, pp. 88\u2013100. Springer, Heidelberg (2004)","DOI":"10.1007\/978-3-540-24654-1_7"},{"key":"15_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/3-540-45450-0_11","volume-title":"Information Security and Privacy","author":"L Reyzin","year":"2002","unstructured":"Reyzin, L., Reyzin, N.: Better than BiBa: Short One-Time Signatures with Fast Signing and Verifying. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 144\u2013153. Springer, Heidelberg (2002)"},{"key":"15_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1007\/978-3-319-11659-4_15","volume-title":"Post-Quantum Cryptography","author":"F Song","year":"2014","unstructured":"Song, F.: A Note on Quantum Security for Post-Quantum Cryptography. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 246\u2013265. Springer, Heidelberg (2014)"},{"key":"15_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/11927587_5","volume-title":"Information Security and Cryptology \u2013 ICISC 2006","author":"K Suzuki","year":"2006","unstructured":"Suzuki, K., Tonien, D., Kurosawa, K., Toyota, K.: Birthday Paradox for Multi-collisions. In: Rhee, M.S., Lee, B. (eds.) ICISC 2006. LNCS, vol. 4296, pp. 29\u201340. Springer, Heidelberg (2006)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology -- EUROCRYPT 2015"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-46800-5_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T23:45:01Z","timestamp":1558309501000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-46800-5_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783662467992","9783662468005"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-46800-5_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"14 April 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}