{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,7]],"date-time":"2025-12-07T13:06:44Z","timestamp":1765112804485,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783662479889"},{"type":"electronic","value":"9783662479896"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-662-47989-6_18","type":"book-chapter","created":{"date-parts":[[2015,7,30]],"date-time":"2015-07-30T22:36:05Z","timestamp":1438295765000},"page":"368-387","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":28,"title":["The Exact PRF Security of Truncation: Tight Bounds for Keyed Sponges and Truncated CBC"],"prefix":"10.1007","author":[{"given":"Peter","family":"Ga\u017ei","sequence":"first","affiliation":[]},{"given":"Krzysztof","family":"Pietrzak","sequence":"additional","affiliation":[]},{"given":"Stefano","family":"Tessaro","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,8,1]]},"reference":[{"key":"18_CR1","unstructured":"SHA-3 standard. National Institute of Standards and Technology (NIST), Draft FIPS Publication 202, U.S. Department of Commerce, April 2014"},{"key":"18_CR2","doi-asserted-by":"crossref","first-page":"364","DOI":"10.1007\/978-3-662-48116-5_18","volume-title":"Fast Software Encryption","author":"Elena Andreeva","year":"2015","unstructured":"Andreeva, E., Daemen, J., Mennink, B., Van Assche, G.: Security of keyed sponge constructions using a modular proof approach. In: FSE 2015. LNCS (2015, to appear)"},{"key":"18_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M.: New proofs for \n                      \n                        \n                      \n                      $${\\sf NMAC}$$\n                      \n                        \n                          NMAC\n                        \n                      \n                     and \n                      \n                        \n                      \n                      $${\\sf HMAC}$$\n                      \n                        \n                          HMAC\n                        \n                      \n                    : security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602\u2013619. Springer, Heidelberg (2006)"},{"key":"18_CR4","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1\u201315. Springer, Heidelberg (1996)"},{"key":"18_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"341","DOI":"10.1007\/3-540-48658-5_32","volume-title":"Advances in Cryptology - CRYPTO \u201994","author":"M Bellare","year":"1994","unstructured":"Bellare, M., Kilian, J., Rogaway, P.: The security of cipher block chaining. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 341\u2013358. Springer, Heidelberg (1994)"},{"key":"18_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"527","DOI":"10.1007\/11535218_32","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"M Bellare","year":"2005","unstructured":"Bellare, M., Pietrzak, K., Rogaway, P.: Improved security analyses for CBC\u00a0MACs. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 527\u2013545. Springer, Heidelberg (2005)"},{"key":"18_CR7","unstructured":"Bernstein, D.J.: A short proof of the unpredictability of cipher block chaining (2005). \n                      http:\/\/cr.yp.to\/antiforgery\/easycbc-20050109.pdf"},{"key":"18_CR8","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the security of the keyed sponge construction. In: Symmetric Key Encryption Workshop (SKEW), February 2011"},{"key":"18_CR9","unstructured":"Bertoni, G., Daemen, J., Peeters, M.: Permutation-based encryption, authentication and authenticated encryption. In: Directions in Authenticated Ciphers (2012)"},{"key":"18_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-642-38348-9_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"G Bertoni","year":"2013","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313\u2013314. Springer, Heidelberg (2013)"},{"key":"18_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-78967-3_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"G Bertoni","year":"2008","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181\u2013197. Springer, Heidelberg (2008)"},{"key":"18_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/3-540-44598-6_12","volume-title":"Advances in Cryptology - CRYPTO 2000","author":"J Black","year":"2000","unstructured":"Black, J., Rogaway, P.: CBC MACs for arbitrary-length messages: the three-key constructions. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 197\u2013215. Springer, Heidelberg (2000)"},{"key":"18_CR13","unstructured":"Chang, D., Dworkin, M., Hong, S., Kelsey, J., Nandi, M.: A keyed sponge construction with pseudorandomness in the standard model. In: Proceedings of the Third SHA-3 Candidate Conference (2012)"},{"key":"18_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-55220-5_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"S Chen","year":"2014","unstructured":"Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327\u2013350. Springer, Heidelberg (2014)"},{"key":"18_CR15","unstructured":"Computer data authentication. National Bureau of Standards, NBS FIPS PUB 113, U.S. Department of Commerce, May 1985"},{"key":"18_CR16","unstructured":"Daemen, J., Rijmen, V.: The mac function pelican 2.0. Cryptology ePrint Archive, Report 2005\/088 (2005). \n                      http:\/\/eprint.iacr.org\/"},{"key":"18_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1007\/978-3-662-44371-2_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"Y Dai","year":"2014","unstructured":"Dai, Y., Lee, J., Mennink, B., Steinberger, J.: The security of multiple encryption in the ideal cipher model. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 20\u201338. Springer, Heidelberg (2014)"},{"key":"18_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-642-32009-5_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"Y Dodis","year":"2012","unstructured":"Dodis, Y., Ristenpart, T., Steinberger, J.P., Tessaro, S.: To hash or not to hash again? (In)differentiability results for \n                      \n                        \n                      \n                      $$\\mathit{h}^{2}$$\n                      \n                        \n                          \n                            \n                              h\n                            \n                            2\n                          \n                        \n                      \n                     and HMAC. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 348\u2013366. Springer, Heidelberg (2012)"},{"key":"18_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-642-29011-4_21","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"O Dunkelman","year":"2012","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: Minimalism in cryptography: the even-mansour scheme revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 336\u2013354. Springer, Heidelberg (2012)"},{"issue":"3","key":"18_CR20","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptology 10(3), 151\u2013162 (1997)","journal-title":"J. Cryptology"},{"key":"18_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1007\/978-3-662-44371-2_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"P Ga\u017ei","year":"2014","unstructured":"Ga\u017ei, P., Pietrzak, K., Ryb\u00e1r, M.: The exact PRF-security of NMAC and HMAC. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 113\u2013130. Springer, Heidelberg (2014)"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"Ga\u017ei, P., Pietrzak, K., Tessaro, S.: The exact PRF security of truncation: Tight bounds for keyed sponges and truncated CBC. Cryptology ePrint Archive, Report 2015\/053 (2015). Full version of this paper","DOI":"10.1007\/978-3-662-47989-6_18"},{"key":"18_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/3-540-39568-7_22","volume-title":"Advances in Cryptology","author":"O Goldreich","year":"1985","unstructured":"Goldreich, O., Goldwasser, S., Micali, S.: On the cryptographic applications of random functions. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 276\u2013288. Springer, Heidelberg (1985)"},{"key":"18_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-540-39887-5_11","volume-title":"Fast Software Encryption","author":"T Iwata","year":"2003","unstructured":"Iwata, T., Kurosawa, K.: OMAC: one-key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129\u2013153. Springer, Heidelberg (2003)"},{"key":"18_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1007\/978-3-540-24582-7_30","volume-title":"Progress in Cryptology - INDOCRYPT 2003","author":"T Iwata","year":"2003","unstructured":"Iwata, T., Kurosawa, K.: Stronger security bounds for OMAC, TMAC, and XCBC. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 402\u2013415. Springer, Heidelberg (2003)"},{"key":"18_CR26","unstructured":"Koblitz, N., Menezes, A.: Another look at HMAC. Cryptology ePrint Archive, Report 2012\/074 (2012). \n                      http:\/\/eprint.iacr.org\/2012\/074"},{"key":"18_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/3-540-36563-X_3","volume-title":"Topics in Cryptology - CT-RSA 2003","author":"K Kurosawa","year":"2003","unstructured":"Kurosawa, K., Iwata, T.: TMAC: two-key CBC MAC. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 33\u201349. Springer, Heidelberg (2003)"},{"key":"18_CR28","unstructured":"Information technology security techniques message authentication codes (macs) part 1: Mechanisms using a block cipher. ISO\/IEC 9797\u20131 (1999)"},{"key":"18_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/3-540-46035-7_8","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"UM Maurer","year":"2002","unstructured":"Maurer, U.M.: Indistinguishability of random systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110\u2013132. Springer, Heidelberg (2002)"},{"key":"18_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"434","DOI":"10.1007\/978-3-540-74619-5_27","volume-title":"Fast Software Encryption","author":"K Minematsu","year":"2007","unstructured":"Minematsu, K., Matsushima, T.: New bounds for PMAC, TMAC, and XCBC. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 434\u2013451. Springer, Heidelberg (2007)"},{"key":"18_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/11941378_23","volume-title":"Progress in Cryptology - INDOCRYPT 2006","author":"M Nandi","year":"2006","unstructured":"Nandi, M.: A simple and unified method of proving indistinguishability. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 317\u2013334. Springer, Heidelberg (2006)"},{"key":"18_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/978-3-642-04159-4_21","volume-title":"Selected Areas in Cryptography","author":"J Patarin","year":"2009","unstructured":"Patarin, J.: The \u201cCoefficients H\u201d technique (invited talk). In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328\u2013345. Springer, Heidelberg (2009)"},{"issue":"3","key":"18_CR33","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/s001450010009","volume":"13","author":"E Petrank","year":"2000","unstructured":"Petrank, E., Rackoff, C.: CBC MAC for real-time data sources. J. Cryptology 13(3), 315\u2013338 (2000)","journal-title":"J. Cryptology"},{"key":"18_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1007\/11787006_15","volume-title":"Automata, Languages and Programming","author":"K Pietrzak","year":"2006","unstructured":"Pietrzak, K.: A tight bound for EMAC. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 168\u2013179. Springer, Heidelberg (2006)"},{"key":"18_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/3-540-46885-4_28","volume-title":"Advances in Cryptology - EUROCRYPT \u201989","author":"J Vandewalle","year":"1990","unstructured":"Vandewalle, J., Chaum, D., Fumy, W., Jansen, C.J.A., Landrock, P., Roelofsen, G.: A european call for cryptographic algorithms: RIPE; race integrity primitives evaluation. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 267\u2013271. Springer, Heidelberg (1990)"},{"key":"18_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/3-540-44983-3_14","volume-title":"Selected Areas in Cryptography","author":"S Vaudenay","year":"2001","unstructured":"Vaudenay, S.: Decorrelation over infinite domains: the encrypted CBC-MAC case. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 189\u2013201. Springer, Heidelberg (2001)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology -- CRYPTO 2015"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-47989-6_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,9]],"date-time":"2019-08-09T20:04:49Z","timestamp":1565381089000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-47989-6_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783662479889","9783662479896"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-47989-6_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"1 August 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}