{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T10:54:58Z","timestamp":1778151298642,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":25,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662498897","type":"print"},{"value":"9783662498903","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-49890-3_22","type":"book-chapter","created":{"date-parts":[[2016,4,27]],"date-time":"2016-04-27T04:40:46Z","timestamp":1461732046000},"page":"566-595","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":37,"title":["Hash-Function Based PRFs: AMAC and Its Multi-User Security"],"prefix":"10.1007","author":[{"given":"Mihir","family":"Bellare","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel J.","family":"Bernstein","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefano","family":"Tessaro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,4,28]]},"reference":[{"key":"22_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"364","DOI":"10.1007\/978-3-662-48116-5_18","volume-title":"Fast Software Encryption","author":"E Andreeva","year":"2015","unstructured":"Andreeva, E., Daemen, J., Mennink, B., Van Assche, G.: Security of keyed sponge constructions using a modular proof approach. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 364\u2013384. Springer, Heidelberg (2015)"},{"key":"22_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M.: New proofs for NMAC and HMAC: security without collision-resistance. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 602\u2013619. Springer, Heidelberg (2006)"},{"key":"22_CR3","unstructured":"Bellare, M., Bernstein, D.J., Tessaro, S.: Hash-function based PRFs: AMAC and its multi-user security. Cryptology ePrint Archive, Report 2016\/142 (2016). https:\/\/eprint.iacr.org\/"},{"key":"22_CR4","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"M Bellare","year":"1996","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1\u201315. Springer, Heidelberg (1996)"},{"key":"22_CR5","doi-asserted-by":"crossref","unstructured":"Bellare, M., Canetti, R., Krawczyk, H.: Pseudorandom functions revisited: the cascade construction and its concrete security. In: 37th FOCS, pp. 514\u2013523. IEEE Computer Society Press, October 1996","DOI":"10.1109\/SFCS.1996.548510"},{"key":"22_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006)"},{"key":"22_CR7","unstructured":"Bernstein, D.J.: Extending the Salsa20 nonce. In: Symmetric key encryption workshop (SKEW). https:\/\/cr.yp.to\/papers.html#xsalsa"},{"key":"22_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"124","DOI":"10.1007\/978-3-642-23951-9_9","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2011","author":"DJ Bernstein","year":"2011","unstructured":"Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124\u2013142. Springer, Heidelberg (2011)"},{"key":"22_CR9","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Assche, G.: On the security of the keyed sponge construction. In: Symmetric key encryption workshop (SKEW), February 2011"},{"key":"22_CR10","unstructured":"Brown, N.: Things that use Ed25519. http:\/\/ianix.com\/pub\/ed25519-deployment.html"},{"key":"22_CR11","unstructured":"Chang, D., Dworkin, M., Hong, S., Kelsey, J., Nandi, M.: A keyed sponge construction with pseudorandomness in the standard model. In: The Third SHA-3 Candidate Conference (March 2012) (2012)"},{"key":"22_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J-S Coron","year":"2005","unstructured":"Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-damg\u00e5rd revisited: how to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430\u2013448. Springer, Heidelberg (2005)"},{"key":"22_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology - CRYPTO 1989","author":"IB Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416\u2013427. Springer, Heidelberg (1990)"},{"key":"22_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-642-14623-7_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"Y Dodis","year":"2010","unstructured":"Dodis, Y., Pietrzak, K.: Leakage-resilient pseudorandom functions and side-channel attacks on feistel networks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 21\u201340. Springer, Heidelberg (2010)"},{"key":"22_CR15","doi-asserted-by":"crossref","unstructured":"Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: 49th FOCS, pp. 293\u2013302. IEEE Computer Society Press, October 2008","DOI":"10.1109\/FOCS.2008.56"},{"key":"22_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1007\/978-3-662-44371-2_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"P Ga\u017ei","year":"2014","unstructured":"Ga\u017ei, P., Pietrzak, K., Ryb\u00e1r, M.: The exact PRF-security of NMAC and HMAC. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 113\u2013130. Springer, Heidelberg (2014)"},{"key":"22_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/978-3-662-47989-6_18","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"P Gazi","year":"2015","unstructured":"Gazi, P., Pietrzak, K., Tessaro, S.: The exact PRF security of truncation: tight bounds for keyed sponges and truncated CBC. In: Gennaro, R., Robshaw, M.J.B. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 368\u2013387. Springer, Heidelberg (2015)"},{"issue":"4","key":"22_CR18","doi-asserted-by":"publisher","first-page":"792","DOI":"10.1145\/6490.6503","volume":"33","author":"O Goldreich","year":"1986","unstructured":"Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792\u2013807 (1986)","journal-title":"J. ACM"},{"key":"22_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography","author":"UM Maurer","year":"2004","unstructured":"Maurer, U.M., Renner, R.S., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21\u201339. Springer, Heidelberg (2004)"},{"key":"22_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1007\/978-3-662-48800-3_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"B Mennink","year":"2015","unstructured":"Mennink, B., Reyhanitabar, R., Viz\u00e1r, D.: Security of full-state keyed spongeand duplex: applications to authenticated encryption. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 465\u2013489. Springe, Heidelberg (2015)"},{"key":"22_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"428","DOI":"10.1007\/0-387-34805-0_40","volume-title":"Advances in Cryptology - CRYPTO 1989","author":"RC Merkle","year":"1990","unstructured":"Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428\u2013446. Springer, Heidelberg (1990)"},{"key":"22_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/978-3-662-47989-6_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"N Mouha","year":"2015","unstructured":"Mouha, N., Luykx, A.: Multi-key security: the even-mansour construction revisited. In: Gennaro, R., Robshaw, M.J.B. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 209\u2013223. Springer, Heidelberg (2015)"},{"key":"22_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"435","DOI":"10.1007\/978-3-642-40349-1_25","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2013","author":"E De Mulder","year":"2013","unstructured":"De Mulder, E., Hutter, M., Marson, M.E., Pearson, P.: Using Bleichenbacher\u2019s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 435\u2013452. Springer, Heidelberg (2013)"},{"key":"22_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology - CRYPTO 1993","author":"B Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368\u2013378. Springer, Heidelberg (1994)"},{"key":"22_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1007\/978-3-662-48800-3_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"S Tessaro","year":"2015","unstructured":"Tessaro, S.: Optimally secure block ciphers from ideal primitives. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 437\u2013462. Springer, Heidelberg (2015)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2016"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-49890-3_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,2]],"date-time":"2025-06-02T22:03:31Z","timestamp":1748901811000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-49890-3_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662498897","9783662498903"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-49890-3_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"28 April 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}