{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T10:58:25Z","timestamp":1778065105832,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":26,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662530177","type":"print"},{"value":"9783662530184","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-53018-4_1","type":"book-chapter","created":{"date-parts":[[2016,7,20]],"date-time":"2016-07-20T10:02:12Z","timestamp":1469008932000},"page":"3-32","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":90,"title":["Key-Alternating Ciphers and Key-Length Extension: Exact Bounds and Multi-user Security"],"prefix":"10.1007","author":[{"given":"Viet Tung","family":"Hoang","sequence":"first","affiliation":[]},{"given":"Stefano","family":"Tessaro","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,7,21]]},"reference":[{"key":"1_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/978-3-642-40041-4_29","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"E Andreeva","year":"2013","unstructured":"Andreeva, E., Bogdanov, A., Dodis, Y., Mennink, B., Steinberger, J.P.: On the indifferentiability of key-alternating ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 531\u2013550. Springer, Heidelberg (2013)"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"259","DOI":"10.1007\/3-540-45539-6_18","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259\u2013274. Springer, Heidelberg (2000)"},{"key":"1_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1007\/978-3-642-05445-7_19","volume-title":"Selected Areas in Cryptography","author":"M Bellare","year":"2009","unstructured":"Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-preserving encryption. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 295\u2013312. Springer, Heidelberg (2009)"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"M Bellare","year":"2006","unstructured":"Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409\u2013426. Springer, Heidelberg (2006)"},{"issue":"3","key":"1_CR5","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/s001459900051","volume":"12","author":"DJ Bernstein","year":"1999","unstructured":"Bernstein, D.J.: How to stretch random functions: the security of protected counter sums. J. Cryptol. 12(3), 185\u2013192 (1999)","journal-title":"J. Cryptol."},{"key":"1_CR6","unstructured":"Bernstein, D.J.: Break a dozen secret keys, get a million more for free (2015). \n                      http:\/\/blog.cr.yp.to\/20151120-batchattacks.html"},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-642-29011-4_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Bogdanov","year":"2012","unstructured":"Bogdanov, A., Knudsen, L.R., Leander, G., Standaert, F.-X., Steinberger, J., Tischhauser, E.: Key-alternating ciphers in a provable setting: encryption using a small number of public permutations. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 45\u201362. Springer, Heidelberg (2012)"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-662-44371-2_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"S Chen","year":"2014","unstructured":"Chen, S., Lampe, R., Lee, J., Seurin, Y., Steinberger, J.: Minimizing the two-round even-mansour cipher. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 39\u201356. Springer, Heidelberg (2014)"},{"key":"1_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-55220-5_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"S Chen","year":"2014","unstructured":"Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327\u2013350. Springer, Heidelberg (2014)"},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1007\/978-3-662-44371-2_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"Y Dai","year":"2014","unstructured":"Dai, Y., Lee, J., Mennink, B., Steinberger, J.: The security of multiple encryption in the ideal cipher model. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 20\u201338. Springer, Heidelberg (2014)"},{"key":"1_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-642-29011-4_21","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"O Dunkelman","year":"2012","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: Minimalism in cryptography: the even-mansour scheme revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 336\u2013354. Springer, Heidelberg (2012)"},{"key":"1_CR12","series-title":"LNCS","first-page":"210","volume-title":"ASIACRYPT 1991","author":"S Even","year":"1993","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 210\u2013224. Springer, Heidelberg (1993)"},{"issue":"3","key":"1_CR13","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151\u2013162 (1997)","journal-title":"J. Cryptol."},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1007\/978-3-642-40041-4_30","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"P Ga\u017ei","year":"2013","unstructured":"Ga\u017ei, P.: Plain versus randomized cascading-based key-length extension for block ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 551\u2013570. Springer, Heidelberg (2013)"},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/978-3-662-48116-5_16","volume-title":"Fast Software Encryption","author":"P Ga\u017ei","year":"2015","unstructured":"Ga\u017ei, P., Lee, J., Seurin, Y., Steinberger, J., Tessaro, S.: Relaxing full-codebook security: a refined analysis of key-length extension schemes. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 319\u2013341. Springer, Heidelberg (2015)"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/978-3-642-10366-7_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"P Ga\u017ei","year":"2009","unstructured":"Ga\u017ei, P., Maurer, U.: Cascade encryption revisited. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 37\u201351. Springer, Heidelberg (2009)"},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1007\/978-3-642-29011-4_6","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"P Ga\u017ei","year":"2012","unstructured":"Ga\u017ei, P., Tessaro, S.: Efficient and optimally secure key-length extension for block ciphers via randomized cascading. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 63\u201380. Springer, Heidelberg (2012)"},{"key":"1_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"252","DOI":"10.1007\/3-540-68697-5_20","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"J Kilian","year":"1996","unstructured":"Kilian, J., Rogaway, P.: How to protect DES against exhaustive key search. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 252\u2013267. Springer, Heidelberg (1996)"},{"key":"1_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-642-34961-4_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"R Lampe","year":"2012","unstructured":"Lampe, R., Patarin, J., Seurin, Y.: An asymptotically tight security analysis of the iterated even-mansour cipher. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 278\u2013295. Springer, Heidelberg (2012)"},{"key":"1_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"405","DOI":"10.1007\/978-3-642-38348-9_25","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"J Lee","year":"2013","unstructured":"Lee, J.: Towards Key-length extension with optimal security: cascade encryption and xor-cascade encryption. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 405\u2013425. Springer, Heidelberg (2013)"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/3-540-46035-7_8","volume-title":"Advances in Cryptology - EUROCRYPT 2002","author":"UM Maurer","year":"2002","unstructured":"Maurer, U.M.: Indistinguishability of random systems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 110\u2013132. Springer, Heidelberg (2002)"},{"key":"1_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/978-3-662-47989-6_10","volume-title":"CRYPTO 2015","author":"N Mouha","year":"2015","unstructured":"Mouha, N., Luykx, A.: Multi-key security: the Even-Mansour construction revisited. In: Gennaro, R., Robshaw, M.J.B. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 209\u2013223. Springer, Heidelberg (2015)"},{"key":"1_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/11941378_23","volume-title":"Progress in Cryptology - INDOCRYPT 2006","author":"M Nandi","year":"2006","unstructured":"Nandi, M.: A simple and unified method of proving indistinguishability. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 317\u2013334. Springer, Heidelberg (2006)"},{"key":"1_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"328","DOI":"10.1007\/978-3-642-04159-4_21","volume-title":"Selected Areas in Cryptography","author":"J Patarin","year":"2009","unstructured":"Patarin, J.: The \u201cCoefficients H\u201d technique. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 328\u2013345. Springer, Heidelberg (2009)"},{"key":"1_CR25","unstructured":"Steinberger, J.: Improved security bounds for key-alternating ciphers via hellingerdistance. Cryptology ePrint Archive, Report 2012\/481 (2012). \n                      http:\/\/eprint.iacr.org\/2012\/481"},{"key":"1_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1007\/978-3-662-48800-3_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"S Tessaro","year":"2015","unstructured":"Tessaro, S.: Optimally secure block ciphers from ideal primitives. In: Iwata, T., et al. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 437\u2013462. Springer, Heidelberg (2015). doi:\n                      10.1007\/978-3-662-48800-3_18"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2016"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-53018-4_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,7,20]],"date-time":"2020-07-20T00:02:57Z","timestamp":1595203377000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-53018-4_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662530177","9783662530184"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-53018-4_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"21 July 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"36","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}