{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T07:00:27Z","timestamp":1777964427706,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":33,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662530177","type":"print"},{"value":"9783662530184","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-53018-4_4","type":"book-chapter","created":{"date-parts":[[2016,7,20]],"date-time":"2016-07-20T10:02:12Z","timestamp":1469008932000},"page":"95-120","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":38,"title":["Indifferentiability of 8-Round Feistel Networks"],"prefix":"10.1007","author":[{"given":"Yuanxi","family":"Dai","sequence":"first","affiliation":[]},{"given":"John","family":"Steinberger","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,7,21]]},"reference":[{"key":"4_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/978-3-642-40041-4_29","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"E Andreeva","year":"2013","unstructured":"Andreeva, E., Bogdanov, A., Dodis, Y., Mennink, B., Steinberger, J.P.: On the indifferentiability of key-alternating ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 531\u2013550. Springer, Heidelberg (2013)"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62\u201373 (1993)","DOI":"10.1145\/168588.168596"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-78967-3_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"G Bertoni","year":"2008","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181\u2013197. Springer, Heidelberg (2008)"},{"issue":"1","key":"4_CR4","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/s001459910006","volume":"13","author":"R Canetti","year":"2000","unstructured":"Canetti, R.: Security and composition of multi-party cryptographic protocols. J. Cryptol. 13(1), 143\u2013202 (2000)","journal-title":"J. Cryptol."},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings of 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pp. 136\u2013145 (2001)","DOI":"10.1109\/SFCS.2001.959888"},{"key":"4_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-55220-5_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"S Chen","year":"2014","unstructured":"Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327\u2013350. Springer, Heidelberg (2014)"},{"key":"4_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J-S Coron","year":"2005","unstructured":"Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd revisited: how to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430\u2013448. Springer, Heidelberg (2005)"},{"key":"4_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-642-11799-2_17","volume-title":"Theory of Cryptography","author":"J-S Coron","year":"2010","unstructured":"Coron, J.-S., Dodis, Y., Mandal, A., Seurin, Y.: A domain extender for the ideal cipher. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 273\u2013289. Springer, Heidelberg (2010)"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-85174-5_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"J-S Coron","year":"2008","unstructured":"Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1\u201320. Springer, Heidelberg (2008)"},{"key":"4_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1007\/978-3-662-49896-5_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"D Dachman-Soled","year":"2016","unstructured":"Dachman-Soled, D., Katz, J., Thiruvengadam, A.: 10-round feistel is indifferentiable from an ideal cipher. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 649\u2013678. Springer, Heidelberg (2016). doi: 10.1007\/978-3-662-49896-5_23"},{"key":"4_CR11","unstructured":"Dai, Y., Steinberger, J.: Indifferentiability of 10-round Feistel networks. IACR ePrint Archive, Technical Report 2015\/874 (2015)"},{"key":"4_CR12","doi-asserted-by":"crossref","unstructured":"Dai, Y., Steinberger, J.: Indifferentiability of 8-round Feistel networks. IACR ePrint Archive, Technical Report 2015\/1069 (2015)","DOI":"10.1007\/978-3-662-53018-4_4"},{"key":"4_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1007\/11681878_10","volume-title":"Theory of Cryptography","author":"Y Dodis","year":"2006","unstructured":"Dodis, Y., Puniya, P.: On the relation between the ideal cipher and the random oracle models. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 184\u2013206. Springer, Heidelberg (2006)"},{"key":"4_CR14","unstructured":"Dodis, Y., Liu, T., Stam, M., Steinberger, J.: On the indifferentiability of confusion-diffusion networks. IACR ePrint Archive, Technical Report 2015\/680 (2015)"},{"key":"4_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/978-3-642-03317-9_7","volume-title":"Fast Software Encryption","author":"Y Dodis","year":"2009","unstructured":"Dodis, Y., Reyzin, L., Rivest, R.L., Shen, E.: Indifferentiability of permutation-based compression functions and tree-based modes of operation, with applications to MD6. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 104\u2013121. Springer, Heidelberg (2009)"},{"key":"4_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-642-32009-5_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"Y Dodis","year":"2012","unstructured":"Dodis, Y., Ristenpart, T., Steinberger, J., Tessaro, S.: To hash or not to hash again? (In)Differentiability results for H $$^\\text{2 }$$ and HMAC. In: Canetti, R., Safavi-Naini, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 348\u2013366. Springer, Heidelberg (2012)"},{"key":"4_CR17","unstructured":"Feistel, H.: Cryptographic coding for data-bank privacy. IBM Technical report RC-2827, 18 March 1970"},{"issue":"11","key":"4_CR18","doi-asserted-by":"publisher","first-page":"1545","DOI":"10.1109\/PROC.1975.10005","volume":"63","author":"H Feistel","year":"1975","unstructured":"Feistel, H., Notz, W.A., Lynn Smith, J.: Some cryptographic techniques for machine-to-machine data communications. IEEE Proc. 63(11), 1545\u20131554 (1975)","journal-title":"IEEE Proc."},{"key":"4_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/3-540-47721-7_12","volume-title":"Advances in Cryptology - CRYPTO \u201986","author":"A Fiat","year":"1987","unstructured":"Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186\u2013194. Springer, Heidelberg (1987)"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Holenstein, T., K\u00fcnzler, R., Tessaro, S.: The equivalence of the random oracle model and the ideal cipher model, revisited. In: Fortnow, L., Vadhan, S.P. (eds.) Proceedings of the 43rd ACM Symposium on Theory of Computing, STOC 2011, San Jose, CA, USA, pp. 89\u201398. ACM, 6\u20138 June 2011","DOI":"10.1145\/1993636.1993650"},{"key":"4_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/978-3-642-42033-7_23","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"R Lampe","year":"2013","unstructured":"Lampe, R., Seurin, Y.: How to construct an ideal cipher from a small set of public permutations. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 444\u2013463. Springer, Heidelberg (2013)"},{"issue":"2","key":"4_CR22","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1137\/0217022","volume":"17","author":"M Luby","year":"1988","unstructured":"Luby, M., Rackoff, C.: How to construct pseudorandom permutations and pseudorandom functions. SIAM J. Comput. 17(2), 373\u2013386 (1988)","journal-title":"SIAM J. Comput."},{"key":"4_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography","author":"UM Maurer","year":"2004","unstructured":"Maurer, U.M., Renner, R.S., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21\u201339. Springer, Heidelberg (2004)"},{"issue":"1","key":"4_CR24","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/PL00003817","volume":"12","author":"M Naor","year":"1999","unstructured":"Naor, M., Reingold, O.: On the construction of pseudorandom permutations: Luby-Rackoff revisited. J. Cryptol. 12(1), 29\u201366 (1999). Preliminary Version: STOC 1997","journal-title":"J. Cryptol."},{"key":"4_CR25","unstructured":"Patarin, J.: Security of balanced and unbalanced Feistel schemes with linear non equalities. IACR ePrint Arxiv, Technical Report 2010\/293 (2010)"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: 7th ACM Conference on Computer and Communications Security, pp. 245\u2013254. ACM Press (2000)","DOI":"10.1145\/352600.352639"},{"key":"4_CR27","unstructured":"Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. Technical report 93350, IBM Research Division, Z\u00fcrich (2000)"},{"key":"4_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"387","DOI":"10.1007\/3-540-68339-9_33","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"D Pointcheval","year":"1996","unstructured":"Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387\u2013398. Springer, Heidelberg (1996)"},{"key":"4_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/978-3-642-20465-4_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2011","author":"T Ristenpart","year":"2011","unstructured":"Ristenpart, T., Shacham, H., Shrimpton, T.: Careful with composition: limitations of the indifferentiability framework. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 487\u2013506. Springer, Heidelberg (2011)"},{"key":"4_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1007\/978-3-642-14623-7_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"VT Hoang","year":"2010","unstructured":"Hoang, V.T., Rogaway, P.: On generalized Feistel networks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 613\u2013630. Springer, Heidelberg (2010)"},{"key":"4_CR31","unstructured":"Seurin, Y.: Primitives et protocoles cryptographiques \u00e0 s\u00e9curit\u00e9 prouv\u00e9e. Ph.D. thesis, Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines, France (2009)"},{"key":"4_CR32","unstructured":"Seurin, Y.: A note on the indifferentiability of the 10-round Feistel construction. http:\/\/yannickseurin.free.fr\/pubs\/Seurin_note_ten_rounds.pdf"},{"key":"4_CR33","doi-asserted-by":"crossref","unstructured":"Winternitz, R.: A secure one-way hash function built from DES. In: Proceedings of the IEEE Symposium on Information Security and Privacy, pp. 88\u201390. IEEE Press (1984)","DOI":"10.1109\/SP.1984.10027"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 CRYPTO 2016"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-53018-4_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T02:59:54Z","timestamp":1749005994000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-53018-4_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662530177","9783662530184"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-53018-4_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"21 July 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRYPTO","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Cryptology Conference","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Santa Barbara","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 August 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"36","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"crypto2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}