{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T15:54:34Z","timestamp":1774022074381,"version":"3.50.1"},"publisher-location":"Singapore","reference-count":76,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819550173","type":"print"},{"value":"9789819550180","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,8]],"date-time":"2025-12-08T00:00:00Z","timestamp":1765152000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-5018-0_6","type":"book-chapter","created":{"date-parts":[[2025,12,7]],"date-time":"2025-12-07T11:56:58Z","timestamp":1765108618000},"page":"157-188","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Scrutinizing the\u00a0Security of\u00a0AES-Based Hashing and\u00a0One-Way Functions"],"prefix":"10.1007","author":[{"given":"Shiyao","family":"Chen","sequence":"first","affiliation":[]},{"given":"Jian","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Eik","family":"List","sequence":"additional","affiliation":[]},{"given":"Danping","family":"Shi","sequence":"additional","affiliation":[]},{"given":"Tianyu","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,12,8]]},"reference":[{"key":"6_CR1","unstructured":"Albertini, A., Duong, T., Gueron, S., K\u00f6lbl, S., Luykx, A., Schmieg, S.: How to abuse and fix authenticated encryption without key commitment. In: Butler, K.R.B., Thomas, K. (eds.) USENIX S &P, pp. 3291\u20133308. USENIX Association (2022). https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/albertini"},{"key":"6_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 430\u2013454. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_17"},{"key":"6_CR3","unstructured":"Alliance, Z.: ZigBee specification revision 22 1.0. Technical report, ZigBee Alliance (2017)"},{"key":"6_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"578","DOI":"10.1007\/978-3-642-10366-7_34","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Yu., Wang, L.: Preimages for step-reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578\u2013597. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_34"},{"key":"6_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-642-04159-4_7","volume-title":"Selected Areas in Cryptography","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Sasaki, Yu.: Preimage attacks on one-block MD4, 63-step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103\u2013119. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_7"},{"key":"6_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1007\/978-3-642-03356-8_5","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Sasaki, Yu.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 70\u201389. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_5"},{"key":"6_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1007\/978-3-642-03317-9_18","volume-title":"Fast Software Encryption","author":"J-P Aumasson","year":"2009","unstructured":"Aumasson, J.-P., Nakahara, J., Sepehrdad, P.: Cryptanalysis of the ISDB scrambling algorithm (MULTI2). In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 296\u2013307. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03317-9_18"},{"key":"6_CR8","doi-asserted-by":"publisher","unstructured":"Bao, Z., Ding, L., Guo, J., Wang, H., Zhang, W.: Improved meet-in-the-middle preimage attacks against AES hashing modes. IACR Trans. Symmetric Cryptol. 2019(4), 318\u2013347 (2019). https:\/\/doi.org\/10.13154\/tosc.v2019.i4.318-347","DOI":"10.13154\/tosc.v2019.i4.318-347"},{"key":"6_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"771","DOI":"10.1007\/978-3-030-77870-5_27","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2021","author":"Z Bao","year":"2021","unstructured":"Bao, Z., et al.: Automatic search of meet-in-the-middle preimage attacks on AES-like hashing. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 771\u2013804. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-77870-5_27"},{"key":"6_CR10","doi-asserted-by":"publisher","unstructured":"Bao, Z., Guo, J., Shi, D., Tu, Y.: Superposition meet-in-the-middle attacks: updates on fundamental security of AES-like hashing. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13507, pp. 64\u201393. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15802-5_3","DOI":"10.1007\/978-3-031-15802-5_3"},{"key":"6_CR11","unstructured":"Baum, C., et al.: FAEST: algorithm specifications. Technical report, National Institute of Standards and Technology (2023). https:\/\/csrc.nist.gov\/csrc\/media\/Projects\/pqc-dig-sig\/documents\/round-1\/spec-files\/FAEST-spec-web.pdf"},{"key":"6_CR12","doi-asserted-by":"publisher","unstructured":"Baum, C., et al.: Publicly verifiable zero-knowledge and post-quantum signatures from VOLE-in-the-head. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023. LNCS, vol. 14085, pp. 581\u2013615. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38554-4_19","DOI":"10.1007\/978-3-031-38554-4_19"},{"key":"6_CR13","doi-asserted-by":"publisher","unstructured":"Baum, C., Jadoul, R., Orsini, E., Scholl, P., Smart, N.P.: Feta: efficient threshold designated-verifier zero-knowledge proofs. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, 7\u201311 November 2022, pp. 293\u2013306. ACM (2022). https:\/\/doi.org\/10.1145\/3548606.3559354","DOI":"10.1145\/3548606.3559354"},{"key":"6_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1007\/978-3-030-75245-3_11","volume-title":"Public-Key Cryptography \u2013 PKC 2021","author":"C Baum","year":"2021","unstructured":"Baum, C., de Saint Guilhem, C.D., Kales, D., Orsini, E., Scholl, P., Zaverucha, G.: Banquet: short and fast signatures from AES. In: Garay, J.A. (ed.) PKC 2021. LNCS, vol. 12710, pp. 266\u2013297. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-75245-3_11"},{"key":"6_CR15","doi-asserted-by":"publisher","unstructured":"Bellare, M., Hoang, V.T.: Succinctly-committing authenticated encryption. In: Reyzin, L., Stebila, D. (eds.) CRYPTO 2024. LNCS, vol. 14923, pp. 305\u2013339. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68385-5_10","DOI":"10.1007\/978-3-031-68385-5_10"},{"key":"6_CR16","doi-asserted-by":"publisher","unstructured":"Bhaumik, R., Chakraborty, B., Choi, W., Dutta, A., Govinden, J., Shen, Y.: The committing security of MACs with applications to generic composition. In: Reyzin, L., Stebila, D. (eds.) CRYPTO 2024. LNCS, vol. 14923, pp. 425\u2013462. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68385-5_14","DOI":"10.1007\/978-3-031-68385-5_14"},{"issue":"2","key":"6_CR17","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/s00145-013-9162-9","volume":"28","author":"E Biham","year":"2013","unstructured":"Biham, E., Dunkelman, O., Keller, N., Shamir, A.: New attacks on IDEA with at least 6 rounds. J. Cryptol. 28(2), 209\u2013239 (2013). https:\/\/doi.org\/10.1007\/s00145-013-9162-9","journal-title":"J. Cryptol."},{"key":"6_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-642-03356-8_14","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"A Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D., Nikoli\u0107, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231\u2013249. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_14"},{"key":"6_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-3-319-13051-4_5","volume-title":"Selected Areas in Cryptography \u2013 SAC 2014","author":"A Biryukov","year":"2014","unstructured":"Biryukov, A., Nikoli\u0107, I.: Colliding keys for SC2000-256. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 77\u201391. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13051-4_5"},{"key":"6_CR20","doi-asserted-by":"publisher","unstructured":"Bogdanov, A., Rechberger, C.: A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN. In: SAC, pp. 229\u2013240 (2010). https:\/\/doi.org\/10.1007\/978-3-642-19574-7_16","DOI":"10.1007\/978-3-642-19574-7_16"},{"issue":"11","key":"6_CR21","doi-asserted-by":"publisher","first-page":"7002","DOI":"10.1109\/TIT.2012.2207880","volume":"58","author":"C Bouillaguet","year":"2012","unstructured":"Bouillaguet, C., Derbez, P., Dunkelman, O., Fouque, P., Keller, N., Rijmen, V.: Low-data complexity attacks on AES. IEEE Trans. Inf. Theory 58(11), 7002\u20137017 (2012). https:\/\/doi.org\/10.1109\/TIT.2012.2207880","journal-title":"IEEE Trans. Inf. Theory"},{"key":"6_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1007\/978-3-642-22792-9_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"C Bouillaguet","year":"2011","unstructured":"Bouillaguet, C., Derbez, P., Fouque, P.-A.: Automatic search of attacks on round-reduced AES and applications. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 169\u2013187. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_10"},{"key":"6_CR23","doi-asserted-by":"publisher","unstructured":"Boyle, E., Couteau, G., Gilboa, N., Ishai, Y.: Compressing vector OLE. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) CCS, pp. 896\u2013912. ACM (2018). https:\/\/doi.org\/10.1145\/3243734.3243868","DOI":"10.1145\/3243734.3243868"},{"key":"6_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-642-40041-4_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"A Canteaut","year":"2013","unstructured":"Canteaut, A., Naya-Plasencia, M., Vayssi\u00e8re, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 222\u2013240. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_13"},{"key":"6_CR25","unstructured":"Chen, M.S., et\u00a0al.: Preon: zk-SNARK based signature scheme (2023). https:\/\/csrc.nist.gov\/csrc\/media\/Projects\/pqc-dig-sig\/documents\/round-1\/spec-files\/Preon-spec-web.pdf"},{"key":"6_CR26","doi-asserted-by":"publisher","unstructured":"Chen, S., Dong, X., Guo, J., Zhang, T.: Chosen-prefix collisions on aes-like hashing. IACR Trans. Symmetric Cryptol. 2024(4), 64\u201396 (2024). https:\/\/doi.org\/10.46586\/tosc.v2024.i4.64-96","DOI":"10.46586\/tosc.v2024.i4.64-96"},{"key":"6_CR27","doi-asserted-by":"publisher","unstructured":"Chen, S., Guo, J., List, E., Shi, D., Zhang, T.: Diving deep into the preimage security of AES-Like hashing. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024. LNCS, vol. 14651, pp. 398\u2013426. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-58716-0_14","DOI":"10.1007\/978-3-031-58716-0_14"},{"key":"6_CR28","unstructured":"Chen, S., Guo, J., List, E., Shi, D., Zhang, T.: Scrutinizing the security of AES-based hashing and one-way functions. Cryptology ePrint Archive, Paper 2025\/792 (2025). https:\/\/eprint.iacr.org\/2025\/792"},{"key":"6_CR29","unstructured":"Chen, Y.L., et al.: Proposal of requirements for an accordion mode: discussion draft for the NIST accordion mode workshop 2024. Technical report, US National Institute for Standards in Technology (2024). https:\/\/csrc.nist.gov\/pubs\/other\/2024\/04\/10\/proposal-of-requirements-for-an-accordion-mode-dis\/iprd"},{"key":"6_CR30","doi-asserted-by":"publisher","unstructured":"Chen, Y.L., et al.: Key committing security of AEZ and more. IACR Trans. Symmetric Cryptol. 2023(4), 452\u2013488 (2023). https:\/\/doi.org\/10.46586\/tosc.v2023.i4.452-488","DOI":"10.46586\/tosc.v2023.i4.452-488"},{"key":"6_CR31","doi-asserted-by":"publisher","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Cham (2002). https:\/\/doi.org\/10.1007\/978-3-662-04722-4","DOI":"10.1007\/978-3-662-04722-4"},{"key":"6_CR32","unstructured":"Derbez, P.: Meet-in-the-middle attacks on AES. Ph.D. thesis, Ecole Normale Sup\u00e9rieure de Paris-ENS Paris (2013)"},{"issue":"6","key":"6_CR33","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1109\/C-M.1977.217750","volume":"10","author":"W Diffie","year":"1977","unstructured":"Diffie, W., Hellman, M.E.: Special feature exhaustive cryptanalysis of the NBS data encryption standard. IEEE Comput. 10(6), 74\u201384 (1977). https:\/\/doi.org\/10.1109\/C-M.1977.217750","journal-title":"IEEE Comput."},{"key":"6_CR34","unstructured":"Ding, C., Huang, Y.: Dubhe: succinct zero-knowledge proofs for standard AES and related applications. In: Calandrino, J.A., Troncoso, C. (eds.) 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, 9\u201311 August 2023, pp. 4373\u20134390. USENIX Association (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/ding-changchang"},{"key":"6_CR35","doi-asserted-by":"crossref","unstructured":"Ding, C., Huang, Y.: Phecda: post-quantum transparent zkSNARKs from improved polynomial commitment and VOLE-in-the-head with application in publicly verifiable AES. In: 2025 IEEE Symposium on Security and Privacy (SP), p. 55. IEEE Computer Society, Los Alamitos (2025). https:\/\/doi.ieeecomputersociety.org\/10.1109\/SP61157.2025.00055","DOI":"10.1109\/SP61157.2025.00055"},{"key":"6_CR36","doi-asserted-by":"publisher","unstructured":"Dobraunig, C., Kales, D., Rechberger, C., Schofnegger, M., Zaverucha, G.: Shorter signatures based on tailor-made minimalist symmetric-key crypto. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, CA, USA, 7\u201311 November 2022, pp. 843\u2013857. ACM (2022). https:\/\/doi.org\/10.1145\/3548606.3559353","DOI":"10.1145\/3548606.3559353"},{"key":"6_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1007\/978-3-319-96884-1_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"Y Dodis","year":"2018","unstructured":"Dodis, Y., Grubbs, P., Ristenpart, T., Woodage, J.: Fast message franking: from invisible salamanders to encryptment. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 155\u2013186. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_6"},{"key":"6_CR38","doi-asserted-by":"publisher","unstructured":"Dong, X., Guo, J., Li, S., Pham, P.: Triangulating rebound attack on AES-like hashing. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13507, pp. 94\u2013124. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15802-5_4","DOI":"10.1007\/978-3-031-15802-5_4"},{"key":"6_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-030-84252-9_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"X Dong","year":"2021","unstructured":"Dong, X., Hua, J., Sun, S., Li, Z., Wang, X., Hu, L.: Meet-in-the-middle attacks revisited: key-recovery, collision, and preimage attacks. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12827, pp. 278\u2013308. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84252-9_10"},{"key":"6_CR40","unstructured":"Dong, X., Li, S., Pham, P.: Chosen-key distinguishing attacks on full AES-192, AES-256, KIASU-BC, and more. IACR Cryptol. ePrint Arch. 1095 (2023). https:\/\/eprint.iacr.org\/2023\/1095"},{"key":"6_CR41","doi-asserted-by":"publisher","unstructured":"Dong, X., Zhao, B., Qin, L., Hou, Q., Zhang, S., Wang, X.: Generic MITM attack frameworks on sponge constructions. In: Reyzin, L., Stebila, D. (eds.) CRYPTO 2024, Part IV. LNCS, pp. 3\u201337. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-68385-5_1","DOI":"10.1007\/978-3-031-68385-5_1"},{"key":"6_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-642-29011-4_21","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"O Dunkelman","year":"2012","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: Minimalism in cryptography: the even-mansour scheme revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 336\u2013354. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_21"},{"key":"6_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1007\/978-3-642-13858-4_21","volume-title":"Fast Software Encryption","author":"H Gilbert","year":"2010","unstructured":"Gilbert, H., Peyrin, T.: Super-Sbox cryptanalysis: improved attacks for AES-like permutations. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 365\u2013383. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13858-4_21"},{"key":"6_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1007\/978-3-319-63697-9_3","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"P Grubbs","year":"2017","unstructured":"Grubbs, P., Lu, J., Ristenpart, T.: Message franking via committing authenticated encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 66\u201397. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_3"},{"key":"6_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-642-17373-8_4","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Guo","year":"2010","unstructured":"Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56\u201375. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_4"},{"key":"6_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/978-3-030-45724-2_9","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"A Hosoyamada","year":"2020","unstructured":"Hosoyamada, A., Sasaki, Yu.: Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 249\u2013279. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_9"},{"key":"6_CR47","doi-asserted-by":"publisher","unstructured":"Hou, Q., Dong, X., Qin, L., Zhang, G., Wang, X.: Automated meet-in-the-middle attack goes to feistel. In: Guo, J., Steinfeld, R. (eds.) ASIACRYPT 2023. LNCS, vol. 14440, pp. 370\u2013404. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-981-99-8727-6_13","DOI":"10.1007\/978-981-99-8727-6_13"},{"key":"6_CR48","doi-asserted-by":"publisher","unstructured":"Hua, J., Dong, X., Sun, S., Zhang, Z., Hu, L., Wang, X.: Improved MITM cryptanalysis on streebog. IACR Trans. Symmetric Cryptol. 2022(2), 63\u201391 (2022). https:\/\/doi.org\/10.46586\/tosc.v2022.i2.63-91","DOI":"10.46586\/tosc.v2022.i2.63-91"},{"issue":"3","key":"6_CR49","doi-asserted-by":"publisher","first-page":"1121","DOI":"10.1137\/080725398","volume":"39","author":"Y Ishai","year":"2009","unstructured":"Ishai, Y., Kushilevitz, E., Ostrovsky, R., Sahai, A.: Zero-knowledge proofs from secure multiparty computation. SIAM J. Comput. 39(3), 1121\u20131152 (2009). https:\/\/doi.org\/10.1137\/080725398","journal-title":"SIAM J. Comput."},{"issue":"1","key":"6_CR50","doi-asserted-by":"publisher","first-page":"172","DOI":"10.1007\/s00145-012-9118-5","volume":"26","author":"T Isobe","year":"2012","unstructured":"Isobe, T.: A single-key attack on the full GOST block cipher. J. Cryptol. 26(1), 172\u2013189 (2012). https:\/\/doi.org\/10.1007\/s00145-012-9118-5","journal-title":"J. Cryptol."},{"key":"6_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"71","DOI":"10.1007\/978-3-642-31448-3_6","volume-title":"Information Security and Privacy","author":"T Isobe","year":"2012","unstructured":"Isobe, T., Shibutani, K.: Security analysis of the lightweight block ciphers XTEA, LED and piccolo. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 71\u201386. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-31448-3_6"},{"key":"6_CR52","unstructured":"ISO\/IEC: ISO\/IEC 10118-2: 2018. IT Security techniques - Hash-functions - part 2: hash-functions using an n-bit block cipher (2010)"},{"key":"6_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/3-540-68697-5_19","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"J Kelsey","year":"1996","unstructured":"Kelsey, J., Schneier, B., Wagner, D.: Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237\u2013251. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_19"},{"key":"6_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-642-34047-5_15","volume-title":"Fast Software Encryption","author":"D Khovratovich","year":"2012","unstructured":"Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on skein-512 and the SHA-2 family. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 244\u2013263. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_15"},{"key":"6_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/978-3-642-10366-7_8","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"M Lamberger","year":"2009","unstructured":"Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schl\u00e4ffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126\u2013143. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_8"},{"key":"6_CR56","unstructured":"Len, J., Grubbs, P., Ristenpart, T.: Partitioning oracle attacks. In: Bailey, M.D., Greenstadt, R. (eds.) USENIX S &P, pp. 195\u2013212. USENIX Association (2021). https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/len"},{"key":"6_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1007\/978-3-642-34047-5_16","volume-title":"Fast Software Encryption","author":"J Li","year":"2012","unstructured":"Li, J., Isobe, T., Shibutani, K.: Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 264\u2013286. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_16"},{"key":"6_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/978-3-642-03317-9_16","volume-title":"Fast Software Encryption","author":"F Mendel","year":"2009","unstructured":"Mendel, F., Rechberger, C., Schl\u00e4ffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced whirlpool and Gr\u00f8stl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260\u2013276. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03317-9_16"},{"key":"6_CR59","unstructured":"Ni, J., Li, Y., Liu, F., Wang, G.: Practical key collision on AES and kiasu-bc. IACR Cryptol. ePrint Arch. 462 (2025). https:\/\/eprint.iacr.org\/2025\/462"},{"key":"6_CR60","unstructured":"NIST: Advanced Encryption Standard (AES). Federal Information Processing Standards (NIST FIPS), National Institute of Standards and Technology (2001)"},{"key":"6_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"B Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368\u2013378. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_31"},{"key":"6_CR62","doi-asserted-by":"publisher","unstructured":"Qin, L., Hua, J., Dong, X., Yan, H., Wang, X.: Meet-in-the-middle preimage attacks on sponge-based hashing. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14007, pp. 158\u2013188. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30634-1_6","DOI":"10.1007\/978-3-031-30634-1_6"},{"key":"6_CR63","unstructured":"Robshaw, M.: A cryptographic review of Cipherunicorn-A (2001). https:\/\/www.cryptrec.go.jp\/exreport\/cryptrec-ex-1031-2001.pdf"},{"key":"6_CR64","doi-asserted-by":"publisher","unstructured":"Roy, L.: SoftSpokenOT: quieter OT extension from small-field silent VOLE in the minicrypt model. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part I. LNCS, vol. 13507, pp. 657\u2013687. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15802-5_23","DOI":"10.1007\/978-3-031-15802-5_23"},{"key":"6_CR65","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"669","DOI":"10.1007\/978-3-030-38471-5_27","volume-title":"Selected Areas in Cryptography \u2013 SAC 2019","author":"CD de Saint Guilhem","year":"2020","unstructured":"de Saint Guilhem, C.D., De Meyer, L., Orsini, E., Smart, N.P.: BBQ: using AES in picnic signatures. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 669\u2013692. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-38471-5_27"},{"key":"6_CR66","doi-asserted-by":"publisher","unstructured":"de\u00a0Saint\u00a0Guilhem, C.D., Orsini, E., Tanguy, T.: Limbo: efficient zero-knowledge MPCitH-based arguments. In: Kim, Y., Kim, J., Vigna, G., Shi, E. (eds.) CCS 2021: 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, Republic of Korea, 15\u201319 November 2021, pp. 3022\u20133036. ACM (2021). https:\/\/doi.org\/10.1145\/3460120.3484595","DOI":"10.1145\/3460120.3484595"},{"key":"6_CR67","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/978-3-642-21702-9_22","volume-title":"Fast Software Encryption","author":"Yu Sasaki","year":"2011","unstructured":"Sasaki, Yu.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378\u2013396. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21702-9_22"},{"key":"6_CR68","doi-asserted-by":"publisher","unstructured":"Sasaki, Y.: Integer linear programming for three-subset meet-in-the-middle attacks: application to GIFT. In: Advances in Information and Computer Security - 13th International Workshop on Security, IWSEC 2018, Sendai, Japan, 3\u20135 September 2018, pp. 227\u2013243 (2018). https:\/\/doi.org\/10.1007\/978-3-319-97916-8_15","DOI":"10.1007\/978-3-319-97916-8_15"},{"key":"6_CR69","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/978-3-540-89255-7_16","volume-title":"Advances in Cryptology - ASIACRYPT 2008","author":"Yu Sasaki","year":"2008","unstructured":"Sasaki, Yu., Aoki, K.: Preimage attacks on 3, 4, and 5-pass HAVAL. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 253\u2013271. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-89255-7_16"},{"key":"6_CR70","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-642-01001-9_8","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"Yu Sasaki","year":"2009","unstructured":"Sasaki, Yu., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134\u2013152. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-01001-9_8"},{"key":"6_CR71","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1007\/978-3-642-31410-0_9","volume-title":"Progress in Cryptology - AFRICACRYPT 2012","author":"Yu Sasaki","year":"2012","unstructured":"Sasaki, Yu., Wang, L., Sakai, Y., Sakiyama, K., Ohta, K.: Three-subset meet-in-the-middle attack on reduced XTEA. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 138\u2013154. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-31410-0_9"},{"key":"6_CR72","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"562","DOI":"10.1007\/978-3-642-34961-4_34","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"Yu Sasaki","year":"2012","unstructured":"Sasaki, Yu., Wang, L., Wu, S., Wu, W.: Investigating fundamental security requirements on whirlpool: improved preimage and collision attacks. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 562\u2013579. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34961-4_34"},{"key":"6_CR73","doi-asserted-by":"publisher","unstructured":"Schrottenloher, A., Stevens, M.: Simplified MITM modeling for permutations: new (quantum) attacks. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13509, pp. 717\u2013747. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15982-4_24","DOI":"10.1007\/978-3-031-15982-4_24"},{"key":"6_CR74","doi-asserted-by":"publisher","unstructured":"Schrottenloher, A., Stevens, M.: Simplified modeling of MITM attacks for block ciphers: new (quantum) attacks. IACR Trans. Symmetric Cryptol. 2023(3), 146\u2013183 (2023). https:\/\/doi.org\/10.46586\/tosc.v2023.i3.146-183","DOI":"10.46586\/tosc.v2023.i3.146-183"},{"key":"6_CR75","doi-asserted-by":"publisher","unstructured":"Taiyama, K., Sakamoto, K., Ito, R., Taka, K., Isobe, T.: Key collisions on AES and its applications. In: Chung, K., Sasaki, Y. (eds.) ASIACRYPT VII. LNCS, vol. 15490, pp. 267\u2013300. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-981-96-0941-3_9","DOI":"10.1007\/978-981-96-0941-3_9"},{"key":"6_CR76","doi-asserted-by":"publisher","unstructured":"Takahashi, A., Zaverucha, G.: Verifiable encryption from MPC-in-the-head. IACR Commun. Cryptol. 1(1), 3 (2024). https:\/\/doi.org\/10.62056\/a3wa3zl7s","DOI":"10.62056\/a3wa3zl7s"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-5018-0_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,7]],"date-time":"2025-12-07T11:57:00Z","timestamp":1765108620000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-5018-0_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,8]]},"ISBN":["9789819550173","9789819550180"],"references-count":76,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-5018-0_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,8]]},"assertion":[{"value":"8 December 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 December 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 December 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/asiacrypt.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}