{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T07:01:08Z","timestamp":1777964468608,"version":"3.51.4"},"publisher-location":"Singapore","reference-count":63,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819987269","type":"print"},{"value":"9789819987276","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-981-99-8727-6_1","type":"book-chapter","created":{"date-parts":[[2023,12,17]],"date-time":"2023-12-17T08:02:20Z","timestamp":1702800140000},"page":"3-33","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Quantum Attacks on\u00a0Hash Constructions with\u00a0Low Quantum Random Access Memory"],"prefix":"10.1007","author":[{"given":"Xiaoyang","family":"Dong","sequence":"first","affiliation":[]},{"given":"Shun","family":"Li","sequence":"additional","affiliation":[]},{"given":"Phuong","family":"Pham","sequence":"additional","affiliation":[]},{"given":"Guoyan","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,12,18]]},"reference":[{"issue":"1","key":"1_CR1","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1137\/S0097539705447311","volume":"37","author":"A Ambainis","year":"2007","unstructured":"Ambainis, A.: Quantum walk algorithm for element distinctness. SIAM J. Comput. 37(1), 210\u2013239 (2007)","journal-title":"SIAM J. Comput."},{"issue":"4","key":"1_CR2","doi-asserted-by":"publisher","first-page":"657","DOI":"10.1007\/s00145-015-9206-4","volume":"29","author":"E Andreeva","year":"2016","unstructured":"Andreeva, E., et al.: New second-preimage attacks on hash functions. J. Cryptol. 29(4), 657\u2013696 (2016)","journal-title":"J. Cryptol."},{"key":"1_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1007\/978-3-642-05445-7_25","volume-title":"Selected Areas in Cryptography","author":"E Andreeva","year":"2009","unstructured":"Andreeva, E., Bouillaguet, C., Dunkelman, O., Kelsey, J.: Herding, second preimage and trojan message attacks beyond Merkle-Damg\u00e5rd. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 393\u2013414. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-05445-7_25"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1007\/978-3-540-78967-3_16","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"E Andreeva","year":"2008","unstructured":"Andreeva, E., et al.: Second preimage attacks on dithered hash functions. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 270\u2013288. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_16"},{"key":"1_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1007\/978-3-319-72565-9_16","volume-title":"Selected Areas in Cryptography \u2013 SAC 2017","author":"G Banegas","year":"2018","unstructured":"Banegas, G., Bernstein, D.J.: Low-communication parallel quantum multi-target preimage search. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 325\u2013335. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-72565-9_16"},{"issue":"3","key":"1_CR6","doi-asserted-by":"publisher","first-page":"742","DOI":"10.1007\/s00145-019-09328-w","volume":"33","author":"Z Bao","year":"2020","unstructured":"Bao, Z., Dinur, I., Guo, J., Leurent, G., Wang, L.: Generic attacks on hash combiners. J. Cryptol. 33(3), 742\u2013823 (2020)","journal-title":"J. Cryptol."},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"687","DOI":"10.1007\/978-3-031-23020-2_39","volume-title":"Network and System Security - NSS 2022","author":"Z Bao","year":"2022","unstructured":"Bao, Z., Guo, J., Li, S., Pham, P.: Evaluating the security of Merkle-Damg\u00e5rd hash functions and combiners in quantum settings. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds.) NSS 2022. LNCS, vol. 13787, pp. 687\u2013711. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-23020-2_39"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/978-3-319-63715-0_14","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"Z Bao","year":"2017","unstructured":"Bao, Z., Wang, L., Guo, J., Gu, D.: Functional graph revisited: updates on (second) preimage attacks on hash combiners. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 404\u2013427. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63715-0_14"},{"key":"1_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1007\/978-3-031-22969-5_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2022","author":"BJ Benedikt","year":"2022","unstructured":"Benedikt, B.J., Fischlin, M., Huppert, M.: Nostradamus goes quantum. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022. LNCS, vol. 13793, pp. 583\u2013613. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22969-5_20"},{"key":"1_CR10","first-page":"105","volume":"9","author":"DJ Bernstein","year":"2009","unstructured":"Bernstein, D.J.: Cost analysis of hash collisions: will quantum computers make SHARCS obsolete. SHARCS 9, 105 (2009)","journal-title":"SHARCS"},{"key":"1_CR11","unstructured":"Biham, E., Dunkelman, O.: A framework for iterative hash functions - HAIFA. IACR Cryptology ePrint Archive, p. 278 (2007)"},{"issue":"1\u20132","key":"1_CR12","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/s10623-010-9481-x","volume":"64","author":"SR Blackburn","year":"2012","unstructured":"Blackburn, S.R., Stinson, D.R., Upadhyay, J.: On the complexity of the herding attack and some related attacks on hash functions. Des. Codes Cryptogr. 64(1\u20132), 171\u2013193 (2012)","journal-title":"Des. Codes Cryptogr."},{"key":"1_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"552","DOI":"10.1007\/978-3-030-34578-5_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"X Bonnetain","year":"2019","unstructured":"Bonnetain, X., Hosoyamada, A., Naya-Plasencia, M., Sasaki, Yu., Schrottenloher, A.: Quantum attacks without superposition queries: the offline Simon\u2019s algorithm. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 552\u2013583. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34578-5_20"},{"issue":"1","key":"1_CR14","first-page":"1","volume":"2022","author":"X Bonnetain","year":"2022","unstructured":"Bonnetain, X., Jaques, S.: Quantum period finding against symmetric primitives in practice. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2022(1), 1\u201327 (2022)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"422","DOI":"10.1007\/978-3-030-92062-3_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"X Bonnetain","year":"2021","unstructured":"Bonnetain, X., Leurent, G., Naya-Plasencia, M., Schrottenloher, A.: Quantum linearization attacks. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part I. LNCS, vol. 13090, pp. 422\u2013452. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92062-3_15"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"560","DOI":"10.1007\/978-3-030-03326-2_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"X Bonnetain","year":"2018","unstructured":"Bonnetain, X., Naya-Plasencia, M.: Hidden shift quantum cryptanalysis and implications. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part I. LNCS, vol. 11272, pp. 560\u2013592. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03326-2_19"},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"492","DOI":"10.1007\/978-3-030-38471-5_20","volume-title":"Selected Areas in Cryptography \u2013 SAC 2019","author":"X Bonnetain","year":"2020","unstructured":"Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: On quantum slide attacks. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 492\u2013519. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-38471-5_20"},{"key":"1_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-031-07082-2_12","volume-title":"Advances in Cryptology - EUROCRYPT 2022","author":"X Bonnetain","year":"2022","unstructured":"Bonnetain, X., Schrottenloher, A., Sibleyras, F.: Beyond quadratic speedups in quantum attacks on symmetric schemes. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part III. LNCS, vol. 13277, pp. 315\u2013344. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-07082-2_12"},{"key":"1_CR19","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1090\/conm\/305\/05215","volume":"305","author":"G Brassard","year":"2002","unstructured":"Brassard, G., Hoyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. Contemp. Math. 305, 53\u201374 (2002)","journal-title":"Contemp. Math."},{"key":"1_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/BFb0054319","volume-title":"LATIN\u201998: Theoretical Informatics","author":"G Brassard","year":"1998","unstructured":"Brassard, G., H\u00d8yer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Lucchesi, C.L., Moura, A.V. (eds.) LATIN 1998. LNCS, vol. 1380, pp. 163\u2013169. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0054319"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/978-3-319-70697-9_8","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"A Chailloux","year":"2017","unstructured":"Chailloux, A., Naya-Plasencia, M., Schrottenloher, A.: An efficient quantum collision search algorithm and implications on symmetric cryptography. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 211\u2013240. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70697-9_8"},{"key":"1_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"416","DOI":"10.1007\/0-387-34805-0_39","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"IB Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416\u2013427. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_39"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Dierks, T., Allen, C.: The TLS protocol version 1.0. Technical report (1999)","DOI":"10.17487\/rfc2246"},{"key":"1_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"484","DOI":"10.1007\/978-3-662-49890-3_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"I Dinur","year":"2016","unstructured":"Dinur, I.: New attacks on the concatenation and XOR hash combiners. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 484\u2013508. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49890-3_19"},{"issue":"6","key":"1_CR25","doi-asserted-by":"publisher","first-page":"1179","DOI":"10.1007\/s10623-020-00741-y","volume":"88","author":"X Dong","year":"2020","unstructured":"Dong, X., Dong, B., Wang, X.: Quantum attacks on some feistel block ciphers. Des. Codes Cryptogr. 88(6), 1179\u20131203 (2020)","journal-title":"Des. Codes Cryptogr."},{"key":"1_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1007\/978-3-031-15802-5_4","volume-title":"Advances in Cryptology - CRYPTO 2022","author":"X Dong","year":"2022","unstructured":"Dong, X., Guo, J., Li, S., Pham, P.: Triangulating rebound attack on AES-like hashing. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022. LNCS, vol. 13507, pp. 94\u2013124. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15802-5_4"},{"key":"1_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"727","DOI":"10.1007\/978-3-030-64834-3_25","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"X Dong","year":"2020","unstructured":"Dong, X., Sun, S., Shi, D., Gao, F., Wang, X., Hu, L.: Quantum collision attacks on AES-like hashing with low quantum random access memories. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part II. LNCS, vol. 12492, pp. 727\u2013757. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64834-3_25"},{"key":"1_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/978-3-030-92062-3_9","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2021","author":"X Dong","year":"2021","unstructured":"Dong, X., Zhang, Z., Sun, S., Wei, C., Wang, X., Hu, L.: Automatic classical and quantum rebound attacks on AES-like hashing by exploiting related-key differentials. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021, Part I. LNCS, vol. 13090, pp. 241\u2013271. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-92062-3_9"},{"key":"1_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-030-64837-4_2","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"A Fl\u00f3rez Guti\u00e9rrez","year":"2020","unstructured":"Fl\u00f3rez Guti\u00e9rrez, A., Leurent, G., Naya-Plasencia, M., Perrin, L., Schrottenloher, A., Sibleyras, F.: New results on Gimli: full-permutation distinguishers and improved collisions. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part I. LNCS, vol. 12491, pp. 33\u201363. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64837-4_2"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Freier, A., Karlton, P., Kocher, P.: The secure sockets layer (SSL) protocol version 3.0. Technical report (2011)","DOI":"10.17487\/rfc6101"},{"issue":"5","key":"1_CR31","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevA.78.052310","volume":"78","author":"V Giovannetti","year":"2008","unstructured":"Giovannetti, V., Lloyd, S., Maccone, L.: Architectures for a quantum random access memory. Phys. Rev. A 78(5), 052310 (2008)","journal-title":"Phys. Rev. A"},{"issue":"16","key":"1_CR32","doi-asserted-by":"publisher","DOI":"10.1103\/PhysRevLett.100.160501","volume":"100","author":"V Giovannetti","year":"2008","unstructured":"Giovannetti, V., Lloyd, S., Maccone, L.: Quantum random access memory. Phys. Rev. Lett. 100(16), 160501 (2008)","journal-title":"Phys. Rev. Lett."},{"key":"1_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"527","DOI":"10.1007\/978-3-030-03326-2_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"L Grassi","year":"2018","unstructured":"Grassi, L., Naya-Plasencia, M., Schrottenloher, A.: Quantum algorithms for the $$k$$-xor problem. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part I. LNCS, vol. 11272, pp. 527\u2013559. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03326-2_18"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, 22\u201324 May 1996, pp. 212\u2013219 (1996)","DOI":"10.1145\/237814.237866"},{"key":"1_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-319-76953-0_11","volume-title":"Topics in Cryptology \u2013 CT-RSA 2018","author":"A Hosoyamada","year":"2018","unstructured":"Hosoyamada, A., Sasaki, Yu.: Cryptanalysis against symmetric-key schemes with online classical queries and offline quantum computations. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 198\u2013218. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-76953-0_11"},{"key":"1_CR36","doi-asserted-by":"crossref","unstructured":"Hosoyamada, A., Sasaki, Yu.: Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. IACR Cryptology ePrint Archive 2020:213 (2020)","DOI":"10.1007\/978-3-030-45724-2_9"},{"key":"1_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"616","DOI":"10.1007\/978-3-030-84242-0_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"A Hosoyamada","year":"2021","unstructured":"Hosoyamada, A., Sasaki, Yu.: Quantum collision attacks on reduced SHA-256 and SHA-512. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part I. LNCS, vol. 12825, pp. 616\u2013646. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84242-0_22"},{"key":"1_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1007\/978-3-030-12612-4_20","volume-title":"Topics in Cryptology \u2013 CT-RSA 2019","author":"G Ito","year":"2019","unstructured":"Ito, G., Hosoyamada, A., Matsumoto, R., Sasaki, Yu., Iwata, T.: Quantum chosen-ciphertext attacks against feistel ciphers. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 391\u2013411. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-12612-4_20"},{"key":"1_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1007\/978-3-030-81652-0_13","volume-title":"Selected Areas in Cryptography","author":"S Jaques","year":"2021","unstructured":"Jaques, S., Schrottenloher, A.: Low-gate quantum golden collision\u00a0finding. In: Dunkelman, O., Jacobson, Jr., M.J., O\u2019Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 329\u2013359. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-81652-0_13"},{"key":"1_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-540-28628-8_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"A Joux","year":"2004","unstructured":"Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306\u2013316. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-28628-8_19"},{"key":"1_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-662-53008-5_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"M Kaplan","year":"2016","unstructured":"Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Breaking symmetric cryptosystems using\u00a0quantum\u00a0period finding. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 207\u2013237. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_8"},{"key":"1_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/11761679_12","volume-title":"Advances in Cryptology - EUROCRYPT 2006","author":"J Kelsey","year":"2006","unstructured":"Kelsey, J., Kohno, T.: Herding hash functions and the nostradamus attack. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 183\u2013200. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11761679_12"},{"key":"1_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1007\/11426639_28","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J Kelsey","year":"2005","unstructured":"Kelsey, J., Schneier, B.: Second preimages on n-bit hash functions for much less than 2n work. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 474\u2013490. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_28"},{"key":"1_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"524","DOI":"10.1007\/978-3-642-42045-0_27","volume-title":"Advances in Cryptology - ASIACRYPT 2013","author":"T Kortelainen","year":"2013","unstructured":"Kortelainen, T., Kortelainen, J.: On diamond structures and trojan message attacks. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part II. LNCS, vol. 8270, pp. 524\u2013539. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-42045-0_27"},{"key":"1_CR45","unstructured":"Kuperberg, G.: Another subexponential-time quantum algorithm for the dihedral hidden subgroup problem. In: Severini, S., Brand\u00e3o, F.G.S.L. (eds.) 8th Conference on the Theory of Quantum Computation, Communication and Cryptography, TQC 2013, 21\u201323 May 2013, Guelph, Canada, volume 22 of LIPIcs, pp. 20\u201334. Schloss Dagstuhl - Leibniz-Zentrum f\u00fcr Informatik (2013)"},{"key":"1_CR46","doi-asserted-by":"crossref","unstructured":"Kuwakado, H., Morii, M.: Quantum distinguisher between the 3-round feistel cipher and the random permutation. In: IEEE International Symposium on Information Theory, ISIT 2010, 13\u201318 June 2010, Austin, Texas, USA, Proceedings, pp. 2682\u20132685 (2010)","DOI":"10.1109\/ISIT.2010.5513654"},{"key":"1_CR47","unstructured":"Kuwakado, H., Morii, M.: Security on the quantum-type even-mansour cipher. In: Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, Honolulu, HI, USA, 28\u201331 October 2012, pp. 312\u2013316 (2012)"},{"key":"1_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-319-70697-9_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"G Leander","year":"2017","unstructured":"Leander, G., May, A.: Grover meets Simon \u2013 quantumly attacking the FX-construction. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 161\u2013178. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70697-9_6"},{"key":"1_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1007\/978-3-662-46800-5_14","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"G Leurent","year":"2015","unstructured":"Leurent, G., Wang, L.: The sum can be weaker than each part. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 345\u2013367. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_14"},{"key":"1_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"358","DOI":"10.1007\/978-3-540-74462-7_25","volume-title":"Selected Areas in Cryptography","author":"M Liskov","year":"2007","unstructured":"Liskov, M.: Constructing an ideal hash function from weak ideal compression functions. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 358\u2013375. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74462-7_25"},{"key":"1_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-642-10366-7_9","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"F Mendel","year":"2009","unstructured":"Mendel, F., Rechberger, C., Schl\u00e4ffer, M.: MD5 is weaker than weak: attacks on concatenated combiners. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 144\u2013161. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_9"},{"key":"1_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/0-387-34805-0_21","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings","author":"RC Merkle","year":"1990","unstructured":"Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218\u2013238. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34805-0_21"},{"key":"1_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-3-030-45724-2_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"M Naya-Plasencia","year":"2020","unstructured":"Naya-Plasencia, M., Schrottenloher, A.: Optimal merging in quantum $$k$$-xor and k-sum algorithms. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part II. LNCS, vol. 12106, pp. 311\u2013340. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_11"},{"key":"1_CR54","unstructured":"Nielsen, Chuang, I.L.: Quantum Computation and Quantum Information, 10th Anniversary edn. Cambridge University Press, Cambridge (2016)"},{"key":"1_CR55","unstructured":"NIST. The post quantum project. https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography"},{"key":"1_CR56","unstructured":"Preneel, B.: Analysis and design of cryptographic hash functions. Ph.D. thesis, Katholieke Universiteit te Leuven Leuven (1993)"},{"key":"1_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"258","DOI":"10.1007\/978-3-031-38554-4_9","volume-title":"Advances in Cryptology - CRYPTO 2023","author":"A Schrottenloher","year":"2023","unstructured":"Schrottenloher, A.: Quantum linear key-recovery attacks using the QFT. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023. LNCS, vol. 14085, pp. 258\u2013291. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38554-4_9"},{"key":"1_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"717","DOI":"10.1007\/978-3-031-15982-4_24","volume-title":"Advances in Cryptology - CRYPTO 2022","author":"A Schrottenloher","year":"2022","unstructured":"Schrottenloher, A., Stevens, M.: Simplified MITM modeling for permutations: new (quantum) attacks. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part III. LNCS, vol. 13509, pp. 717\u2013747. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-15982-4_24"},{"key":"1_CR59","doi-asserted-by":"crossref","unstructured":"Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: 35th Annual Symposium on Foundations of Computer Science, Santa Fe, New Mexico, USA, 20\u201322 November 1994, pp. 124\u2013134 (1994)","DOI":"10.1109\/SFCS.1994.365700"},{"issue":"5","key":"1_CR60","doi-asserted-by":"publisher","first-page":"1474","DOI":"10.1137\/S0097539796298637","volume":"26","author":"DR Simon","year":"1997","unstructured":"Simon, D.R.: On the power of quantum computation. SIAM J. Comput. 26(5), 1474\u20131483 (1997)","journal-title":"SIAM J. Comput."},{"key":"1_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"570","DOI":"10.1007\/978-3-319-63688-7_19","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"M Stevens","year":"2017","unstructured":"Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 570\u2013596. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63688-7_19"},{"key":"1_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/11535218_2","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17\u201336. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11535218_2"},{"key":"1_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11426639_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"X Wang","year":"2005","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19\u201335. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_2"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2023"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-99-8727-6_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T01:02:46Z","timestamp":1765933366000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-99-8727-6_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9789819987269","9789819987276"],"references-count":63,"URL":"https:\/\/doi.org\/10.1007\/978-981-99-8727-6_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"18 December 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/asiacrypt.iacr.org\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"375","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"106","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}