{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T11:15:06Z","timestamp":1778152506325,"version":"3.51.4"},"reference-count":32,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2010,12,11]],"date-time":"2010-12-11T00:00:00Z","timestamp":1292025600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2012,4]]},"DOI":"10.1007\/s00145-010-9095-5","type":"journal-article","created":{"date-parts":[[2010,12,10]],"date-time":"2010-12-10T15:13:39Z","timestamp":1291994019000},"page":"271-309","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["A Simple Variant of the Merkle\u2013Damg\u00e5rd Scheme with\u00a0a\u00a0Permutation"],"prefix":"10.1007","volume":"25","author":[{"given":"Shoichi","family":"Hirose","sequence":"first","affiliation":[]},{"given":"Je Hong","family":"Park","sequence":"additional","affiliation":[]},{"given":"Aaram","family":"Yun","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2010,12,11]]},"reference":[{"key":"9095_CR1","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/978-3-540-76900-2_8","volume-title":"Advances in Cryptology\u2014ASIACRYPT 2007","author":"E. Andreeva","year":"2007","unstructured":"E. Andreeva, G. Neven, B. Preneel, T. Shrimpton, Seven-property-preserving iterated hashing: ROX, in Advances in Cryptology\u2014ASIACRYPT 2007. LNCS, vol. 4833 (2007), pp. 130\u2013146"},{"key":"9095_CR2","series-title":"LNCS","doi-asserted-by":"crossref","first-page":"252","DOI":"10.1007\/3-540-48405-1_16","volume-title":"Advances in Cryptology\u2014CRYPTO\u201999","author":"J.H. An","year":"1999","unstructured":"J.H. An, M. Bellare, Constructing VIL-MACs from FIL-MACs: message authentication under weakened assumptions, in Advances in Cryptology\u2014CRYPTO\u201999. LNCS, vol. 1666 (1999), pp. 252\u2013269"},{"key":"9095_CR3","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"602","DOI":"10.1007\/11818175_36","volume-title":"Advances in Cryptology\u2014CRYPTO 2006","author":"M. Bellare","year":"2006","unstructured":"M. Bellare, New proofs for NMAC and HMAC: security without collision-resistance, in Advances in Cryptology\u2014CRYPTO 2006. LNCS, vol. 4117 (2006), pp. 602\u2013619"},{"key":"9095_CR4","series-title":"LNCS","first-page":"1","volume-title":"Advances in Cryptology\u2014CRYPTO\u201996","author":"M. Bellare","year":"1996","unstructured":"M. Bellare, R. Canetti, H. Krawczyk, Keying hash functions for message authentication, in Advances in Cryptology\u2014CRYPTO\u201996. LNCS, vol. 1109 (1996), pp. 1\u201315"},{"key":"9095_CR5","first-page":"514","volume-title":"Proc. of FOCS\u201996","author":"M. Bellare","year":"1996","unstructured":"M. Bellare, R. Canetti, H. Krawczyk, Pseudorandom functions revisited: the cascade construction and its concrete security, in Proc. of FOCS\u201996 (1996), pp. 514\u2013523"},{"key":"9095_CR6","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1007\/3-540-39200-9_31","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2003","author":"M. Bellare","year":"2003","unstructured":"M. Bellare, T. Kohno, A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications, in Advances in Cryptology\u2014EUROCRYPT 2003. LNCS, vol. 2656 (2003), pp. 491\u2013506"},{"key":"9095_CR7","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/11935230_20","volume-title":"Advances in Cryptology\u2014ASIACRYPT 2006","author":"M. Bellare","year":"2006","unstructured":"M. Bellare, T. Ristenpart, Multi-property-preserving hash domain extension and the EMD transform, in Advances in Cryptology\u2014ASIACRYPT 2006. LNCS, vol. 4284 (2006), pp. 299\u2013314"},{"key":"9095_CR8","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1007\/978-3-540-73420-8_36","volume-title":"Automata, Languages and Programming\u2014ICALP 2007","author":"M. Bellare","year":"2007","unstructured":"M. Bellare, T. Ristenpart, Hash functions in the dedicated-key setting: design choices and MPP transforms, in Automata, Languages and Programming\u2014ICALP 2007. LNCS, vol. 4596 (2007), pp. 399\u2013410"},{"key":"9095_CR9","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"409","DOI":"10.1007\/11761679_25","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2006","author":"M. Bellare","year":"2006","unstructured":"M. Bellare, P. Rogaway, The security of triple encryption and a framework for code-based game-playing proofs, in Advances in Cryptology\u2014EUROCRYPT 2006. LNCS, vol. 4004 (2006), pp. 409\u2013426"},{"key":"9095_CR10","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/978-3-642-10628-6_14","volume-title":"Progress in Cryptology\u2014INDOCRYPT 2009","author":"R. Bhattacharyya","year":"2009","unstructured":"R. Bhattacharyya, A. Mandal, M. Nandi, Indifferentiability characterization of hash functions and optimal bounds of popular domain extensions, in Progress in Cryptology\u2014INDOCRYPT 2009. LNCS, vol. 5922 (2009), pp. 199\u2013218"},{"key":"9095_CR11","series-title":"LNCS","first-page":"293","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201993","author":"B. Boer den","year":"1994","unstructured":"B. den Boer, A. Mosselaers, Collisions for the compression function of MD5, in Advances in Cryptology\u2014EUROCRYPT\u201993. LNCS, vol. 765 (1994), pp. 293\u2013304"},{"key":"9095_CR12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1007\/11935230_19","volume-title":"Advances in Cryptology\u2014ASIACRYPT 2006","author":"D. Chang","year":"2006","unstructured":"D. Chang, S. Lee, M. Nandi, M. Yung, Indifferentiable security analysis of popular hash function with prefix-free padding, in Advances in Cryptology\u2014ASIACRYPT 2006. LNCS, vol. 4284 (2006), pp. 283\u2013298"},{"key":"9095_CR13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1007\/978-3-540-71039-4_27","volume-title":"Fast Software Encryption\u2014FSE 2008","author":"D. Chang","year":"2008","unstructured":"D. Chang, M. Nandi, Improved indifferentiability security analysis of chopMD hash function, in Fast Software Encryption\u2014FSE 2008. LNCS, vol. 5086 (2008), pp. 429\u2013443"},{"key":"9095_CR14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/11935230_3","volume-title":"Advances in Cryptology\u2014ASIACRYPT 2006","author":"S. Contini","year":"2006","unstructured":"S. Contini, Y.L. Yin, Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions, in Advances in Cryptology\u2014ASIACRYPT 2006. LNCS, vol. 4284 (2006), pp. 37\u201353"},{"key":"9095_CR15","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology\u2014CRYPTO 2005","author":"J.-S. Coron","year":"2005","unstructured":"J.-S. Coron, Y. Dodis, C. Malinaud, P. Puniya, Merkle\u2013Damg\u00e5rd revisited: how to construct a hash function, in Advances in Cryptology\u2014CRYPTO 2005. LNCS, vol. 3621 (2005), pp. 430\u2013448"},{"key":"9095_CR16","series-title":"LNCS","first-page":"416","volume-title":"Advances in Cryptology\u2014CRYPTO\u201989","author":"I. Damg\u00e5rd","year":"1989","unstructured":"I. Damg\u00e5rd, A design principle for hash functions, in Advances in Cryptology\u2014CRYPTO\u201989. LNCS, vol. 435 (1989), pp. 416\u2013427"},{"key":"9095_CR17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"262","DOI":"10.1007\/978-3-642-04159-4_17","volume-title":"Selected Areas in Cryptography\u2014SAC 2008","author":"S. Hirose","year":"2008","unstructured":"S. Hirose, H. Kuwakado, A scheme to base a hash function on a block cipher, in Selected Areas in Cryptography\u2014SAC 2008. LNCS, vol. 5381 (2008), pp. 262\u2013275"},{"key":"9095_CR18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1007\/978-3-540-76900-2_7","volume-title":"Advances in Cryptology\u2014ASIACRYPT 2007","author":"S. Hirose","year":"2007","unstructured":"S. Hirose, J.H. Park, A. Yun, A simple variant of the Merkle\u2013Damg\u00e5rd scheme with a permutation, in Advances in Cryptology\u2014ASIACRYPT 2007. LNCS, vol. 4833 (2007), pp. 113\u2013129"},{"key":"9095_CR19","unstructured":"J. Kelsey, in Public Comments on the Draft Federal Information Processing Standard (FIPS) Draft FIPS 180-2, Secure Hash Standard (SHS) (2001)"},{"key":"9095_CR20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1007\/11832072_17","volume-title":"Security and Cryptography for Networks\u2014SCN 2006","author":"J. Kim","year":"2006","unstructured":"J. Kim, A. Biryukov, B. Preneel, S. Lee, On the security of HMAC and NMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1, in Security and Cryptography for Networks\u2014SCN 2006. LNCS, vol. 4116 (2006), pp. 242\u2013256"},{"key":"9095_CR21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"573","DOI":"10.1007\/978-3-642-13190-5_29","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2010","author":"J. Lee","year":"2010","unstructured":"J. Lee, J.P. Steinberger, Multi-property-preserving domain extension using polynomial-based modes of operation, in Advances in Cryptology\u2014EUROCRYPT 2010. LNCS, vol. 6110 (2010), pp. 573\u2013596"},{"key":"9095_CR22","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1007\/11593447_26","volume-title":"Advances in Cryptology\u2014ASIACRYPT 2005","author":"S. Lucks","year":"2005","unstructured":"S. Lucks, A failure-friendly design principle for hash functions, in Advances in Cryptology\u2014ASIACRYPT 2005. LNCS, vol. 3788 (2005), pp. 474\u2013494"},{"key":"9095_CR23","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography\u2014TCC 2004","author":"U.M. Maurer","year":"2004","unstructured":"U.M. Maurer, R. Renner, C. Holenstein, Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology, in Theory of Cryptography\u2014TCC 2004. LNCS, vol. 2951 (2004), pp. 21\u201339"},{"key":"9095_CR24","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"472","DOI":"10.1007\/11523468_39","volume-title":"Automata, Languages and Programming\u2014ICALP 2005","author":"U. Maurer","year":"2005","unstructured":"U. Maurer, J. Sj\u00f6din, Single-key AIL-MACs from any FIL-MAC, in Automata, Languages and Programming\u2014ICALP 2005. LNCS, vol. 3580 (2005), pp. 472\u2013484"},{"key":"9095_CR25","doi-asserted-by":"publisher","DOI":"10.1201\/9781439821916","volume-title":"Handbook of Applied Cryptography","author":"A.J. Menezes","year":"1996","unstructured":"A.J. Menezes, P.C. van Oorschot, S.A. Vanstone, Handbook of Applied Cryptography (CRC Press, Boca Raton, 1996)"},{"key":"9095_CR26","series-title":"LNCS","first-page":"428","volume-title":"Advances in Cryptology\u2014CRYPTO\u201989","author":"R. Merkle","year":"1989","unstructured":"R. Merkle, One way hash functions and DES, in Advances in Cryptology\u2014CRYPTO\u201989. LNCS, vol. 435 (1989), pp. 428\u2013446"},{"key":"9095_CR27","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/11596219_7","volume-title":"Progress in Cryptology\u2014INDOCRYPT 2005","author":"M. Nandi","year":"2005","unstructured":"M. Nandi, Towards optimal double-length hash functions, in Progress in Cryptology\u2014INDOCRYPT 2005. LNCS, vol. 3797 (2005), pp. 77\u201389"},{"key":"9095_CR28","series-title":"LNCS","doi-asserted-by":"crossref","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology\u2014CRYPTO\u201993","author":"B. Preneel","year":"1994","unstructured":"B. Preneel, R. Govaerts, J. Vandewalle, Hash functions based on block ciphers: a synthetic approach, in Advances in Cryptology\u2014CRYPTO\u201993. LNCS, vol. 773 (1994), pp. 368\u2013378"},{"key":"9095_CR29","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-540-25937-4_24","volume-title":"Fast Software Encryption\u2014FSE 2004","author":"P. Rogaway","year":"2004","unstructured":"P. Rogaway, T. Shrimpton, Cryptographic hash-function basics: definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance, in Fast Software Encryption\u2014FSE 2004. LNCS, vol. 3017 (2004), pp. 371\u2013388"},{"issue":"5","key":"9095_CR30","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1145\/141809.141812","volume":"22","author":"G. Tsudik","year":"1992","unstructured":"G. Tsudik, Message authentication with one-way hash functions. ACM Comput. Commun. Rev.\n                           22(5), 29\u201338 (1992)","journal-title":"ACM Comput. Commun. Rev."},{"key":"9095_CR31","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"242","DOI":"10.1007\/978-3-642-01001-9_14","volume-title":"Advances in Cryptology\u2014EUROCRYPT 2009","author":"K. Yasuda","year":"2009","unstructured":"K. Yasuda, A double-piped mode of operation for MACs, PRFs and PROs: security beyond the birthday barrier, in Advances in Cryptology\u2014EUROCRYPT 2009. LNCS, vol. 5479 (2009), pp. 242\u2013259"},{"key":"9095_CR32","series-title":"LNCS","first-page":"443","volume-title":"Information Security\u2014ISC 2009","author":"K. Yasuda","year":"2009","unstructured":"K. Yasuda, HMAC without the \u201csecond\u201d key, in Information Security\u2014ISC 2009. LNCS, vol. 5735 (2009), pp. 443\u2013458"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-010-9095-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-010-9095-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-010-9095-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-010-9095-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T08:49:37Z","timestamp":1586335777000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-010-9095-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,12,11]]},"references-count":32,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2012,4]]}},"alternative-id":["9095"],"URL":"https:\/\/doi.org\/10.1007\/s00145-010-9095-5","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,12,11]]},"assertion":[{"value":"6 November 2009","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 December 2010","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}