{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T21:10:03Z","timestamp":1748985003654,"version":"3.41.0"},"reference-count":44,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2016,6,3]],"date-time":"2016-06-03T00:00:00Z","timestamp":1464912000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2017,5]]},"DOI":"10.1007\/s10623-016-0227-2","type":"journal-article","created":{"date-parts":[[2016,6,3]],"date-time":"2016-06-03T14:39:44Z","timestamp":1464964784000},"page":"357-406","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Optimal collision security in double block length hashing with single length key"],"prefix":"10.1007","volume":"83","author":[{"given":"Bart","family":"Mennink","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,6,3]]},"reference":[{"key":"227_CR1","doi-asserted-by":"crossref","unstructured":"Abed F., Forler C., List E., Lucks S., Wenzel J.: Counter-bDM: a provably secure family of multi-block-length compression functions. In: Progress in Cryptology\u2014AFRICACRYPT 2014. Lecture Notes in Computer Science, vol. 8469, pp. 440\u2013458. Springer, Heidelberg (2014).","DOI":"10.1007\/978-3-319-06734-6_26"},{"key":"227_CR2","doi-asserted-by":"crossref","unstructured":"Andreeva E., Neven G., Preneel B., Shrimpton T.: Seven-property-preserving iterated hashing: ROX. In: Advances in Cryptology\u2014ASIACRYPT 2007. Lecture Notes in Computer Science, vol. 4833, pp. 130\u2013146. Springer, Heidelberg (2007).","DOI":"10.1007\/978-3-540-76900-2_8"},{"key":"227_CR3","doi-asserted-by":"crossref","unstructured":"Armknecht F., Fleischmann E., Krause M., Lee J., Stam M., Steinberger J.: The preimage security of double-block-lengthcompression functions. In: Advances in Cryptology\u2014ASIACRYPT 2011. Lecture Notes in Computer Science, vol. 7073, pp. 233\u2013251. Springer, Heidelberg (2011).","DOI":"10.1007\/978-3-642-25385-0_13"},{"key":"227_CR4","doi-asserted-by":"crossref","unstructured":"Bellare M., Ristenpart T.: Multi-property-preserving hash domainextension and the EMD transform. In: Advances in Cryptology\u2014ASIACRYPT 2006. Lecture Notes in Computer Science, vol. 4284, pp. 299\u2013314. Springer, Heidelberg (2006).","DOI":"10.1007\/11935230_20"},{"key":"227_CR5","doi-asserted-by":"crossref","unstructured":"Coron J., Dodis Y., Malinaud C., Puniya P.: Merkle\u2013Damg\u00e5rd revisited: how to construct a hash function. In: Advances in Cryptology\u2014CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 430\u2013448. Springer, Heidelberg (2005).","DOI":"10.1007\/11535218_26"},{"key":"227_CR6","unstructured":"Fleischmann E., Gorski M., Lucks S.: Security of cyclic doubleblock length hash functions. In: IMA International Conference 2009. Lecture Notes in Computer Science, vol. 5921, pp. 153\u2013175. Springer, Heidelberg (2009)."},{"key":"227_CR7","doi-asserted-by":"crossref","unstructured":"Hirose S.: Provably secure double-block-length hash functions in ablack-box model. In: Information Security and Cryptology 2004. Lecture Notes in Computer Science, vol. 3506, pp. 330\u2013342. Springer, Heidelberg (2005).","DOI":"10.1007\/11496618_24"},{"key":"227_CR8","doi-asserted-by":"crossref","unstructured":"Hirose S.: Some plausible constructions of double-block-length hashfunctions. In: Fast Software Encryption 2006. Lecture Notes in Computer Science, vol. 4047, pp. 210\u2013225. Springer, Heidelberg (2006).","DOI":"10.1007\/11799313_14"},{"key":"227_CR9","doi-asserted-by":"crossref","unstructured":"Hirose S., Park J., Yun A.: A simple variant of theMerkle-Damg\u00e5rd scheme with a permutation. In: Advances in Cryptology\u2014ASIACRYPT 2007. Lecture Notes in Computer Science, vol. 4833, pp. 113\u2013129. Springer, Heidelberg (2007).","DOI":"10.1007\/978-3-540-76900-2_7"},{"key":"227_CR10","unstructured":"Hong D., Kwon D.: Cryptanalysis of some double-block-length hashmodes of block ciphers with $$n$$ n -bit block and $$n$$ n -bit key.Cryptology ePrint Archive, Report 2013\/174 (2013)."},{"key":"227_CR11","unstructured":"Jetchev D., \u00d6zen O., Stam M.: Collisions are not incidental:A compression function exploiting discrete geometry. In: Theory of Cryptography Conference 2012. Lecture Notes in Computer Science, vol. 7194, pp. 303\u2013320. Springer, Heidelberg (2012)."},{"key":"227_CR12","doi-asserted-by":"crossref","unstructured":"Kuwakado H., Morii M.: Indifferentiability of single-block-lengthand rate-1 compression functions. IEICE Trans. 90-A(10), 2301\u20132308 (2007).","DOI":"10.1093\/ietfec\/e90-a.10.2301"},{"key":"227_CR13","unstructured":"Lai X., Massey J.: Hash function based on block ciphers. In: Advances in Cryptology\u2014EUROCRYPT \u201992. Lecture Notes in Computer Science, vol. 658, pp. 55\u201370. Springer, Heidelberg (1992)."},{"key":"227_CR14","unstructured":"Lee J., Kwon D.: The security of Abreast-DM in the ideal cipher model. Cryptology ePrint Archive, Report 2009\/225 (2009)."},{"key":"227_CR15","doi-asserted-by":"crossref","unstructured":"Lee J., Stam M.: MJH: A faster alternative to MDC-2. In: CT-RSA 2011. Lecture Notes in Computer Science, vol. 6558, pp. 213\u2013236. Springer, Heidelberg (2011).","DOI":"10.1007\/978-3-642-19074-2_15"},{"key":"227_CR16","doi-asserted-by":"crossref","unstructured":"Lee J., Stam M.: MJH: A faster alternative to MDC-2. Des. Codes Cryptogr. 76(2), 179\u2013205 (2015).","DOI":"10.1007\/s10623-014-9936-6"},{"key":"227_CR17","doi-asserted-by":"crossref","unstructured":"Lee J., Stam M., Steinberger J.: The collision security of Tandem-DM in the ideal cipher model. Cryptology ePrint Archive, Report 2010\/409 (2010), full version of [18].","DOI":"10.1007\/978-3-642-22792-9_32"},{"key":"227_CR18","doi-asserted-by":"crossref","unstructured":"Lee J., Stam M., Steinberger J.: The collision security ofTandem-DM in the ideal cipher model. In: Advances in Cryptology\u2014CRYPTO 2011. Lecture Notes in Computer Science, vol. 6841, pp. 561\u2013577. Springer, Heidelberg (2011).","DOI":"10.1007\/978-3-642-22792-9_32"},{"key":"227_CR19","unstructured":"Lee J., Stam M., Steinberger J.: The preimage security of double-block-length compression functions. Cryptology ePrint Archive, Report 2011\/210 (2011)."},{"key":"227_CR20","doi-asserted-by":"crossref","unstructured":"Lee J., Steinberger J.: Multi-property-preserving domain extensionusing polynomial-based modes of operation. In: Advances in Cryptology\u2014EUROCRYPT 2010. Lecture Notes in Computer Science, vol. 6110, pp. 573\u2013596. Springer, Heidelberg (2010).","DOI":"10.1007\/978-3-642-13190-5_29"},{"key":"227_CR21","doi-asserted-by":"crossref","unstructured":"Lucks S.: A failure-friendly design principle for hash functions. In: Advances in Cryptology\u2014ASIACRYPT 2005. Lecture Notes in Computer Science, vol. 3788, pp. 474\u2013494. Springer, Heidelberg (2005).","DOI":"10.1007\/11593447_26"},{"key":"227_CR22","unstructured":"Lucks S.: A collision-resistant rate-1 double-block-length hashfunction, In: Symmetric Cryptography, Dagstuhl Seminar Proceedings 07021 (2007)."},{"key":"227_CR23","unstructured":"Maurer U., Renner R., Holenstein C.: Indifferentiability,impossibility results on reductions, and applications to the randomoracle methodology. In: Theory of Cryptography Conference 2004. Lecture Notes in Computer Science, vol. 2951, pp. 21\u201339. Springer, Heidelberg (2004)."},{"key":"227_CR24","doi-asserted-by":"crossref","unstructured":"Maurer U., Tessaro S.: Domain extension of public randomfunctions: beyond the birthday barrier. In: Advances in Cryptology\u2014CRYPTO 2007. Lecture Notes in Computer Science, vol. 4622, pp. 187\u2013204. Springer, Heidelberg (2007).","DOI":"10.1007\/978-3-540-74143-5_11"},{"key":"227_CR25","doi-asserted-by":"crossref","unstructured":"Mennink B.: Optimal collision security in double block lengthhashing with single length key. In: Advances in Cryptology\u2014ASIACRYPT 2012. Lecture Notes in Computer Science, vol. 7658, pp. 526\u2013543. Springer, Heidelberg (2012).","DOI":"10.1007\/978-3-642-34961-4_32"},{"key":"227_CR26","unstructured":"Mennink B.: Indifferentiability of double length compressionfunctions. In: IMA International Conference on Cryptography and Coding\u2014IMACC 2013. Lecture Notes in Computer Science, vol. 8308, pp. 232\u2013251. Springer, Heidelberg (2013)."},{"key":"227_CR27","doi-asserted-by":"crossref","unstructured":"Mennink B.: On the collision and preimage security of MDC-4 inthe ideal cipher model. Des. Codes Cryptogr. 73(1), 121\u2013150 (2014).","DOI":"10.1007\/s10623-013-9813-8"},{"key":"227_CR28","doi-asserted-by":"crossref","unstructured":"Mennink B., Preneel B.: Hash functions based on threepermutations: a generic security analysis. In: Advances in Cryptology\u2014CRYPTO 2012. Lecture Notes in Computer Science, vol. 7417, pp. 330\u2013347. Springer, Heidelberg (2012).","DOI":"10.1007\/978-3-642-32009-5_20"},{"key":"227_CR29","unstructured":"Meyer C., Schilling M.: Secure program load with manipulation detection code. In: Proceedings of the Securicom, pp. 111\u2013130 (1988)."},{"key":"227_CR30","unstructured":"Miyaji A., Rashed M.: A new $$(n,n)$$ ( n , n ) blockcipher hash functionusing Feistel network: apposite for RFID security. In: Computational Intelligence in Data Mining, vol. 3. SmartInnovation, Systems and Technologies, vol.\u00a033, pp. 519\u2013528. Springer, India (2015)."},{"key":"227_CR31","doi-asserted-by":"crossref","unstructured":"Nandi M.: Towards optimal double-length hash functions. In: Progress in Cryptology\u2014INDOCRYPT 2005. Lecture Notes in Computer Science, vol. 3797, pp. 77\u201389. Springer, Heidelberg (2009).","DOI":"10.1007\/11596219_7"},{"key":"227_CR32","doi-asserted-by":"crossref","unstructured":"Nandi M., Lee W., Sakurai K., Lee S.: Security analysis of a2\/3-rate double length compression function in the black-box model.In: Fast Software Encryption 2005. Lecture Notes in Computer Science, vol. 3557, pp. 243\u2013254. Springer, Heidelberg (2005).","DOI":"10.1007\/11502760_16"},{"key":"227_CR33","unstructured":"\u00d6zen O.: Design and Analysis of Multi-Block-Length HashFunctions. Ph.D. thesis, \u00c9cole Polytechnique F\u00e9d\u00e9rale deLausanne, Lausanne (2012)."},{"key":"227_CR34","doi-asserted-by":"crossref","unstructured":"\u00d6zen O., Stam M.: Another glance at double-length hashing. In: IMA International Conference 2009. Lecture Notes in Computer Science, vol. 5921, pp. 176\u2013201. Springer, Heidelberg (2009).","DOI":"10.1007\/978-3-642-10868-6_11"},{"key":"227_CR35","doi-asserted-by":"crossref","unstructured":"Peyrin T., Gilbert H., Muller F., Robshaw M.: Combining compression functions and block cipher-based hash functions. In: Advances in Cryptology\u2014ASIACRYPT 2006. Lecture Notes in Computer Science, vol. 4284, pp. 315\u2013331. Springer, Heidelberg (2006).","DOI":"10.1007\/11935230_21"},{"key":"227_CR36","doi-asserted-by":"crossref","unstructured":"Preneel B., Govaerts R., Vandewalle J.: Hash functions based onblock ciphers: a synthetic approach. In: Advances in Cryptology\u2014CRYPTO \u201993. Lecture Notes in Computer Science, vol. 773, pp. 368\u2013378. Springer, Heidelberg (1993).","DOI":"10.1007\/3-540-48329-2_31"},{"key":"227_CR37","doi-asserted-by":"crossref","unstructured":"Ristenpart T., Shacham H., Shrimpton T.: Careful withcomposition: limitations of the indifferentiability framework. In: Advances in Cryptology\u2014EUROCRYPT 2011. Lecture Notes in Computer Science, vol. 6632, pp. 487\u2013506. Springer, Heidelberg (2011).","DOI":"10.1007\/978-3-642-20465-4_27"},{"key":"227_CR38","doi-asserted-by":"crossref","unstructured":"Rogaway P., Shrimpton T.: Cryptographic hash-function basics:Definitions, implications, and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Fast Software Encryption 2004. Lecture Notes in Computer Science, vol. 3017, pp. 371\u2013388. Springer, Heidelberg (2004).","DOI":"10.1007\/978-3-540-25937-4_24"},{"key":"227_CR39","doi-asserted-by":"crossref","unstructured":"Rogaway P., Steinberger J.: Security\/efficiency tradeoffs forpermutation-based hashing. In: Advances in Cryptology\u2014EUROCRYPT 2008. Lecture Notes in Computer Science, vol. 4965, pp. 220\u2013236. Springer, Heidelberg (2008).","DOI":"10.1007\/978-3-540-78967-3_13"},{"key":"227_CR40","doi-asserted-by":"crossref","unstructured":"Stam M.: Beyond uniformity: Better security\/efficiency tradeoffsfor compression functions. In: Advances in Cryptology\u2014CRYPTO 2008. Lecture Notes in Computer Science, vol. 5157, pp. 397\u2013412. Springer, Heidelberg (2008).","DOI":"10.1007\/978-3-540-85174-5_22"},{"key":"227_CR41","doi-asserted-by":"crossref","unstructured":"Stam M.: Blockcipher-based hashing revisited. In: Fast Software Encryption 2009. Lecture Notes in Computer Science, vol. 5665, pp. 67\u201383. Springer, Heidelberg (2009).","DOI":"10.1007\/978-3-642-03317-9_5"},{"key":"227_CR42","doi-asserted-by":"crossref","unstructured":"Steinberger J.: The collision intractability of MDC-2 in the ideal-cipher model. In: Advances in Cryptology\u2014EUROCRYPT 2007. Lecture Notes in Computer Science, vol. 4515, pp. 34\u201351. Springer, Heidelberg (2007).","DOI":"10.1007\/978-3-540-72540-4_3"},{"key":"227_CR43","doi-asserted-by":"crossref","unstructured":"Steinberger J.: Stam\u2019s collision resistance conjecture. In: Advances in Cryptology\u2014EUROCRYPT 2010. Lecture Notes in Computer Science, vol. 6110, pp. 597\u2013615. Springer, Heidelberg (2010).","DOI":"10.1007\/978-3-642-13190-5_30"},{"key":"227_CR44","doi-asserted-by":"crossref","unstructured":"Steinberger J., Sun X., Yang Z.: Stam\u2019s conjecture and thresholdphenomena in collision resistance. In: Advances in Cryptology\u2014CRYPTO 2012. Lecture Notes in Computer Science, vol. 7417, pp. 384\u2013405. Springer, Heidelberg (2012).","DOI":"10.1007\/978-3-642-32009-5_23"}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-016-0227-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10623-016-0227-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-016-0227-2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-016-0227-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T20:35:57Z","timestamp":1748982957000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10623-016-0227-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,6,3]]},"references-count":44,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2017,5]]}},"alternative-id":["227"],"URL":"https:\/\/doi.org\/10.1007\/s10623-016-0227-2","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"type":"print","value":"0925-1022"},{"type":"electronic","value":"1573-7586"}],"subject":[],"published":{"date-parts":[[2016,6,3]]}}}