{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T03:17:46Z","timestamp":1769483866322,"version":"3.49.0"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T00:00:00Z","timestamp":1766188800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T00:00:00Z","timestamp":1766188800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"CyberSecurity Research Flanders","award":["VR20192203"],"award-info":[{"award-number":["VR20192203"]}]},{"name":"Research Council KU Leuven C1 on Security and Privacy for Cyber-Physical Systems and the Internet of Things","award":["C16\/15\/058"],"award-info":[{"award-number":["C16\/15\/058"]}]},{"name":"FWO Project","award":["G.0835.16"],"award-info":[{"award-number":["G.0835.16"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2026,1]]},"DOI":"10.1007\/s10623-025-01742-5","type":"journal-article","created":{"date-parts":[[2025,12,20]],"date-time":"2025-12-20T04:24:54Z","timestamp":1766204694000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Generalized indifferentiable sponge and its application to Polygon Miden VM"],"prefix":"10.1007","volume":"94","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6091-4857","authenticated-orcid":false,"given":"Tomer","family":"Ashur","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0843-4885","authenticated-orcid":false,"given":"Amit Singh","family":"Bhati","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,12,20]]},"reference":[{"key":"1742_CR1","doi-asserted-by":"crossref","unstructured":"Albrecht M., Grassi L., Rechberger C., Roy A., Tiessen T.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: International Conference on the Theory and Application of Cryptology and Information Security, 2016, pp. 191\u2013219. Springer (2016).","DOI":"10.1007\/978-3-662-53887-6_7"},{"issue":"3","key":"1742_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.46586\/tosc.v2020.i3.1-45","volume":"2020","author":"A Aly","year":"2020","unstructured":"Aly A., Ashur T., Ben-Sasson E., Dhooghe S., Szepieniec A.: Design of symmetric-key primitives for advanced cryptographic protocols. IACR Trans. Symmetric Cryptol. 2020(3), 1\u201345 (2020).","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1742_CR3","doi-asserted-by":"crossref","unstructured":"Andreeva E., Bhattacharyya R., Roy A.: Compactness of hashing modes and efficiency beyond Merkle tree. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques\u2014EUROCRYPT, 2021, pp. 92\u2013123. Springer (2021).","DOI":"10.1007\/978-3-030-77886-6_4"},{"key":"1742_CR4","doi-asserted-by":"crossref","unstructured":"Andreeva E., Bouillaguet C., Fouque P.A., Hoch J.J., Kelsey J., Shamir A., Zimmer S.: Second preimage attacks on dithered hash functions. In: Advances in Cryptology\u2014EUROCRYPT 2008: 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings 27, Istanbul, Turkey, 13\u201317 April 2008, pp. 270\u2013288. Springer (2008).","DOI":"10.1007\/978-3-540-78967-3_16"},{"key":"1742_CR5","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/s10207-012-0157-6","volume":"11","author":"E Andreeva","year":"2012","unstructured":"Andreeva E., Mennink B., Preneel B.: The Parazoa family: generalizing the sponge hash functions. Int. J. Inf. Secur. 11, 149\u2013165 (2012).","journal-title":"Int. J. Inf. Secur."},{"key":"1742_CR6","unstructured":"Ashur T., Bhati A.S., Kindi A., Mahzoun M.: XHash8 and XHash12: Efficient STARK-Friendly Hash Functions. Cryptology ePrint Archive (2023)."},{"key":"1742_CR7","unstructured":"Becker G.: Merkle Signature Schemes, Merkle Trees and Their Cryptanalysis. Technical Report 12, p. 19. Ruhr-University, Bochum (2008)."},{"key":"1742_CR8","unstructured":"Bellare M., Rogaway P.: Code-based game-playing proofs and the security of triple encryption. In: EUROCRYPT 2006, 2006 (2006)."},{"key":"1742_CR9","unstructured":"Ben-Sasson E., Bentov I., Horesh Y., Riabzev M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive (2018)."},{"key":"1742_CR10","unstructured":"Bertoni G., Daemen J., Peeters M., Van Assche G.: Sponge functions. In: ECRYPT Hash Workshop, 2007 (2007)."},{"key":"1742_CR11","doi-asserted-by":"crossref","unstructured":"Bertoni G., Daemen J., Peeters M., Van Assche G.: On the indifferentiability of the sponge construction. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques\u2014EUROCRYPT, 2008, pp. 181\u2013197. Springer (2008).","DOI":"10.1007\/978-3-540-78967-3_11"},{"key":"1742_CR12","doi-asserted-by":"crossref","unstructured":"Bhattacharyya R., Mandal A., Nandi M.: Security analysis of the mode of JH hash function. In: Fast Software Encryption: 17th International Workshop, FSE 2010, Revised Selected Papers 17, Seoul, Korea, 7\u201310 February 2010, pp. 168\u2013191. Springer (2010).","DOI":"10.1007\/978-3-642-13858-4_10"},{"key":"1742_CR13","doi-asserted-by":"crossref","unstructured":"Chang D., Nandi M.: Improved indifferentiability security analysis of chopMD hash function. In: Fast Software Encryption\u2014FSE, 2008, pp. 429\u2013443. Springer (2008).","DOI":"10.1007\/978-3-540-71039-4_27"},{"key":"1742_CR14","doi-asserted-by":"crossref","unstructured":"Coron J.S., Dodis Y., Malinaud C., Puniya P.: Merkle\u2013Damg\u00e5rd revisited: how to construct a hash function. In: Advances in Cryptology\u2014CRYPTO 2005: 25th Annual International Cryptology Conference, Proceedings 25, Santa Barbara, California, USA, 14\u201318 August 2005, pp. 430\u2013448. Springer (2005).","DOI":"10.1007\/11535218_26"},{"key":"1742_CR15","doi-asserted-by":"crossref","unstructured":"Damg\u00e5rd I.B.: A design principle for hash functions. In: Conference on the Theory and Application of Cryptology, 1989, pp. 416\u2013427. Springer (1989).","DOI":"10.1007\/0-387-34805-0_39"},{"key":"1742_CR16","doi-asserted-by":"crossref","unstructured":"Gauravaram P., Kelsey J.: Linear-XOR and additive checksums don\u2019t protect Damg\u00e5rd\u2013Merkle hashes from generic attacks. In: Cryptographers\u2019 Track at the RSA Conference, 2008, pp. 36\u201351. Springer (2008).","DOI":"10.1007\/978-3-540-79263-5_3"},{"key":"1742_CR17","doi-asserted-by":"crossref","unstructured":"Gorski M., Lucks S., Peyrin T.: Slide attacks on a class of hash functions. In: Advances in Cryptology\u2014ASIACRYPT, 2008, pp. 143\u2013160. Springer (2008).","DOI":"10.1007\/978-3-540-89255-7_10"},{"issue":"3","key":"1742_CR18","doi-asserted-by":"publisher","first-page":"44","DOI":"10.46586\/tosc.v2024.i3.44-83","volume":"2024","author":"L Grassi","year":"2024","unstructured":"Grassi L., Khovratovich D., L\u00fcftenegger R., Rechberger C., Schofnegger M., Walch R.: Monolith: circuit-friendly hash functions with new nonlinear layers for fast and constant-time implementations. IACR Trans. Symmetric Cryptol. 2024(3), 44\u201383 (2024).","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1742_CR19","unstructured":"Grassi L., Khovratovich D., Rechberger C., Roy A., Schofnegger M.: POSEIDON: a new hash function for Zero-Knowledge proof systems. In: 30th USENIX Security Symposium, 2021, pp. 519\u2013535 (2021)."},{"key":"1742_CR20","doi-asserted-by":"crossref","unstructured":"Halevi S., Krawczyk H.: Strengthening digital signatures via randomized hashing. In: Annual International Cryptology Conference, 2006, pp. 41\u201359. Springer (2006).","DOI":"10.1007\/11818175_3"},{"key":"1742_CR21","doi-asserted-by":"crossref","unstructured":"Hoch J.J., Shamir A.: Breaking the ICE\u2014finding multicollisions in iterated concatenated and expanded (ICE) hash functions. In: Fast Software Encryption: 13th International Workshop, FSE 2006, Revised Selected Papers 13, Graz, Austria, 15\u201317 March 2006, pp. 179\u2013194. Springer (2006).","DOI":"10.1007\/11799313_12"},{"key":"1742_CR22","doi-asserted-by":"crossref","unstructured":"Joux A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Annual International Cryptology Conference, 2004, pp. 306\u2013316. Springer (2004).","DOI":"10.1007\/978-3-540-28628-8_19"},{"key":"1742_CR23","doi-asserted-by":"crossref","unstructured":"Kelsey J., Kohno T.: Herding hash functions and the Nostradamus attack. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2006, pp. 183\u2013200. Springer (2006).","DOI":"10.1007\/11761679_12"},{"key":"1742_CR24","doi-asserted-by":"crossref","unstructured":"Kelsey J., Schneier B.: Second preimages on n-bit hash functions for much less than 2 n work. In: Advances in Cryptology\u2014EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings 24, Aarhus, Denmark, 22\u201326 May 2005, pp. 474\u2013490. Springer (2005).","DOI":"10.1007\/11426639_28"},{"key":"1742_CR25","doi-asserted-by":"crossref","unstructured":"Khovratovich D., Beltr\u00e1n M.M., Mennink B.: Generic security of the SAFE API and its applications. In: International Conference on the Theory and Application of Cryptology and Information Security\u2014ASIACRYPT, 2023, pp. 301\u2013327. Springer (2023).","DOI":"10.1007\/978-981-99-8742-9_10"},{"key":"1742_CR26","doi-asserted-by":"crossref","unstructured":"Lucks S.: A failure-friendly design principle for hash functions. In: Advances in Cryptology\u2014ASIACRYPT, 2005, pp. 474\u2013494. Springer (2005).","DOI":"10.1007\/11593447_26"},{"key":"1742_CR27","doi-asserted-by":"crossref","unstructured":"Maurer U., Renner R., Holenstein C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Theory of Cryptography: First Theory of Cryptography Conference, TCC 2004, Proceedings 1, Cambridge, MA, USA, 19\u201321 February 2004, pp. 21\u201339. Springer (2004).","DOI":"10.1007\/978-3-540-24638-1_2"},{"key":"1742_CR28","doi-asserted-by":"crossref","unstructured":"Merkle R.C.: One way hash functions and DES. In: Conference on the Theory and Application of Cryptology, 1989, pp. 428\u2013446. Springer (1989).","DOI":"10.1007\/0-387-34805-0_40"},{"key":"1742_CR29","unstructured":"Miden P. (2023). https:\/\/github.com\/0xPolygonMiden\/crypto\/blob\/next\/benches\/README.md."},{"issue":"2","key":"1742_CR30","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1515\/jmc-2014-0044","volume":"10","author":"D Moody","year":"2016","unstructured":"Moody D., Paul S., Smith-Tone D.: Indifferentiability security of the fast wide pipe hash: breaking the birthday barrier. J. Math. Cryptol. 10(2), 101\u2013133 (2016).","journal-title":"J. Math. Cryptol."},{"key":"1742_CR31","doi-asserted-by":"crossref","unstructured":"Naito Y., Ohta K.: Improved indifferentiable security analysis of PHOTON. In: International Conference on Security and Cryptography for Networks, 2014, pp. 340\u2013357. Springer (2014).","DOI":"10.1007\/978-3-319-10879-7_20"},{"key":"1742_CR32","doi-asserted-by":"crossref","unstructured":"Nandi M., Paul S.: Speeding up the wide-pipe: secure and fast hashing. In: International Conference on Cryptology in India, 2010, pp. 144\u2013162. Springer (2010).","DOI":"10.1007\/978-3-642-17401-8_12"},{"key":"1742_CR33","unstructured":"Szepieniec A., Ashur T., Dhooghe S.: Rescue-Prime: a standard specification (SoK). Cryptology ePrint Archive (2020)."},{"key":"1742_CR34","unstructured":"Wu H.: The hash function JH. Submission to NIST (Round 3), 6 (2011)."}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-025-01742-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10623-025-01742-5","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-025-01742-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,26]],"date-time":"2026-01-26T17:13:12Z","timestamp":1769447592000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10623-025-01742-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,20]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2026,1]]}},"alternative-id":["1742"],"URL":"https:\/\/doi.org\/10.1007\/s10623-025-01742-5","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,20]]},"assertion":[{"value":"5 December 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 November 2025","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 November 2025","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 December 2025","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"9"}}