{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T14:45:43Z","timestamp":1775054743039,"version":"3.50.1"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T00:00:00Z","timestamp":1651017600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T00:00:00Z","timestamp":1651017600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100010418","name":"Institute for Information and Communications Technology Promotion","doi-asserted-by":"publisher","award":["2017-0-00520"],"award-info":[{"award-number":["2017-0-00520"]}],"id":[{"id":"10.13039\/501100010418","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Quantum Inf Process"],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1007\/s11128-022-03499-5","type":"journal-article","created":{"date-parts":[[2022,4,27]],"date-time":"2022-04-27T09:03:09Z","timestamp":1651050189000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Quantum cryptanalysis of the full AES-256-based Davies\u2013Meyer, Hirose and MJH hash functions"],"prefix":"10.1007","volume":"21","author":[{"given":"Seungjun","family":"Baek","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sehee","family":"Cho","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jongsung","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,4,27]]},"reference":[{"key":"3499_CR1","doi-asserted-by":"crossref","unstructured":"Banegas, G., Bernstein, D.J.: Low-communication parallel quantum multi-target preimage search. In: Anc Jan\u00a0Camenisch, C.A. (ed.) SAC 2017, LNCS, vol. 10719, pp. 325\u2013335. Springer (2017)","DOI":"10.1007\/978-3-319-72565-9_16"},{"key":"3499_CR2","doi-asserted-by":"crossref","unstructured":"Biryukov, A., Khovratovich, D., Nikolic, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009, LNCS, vol. 5677, pp. 231\u2013249. Springer (2009)","DOI":"10.1007\/978-3-642-03356-8_14"},{"key":"3499_CR3","doi-asserted-by":"crossref","unstructured":"Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002, LNCS, vol. 2442, pp. 320\u2013335. Springer (2002)","DOI":"10.1007\/3-540-45708-9_21"},{"key":"3499_CR4","doi-asserted-by":"crossref","unstructured":"Boneh, D., Dagdelen, \u00d6., Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random oracles in a quantum world. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011, LNCS, vol. 7073, pp. 41\u201369. Springer (2011)","DOI":"10.1007\/978-3-642-25385-0_3"},{"issue":"2","key":"3499_CR5","doi-asserted-by":"publisher","first-page":"55","DOI":"10.46586\/tosc.v2019.i2.55-93","volume":"2019","author":"X Bonnetain","year":"2019","unstructured":"Bonnetain, X., Naya-Plasencia, M., Schrottenloher, A.: Quantum security analysis of AES. IACR Trans. Symmetr. Cryptol. 2019(2), 55\u201393 (2019)","journal-title":"IACR Trans. Symmetr. Cryptol."},{"issue":"4\u20135","key":"3499_CR6","doi-asserted-by":"publisher","first-page":"493","DOI":"10.1002\/(SICI)1521-3978(199806)46:4\/5<493::AID-PROP493>3.0.CO;2-P","volume":"46","author":"M Boyer","year":"1998","unstructured":"Boyer, M., Brassard, G., H\u00f8yer, P., Tapp, A.: Tight bounds on quantum searching. Fortschr. Phys.: Progr. Phys. 46(4\u20135), 493\u2013505 (1998)","journal-title":"Fortschr. Phys.: Progr. Phys."},{"key":"3499_CR7","unstructured":"Brachtl, B.O., Coppersmith, D., Hyden, M.M., Matyas\u00a0Jr, S.M., Meyer, C.H., Oseas, J., Pilpel, S., Schilling, M.: Data authentication using modification detection codes based on a public one way encryption function (1990). US Patent 4,908,861"},{"key":"3499_CR8","doi-asserted-by":"crossref","unstructured":"Brassard, G., H\u00f8yer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Lucchesi, C.L., Moura, A.V. (eds.) LATIN 1998, LNCS, vol. 1380, pp. 163\u2013169. Springer (1998)","DOI":"10.1007\/BFb0054319"},{"key":"3499_CR9","doi-asserted-by":"crossref","unstructured":"Chailloux, A., Naya-Plasencia, M., Schrottenloher, A.: An efficient quantum collision search algorithm and implications on symmetric cryptography. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, LNCS, vol. 10625, pp. 211\u2013240. Springer (2017)","DOI":"10.1007\/978-3-319-70697-9_8"},{"key":"3499_CR10","first-page":"478","volume":"2006","author":"D Chang","year":"2006","unstructured":"Chang, D.: Near-collision attack and collision-attack on double block length compression functions based on the block cipher idea. IACR Cryptol. ePrint Arch. 2006, 478 (2006)","journal-title":"IACR Cryptol. ePrint Arch."},{"issue":"1","key":"3499_CR11","doi-asserted-by":"publisher","first-page":"316","DOI":"10.46586\/tosc.v2021.i1.316-336","volume":"2021","author":"AK Chauhan","year":"2021","unstructured":"Chauhan, A.K., Kumar, A., Sanadhya, S.K.: Quantum free-start collision attacks on double block length hashing with round-reduced AES-256. IACR Trans. Symmetr. Cryptol. 2021(1), 316\u2013336 (2021)","journal-title":"IACR Trans. Symmetr. Cryptol."},{"issue":"1","key":"3499_CR12","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1587\/transfun.E99.A.14","volume":"99","author":"J Chen","year":"2016","unstructured":"Chen, J., Hirose, S., Kuwakado, H., Miyaji, A.: A collision attack on a double-block-length compression function instantiated with 8-\/9-round AES-256. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 99(1), 14\u201321 (2016)","journal-title":"IEICE Trans. Fundam. Electron. Commun. Comput. Sci."},{"issue":"12","key":"3499_CR13","doi-asserted-by":"publisher","first-page":"2703","DOI":"10.1007\/s10623-018-0470-9","volume":"86","author":"B Cogliati","year":"2018","unstructured":"Cogliati, B., Seurin, Y.: Analysis of the single-permutation encrypted Davies\u2013Meyer construction. Des. Codes Crypt. 86(12), 2703\u20132723 (2018)","journal-title":"Des. Codes Crypt."},{"key":"3499_CR14","doi-asserted-by":"crossref","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael: AES\u2014The Advanced Encryption Standard. Information Security and Cryptography. Springer (2002)","DOI":"10.1007\/978-3-662-04722-4"},{"key":"3499_CR15","doi-asserted-by":"crossref","unstructured":"Dong, X., Li, Z., Wang, X.: Quantum cryptanalysis on some generalized feistel schemes. Sci. China Inf. Sci. 62(2), 22501:1\u201322501:12 (2019)","DOI":"10.1007\/s11432-017-9436-7"},{"key":"3499_CR16","doi-asserted-by":"crossref","unstructured":"Dong, X., Sun, S., Shi, D., Gao, F., Wang, X., Hu, L.: Quantum collision attacks on AES-like hashing with low quantum random access memories. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, LNCS, vol. 12492, pp. 727\u2013757. Springer (2020)","DOI":"10.1007\/978-3-030-64834-3_25"},{"key":"3499_CR17","doi-asserted-by":"crossref","unstructured":"Fleischmann, E., Forler, C., Lucks, S.: The collision security of MDC-4. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012, LNCS, vol. 7374, pp. 252\u2013269. Springer (2012)","DOI":"10.1007\/978-3-642-31410-0_16"},{"key":"3499_CR18","first-page":"261","volume":"2009","author":"E Fleischmann","year":"2009","unstructured":"Fleischmann, E., Gorski, M., Lucks, S.: Security of cyclic double block length hash functions including abreast-DM. IACR Cryptol. ePrint Arch. 2009, 261 (2009)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"3499_CR19","unstructured":"Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Miller, G.L. (ed.) Proceedings of the 28th Annual ACM Symposium on the Theory of Computing, Philadelphia, Pennsylvania, USA, May 22\u201324, 1996, pp. 212\u2013219. ACM (1996)"},{"key":"3499_CR20","doi-asserted-by":"crossref","unstructured":"Hirose, S.: Some plausible constructions of double-block-length hash functions. In: Robshaw, M.J.B. (ed.) FSE 2006, LNCS, vol. 4047, pp. 210\u2013225. Springer (2006)","DOI":"10.1007\/11799313_14"},{"issue":"22","key":"3499_CR21","doi-asserted-by":"publisher","first-page":"14525","DOI":"10.1007\/s11042-015-2769-0","volume":"75","author":"D Hong","year":"2016","unstructured":"Hong, D., Kim, D., Kwon, D., Kim, J.: Improved preimage attacks on hash modes of 8-round AES-256. Multimedia Tools Appl. 75(22), 14525\u201314539 (2016)","journal-title":"Multimedia Tools Appl."},{"key":"3499_CR22","first-page":"634","volume":"2012","author":"D Hong","year":"2012","unstructured":"Hong, D., Kwon, D.: Cryptanalysis of double-block-length hash mode MJH. IACR Cryptol. ePrint Arch. 2012, 634 (2012)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"3499_CR23","doi-asserted-by":"crossref","unstructured":"Hong, D., Kwon, D.: Cryptanalysis of double-block-length hash modes MDC-4 and MJH. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 97-A(8), 1747\u20131753 (2014)","DOI":"10.1587\/transfun.E97.A.1747"},{"key":"3499_CR24","doi-asserted-by":"crossref","unstructured":"Hosoyamada, A., Aoki, K.: On quantum related-key attacks on iterated even-Mansour ciphers. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 102-A(1), 27\u201334 (2019)","DOI":"10.1587\/transfun.E102.A.27"},{"key":"3499_CR25","doi-asserted-by":"crossref","unstructured":"Hosoyamada, A., Sasaki, Y.: Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, LNCS, vol. 12106, pp. 249\u2013279. Springer (2020)","DOI":"10.1007\/978-3-030-45724-2_9"},{"key":"3499_CR26","first-page":"292","volume":"2021","author":"A Hosoyamada","year":"2021","unstructured":"Hosoyamada, A., Sasaki, Y.: Quantum collision attacks on reduced SHA-256 and SHA-512. IACR Cryptol. ePrint Arch. 2021, 292 (2021)","journal-title":"IACR Cryptol. ePrint Arch."},{"issue":"1","key":"3499_CR27","doi-asserted-by":"publisher","first-page":"71","DOI":"10.46586\/tosc.v2016.i1.71-94","volume":"2016","author":"M Kaplan","year":"2016","unstructured":"Kaplan, M., Leurent, G., Leverrier, A., Naya-Plasencia, M.: Quantum differential and linear cryptanalysis. IACR Trans. Symmetr. Cryptol. 2016(1), 71\u201394 (2016)","journal-title":"IACR Trans. Symmetr. Cryptol."},{"key":"3499_CR28","doi-asserted-by":"crossref","unstructured":"Khovratovich, D., Biryukov, A., Nikolic, I.: Speeding up collision search for byte-oriented hash functions. In: Cryptographers\u2019 Track at the RSA Conference, pp. 164\u2013181. Springer (2009)","DOI":"10.1007\/978-3-642-00862-7_11"},{"issue":"3","key":"3499_CR29","doi-asserted-by":"publisher","first-page":"3107","DOI":"10.1007\/s11042-018-5630-4","volume":"78","author":"H Kim","year":"2019","unstructured":"Kim, H., Yi, O., Kim, J., Kim, D. w: Cryptanalysis of hash functions based on blockciphers suitable for iot service platform security. Multimedia Tools Appl. 78(3), 3107\u20133130 (2019)","journal-title":"Multimedia Tools Appl."},{"issue":"2","key":"3499_CR30","doi-asserted-by":"publisher","first-page":"489","DOI":"10.1007\/s12083-019-00734-2","volume":"13","author":"H Kim","year":"2020","unstructured":"Kim, H., Park, M., Cho, J., Kim, J., Kim, J.: Weaknesses of some lightweight blockciphers suitable for iot systems and their applications in hash modes. Peer Peer Netw. Appl. 13(2), 489\u2013513 (2020)","journal-title":"Peer Peer Netw. Appl."},{"key":"3499_CR31","doi-asserted-by":"crossref","unstructured":"Lai, X., Massey, J.L.: Hash function based on block ciphers. In: R.A. Rueppel (ed.) EUROCRYPT 1992, LNCS, vol. 658, pp. 55\u201370. Springer (1992)","DOI":"10.1007\/3-540-47555-9_5"},{"issue":"2","key":"3499_CR32","first-page":"315","volume":"26","author":"J Lee","year":"2016","unstructured":"Lee, J., Kim, J.: A preimage attack on the MJH hash function. J Korea Inst Inf Secur Cryptol 26(2), 315\u2013318 (2016)","journal-title":"J Korea Inst Inf Secur Cryptol"},{"key":"3499_CR33","doi-asserted-by":"crossref","unstructured":"Lee, J., Stam, M.: MJH: a faster alternative to MDC-2. In: Kiayias, A. (ed.) CT-RSA 2011, LNCS, vol. 6558, pp. 213\u2013236. Springer (2011)","DOI":"10.1007\/978-3-642-19074-2_15"},{"issue":"2","key":"3499_CR34","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/s10623-014-9936-6","volume":"76","author":"J Lee","year":"2015","unstructured":"Lee, J., Stam, M.: MJH: a faster alternative to MDC-2. Des. Codes Cryptogr. 76(2), 179\u2013205 (2015)","journal-title":"Des. Codes Cryptogr."},{"key":"3499_CR35","doi-asserted-by":"crossref","unstructured":"Lee, J., Stam, M., Steinberger, J.P.: The collision security of tandem-DM in the ideal cipher model. In: Rogaway, P. (ed.) CRYPTO 2011, LNCS, vol. 6841, pp. 561\u2013577. Springer (2011)","DOI":"10.1007\/978-3-642-22792-9_32"},{"key":"3499_CR36","unstructured":"Meyer, C.H., Schilling, M.: Secure program load with manipulation detection code. In: Proc. Securicom, vol.\u00a088, pp. 111\u2013130 (1988)"},{"issue":"3","key":"3499_CR37","first-page":"497","volume":"14","author":"D Moon","year":"2013","unstructured":"Moon, D., Hong, D., Koo, B., Hong, S.: Security evaluation of double-block-length hash modes with preimage attacks on PGV schemes. J Internet Technol 14(3), 497\u2013508 (2013)","journal-title":"J Internet Technol"},{"key":"3499_CR38","unstructured":"Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information (10th Anniversary edition). Cambridge University Press (2016)"},{"key":"3499_CR39","unstructured":"NIST: Post-quantum cryptography standardization. https:\/\/csrc.nist.gov\/Projects\/post-quantum-cryptography\/Post-Quantum-Cryptography-Standardization. Accessed 26 Sept 2019"},{"issue":"1","key":"3499_CR40","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/PL00003816","volume":"12","author":"PC van Oorschot","year":"1999","unstructured":"van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1\u201328 (1999)","journal-title":"J. Cryptol."},{"key":"3499_CR41","doi-asserted-by":"crossref","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993, LNCS, vol. 773, pp. 368\u2013378. Springer (1993)","DOI":"10.1007\/3-540-48329-2_31"},{"key":"3499_CR42","doi-asserted-by":"crossref","unstructured":"Sasaki, Y.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: FSE 2011, pp. 378\u2013396. Springer (2011)","DOI":"10.1007\/978-3-642-21702-9_22"},{"issue":"2","key":"3499_CR43","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1137\/S0036144598347011","volume":"41","author":"PW Shor","year":"1999","unstructured":"Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303\u2013332 (1999)","journal-title":"SIAM Rev."},{"key":"3499_CR44","doi-asserted-by":"crossref","unstructured":"Steinberger, J.P.: The collision intractability of MDC-2 in the ideal-cipher model. In: Naor, M. (ed.) EUROCRYPT 2007, LNCS, vol. 4515, pp. 34\u201351. Springer (2007)","DOI":"10.1007\/978-3-540-72540-4_3"},{"key":"3499_CR45","doi-asserted-by":"crossref","unstructured":"Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005, LNCS, vol. 3621, pp. 17\u201336. Springer (2005)","DOI":"10.1007\/11535218_2"},{"key":"3499_CR46","doi-asserted-by":"crossref","unstructured":"Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005, LNCS, vol. 3494, pp. 19\u201335. Springer (2005)","DOI":"10.1007\/11426639_2"},{"key":"3499_CR47","doi-asserted-by":"crossref","unstructured":"Wei, L., Peyrin, T., Soko\u0142owski, P., Ling, S., Pieprzyk, J., Wang, H.: On the (in) security of idea in various hashing modes. In: FSE 2012, pp. 163\u2013179. Springer (2012)","DOI":"10.1007\/978-3-642-34047-5_10"},{"key":"3499_CR48","doi-asserted-by":"crossref","unstructured":"Yamakawa, T., Zhandry, M.: Classical vs quantum random oracles. In: Canteaut, A., Standaert, F. (eds.) EUROCRYPT 2021, LNCS, vol. 12697, pp. 568\u2013597. Springer (2021)","DOI":"10.1007\/978-3-030-77886-6_20"}],"container-title":["Quantum Information Processing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11128-022-03499-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11128-022-03499-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11128-022-03499-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,6,8]],"date-time":"2022-06-08T19:09:43Z","timestamp":1654715383000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11128-022-03499-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,27]]},"references-count":48,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2022,5]]}},"alternative-id":["3499"],"URL":"https:\/\/doi.org\/10.1007\/s11128-022-03499-5","relation":{},"ISSN":["1573-1332"],"issn-type":[{"value":"1573-1332","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,27]]},"assertion":[{"value":"13 September 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 March 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 April 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"163"}}