[1]
M. Bellare, P. Rogaway, The security of triple encryption and a framework for code-based game-playing proofs, in
Advances in Cryptology—Proceedings of EUROCRYPT 2006. Lecture Notes in Computer Science, vol. 4004 (Springer, Berlin, 2006), pp. 409–426
CrossRef[2]
M. Bellare, J. Kilian, P. Rogaway, The security of cipher block chaining message authentication code.
J. Comput. Syst. Sci.
61(3), 362–399 (2000)
MATHCrossRefMathSciNet[3]
G. Bertoni, J. Daemen, M. Peeters, G. Assche, On the indifferentiability of the sponge construction, in
Advances in Cryptology—Proceedings of EUROCRYPT 2008. Lecture Notes in Computer Science, vol. 4965 (Springer, Berlin, 2008), pp. 181–197
CrossRef[4]
A. Biryukov, D. Khovratovich, I. Nikolić, Distinguisher and related-key attack on the full AES-256, in
Advances in Cryptology—Proceedings of CRYPTO 2009. Lecture Notes in Computer Science, vol. 5677 (Springer, Berlin, 2009), pp. 229–247
CrossRef[5]
J. Black, The ideal-cipher model, revisited: an uninstantiable blockcipher-based hash function, in Fast Software Encryption, 13th International Workshop, FSE 2006. Lecture Notes in Computer Science, vol. 4047 (Springer, Berlin, 2006), pp. 328–340
[6]
J. Black, P. Rogaway, T. Shrimpton, Black-box analysis of the block-cipher-based hash-function constructions from PGV, in
Advances in Cryptology—CRYPTO 2002. Lecture Notes in Computer Science, vol. 2442 (Springer, Berlin, 2002), pp. 320–335. Proceedings version of this paper
CrossRef[7]
J. Black, M. Cochran, T. Shrimpton, On the impossibility of highly efficient blockcipher-based hash functions, in
Advances in Cryptology—EUROCRYPT 2005. Lecture Notes in Computer Science, vol. 3494 (Springer, Berlin, 2005), pp. 526–541
CrossRef[8]
J. Black, M. Cochran, T. Shrimpton, On the impossibility of highly-efficient blockcipher-based hash functions.
J. Cryptol.
22(3), 311–329 (2009)
MATHCrossRefMathSciNet[9]
J. Coron, Y. Dodis, C. Malinaud, P. Puniya, Merkle-Damgård revisited: how to construct a hash function, in Advances in Cryptology—CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621 (Springer, Berlin, 2005), pp. 430–448
[10]
I. Damgård, A design principle for hash functions, in Advances in Cryptology—CRYPTO 1989. Lecture Notes in Computer Science, vol. 435 (Springer, Berlin, 1990), pp. 416–427
[11]
Y. Dodis, J. Steinberger, Message authentication codes from unpredictable block ciphers, in
Advances in Cryptology—Proceedings of CRYPTO 2009. Lecture Notes in Computer Science, vol. 5677 (Springer, Berlin, 2009), pp. 267–285
CrossRef[12]
Y. Dodis, T. Ristenpart, T. Shrimpton, Salvaging Merkle–Damgård for practical applications, in
Advances in Cryptology—Proceedings of EUROCRYPT 2009. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 371–388
CrossRef[13]
L. Duo, C. Li, Improved collision and preimage resistance bounds on PGV schemes. Technical Report 2006/462, IACR’s ePrint Archive, 2006
[14]
S. Even, Y. Mansour, A construction of a cipher from a single pseudorandom permutation, in Advances in Cryptology—ASIACRYPT 1991. Lecture Notes in Computer Science, vol. 739 (Springer, Berlin, 1992), pp. 210–224
[15]
E. Fleischmann, M. Gorski, S. Lucks, On the security of tandem-DM, in
Fast Software Encryption, 16th International Workshop, FSE 2009. Lecture Notes in Computer Science, vol. 5665 (Springer, Berlin, 2009), pp. 84–103
CrossRef[16]
E. Fleischmann, M. Gorski, S. Lucks, Security of cyclic double block length hash functions, in Cryptography and Coding, 12th IMA International Conference, Cryptography and Coding 2009. Lecture Notes in Computer Science, vol. 5921 (Springer, Berlin, 2009), pp. 153–175
[17]
S. Hirose, Secure block ciphers are not sufficient for one-way hash functions in the Preneel-Govaerts-Vandewalle model, in
Selected Areas in Cryptography 2002. Lecture Notes in Computer Science, vol. 2595 (Springer, Berlin, 2003), pp. 339–352
CrossRef[18]
S. Hirose, Provably secure double-block-length hash functions in a black-box model, in
Information Security and Cryptology—ICISC 2004. Lecture Notes in Computer Science, vol. 3506 (Springer, Berlin, 2005), pp. 330–342
CrossRef[19]
ISO/IEC 10118-2. Information technology—Security techniques—Hash functions—Hash functions using an n-bit block cipher algorithm. International Organization for Standardization, Geneva, Switzerland, 1994
[20]
J. Kilian, P. Rogaway, How to protect DES against exhaustive key search.
J. Cryptol.
14(1), 17–35 (2001). Earlier version in
CRYPTO 1996
MATHCrossRefMathSciNet[21]
X. Lai, J. Massey, Hash function based on block ciphers, in
Advances in Cryptology—Proceedings of EUROCRYPT 1992. Lecture Notes in Computer Science, vol. 658 (Springer, Berlin, 1992), pp. 55–70
CrossRef[22]
J. Lee, J. Steinberger, Multi-property-preserving domain extension using polynomial-based modes of operation, in Advances in Cryptology—Proceedings of EUROCRYPT 2010. Lecture Notes in Computer Science (Springer, Berlin, 2010)
[23]
S. Lucks, A collision-resistant rate-1 double-block-length hash function, in Symmetric Cryptography, Dagstuhl Seminar Proceedings, no. 07021, Dagstuhl, Germany, 2007. Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany
[24]
S. Matyas, C. Meyer, J. Oseas, Generating strong one-way functions with cryptographic algorithms. IBM Tech. Dis. Bull.
27(10a), 5658–5659 (1985)
[25]
U. Maurer, R. Renner, C. Holenstein, Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology, in
Theory of Cryptography Conference (TCC ’04). Lecture Notes in Computer Science, vol. 2951 (Springer, Berlin, 2004), pp. 21–39
CrossRef[26]
A. Menezes, P. van Oorschot, S. Vanstone,
Handbook of Applied Cryptography (CRC Press, Boca Raton, 1996)
CrossRef[27]
R. Merkle, One way hash functions and DES, in Advances in Cryptology—CRYPTO 1989. Lecture Notes in Computer Science, vol. 435 (Springer, Berlin, 1990), pp. 428–446
[28]
O. Özen, M. Stam, Another glance at double-length hashing, in Cryptography and Coding, 12th IMA International Conference, Cryptography and Coding 2009. Lecture Notes in Computer Science, vol. 5921 (Springer, Berlin, 2009), pp. 176–201
[29]
B. Preneel, Analysis and design of hash functions. PhD thesis, Katholike Universiteit Leuven (Belgium), 1993. Available from Preneel’s homepage
[30]
B. Preneel, R. Govaerts, J. Vandewalle, Hash functions based on block ciphers: a synthetic approach, in Advances in Cryptology—Proceedings of CRYPTO 1993. Lecture Notes in Computer Science, vol. 773 (Springer, Berlin, 1994), pp. 368–378
[31]
M. Rabin, Digitalized signatures, in Foundations of Secure Computation (Academic Press, New York, 1978), pp. 155–168
[32]
R. Rivest, The MD4 message digest algorithm, in Advances in Cryptology—Proceedings of CRYPTO 1900. Lecture Notes in Computer Science, vol. 2442 (Springer, Berlin, 1991), pp. 303–311
[33]
P. Rogaway, T. Shrimpton, Cryptographic hash-function basics: definitions, implications and separations for preimage resistance, second-preimage resistance, and collision resistance, in Fast Software Encryption, 11th International Workshop, FSE 2004. Lecture Notes in Computer Science (Springer, Berlin, 2004), pp. 371–388
[34]
P. Rogaway, J. Steinberger, Constructing cryptographic hash functions from fixed-key blockciphers, in
Advances in Cryptology—Proceedings of CRYPTO 2008. Lecture Notes in Computer Science, vol. 5157 (Springer, Berlin, 2008), pp. 433–450
CrossRef[35]
P. Rogaway, J. Steinberger, Security/efficiency tradeoffs for permutation-based hashing, in
Advances in Cryptology—Proceedings of EUROCRYPT 2008. Lecture Notes in Computer Science, vol. 4965 (Springer, Berlin, 2008), pp. 220–236
CrossRef[36]
C. Shannon, Communication theory of secrecy systems.
Bell Syst. Tech. J.
28(4), 656–715 (1949)
MATHMathSciNet[37]
T. Shrimpton, M. Stam, Building a collision-resistant compression function from non-compressing primitives, in ICALP 2008, Part II, vol. 5126 (Springer, Berlin, 2008), pp. 643–654
[38]
D. Simon, Finding collisions on a one-way street: can secure hash functions be based on general assumptions? in
Advances in Cryptology—Proceedings of EUROCRYPT 1998, vol. 1403. Lecture Notes in Computer Science (Springer, Berlin, 1998), pp. 334–345
CrossRef[39]
M. Stam, Beyond uniformity: better security/efficiency tradeoffs for compression functions, in
Advances in Cryptology—Proceedings of CRYPTO 2008. Lecture Notes in Computer Science, vol. 5157 (Springer, Berlin, 2008), pp. 397–412
CrossRef[40]
M. Stam, Block cipher based hashing revisited, in
Fast Software Encryption 2009. Lecture Notes in Computer Science, vol. 5665 (Springer, Berlin, 2009), pp. 67–83
CrossRef[41]
J. Steinberger, The collision intractability of MDC-2 in the ideal-cipher model, in
Advances in Cryptology—Proceedings of EUROCRYPT 2007. Lecture Notes in Computer Science, vol. 4515 (Springer, Berlin, 2007), pp. 34–51
CrossRef[42]
J. Steinberger, Stam’s collision resistance conjecture, in
Advances in Cryptology—Proceedings of EUROCRYPT 2010. Lecture Notes in Computer Science, vol. 6110 (Springer, Berlin, 2010), pp. 597–615
CrossRef[43]
R. Winternitz, A secure one-way hash function built from DES, in Proceedings of the IEEE Symposium on Information Security and Privacy (IEEE Press, New York, 1984), pp. 88–90