Bart Mennink

Updates

• Co-organizing GelreCrypt 2025 in Nijmegen (November 2025) and the Applied Cryptography Course in Amsterdam (April 2026)
• Spoke at Spring School on Symmetric Cryptography and at Finse Cybersecurity Winter School
• Serving in the program committee of FSE 2026, CT-RSA 2026, EUROCRYPT 2026, and ACNS 2026

E-mail

• bart.mennink@maastrichtuniversity.nl
  PGP key, D67D DA5B C37E F11B 8C11 3B21 D7A3 7EC4 8649 EA27
• b.mennink@cs.ru.nl
  PGP key, 7239 01BC C840 B2A1 2326 86EC E00B 1294 ECFC C406

CV

Awards

• 2025: Nominated for senior education award 2024 at Radboud University
• 2025: Best paper award at FSE 2025
• 2024: Education award senior lecturer 2023 at Faculty of Science
• 2021: NWO Vidi grant
• 2020: NWO KLEIN-1 grant
• 2018: Best PC member award at ASIACRYPT 2018
• 2018: NWO TOP grant (with Joan Daemen)
• 2017: Best PC member award at ASIACRYPT 2017
• 2016: NWO Veni grant
• 2014: FWO postdoctoral fellowship
• 2012: Best paper award at Cryptology and Network Security, CANS 2012
• 2012: Best paper award at AFRICACRYPT 2012
• 2009: IWT doctoral scholarship

Publications

2025

1. PA1 Security on Release of Unverified Plaintext in Encrypt-then-MAC AE Schemes
   Bart Mennink, Suprita Talnikar
   Cryptology ePrint Archive. Report 2025/1183, 27 pages (2025)
2. Permutation-Based Hashing with Stronger (Second) Preimage Resistance - Application to Hash-Based Signature Schemes
   Siwei Sun, Shun Li, Zhiyu Zhang, Charlotte Lefevre, Bart Mennink, Zhen Qin, Dengguo Feng
   Cryptology ePrint Archive. Report 2025/963, 36 pages (2025)
3. Security of the Ascon Authenticated Encryption Mode in the Presence of Quantum Adversaries
   Nathalie Lang, Stefan Lucks, Bart Mennink, Suprita Talnikar
   Cryptology ePrint Archive. Report 2025/411, 31 pages (2025)
4. A Decomposition Approach for Evaluating Security of Masking
   Vahid Jahandideh, Bart Mennink, Lejla Batina
   Cryptology ePrint Archive. Report 2025/270, 34 pages (2025)
5. Minimized PRFs From Public Permutations
   Bart Mennink
   IACR Transactions on Symmetric Cryptology, 2025(3). To appear (2025)
6. Probing Secure Composability Without Fresh Randomness: Theory and Application to Ascon
   Vahid Jahandideh, Bart Mennink, Lejla Batina
   IACR Transactions on Cryptographic Hardware and Embedded Systems 2025(4). To appear (2025)
7. Statistical Evaluation of Entropy Accumulation in Linux
   Alexandre Bouez, Joan Daemen, Bart Mennink
   OSVS 2025. To appear (2025)
8. Efficient Instances of Docked Double Decker With AES, and Application to Authenticated Encryption
   Christoph Dobraunig, Krystian Matusiewicz, Bart Mennink, Alexander Tereschenko
   EUROCRYPT 2025 (I). LNCS, vol. 15601, pp. 62-92. Springer (2025)
9. Generic Security of GCM-SST
   Akiko Inoue, Ashwin Jha, Bart Mennink, Kazuhiko Minematsu
   Applied Cryptography and Network Security, ACNS 2025 (II). LNCS, vol. 15826, pp. 342-369. Springer (2025)
10. SoK: Security of the Ascon Modes
    Charlotte Lefevre, Bart Mennink
    IACR Transactions on Symmetric Cryptology, 2025(1), pp. 138-210 (2025)
11. To Pad or Not to Pad? Padding-Free Arithmetization-Oriented Sponges
    Charlotte Lefevre, Mario Marhuenda Beltrán, Bart Mennink
    IACR Transactions on Symmetric Cryptology, 2025(1), pp. 97-137 (2025)
12. Keying Merkle-Damgård at the Suffix
    Bart Mennink
    IACR Transactions on Symmetric Cryptology, 2025(1), pp. 70-96 (2025)

2024

1. Permutation-Based Hash Chains with Application to Password Hashing
   Charlotte Lefevre, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2024(4), pp. 249-286 (2024). Best paper award!
2. Block Cipher Doubling for a Post-Quantum World
   Ritam Bhaumik, André Chailloux, Paul Frixons, Bart Mennink, María Naya-Plasencia
   IACR Communications in Cryptology, 1(3), pp. 4 (2024)
3. Symmetric Cryptography (Dagstuhl Seminar 24041)
   Christof Beierle, Bart Mennink, María Naya-Plasencia, Yu Sasaki, Rachelle Heim Boissier
   Dagstuhl Reports, 14(1), pp. 72-89 (2024)
4. An Algebraic Approach for Evaluating Random Probing Security With Application to AES
   Vahid Jahandideh, Bart Mennink, Lejla Batina
   IACR Transactions on Cryptographic Hardware and Embedded Systems 2024(4), pp. 657-689 (2024)
5. Generic Security of the Ascon Mode: On the Power of Key Blinding
   Charlotte Lefevre, Bart Mennink
   Selected Areas in Cryptography, SAC 2024 (II). LNCS, vol. 15517, pp. 3-32. Springer (2024)
6. Tightening Leakage Resilience of the Suffix Keyed Sponge
   Henk Berendsen, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2024(1), pp. 459-496 (2024)
7. Permutation-Based Hashing Beyond the Birthday Bound
   Charlotte Lefevre, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2024(1), pp. 71-113 (2024)
8. The COLM Authenticated Encryption Scheme
   Elena Andreeva, Andrey Bogdanov, Nilanjan Datta, Atul Luykx, Bart Mennink, Mridul Nandi, Elmar Tischhauser, Kan Yasuda
   Journal of Cryptology, 37(2), pp. 15 (2024)
9. Generalized Initialization of the Duplex Construction
   Christoph Dobraunig, Bart Mennink
   Applied Cryptography and Network Security, ACNS 2024 (II). LNCS, vol. 14584, pp. 460-484. Springer (2024)

2023

1. Encryption and Security of Counter Mode
   Bart Mennink
   Symmetric Cryptography 1 - Design and Security Proofs (Boura, Naya-Plasencia). Book chapter, pp. 147-157. Wiley (2023)
2. Modeling Security
   Bart Mennink
   Symmetric Cryptography 1 - Design and Security Proofs (Boura, Naya-Plasencia). Book chapter, pp. 137-146. Wiley (2023)
3. Generic Security of the SAFE API and Its Applications
   Dmitry Khovratovich, Mario Marhuenda Beltrán, Bart Mennink
   ASIACRYPT 2023 (VIII). LNCS, vol. 14445, pp. 301-327. Springer (2023)
4. Information Security Conference, ISC 2023, Proceedings
   Elias Athanasopoulos, Bart Mennink
   LNCS, vol. 14411. Springer (2023)
5. Secure Distributed Modular Exponentiation: Systematic Analysis and New Results
   Bart Mennink
   IEEE Transactions on Information Forensics Security 18, pp. 4188-4197 (2023)
6. Revisiting the Indifferentiability of the Sum of Permutations
   Aldo Gunsing, Ritam Bhaumik, Ashwin Jha, Bart Mennink, Yaobin Shen
   CRYPTO 2023 (III). LNCS, vol. 14083, pp. 628-660. Springer (2023)
7. EliMAC: Speeding Up LightMAC by around 20%
   Christoph Dobraunig, Bart Mennink, Samuel Neves
   IACR Transactions on Symmetric Cryptology 2023(2), pp. 69-93 (2023)
8. Understanding the Duplex and Its Security
   Bart Mennink
   IACR Transactions on Symmetric Cryptology 2023(2), pp. 1-46 (2023)
9. Preface to Volume 2023, Issue 1
   Christina Boura, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2023(1), pp. 1-4 (2023)
10. SAFE: Sponge API for Field Elements
    Jean-Philippe Aumasson, Dmitry Khovratovich, Bart Mennink, Porçu Quine
    Cryptology ePrint Archive. Report 2023/522, 9 pages (2023)

2022

1. Security of Truncated Permutation Without Initial Value
   Lorenzo Grassi, Bart Mennink
   ASIACRYPT 2022 (II). LNCS, vol. 13792, pp. 620-650. Springer (2022)
2. Leakage and Tamper Resilient Permutation-Based Cryptography
   Christoph Dobraunig, Bart Mennink, Robert Primas
   ACM CCS 2022. pp. 859-873. ACM (2022)
3. Symmetric Cryptography (Dagstuhl Seminar 22141)
   Nils Gregor Leander, Bart Mennink, María Naya-Plasencia, Yu Sasaki, Eran Lambooij
   Dagstuhl Reports, 12(4), pp. 1-12 (2022)
4. Tight Preimage Resistance of the Sponge Construction
   Charlotte Lefevre, Bart Mennink
   CRYPTO 2022 (IV). LNCS, vol. 13510, pp. 185-204. Springer (2022)
5. Preface to Volume 2022, Issue 1
   Itai Dinur, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2022(1), pp. 1-4 (2022)
6. HERMES: Scalable, Secure, and Privacy-Enhancing Vehicle Access System
   Iraklis Symeonidis, Dragos Rotaru, Mustafa A. Mustafa, Bart Mennink, Bart Preneel, Panos Papadimitratos
   IEEE Internet of Things Journal, 9(1), pp. 129-151 (2022)

2021

1. Categorization of Faulty Nonce Misuse Resistant Message Authentication
   Yu Long Chen, Bart Mennink, Bart Preneel
   ASIACRYPT 2021 (III). LNCS, vol. 13092, pp. 520-550. Springer (2021)
2. Multi-User Security of the Elephant v2 Authenticated Encryption Mode
   Tim Beyne, Yu Long Chen, Christoph Dobraunig, Bart Mennink
   Selected Areas in Cryptography, SAC 2021. LNCS, vol. 13203, pp. 155-178. Springer (2022)
3. Systematic Security Analysis of Stream Encryption With Key Erasure
   Yu Long Chen, Atul Luykx, Bart Mennink, Bart Preneel
   IEEE Transactions on Information Theory 67(11), pp. 7518-7534 (2021)
4. Leakage Resilient Value Comparison With Application to Message Authentication
   Christoph Dobraunig, Bart Mennink
   EUROCRYPT 2021 (II). LNCS, vol. 12697, pp. 377-407. Springer (2021)
5. On the Resilience of Even-Mansour to Invariant Permutations
   Bart Mennink, Samuel Neves
   Designs, Codes and Cryptography 89(5), pp. 859-893 (2021)

2020

1. Tightness of the Suffix Keyed Sponge Bound
   Christoph Dobraunig, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2020(4), pp. 195-212 (2020)
2. Beyond Birthday Bound Secure Fresh Rekeying: Application to Authenticated Encryption
   Bart Mennink
   ASIACRYPT 2020 (I). LNCS, vol. 12491, pp. 630-661. Springer (2020)
3. Errata to Sound Hashing Modes of Arbitrary Functions, Permutations, and Block Ciphers
   Aldo Gunsing, Joan Daemen, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2020(3), pp. 362-366 (2020)
4. The Summation-Truncation Hybrid: Reusing Discarded Bits for Free
   Aldo Gunsing, Bart Mennink
   CRYPTO 2020 (I). LNCS, vol. 12170, pp. 187-217. Springer (2020)
5. Symmetric Cryptography (Dagstuhl Seminar 20041)
   Nils Gregor Leander, Bart Mennink, Kaisa Nyberg, Kan Yasuda
   Dagstuhl Reports, 10(1), pp. 130-143 (2020)
6. Practical Forgeries for ORANGE
   Christoph Dobraunig, Florian Mendel, Bart Mennink
   Information Processing Letters, 159-160, pp. 105961 (2020)
7. ISAP v2.0
   Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Bart Mennink, Robert Primas, Thomas Unterluggauer
   IACR Transactions on Symmetric Cryptology Special Issue on Designs for the NIST Lightweight Standardisation Process, pp. 390-416 (2020)
8. Dumbo, Jumbo, and Delirium: Parallel Authenticated Encryption for the Lightweight Circus
   Tim Beyne, Yu Long Chen, Christoph Dobraunig, Bart Mennink
   IACR Transactions on Symmetric Cryptology Special Issue on Designs for the NIST Lightweight Standardisation Process, pp. 5-30 (2020)
9. Collapseability of Tree Hashes
   Aldo Gunsing, Bart Mennink
   Conference on Post-Quantum Cryptography, PQCrypto 2020. LNCS, vol. 10346, pp. 367-383. Springer (2020)

2019

1. Security of the Suffix Keyed Sponge
   Christoph Dobraunig, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2019(4), pp. 223-248 (2019)
2. Release of Unverified Plaintext: Tight Unified Model and Application to ANYDAE
   Donghoon Chang, Nilanjan Datta, Avijit Dutta, Bart Mennink, Mridul Nandi, Somitra Sanadhya, Ferdinand Sibleyras
   IACR Transactions on Symmetric Cryptology 2019(4), pp. 119-146 (2019)
3. Deck-Based Wide Block Cipher Modes and an Exposition of the Blinded Keyed Hashing Model
   Aldo Gunsing, Joan Daemen, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2019(4), pp. 1-22 (2019)
4. Leakage Resilience of the Duplex Construction
   Christoph Dobraunig, Bart Mennink
   ASIACRYPT 2019 (III). LNCS, vol. 11923, pp. 225-255. Springer (2019)
5. How to Build Pseudorandom Functions From Public Random Permutations
   Yu Long Chen, Eran Lambooij, Bart Mennink
   CRYPTO 2019 (I). LNCS, vol. 10403, pp. 556-583. Springer (2019)
6. Beyond Conventional Security in Sponge-Based Authenticated Encryption Modes
   Philipp Jovanovic, Atul Luykx, Bart Mennink, Yu Sasaki, Kan Yasuda
   Journal of Cryptology, 32(3), pp. 895-940 (2019)
7. Linking Stam's Bounds With Generalized Truncation
   Bart Mennink
   Topics in Cryptology, CT-RSA 2019. LNCS, vol. 11405, pp. 313-329. Springer (2019)

2018

1. Sound Hashing Modes of Arbitrary Functions, Permutations, and Block Ciphers
   Joan Daemen, Bart Mennink, Gilles Van Assche
   IACR Transactions on Symmetric Cryptology 2018(4), pp. 197-228 (2018)
   (This pdf is the updated version of the paper, fixing an error in the proof (see Section 1.3 of this version). Please refer to this version.)
2. Key Prediction Security of Keyed Sponges
   Bart Mennink
   IACR Transactions on Symmetric Cryptology 2018(4), pp. 128-149 (2018)
3. Short Variable Length Domain Extenders With Beyond Birthday Bound Security
   Yu Long Chen, Bart Mennink, Mridul Nandi
   ASIACRYPT 2018 (I). LNCS, vol. 11272, pp. 244-274. Springer (2018)
4. Towards Tight Security of Cascaded LRW2
   Bart Mennink
   Theory of Cryptography Conference, TCC 2018. LNCS, vol. 11240, pp. 192-222. Springer (2018)
5. The Relation Between CENC and NEMO
   Bart Mennink
   Cryptology and Network Security, CANS 2018. LNCS, vol. 11124, pp. 177-189. Springer (2018)
6. Privacy-Preserving Distributed Access Control for Medical Data
   Christian Maulany, Majid Nateghizad, Bart Mennink, Zekeriya Erkin
   International Joint Conference on e-Business and Telecommunications, ICETE 2018 (II). pp. 488-497. SciTePress (2018)
7. Connecting Tweakable and Multi-Key Blockcipher Security
   Jooyoung Lee, Atul Luykx, Bart Mennink, Kazuhiko Minematsu
   Designs, Codes and Cryptography 86(3), pp. 623-640 (2018)
8. Short Non-Malleable Codes from Related-Key Secure Block Ciphers
   Serge Fehr, Pierre Karpman, Bart Mennink
   IACR Transactions on Symmetric Cryptology 2018(1), pp. 336-352 (2018)

2017

1. Full-State Keyed Duplex With Built-In Multi-User Support
   Joan Daemen, Bart Mennink, Gilles Van Assche
   ASIACRYPT 2017 (II). LNCS, vol. 10625, pp. 606-637. Springer (2017)
2. Analyzing Multi-Key Security Degradation
   Atul Luykx, Bart Mennink, Kenneth G. Paterson
   ASIACRYPT 2017 (II). LNCS, vol. 10625, pp. 575-605. Springer (2017)
3. Efficient Length Doubling from Tweakable Block Ciphers
   Yu Long Chen, Atul Luykx, Bart Mennink, Bart Preneel
   IACR Transactions on Symmetric Cryptology 2017(3), pp. 253-270 (2017)
4. Optimal PRFs from Blockcipher Designs
   Bart Mennink, Samuel Neves
   IACR Transactions on Symmetric Cryptology 2017(3), pp. 228-252 (2017)
5. De verjaardagsparadox in de cryptografie
   Bart Mennink
   Nieuw Archief voor Wiskunde 5/18(3), pp. 190-194 (2017)
6. Wiskunde in de cryptografie (Redactioneel)
   Bart Mennink, Marc Stevens
   Nieuw Archief voor Wiskunde 5/18(3), pp. 155-155 (2017)
7. SePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision
   Iraklis Symeonidis, Abdelrahaman Aly, Mustafa A. Mustafa, Bart Mennink, Siemen Dhooghe, Bart Preneel
   European Symposium on Research in Computer Security, ESORICS 2017 (II). LNCS, vol. 10493, pp. 475-493. Springer (2017)
8. Encrypted Davies-Meyer and Its Dual: Towards Optimal Security Using Mirror Theory
   Bart Mennink, Samuel Neves
   CRYPTO 2017 (III). LNCS, vol. 10403, pp. 556-583. Springer (2017)
9. Insuperability of the Standard Versus Ideal Model Gap for Tweakable Blockcipher Security
   Bart Mennink
   CRYPTO 2017 (II). LNCS, vol. 10402, pp. 708-732. Springer (2017)
10. Understanding RUP Integrity of COLM
    Nilanjan Datta, Atul Luykx, Bart Mennink, Mridul Nandi
    IACR Transactions on Symmetric Cryptology 2017(2), pp. 143-161 (2017)
11. XOR of PRPs in a Quantum World
    Bart Mennink, Alan Szepieniec
    Conference on Post-Quantum Cryptography, PQCrypto 2017. LNCS, vol. 10346, pp. 367-383. Springer (2017)
12. Optimal Collision Security in Double Block Length Hashing with Single Length Key
    Bart Mennink
    Designs, Codes and Cryptography 83(2), pp. 357-406 (2017)
13. Weak Keys for AEZ, and the External Key Padding Attack
    Bart Mennink
    Topics in Cryptology, CT-RSA 2017. LNCS, vol. 10159, pp. 223-237. Springer (2017)

2016

1. Security Analysis of BLAKE2's Modes of Operation
   Atul Luykx, Bart Mennink, Samuel Neves
   IACR Transactions on Symmetric Cryptology 2016(1), pp. 158-176 (2016)
2. CENC is Optimally Secure
   Tetsu Iwata, Bart Mennink, Damian Vizár
   Cryptology ePrint Archive. Report 2016/1087, 5 pages (2016)
3. Improving the Sphinx Mix Network
   Filipe Beato, Kimmo Halunen, Bart Mennink
   Cryptology and Network Security, CANS 2016. LNCS, vol. 10052, pp. 681-691. Springer (2016)
4. Recipient Privacy in Online Social Networks
   Filipe Beato, Kimmo Halunen, Bart Mennink
   International Workshop on Security, IWSEC 2016. LNCS, vol. 9836, pp. 254-264. Springer (2016)
5. Damaging, Simplifying, and Salvaging p-OMD
   Tomer Ashur, Bart Mennink
   Information Security Conference, ISC 2016. LNCS, vol. 9866, pp. 73-92. Springer (2016)
6. XPX: Generalized Tweakable Even-Mansour with Improved Security Guarantees
   Bart Mennink
   CRYPTO 2016 (I). LNCS, vol. 9814, pp. 64-94. Springer (2016)
7. Efficient Parallelizable Hashing Using Small Non-Compressing Primitives
   Bart Mennink, Bart Preneel
   International Journal of Information Security 15(3), pp. 285-300 (2016)
8. Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption
   Robert Granger, Philipp Jovanovic, Bart Mennink, Samuel Neves
   EUROCRYPT 2016 (I). LNCS, vol. 9665, pp. 263-293. Springer (2016)

2015

1. Security of Full-State Keyed Sponge and Duplex: Applications to Authenticated Encryption
   Bart Mennink, Reza Reyhanitabar, Damian Vizár
   ASIACRYPT 2015 (II). LNCS, vol. 9453, pp. 465-489. Springer (2015)
2. On the Impact of Known-Key Attacks on Hash Functions
   Bart Mennink, Bart Preneel
   ASIACRYPT 2015 (II). LNCS, vol. 9453, pp. 59-84. Springer (2015)
3. Two-Permutation-Based Hashing with Binary Mixing
   Atul Luykx, Bart Mennink, Bart Preneel, Laura Winnen
   Journal of Mathematical Cryptology 9(3), pp. 139-150 (2015)
4. Open Problems in Hash Function Security
   Elena Andreeva, Bart Mennink, Bart Preneel
   Designs, Codes and Cryptography 77(2), pp. 611-631 (2015)
5. Forgery and Subkey Recovery on CAESAR candidate iFeed
   Willem Schroé, Bart Mennink, Elena Andreeva, Bart Preneel
   Selected Areas in Cryptography, SAC 2015. LNCS, vol. 9566, pp. 197-204. Springer (2016)
6. On the XOR of Multiple Random Permutations
   Bart Mennink, Bart Preneel
   Applied Cryptography and Network Security, ACNS 2015. LNCS, vol. 9092, pp. 619-634. Springer (2015)
7. Optimally Secure Tweakable Blockciphers
   Bart Mennink
   Fast Software Encryption, FSE 2015. LNCS, vol. 9054, pp. 428-448. Springer (2015)
   (This pdf is the updated version of the paper, with a slightly adjusted description of the scheme to fix an oversight in the proof. Please refer to this version.)
8. Security of Keyed Sponge Constructions Using a Modular Proof Approach
   Elena Andreeva, Joan Daemen, Bart Mennink, Gilles Van Assche
   Fast Software Encryption, FSE 2015. LNCS, vol. 9054, pp. 364-384. Springer (2015)
9. Trivial Nonce-Misusing Attack on Pure OMD
   Tomer Ashur, Bart Mennink
   Cryptology ePrint Archive. Report 2015/175, 3 pages (2015)

2014

1. How to Securely Release Unverified Plaintext in Authenticated Encryption
   Elena Andreeva, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, Kan Yasuda
   ASIACRYPT 2014 (I). LNCS, vol. 8873, pp. 105-125. Springer (2014)
2. Beyond 2^{c/2} Security in Sponge-Based Authenticated Encryption Modes
   Philipp Jovanovic, Atul Luykx, Bart Mennink
   ASIACRYPT 2014 (I). LNCS, vol. 8873, pp. 85-104. Springer (2014)
3. Breaking and Fixing Cryptophia's Short Combiner
   Bart Mennink, Bart Preneel
   Cryptology and Network Security, CANS 2014. LNCS, vol. 8813, pp. 50-63. Springer (2014)
4. When a Bloom Filter is a Doom Filter: Security Assessment of a Novel Iris Biometric Template Protection System
   Jens Hermans, Bart Mennink, Roel Peeters
   Biometrics Special Interest Group, BIOSIG 2014. LNI, vol. P-230, pp. 75-86. Gesellschaft für Informatik (2014)
5. Shattering the Glass Maze
   Jens Hermans, Roel Peeters, Bart Mennink
   Biometrics Special Interest Group, BIOSIG 2014. LNI, vol. P-230, pp. 63-74. Gesellschaft für Informatik (2014)
6. Speedup for European ePassport Authentication
   Roel Peeters, Jens Hermans, Bart Mennink
   Biometrics Special Interest Group, BIOSIG 2014. LNI, vol. P-230, pp. 51-62. Gesellschaft für Informatik (2014)
7. On the Collision and Preimage Security of MDC-4 in the Ideal Cipher Model
   Bart Mennink
   Designs, Codes and Cryptography 73(1), pp. 121-150 (2014)
8. The Security of Multiple Encryption in the Ideal Cipher Model
   Yuanxi Dai, Jooyoung Lee, Bart Mennink, John P. Steinberger
   CRYPTO 2014 (I). LNCS, vol. 8616, pp. 20-38. Springer (2014)
9. Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers
   Nicky Mouha, Bart Mennink, Anthony Van Herrewege, Dai Watanabe, Bart Preneel, Ingrid Verbauwhede
   Selected Areas in Cryptography, SAC 2014. LNCS, vol. 8781, pp. 306-323. Springer (2014)
10. COBRA: A Parallelizable Authenticated Online Cipher Without Block Cipher Inverse
    Elena Andreeva, Atul Luykx, Bart Mennink, Kan Yasuda
    Fast Software Encryption, FSE 2014. LNCS, vol. 8540, pp. 187-204. Springer (2014)
11. APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography
    Elena Andreeva, Begül Bilgin, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, Kan Yasuda
    Fast Software Encryption, FSE 2014. LNCS, vol. 8540, pp. 168-186. Springer (2014)
12. Triple and Quadruple Encryption: Bridging the Gaps
    Bart Mennink, Bart Preneel
    Cryptology ePrint Archive. Report 2014/016, 16 pages (2014)

2013

1. Indifferentiability of Double Length Compression Functions
   Bart Mennink
   IMA Cryptography and Coding 2013. LNCS, vol. 8308, pp. 232-251. Springer (2013)
2. Parallelizable and Authenticated Online Ciphers
   Elena Andreeva, Andrey Bogdanov, Atul Luykx, Bart Mennink, Elmar W. Tischhauser, Kan Yasuda
   ASIACRYPT 2013 (I). LNCS, vol. 8269, pp. 424-443. Springer (2013)
3. On the Indifferentiability of Key-Alternating Ciphers
   Elena Andreeva, Andrey Bogdanov, Yevgeniy Dodis, Bart Mennink, John P. Steinberger
   CRYPTO 2013 (I). LNCS, vol. 8042, pp. 531-550. Springer (2013)
4. Provable Security of Cryptographic Hash Functions
   Bart Mennink
   PhD thesis, KU Leuven, Bart Preneel, Vincent Rijmen (promotors), xvi+238 pages (2013)
5. Towards Understanding the Known-Key Security of Block Ciphers
   Elena Andreeva, Andrey Bogdanov, Bart Mennink
   Fast Software Encryption, FSE 2013. LNCS, vol. 8424, pp. 348-366. Springer (2014)
6. D.SYM.11: Final Hash Functions Status Report
   Christina Boura, Bart Mennink, María Naya-Plasencia, Christian Rechberger
   ICT-2007-216676, European Network of Excellence in Cryptology II, technical report (2013)

2012

1. Impossibility Results for Indifferentiability with Resets
   Atul Luykx, Elena Andreeva, Bart Mennink, Bart Preneel
   Cryptology ePrint Archive. Report 2012/644, 13 pages (2012)
2. A Simple Key-Recovery Attack on McOE-X
   Florian Mendel, Bart Mennink, Vincent Rijmen, Elmar W. Tischhauser
   Cryptology and Network Security, CANS 2012. LNCS, vol. 7712, pp. 23-31. Springer (2012). Best paper award!
3. Optimal Collision Security in Double Block Length Hashing with Single Length Key
   Bart Mennink
   ASIACRYPT 2012. LNCS, vol. 7658, pp. 526-543. Springer (2012)
4. Hash Functions Based on Three Permutations: A Generic Security Analysis
   Bart Mennink, Bart Preneel
   CRYPTO 2012. LNCS, vol. 7417, pp. 330-347. Springer (2012)
5. Provable Security of BLAKE with Non-Ideal Compression Function
   Elena Andreeva, Atul Luykx, Bart Mennink
   Selected Areas in Cryptography, SAC 2012. LNCS, vol. 7707, pp. 322-339. Springer (2012)
6. Security Analysis and Comparison of the SHA-3 Finalists BLAKE, Grøstl, JH, Keccak, and Skein
   Elena Andreeva, Bart Mennink, Bart Preneel, Marjan Škrobot
   AFRICACRYPT 2012. LNCS, vol. 7374, pp. 287-305. Springer (2012) Best paper award!
7. The Parazoa Family: Generalizing the Sponge Hash Functions
   Elena Andreeva, Bart Mennink, Bart Preneel
   International Journal of Information Security 11(3), pp. 149-165 (2012)
8. On Security Arguments of the Second Round SHA-3 Candidates
   Elena Andreeva, Andrey Bogdanov, Bart Mennink, Bart Preneel, Christian Rechberger
   International Journal of Information Security 11(2), pp. 103-120 (2012)
9. Increasing the Flexibility of the Herding Attack
   Bart Mennink
   Information Processing Letters 112(3), pp. 98-105 (2012)

2011

1. Provable Chosen-Target-Forced-Midfix Preimage Resistance
   Elena Andreeva, Bart Mennink
   Selected Areas in Cryptography, SAC 2011. LNCS, vol. 7118, pp. 37-54. Springer (2011)

2010

1. Anonymous Credential Schemes with Encrypted Attributes
   Jorge Guajardo, Bart Mennink, Berry Schoenmakers
   Cryptology and Network Security, CANS 2010. LNCS, vol. 6467, pp. 314-333. Springer (2010)
2. Security Properties of Domain Extenders for Cryptographic Hash Functions
   Elena Andreeva, Bart Mennink, Bart Preneel
   Journal of Information Processing Systems 6(4), pp. 453-480 (2010)
3. On Side-Channel Resistant Block Cipher Usage
   Jorge Guajardo, Bart Mennink
   Information Security Conference, ISC 2010. LNCS, vol. 6531, pp. 254-268. Springer (2010)
4. Security Reductions of the Second Round SHA-3 Candidates
   Elena Andreeva, Bart Mennink, Bart Preneel
   Information Security Conference, ISC 2010. LNCS, vol. 6531, pp. 39-53. Springer (2010)
5. On the Indifferentiability of the Grøstl Hash Function
   Elena Andreeva, Bart Mennink, Bart Preneel
   Security and Cryptography for Networks, SCN 2010. LNCS, vol. 6280, pp. 88-105. Springer (2010)
6. Modulo Reduction for Paillier Encryptions and Application to Secure Statistical Analysis (extended abstract)
   Jorge Guajardo, Bart Mennink, Berry Schoenmakers
   Financial Cryptography and Data Security, FC 2010. LNCS, vol. 6052, pp. 375-382. Springer (2010)

2009

1. Encrypted certificate schemes and their security and privacy analysis
   Bart Mennink
   Master's thesis, TU Eindhoven, Jorge Guajardo, Berry Schoenmakers (promotors), xii+103 pages (2009)

Activities

Selected Invited Talks

1. Understanding the Duplex and Its Security. Spring School on Symmetric Cryptography 2025. Rome, Italy
2. Security of Encryption Modes. Spring School on Symmetric Cryptography 2025. Rome, Italy
3. Security of Encryption Modes and an Exposition of Proof Techniques. Workshop on Coding and Cryptography 2024. Perugia, Italy
4. Security of Permutation-Based Modes and Its Application to Ascon. NIST Lightweight Cryptography Competition Workshop 2023. Online (select Day2_Part1)
5. Understanding the Duplex and Its Security. Permutation-Based Crypto 2023. Lyon, France
6. Tweakable Blockciphers and Beyond Birthday Bound Security. Asian Workshop on Symmetric Key Cryptography 2018. Kolkata, India
7. Beyond Birthday-Bound Security. COST Training School on Symmetric Cryptography and Blockchain 2018. Torremolinos, Spain
8. Security of Authenticated Encryption Modes. COST Training School on Symmetric Cryptography and Blockchain 2018. Torremolinos, Spain
9. Beyond Birthday-Bound Security. Summer School on Real-World Crypto and Privacy 2017. Šibenik, Croatia
10. Introduction to Tweakable Blockciphers. Summer School on Real-World Crypto and Privacy 2017. Šibenik, Croatia
11. Improved Masking for Tweakable Blockciphers with Applications to Authenticated Encryption. Dagstuhl 2016. Wadern, Germany
12. Tweakable Blockciphers: Theory and Application. IACR School on Design and Security of Cryptographic Algorithms and Devices 2015. Sardinia, Italy
13. Introduction to Provable Security. IACR School on Design and Security of Cryptographic Algorithms and Devices 2015. Sardinia, Italy

Selected Conference Talks

1. Deck-Based Wide Block Cipher Modes. NIST Workshop on Block Cipher Modes of Operation 2023. Gaithersburg, MD, USA (from 2:57:00)
2. Leakage Resilient Value Comparison With Application to Message Authentication. EUROCRYPT 2021. Virtual
3. Beyond Birthday Bound Secure Fresh Rekeying: Application to Authenticated Encryption. ASIACRYPT 2020. Virtual
4. Security of the Suffix Keyed Sponge. FSE 2020. Virtual
5. Dumbo, Jumbo, and Delirium: Parallel Authenticated Encryption for the Lightweight Circus FSE 2020. Virtual
6. Leakage Resilience of the Duplex Construction. ASIACRYPT 2019. Kobe, Japan
7. Dumbo, Jumbo, and Delirium: Parallel Authenticated Encryption for the Lightweight Circus. NIST Lightweight Cryptography Competition Workshop 2019. Gaithersburg, MD, USA (from 0:38:00)
8. Leakage Resilience of the ISAP Mode: A Vulgarized Summary. NIST Lightweight Cryptography Competition Workshop 2019. Gaithersburg, MD, USA (from 5:09:00)
9. Key Prediction Security of Keyed Sponges. FSE 2019. Paris, France
10. Towards Tight Security of Cascaded LRW2. TCC 2018. Panaji, India
11. Full-State Keyed Duplex With Built-In Multi-User Support. ASIACRYPT 2017. Hong Kong, China
12. Encrypted Davies-Meyer and Its Dual: Towards Optimal Security Using Mirror Theory. CRYPTO 2017. Santa Barbara, CA, USA
13. Insuperability of the Standard Versus Ideal Model Gap for Tweakable Blockcipher Security. CRYPTO 2017. Santa Barbara, CA, USA
14. XOR of PRPs in a Quantum World. Conference on Post-Quantum Cryptography, PQCrypto 2017. Utrecht, The Netherlands
15. Security Analysis of BLAKE2\'s Modes of Operation. FSE 2017. Tokyo, Japan
16. XPX: Generalized Tweakable Even-Mansour with Improved Security Guarantees. CRYPTO 2016. Santa Barbara, CA, USA
17. On the Impact of Known-Key Attacks on Permutation-Based Hashing. ASIACRYPT 2015. Auckland, New Zealand
18. On the XOR of Multiple Random Permutations. Applied Cryptography and Network Security, ACNS 2015. New York City, NY, USA
19. Optimally Secure Tweakable Blockciphers. FSE 2015. Istanbul, Turkey
20. Security of Keyed Sponge Constructions Using a Modular Proof Approach. FSE 2015. Istanbul, Turkey
21. Breaking and Fixing Cryptophia\'s Short Combiner. Cryptology and Network Security, CANS 2014. Heraklion, Greece
22. Beyond 2^{c/2} Security in Sponge-Based Authenticated Encryption Modes. Directions in Authenticated Ciphers 2014. Santa Barbara, CA, USA
23. Indifferentiability of Double Length Compression Functions. IMA Cryptography and Coding 2013. Oxford, UK
24. Optimal Collision Security in Double Block Length Hashing with Single Length Key. ASIACRYPT 2012. Beijing, China
25. Hash Functions Based on Three Permutations: A Generic Security Analysis. CRYPTO 2012. Santa Barbara, CA, USA
26. Provable Security of BLAKE with Non-Ideal Compression Function. Selected Areas in Cryptography, SAC 2012. Windsor, Ontario, Canada
27. Provable Chosen-Target-Forced-Midfix Preimage Resistance. Selected Areas in Cryptography, SAC 2011. Toronto, Ontario, Canada
28. The Parazoa Family: Generalizing the Sponge Hash Functions. ECRYPT II Hash Workshop 2011. Tallinn, Estonia
29. Anonymous Credential Schemes with Encrypted Attributes. Cryptology and Network Security, CANS 2010. Kuala Lumpur, Malaysia
30. Security Reductions of the Second Round SHA-3 Candidates. Information Security Conference, ISC 2010. Boca Raton, FL, USA

Steering Committees

• FSE since 2021
• ISC 2023-2024
• SAC since 2024

Program Chair / (Co-)Editor-in-Chief

• FSE 2022, 2023
• ToSC 2021/22, 2022/23
• ISC 2023
• IET Information Security (deputy) since 2023

Program Committees

• ASIACRYPT 2015, 2017, 2018, 2022, 2025
• CRYPTO 2022, 2023, 2024, 2025
• EUROCRYPT 2017, 2018, 2019, 2020, 2021, 2024, 2026
• CHES 2019, 2020
• FSE 2016, 2017, 2018, 2019, 2020, 2024, 2025, 2026
• ACISP 2020
• ACM CCS 2023
• ACNS 2018, 2026
• ArcticCrypt 2016, 2025
• CT-RSA 2023, 2026
• Euro S&P 2019
• ICMC 2018, 2019
• ICT.Open 2025
• Indocrypt 2018, 2020
• Inscrypt 2024
• ISC 2025
• IWSEC 2016, 2017, 2018
• LLE 2024
• ProvSec 2016, 2017, 2018, 2019
• SAC 2019, 2023, 2024, 2025
• SECITC 2016, 2017

Editorial Boards

• IET Information Security 2020-2023
• TCHES 2018/19, 2019/20
• ToSC 2016/17, 2017/18, 2018/19, 2019/20, 2023/24, 2024/25
• ToSC special issue on NIST Lightweight Submissions 2020

Grants and Prizes

• NWO Vidi 2023
• Adviescommissie Outreach Beta 2021, 2022, 2023, 2024
• Best Cybersecurity Master Thesis 2019, 2021, 2022, 2023, 2024

Organization

• Co-organizer of Applied Cryptography Course, Amsterdam (April 2026)
• Co-organizer of GelreCrypt 2025, Nijmegen (November 2025)
• Co-organizer of Applied Cryptography Course, Amsterdam (March/April 2025)
• Co-organizer of End-of-ESCADA workshop, Nijmegen (August 2024)
• Co-organizer of Lorentz workshop Beating Real-Time Crypto: Solutions and Analysis, Leiden (April 2024)
• Co-organizer of Dagstuhl workshop Symmetric Cryptography (Dagstuhl Seminar 24041), Dagstuhl (January 2024)
• Program co-chair of ISC 2023, Groningen (November 2023)
• Program co-chair of FSE 2023, Beijing and Kobe (March 2023)
• Co-organizer of FrisiaCrypt 2022, Terschelling (September 2022)
• Co-organizer of Dagstuhl workshop Symmetric Cryptography (Dagstuhl Seminar 22141), Dagstuhl (April 2022)
• Program co-chair of FSE 2022, Athens (March 2022)
• Co-organizer of Dagstuhl workshop Symmetric Cryptography (Dagstuhl Seminar 20041), Dagstuhl (January 2020)
• Co-organizer of Lorentz workshop Flexible Symmetric Cryptography, Leiden (March 2018)
• Co-editor of Wiskunde in de cryptografie (September 2017)

Teaching

• Lecturer Cryptography (BCS3230), Maastricht University (2025 - now)
• (Co-)lecturer Applied Cryptography (NWI-IMC061), Radboud University (2022 - 2025)
• (Co-)lecturer Selected Areas in Cryptology, MasterMath (2020 - 2026)
• (Co-)lecturer Introduction to Cryptography (NWI-IBC023), Radboud University (2021 - 2025)
• (Co-)lecturer Matrix Calculation (NWI-IPC017), Radboud University (2019 - 2024)
• (Co-)lecturer Combinatorics (NWI-IBC016), Radboud University (2019 - 2022)
• Teaching assistant Security (NWI-IPC021), Radboud University (2017 - 2018)
• Teaching assistant Applied Algebra (H01A4A), KU Leuven (2009 - 2016)

Postdocs

• Suprita Talnikar, Radboud University (2023 - 2025)
• Shahram Rasoolzadeh, Radboud University (2021 - 2024)

PhD Students

• Co-promotor Mario Marhuenda Beltrán, Radboud University (2022 - now)
• Co-promotor Vahid Jahandideh, Radboud University (2022 - now)
• Co-promotor Alexandre Bouez, Radboud University (2021 - now)
• Co-promotor Charlotte Lefevre, Radboud University (2021 - now)
• Co-promotor Aldo Gunsing, Radboud University (2019 - 2024)
• Co-promotor Yu Long Chen, KU Leuven (2017 - 2022)

PhD

Provable Security of Cryptographic Hash Functions
(Bewijsbare veiligheid van cryptografische hashfuncties)

Jury

Prof. dr. ir. Pierre Verbaeten, chairman
Prof. dr. ir. Bart Preneel, promotor
Prof. dr. ir. Vincent Rijmen, promotor
Prof. dr. Marc Fischlin (Darmstadt University of Technology, Germany)
Prof. dr. ir. Frank Piessens
Dr. ir. Martijn Stam (University of Bristol, UK)
Prof. dr. ir. Joos Vandewalle

Date, Time, and Location

Tuesday May 7, 2013 at 13:30
Auditorium Arenberg Castle
Kasteelpark Arenberg 1
3001 Heverlee, Belgium

Abstract

Cryptographic hash functions form the basis of the security of today's digital environment, and find applications in numerous cryptographic systems such as tamper detection, key derivation functions, and digital signatures. Ideally, hash functions behave like a random oracle, a function that returns random outputs for each new input, but in practice such a construction does not exist. Usually, a hash function is designed to give strong confidence that it is indeed secure, and it is presumed secure until it is broken. In 2004-2005, cryptanalytic breakthroughs have raised doubts about the security of many widely employed hash functions, such as MD5 and SHA-1. As a response, in 2007 the US National Institute for Standards and Technology (NIST) announced a call for the design of a new SHA-3 hashing algorithm.

This dissertation deals with the fundamental security properties of hash functions. It is divided into two parts.

In the first part of the dissertation, we analyze existing hash functions and introduce design methodologies. We particularly search for the limits within the provable security framework, by considering minimalist designs with maximal security. Firstly, we look at double block length 3n-to-2n-bit compression functions based on block ciphers with an n-bit message and key space. We consider the MDC-4 hash function, and improve its collision and preimage security bounds. Next, we present a family of designs that make three cipher calls and achieve optimal collision security and very good preimage security. Furthermore, we consider the possibility of compression functions based on permutations, and provide a full security classification of all 2n-to-n-bit compression functions solely built of XOR operators and three permutations.

As a final contribution of this part, we propose the family of parazoa functions as a generalization of the sponge hash function design, and prove that parazoa functions are indifferentiable from a random oracle. The sponge is a popular hash function design and many derivatives, called sponge-like functions, appeared in literature. However, these sponge-like functions do not automatically enjoy the same security guarantees as the original sponge. Our generalized parazoa family applies to a wide class of sponge-like functions, and the indifferentiability proof for parazoa naturally carries over.

In the second part of the dissertation, we consider NIST's SHA-3 hash function competition from a provable security point of view. We provide a detailed survey of the five SHA-3 finalists, in which we analyze and compare their security guarantees. We consider collision, preimage, and second preimage resistance and indifferentiability of all finalists, and solve open problems where needed.

Samenvatting

Cryptografische hashfuncties liggen ten grondslag aan de beveiliging van de hedendaagse digitale wereld, en worden gebruikt in talrijke cryptografische toepassingen zoals het detecteren van ongeoorloofde datawijzigingen, het afleiden van cryptografische sleutels en digitale handtekeningen. In het ideale geval gedraagt een hashfunctie zich als een volledig willekeurige functionaliteit, een functie die voor iedere invoer een willekeurige uitvoer produceert, maar zulk soort functies bestaan in de praktijk niet. Derhalve worden hashfuncties normaliter op een zodanige wijze ontworpen dat ze veilig genoeg lijken, en ze worden veilig geacht totdat iemand een zwakheid in de functie ontdekt. In 2004-2005 hebben cryptanalytische doorbraken echter de veiligheid van enkele wijdverspreide hashfuncties, zoals MD5 en SHA-1, ter discussie gesteld. Om deze reden lanceerde het National Institute for Standards and Technology (NIST) van de VS in 2007 een internationale competitie voor het ontwerp van een nieuwe SHA-3 hashfunctie.

Deze dissertatie behandelt fundamentele veiligheidsaspecten van cryptografische hashfuncties. Ze bestaat uit twee delen.

In het eerste deel van de dissertatie analyseren we bestaande hashfuncties en introduceren we nieuwe ontwerpmethoden. In het bijzonder gaan we op zoek naar de limieten van het bewijsbareveiligheidskader, waarbij we minimalistische ontwerpen met maximale veiligheid bekijken. Als eerste onderzoeken we compressiefuncties van dubbele bloklengte: 3n-naar-2n-bit compressiefuncties gebaseerd op blokcijfers met een n-bit bericht- en sleutelgrootte. We beschouwen de MDC-4 hashfunctie en verbeteren haar botsings- en éénwegsaanvalsbestendigheidsgrens. Vervolgens introduceren we een nieuwe familie van ontwerpen die drie cijferoproepen doen en die optimale botsingsbestendigheid en zeer goede éénwegsaanvalsbestendigheid bereiken. Voorts analyseren we de mogelijkheid om compressiefuncties te construeren van permutaties, en verschaffen een volledige veiligheidsclassificatie van alle 2n-naar-n-bit compressiefuncties louter gebouwd op XOR-operators en drie permutaties.

Als laatste bijdrage van dit deel van de dissertatie presenteren we de familie van parazoafuncties als een generalisatie van sponsfuncties, en bewijzen we dat parazoafuncties indifferentieerbaar zijn van een volledig willekeurige functionaliteit. De spons is een populair hashfunctieontwerp en tal van afgeleiden, zogenaamde sponsachtige functies, zijn in de loop der tijd gepubliceerd. Deze sponsachtige functies genieten echter niet automatisch dezelfde veiligheidsgaranties als de oorspronkelijke spons. Onze gegeneraliseerde parazoafamilie behelst een breed spectrum van sponsachtige functies, en het indifferentieerbaarheidsbewijs voor parazoa is overdraagbaar naar deze functies.

In het tweede deel van de dissertatie beschouwen we NIST's SHA-3 hashfunctiecompetitie met betrekking tot haar bewijsbare veiligheid. We presenteren een gedetailleerde beschouwing van de vijf SHA-3-finalisten, waarin we hun veiligheidseigenschappen analyseren en vergelijken. We beschouwen botsings-, éénwegsaanvals- en tweede-éénwegsaanvalsbestendigheid, alsmede indifferentieerbaarheid van alle finalisten, en lossen waar nodig open problemen op.

Samevatting

Cryptografische hashfunkties ligke te gróndjsjlaag aan de beveiliging van de hedendaagse digitale waereld, en waere gebroêk in talrieke cryptografische toepassinge zoès het opsjpaore van onrechmaotige gegaevesverangeringe, het aafleije van cryptografische sjleutels en digitale handjteikeninge. In het ideale geval gedreug ein hashfunktie zich wie ein volledig willekäörige funktionaliteit, ein funktie die veur jedere inveur ein willekäörige oetveur produceert, mèr zo ein funkties besjtaon in de praktijk neet. Daorom waere hashfunkties normaal gesjpraoke op ein zodanige maneer ontworpe dat ze veilig genóg lieke, en ze waere veilig besjouwd totdat emes ein zjwaakheid in de funktie ontdèk. In 2004-2005 höbbe cryptanalytische doorbrake echter de veiligheid van versjillende wiedversjpreide hashfunkties, zoès MD5 en SHA-1, ter discussie gesjtèld. Om dees raeje lanceerde het National Institute for Standards and Technology (NIST) van de VS in 2007 ein internationale competitie veur het ontwerp van ein nuuje SHA-3 hashfunktie.

Dees dissertatie behanjelt fundamentele veiligheidsaspecte van cryptografische hashfunkties. Ze besjteit oet tweë deile.

In het eësjte deil van de dissertatie analysere ver besjtaonde hashfunkties en introducere ver nuuje ontwerpmethodes. In het biezunjer gaon ver op zeuk nao de limiete van het bewiesbareveiligheidskader, wobie ver minimalistische ontwerpe mit maximale veiligheid bekieke. Es eësjte ongerzeuke ver kompressiefunkties van dubbele bloklengte: 3n-nao-2n-bit kompressiefunkties gebaseerd op bloksiefers mit ein n-bit berich- en sjleutelgroatte. Ver besjouwe de MDC-4 hashfunktie en verbaetere häör botsings- en einwaegsaanvalsbesjtendigheidsgrens. Vervolges introducere ver ein nuuje femielie van ontwerpe die drie sieferopreupe doon en die optimale botsingsbesjtendigheid en zeer gooje einwaegsaanvalsbesjtendigheid bereike. Wiejer analysere ver de mäögelikheid om kompressiefunkties te construere van permutaties, en versjaffe ein volledige veiligheidsklassifikatie van alle 2n-nao-n-bit kompressiefunkties louter geboewd op XOR-operators en drie permutaties.

Es lètste biedraag van dit deil van de dissertatie prizzentere ver de femielie van parazoafunkties es ein generalisatie van sjponsfunkties, en bewieze ver dat parazoafunkties indifferentieerbaar zeen van ein volledig willekäörige funktionaliteit. De sjpons is ein populair hashfunktieontwerp en tal van aafgeleije, zogenaamde sjponsachtige funkties, zeen in de laup der tied gepubliceerd. Dees sjponsachtige funkties genete echter neet automatisch dezelfde veiligheidsgeranties es de oorsjpronkelikke sjpons. Ózze gegeneraliseerde parazoafemielie behels ein breid sjpectrum van sjponsachtige funkties, en het indifferentieerbaarheidsbewies veur parazoa is euverdraagbaar nao dees funkties.

In het tweëde deil van de dissertatie besjouwe ver NIST's SHA-3 hashfunktiecompetitie mit betrèkking tot häör bewiesbare veiligheid. Ver presentere ein gedetailleerde besjouwing van de vief SHA-3-finaliste, wo-in ver hun veiligheidseigensjappe analysere en vergelieke. Ver besjouwe botsings-, einwaegsaanvals- en tweëde-einwaegsaanvalsbesjtendigheid, es auch indifferentieerbaarheid van alle finaliste, en losse wo neudig aope probleme op.