Philipp Svetolik Jovanovic
The Sponge function is known to achieve 2c/2 security, where c is its capacity. This bound was carried over to its keyed variants, such as SpongeWrap, to achieve a min{2c/2,2 kappa} security bound, with kappa the key length. Similarly, many CAESAR competit ...
SPRINGER2019