How to Stretch Random Functions: The Security of Protected Counter Sums (1999)

by Daniel J. Bernstein
Venue:Journal of Cryptology