{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,27]],"date-time":"2025-07-27T07:14:06Z","timestamp":1753600446169},"publisher-location":"Berlin, Heidelberg","reference-count":42,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540331087"},{"type":"electronic","value":"9783540331094"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11693383_5","type":"book-chapter","created":{"date-parts":[[2006,2,25]],"date-time":"2006-02-25T05:55:05Z","timestamp":1140846905000},"page":"65-81","source":"Crossref","is-referenced-by-count":10,"title":["Proving the Security of AES Substitution-Permutation Network"],"prefix":"10.1007","author":[{"given":"Thomas","family":"Baign\u00e8res","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Serge","family":"Vaudenay","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"5_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"432","DOI":"10.1007\/978-3-540-30539-2_31","volume-title":"Advances in Cryptology - ASIACRYPT 2004","author":"T. Baign\u00e8res","year":"2004","unstructured":"Baign\u00e8res, T., Junod, P., Vaudenay, S.: How far can we go beyond linear cryptanalysis? In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol.\u00a03329, pp. 432\u2013450. Springer, Heidelberg (2004)"},{"key":"5_CR2","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/BF00630563","volume":"4","author":"E. Biham","year":"1991","unstructured":"Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology\u00a04, 3\u201372 (1991)","journal-title":"Journal of Cryptology"},{"key":"5_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"487","DOI":"10.1007\/3-540-48071-4_34","volume-title":"Advances in Cryptology - CRYPTO \u201992","author":"E. Biham","year":"1993","unstructured":"Biham, E., Shamir, A.: Differential cryptanalysis of the full 16-round DES. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol.\u00a0740, pp. 487\u2013496. Springer, Heidelberg (1993)"},{"key":"5_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"356","DOI":"10.1007\/BFb0053450","volume-title":"Advances in Cryptology - EUROCRYPT \u201994","author":"F. Chabaud","year":"1995","unstructured":"Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol.\u00a0950, pp. 356\u2013365. Springer, Heidelberg (1995)"},{"key":"5_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/3-540-48892-8_4","volume-title":"Selected Areas in Cryptography","author":"Z.G. Chen","year":"1999","unstructured":"Chen, Z.G., Tavares, S.E.: Towards provable security of substitution-permutation encryption networks. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol.\u00a01556, pp. 43\u201356. Springer, Heidelberg (1999)"},{"key":"5_CR6","unstructured":"Daemen, J., Rijmen, V.: AES proposal: Rijndael. NIST AES Proposal (1998)"},{"key":"5_CR7","volume-title":"Information Security and Cryptography","author":"J. Daemen","year":"2002","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael. In: Information Security and Cryptography. Springer, Heidelberg (2002)"},{"key":"5_CR8","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1038\/scientificamerican0573-15","volume":"228","author":"H. Feistel","year":"1973","unstructured":"Feistel, H.: Cryptography and computer privacy. Scientific American\u00a0228, 15\u201323 (1973)","journal-title":"Scientific American"},{"key":"5_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"248","DOI":"10.1007\/3-540-45473-X_21","volume-title":"Fast Software Encryption","author":"H. Gilbert","year":"2002","unstructured":"Gilbert, H., Minier, M.: New results on the pseudorandomness of some blockcipher constructions. In: Matsui, M. (ed.) FSE 2001. LNCS, vol.\u00a02355, pp. 248\u2013266. Springer, Heidelberg (2002)"},{"key":"5_CR10","unstructured":"GMP. GNU Multiple Precision arithmetic library, http:\/\/www.swox.com\/gmp"},{"key":"5_CR11","doi-asserted-by":"crossref","DOI":"10.1093\/oso\/9780198572237.001.0001","volume-title":"Probability and Random Processes","author":"G. Grimmett","year":"2001","unstructured":"Grimmett, G., Stirzaker, D.: Probability and Random Processes, 3rd edn. Oxford University Press, Oxford (2001)","edition":"3"},{"key":"5_CR12","series-title":"London Mathematical Society Student Texts","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511613586","volume-title":"Finite Markov Chains and Algorithmic Applications","author":"O. H\u00e4ggstr\u00f6m","year":"2002","unstructured":"H\u00e4ggstr\u00f6m, O.: Finite Markov Chains and Algorithmic Applications. London Mathematical Society Student Texts. Cambridge University Press, Cambridge (2002)"},{"issue":"1","key":"5_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/BF02254789","volume":"9","author":"H.M. Heys","year":"1996","unstructured":"Heys, H.M., Tavares, S.E.: Substitution-permutation networks resistant to differential and linear cryptanalysis. Journal of Cryptology\u00a09(1), 1\u201319 (1996)","journal-title":"Journal of Cryptology"},{"key":"5_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/3-540-44706-7_19","volume-title":"Fast Software Encryption","author":"S. Hong","year":"2001","unstructured":"Hong, S., Lee, S., Lim, J., Sung, J., Cheon, D., Cho, I.: Provable security against differential and linear cryptanalysis for the SPN structure. In: Schneier, B. (ed.) FSE 2000. LNCS, vol.\u00a01978, pp. 273\u2013283. Springer, Heidelberg (2001)"},{"key":"5_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1007\/3-540-48285-7_41","volume-title":"Advances in Cryptology - EUROCRYPT \u201993","author":"G. Hornauer","year":"1994","unstructured":"Hornauer, G., Stephan, W., Wernsdorf, R.: Markov ciphers and alternating groups. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol.\u00a0765, pp. 453\u2013460. Springer, Heidelberg (1994)"},{"key":"5_CR16","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511807077","volume-title":"Fundamentals of Error-Correcting Codes","author":"W.C. Huffman","year":"2003","unstructured":"Huffman, W.C., Pless, V.S.: Fundamentals of Error-Correcting Codes. Cambridge University Press, Cambridge (2003)"},{"key":"5_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1007\/11506447_5","volume-title":"Advanced Encryption Standard \u2013 AES","author":"L. Keliher","year":"2005","unstructured":"Keliher, L.: Refined analysis of bounds related to linear and differential cryptanalysis for the AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol.\u00a03373, pp. 42\u201357. Springer, Heidelberg (2005)"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1007\/3-540-45537-X_9","volume-title":"Selected Areas in Cryptography","author":"L. Keliher","year":"2001","unstructured":"Keliher, L., Meijer, H., Tavares, S.E.: Improving the upper bound on the maximum average linear hull probability for Rijndael. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol.\u00a02259, pp. 112\u2013128. Springer, Heidelberg (2001)"},{"key":"5_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"420","DOI":"10.1007\/3-540-44987-6_26","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"L. Keliher","year":"2001","unstructured":"Keliher, L., Meijer, H., Tavares, S.E.: New method for upper bounding the maximum average linear hull probability for sPNs. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol.\u00a02045, pp. 420\u2013436. Springer, Heidelberg (2001)"},{"key":"5_CR20","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-1-4757-3789-9_8","volume-title":"Communication, Information and Network Security","author":"L. Keliher","year":"2003","unstructured":"Keliher, L., Meijer, H., Tavares, S.E.: Toward the true random cipher: On expected linear probability values for SPNs with randomly selected S-boxes. In: Bhargava, V., Poor, H.V., Tarokh, V., Yoon, S. (eds.) Communication, Information and Network Security, pp. 123\u2013146. Kluwer Academic Publishers, Dordrecht (2003)"},{"key":"5_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/3-540-46416-6_2","volume-title":"Advances in Cryptology - EUROCRYPT \u201991","author":"X. Lai","year":"1991","unstructured":"Lai, X., Massey, J., Murphy, S.: Markov ciphers and differential cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol.\u00a0547, pp. 17\u201338. Springer, Heidelberg (1991)"},{"issue":"2","key":"5_CR22","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1137\/0217022","volume":"17","author":"M. Luby","year":"1988","unstructured":"Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing\u00a017(2), 373\u2013386 (1988)","journal-title":"SIAM Journal on Computing"},{"key":"5_CR23","unstructured":"Maplesoft. Maple 9, http:\/\/www.maplesoft.com\/"},{"key":"5_CR24","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Advances in Cryptology - CRYPTO \u201994","author":"M. Matsui","year":"1994","unstructured":"Matsui, M.: The first experimental cryptanalysis of the Data Encryption Standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol.\u00a0839, pp. 1\u201311. Springer, Heidelberg (1994)"},{"key":"5_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/3-540-48285-7_33","volume-title":"Advances in Cryptology - EUROCRYPT \u201993","author":"M. Matsui","year":"1994","unstructured":"Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol.\u00a0765, pp. 386\u2013397. Springer, Heidelberg (1994)"},{"key":"5_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1007\/3-540-60865-6_54","volume-title":"Fast Software Encryption","author":"M. Matsui","year":"1996","unstructured":"Matsui, M.: New structure of block ciphers with provable security against differential and linear cryptanalysis. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol.\u00a01039, pp. 205\u2013218. Springer, Heidelberg (1996)"},{"key":"5_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"544","DOI":"10.1007\/3-540-39200-9_34","volume-title":"Advances in Cryptology \u2013 EUROCRPYT 2003","author":"U. Maurer","year":"2003","unstructured":"Maurer, U., Pietrzak, K.: The security of many-round Luby-Rackoff pseudorandom permutations. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol.\u00a02656, pp. 544\u2013561. Springer, Heidelberg (2003)"},{"key":"5_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1007\/3-540-44448-3_22","volume-title":"Advances in Cryptology - ASIACRYPT 2000","author":"S. Moriai","year":"2000","unstructured":"Moriai, S., Vaudenay, S.: On the pseudorandomness of top-level schemes of block ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol.\u00a01976, pp. 289\u2013302. Springer, Heidelberg (2000)"},{"issue":"1","key":"5_CR29","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/PL00003817","volume":"12","author":"M. Naor","year":"1999","unstructured":"Naor, M., Reingold, O.: On the construction of pseudorandom permutations: Luby-Rackoff revisited. Journal of Cryptology\u00a012(1), 29\u201366 (1999)","journal-title":"Journal of Cryptology"},{"key":"5_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/3-540-46416-6_32","volume-title":"Advances in Cryptology - EUROCRYPT \u201991","author":"K. Nyberg","year":"1991","unstructured":"Nyberg, K.: Perfect nonlinear S-boxes. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol.\u00a0547, pp. 378\u2013386. Springer, Heidelberg (1991)"},{"key":"5_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"439","DOI":"10.1007\/BFb0053460","volume-title":"Advances in Cryptology - EUROCRYPT \u201994","author":"K. Nyberg","year":"1995","unstructured":"Nyberg, K.: Linear approximation of block ciphers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol.\u00a0950, pp. 439\u2013444. Springer, Heidelberg (1995)"},{"key":"5_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/3-540-60590-8_10","volume-title":"Fast Software Encryption","author":"L. O\u2019Connor","year":"1995","unstructured":"O\u2019Connor, L.: Properties of linear approximation tables. In: Preneel, B. (ed.) FSE 1994. LNCS, vol.\u00a01008, pp. 131\u2013136. Springer, Heidelberg (1995)"},{"key":"5_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1007\/3-540-36178-2_11","volume-title":"Advances in Cryptology - ASIACRYPT 2002","author":"S. Park","year":"2002","unstructured":"Park, S., Sung, S.H., Chee, S., Yoon, E.-J., Lim, J.: On the security of Rijndaellike structures against differential and linear cryptanalysis. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol.\u00a02501, pp. 176\u2013191. Springer, Heidelberg (2002)"},{"key":"5_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-540-39887-5_19","volume-title":"Fast Software Encryption","author":"S. Park","year":"2003","unstructured":"Park, S., Sung, S.H., Lee, S., Lim, J.: Improving the upper bound on the maximum differential and the maximum linear hull probability for SPN structures and AES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol.\u00a02887, pp. 247\u2013260. Springer, Heidelberg (2003)"},{"key":"5_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1007\/978-3-540-28628-8_7","volume-title":"Advances in Cryptology \u2013 CRYPTO 2004","author":"J. Patarin","year":"2004","unstructured":"Patarin, J.: Security of random Feistel schemes with 5 or more rounds. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol.\u00a03152, pp. 106\u2013122. Springer, Heidelberg (2004)"},{"key":"5_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1007\/3-540-60590-8_22","volume-title":"Fast Software Encryption","author":"S. Vaudenay","year":"1995","unstructured":"Vaudenay, S.: On the need for multipermutations: Cryptanalysis of MD4 and SAFER. In: Preneel, B. (ed.) FSE 1994. LNCS, vol.\u00a01008, pp. 286\u2013297. Springer, Heidelberg (1995)"},{"key":"5_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/3-540-48519-8_19","volume-title":"Fast Software Encryption","author":"S. Vaudenay","year":"1999","unstructured":"Vaudenay, S.: On the security of CS-cipher. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol.\u00a01636, pp. 260\u2013274. Springer, Heidelberg (1999)"},{"key":"5_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"8","DOI":"10.1007\/978-3-540-48000-6_2","volume-title":"Advances in Cryptology - ASIACRYPT\u201999","author":"S. Vaudenay","year":"1999","unstructured":"Vaudenay, S.: On the Lai-Massey scheme. In: Kwok Yan, L., Eiji, O., Chaoping, X. (eds.) ASIACRYPT 1999. LNCS, vol.\u00a01716, pp. 8\u201319. Springer, Heidelberg (1999)"},{"issue":"4","key":"5_CR39","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/s00145-003-0220-6","volume":"16","author":"S. Vaudenay","year":"2003","unstructured":"Vaudenay, S.: Decorrelation: a theory for block cipher security. Journal of Cryptology\u00a016(4), 249\u2013286 (2003)","journal-title":"Journal of Cryptology"},{"key":"5_CR40","volume-title":"Modern Computer Algebra","author":"J. Gathen von zur","year":"2003","unstructured":"von zur Gathen, J., Gerhard, J.: Modern Computer Algebra, 2nd edn. Cambridge University Press, Cambridge (2003); First published 1999","edition":"2"},{"key":"5_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-25937-4_2","volume-title":"Fast Software Encryption","author":"D. Wagner","year":"2004","unstructured":"Wagner, D.: Towards a\u00a0unifying view of block cipher cryptanalysis. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol.\u00a03017, pp. 16\u201333. Springer, Heidelberg (2004)"},{"key":"5_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/3-540-45661-9_11","volume-title":"Fast Software Encryption","author":"R. Wernsdorf","year":"2002","unstructured":"Wernsdorf, R.: The round functions of Rijndael generate the alternating group. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol.\u00a02365, pp. 143\u2013148. Springer, Heidelberg (2002)"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11693383_5.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,3]],"date-time":"2024-02-03T03:24:16Z","timestamp":1706930656000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11693383_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540331087","9783540331094"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/11693383_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}