{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T12:57:39Z","timestamp":1773406659299,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":45,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540615125","type":"print"},{"value":"9783540686972","type":"electronic"}],"license":[{"start":{"date-parts":[[1996,1,1]],"date-time":"1996-01-01T00:00:00Z","timestamp":820454400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[1996]]},"DOI":"10.1007\/3-540-68697-5_19","type":"book-chapter","created":{"date-parts":[[2007,11,8]],"date-time":"2007-11-08T22:10:00Z","timestamp":1194559800000},"page":"237-251","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":141,"title":["Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES"],"prefix":"10.1007","author":[{"given":"John","family":"Kelsey","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bruce","family":"Schneier","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Wagner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2001,7,13]]},"reference":[{"key":"19_CR1","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway, \u201cOptimal Asymmetric Encryption\u2014How to Encrypt with RSA,\u201d Advances in Cryptology\u2014EUROCRYPT\u2019 94, Springer-Verlag, 1995, pp. 92\u2013111.","DOI":"10.1007\/BFb0053428"},{"key":"19_CR2","unstructured":"I. Ben-Aroya and E. Biham, \u201cDifferential Cryptanalysis of Lucifer,\u201d Advances in Cryptology CRYPTO\u2019 93, Springer-Verlag, 1994."},{"key":"19_CR3","doi-asserted-by":"crossref","unstructured":"T.A. Berson, \u201cLong Key Variants of DES,\u201d Advances in Cryptology: CRYPTO\u2019 82, Plenum Press, 1983, pp. 311\u2013313.","DOI":"10.1007\/978-1-4757-0602-4_30"},{"key":"19_CR4","doi-asserted-by":"crossref","unstructured":"E. Biham, \u201cNew Types of Cryptanalytic Attacks Using Related Keys,\u201d Advances in Cryptology\u2014EUROCRYPT\u2019 93, Springer-Verlag, 1994, pp. 398\u2013409.","DOI":"10.1007\/3-540-48285-7_34"},{"key":"19_CR5","doi-asserted-by":"crossref","unstructured":"E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993, pp. 187\u2013199.","DOI":"10.1007\/978-1-4613-9314-6"},{"key":"19_CR6","doi-asserted-by":"crossref","unstructured":"E. Biham and A. Shamir, \u201cDifferential Cryptanalysis of the Full 16-round DES,\u201d Advances in Cryptology\u2014CRYPTO\u2019 92, Springer-Verlag 1993, pp. 487\u2013496.","DOI":"10.1007\/3-540-48071-4_34"},{"key":"19_CR7","doi-asserted-by":"crossref","unstructured":"M. Blaze, \u201cA Cryptographic File System for UNIX,\u201d 1st ACM Conference on Computer and Communications Security, ACM Press, 1993, pp. 9\u201316.","DOI":"10.1145\/168588.168590"},{"key":"19_CR8","unstructured":"M. Blaze, \u201cKey Management in an Encrypting File System,\u201d Proceedings of the 1994 USENIX Summer Tech. Conference, June 1994."},{"key":"19_CR9","doi-asserted-by":"crossref","unstructured":"K.W. Campbell and M.J. Wiener, \u201cDES is Not a Group,\u201d Advances in Cryptology\u2014CRYPTO\u2019 92, Springer-Verlag, 1993, pp. 512\u2013520.","DOI":"10.1007\/3-540-48071-4_36"},{"key":"19_CR10","doi-asserted-by":"crossref","unstructured":"D. Chaum and J.-H. Evertse, \u201cCryptanalysis of DES With a Reduced Number of Rounds,\u201d Advances in Cryptology\u2014CRYPTO\u2019 85, Springer-Verlag, 1986, pp. 192\u2013211.","DOI":"10.1007\/3-540-39799-X_16"},{"key":"19_CR11","doi-asserted-by":"crossref","unstructured":"D. Coppersmith, \u201cThe Real Reason for Rivest\u2019s Phenomenon,\u201d Advances in Cryptology\u2014CRYPTO\u2019 85, Springer-Verlag, 1986, pp. 535\u2013536.","DOI":"10.1007\/3-540-39799-X_42"},{"key":"19_CR12","unstructured":"J. Daemen, R. Govaerts, and J. Vanderwalle, \u201cBlock Ciphers Based on Modular Arithmetic,\u201d Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, 1993, pp. 80\u201389."},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"D.W. Davies, \u201cSome Regular Properties of the DES,\u201d Advances in Cryptology\u2014CRYPTO\u2019 92, Plenum Press, 1983, pp. 89\u201396.","DOI":"10.1007\/978-1-4757-0602-4_8"},{"key":"19_CR14","unstructured":"GOST, Gosudarst vennyi Standard 28147-89, \u201cCryptographic Protection for Data Processing Systems,\u201d Government Committee of the USSR for Standards, 1989."},{"key":"19_CR15","unstructured":"E.K. Grossman and B. Tuckerman, \u201cAnalysis of a Weakened Feistel-like Cipher,\u201d 1978 International Conference on Communications, Alger Press Limited, 1978, pp. 46.3.1\u201346.3.5."},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, \u201cCryptanalysis of LOKI,\u201d Advances in Cryptology\u2014ASIACRYPT\u2019 91, Springer-Verlag, 1993, pp. 22\u201335.","DOI":"10.1007\/3-540-57332-1_2"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, \u201cCryptanalysis of LOKI91,\u201d Advances in Cryptology\u2014AUSCRYPT\u2019 92, Springer-Verlag, 1993, pp. 196\u2013208.","DOI":"10.1007\/3-540-57220-1_62"},{"key":"19_CR18","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, \u201cPractically Secure Feistel Ciphers,\u201d Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 211\u2013221.","DOI":"10.1007\/3-540-58108-1_26"},{"key":"19_CR19","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, \u201cNew Potentially \u2018Weak\u2019 Keys for DES and LOKI,\u201d Advances in Cryptology\u2014EUROCRYPT\u2019 94, Springer-Verlag, 1995, pp. 419\u2013424.","DOI":"10.1007\/BFb0053456"},{"key":"19_CR20","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, \u201cA Key-schedule Weakness in SAFER K-64,\u201d Advances in Cryptology\u2014CRYPTO\u2019 95, Springer-Verlag, 1995, pp. 274\u2013286.","DOI":"10.1007\/3-540-44750-4_22"},{"key":"19_CR21","doi-asserted-by":"crossref","unstructured":"P.C. Kocher, \u201cTiming Attack Cryptanalysis of Diffie-Hellman, RSA, and Other Systems,\u201d Advances in Cryptology\u2014CRYPTO\u2019 96, Springer-Verlag, 1996, this volume.","DOI":"10.1007\/3-540-68697-5_9"},{"key":"19_CR22","doi-asserted-by":"crossref","unstructured":"M. Kwan and J. Pieprzyk, \u201cA General Purpose Technique for Locating Key Scheduling Weaknesses in DES-like Cryptosystems,\u201d Advances in Cryptology\u2014ASIACRYPT\u2019 91, Springer-Verlag, 1993, pp. 237\u2013246.","DOI":"10.1007\/3-540-57332-1_19"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"X. Lai, J. Massey, and S. Murphy, \u201cMarkov Ciphers and Differential Crypt-analysis,\u201d Advances in Cryptology\u2014CRYPTO\u2019 91, Springer-Verlag, 1991, pp. 17\u201338.","DOI":"10.1007\/3-540-46416-6_2"},{"key":"19_CR24","unstructured":"W. Mao and C. Boyd, \u201cDevelopment of Authentication Protocols: Some Misconceptions and a New Approach,\u201d Computer Security Foundations Workshop VII, IEEE Computer Society Press, 1994, p. 178\u201386."},{"key":"19_CR25","doi-asserted-by":"crossref","unstructured":"J.L. Massey, \u201cSAFER K-64: A Byte-Oriented Block-Ciphering Algorithm\u201d, Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1\u201317.","DOI":"10.1007\/3-540-58108-1_1"},{"key":"19_CR26","unstructured":"R.C. Merkle, \u201cFast Software Encryption Functions,\u201d Advances in Cryptology\u2014CRYPTO\u2019 90, Springer-Verlag, 1991, pp. 476\u2013501."},{"issue":"7","key":"19_CR27","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1145\/358699.358718","volume":"24","author":"R.C. Merkle","year":"1981","unstructured":"R.C. Merkle and M. Hellman, \u201cOn the Security of Multiple Encryption,\u201d Communications of the ACM, v. 24, n. 7, Jul 1981 pp. 465\u2013467.","journal-title":"Communications of the ACM"},{"key":"19_CR28","unstructured":"J.H. Moore and G.J. Simmons, \u201cCycle Structure of the DES with Weak and Semi-Weak Keys,\u201d Advances in Cryptology\u2014CRYPTO\u2019 86, Springer-Verlag, 1987, pp. 3\u201332."},{"key":"19_CR29","unstructured":"National Bureau of Standards, NBS FIPS PUB 46, \u201cData Encryption Standard,\u201d National Bureau of Standards, U.S. Department of Commerce, Jan 1977."},{"key":"19_CR30","doi-asserted-by":"crossref","unstructured":"P.C. van Oorschot and M.J. Wiener, \u201cA Known-Plaintext Attack on Two-Key Triple Encryption,\u201d Advances in Cryptology\u2014CRYPTO\u2019 90, Springer-Verlag, 1991, pp. 318\u2013325.","DOI":"10.1007\/3-540-46877-3_29"},{"key":"19_CR31","unstructured":"P.C. van Oorschot and M.J. Wiener, \u201cParallel Collision Search with Cryptanalytic Applications,\u201d to appear, 1995."},{"key":"19_CR32","unstructured":"A. Pfitzmann and R. Abmann, \u201cEfficient Software Implementations of (Generalized) DES,\u201d Proc. SECURICOM\u2019 90, Paris, 1990, pp. 139\u2013158."},{"key":"19_CR33","unstructured":"A. Pfitzmann and R. Abmann, \u201cMore Efficient Software Implementations of (Generalized) DES,\u201d Technical Report PfAb90, Interner Bericht 18\/90, Fakultat for Informatik, Universitat Karlsruhe, 1990."},{"key":"19_CR34","unstructured":"RSA Data Security, Inc., \u201cPublic-Key Cryptography Standard (PKCS) #1: RSA Encryption Standard,\u201d Version 1.5, Nov 1993."},{"key":"19_CR35","doi-asserted-by":"crossref","unstructured":"R.L. Rivest, \u201cThe RC5 Encryption Algorithm,\u201d Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 86\u201396.","DOI":"10.1007\/3-540-60590-8_7"},{"key":"19_CR36","doi-asserted-by":"crossref","unstructured":"P. Rogaway and D. Coppersmith, \u201cA Software-Optimized Encryption Algorithm,\u201d Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 56\u201363.","DOI":"10.1007\/3-540-58108-1_8"},{"key":"19_CR37","volume-title":"A Class of Weak Keys in the RC4 Stream Cipher","author":"A. Roos","year":"1995","unstructured":"A. Roos, \u201cA Class of Weak Keys in the RC4 Stream Cipher,\u201d Vironix Software Laboratories, Westville, South Africa Sep 1995."},{"key":"19_CR38","doi-asserted-by":"crossref","unstructured":"B. Schneier, \u201cDescription of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish),\u201d Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 191\u2013204.","DOI":"10.1007\/3-540-58108-1_24"},{"key":"19_CR39","unstructured":"B. Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, 1996."},{"key":"19_CR40","doi-asserted-by":"crossref","unstructured":"A. Shimizu and S. Miyaguchi, \u201cFast Data Encipherment Algorithm FEAL,\u201d Advances in Cryptology\u2014EUROCRYPT\u2019 87, Springer-Verlag, 1988, pp. 267\u2013278.","DOI":"10.1007\/3-540-39118-5_24"},{"key":"19_CR41","doi-asserted-by":"crossref","unstructured":"G. Tsudik and E.V. Herreweghen, \u201cOn Simple and Secure Key Distribution,\u201d 1st ACM Conference on Computer and Communications Security, Nov. 1993, pp. 49\u201357.","DOI":"10.1145\/168588.168594"},{"key":"19_CR42","doi-asserted-by":"crossref","unstructured":"S. Vaudenay, \u201cOn the Weak Keys in Blowfish,\u201d Fast Software Encryption, Third International Workshop Proceedings, Springer-Verlag, 1996, pp. 27\u201332.","DOI":"10.1007\/3-540-60865-6_39"},{"key":"19_CR43","doi-asserted-by":"crossref","unstructured":"D. Wheeler and R. Needham, \u201cTEA, a Tiny Encryption Algorithm,\u201d Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 97\u2013110.","DOI":"10.1007\/3-540-60590-8_29"},{"key":"19_CR44","doi-asserted-by":"crossref","unstructured":"R. Winternitz, \u201cProducing One-Way Hash Functions from DES,\u201d Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 203\u2013207.","DOI":"10.1007\/978-1-4684-4730-9_17"},{"issue":"1","key":"19_CR45","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1080\/0161-118791861749","volume":"11","author":"R. Winternitz","year":"1987","unstructured":"R. Winternitz and M. Hellman, \u201cChosen-key Attacks on a Block Cipher,\u201d Cryptologia, v. 11, n. 1, Jan 1987, pp. 16\u201320.","journal-title":"Cryptologia"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2014 CRYPTO \u201996"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/3-540-68697-5_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T15:03:25Z","timestamp":1558278205000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/3-540-68697-5_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[1996]]},"ISBN":["9783540615125","9783540686972"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/3-540-68697-5_19","relation":{},"ISSN":["0302-9743"],"issn-type":[{"value":"0302-9743","type":"print"}],"subject":[],"published":{"date-parts":[[1996]]},"assertion":[{"value":"13 July 2001","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}