{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T17:28:12Z","timestamp":1777397292456,"version":"3.51.4"},"publisher-location":"Cham","reference-count":21,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030033286","type":"print"},{"value":"9783030033293","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-03329-3_2","type":"book-chapter","created":{"date-parts":[[2018,10,26]],"date-time":"2018-10-26T15:49:03Z","timestamp":1540568943000},"page":"35-64","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Cryptanalysis of MORUS"],"prefix":"10.1007","author":[{"given":"Tomer","family":"Ashur","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maria","family":"Eichlseder","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin M.","family":"Lauridsen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ga\u00ebtan","family":"Leurent","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Brice","family":"Minaud","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yann","family":"Rotella","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu","family":"Sasaki","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Beno\u00eet","family":"Viguier","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,10,27]]},"reference":[{"key":"2_CR1","unstructured":"AlFardan, N.J., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.N.: On the security of RC4 in TLS. In: USENIX Security Symposium 2013, pp. 305\u2013320. USENIX Association (2013)"},{"key":"2_CR2","unstructured":"Ashur, T., et al.: Cryptanalysis of MORUS. Cryptology ePrint Archive, Report 2018\/464 (2018). https:\/\/eprint.iacr.org\/2018\/464"},{"key":"2_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"269","DOI":"10.1007\/978-3-319-49890-4_15","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2016","author":"T Ashur","year":"2016","unstructured":"Ashur, T., Rijmen, V.: On linear hulls and trails. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 269\u2013286. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-49890-4_15"},{"key":"2_CR4","unstructured":"CAESAR Committee: CAESAR: Competition for authenticated encryption: security, applicability, and robustness. Call for submissions (2013). http:\/\/competitions.cr.yp.to\/caesar-call.html"},{"key":"2_CR5","unstructured":"Duong, T., Rizzo, J.: Here come the $$\\oplus $$ ninjas. Ekoparty (2011)"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Dwivedi, A.D., Klou\u010dek, M., Morawiecki, P., Nikoli\u0107, I., Pieprzyk, J., W\u00f3jtowicz, S.: SAT-based cryptanalysis of authenticated ciphers from the CAESAR competition. Cryptology ePrint Archive, Report 2016\/1053 (2016). https:\/\/eprint.iacr.org\/2016\/1053","DOI":"10.5220\/0006387302370246"},{"key":"2_CR7","doi-asserted-by":"crossref","unstructured":"Dwivedi, A.D., Morawiecki, P., W\u00f3jtowicz, S.: Differential and rotational cryptanalysis of round-reduced MORUS. In: Samarati, P., Obaidat, M.S., Cabello, E. (eds.) E-Business and Telecommunications - ICETE\/SECRYPT 2017, pp. 275\u2013284. SciTePress (2017)","DOI":"10.5220\/0006411502750284"},{"key":"2_CR8","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J.: NIST SP 800\u201338D: Recommendation for block cipher modes of operation: Galois\/Counter Mode (GCM) and GMAC. National Institute of Standards and Technology (NIST) Special Publication (SP) (2007). https:\/\/www.nist.gov\/node\/562956","DOI":"10.6028\/NIST.SP.800-38d"},{"key":"2_CR9","unstructured":"Kales, D., Eichlseder, M., Mendel, F.: Note on the robustness of CAESAR candidates. IACR Cryptology ePrint Archive, Report 2017\/1137 (2017). https:\/\/eprint.iacr.org\/2017\/1137"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"152","DOI":"10.1007\/3-540-45473-X_13","volume-title":"Fast Software Encryption","author":"I Mantin","year":"2002","unstructured":"Mantin, I., Shamir, A.: A practical attack on broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152\u2013164. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45473-X_13"},{"key":"2_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/3-540-48285-7_33","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 93","author":"M Matsui","year":"1994","unstructured":"Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386\u2013397. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48285-7_33"},{"key":"2_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/3-540-47555-9_7","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 92","author":"M Matsui","year":"1993","unstructured":"Matsui, M., Yamagishi, A.: A new method for known plaintext attack of FEAL cipher. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 81\u201391. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-47555-9_7"},{"key":"2_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1007\/978-3-540-30556-9_27","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"DA McGrew","year":"2004","unstructured":"McGrew, D.A., Viega, J.: The security and performance of the Galois\/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343\u2013355. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-540-30556-9_27"},{"key":"2_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-319-29172-7_4","volume-title":"Cryptography and Information Security in the Balkans","author":"A Mileva","year":"2016","unstructured":"Mileva, A., Dimitrova, V., Velichkov, V.: Analysis of the authenticated cipher MORUS (v1). In: Pasalic, E., Knudsen, L.R. (eds.) BalkanCryptSec 2015. LNCS, vol. 9540, pp. 45\u201359. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-29172-7_4"},{"key":"2_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1007\/978-3-319-13051-4_18","volume-title":"Selected Areas in Cryptography \u2013 SAC 2014","author":"B Minaud","year":"2014","unstructured":"Minaud, B.: Linear biases in AEGIS keystream. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 290\u2013305. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13051-4_18"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Salam, M.I., Simpson, L., Bartlett, H., Dawson, E., Pieprzyk, J., Wong, K.K.: Investigating cube attacks on the authenticated encryption stream cipher MORUS. In: IEEE Trustcom\/BigDataSE\/ICESS 2017, pp. 961\u2013966. IEEE (2017)","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.337"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Shi, T., Guan, J., Li, J., Zhang, P.: Improved collision cryptanalysis of authenticated cipher MORUS. In: Artificial Intelligence and Industrial Engineering - AIIE 2016. Advances in Intelligent Systems Research, vol. 133, pp. 429\u2013432. Atlantis Press (2016)","DOI":"10.2991\/aiie-16.2016.98"},{"key":"2_CR18","unstructured":"Vaudenay, S., Viz\u00e1r, D.: Under pressure: security of CAESAR candidates beyond their guarantees. Cryptology ePrint Archive, Report 2017\/1147 (2017). https:\/\/eprint.iacr.org\/2017\/1147"},{"key":"2_CR19","unstructured":"Wu, H., Huang, T.: The authenticated cipher MORUS (v2). Submission to CAESAR: competition for authenticated encryption. Security, applicability, and robustness (Round 3 and Finalist), September 2016. http:\/\/competitions.cr.yp.to\/round3\/morusv2.pdf"},{"key":"2_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/978-3-662-43414-7_10","volume-title":"Selected Areas in Cryptography \u2013 SAC 2013","author":"H Wu","year":"2014","unstructured":"Wu, H., Preneel, B.: AEGIS: a fast authenticated encryption algorithm. In: Lange, T., Lauter, K., Lison\u011bk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 185\u2013201. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-43414-7_10"},{"key":"2_CR21","unstructured":"Wu, H., Preneel, B.: AEGIS: A fast authenticated encryption algorithm (v1.1). Submission to CAESAR: Competition for Authenticated Encryption. Security, Applicability, and Robustness (Round 3 and Finalist), September 2016. http:\/\/competitions.cr.yp.to\/round3\/aegisv11.pdf"}],"updated-by":[{"DOI":"10.1007\/978-3-030-03329-3_26","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2019,1,31]],"date-time":"2019-01-31T00:00:00Z","timestamp":1548892800000}}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2018"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-03329-3_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T22:02:55Z","timestamp":1775253775000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-03329-3_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030033286","9783030033293"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-03329-3_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"27 October 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"31 January 2019","order":2,"name":"change_date","label":"Change Date","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"Correction","order":3,"name":"change_type","label":"Change Type","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The original version of the chapter \u201cCryptanalysis of MORUS\u201d, starting on p.35 was inadvertently published with errors. The email address, city and country of the author Martin M. Lauridsen were incorrect. The original chapter has been corrected.","order":4,"name":"change_details","label":"Change Details","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Brisbane, QLD","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 December 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6 December 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/asiacrypt.iacr.org\/2018\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"websubrev","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"234","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"65","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.0","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17.0","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}