{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,6]],"date-time":"2026-05-06T10:58:29Z","timestamp":1778065109935,"version":"3.51.4"},"publisher-location":"Cham","reference-count":52,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030176587","type":"print"},{"value":"9783030176594","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-17659-4_20","type":"book-chapter","created":{"date-parts":[[2019,5,14]],"date-time":"2019-05-14T04:42:13Z","timestamp":1557808933000},"page":"585-616","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["bison Instantiating the Whitened Swap-Or-Not Construction"],"prefix":"10.1007","author":[{"given":"Anne","family":"Canteaut","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Virginie","family":"Lallemand","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gregor","family":"Leander","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Patrick","family":"Neumann","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Friedrich","family":"Wiemer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,4,24]]},"reference":[{"key":"20_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1007\/978-3-642-32009-5_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"MA Abdelraheem","year":"2012","unstructured":"Abdelraheem, M.A., \u00c5gren, M., Beelen, P., Leander, G.: On the distribution of linear biases: three instructive examples. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 50\u201367. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_4"},{"key":"20_CR2","unstructured":"Advanced Encryption Standard (AES), November 2001"},{"key":"20_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"531","DOI":"10.1007\/978-3-642-40041-4_29","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"E Andreeva","year":"2013","unstructured":"Andreeva, E., Bogdanov, A., Dodis, Y., Mennink, B., Steinberger, J.P.: On the indifferentiability of key-alternating ciphers. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 531\u2013550. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_29"},{"key":"20_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"647","DOI":"10.1007\/978-3-319-63715-0_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"C Beierle","year":"2017","unstructured":"Beierle, C., Canteaut, A., Leander, G., Rotella, Y.: Proving resistance against invariant attacks: how to choose the round constants. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 647\u2013678. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63715-0_22"},{"key":"20_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1007\/3-540-38424-3_1","volume-title":"Advances in Cryptology-CRYPT0 90","author":"E Biham","year":"1991","unstructured":"Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2\u201321. Springer, Heidelberg (1991). https:\/\/doi.org\/10.1007\/3-540-38424-3_1"},{"key":"20_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-10366-7_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"A Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1\u201318. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_1"},{"key":"20_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-642-03356-8_14","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"A Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D., Nikoli\u0107, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231\u2013249. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_14"},{"key":"20_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/978-3-662-47989-6_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"A Biryukov","year":"2015","unstructured":"Biryukov, A., Perrin, L.: On reverse-engineering S-boxes with hidden design criteria or structure. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 116\u2013140. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_6"},{"key":"20_CR9","doi-asserted-by":"crossref","unstructured":"Blondeau, C., Nyberg, K.: Improved parameter estimates for correlation and capacity deviates in linear cryptanalysis. IACR Trans. Symm. Cryptol. 2016(2), 162\u2013191 (2016). http:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/570","DOI":"10.46586\/tosc.v2016.i2.162-191"},{"key":"20_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-642-29011-4_5","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"A Bogdanov","year":"2012","unstructured":"Bogdanov, A., Knudsen, L.R., Leander, G., Standaert, F.-X., Steinberger, J., Tischhauser, E.: Key-alternating ciphers in a provable setting: encryption using a small number of public permutations (extended abstract). In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 45\u201362. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_5"},{"key":"20_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"252","DOI":"10.1007\/978-3-642-21702-9_15","volume-title":"Fast Software Encryption","author":"C Boura","year":"2011","unstructured":"Boura, C., Canteaut, A., De Canni\u00e8re, C.: Higher-order differential properties of Keccak and Luffa. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 252\u2013269. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21702-9_15"},{"key":"20_CR12","unstructured":"Canteaut, A., Lallemand, V., Leander, G., Neumann, P., Wiemer, F.: BISON - instantiating the whitened swap-or-not construction. Cryptology ePrint Archive, Report 2018\/1011 (2018)"},{"key":"20_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1007\/978-3-662-46800-5_3","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"A Canteaut","year":"2015","unstructured":"Canteaut, A., Rou\u00e9, J.: On the behaviors of affine equivalent Sboxes regarding differential and linear attacks. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 45\u201374. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_3"},{"key":"20_CR14","unstructured":"Carlet, C.: Boolean functions for cryptography and error correcting codes. In: Crama, Y., Hammer, P. (eds.) Boolean Methods and Models. Cambridge University Press (2007)"},{"key":"20_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-55220-5_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2014","author":"S Chen","year":"2014","unstructured":"Chen, S., Steinberger, J.: Tight security bounds for key-alternating ciphers. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 327\u2013350. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55220-5_19"},{"key":"20_CR16","unstructured":"Daemen, J.: Cipher and hash function design, strategies based on linear and differential cryptanalysis. Ph.D. thesis. K.U.Leuven (1995). http:\/\/jda.noekeon.org\/"},{"key":"20_CR17","unstructured":"Daemen, J., Govaerts, R., Vandewalle, J.: Block ciphers based on modular arithmetic. In: Wolfowicz, W. (ed.) State and Progress in the Research of Cryptography, pp. 80\u201389. Fondazione Ugo Bordoni (1993)"},{"key":"20_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/3-540-60590-8_21","volume-title":"Fast Software Encryption","author":"J Daemen","year":"1995","unstructured":"Daemen, J., Govaerts, R., Vandewalle, J.: Correlation matrices. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 275\u2013285. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/3-540-60590-8_21"},{"key":"20_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1007\/10721064_26","volume-title":"Smart Card Research and Applications","author":"J Daemen","year":"2000","unstructured":"Daemen, J., Rijmen, V.: The block cipher Rijndael. In: Quisquater, J.-J., Schneier, B. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 277\u2013284. Springer, Heidelberg (2000). https:\/\/doi.org\/10.1007\/10721064_26"},{"key":"20_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/3-540-45325-3_20","volume-title":"Cryptography and Coding","author":"J Daemen","year":"2001","unstructured":"Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222\u2013238. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-45325-3_20"},{"key":"20_CR21","series-title":"Information Security and Cryptography","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-04722-4","volume-title":"The Design of Rijndael: AES - The Advanced Encryption Standard","author":"J Daemen","year":"2002","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/978-3-662-04722-4"},{"key":"20_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/11832072_6","volume-title":"Security and Cryptography for Networks","author":"J Daemen","year":"2006","unstructured":"Daemen, J., Rijmen, V.: Understanding two-round differentials in AES. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 78\u201394. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11832072_6"},{"key":"20_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-642-38348-9_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"P Derbez","year":"2013","unstructured":"Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371\u2013387. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38348-9_23"},{"key":"20_CR24","first-page":"215","volume":"191","author":"JF Dillon","year":"1972","unstructured":"Dillon, J.F.: A survey of bent functions. NSA Tech. J. 191, 215 (1972)","journal-title":"NSA Tech. J."},{"issue":"3","key":"20_CR25","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151\u2013162 (1997)","journal-title":"J. Cryptol."},{"key":"20_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1007\/3-540-44706-7_15","volume-title":"Fast Software Encryption","author":"N Ferguson","year":"2001","unstructured":"Ferguson, N., et al.: Improved cryptanalysis of Rijndael. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 213\u2013230. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44706-7_15"},{"key":"20_CR27","unstructured":"Gilbert, H., Minier, M.: A collision attack on 7 rounds of Rijndael. In: AES Candidate Conference, vol. 230, p. 241 (2000)"},{"key":"20_CR28","doi-asserted-by":"crossref","unstructured":"Grassi, L., Rechberger, C., R\u00f8njom, S.: Subspace trail cryptanalysis and its applications to AES. IACR Trans. Symm. Cryptol. 2016(2), 192\u2013225 (2016). http:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/571","DOI":"10.46586\/tosc.v2016.i2.192-225"},{"key":"20_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1007\/978-3-319-56614-6_10","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"L Grassi","year":"2017","unstructured":"Grassi, L., Rechberger, C., R\u00f8njom, S.: A new structural-differential property of 5-round AES. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 289\u2013317. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56614-6_10"},{"key":"20_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/978-3-662-46494-6_6","volume-title":"Theory of Cryptography","author":"C Guo","year":"2015","unstructured":"Guo, C., Lin, D.: On the indifferentiability of key-alternating feistel ciphers with no key derivation. In: Dodis, Y., Nielsen, J.B. (eds.) TCC 2015. LNCS, vol. 9014, pp. 110\u2013133. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46494-6_6"},{"key":"20_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-32009-5_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"VT Hoang","year":"2012","unstructured":"Hoang, V.T., Morris, B., Rogaway, P.: An enciphering scheme based on a card shuffle. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 1\u201313. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_1"},{"key":"20_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-53018-4_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"VT Hoang","year":"2016","unstructured":"Hoang, V.T., Tessaro, S.: Key-alternating ciphers and key-length extension: exact bounds and multi-user security. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 3\u201332. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53018-4_1"},{"key":"20_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/3-540-44706-7_19","volume-title":"Fast Software Encryption","author":"S Hong","year":"2001","unstructured":"Hong, S., Lee, S., Lim, J., Sung, J., Cheon, D., Cho, I.: Provable security against differential and linear cryptanalysis for the SPN structure. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 273\u2013283. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44706-7_19"},{"key":"20_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1007\/BFb0052332","volume-title":"Fast Software Encryption","author":"T Jakobsen","year":"1997","unstructured":"Jakobsen, T., Knudsen, L.R.: The interpolation attack on block ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 28\u201340. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0052332"},{"issue":"2","key":"20_CR35","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1049\/iet-ifs:20060161","volume":"1","author":"L Keliher","year":"2007","unstructured":"Keliher, L., Sui, J.: Exact maximum expected differential and linear probability for two-round advanced encryption standard. IET Inf. Secur. 1(2), 53\u201357 (2007)","journal-title":"IET Inf. Secur."},{"issue":"1","key":"20_CR36","doi-asserted-by":"crossref","first-page":"474","DOI":"10.46586\/tosc.v2017.i1.474-505","volume":"2017","author":"T Kranz","year":"2017","unstructured":"Kranz, T., Leander, G., Wiemer, F.: Linear cryptanalysis: key schedules and tweakable block ciphers. IACR Trans. Symm. Cryptol. 2017(1), 474\u2013505 (2017)","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"20_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/3-540-46416-6_2","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 91","author":"X Lai","year":"1991","unstructured":"Lai, X., Massey, J.L., Murphy, S.: Markov ciphers and differential cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17\u201338. Springer, Heidelberg (1991). https:\/\/doi.org\/10.1007\/3-540-46416-6_2"},{"key":"20_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1007\/978-3-662-46706-0_13","volume-title":"Fast Software Encryption","author":"R Lampe","year":"2015","unstructured":"Lampe, R., Seurin, Y.: Security analysis of key-alternating feistel ciphers. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 243\u2013264. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46706-0_13"},{"key":"20_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-642-22792-9_12","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"G Leander","year":"2011","unstructured":"Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A cryptanalysis of PRINTcipher: the invariant subspace attack. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 206\u2013221. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22792-9_12"},{"key":"20_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"366","DOI":"10.1007\/BFb0053451","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201994","author":"M Matsui","year":"1995","unstructured":"Matsui, M.: On correlation between the order of S-boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366\u2013375. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053451"},{"key":"20_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"549","DOI":"10.1007\/3-540-46885-4_53","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 89","author":"W Meier","year":"1990","unstructured":"Meier, W., Staffelbach, O.: Nonlinearity criteria for cryptographic functions. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 549\u2013562. Springer, Heidelberg (1990). https:\/\/doi.org\/10.1007\/3-540-46885-4_53"},{"key":"20_CR42","doi-asserted-by":"crossref","unstructured":"Miracle, S., Yilek, S.: Cycle slicer: an algorithm for building permutations on special domains. Cryptology ePrint Archive, Report 2017\/873 (2017). http:\/\/eprint.iacr.org\/2017\/873","DOI":"10.1007\/978-3-319-70700-6_14"},{"key":"20_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"439","DOI":"10.1007\/BFb0053460","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 94","author":"K Nyberg","year":"1995","unstructured":"Nyberg, K.: Linear approximation of block ciphers (rump session). In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 439\u2013444. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053460"},{"key":"20_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-34047-5_1","volume-title":"Fast Software Encryption","author":"K Nyberg","year":"2012","unstructured":"Nyberg, K.: \u201cProvable\u201d security against differential and linear cryptanalysis (invited talk). In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 1\u20138. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_1"},{"issue":"1","key":"20_CR45","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/BF00204800","volume":"8","author":"K Nyberg","year":"1995","unstructured":"Nyberg, K., Knudsen, L.R.: Provable security against a differential attack. J. Cryptol. 8(1), 27\u201337 (1995)","journal-title":"J. Cryptol."},{"key":"20_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-540-39887-5_19","volume-title":"Fast Software Encryption","author":"S Park","year":"2003","unstructured":"Park, S., Sung, S.H., Lee, S., Lim, J.: Improving the upper bound on the maximum differential and the maximum linear hull probability for SPN structures and AES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 247\u2013260. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-39887-5_19"},{"issue":"3","key":"20_CR47","doi-asserted-by":"publisher","first-page":"300","DOI":"10.1016\/0097-3165(76)90024-8","volume":"20","author":"OS Rothaus","year":"1976","unstructured":"Rothaus, O.S.: On \u2018bent\u2019 functions. J. Comb. Theory Ser. A 20(3), 300\u2013305 (1976)","journal-title":"J. Comb. Theory Ser. A"},{"key":"20_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1007\/978-3-662-48800-3_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2015","author":"S Tessaro","year":"2015","unstructured":"Tessaro, S.: Optimally secure block ciphers from ideal primitives. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 437\u2013462. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-48800-3_18"},{"key":"20_CR49","doi-asserted-by":"crossref","unstructured":"Tessaro, S.: Optimally secure block ciphers from ideal primitives. Cryptology ePrint Archive, Report 2015\/868 (2015). http:\/\/eprint.iacr.org\/2015\/868","DOI":"10.1007\/978-3-662-48800-3_18"},{"key":"20_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-53890-6_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"Y Todo","year":"2016","unstructured":"Todo, Y., Leander, G., Sasaki, Y.: Nonlinear invariant attack. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 3\u201333. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53890-6_1"},{"key":"20_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/BFb0028566","volume-title":"STACS 98","author":"S Vaudenay","year":"1998","unstructured":"Vaudenay, S.: Provable security for block ciphers by decorrelation. In: Morvan, M., Meinel, C., Krob, D. (eds.) STACS 1998. LNCS, vol. 1373, pp. 249\u2013275. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/BFb0028566"},{"key":"20_CR52","unstructured":"Vaudenay, S.: The end of encryption based on card shuffling. CRYPTO 2012 Rump Session (2012). crypto.2012.rump.cr.yp.to"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2019"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-17659-4_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T13:00:17Z","timestamp":1710334817000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-17659-4_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030176587","9783030176594"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-17659-4_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"24 April 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Darmstadt","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 May 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 May 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"38","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2019\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"IACR websubrev","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"327","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"76","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}