{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T19:10:49Z","timestamp":1773774649809,"version":"3.50.1"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030457204","type":"print"},{"value":"9783030457211","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-45721-1_17","type":"book-chapter","created":{"date-parts":[[2020,5,1]],"date-time":"2020-05-01T04:17:18Z","timestamp":1588306638000},"page":"466-495","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":53,"title":["Modeling for Three-Subset Division Property Without Unknown Subset"],"prefix":"10.1007","author":[{"given":"Yonglin","family":"Hao","sequence":"first","affiliation":[]},{"given":"Gregor","family":"Leander","sequence":"additional","affiliation":[]},{"given":"Willi","family":"Meier","sequence":"additional","affiliation":[]},{"given":"Yosuke","family":"Todo","sequence":"additional","affiliation":[]},{"given":"Qingju","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,5,1]]},"reference":[{"key":"17_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1007\/3-540-45661-9_9","volume-title":"Fast Software Encryption","author":"L Knudsen","year":"2002","unstructured":"Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112\u2013127. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45661-9_9"},{"key":"17_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/BFb0052343","volume-title":"Fast Software Encryption","author":"J Daemen","year":"1997","unstructured":"Daemen, J., Knudsen, L., Rijmen, V.: The block cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149\u2013165. Springer, Heidelberg (1997). https:\/\/doi.org\/10.1007\/BFb0052343"},{"key":"17_CR3","series-title":"Springer International Series in Engineering and Computer Science (Communications and Information Theory)","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-1-4615-2694-0_23","volume-title":"Communications and Cryptography","author":"X Lai","year":"1994","unstructured":"Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. SECS, vol. 276, pp. 227\u2013233. Springer, Boston (1994). https:\/\/doi.org\/10.1007\/978-1-4615-2694-0_23"},{"key":"17_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-662-46800-5_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"Y Todo","year":"2015","unstructured":"Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 287\u2013314. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-46800-5_12"},{"key":"17_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"413","DOI":"10.1007\/978-3-662-47989-6_20","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"Y Todo","year":"2015","unstructured":"Todo, Y.: Integral cryptanalysis on full MISTY1. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 413\u2013432. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_20"},{"key":"17_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1007\/978-3-319-69453-5_15","volume-title":"Selected Areas in Cryptography \u2013 SAC 2016","author":"Y Sasaki","year":"2017","unstructured":"Sasaki, Y., Todo, Y.: New differential bounds and division property of Lilliput: block cipher with extended generalized Feistel network. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 264\u2013283. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-69453-5_15"},{"key":"17_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1007\/978-3-662-52993-5_18","volume-title":"Fast Software Encryption","author":"Y Todo","year":"2016","unstructured":"Todo, Y., Morii, M.: Bit-based division property and application to Simon family. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357\u2013377. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-52993-5_18"},{"key":"17_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/978-3-319-56549-1_23","volume-title":"Information Security Applications","author":"N Sugio","year":"2017","unstructured":"Sugio, N., Igarashi, Y., Kaneko, T., Higuchi, K.: New integral characteristics of KASUMI derived by division property. In: Choi, D., Guilley, S. (eds.) WISA 2016. LNCS, vol. 10144, pp. 267\u2013279. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56549-1_23"},{"key":"17_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"648","DOI":"10.1007\/978-3-662-53887-6_24","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"Z Xiang","year":"2016","unstructured":"Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 648\u2013678. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_24"},{"key":"17_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1007\/978-3-319-70694-8_5","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"L Sun","year":"2017","unstructured":"Sun, L., Wang, W., Wang, M.: Automatic search of bit-based division property for ARX ciphers and word-based division property. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 128\u2013157. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_5"},{"key":"17_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"250","DOI":"10.1007\/978-3-319-63697-9_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2017","author":"Y Todo","year":"2017","unstructured":"Todo, Y., Isobe, T., Hao, Y., Meier, W.: Cube attacks on non-blackbox polynomials based on division property. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part III. LNCS, vol. 10403, pp. 250\u2013279. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63697-9_9"},{"key":"17_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/978-3-319-96884-1_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"Q Wang","year":"2018","unstructured":"Wang, Q., Hao, Y., Todo, Y., Li, C., Isobe, T., Meier, W.: Improved division property based cube attacks exploiting algebraic properties of superpoly. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 275\u2013305. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96884-1_10"},{"key":"17_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/978-3-319-66787-4_15","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2017","author":"DJ Bernstein","year":"2017","unstructured":"Bernstein, D.J., et al.: Gimli: a cross-platform permutation. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 299\u2013320. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_15"},{"key":"17_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-319-66787-4_16","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2017","author":"S Banik","year":"2017","unstructured":"Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present - towards reaching the limit of lightweight encryption. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321\u2013345. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_16"},{"key":"17_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/978-3-319-13039-2_9","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2014","author":"Q Wang","year":"2014","unstructured":"Wang, Q., Liu, Z., Var\u0131c\u0131, K., Sasaki, Y., Rijmen, V., Todo, Y.: Cryptanalysis of reduced-round SIMON32 and SIMON48. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 143\u2013160. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13039-2_9"},{"key":"17_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/978-3-030-12612-4_21","volume-title":"Topics in Cryptology \u2013 CT-RSA 2019","author":"K Hu","year":"2019","unstructured":"Hu, K., Wang, M.: Automatic search for a variant of division property using three subsets. In: Matsui, M. (ed.) CT-RSA 2019. LNCS, vol. 11405, pp. 412\u2013432. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-12612-4_21"},{"key":"17_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"398","DOI":"10.1007\/978-3-030-34618-8_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"S Wang","year":"2019","unstructured":"Wang, S., Hu, B., Guan, J., Zhang, K., Shi, T.: MILP-aided method of searching division property using three subsets\u00a0and applications. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part III. LNCS, vol. 11923, pp. 398\u2013427. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34618-8_14"},{"key":"17_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-642-01001-9_16","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"I Dinur","year":"2009","unstructured":"Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278\u2013299. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-01001-9_16"},{"issue":"3","key":"17_CR19","first-page":"81","volume":"2019","author":"CD Ye","year":"2019","unstructured":"Ye, C.D., Tian, T.: Revisit division property based cube attacks: key-recovery or distinguishing attacks? IACR Trans. Symm. Cryptol. 2019(3), 81\u2013102 (2019)","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"17_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1007\/978-3-319-96881-0_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"X Fu","year":"2018","unstructured":"Fu, X., Wang, X., Dong, X., Meier, W.: A key-recovery attack on 855-round Trivium. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 160\u2013184. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_6"},{"issue":"5","key":"17_CR21","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1007\/s12095-018-0294-5","volume":"10","author":"M Hamann","year":"2018","unstructured":"Hamann, M., Krause, M.: On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks. Cryptogr. Commun. 10(5), 959\u20131012 (2018). https:\/\/doi.org\/10.1007\/s12095-018-0294-5","journal-title":"Cryptogr. Commun."},{"key":"17_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-319-96881-0_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2018","author":"Y Todo","year":"2018","unstructured":"Todo, Y., Isobe, T., Meier, W., Aoki, K., Zhang, B.: Fast correlation attack revisited - cryptanalysis on full Grain-128a, Grain-128, and Grain-v1. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part II. LNCS, vol. 10992, pp. 129\u2013159. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-96881-0_5"},{"key":"17_CR23","unstructured":"Canni\u00e8re, C.D., Preneel, B.: Trivium specifications. eSTREAM portfolio, Profile 2 (HW) (2006)"},{"key":"17_CR24","unstructured":"Hao, Y., Jiao, L., Li, C., Meier, W., Todo, Y., Wang, Q.: Observations on the dynamic cube attack of 855-round TRIVIUM from Crypto \u201918. Cryptology ePrint Archive, Report 2018\/972 (2018). https:\/\/eprint.iacr.org\/2018\/972"},{"key":"17_CR25","doi-asserted-by":"crossref","unstructured":"Fu, X., Wang, X., Dong, X., Meier, W., Hao, Y., Zhao, B.: A refinement of \u201ca key-recovery attack on 855-round Trivium\u201d from crypto 2018. Cryptology ePrint Archive, Report 2018\/999 (2018). https:\/\/eprint.iacr.org\/2018\/999","DOI":"10.1007\/978-3-319-96881-0_6"},{"key":"17_CR26","unstructured":"Hell, M., Johansson, T., Meier, W., S\u00f6nnerup, J., Yoshida, H.: Grain-128AEAD: a lightweight AEAD stream cipher. Lightweight Cryptography (LWC) Standardization (2019)"},{"issue":"1","key":"17_CR27","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1504\/IJWMC.2011.044106","volume":"5","author":"M \u00c5gren","year":"2011","unstructured":"\u00c5gren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. IJWMC 5(1), 48\u201359 (2011)","journal-title":"IJWMC"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2020"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-45721-1_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:03:46Z","timestamp":1682899426000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-45721-1_17"}},"subtitle":["Improved Cube Attacks Against Trivium and Grain-128AEAD"],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030457204","9783030457211"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-45721-1_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"1 May 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zagreb","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Croatia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 May 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 May 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"39","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"IACR websubrev","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"375","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"81","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"22% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}