{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T15:54:57Z","timestamp":1774022097893,"version":"3.50.1"},"publisher-location":"Cham","reference-count":64,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030778699","type":"print"},{"value":"9783030778705","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-77870-5_27","type":"book-chapter","created":{"date-parts":[[2021,6,15]],"date-time":"2021-06-15T23:11:50Z","timestamp":1623798710000},"page":"771-804","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":28,"title":["Automatic Search of Meet-in-the-Middle Preimage Attacks on AES-like Hashing"],"prefix":"10.1007","author":[{"given":"Zhenzhen","family":"Bao","sequence":"first","affiliation":[]},{"given":"Xiaoyang","family":"Dong","sequence":"additional","affiliation":[]},{"given":"Jian","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Zheng","family":"Li","sequence":"additional","affiliation":[]},{"given":"Danping","family":"Shi","sequence":"additional","affiliation":[]},{"given":"Siwei","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Xiaoyun","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,6,16]]},"reference":[{"key":"27_CR1","unstructured":"Alliance, Z.: ZigBee 2007 specification (2007). http:\/\/www.zigbee.org\/"},{"key":"27_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1007\/978-3-319-06734-6_7","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2014","author":"R AlTawy","year":"2014","unstructured":"AlTawy, R., Youssef, A.M.: Preimage attacks on reduced-round stribog. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 109\u2013125. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-06734-6_7"},{"key":"27_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-3-319-16745-9_17","volume-title":"Information Security and Cryptology","author":"R AlTawy","year":"2015","unstructured":"AlTawy, R., Youssef, A.M.: Second preimage analysis of whirlwind. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 311\u2013328. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-16745-9_17"},{"key":"27_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"578","DOI":"10.1007\/978-3-642-10366-7_34","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Guo, J., Matusiewicz, K., Sasaki, Yu., Wang, L.: Preimages for step-reduced SHA-2. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 578\u2013597. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_34"},{"key":"27_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1007\/978-3-642-03356-8_5","volume-title":"Advances in Cryptology - CRYPTO 2009","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Sasaki, Yu.: Meet-in-the-middle preimage attacks against reduced SHA-0 and SHA-1. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 70\u201389. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03356-8_5"},{"key":"27_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-642-04159-4_7","volume-title":"Selected Areas in Cryptography","author":"K Aoki","year":"2009","unstructured":"Aoki, K., Sasaki, Yu.: Preimage attacks on one-block MD4, 63-Step MD5 and more. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 103\u2013119. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_7"},{"key":"27_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1007\/978-3-642-04159-4_8","volume-title":"Selected Areas in Cryptography","author":"J-P Aumasson","year":"2009","unstructured":"Aumasson, J.-P., Meier, W., Mendel, F.: Preimage attacks on 3-pass HAVAL and step-reduced MD5. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 120\u2013135. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04159-4_8"},{"key":"27_CR8","unstructured":"Aumasson, J.P., Endignoux, G.: Gravity-SPHINCS. Technical report, National Institute of Standards and Technology (2017). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-1-submissions"},{"key":"27_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1007\/978-3-319-66787-4_16","volume-title":"CHES 2017","author":"S Banik","year":"2017","unstructured":"Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small present - towards reaching the limit of lightweight encryption. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321\u2013345. Springer, Heidelberg (2017)"},{"key":"27_CR10","doi-asserted-by":"crossref","unstructured":"Bao, Z., Ding, L., Guo, J., Wang, H., Zhang, W.: Improved meet-in-the-middle preimage attacks against AES hashing modes. IACR Trans. Symm. Cryptol. 2019(4), 318\u2013347 (2019)","DOI":"10.46586\/tosc.v2019.i4.318-347"},{"key":"27_CR11","doi-asserted-by":"crossref","unstructured":"Bao, Z., et al.: Automatic search of meet-in-the-middle preimage attacks on AES-like hashing. Cryptology ePrint Archive, Report 2020\/467 (2020). https:\/\/eprint.iacr.org\/2020\/467","DOI":"10.46586\/tosc.v2019.i4.318-347"},{"key":"27_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-662-53008-5_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"C Beierle","year":"2016","unstructured":"Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 123\u2013153. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_5"},{"key":"27_CR13","unstructured":"Benadjila, R., et al.: SHA-3 proposal: ECHO. Submission to NIST (updated), p. 113 (2009)"},{"key":"27_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1007\/978-3-642-25385-0_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344\u2013371. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-25385-0_19"},{"key":"27_CR15","doi-asserted-by":"crossref","unstructured":"Canteaut, A., et al.: Saturnin: a suite of lightweight symmetric algorithms for post-quantum security. Submission to NIST (2019)","DOI":"10.46586\/tosc.v2020.iS1.160-207"},{"key":"27_CR16","series-title":"Information Security and Cryptography","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-04722-4","volume-title":"The Design of Rijndael: AES - The Advanced Encryption Standard","author":"J Daemen","year":"2002","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/978-3-662-04722-4"},{"key":"27_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-662-53008-5_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"P Derbez","year":"2016","unstructured":"Derbez, P., Fouque, P.-A.: Automatic search of meet-in-the-middle and impossible differential attacks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 157\u2013184. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_6"},{"key":"27_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"727","DOI":"10.1007\/978-3-030-64834-3_25","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"X Dong","year":"2020","unstructured":"Dong, X., Sun, S., Shi, D., Gao, F., Wang, X., Hu, L.: Quantum Collision Attacks on AES-Like Hashing with Low Quantum Random Access Memories. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part II. LNCS, vol. 12492, pp. 727\u2013757. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64834-3_25"},{"key":"27_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1007\/978-3-662-47989-6_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"T Espitau","year":"2015","unstructured":"Espitau, T., Fouque, P.-A., Karpman, P.: Higher-order differential meet-in-the-middle preimage attacks on SHA-1 and BLAKE. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 683\u2013701. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_33"},{"key":"27_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"268","DOI":"10.1007\/978-3-662-52993-5_14","volume-title":"Fast Software Encryption","author":"K Fu","year":"2016","unstructured":"Fu, K., Wang, M., Guo, Y., Sun, S., Hu, L.: MILP-based automatic search algorithms for differential and linear trails for speck. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 268\u2013288. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-52993-5_14"},{"key":"27_CR21","unstructured":"Gauravaram, P., et al.: Gr\u00f8stl \u2013 a SHA-3 candidate, March 2011. http:\/\/www.groestl.info\/Groestl.pdf"},{"key":"27_CR22","doi-asserted-by":"crossref","unstructured":"Guo, C., Katz, J., Wang, X., Yu, Y.: Efficient and secure multiparty computation from fixed-key block ciphers. In: 2020 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, 18\u201321 May 2020, pp. 825\u2013841 (2020)","DOI":"10.1109\/SP40000.2020.00016"},{"key":"27_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"458","DOI":"10.1007\/978-3-662-45611-8_24","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"J Guo","year":"2014","unstructured":"Guo, J., Jean, J., Nikoli\u0107, I., Sasaki, Yu.: Meet-in-the-middle attacks on generic feistel constructions. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 458\u2013477. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_24"},{"issue":"3","key":"27_CR24","doi-asserted-by":"publisher","first-page":"587","DOI":"10.1007\/s10623-015-0120-4","volume":"80","author":"J Guo","year":"2016","unstructured":"Guo, J., Jean, J., Nikolic, I., Sasaki, Y.: Extended meet-in-the-middle attacks on some Feistel constructions. Des. Codes Crypt. 80(3), 587\u2013618 (2016)","journal-title":"Des. Codes Crypt."},{"key":"27_CR25","doi-asserted-by":"crossref","unstructured":"Guo, J., Jean, J., Nikolic, I., Sasaki, Y.: Meet-in-the-middle attacks on classes of contracting and expanding Feistel constructions. IACR Trans. Symm. Cryptol. 2016(2), 307\u2013337 (2016). http:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/576","DOI":"10.46586\/tosc.v2016.i2.307-337"},{"key":"27_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-642-17373-8_4","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"J Guo","year":"2010","unstructured":"Guo, J., Ling, S., Rechberger, C., Wang, H.: Advanced meet-in-the-middle preimage attacks: first results on full tiger, and improved results on MD4 and SHA-2. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 56\u201375. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_4"},{"issue":"2","key":"27_CR27","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1016\/j.ipl.2014.10.016","volume":"115","author":"J Guo","year":"2015","unstructured":"Guo, J., Su, C., Yap, W.: An improved preimage attack against HAVAL-3. Inf. Process. Lett. 115(2), 386\u2013393 (2015)","journal-title":"Inf. Process. Lett."},{"key":"27_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"466","DOI":"10.1007\/978-3-030-45721-1_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"Y Hao","year":"2020","unstructured":"Hao, Y., Leander, G., Meier, W., Todo, Y., Wang, Q.: Modeling for three-subset division property without unknown subset. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part I. LNCS, vol. 12105, pp. 466\u2013495. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_17"},{"key":"27_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1007\/978-3-642-14423-3_22","volume-title":"Information, Security and Cryptology \u2013 ICISC 2009","author":"D Hong","year":"2010","unstructured":"Hong, D., Koo, B., Sasaki, Yu.: Improved preimage attack for 68-step HAS-160. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 332\u2013348. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14423-3_22"},{"key":"27_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/978-3-030-45724-2_9","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"A Hosoyamada","year":"2020","unstructured":"Hosoyamada, A., Sasaki, Yu.: Finding hash collisions with quantum computers by using differential trails with smaller probability than birthday bound. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part II. LNCS, vol. 12106, pp. 249\u2013279. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_9"},{"key":"27_CR31","unstructured":"Hulsing, A., et al.: SPHINCS+. Technical report, National Institute of Standards and Technology (2019). https:\/\/csrc.nist.gov\/projects\/post-quantum-cryptography\/round-2-submissions"},{"key":"27_CR32","unstructured":"ISO\/IEC: 10118-2:2010 Information technology \u2014 Security techniques - Hash-functions - Part 2: Hash-functions using an $$n$$-bit block cipher, 3rd edn. International Organization for Standardization, Geneve, Switzerland, October 2010"},{"key":"27_CR33","doi-asserted-by":"crossref","unstructured":"Jean, J.: Cryptanalysis of Haraka. IACR Trans. Symmetric Cryptol. 2016(1), 1\u201312 (2016)","DOI":"10.46586\/tosc.v2016.i1.1-12"},{"key":"27_CR34","doi-asserted-by":"crossref","unstructured":"Keller, M., Orsini, E., Scholl, P.: MASCOT: faster malicious arithmetic secure computation with oblivious transfer. In: ACM SIGSAC 2016, Vienna, Austria, 24\u201328 October 2016, pp. 830\u2013842 (2016)","DOI":"10.1145\/2976749.2978357"},{"key":"27_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"392","DOI":"10.1007\/978-3-642-29011-4_24","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"D Khovratovich","year":"2012","unstructured":"Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-bicliques: cryptanalysis of full IDEA. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 392\u2013410. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29011-4_24"},{"key":"27_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-642-34047-5_15","volume-title":"Fast Software Encryption","author":"D Khovratovich","year":"2012","unstructured":"Khovratovich, D., Rechberger, C., Savelieva, A.: Bicliques for preimages: attacks on skein-512 and the SHA-2 family. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 244\u2013263. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_15"},{"key":"27_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1007\/978-3-642-32009-5_22","volume-title":"Advances in Cryptology \u2013 CRYPTO 2012","author":"S Knellwolf","year":"2012","unstructured":"Knellwolf, S., Khovratovich, D.: New preimage attacks against reduced SHA-1. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 367\u2013383. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-32009-5_22"},{"key":"27_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-540-74619-5_3","volume-title":"Fast Software Encryption","author":"LR Knudsen","year":"2007","unstructured":"Knudsen, L.R., Rechberger, C., Thomsen, S.S.: The Grindahl hash functions. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 39\u201357. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74619-5_3"},{"key":"27_CR39","doi-asserted-by":"crossref","unstructured":"K\u00f6lbl, S., Lauridsen, M.M., Mendel, F., Rechberger, C.: Haraka v2 - efficient short-input hashing for post-quantum applications. IACR Trans. Symm. Cryptol. 2016(2), 1\u201329 (2016). http:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/563","DOI":"10.46586\/tosc.v2016.i2.1-29"},{"key":"27_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-662-47989-6_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"S K\u00f6lbl","year":"2015","unstructured":"K\u00f6lbl, S., Leander, G., Tiessen, T.: Observations on the SIMON block cipher family. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 161\u2013185. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_8"},{"key":"27_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/978-3-540-71039-4_26","volume-title":"Fast Software Encryption","author":"G Leurent","year":"2008","unstructured":"Leurent, G.: MD4 is not one-way. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 412\u2013428. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-71039-4_26"},{"key":"27_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"264","DOI":"10.1007\/978-3-642-34047-5_16","volume-title":"Fast Software Encryption","author":"J Li","year":"2012","unstructured":"Li, J., Isobe, T., Shibutani, K.: Converting meet-in-the-middle preimage attack into pseudo collision attack: application to SHA-2. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 264\u2013286. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_16"},{"key":"27_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1007\/978-3-319-70694-8_4","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2017","author":"Z Li","year":"2017","unstructured":"Li, Z., Bi, W., Dong, X., Wang, X.: Improved conditional cube attacks on Keccak keyed modes with MILP method. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part I. LNCS, vol. 10624, pp. 99\u2013127. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-70694-8_4"},{"issue":"2","key":"27_CR44","doi-asserted-by":"publisher","first-page":"94","DOI":"10.46586\/tosc.v2019.i2.94-124","volume":"2019","author":"Z Li","year":"2019","unstructured":"Li, Z., Dong, X., Bi, W., Jia, K., Wang, X., Meier, W.: New conditional cube attack on Keccak keyed modes. IACR Trans. Symm. Cryptol. 2019(2), 94\u2013124 (2019)","journal-title":"IACR Trans. Symm. Cryptol."},{"issue":"3","key":"27_CR45","doi-asserted-by":"publisher","first-page":"37","DOI":"10.46586\/tosc.v2017.i3.37-72","volume":"2017","author":"G Liu","year":"2017","unstructured":"Liu, G., Ghosh, M., Song, L.: Security analysis of SKINNY under related-tweakey settings (long paper). IACR Trans. Symm. Cryptol. 2017(3), 37\u201372 (2017)","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"27_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"366","DOI":"10.1007\/BFb0053451","volume-title":"Advances in Cryptology \u2014 EUROCRYPT\u201994","author":"M Matsui","year":"1995","unstructured":"Matsui, M.: On correlation between the order of S-boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366\u2013375. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/BFb0053451"},{"key":"27_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-642-34704-7_5","volume-title":"Information Security and Cryptology","author":"N Mouha","year":"2012","unstructured":"Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57\u201376. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34704-7_5"},{"key":"27_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"368","DOI":"10.1007\/3-540-48329-2_31","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 93","author":"B Preneel","year":"1994","unstructured":"Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368\u2013378. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48329-2_31"},{"key":"27_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/978-3-642-21702-9_22","volume-title":"Fast Software Encryption","author":"Yu Sasaki","year":"2011","unstructured":"Sasaki, Yu.: Meet-in-the-middle preimage attacks on AES hashing modes and an application to whirlpool. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 378\u2013396. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21702-9_22"},{"key":"27_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-3-319-97916-8_15","volume-title":"Advances in Information and Computer Security","author":"Yu Sasaki","year":"2018","unstructured":"Sasaki, Yu.: Integer linear programming for three-subset meet-in-the-middle attacks: application to GIFT. In: Inomata, A., Yasuda, K. (eds.) IWSEC 2018. LNCS, vol. 11049, pp. 227\u2013243. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-97916-8_15"},{"key":"27_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1007\/978-3-540-89255-7_16","volume-title":"Advances in Cryptology - ASIACRYPT 2008","author":"Yu Sasaki","year":"2008","unstructured":"Sasaki, Yu., Aoki, K.: Preimage attacks on 3, 4, and 5-Pass HAVAL. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 253\u2013271. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-89255-7_16"},{"key":"27_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1007\/978-3-540-70500-0_21","volume-title":"Information Security and Privacy","author":"Yu Sasaki","year":"2008","unstructured":"Sasaki, Yu., Aoki, K.: Preimage attacks on step-reduced MD5. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 282\u2013296. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-70500-0_21"},{"key":"27_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-642-01001-9_8","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"Yu Sasaki","year":"2009","unstructured":"Sasaki, Yu., Aoki, K.: Finding preimages in full MD5 faster than exhaustive search. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 134\u2013152. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-01001-9_8"},{"key":"27_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-03329-3_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"D Shi","year":"2018","unstructured":"Shi, D., Sun, S., Derbez, P., Todo, Y., Sun, B., Hu, L.: Programming the Demirci-Sel\u00e7uk meet-in-the-middle attack with constraints. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 3\u201334. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_1"},{"issue":"3","key":"27_CR55","doi-asserted-by":"publisher","first-page":"182","DOI":"10.46586\/tosc.v2018.i3.182-214","volume":"2018","author":"L Song","year":"2018","unstructured":"Song, L., Guo, J.: Cube-attack-like cryptanalysis of round-reduced KECCAK using MILP. IACR Trans. Symm. Cryptol. 2018(3), 182\u2013214 (2018)","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"27_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-030-03329-3_3","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"L Song","year":"2018","unstructured":"Song, L., Guo, J., Shi, D., Ling, S.: New MILP modeling: improved conditional cube attacks on Keccak-based constructions. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 65\u201395. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_3"},{"issue":"1","key":"27_CR57","doi-asserted-by":"publisher","first-page":"281","DOI":"10.46586\/tosc.v2017.i1.281-306","volume":"2017","author":"S Sun","year":"2017","unstructured":"Sun, S., Gerault, D., Lafourcade, P., Yang, Q., Todo, Y., Qiao, K., Hu, L.: Analysis of AES, SKINNY, and others with constraint programming. IACR Trans. Symm. Cryptol. 2017(1), 281\u2013306 (2017)","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"27_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1007\/978-3-662-45611-8_9","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"S Sun","year":"2014","unstructured":"Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 158\u2013178. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_9"},{"key":"27_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/978-3-642-13858-4_7","volume-title":"Fast Software Encryption","author":"L Wang","year":"2010","unstructured":"Wang, L., Sasaki, Yu.: Finding preimages of tiger up to 23 steps. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 116\u2013133. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13858-4_7"},{"key":"27_CR60","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-642-19074-2_14","volume-title":"Topics in Cryptology \u2013 CT-RSA 2011","author":"L Wang","year":"2011","unstructured":"Wang, L., Sasaki, Yu., Komatsubara, W., Ohta, K., Sakiyama, K.: (Second) preimage attacks on step-reduced RIPEMD\/RIPEMD-128 with a new local-collision approach. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 197\u2013212. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-19074-2_14"},{"key":"27_CR61","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1007\/978-3-642-22497-3_31","volume-title":"Information Security and Privacy","author":"L Wei","year":"2011","unstructured":"Wei, L., Rechberger, C., Guo, J., Wu, H., Wang, H., Ling, S.: Improved meet-in-the-middle cryptanalysis of KTANTAN (poster). In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 433\u2013438. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-22497-3_31"},{"key":"27_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-642-34047-5_8","volume-title":"Fast Software Encryption","author":"S Wu","year":"2012","unstructured":"Wu, S., Feng, D., Wu, W., Guo, J., Dong, L., Zou, J.: (Pseudo) preimage attack on round-reduced Gr\u00f8stl hash function and others. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 127\u2013145. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34047-5_8"},{"key":"27_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"648","DOI":"10.1007\/978-3-662-53887-6_24","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"Z Xiang","year":"2016","unstructured":"Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 648\u2013678. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_24"},{"key":"27_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/3-540-57220-1_54","volume-title":"Advances in Cryptology \u2014 AUSCRYPT \u201992","author":"Y Zheng","year":"1993","unstructured":"Zheng, Y., Pieprzyk, J., Seberry, J.: HAVAL \u2014 a one-way hashing algorithm with variable length of output (extended abstract). In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 81\u2013104. Springer, Heidelberg (1993). https:\/\/doi.org\/10.1007\/3-540-57220-1_54"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2021"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-77870-5_27","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,16]],"date-time":"2024-06-16T00:14:24Z","timestamp":1718496864000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-77870-5_27"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030778699","9783030778705"],"references-count":64,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-77870-5_27","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"16 June 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Zagreb","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Croatia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"40","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"400","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"78","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"at least 3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}