{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T08:16:42Z","timestamp":1771489002375,"version":"3.50.1"},"publisher-location":"Cham","reference-count":64,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783031070815","type":"print"},{"value":"9783031070822","type":"electronic"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-07082-2_1","type":"book-chapter","created":{"date-parts":[[2022,5,28]],"date-time":"2022-05-28T00:09:51Z","timestamp":1653696591000},"page":"3-33","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":24,"title":["Key Guessing Strategies for\u00a0Linear Key-Schedule Algorithms in\u00a0Rectangle Attacks"],"prefix":"10.1007","author":[{"given":"Xiaoyang","family":"Dong","sequence":"first","affiliation":[]},{"given":"Lingyue","family":"Qin","sequence":"additional","affiliation":[]},{"given":"Siwei","family":"Sun","sequence":"additional","affiliation":[]},{"given":"Xiaoyun","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,5,25]]},"reference":[{"key":"1_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/978-3-030-34621-8_6","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"E Andreeva","year":"2019","unstructured":"Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., Viz\u00e1r, D.: Forkcipher: a new primitive for authenticated encryption of very short messages. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part II. LNCS, vol. 11922, pp. 153\u2013182. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34621-8_6"},{"key":"1_CR2","unstructured":"Andreeva, E., Lallemand, V., Purnal, A., Reyhanitabar, R., Roy, A., Viz\u00e1r, D.: ForkAE v. Submission to NIST Lightweight Cryptography Project (2019)"},{"key":"1_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-319-61204-1_11","volume-title":"Applied Cryptography and Network Security","author":"R Ankele","year":"2017","unstructured":"Ankele, R., et al.: Related-key impossible-differential attack on\u00a0reduced-round Skinny. In: Gollmann, D., Miyaji, A., Kikuchi, H. (eds.) ACNS 2017. LNCS, vol. 10355, pp. 208\u2013228. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-61204-1_11"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-319-66787-4_16","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2017","author":"S Banik","year":"2017","unstructured":"Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Yu., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321\u2013345. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66787-4_16"},{"key":"1_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-030-17653-2_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"A Bar-On","year":"2019","unstructured":"Bar-On, A., Dunkelman, O., Keller, N., Weizman, A.: DLCT: a new tool for differential-linear cryptanalysis. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 313\u2013342. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_11"},{"issue":"1","key":"1_CR6","doi-asserted-by":"publisher","first-page":"233","DOI":"10.46586\/tosc.v2020.i1.233-265","volume":"2020","author":"A Bariant","year":"2020","unstructured":"Bariant, A., David, N., Leurent, G.: Cryptanalysis of forkciphers. IACR Trans. Symmetric Cryptol. 2020(1), 233\u2013265 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-662-53008-5_5","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"C Beierle","year":"2016","unstructured":"Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 123\u2013153. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_5"},{"issue":"1","key":"1_CR8","doi-asserted-by":"publisher","first-page":"5","DOI":"10.46586\/tosc.v2019.i1.5-45","volume":"2019","author":"C Beierle","year":"2019","unstructured":"Beierle, C., Leander, G., Moradi, A., Rasoolzadeh, S.: CRAFT: lightweight tweakable block cipher with efficient protection against DFA attacks. IACR Trans. Symmetric Cryptol. 2019(1), 5\u201345 (2019)","journal-title":"IACR Trans. Symmetric Cryptol."},{"issue":"3","key":"1_CR9","doi-asserted-by":"publisher","first-page":"1156","DOI":"10.1007\/s00145-020-09344-1","volume":"33","author":"T Beyne","year":"2020","unstructured":"Beyne, T.: Block cipher invariants as eigenvectors of correlation matrices. J. Cryptol. 33(3), 1156\u20131183 (2020)","journal-title":"J. Cryptol."},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/3-540-69710-1_15","volume-title":"Fast Software Encryption","author":"E Biham","year":"1998","unstructured":"Biham, E., Anderson, R., Knudsen, L.: Serpent: a new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222\u2013238. Springer, Heidelberg (1998). https:\/\/doi.org\/10.1007\/3-540-69710-1_15"},{"key":"1_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/11935230_27","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"E Biham","year":"2006","unstructured":"Biham, E., Dunkelman, O., Keller, N.: New cryptanalytic results on IDEA. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 412\u2013427. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11935230_27"},{"key":"1_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-45661-9_1","volume-title":"Fast Software Encryption","author":"E Biham","year":"2002","unstructured":"Biham, E., Dunkelman, O., Keller, N.: New results on boomerang and rectangle attacks. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1\u201316. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/3-540-45661-9_1"},{"key":"1_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"340","DOI":"10.1007\/3-540-44987-6_21","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 2001","author":"E Biham","year":"2001","unstructured":"Biham, E., Dunkelman, O., Keller, N.: The rectangle attack \u2014 rectangling the serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340\u2013357. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44987-6_21"},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"507","DOI":"10.1007\/11426639_30","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"E Biham","year":"2005","unstructured":"Biham, E., Dunkelman, O., Keller, N.: Related-key boomerang and rectangle attacks. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 507\u2013525. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/11426639_30"},{"issue":"1","key":"1_CR15","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/BF00630563","volume":"4","author":"E Biham","year":"1991","unstructured":"Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3\u201372 (1991). https:\/\/doi.org\/10.1007\/BF00630563","journal-title":"J. Cryptol."},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1007\/978-3-540-45146-4_12","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"A Biryukov","year":"2003","unstructured":"Biryukov, A., De Canni\u00e8re, C., Dellkrantz, G.: Cryptanalysis of Safer++. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 195\u2013211. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45146-4_12"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Biryukov, A., dos Santos, L.C., Feher, D., Velichkov, V., Vitto, G.: Automated truncation of differential trails and trail clustering in ARX. Cryptology ePrint Archive, Report 2021\/1194 (2021)","DOI":"10.1007\/978-3-030-99277-4_14"},{"key":"1_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-10366-7_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2009","author":"A Biryukov","year":"2009","unstructured":"Biryukov, A., Khovratovich, D.: Related-key cryptanalysis of the full AES-192 and AES-256. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 1\u201318. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-10366-7_1"},{"key":"1_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"322","DOI":"10.1007\/978-3-642-13190-5_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2010","author":"A Biryukov","year":"2010","unstructured":"Biryukov, A., Nikoli\u0107, I.: Automatic search for related-key differential characteristics in byte-oriented block ciphers: application to AES, Camellia, Khazad and others. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 322\u2013344. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-13190-5_17"},{"key":"1_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/978-3-319-04852-9_12","volume-title":"Topics in Cryptology \u2013 CT-RSA 2014","author":"A Biryukov","year":"2014","unstructured":"Biryukov, A., Velichkov, V.: Automatic search for differential trails in ARX ciphers. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 227\u2013250. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-04852-9_12"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/978-3-030-34578-5_8","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"X Bonnetain","year":"2019","unstructured":"Bonnetain, X., Perrin, L., Tian, S.: Anomalies and vector space search: tools for S-box analysis. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part I. LNCS, vol. 11921, pp. 196\u2013223. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34578-5_8"},{"issue":"1","key":"1_CR22","doi-asserted-by":"publisher","first-page":"331","DOI":"10.46586\/tosc.v2020.i1.331-362","volume":"2020","author":"H Boukerrou","year":"2020","unstructured":"Boukerrou, H., Huynh, P., Lallemand, V., Mandal, B., Minier, M.: On the feistel counterpart of the boomerang connectivity table introduction and analysis of the FBCT. IACR Trans. Symmetric Cryptol. 2020(1), 331\u2013362 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"issue":"3","key":"1_CR23","doi-asserted-by":"publisher","first-page":"290","DOI":"10.46586\/tosc.v2018.i3.290-310","volume":"2018","author":"C Boura","year":"2018","unstructured":"Boura, C., Canteaut, A.: On the boomerang uniformity of cryptographic sboxes. IACR Trans. Symmetric Cryptol. 2018(3), 290\u2013310 (2018)","journal-title":"IACR Trans. Symmetric Cryptol."},{"issue":"1","key":"1_CR24","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s00145-016-9251-7","volume":"31","author":"C Boura","year":"2018","unstructured":"Boura, C., Lallemand, V., Naya-Plasencia, M., Suder, V.: Making the impossible possible. J. Cryptol. 31(1), 101\u2013133 (2018)","journal-title":"J. Cryptol."},{"key":"1_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/978-3-662-45611-8_10","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"C Boura","year":"2014","unstructured":"Boura, C., Naya-Plasencia, M., Suder, V.: Scrutinizing and improving impossible differential attacks: applications to CLEFIA, Camellia, LBlock and Simon. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 179\u2013199. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_10"},{"issue":"S1","key":"1_CR26","doi-asserted-by":"publisher","first-page":"160","DOI":"10.46586\/tosc.v2020.iS1.160-207","volume":"2020","author":"A Canteaut","year":"2020","unstructured":"Canteaut, A., et al.: Saturnin: a suite of lightweight symmetric algorithms for post-quantum security. IACR Trans. Symmetric Cryptol. 2020(S1), 160\u2013207 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/978-3-642-40041-4_13","volume-title":"Advances in Cryptology \u2013 CRYPTO 2013","author":"A Canteaut","year":"2013","unstructured":"Canteaut, A., Naya-Plasencia, M., Vayssi\u00e8re, B.: Sieve-in-the-middle: improved MITM attacks. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 222\u2013240. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-40041-4_13"},{"key":"1_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"683","DOI":"10.1007\/978-3-319-78375-8_22","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2018","author":"C Cid","year":"2018","unstructured":"Cid, C., Huang, T., Peyrin, T., Sasaki, Yu., Song, L.: Boomerang connectivity table: a new cryptanalysis tool. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part II. LNCS, vol. 10821, pp. 683\u2013714. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-78375-8_22"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Cid, C., Huang, T., Peyrin, T., Sasaki, Y., Song, L.: A security analysis of Deoxys and its internal tweakable block ciphers. IACR Trans. Symmetric Cryptol. 2017(3), 73\u2013107 (2017)","DOI":"10.46586\/tosc.v2017.i3.73-107"},{"issue":"4","key":"1_CR30","doi-asserted-by":"publisher","first-page":"104","DOI":"10.46586\/tosc.v2020.i4.104-129","volume":"2020","author":"S Delaune","year":"2020","unstructured":"Delaune, S., Derbez, P., Vavrille, M.: Catching the fastest boomerangs application to SKINNY. IACR Trans. Symmetric Cryptol. 2020(4), 104\u2013129 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1007\/978-3-662-53008-5_6","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"P Derbez","year":"2016","unstructured":"Derbez, P., Fouque, P.-A.: Automatic search of meet-in-the-middle and impossible differential attacks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II. LNCS, vol. 9815, pp. 157\u2013184. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_6"},{"key":"1_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-642-38348-9_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"P Derbez","year":"2013","unstructured":"Derbez, P., Fouque, P.-A., Jean, J.: Improved key recovery attacks on reduced-round AES in the single-key setting. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 371\u2013387. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38348-9_23"},{"key":"1_CR33","unstructured":"Dong, X., Qin, L., Sun, S., Wang, X.: Key guessing strategies for linear key-schedule algorithms in rectangle attacks. Cryptology ePrint Archive, Report 2021\/856 (2021). https:\/\/ia.cr\/2021\/856"},{"key":"1_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1007\/978-3-540-89754-5_24","volume-title":"Progress in Cryptology - INDOCRYPT 2008","author":"O Dunkelman","year":"2008","unstructured":"Dunkelman, O., Indesteege, S., Keller, N.: A differential-linear attack on 12-round serpent. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 308\u2013321. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-89754-5_24"},{"key":"1_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/978-3-030-45721-1_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"O Dunkelman","year":"2020","unstructured":"Dunkelman, O., Keller, N., Ronen, E., Shamir, A.: The retracing boomerang attack. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part I. LNCS, vol. 12105, pp. 280\u2013309. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_11"},{"key":"1_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1007\/978-3-642-17373-8_10","volume-title":"Advances in Cryptology - ASIACRYPT 2010","author":"O Dunkelman","year":"2010","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: Improved single-key attacks on 8-round AES-192 and AES-256. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 158\u2013176. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17373-8_10"},{"key":"1_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1007\/978-3-642-14623-7_21","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"O Dunkelman","year":"2010","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 393\u2013410. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14623-7_21"},{"issue":"4","key":"1_CR38","doi-asserted-by":"publisher","first-page":"824","DOI":"10.1007\/s00145-013-9154-9","volume":"27","author":"O Dunkelman","year":"2014","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: A practical-time related-key attack on the KASUMI cryptosystem used in GSM and 3G telephony. J. Cryptol. 27(4), 824\u2013849 (2014)","journal-title":"J. Cryptol."},{"key":"1_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/978-3-030-45721-1_9","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"A Fl\u00f3rez-Guti\u00e9rrez","year":"2020","unstructured":"Fl\u00f3rez-Guti\u00e9rrez, A., Naya-Plasencia, M.: Improving key-recovery in linear attacks: application to 28-round PRESENT. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part I. LNCS, vol. 12105, pp. 221\u2013249. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_9"},{"issue":"3","key":"1_CR40","doi-asserted-by":"publisher","first-page":"119","DOI":"10.46586\/tosc.v2020.i3.119-151","volume":"2020","author":"H Guo","year":"2020","unstructured":"Guo, H., et al.: Differential attacks on CRAFT exploiting the involutory s-boxes and tweak additions. IACR Trans. Symmetric Cryptol. 2020(3), 119\u2013151 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"issue":"2","key":"1_CR41","doi-asserted-by":"publisher","first-page":"140","DOI":"10.46586\/tosc.v2021.i2.140-198","volume":"2021","author":"H Hadipour","year":"2021","unstructured":"Hadipour, H., Bagheri, N., Song, L.: Improved rectangle attacks on SKINNY and CRAFT. IACR Trans. Symmetric Cryptol. 2021(2), 140\u2013198 (2021)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1007\/978-3-662-45608-8_15","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"J Jean","year":"2014","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T.: Tweaks and keys for block ciphers: the TWEAKEY framework. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 274\u2013288. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45608-8_15"},{"key":"1_CR43","unstructured":"Jean, J., Nikoli\u0107, I., Peyrin, T., Seurin, Y.: Submission to CAESAR: Deoxys v1.41, October 2016. http:\/\/competitions.cr.yp.to\/round3\/deoxysv141.pdf"},{"key":"1_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/978-3-030-81652-0_8","volume-title":"Selected Areas in Cryptography","author":"F Ji","year":"2021","unstructured":"Ji, F., Zhang, W., Zhou, C., Ding, T.: Improved (related-key) differential cryptanalysis on GIFT. In: Dunkelman, O., Jacobson, Jr., M.J., O\u2019Flynn, C. (eds.) SAC 2020. LNCS, vol. 12804, pp. 198\u2013228. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-81652-0_8"},{"key":"1_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/3-540-44706-7_6","volume-title":"Fast Software Encryption","author":"J Kelsey","year":"2001","unstructured":"Kelsey, J., Kohno, T., Schneier, B.: Amplified boomerang attacks against reduced-round MARS and serpent. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 75\u201393. Springer, Heidelberg (2001). https:\/\/doi.org\/10.1007\/3-540-44706-7_6"},{"key":"1_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-662-47989-6_8","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"S K\u00f6lbl","year":"2015","unstructured":"K\u00f6lbl, S., Leander, G., Tiessen, T.: Observations on the SIMON block cipher family. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015, Part I. LNCS, vol. 9215, pp. 161\u2013185. Springer, Heidelberg (2015). https:\/\/doi.org\/10.1007\/978-3-662-47989-6_8"},{"issue":"3","key":"1_CR47","doi-asserted-by":"publisher","first-page":"37","DOI":"10.46586\/tosc.v2017.i3.37-72","volume":"2017","author":"G Liu","year":"2017","unstructured":"Liu, G., Ghosh, M., Song, L.: Security analysis of SKINNY under related-tweakey settings. IACR Trans. Symmetric Cryptol. 2017(3), 37\u201372 (2017)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-030-84252-9_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2021","author":"M Liu","year":"2021","unstructured":"Liu, M., Lu, X., Lin, D.: Differential-linear cryptanalysis from an algebraic perspective. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021, Part II. LNCS, vol. 12827, pp. 247\u2013277. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-84252-9_9"},{"key":"1_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1007\/978-3-540-79263-5_24","volume-title":"Topics in Cryptology \u2013 CT-RSA 2008","author":"J Lu","year":"2008","unstructured":"Lu, J., Kim, J., Keller, N., Dunkelman, O.: Improving the efficiency of impossible differential cryptanalysis of reduced camellia and MISTY1. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 370\u2013386. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-79263-5_24"},{"key":"1_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-642-34704-7_5","volume-title":"Information Security and Cryptology","author":"N Mouha","year":"2012","unstructured":"Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57\u201376. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-34704-7_5"},{"issue":"4","key":"1_CR51","doi-asserted-by":"publisher","first-page":"2517","DOI":"10.1109\/TIT.2011.2111091","volume":"57","author":"S Murphy","year":"2011","unstructured":"Murphy, S.: The return of the cryptographic boomerang. IEEE Trans. Inf. Theory 57(4), 2517\u20132521 (2011)","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"2","key":"1_CR52","doi-asserted-by":"publisher","first-page":"249","DOI":"10.46586\/tosc.v2021.i2.249-291","volume":"2021","author":"L Qin","year":"2021","unstructured":"Qin, L., Dong, X., Wang, X., Jia, K., Liu, Y.: Automated search oriented to key recovery on ciphers with linear key schedule applications to boomerangs in SKINNY and ForkSkinny. IACR Trans. Symmetric Cryptol. 2021(2), 249\u2013291 (2021)","journal-title":"IACR Trans. Symmetric Cryptol."},{"issue":"3","key":"1_CR53","doi-asserted-by":"publisher","first-page":"124","DOI":"10.46586\/tosc.v2018.i3.124-162","volume":"2018","author":"S Sadeghi","year":"2018","unstructured":"Sadeghi, S., Mohammadi, T., Bagheri, N.: Cryptanalysis of reduced round SKINNY block cipher. IACR Trans. Symmetric Cryptol. 2018(3), 124\u2013162 (2018)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR54","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/978-3-319-56617-7_7","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2017","author":"Yu Sasaki","year":"2017","unstructured":"Sasaki, Yu., Todo, Y.: New impossible differential search tool from design and cryptanalysis aspects. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part III. LNCS, vol. 10212, pp. 185\u2013215. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-56617-7_7"},{"issue":"1","key":"1_CR55","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/s00145-007-9013-7","volume":"21","author":"AA Sel\u00e7uk","year":"2008","unstructured":"Sel\u00e7uk, A.A.: On probability of success in linear and differential cryptanalysis. J. Cryptol. 21(1), 131\u2013147 (2008)","journal-title":"J. Cryptol."},{"key":"1_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-03329-3_1","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"D Shi","year":"2018","unstructured":"Shi, D., Sun, S., Derbez, P., Todo, Y., Sun, B., Hu, L.: Programming the Demirci-Sel\u00e7uk meet-in-the-middle attack with constraints. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018, Part II. LNCS, vol. 11273, pp. 3\u201334. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03329-3_1"},{"key":"1_CR57","doi-asserted-by":"crossref","unstructured":"Song, L., Qin, X., Hu, L.: Boomerang connectivity table revisited. application to SKINNY and AES. IACR Trans. Symmetric Cryptol. 2019(1), 118\u2013141 (2019)","DOI":"10.46586\/tosc.v2019.i1.118-141"},{"issue":"1","key":"1_CR58","doi-asserted-by":"publisher","first-page":"269","DOI":"10.46586\/tosc.v2021.i1.269-315","volume":"2021","author":"L Sun","year":"2021","unstructured":"Sun, L., Wang, W., Wang, M.: Accelerating the search of differential and linear characteristics with the SAT method. IACR Trans. Symmetric Cryptol. 2021(1), 269\u2013315 (2021)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1007\/978-3-662-45611-8_9","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"S Sun","year":"2014","unstructured":"Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part I. LNCS, vol. 8873, pp. 158\u2013178. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-45611-8_9"},{"key":"1_CR60","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/3-540-48519-8_12","volume-title":"Fast Software Encryption","author":"D Wagner","year":"1999","unstructured":"Wagner, D.: The boomerang attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156\u2013170. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48519-8_12"},{"key":"1_CR61","doi-asserted-by":"crossref","unstructured":"Wang, H., Peyrin, T.: Boomerang switch in multiple rounds. Application to AES variants and deoxys. IACR Trans. Symmetric Cryptol. 2019(1), 142\u2013169 (2019)","DOI":"10.46586\/tosc.v2019.i1.142-169"},{"issue":"3","key":"1_CR62","doi-asserted-by":"publisher","first-page":"121","DOI":"10.46586\/tosc.v2019.i3.121-151","volume":"2019","author":"B Zhao","year":"2019","unstructured":"Zhao, B., Dong, X., Jia, K.: New related-tweakey boomerang and rectangle attacks on Deoxys-BC including BDT effect. IACR Trans. Symmetric Cryptol. 2019(3), 121\u2013151 (2019)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/978-3-030-35423-7_7","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2019","author":"B Zhao","year":"2019","unstructured":"Zhao, B., Dong, X., Jia, K., Meier, W.: Improved related-Tweakey rectangle attacks on reduced-round Deoxys-BC-384 and Deoxys-I-256-128. In: Hao, F., Ruj, S., Sen Gupta, S. (eds.) INDOCRYPT 2019. LNCS, vol. 11898, pp. 139\u2013159. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-35423-7_7"},{"issue":"6","key":"1_CR64","doi-asserted-by":"publisher","first-page":"1103","DOI":"10.1007\/s10623-020-00730-1","volume":"88","author":"B Zhao","year":"2020","unstructured":"Zhao, B., Dong, X., Meier, W., Jia, K., Wang, G.: Generalized related-key rectangle attacks on block ciphers with linear key schedule: applications to SKINNY and GIFT. Des. Codes Crypt. 88(6), 1103\u20131126 (2020). https:\/\/doi.org\/10.1007\/s10623-020-00730-1","journal-title":"Des. Codes Crypt."}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2022"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-07082-2_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,27]],"date-time":"2025-05-27T22:02:26Z","timestamp":1748383346000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-07082-2_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031070815","9783031070822"],"references-count":64,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-07082-2_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"25 May 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Trondheim","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 May 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 June 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"41","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"HotCRP","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"372","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"85","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"18","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Peer review was double-blind with rebuttal.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}