{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T18:23:10Z","timestamp":1773512590024,"version":"3.50.1"},"publisher-location":"Cham","reference-count":64,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031911330","type":"print"},{"value":"9783031911347","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-91134-7_11","type":"book-chapter","created":{"date-parts":[[2025,4,26]],"date-time":"2025-04-26T11:04:29Z","timestamp":1745665469000},"page":"303-332","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["$$\\textsf{Polocolo}$$: A ZK-Friendly Hash Function Based on\u00a0S-Boxes Using Power Residues"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0496-1450","authenticated-orcid":false,"given":"Jincheol","family":"Ha","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2166-6421","authenticated-orcid":false,"given":"Seongha","family":"Hwang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5471-9350","authenticated-orcid":false,"given":"Jooyoung","family":"Lee","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0005-5734-2727","authenticated-orcid":false,"given":"Seungmin","family":"Park","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3651-2425","authenticated-orcid":false,"given":"Mincheol","family":"Son","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,4,27]]},"reference":[{"key":"11_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-662-53887-6_7","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2016","author":"M Albrecht","year":"2016","unstructured":"Albrecht, M., Grassi, L., Rechberger, C., Roy, A., Tiessen, T.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 191\u2013219. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53887-6_7"},{"key":"11_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-030-34618-8_13","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2019","author":"MR Albrecht","year":"2019","unstructured":"Albrecht, M.R., et al.: Algebraic cryptanalysis of\u00a0stark-friendly designs: application to MARVELlous and MiMC. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11923, pp. 371\u2013397. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-34618-8_13"},{"key":"11_CR3","doi-asserted-by":"publisher","unstructured":"Aly, A., Ashur, T., Ben-Sasson, E., Dhooghe, S., Szepieniec, A.: Design of symmetric-key primitives for advanced cryptographic protocols. ToSC 2020 2020(3) (2020). https:\/\/doi.org\/10.13154\/tosc.v2020.i3.1-45","DOI":"10.13154\/tosc.v2020.i3.1-45"},{"key":"11_CR4","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-031-58751-1_1","volume-title":"EUROCRYPT 2024","author":"A Arun","year":"2024","unstructured":"Arun, A., Setty, S., Thaler, J.: Jolt: snarks for virtual machines via lookups. In: Joye, M., Leander, G. (eds.) EUROCRYPT 2024. LNCS, vol. 14656, pp. 3\u201333. Springer, Cham (2024). https:\/\/doi.org\/10.1007\/978-3-031-58751-1_1"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Ashur, T., Buschman, T., Mahzoun, M.: Algebraic cryptanalysis of hades design strategy: application to poseidon and poseidon2. Cryptology ePrint Archive (2023)","DOI":"10.1007\/978-981-97-5028-3_12"},{"key":"11_CR6","unstructured":"Ashur, T., Dhooghe, S.: MARVELlous: a STARK-Friendly Family of Cryptographic Primitives. IACR Cryptology ePrint Archive, Report 2018\/1098 (2018). https:\/\/eprint.iacr.org\/2018\/1098"},{"key":"11_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1007\/978-3-540-77360-3_13","volume-title":"Selected Areas in Cryptography","author":"T Baign\u00e8res","year":"2007","unstructured":"Baign\u00e8res, T., Stern, J., Vaudenay, S.: Linear cryptanalysis of non binary ciphers. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 184\u2013211. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-77360-3_13"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"Bariant, A., et al.: The Algebraic Freelunch Efficient Gr\u00f6bner Basis Attacks Against Arithmetization-Oriented Primitives. Cryptology ePrint Archive (2024)","DOI":"10.1007\/978-3-031-68385-5_5"},{"key":"11_CR9","unstructured":"Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive (2018)"},{"key":"11_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1007\/978-3-030-17653-2_4","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2019","author":"E Ben-Sasson","year":"2019","unstructured":"Ben-Sasson, E., Chiesa, A., Riabzev, M., Spooner, N., Virza, M., Ward, N.P.: Aurora: transparent succinct arguments for R1CS. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 103\u2013128. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-17653-2_4"},{"key":"11_CR11","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van\u00a0Assche, G.: Sponge functions. In: ECRYPT Hash Workshop, vol.\u00a02007 (2007)"},{"key":"11_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-540-78967-3_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"G Bertoni","year":"2008","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: On the indifferentiability of the sponge construction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 181\u2013197. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78967-3_11"},{"key":"11_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-642-38348-9_19","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2013","author":"G Bertoni","year":"2013","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313\u2013314. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38348-9_19"},{"key":"11_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/978-3-030-03326-2_20","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2018","author":"J Bootle","year":"2018","unstructured":"Bootle, J., Cerulli, A., Groth, J., Jakobsen, S., Maller, M.: Arya: nearly linear-time zero-knowledge proofs for correct program execution. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11272, pp. 595\u2013626. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03326-2_20"},{"key":"11_CR15","doi-asserted-by":"publisher","unstructured":"Bouvier, C., et al.: New design techniques for efficient arithmetization-oriented hash functions: anemoi permutations and jive compression mode. In: Handschuh, H., Lysyanskaya, A. (eds.) CRYPTO 2023. LNCS, vol. 14083, pp. 507\u2013539. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-38548-3_17","DOI":"10.1007\/978-3-031-38548-3_17"},{"key":"11_CR16","unstructured":"Bowe, S., Grigg, J., Hopwood, D.: Recursive proof composition without a trusted setup. Cryptology ePrint Archive (2019)"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"B\u00fcnz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: S &P 2018, pp. 315\u2013334. IEEE (2018)","DOI":"10.1109\/SP.2018.00020"},{"key":"11_CR18","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"499","DOI":"10.1007\/978-3-031-30617-4_17","volume-title":"EUROCRYPT 2023","author":"B Chen","year":"2023","unstructured":"Chen, B., B\u00fcnz, B., Boneh, D., Zhang, Z.: Hyperplonk: plonk with linear-time prover and high-degree custom gates. In: Hazay, C., Stam, M. (eds.) EUROCRYPT 2023. LNCS, vol. 14005, pp. 499\u2013530. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-30617-4_17"},{"key":"11_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"738","DOI":"10.1007\/978-3-030-45721-1_26","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"A Chiesa","year":"2020","unstructured":"Chiesa, A., Hu, Y., Maller, M., Mishra, P., Vesely, N., Ward, N.: Marlin: preprocessing zkSNARKs with universal and updatable SRS. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 738\u2013768. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45721-1_26"},{"key":"11_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/0-387-34799-2_13","volume-title":"Advances in Cryptology \u2014 CRYPTO\u2019 88","author":"IB Damg\u00e5rd","year":"1990","unstructured":"Damg\u00e5rd, I.B.: On the randomness of Legendre and Jacobi sequences. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 163\u2013172. Springer, New York (1990). https:\/\/doi.org\/10.1007\/0-387-34799-2_13"},{"issue":"3","key":"11_CR21","doi-asserted-by":"publisher","first-page":"1276","DOI":"10.1109\/18.669398","volume":"44","author":"C Ding","year":"1998","unstructured":"Ding, C., Hesseseth, T., Shan, W.: On the linear complexity of Legendre sequences. IEEE Trans. Inf. Theory 44(3), 1276\u20131278 (1998)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Duval, S., Leurent, G.: MDS matrices with lightweight circuits. ToSC 2018 2018(2), 48\u201378 (2018)","DOI":"10.46586\/tosc.v2018.i2.48-78"},{"key":"11_CR23","unstructured":"Eagen, L., Fiore, D., Gabizon, A.: CQ: cached quotients for fast lookups. Cryptology ePrint Archive (2022)"},{"key":"11_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"477","DOI":"10.1007\/978-3-030-64837-4_16","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2020","author":"M Eichlseder","year":"2020","unstructured":"Eichlseder, M., et al.: An algebraic attack on ciphers with low-degree round functions: application to full MiMC. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12491, pp. 477\u2013506. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-64837-4_16"},{"key":"11_CR25","unstructured":"Farmer, B.: Introducing Plonky2 (2022)"},{"issue":"1\u20133","key":"11_CR26","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1016\/S0022-4049(99)00005-5","volume":"139","author":"JC Faugere","year":"1999","unstructured":"Faugere, J.C.: A new efficient algorithm for computing Gr\u00f6bner bases ($$F_4$$). J. Pure Appl. Algebra 139(1\u20133), 61\u201388 (1999). https:\/\/doi.org\/10.1016\/S0022-4049(99)00005-5","journal-title":"J. Pure Appl. Algebra"},{"key":"11_CR27","doi-asserted-by":"publisher","unstructured":"Faug\u00e8re, J.C.: A new efficient algorithm for computing Gr\u00f6bner bases without reduction to zero ($$F_5$$). In: ISSAC 2002. pp. 75\u201383. ACM (2002). https:\/\/doi.org\/10.1145\/780506.780516","DOI":"10.1145\/780506.780516"},{"key":"11_CR28","doi-asserted-by":"crossref","unstructured":"Faug\u00e8re, J.C., Gaudry, P., Huot, L., Renault, G.: Sub-cubic change of ordering for Gr\u00f6bner basis: a probabilistic approach. In: Proceedings of the 39th International Symposium on Symbolic and Algebraic Computation, pp. 170\u2013177 (2014)","DOI":"10.1145\/2608628.2608669"},{"issue":"4","key":"11_CR29","doi-asserted-by":"publisher","first-page":"329","DOI":"10.1006\/jsco.1993.1051","volume":"16","author":"JC Faugere","year":"1993","unstructured":"Faugere, J.C., Gianni, P., Lazard, D., Mora, T.: Efficient computation of zero-dimensional Gr\u00f6bner bases by change of ordering. J. Symb. Comput. 16(4), 329\u2013344 (1993)","journal-title":"J. Symb. Comput."},{"key":"11_CR30","doi-asserted-by":"publisher","first-page":"538","DOI":"10.1016\/j.jsc.2016.07.025","volume":"80","author":"JC Faug\u00e8re","year":"2017","unstructured":"Faug\u00e8re, J.C., Mou, C.: Sparse FGLM algorithms. J. Symb. Comput. 80, 538\u2013569 (2017)","journal-title":"J. Symb. Comput."},{"key":"11_CR31","unstructured":"Gabizon, A., Williamson, Z.J.: plookup: a simplified polynomial protocol for lookup tables. Cryptology ePrint Archive (2020)"},{"key":"11_CR32","unstructured":"Gabizon, A., Williamson, Z.J., Ciobotaru, O.: Plonk: permutations over lagrange-bases for oecumenical noninteractive arguments of knowledge. Cryptology ePrint Archive (2019)"},{"key":"11_CR33","doi-asserted-by":"crossref","unstructured":"Grassi, L., Hao, Y., Rechberger, C., Schofnegger, M., Walch, R., Wang, Q.: Horst meets Fluid-SPN: Griffin for zero-knowledge applications. In: CRYPTO 2023. pp. 573\u2013606. Springer (2023)","DOI":"10.1007\/978-3-031-38548-3_19"},{"key":"11_CR34","doi-asserted-by":"crossref","unstructured":"Grassi, L., Khovratovich, D., L\u00fcftenegger, R., Rechberger, C., Schofnegger, M., Walch, R.: Reinforced concrete: a fast hash function for verifiable computation. In: CCS 2022, pp. 1323\u20131335 (2022)","DOI":"10.1145\/3548606.3560686"},{"key":"11_CR35","unstructured":"Grassi, L., Khovratovich, D., L\u00fcftenegger, R., Rechberger, C., Schofnegger, M., Walch, R.: Hash Functions Monolith for ZK Applications: May the Speed of SHA-3 be With You. IACR Cryptol. ePrint Arch. 2023, 1025 (2023)"},{"key":"11_CR36","unstructured":"Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., Schofnegger, M.: Poseidon: a new hash function for zero-knowledge proof systems. In: USENIX 2021, pp. 519\u2013535. USENIX Association (2021)"},{"key":"11_CR37","doi-asserted-by":"crossref","unstructured":"Grassi, L., Khovratovich, D., R\u00f8njom, S., Schofnegger, M.: The Legendre Symbol and the Modulo-2 Operator in Symmetric Schemes over $$\\mathbb{F}_{p}^{n}$$. Cryptology ePrint Archive (2021)","DOI":"10.46586\/tosc.v2022.i1.5-37"},{"key":"11_CR38","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1007\/978-3-031-37679-5_8","volume-title":"AFRICACRYPT 2023","author":"L Grassi","year":"2023","unstructured":"Grassi, L., Khovratovich, D., Schofnegger, M.: Poseidon2: a faster version of the Poseidon hash function. In: El Mrabet, N., De Feo, L., Duquesne, S. (eds.) AFRICACRYPT 2023. LNCS, vol. 14064, pp. 177\u2013203. Springer, Cham (2023)"},{"key":"11_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"674","DOI":"10.1007\/978-3-030-45724-2_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2020","author":"L Grassi","year":"2020","unstructured":"Grassi, L., L\u00fcftenegger, R., Rechberger, C., Rotaru, D., Schofnegger, M.: On a generalization of substitution-permutation networks: the HADES design strategy. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 674\u2013704. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-45724-2_23"},{"key":"11_CR40","doi-asserted-by":"crossref","unstructured":"Grassi, L., Rechberger, C., Rotaru, D., Scholl, P., Smart, N.P.: MPC-friendly symmetric key primitives. In: CCS 2016, pp. 430\u2013443. ACM (2016)","DOI":"10.1145\/2976749.2978332"},{"key":"11_CR41","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-662-49896-5_11","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"J Groth","year":"2016","unstructured":"Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305\u2013326. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49896-5_11"},{"key":"11_CR42","doi-asserted-by":"crossref","unstructured":"Gyarmati, K., Mauduit, C., S\u00e1rk\u00f6zy, A.: The cross-correlation measure for families of binary sequences (2014)","DOI":"10.1017\/CBO9781139696456.009"},{"key":"11_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/3-540-60590-8_16","volume-title":"Fast Software Encryption","author":"LR Knudsen","year":"1995","unstructured":"Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196\u2013211. Springer, Heidelberg (1995). https:\/\/doi.org\/10.1007\/3-540-60590-8_16"},{"key":"11_CR44","doi-asserted-by":"crossref","unstructured":"Koschatko, K., L\u00fcftenegger, R., Rechberger, C.: Exploring the Six Worlds of Gr\u00f6bner Basis Cryptanalysis: Application to Anemoi. Cryptology ePrint Archive (2024)","DOI":"10.46586\/tosc.v2024.i4.138-190"},{"key":"11_CR45","doi-asserted-by":"crossref","unstructured":"Maram, D., et al.: Candid: can-do decentralized identity with legacy compatibility, sybil-resistance, and accountability. In: S &P 2021, pp. 1348\u20131366. IEEE (2021)","DOI":"10.1109\/SP40001.2021.00038"},{"key":"11_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/3-540-48285-7_33","volume-title":"Advances in Cryptology \u2014 EUROCRYPT \u201993","author":"M Matsui","year":"1994","unstructured":"Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386\u2013397. Springer, Heidelberg (1994). https:\/\/doi.org\/10.1007\/3-540-48285-7_33"},{"issue":"4","key":"11_CR47","doi-asserted-by":"publisher","first-page":"365","DOI":"10.4064\/aa-82-4-365-377","volume":"82","author":"C Mauduit","year":"1997","unstructured":"Mauduit, C., S\u00e1rk\u00f6zy, A.: On finite pseudorandom binary sequences I: Measure of pseudorandomness, the Legendre symbol. Acta Arith 82(4), 365\u2013377 (1997)","journal-title":"Acta Arith"},{"key":"11_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1007\/978-3-642-03317-9_8","volume-title":"Fast Software Encryption","author":"T Fuhr","year":"2009","unstructured":"Fuhr, T., Peyrin, T.: Cryptanalysis of. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 122\u2013138. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03317-9_8"},{"key":"11_CR49","unstructured":"Pearson, L., Fitzgerald, J., Masip, H., Bell\u00e9s-Mu\u00f1oz, M., Mu\u00f1oz-Tapia, J.L.: Plonkup: Reconciling plonk with plookup. Cryptology ePrint Archive (2022)"},{"key":"11_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/978-3-662-53008-5_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"L Perrin","year":"2016","unstructured":"Perrin, L., Udovenko, A., Biryukov, A.: Cryptanalysis of a theorem: decomposing the only known solution to the big APN problem. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 93\u2013122. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-53008-5_4"},{"key":"11_CR51","unstructured":"Pertsev, A., Semenov, R., Storm, R.: Tornado cash privacy solution version 1.4. Tornado cash privacy solution version 1, 7 (2019)"},{"key":"11_CR52","unstructured":"Pub, F.: Secure hash standard (shs). Fips pub 180(4) (2012)"},{"key":"11_CR53","unstructured":"Roy, A., Steiner, M.J., Trevisani, S.: Arion: Arithmetization-oriented permutation and hashing from generalized triangular dynamical systems. arXiv preprint arXiv:2303.04639 (2023)"},{"key":"11_CR54","unstructured":"Sauer, J.F., Szepieniec, A.: SoK: Gr\u00f6bner Basis Algorithms for Arithmetization Oriented Ciphers. Cryptology ePrint Archive, Paper 2021\/870 (2021). https:\/\/eprint.iacr.org\/2021\/870"},{"key":"11_CR55","unstructured":"Szepieniec, A.: On the use of the legendre symbol in symmetric cipher design. Cryptology ePrint Archive (2021)"},{"key":"11_CR56","unstructured":"Szepieniec, A., Ashur, T., Dhooghe, S.: Rescue-prime: a standard specification (SoK). Cryptology ePrint Archive (2020)"},{"key":"11_CR57","unstructured":"Szepieniec, A., Lemmens, A., Sauer, J.F., Threadbare, B., et\u00a0al.: The tip5 hash function for recursive starks. Cryptology ePrint Archive (2023)"},{"key":"11_CR58","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/s10998-007-4185-1","volume":"55","author":"V T\u00f3th","year":"2007","unstructured":"T\u00f3th, V.: Collision and avalanche effect in families of pseudorandom binary sequences. Period. Math. Hung. 55, 185\u2013196 (2007)","journal-title":"Period. Math. Hung."},{"key":"11_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/3-540-48519-8_12","volume-title":"Fast Software Encryption","author":"D Wagner","year":"1999","unstructured":"Wagner, D.: The boomerang attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156\u2013170. Springer, Heidelberg (1999). https:\/\/doi.org\/10.1007\/3-540-48519-8_12"},{"issue":"5","key":"11_CR60","doi-asserted-by":"publisher","first-page":"204","DOI":"10.1073\/pnas.34.5.204","volume":"34","author":"A Weil","year":"1948","unstructured":"Weil, A.: On some exponential sums. Proc. Natl. Acad. Sci. 34(5), 204\u2013207 (1948)","journal-title":"Proc. Natl. Acad. Sci."},{"key":"11_CR61","doi-asserted-by":"crossref","unstructured":"Xie, T., et al.: zkbridge: trustless cross-chain bridges made practical. In: CCS 2022, pp. 3003\u20133017 (2022)","DOI":"10.1145\/3548606.3560652"},{"key":"11_CR62","doi-asserted-by":"crossref","unstructured":"Yang, H.S., Zheng, Q.X., Yang, J., Liu, Q.f., Tang, D.: A New Security Evaluation Method Based on Resultant for Arithmetic-Oriented Algorithms. Cryptology ePrint Archive (2024)","DOI":"10.1007\/978-981-96-0941-3_15"},{"key":"11_CR63","unstructured":"Zapico, A., Gabizon, A., Khovratovich, D., Maller, M., Rafols, C.: Baloo: nearly optimal lookup arguments. Cryptology ePrint Archive (2022)"},{"key":"11_CR64","series-title":"LNCS","first-page":"400","volume-title":"PKC 2024","author":"Y Zhang","year":"2024","unstructured":"Zhang, Y., Sun, S.F., Gu, D.: Efficient KZG-based univariate sum-check and lookup argument. In: Tang, Q., Teague, V. (eds.) PKC 2024. LNCS, vol. 14602, pp. 400\u2013425. Springer, Cham (2024)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 EUROCRYPT 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-91134-7_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,26]],"date-time":"2025-04-26T11:04:42Z","timestamp":1745665482000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-91134-7_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031911330","9783031911347"],"references-count":64,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-91134-7_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"27 April 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EUROCRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Madrid","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 May 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 May 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eurocrypt2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eurocrypt.iacr.org\/2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}