{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,2]],"date-time":"2026-03-02T15:57:54Z","timestamp":1772467074522,"version":"3.50.1"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319313009","type":"print"},{"value":"9783319313016","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-31301-6_22","type":"book-chapter","created":{"date-parts":[[2016,3,18]],"date-time":"2016-03-18T17:11:22Z","timestamp":1458321082000},"page":"373-393","source":"Crossref","is-referenced-by-count":24,"title":["Construction of Lightweight S-Boxes Using Feistel and MISTY Structures"],"prefix":"10.1007","author":[{"given":"Anne","family":"Canteaut","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"S\u00e9bastien","family":"Duval","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ga\u00ebtan","family":"Leurent","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"22_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430\u2013454. Springer, Heidelberg (2015)"},{"key":"22_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-662-44371-2_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2014","author":"MR Albrecht","year":"2014","unstructured":"Albrecht, M.R., Driessen, B., Kavun, E.B., Leander, G., Paar, C., Yal\u00e7\u0131n, T.: Block ciphers \u2013 focus on the linear layer (feat. PRIDE). In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 57\u201376. Springer, Heidelberg (2014)"},{"issue":"1","key":"22_CR3","first-page":"2","volume":"E80A","author":"K Aoki","year":"1997","unstructured":"Aoki, K., Ohta, K.: Strict evaluation of the maximum average of differential probability and the maximum average of linear probability. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E80A(1), 2\u20138 (1997)","journal-title":"IEICE Trans. Fundam. Electron. Commun. Comput. Sci."},{"key":"22_CR4","unstructured":"Barreto, P.S., Rijmen, V.: The KHAZAD Legacy-Level Block Cipher. NESSIE submission"},{"key":"22_CR5","unstructured":"Barreto, P.S., Rijmen, V.: The WHIRLPOOL Hashing Function. NESSIE submission"},{"issue":"1","key":"22_CR6","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1109\/TIT.1972.1054732","volume":"18","author":"ER Berlekamp","year":"1972","unstructured":"Berlekamp, E.R., Welch, L.R.: Weight distributions of the cosets of the (32, 6) Reed-Muller code. IEEE Trans. Inf. Theor. 18(1), 203\u2013207 (1972)","journal-title":"IEEE Trans. Inf. Theor."},{"key":"22_CR7","unstructured":"Bernstein, D.J.: Cache-timing on AES. In: Symmetric-Key Encryption Workshop - SKEW 2005 (2005). \n                      http:\/\/cr.yp.to\/antiforgery\/cachetiming-20050414.pdf"},{"key":"22_CR8","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak reference, January 2011. \n                      http:\/\/keccak.noekeon.org\/"},{"key":"22_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/3-540-69710-1_15","volume-title":"Fast Software Encryption","author":"E Biham","year":"1998","unstructured":"Biham, E., Anderson, R., Knudsen, L.R.: Serpent: a new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222\u2013238. Springer, Heidelberg (1998)"},{"issue":"1","key":"22_CR10","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/BF00630563","volume":"4","author":"E Biham","year":"1991","unstructured":"Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Crypt. 4(1), 3\u201372 (1991)","journal-title":"J. Crypt."},{"key":"22_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"450","DOI":"10.1007\/978-3-540-74735-2_31","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2007","author":"AA Bogdanov","year":"2007","unstructured":"Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450\u2013466. Springer, Heidelberg (2007)"},{"key":"22_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-642-34961-4_14","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2012","author":"J Borghoff","year":"2012","unstructured":"Borghoff, J., Canteaut, A., G\u00fcneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yal\u00e7\u0131n, T.: PRINCE \u2013 a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208\u2013225. Springer, Heidelberg (2012)"},{"key":"22_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-642-13193-6_16","volume-title":"Experimental Algorithms","author":"J Boyar","year":"2010","unstructured":"Boyar, J., Peralta, R.: A new combinational logic minimization technique with applications to cryptology. In: Festa, P. (ed.) SEA 2010. LNCS, vol. 6049, pp. 178\u2013189. Springer, Heidelberg (2010)"},{"issue":"1\u20133","key":"22_CR14","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/s10623-008-9194-6","volume":"49","author":"M Brinkmann","year":"2008","unstructured":"Brinkmann, M., Leander, G.: On the classification of APN functions up to dimension five. Des. Codes Crypt. 49(1\u20133), 273\u2013288 (2008)","journal-title":"Des. Codes Crypt."},{"key":"22_CR15","unstructured":"Canteaut, A., Duval, S., Leurent, G.: Construction of Lightweight S-Boxes using Feistel and MISTY structures (Full Version). IACR eprint report 2015\/711, Jul 2015. \n                      http:\/\/eprint.iacr.org\/2015\/711"},{"key":"22_CR16","unstructured":"Daemen, J., Peeters, M., Assche, G.V., Rijmen, V.: Nessie proposal. In: NOEKEON (2000)"},{"key":"22_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"272","DOI":"10.1007\/978-3-642-04138-9_20","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2009","author":"C Canni\u00e8re De","year":"2009","unstructured":"De Canni\u00e8re, C., Dunkelman, O., Kne\u017eevi\u0107, M.: KATAN and KTANTAN \u2014 a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272\u2013288. Springer, Heidelberg (2009)"},{"key":"22_CR18","unstructured":"De Canni\u00e8re, C.: Analysis and Design of Symmetric Encryption Algorithms. Ph.D. thesis, KU Leuven (2007)"},{"key":"22_CR19","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F., Schl\u00e4ffer, M.: Ascon v1. In: CAESAR Competition (2014). \n                      http:\/\/competitions.cr.yp.to\/round1\/asconv1.pdf"},{"key":"22_CR20","unstructured":"ETSI\/SAGE: specification of the 3GPP confidentiality and integrity algorithms 128-EEA3 & 128-EIA3. document 4: design and evaluation report. Technical report (2011)"},{"key":"22_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"383","DOI":"10.1007\/978-3-642-40349-1_22","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2013","author":"B G\u00e9rard","year":"2013","unstructured":"G\u00e9rard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block ciphers that are easier to mask: how far can we go? In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 383\u2013399. Springer, Heidelberg (2013)"},{"key":"22_CR22","unstructured":"Grosso, V., Leurent, G., Standaert, F.X., Varici, K., Durvaux, F., Gaspar, L., Kerckhof, S.: SCREAM & iSCREAM side-channel resistant authenticated encryption with masking. In: CAESAR Competition (2014). \n                      http:\/\/competitions.cr.yp.to\/round1\/screamv1.pdf"},{"key":"22_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1007\/978-3-662-46706-0_2","volume-title":"Fast Software Encryption","author":"V Grosso","year":"2015","unstructured":"Grosso, V., Leurent, G., Standaert, F.-X., Var\u0131c\u0131, K.: LS-designs: bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 18\u201337. Springer, Heidelberg (2015)"},{"issue":"2","key":"22_CR24","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1016\/j.dam.2005.03.022","volume":"154","author":"XD Hou","year":"2006","unstructured":"Hou, X.D.: Affinity of permutations of \n                      \n                        \n                      \n                      $${\\mathbb{F}}_2^n$$\n                      \n                        \n                          \n                            F\n                            2\n                            n\n                          \n                        \n                      \n                    . Discrete Appl. Math. 154(2), 313\u2013325 (2006)","journal-title":"Discrete Appl. Math."},{"key":"22_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-04138-9_1","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2009","author":"E K\u00e4sper","year":"2009","unstructured":"K\u00e4sper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1\u201317. Springer, Heidelberg (2009)"},{"key":"22_CR26","unstructured":"Kavun, E.B., Lauridsen, M.M., Leander, G., Rechberger, C., Schwabe, P., Yal\u00e7\u0131n, T.: Pr\u00f8st. CAESAR Proposal (2014). \n                      http:\/\/proest.compute.dtu.dk"},{"key":"22_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/978-3-540-73074-3_13","volume-title":"Arithmetic of Finite Fields","author":"G Leander","year":"2007","unstructured":"Leander, G., Poschmann, A.: On the classification of 4 bit S-Boxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 159\u2013176. Springer, Heidelberg (2007)"},{"key":"22_CR28","series-title":"Lecture Notes in Computer Science","first-page":"127","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2014","author":"Y Li","year":"2014","unstructured":"Li, Y., Wang, M.: Constructing S-Boxes for lightweight cryptography with Feistel structure. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 127\u2013146. Springer, Heidelberg (2014)"},{"key":"22_CR29","unstructured":"Lim, C.H.: CRYPTON: A new 128-bit block cipher. AES submission (1998)"},{"key":"22_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-48519-8_3","volume-title":"Fast Software Encryption","author":"CH Lim","year":"1999","unstructured":"Lim, C.H.: A revised version of CRYPTON - CRYPTON V1.0. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 31\u201345. Springer, Heidelberg (1999)"},{"key":"22_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/3-540-48285-7_33","volume-title":"Advances in Cryptology - EUROCRYPT \u201993","author":"M Matsui","year":"1994","unstructured":"Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386\u2013397. Springer, Heidelberg (1994)"},{"key":"22_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1007\/3-540-60865-6_54","volume-title":"Fast Software Encryption","author":"M Matsui","year":"1996","unstructured":"Matsui, M.: New structure of block ciphers with provable security against differential. In: Gollmann, Dieter (ed.) FSE 1996. LNCS, vol. 1039, pp. 205\u2013218. Springer, Heidelberg (1996)"},{"key":"22_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1007\/BFb0052334","volume-title":"Fast Software Encryption","author":"M Matsui","year":"1997","unstructured":"Matsui, M.: New block encryption algorithm MISTY. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 54\u201368. Springer, Heidelberg (1997)"},{"key":"22_CR34","unstructured":"National Institute of Standards and Technology: Data Encryption Standard, FIPS Publication 46-2, December 1993"},{"key":"22_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1007\/3-540-46416-6_32","volume-title":"Advances in Cryptology - EUROCRYPT \u201991","author":"K Nyberg","year":"1991","unstructured":"Nyberg, K.: Perfect nonlinear S-Boxes. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 378\u2013386. Springer, Heidelberg (1991)"},{"key":"22_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/3-540-48285-7_6","volume-title":"Advances in Cryptology - EUROCRYPT \u201993","author":"K Nyberg","year":"1994","unstructured":"Nyberg, K.: Differentially uniform mappings for cryptography. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 55\u201364. Springer, Heidelberg (1994)"},{"key":"22_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"439","DOI":"10.1007\/BFb0053460","volume-title":"Advances in Cryptology - EUROCRYPT \u201994","author":"K Nyberg","year":"1995","unstructured":"Nyberg, K.: Linear approximation of block ciphers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 439\u2013444. Springer, Heidelberg (1995)"},{"issue":"1","key":"22_CR38","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1007\/BF00204800","volume":"8","author":"K Nyberg","year":"1995","unstructured":"Nyberg, K., Knudsen, L.R.: Provable security against a differential attack. J. Crypt. 8(1), 27\u201337 (1995)","journal-title":"J. Crypt."},{"key":"22_CR39","unstructured":"Osvik, D.A.: Speeding up Serpent. In: AES Candidate Conference, pp. 317\u2013329 (2000)"},{"key":"22_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"413","DOI":"10.1007\/978-3-642-15031-9_28","volume-title":"Cryptographic Hardware and Embedded Systems, CHES 2010","author":"M Rivain","year":"2010","unstructured":"Rivain, M., Prouff, E.: Provably secure higher-order masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413\u2013427. Springer, Heidelberg (2010)"},{"issue":"3","key":"22_CR41","doi-asserted-by":"publisher","first-page":"300","DOI":"10.1016\/0097-3165(76)90024-8","volume":"20","author":"OS Rothaus","year":"1976","unstructured":"Rothaus, O.S.: On \u201cbent\u201d functions. J. Comb. Theor. Ser. A 20(3), 300\u2013305 (1976)","journal-title":"J. Comb. Theor. Ser. A"},{"issue":"4","key":"22_CR42","doi-asserted-by":"publisher","first-page":"656","DOI":"10.1002\/j.1538-7305.1949.tb00928.x","volume":"28","author":"CE Shannon","year":"1949","unstructured":"Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28(4), 656\u2013715 (1949)","journal-title":"Bell Syst. Tech. J."},{"key":"22_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1007\/978-3-540-25937-4_18","volume-title":"Fast Software Encryption","author":"F-X Standaert","year":"2004","unstructured":"Standaert, F.-X., Piret, G., Rouvroy, G., Quisquater, J.-J., Legat, J.-D.: ICEBERG: an involutional cipher efficient for block encryption in reconfigurable hardware. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 279\u2013299. Springer, Heidelberg (2004)"},{"key":"22_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"339","DOI":"10.1007\/978-3-642-35999-6_22","volume-title":"Selected Areas in Cryptography","author":"T Suzaki","year":"2013","unstructured":"Suzaki, T., Minematsu, K., Morioka, S., Kobayashi, E.: Twine: a lightweight block cipher for multiple platforms. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 339\u2013354. Springer, Heidelberg (2013)"},{"key":"22_CR45","unstructured":"Ullrich, M., De Canni\u00e8re, C., Indesteege, S., K\u00fc\u00e7\u00fck, \u00d6., Mouha, N., Preneel, B.: Finding optimal bitsliced implementations of 4\n                      \n                        \n                      \n                      $$\\times $$\n                      \n                        \n                          \u00d7\n                        \n                      \n                    4-bit S-Boxes. In: SKEW 2011 Symmetric Key Encryption Workshop, Copenhagen, Denmark, pp. 16\u201317 (2011)"},{"key":"22_CR46","volume-title":"The Complexity of Boolean Functions","author":"I Wegener","year":"1987","unstructured":"Wegener, I.: The Complexity of Boolean Functions. Wiley-Teubner, New York (1987)"},{"key":"22_CR47","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"363","DOI":"10.1007\/3-540-60590-8_29","volume-title":"Fast Software Encryption - FSE\u201994","author":"DJ Wheeler","year":"1994","unstructured":"Wheeler, D.J., Needham, R.M.: TEA, a Tiny Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 363\u2013366. Springer, Heidelberg (1994)"},{"key":"22_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"327","DOI":"10.1007\/978-3-642-21554-4_19","volume-title":"Applied Cryptography and Network Security","author":"W Wu","year":"2011","unstructured":"Wu, W., Zhang, L.: LBlock: a lightweight block cipher. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 327\u2013344. Springer, Heidelberg (2011)"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography \u2013 SAC 2015"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-31301-6_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,11]],"date-time":"2019-08-11T20:03:53Z","timestamp":1565553833000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-31301-6_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319313009","9783319313016"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-31301-6_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]}}}