{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T11:11:17Z","timestamp":1771672277225,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":52,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540773597","type":"print"},{"value":"9783540773603","type":"electronic"}],"license":[{"start":{"date-parts":[[2007,1,1]],"date-time":"2007-01-01T00:00:00Z","timestamp":1167609600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-3-540-77360-3_13","type":"book-chapter","created":{"date-parts":[[2007,12,1]],"date-time":"2007-12-01T08:04:18Z","timestamp":1196496258000},"page":"184-211","source":"Crossref","is-referenced-by-count":27,"title":["Linear Cryptanalysis of Non Binary Ciphers"],"prefix":"10.1007","author":[{"given":"Thomas","family":"Baign\u00e8res","sequence":"first","affiliation":[]},{"given":"Jacques","family":"Stern","sequence":"additional","affiliation":[]},{"given":"Serge","family":"Vaudenay","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"13_CR1","unstructured":"Adams, C., Heys, H.M., Tavares, S.E., Wiener, M.: CAST256: a submission for the advanced encryption standard. In: First AES Candidate Conference (AES1) (1998)"},{"key":"13_CR2","series-title":"Lecture Notes in Computer Science","volume-title":"Selected Areas in Cryptography 2006","author":"T. Baign\u00e8res","year":"2006","unstructured":"Baign\u00e8res, T., Finiasz, M.: Dial C for Cipher. In: Selected Areas in Cryptography 2006. LNCS, Springer, Heidelberg (2006)"},{"key":"13_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"432","DOI":"10.1007\/978-3-540-30539-2_31","volume-title":"ASIACRYPT 2004","author":"T. Baign\u00e8res","year":"2004","unstructured":"Baign\u00e8res, T., Junod, P., Vaudenay, S.: How far can we go beyond linear cryptanalysis? In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol.\u00a03329, pp. 432\u2013450. Springer, Heidelberg (2004)"},{"key":"13_CR4","doi-asserted-by":"crossref","unstructured":"Biham, E.: On Matsui\u2019s linear cryptanalysis. In [10], pp. 341\u2013355","DOI":"10.1007\/BFb0053449"},{"key":"13_CR5","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/BF00630563","volume":"4","author":"E. Biham","year":"1991","unstructured":"Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology\u00a04, 3\u201372 (1991)","journal-title":"Journal of Cryptology"},{"key":"13_CR6","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"CRYPTO 2004","author":"A. Biryukov","year":"2004","unstructured":"Biryukov, A., De Canni\u00e8re, C., Quisquater, M.: On multiple linear approximations. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol.\u00a03152, pp. 1\u201322. Springer, Heidelberg (2004)"},{"key":"13_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/BFb0024449","volume-title":"Cryptography and Coding","author":"K. Brincat","year":"1997","unstructured":"Brincat, K., Meijer, H.: On the SAFER cryptosystem. In: Darnell, M. (ed.) Cryptography and Coding. LNCS, vol.\u00a01355, pp. 59\u201368. Springer, Heidelberg (1997)"},{"key":"13_CR8","doi-asserted-by":"crossref","unstructured":"Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: [10], pp. 356\u2013365","DOI":"10.1007\/BFb0053450"},{"key":"13_CR9","unstructured":"Daemen, J., Rijmen, V.: AES proposal: Rijndael. NIST AES Proposal (1998)"},{"key":"13_CR10","series-title":"Lecture Notes in Computer Science","volume-title":"EUROCRYPT 1994","year":"1995","unstructured":"De Santis, A. (ed.): EUROCRYPT 1994. LNCS, vol.\u00a0950. Springer, Heidelberg (1995)"},{"key":"13_CR11","series-title":"Wiley Series in Probability and Mathematical Statistics","volume-title":"An Introduction to Probability Theory and Its Applications","author":"W. Feller","year":"1971","unstructured":"Feller, W.: An Introduction to Probability Theory and Its Applications, 2nd edn. Wiley Series in Probability and Mathematical Statistics, vol.\u00a02. John Wiley & Sons, Chichester (1971)","edition":"2"},{"key":"13_CR12","series-title":"Lecture Notes in Computer Science","volume-title":"Fast Software Encryption","year":"1996","unstructured":"Gollmann, D. (ed.): Fast Software Encryption. LNCS, vol.\u00a01039. Springer, Heidelberg (1996)"},{"key":"13_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/11799313_5","volume-title":"Fast Software Encryption","author":"L. Granboulan","year":"2006","unstructured":"Granboulan, L., Levieil, E., Piret, G.: Pseudorandom permutation families over Abelian groups. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol.\u00a04047, pp. 57\u201377. Springer, Heidelberg (2006)"},{"key":"13_CR14","series-title":"Lecture Notes in Computer Science","volume-title":"Selected Areas in Cryptography","year":"2004","unstructured":"Handschuh, H., Hasan, M.A. (eds.): SAC 2004. LNCS, vol.\u00a03357. Springer, Heidelberg (2004)"},{"key":"13_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1007\/3-540-49264-X_3","volume-title":"EUROCRYPT 1995","author":"C. Harpes","year":"1995","unstructured":"Harpes, C., Kramer, G.G., Massey, J.: A generalization of linear cryptanalysis and the applicability of Matsui\u2019s piling-up lemma. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol.\u00a0921, pp. 24\u201338. Springer, Heidelberg (1995)"},{"key":"13_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/BFb0052331","volume-title":"Fast Software Encryption","author":"C. Harpes","year":"1997","unstructured":"Harpes, C., Massey, J.: Partitioning cryptanalysis. In: Biham, E. (ed.) FSE 1997. LNCS, vol.\u00a01267, pp. 13\u201327. Springer, Heidelberg (1997)"},{"key":"13_CR17","unstructured":"Jakobsen, T.: Higher-order cryptanalysis of block ciphers. PhD thesis, Department of Mathematics, Technical University of Denmark (1999)"},{"key":"13_CR18","unstructured":"Jakobsen, T., Harpes, C.: Non-uniformity measures for generalized linear cryptanalysis and partitioning cryptanalysis. In: Pragocrypt 1996, CTU Publishing House (1996)"},{"key":"13_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/3-540-39200-9_2","volume-title":"EUROCRPYT 2003","author":"P. Junod","year":"2003","unstructured":"Junod, P.: On the optimality of linear, differential and sequential distinguishers. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol.\u00a02656, pp. 17\u201332. Springer, Heidelberg (2003)"},{"key":"13_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1007\/978-3-540-39887-5_18","volume-title":"Fast Software Encryption","author":"P. Junod","year":"2003","unstructured":"Junod, P., Vaudenay, S.: Optimal key ranking procedures in a statistical cryptanalysis. In: Johansson, T. (ed.) FSE 2003. LNCS, vol.\u00a02887, pp. 235\u2013246. Springer, Heidelberg (2003)"},{"key":"13_CR21","doi-asserted-by":"crossref","unstructured":"Junod, P., Vaudenay, S.: FOX: a new family of block ciphers. In: [14], pp. 114\u2013129","DOI":"10.1007\/978-3-540-30564-4_8"},{"key":"13_CR22","doi-asserted-by":"crossref","unstructured":"Junod, P., Vaudenay, S.: Perfect diffusion primitives for block ciphers. In [14], pp. 84\u201399","DOI":"10.1007\/978-3-540-30564-4_6"},{"key":"13_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1007\/3-540-48658-5_4","volume-title":"CRYPTO 1994","author":"B. Kaliski","year":"1994","unstructured":"Kaliski, B., Robshaw, M.: Linear cryptanalysis using multiple approximations. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol.\u00a0839, pp. 26\u201339. Springer, Heidelberg (1994)"},{"key":"13_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/3-540-48519-8_11","volume-title":"Fast Software Encryption","author":"J. Kelsey","year":"1999","unstructured":"Kelsey, J., Schneier, B., Wagner, D.: \n                  \n                    \n                  \n                  $\\bmod n$\n                 cryptanalysis, with applications against RC5P and M6. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol.\u00a01636, pp. 139\u2013155. Springer, Heidelberg (1999)"},{"key":"13_CR25","doi-asserted-by":"crossref","unstructured":"Knudsen, L.: Truncated and higher order differentials. In [43], pp. 196\u2013211","DOI":"10.1007\/3-540-60590-8_16"},{"issue":"4","key":"13_CR26","doi-asserted-by":"publisher","first-page":"417","DOI":"10.1007\/s001450010004","volume":"13","author":"L. Knudsen","year":"2000","unstructured":"Knudsen, L.: A detailed analysis of SAFER K. Journal of Cryptology\u00a013(4), 417\u2013436 (2000)","journal-title":"Journal of Cryptology"},{"key":"13_CR27","doi-asserted-by":"crossref","unstructured":"Knudsen, L., Berson, T.: Truncated differentials of SAFER. In [12], pp. 15\u201326","DOI":"10.1007\/3-540-60865-6_38"},{"key":"13_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"224","DOI":"10.1007\/3-540-68339-9_20","volume-title":"EUROCRYPT 1996","author":"L. Knudsen","year":"1996","unstructured":"Knudsen, L., Robshaw, M.: Non-linear approximations in linear cryptanalysis. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol.\u00a01070, pp. 224\u2013236. Springer, Heidelberg (1996)"},{"key":"13_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/3-540-46416-6_2","volume-title":"EUROCRYPT 1991","author":"X. Lai","year":"1991","unstructured":"Lai, X., Massey, J., Murphy, S.: Markov ciphers and differential cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol.\u00a0547, pp. 17\u201338. Springer, Heidelberg (1991)"},{"key":"13_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"389","DOI":"10.1007\/3-540-46877-3_35","volume-title":"EUROCRYPT 1990","author":"X. Lai","year":"1991","unstructured":"Lai, X., Massey, J.L.: A proposal for a new block encryption standard. In: Damg\u00e5rd, I.B. (ed.) EUROCRYPT 1990. LNCS, vol.\u00a0473, pp. 389\u2013404. Springer, Heidelberg (1991)"},{"key":"13_CR31","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"Fast Software Encryption","author":"J. Massey","year":"1994","unstructured":"Massey, J.: SAFER-K64: a byte-oriented block-ciphering algorithm. In: Anderson, R. (ed.) Fast Software Encryption. LNCS, vol.\u00a0809, pp. 1\u201317. Springer, Heidelberg (1994)"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Massey, J.: SAFER-K64: one year later. In [43], pp. 212\u2013241","DOI":"10.1007\/3-540-60590-8_17"},{"key":"13_CR33","unstructured":"Massey, J.: Strengthened key schedule for the cipher SAFER. Posted on USENET newsgroup sci.crypt (September 9, 1995)"},{"key":"13_CR34","series-title":"Lecture Notes in Computer Science","first-page":"1","volume-title":"CRYPTO 1994","author":"M. Matsui","year":"1994","unstructured":"Matsui, M.: The first experimental cryptanalysis of the Data Encryption Standard. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol.\u00a0839, pp. 1\u201311. Springer, Heidelberg (1994)"},{"key":"13_CR35","doi-asserted-by":"crossref","unstructured":"Matsui, M.: New structure of block ciphers with provable security against differential and linear cryptanalysis. In [12], pp. 205\u2013218","DOI":"10.1007\/3-540-60865-6_54"},{"key":"13_CR36","series-title":"The CRC Press series on discrete mathematics and its applications","volume-title":"Handbook of applied cryptography","author":"A. Menezes","year":"1997","unstructured":"Menezes, A., Van Oorschot, P., Vanstone, S.: Handbook of applied cryptography. The CRC Press series on discrete mathematics and its applications. CRC-Press, Boca Raton, USA (1997)"},{"key":"13_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/3-540-44706-7_9","volume-title":"Fast Software Encryption","author":"M. Minier","year":"2001","unstructured":"Minier, M., Gilbert, H.: Stochastic cryptanalysis of Crypton. In: Schneier, B. (ed.) FSE 2000. LNCS, vol.\u00a01978, pp. 121\u2013133. Springer, Heidelberg (2001)"},{"issue":"4","key":"13_CR38","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/s001459900046","volume":"11","author":"S. Murphy","year":"1998","unstructured":"Murphy, S.: An analysis of SAFER. Journal of Cryptology\u00a011(4), 235\u2013251 (1998)","journal-title":"Journal of Cryptology"},{"key":"13_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/3-540-44706-7_17","volume-title":"Fast Software Encryption","author":"J. Nakahara","year":"2001","unstructured":"Nakahara, J., Preneel, B., Vandewalle, J.: Linear cryptanalysis of reduced-round versions of the SAFER block cipher family. In: Schneier, B. (ed.) FSE 2000. LNCS, vol.\u00a01978, pp. 244\u2013261. Springer, Heidelberg (2001)"},{"key":"13_CR40","series-title":"Graduate Texts in Mathematics","volume-title":"Elementary Methods in Number Theory","author":"M.B. Nathanson","year":"2000","unstructured":"Nathanson, M.B.: Elementary Methods in Number Theory. Graduate Texts in Mathematics. Springer, Heidelberg (2000)"},{"key":"13_CR41","doi-asserted-by":"crossref","unstructured":"Nyberg, K.: Linear approximation of block ciphers. In [10], pp. 439\u2013444","DOI":"10.1007\/BFb0053460"},{"key":"13_CR42","unstructured":"Parker, M.: Generalized S-Box linearity. Technical report, NESSIE Project (2003), \n                  \n                    https:\/\/www.cryptonessie.org"},{"key":"13_CR43","series-title":"Lecture Notes in Computer Science","volume-title":"Fast Software Encryption","year":"1995","unstructured":"Preneel, B. (ed.): Fast Software Encryption. LNCS, vol.\u00a01008. Springer, Heidelberg (1995)"},{"key":"13_CR44","volume-title":"Mathematical Statistics and Data Analysis","author":"J.A. Rice","year":"1995","unstructured":"Rice, J.A.: Mathematical Statistics and Data Analysis, 2nd edn. Duxbury Press, Boston, MA (1995)","edition":"2"},{"key":"13_CR45","unstructured":"Schroeppel, R.: Hasty pudding cipher specification (June 1998), available on \n                  \n                    http:\/\/www.cs.arizona.edu\/~rcs\/hpc\/hpc-spec"},{"key":"13_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"200","DOI":"10.1007\/BFb0055729","volume-title":"CRYPTO 1998","author":"T. Shimoyama","year":"1998","unstructured":"Shimoyama, T., Kaneko, T.: Quadratic relation of S-Box and its application to the linear attack of full round DES. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol.\u00a01462, pp. 200\u2013211. Springer, Heidelberg (1998)"},{"key":"13_CR47","unstructured":"Standaert, F.-X., Rouvroy, G., Piret, G., Quisquater, J.-J., Legat, J.-D.: Key-dependent approximations in cryptanalysis: an application of multiple Z4 and non-linear approximations. In: 24th Symposium on Information Theory in the Benelux (2003)"},{"key":"13_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/3-540-69710-1_13","volume-title":"Fast Software Encryption","author":"J. Stern","year":"1998","unstructured":"Stern, J., Vaudenay, S.: CS-Cipher. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol.\u00a01372, pp. 189\u2013204. Springer, Heidelberg (1998)"},{"key":"13_CR49","doi-asserted-by":"crossref","unstructured":"Vaudenay, S.: On the need for multipermutations: Cryptanalysis of MD4 and SAFER. In [43], pp. 286\u2013297","DOI":"10.1007\/3-540-60590-8_22"},{"key":"13_CR50","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1145\/238168.238206","volume-title":"3rd ACM Conference on Computer and Communications Security","author":"S. Vaudenay","year":"1996","unstructured":"Vaudenay, S.: An experiment on DES statistical cryptanalysis. In: 3rd ACM Conference on Computer and Communications Security, pp. 139\u2013147. ACM Press, New York (1996)"},{"key":"13_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/3-540-48519-8_19","volume-title":"Fast Software Encryption","author":"S. Vaudenay","year":"1999","unstructured":"Vaudenay, S.: On the security of CS-cipher. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol.\u00a01636, pp. 260\u2013274. Springer, Heidelberg (1999)"},{"key":"13_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1007\/3-540-49649-1_12","volume-title":"ASIACRYPT 1998","author":"H. Wu","year":"1998","unstructured":"Wu, H., Bao, F., Deng, R., Ye, Q.-Z.: Improved truncated differential attacks on SAFER. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol.\u00a01514, pp. 133\u2013147. Springer, Heidelberg (1998)"}],"container-title":["Lecture Notes in Computer Science","Selected Areas in Cryptography"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-77360-3_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,9]],"date-time":"2020-01-09T02:32:06Z","timestamp":1578537126000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-77360-3_13"}},"subtitle":["(With an Application to SAFER)"],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9783540773597","9783540773603"],"references-count":52,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-77360-3_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007]]}}}