{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T09:59:44Z","timestamp":1771667984169,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662487990","type":"print"},{"value":"9783662488003","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-662-48800-3_1","type":"book-chapter","created":{"date-parts":[[2015,11,26]],"date-time":"2015-11-26T07:12:21Z","timestamp":1448521941000},"page":"3-27","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["Key-Recovery Attacks on ASASA"],"prefix":"10.1007","author":[{"given":"Brice","family":"Minaud","sequence":"first","affiliation":[]},{"given":"Patrick","family":"Derbez","sequence":"additional","affiliation":[]},{"given":"Pierre-Alain","family":"Fouque","sequence":"additional","affiliation":[]},{"given":"Pierre","family":"Karpman","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,30]]},"reference":[{"key":"1_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1007\/978-3-642-54631-0_26","volume-title":"Public-Key Cryptography \u2013 PKC 2014","author":"MR Albrecht","year":"2014","unstructured":"Albrecht, M.R., Faug\u00e9re, J.-C., Fitzpatrick, R., Perret, L., Todo, Y., Xagawa, K.: Practical cryptanalysis of a public-key encryption scheme based on new multivariate quadratic assumptions. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 446\u2013464. Springer, Heidelberg (2014)"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1007\/978-3-662-45611-8_4","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2014","author":"A Biryukov","year":"2014","unstructured":"Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the \n                      \n                        \n                      \n                      \n$$\\sf ASASA$$\n\n                     structure: black-box, white-box, and public-key (extended abstract). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63\u201384. Springer, Heidelberg (2014)"},{"key":"1_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"441","DOI":"10.1007\/978-3-642-19379-8_27","volume-title":"Public Key Cryptography \u2013 PKC 2011","author":"L Bettale","year":"2011","unstructured":"Bettale, L., Faug\u00e8re, J.-C., Perret, L.: Cryptanalysis of multivariate and odd-characteristic HFE variants. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 441\u2013458. Springer, Heidelberg (2011)"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"408","DOI":"10.1007\/3-540-45539-6_28","volume-title":"Advances in Cryptology - EUROCRYPT 2000","author":"E Biham","year":"2000","unstructured":"Biham, E.: Cryptanalysis of Patarin\u2019s 2-round public key system with S Boxes (2R). In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 408\u2013416. Springer, Heidelberg (2000)"},{"issue":"4","key":"1_CR5","doi-asserted-by":"publisher","first-page":"506","DOI":"10.1145\/792538.792543","volume":"50","author":"A Blum","year":"2003","unstructured":"Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM (JACM) 50(4), 506\u2013519 (2003)","journal-title":"J. ACM (JACM)"},{"key":"1_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"395","DOI":"10.1007\/3-540-44987-6_24","volume-title":"Advances in Cryptology - EUROCRYPT 2001","author":"A Biryukov","year":"2001","unstructured":"Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 395\u2013405. Springer, Heidelberg (2001)"},{"key":"1_CR7","unstructured":"Daemen, J.: Cipher and hash function design strategies based on linear and differential cryptanalysis. Ph.D. thesis, Katholieke Universiteit Leuven, Leuven, Belgium (1995)"},{"key":"1_CR8","unstructured":"Dinur, I., Dunkelman, O., Kranz, T., Leander, G.: Decomposing the asasa block cipher construction. Cryptology ePrint Archive, Report 2015\/507 (2015). \n                      http:\/\/eprint.iacr.org\/2015\/507\/"},{"key":"1_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/3-540-48405-1_20","volume-title":"Advances in Cryptology - CRYPTO \u201999","author":"Y Ding-Feng","year":"1999","unstructured":"Ding-Feng, Y., Kwok-Yan, L., Zong-Duo, D.: Cryptanalysis of 2R schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 315\u2013325. Springer, Heidelberg (1999)"},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-74143-5_1","volume-title":"Advances in Cryptology - CRYPTO 2007","author":"V Dubois","year":"2007","unstructured":"Dubois, V., Fouque, P.-A., Shamir, A., Stern, J.: Practical cryptanalysis of SFLASH. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 1\u201312. Springer, Heidelberg (2007)"},{"key":"1_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/978-3-540-71677-8_17","volume-title":"Public Key Cryptography \u2013 PKC 2007","author":"V Dubois","year":"2007","unstructured":"Dubois, V., Granboulan, L., Stern, J.: Cryptanalysis of HFE with internal perturbation. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 249\u2013265. Springer, Heidelberg (2007)"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Diffie, W., Hellman, M.E.: Multiuser cryptographic techniques. In: AFIPS 1976 National Computer Conference, pp. 109\u2013112. ACM (1976)","DOI":"10.1145\/1499799.1499815"},{"key":"1_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-3-540-24632-9_22","volume-title":"Public Key Cryptography \u2013 PKC 2004","author":"J Ding","year":"2004","unstructured":"Ding, J.: A new variant of the Matsumoto-Imai cryptosystem through perturbation. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 305\u2013318. Springer, Heidelberg (2004)"},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"278","DOI":"10.1007\/978-3-642-01001-9_16","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"I Dinur","year":"2009","unstructured":"Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278\u2013299. Springer, Heidelberg (2009)"},{"key":"1_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"340","DOI":"10.1007\/3-540-39799-X_24","volume-title":"Advances in Cryptology","author":"H Fell","year":"1986","unstructured":"Fell, H., Diffie, W.: Analysis of a public key approach based on polynomial substitution. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 340\u2013349. Springer, Heidelberg (1986)"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1007\/978-3-540-45146-4_3","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"J-C Faug\u00e8re","year":"2003","unstructured":"Faug\u00e8re, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems Using Gr\u00f6bner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44\u201360. Springer, Heidelberg (2003)"},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1007\/11818175_21","volume-title":"Advances in Cryptology - CRYPTO 2006","author":"J-C Faug\u00e8re","year":"2006","unstructured":"Faug\u00e8re, J.-C., Perret, L.: Cryptanalysis of 2R\n                      \n                        \n                      \n                      \n$$^{--}$$\n\n                     schemes. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 357\u2013372. Springer, Heidelberg (2006)"},{"issue":"12","key":"1_CR18","doi-asserted-by":"publisher","first-page":"1676","DOI":"10.1016\/j.jsc.2008.02.005","volume":"44","author":"J-C Faug\u00e8re","year":"2009","unstructured":"Faug\u00e8re, J.-C., Perret, L.: An efficient algorithm for decomposing multivariate polynomials and its applications to cryptography. J. Symbolic Computat. 44(12), 1676\u20131689 (2009)","journal-title":"J. Symbolic Computat."},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Faug\u00e8re, J.C., Perret, L.: High order derivatives and decomposition of multivariate polynomials. In: ISSAC 2009: Proceedings of the 2009 International Symposium on Symbolic and Algebraic Computation, pp. 207\u2013214. ACM (2009)","DOI":"10.1145\/1576702.1576732"},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Faug\u00e8re, J.C., von zur Gathen, J., Perret, L.: Decomposition of generic multivariate polynomials. In ISSAC 2010: Proceedings of the 2010 International Symposium on Symbolic and Algebraic Computation, pp. 131\u2013137. ACM (2010). ISBN 0747-7171 (updated version)","DOI":"10.1145\/1837934.1837963"},{"key":"1_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"475","DOI":"10.1007\/978-3-662-47989-6_23","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"H Gilbert","year":"2015","unstructured":"Gilbert, H., Pl\u00fbt, J., Treger, J.: Key-recovery attack on the ASASA cryptosystem with expanding S-Boxes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 475\u2013490. Springer, Heidelberg (2015)"},{"key":"1_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1007\/978-3-642-30057-8_12","volume-title":"Public Key Cryptography \u2013 PKC 2012","author":"Y-J Huang","year":"2012","unstructured":"Huang, Y.-J., Liu, F.-H., Yang, B.-Y.: Public-key cryptography from new multivariate quadratic assumptions. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 190\u2013205. Springer, Heidelberg (2012)"},{"key":"1_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/11832072_24","volume-title":"Security and Cryptography for Networks","author":"\u00c9 Levieil","year":"2006","unstructured":"Levieil, \u00c9., Fouque, P.-A.: An improved LPN algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348\u2013359. Springer, Heidelberg (2006)"},{"key":"1_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/3-540-48285-7_33","volume-title":"Advances in Cryptology - EUROCRYPT \u201993","author":"M Matsui","year":"1994","unstructured":"Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386\u2013397. Springer, Heidelberg (1994)"},{"key":"1_CR25","unstructured":"Minaud, B., Derbez, P., Fouque, P.-A., Karpman, P.: Key-recovery attacks on ASASA. Cryptology ePrint Archive, Report 2015\/516 (2015). \n                      http:\/\/eprint.iacr.org\/2015\/516\/"},{"key":"1_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"419","DOI":"10.1007\/3-540-45961-8_39","volume-title":"Advances in Cryptology - EUROCRYPT \u201988","author":"T Matsumoto","year":"1988","unstructured":"Matsumoto, T., Imai, H.: Public quadratic polynomial-tuples for efficient signature-verification and message-encryption. In: G\u00fcnther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419\u2013453. Springer, Heidelberg (1988)"},{"key":"1_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"248","DOI":"10.1007\/3-540-44750-4_20","volume-title":"Advances in Cryptology - CRYPTO \u201995","author":"J Patarin","year":"1995","unstructured":"Patarin, J.: Cryptanalysis of the Matsumoto and Imai public key scheme of Eurocrypt \u201988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248\u2013261. Springer, Heidelberg (1995)"},{"key":"1_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/3-540-68339-9_4","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"J Patarin","year":"1996","unstructured":"Patarin, J.: Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33\u201348. Springer, Heidelberg (1996)"},{"key":"1_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"369","DOI":"10.1007\/BFb0028492","volume-title":"Information and Communications Security","author":"J Patarin","year":"1997","unstructured":"Patarin, J., Goubin, L.: Asymmetric cryptography with S-Boxes. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 369\u2013380. Springer, Heidelberg (1997)"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005, pp. 84\u201393. ACM Press (2005)","DOI":"10.1145\/1060590.1060603"},{"key":"1_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1007\/BFb0052342","volume-title":"Fast Software Encryption","author":"V Rijmen","year":"1997","unstructured":"Rijmen, V., Preneel, B.: A family of trapdoor ciphers. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 139\u2013148. Springer, Heidelberg (1997)"},{"key":"1_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1007\/3-540-49649-1_11","volume-title":"Advances in Cryptology - ASIACRYPT\u201998","author":"H Wu","year":"1998","unstructured":"Wu, H., Bao, F., Deng, R.H., Ye, Q.-Z.: Cryptanalysis of Rijmen-Preneel trapdoor ciphers. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 126\u2013132. Springer, Heidelberg (1998)"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2015"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-48800-3_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,27]],"date-time":"2019-11-27T20:16:05Z","timestamp":1574885765000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-48800-3_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783662487990","9783662488003"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-48800-3_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"30 December 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}