{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T08:42:23Z","timestamp":1765960943724,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":83,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783662538869"},{"type":"electronic","value":"9783662538876"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-53887-6_4","type":"book-chapter","created":{"date-parts":[[2016,11,8]],"date-time":"2016-11-08T12:11:21Z","timestamp":1478607081000},"page":"95-125","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":31,"title":["Simpira\u00a0v2: A Family of Efficient Permutations Using the AES Round Function"],"prefix":"10.1007","author":[{"given":"Shay","family":"Gueron","sequence":"first","affiliation":[]},{"given":"Nicky","family":"Mouha","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,11,9]]},"reference":[{"key":"4_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"MR Albrecht","year":"2015","unstructured":"Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430\u2013454. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46800-5_17"},{"key":"4_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"113","DOI":"10.1007\/3-540-60865-6_48","volume-title":"Fast Software Encryption","author":"RJ Anderson","year":"1996","unstructured":"Anderson, R.J., Biham, E.: Two practical and provably secure block ciphers: BEAR and LION. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 113\u2013120. Springer, Heidelberg (1996). doi:10.1007\/3-540-60865-6_48"},{"key":"4_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"364","DOI":"10.1007\/978-3-662-48116-5_18","volume-title":"Fast Software Encryption","author":"E Andreeva","year":"2015","unstructured":"Andreeva, E., Daemen, J., Mennink, B., Van Assche, G.: Security of keyed sponge constructions using a modular proof approach. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 364\u2013384. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-48116-5_18"},{"key":"4_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/3-540-48519-8_17","volume-title":"Fast Software Encryption","author":"M Bellare","year":"1999","unstructured":"Bellare, M., Rogaway, P.: On the construction of variable-input-length ciphers. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 231\u2013244. Springer, Heidelberg (1999). doi:10.1007\/3-540-48519-8_17"},{"key":"4_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1007\/3-540-44448-3_24","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2000","author":"M Bellare","year":"2000","unstructured":"Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317\u2013330. Springer, Heidelberg (2000). doi:10.1007\/3-540-44448-3_24"},{"issue":"7","key":"4_CR6","doi-asserted-by":"publisher","first-page":"2074","DOI":"10.1109\/TC.2015.2468218","volume":"65","author":"TP Berger","year":"2016","unstructured":"Berger, T.P., Francq, J., Minier, M., Thomas, G.: Extended generalized Feistel networks using matrix representation to propose a new lightweight block cipher: Lilliput. IEEE Trans. Comput. 65(7), 2074\u20132089 (2016)","journal-title":"IEEE Trans. Comput."},{"key":"4_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1007\/978-3-662-43414-7_15","volume-title":"Selected Areas in Cryptography \u2013 SAC 2013","author":"TP Berger","year":"2014","unstructured":"Berger, T.P., Minier, M., Thomas, G.: Extended generalized Feistel networks using matrix representation. In: Lange, T., Lauter, K., Lison\u011bk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 289\u2013305. Springer, Heidelberg (2014). doi:10.1007\/978-3-662-43414-7_15"},{"key":"4_CR8","unstructured":"Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Cryptographic sponge functions. http:\/\/sponge.noekeon.org\/CSF-0.1.pdf"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/3-540-48910-X_2","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1999","author":"E Biham","year":"1999","unstructured":"Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12\u201323. Springer, Heidelberg (1999). doi:10.1007\/3-540-48910-X_2"},{"issue":"4","key":"4_CR10","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1007\/s00145-005-0129-3","volume":"18","author":"E Biham","year":"2005","unstructured":"Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. J. Cryptology 18(4), 291\u2013311 (2005)","journal-title":"J. Cryptology"},{"key":"4_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/3-540-36178-2_16","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2002","author":"E Biham","year":"2002","unstructured":"Biham, E., Dunkelman, O., Keller, N.: Enhancing differential-linear cryptanalysis. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 254\u2013266. Springer, Heidelberg (2002). doi:10.1007\/3-540-36178-2_16"},{"issue":"1","key":"4_CR12","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/BF00630563","volume":"4","author":"E Biham","year":"1991","unstructured":"Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptology 4(1), 3\u201372 (1991)","journal-title":"J. Cryptology"},{"key":"4_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1007\/978-3-319-13257-0_5","volume-title":"Information Security","author":"A Biryukov","year":"2014","unstructured":"Biryukov, A., Khovratovich, D.: PAEQ: parallelizable permutation-based authenticated encryption. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds.) ISC 2014. LNCS, vol. 8783, pp. 72\u201389. Springer, Heidelberg (2014). doi:10.1007\/978-3-319-13257-0_5"},{"key":"4_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1007\/3-540-45708-9_21","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"J Black","year":"2002","unstructured":"Black, J., Rogaway, P., Shrimpton, T.: Black-box analysis of the block-cipher-based hash-function constructions from PGV. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 320\u2013335. Springer, Heidelberg (2002). doi:10.1007\/3-540-45708-9_21"},{"issue":"4","key":"4_CR15","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1007\/s00145-010-9071-0","volume":"23","author":"J Black","year":"2010","unstructured":"Black, J., Rogaway, P., Shrimpton, T., Stam, M.: An analysis of the blockcipher-based hash functions from PGV. J. Cryptology 23(4), 519\u2013545 (2010)","journal-title":"J. Cryptology"},{"key":"4_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1007\/978-3-642-25385-0_19","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2011","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Khovratovich, D., Rechberger, C.: Biclique cryptanalysis of the full AES. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 344\u2013371. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-25385-0_19"},{"key":"4_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1007\/978-3-642-23951-9_21","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2011","author":"A Bogdanov","year":"2011","unstructured":"Bogdanov, A., Kne\u017eevi\u0107, M., Leander, G., Toz, D., Var\u0131c\u0131, K., Verbauwhede, I.: spongent: a lightweight hash function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312\u2013325. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-23951-9_21"},{"issue":"10","key":"4_CR18","doi-asserted-by":"publisher","first-page":"2041","DOI":"10.1109\/TC.2012.196","volume":"62","author":"A Bogdanov","year":"2013","unstructured":"Bogdanov, A., Kne\u017eevi\u0107, M., Leander, G., Toz, D., Var\u0131c\u0131, K., Verbauwhede, I.: SPONGENT: the design space of lightweight cryptographic hashing. IEEE Trans. Comput. 62(10), 2041\u20132053 (2013)","journal-title":"IEEE Trans. Comput."},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Boura, C., Canteaut, A.: A zero-sum property for the Keccak-f permutation with 18 rounds. In: ISIT 2010. pp. 2488\u20132492. IEEE (2010)","DOI":"10.1109\/ISIT.2010.5513442"},{"key":"4_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-19574-7_1","volume-title":"Selected Areas in Cryptography","author":"C Boura","year":"2011","unstructured":"Boura, C., Canteaut, A.: Zero-sum distinguishers for iterated permutations and application to Keccak-f and Hamsi-256. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 1\u201317. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-19574-7_1"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Boura, C., Canteaut, A., De Canni\u00e8re, C.: Higher-order differential properties of Keccak and Luffa. Cryptology ePrint Archive, Report 2010\/589 (2010)","DOI":"10.1007\/978-3-642-21702-9_15"},{"key":"4_CR22","volume-title":"Algebraic Aspects of the Advanced Encryption Standard","author":"C Cid","year":"2006","unstructured":"Cid, C., Murphy, S., Robshaw, M.J.B.: Algebraic Aspects of the Advanced Encryption Standard. Springer, Heidelberg (2006)"},{"key":"4_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"189","DOI":"10.1007\/978-3-662-47989-6_9","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"B Cogliati","year":"2015","unstructured":"Cogliati, B., Lampe, R., Seurin, Y.: Tweaking Even-Mansour ciphers. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 189\u2013208. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-47989-6_9"},{"key":"4_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/11535218_26","volume-title":"Advances in Cryptology \u2013 CRYPTO 2005","author":"J-S Coron","year":"2005","unstructured":"Coron, J.-S., Dodis, Y., Malinaud, C., Puniya, P.: Merkle-Damg\u00e5rd revisited: how to construct a hash function. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 430\u2013448. Springer, Heidelberg (2005). doi:10.1007\/11535218_26"},{"key":"4_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-85174-5_1","volume-title":"Advances in Cryptology \u2013 CRYPTO 2008","author":"J-S Coron","year":"2008","unstructured":"Coron, J.-S., Patarin, J., Seurin, Y.: The random oracle model and the ideal cipher model are equivalent. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 1\u201320. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-85174-5_1"},{"key":"4_CR26","unstructured":"Coss\u00edos, D.: Breve Bestiario Peruano. Editorial Casatomada, 2nd edn. (2008)"},{"key":"4_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1007\/3-540-44706-7_4","volume-title":"Fast Software Encryption","author":"P Crowley","year":"2001","unstructured":"Crowley, P.: Mercy: a fast large block cipher for disk sector encryption. In: Goos, G., Hartmanis, J., Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 49\u201363. Springer, Heidelberg (2001). doi:10.1007\/3-540-44706-7_4"},{"key":"4_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"649","DOI":"10.1007\/978-3-662-49896-5_23","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2016","author":"D Dachman-Soled","year":"2016","unstructured":"Dachman-Soled, D., Katz, J., Thiruvengadam, A.: 10-round Feistel is indifferentiable from an ideal cipher. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 649\u2013678. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-49896-5_23"},{"key":"4_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/BFb0052343","volume-title":"Fast Software Encryption","author":"J Daemen","year":"1997","unstructured":"Daemen, J., Knudsen, L., Rijmen, V.: The block cipher square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149\u2013165. Springer, Heidelberg (1997). doi:10.1007\/BFb0052343"},{"key":"4_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/3-540-45325-3_20","volume-title":"Cryptography and Coding","author":"J Daemen","year":"2001","unstructured":"Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222\u2013238. Springer, Heidelberg (2001). doi:10.1007\/3-540-45325-3_20"},{"key":"4_CR31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-04722-4","volume-title":"The Design of Rijndael: AES - The Advanced Encryption Standard","author":"J Daemen","year":"2002","unstructured":"Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)"},{"key":"4_CR32","unstructured":"Dai, Y., Steinberger, J.: Indifferentiability of 10-round Feistel networks. Cryptology ePrint Archive, Report 2015\/874 (2015)"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-662-53018-4_4","volume-title":"Advances in Cryptology \u2013 CRYPTO 2016","author":"Y Dai","year":"2016","unstructured":"Dai, Y., Steinberger, J.: Indifferentiability of 8-round Feistel networks. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 95\u2013120. Springer, Heidelberg (2016). doi:10.1007\/978-3-662-53018-4_4"},{"issue":"6","key":"4_CR34","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1109\/C-M.1977.217750","volume":"10","author":"W Diffie","year":"1977","unstructured":"Diffie, W., Hellman, M.E.: Exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6), 74\u201384 (1977)","journal-title":"Computer"},{"key":"4_CR35","unstructured":"Dobraunig, C., Eichlseder, M., Mendel, F.: Cryptanalysis of Simpira. Cryptology ePrint Archive, Report 2016\/244 (2016)"},{"key":"4_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"371","DOI":"10.1007\/978-3-642-01001-9_22","volume-title":"Advances in Cryptology - EUROCRYPT 2009","author":"Y Dodis","year":"2009","unstructured":"Dodis, Y., Ristenpart, T., Shrimpton, T.: Salvaging Merkle-Damg\u00e5rd for practical applications. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 371\u2013388. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-01001-9_22"},{"key":"4_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1007\/978-3-642-29011-4_21","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2012","author":"O Dunkelman","year":"2012","unstructured":"Dunkelman, O., Keller, N., Shamir, A.: Minimalism in cryptography: the Even-Mansour scheme revisited. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 336\u2013354. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-29011-4_21"},{"key":"4_CR38","doi-asserted-by":"crossref","unstructured":"Dworkin, M.J.: SHA-3 standard: permutation-based hash and extendable-output functions. Federal Inf. Process. Stds. (NIST FIPS) - 202, August 2015","DOI":"10.6028\/NIST.FIPS.202"},{"key":"4_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/3-540-57332-1_17","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 1991","author":"S Even","year":"1993","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 210\u2013224. Springer, Heidelberg (1993). doi:10.1007\/3-540-57332-1_17"},{"issue":"3","key":"4_CR40","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptology 10(3), 151\u2013162 (1997)","journal-title":"J. Cryptology"},{"key":"4_CR41","unstructured":"Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schl\u00e4ffer, M., Thomsen, S.S.: Gr\u00f8stl - a SHA-3 candidate. Submission to the NIST SHA-3 Competition (Round 3) (2011). http:\/\/www.groestl.info\/Groestl.pdf"},{"key":"4_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1007\/978-3-642-13858-4_21","volume-title":"Fast Software Encryption","author":"H Gilbert","year":"2010","unstructured":"Gilbert, H., Peyrin, T.: Super-Sbox cryptanalysis: improved attacks for AES-like permutations. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 365\u2013383. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-13858-4_21"},{"key":"4_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-642-03317-9_4","volume-title":"Fast Software Encryption","author":"S Gueron","year":"2009","unstructured":"Gueron, S.: Intel\u2019s new AES instructions for enhanced performance and security. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 51\u201366. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-03317-9_4"},{"key":"4_CR44","unstructured":"Gueron, S.: Intel$$\\textregistered $$ Advanced Encryption Standard (AES) new instructions set, September 2012. https:\/\/software.intel.com\/en-us\/articles\/intel-advanced-encryption-standard-aes-instructions-set, Revision 3.01"},{"key":"4_CR45","doi-asserted-by":"crossref","unstructured":"Gueron, S., Mouha, N.: Simpira v2: a family of efficient permutations using the AES round function. Cryptology ePrint Archive, Report 2016\/122 (2016). Full version of this paper","DOI":"10.1007\/978-3-662-53887-6_4"},{"key":"4_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-3-540-30556-9_25","volume-title":"Progress in Cryptology - INDOCRYPT 2004","author":"S Halevi","year":"2004","unstructured":"Halevi, S.: EME*: extending EME to handle arbitrary-length messages with associated data. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 315\u2013327. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-30556-9_25"},{"key":"4_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"482","DOI":"10.1007\/978-3-540-45146-4_28","volume-title":"Advances in Cryptology - CRYPTO 2003","author":"S Halevi","year":"2003","unstructured":"Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482\u2013499. Springer, Heidelberg (2003). doi:10.1007\/978-3-540-45146-4_28"},{"key":"4_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"292","DOI":"10.1007\/978-3-540-24660-2_23","volume-title":"Topics in Cryptology \u2013 CT-RSA 2004","author":"S Halevi","year":"2004","unstructured":"Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292\u2013304. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-24660-2_23"},{"key":"4_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1007\/978-3-662-46800-5_2","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"VT Hoang","year":"2015","unstructured":"Hoang, V.T., Krovetz, T., Rogaway, P.: Robust authenticated-encryption AEZ and the problem that it solves. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 15\u201344. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46800-5_2"},{"key":"4_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1007\/978-3-642-14623-7_33","volume-title":"Advances in Cryptology \u2013 CRYPTO 2010","author":"VT Hoang","year":"2010","unstructured":"Hoang, V.T., Rogaway, P.: On generalized Feistel networks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 613\u2013630. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-14623-7_33"},{"key":"4_CR51","doi-asserted-by":"crossref","unstructured":"Holenstein, T., K\u00fcnzler, R., Tessaro, S.: The equivalence of the random oracle model and the ideal cipher model, revisited. In: STOC 2011, pp. 89\u201398. ACM (2011)","DOI":"10.1145\/1993636.1993650"},{"key":"4_CR52","doi-asserted-by":"crossref","unstructured":"Jean, J.: Cryptanalysis of Haraka. Cryptology ePrint Archive, Report 2016\/396 (2016)","DOI":"10.46586\/tosc.v2016.i1.1-12"},{"key":"4_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"228","DOI":"10.1007\/978-3-319-13051-4_14","volume-title":"Selected Areas in Cryptography \u2013 SAC 2014","author":"J Jean","year":"2014","unstructured":"Jean, J., Nikoli\u0107, I., Sasaki, Y., Wang, L.: Practical cryptanalysis of PAES. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 228\u2013242. Springer, Heidelberg (2014). doi:10.1007\/978-3-319-13051-4_14"},{"issue":"1","key":"4_CR54","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1587\/transfun.E99.A.39","volume":"99\u2013A","author":"J Jean","year":"2016","unstructured":"Jean, J., Nikoli\u0107, I., Sasaki, Y., Wang, L.: Practical forgeries and distinguishers against PAES. IEICE Trans. 99\u2013A(1), 39\u201348 (2016)","journal-title":"IEICE Trans."},{"key":"4_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/3-540-60590-8_16","volume-title":"Fast Software Encryption","author":"LR Knudsen","year":"1995","unstructured":"Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196\u2013211. Springer, Heidelberg (1995). doi:10.1007\/3-540-60590-8_16"},{"key":"4_CR56","doi-asserted-by":"crossref","unstructured":"K\u00f6lbl, S., Lauridsen, M.M., Mendel, F., Rechberger, C.: Haraka - efficient short-input hashing for post-quantum applications. Cryptology ePrint Archive, Report 2016\/098 (2016)","DOI":"10.46586\/tosc.v2016.i2.1-29"},{"key":"4_CR57","unstructured":"Lamport, L.: Constructing digital signatures from a one way function. Technical report. SRI-CSL-98, SRI International Computer Science Laboratory, October 1979"},{"key":"4_CR58","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/3-540-48658-5_3","volume-title":"Advances in Cryptology \u2014 CRYPTO 1994","author":"SK Langford","year":"1994","unstructured":"Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 17\u201325. Springer, Heidelberg (1994). doi:10.1007\/3-540-48658-5_3"},{"key":"4_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-642-22792-9_12","volume-title":"Advances in Cryptology \u2013 CRYPTO 2011","author":"G Leander","year":"2011","unstructured":"Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A cryptanalysis of PRINTcipher: the invariant subspace attack. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 206\u2013221. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-22792-9_12"},{"key":"4_CR60","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1007\/3-540-45708-9_3","volume-title":"Advances in Cryptology \u2014 CRYPTO 2002","author":"M Liskov","year":"2002","unstructured":"Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31\u201346. Springer, Heidelberg (2002). doi:10.1007\/3-540-45708-9_3"},{"issue":"3","key":"4_CR61","doi-asserted-by":"publisher","first-page":"588","DOI":"10.1007\/s00145-010-9073-y","volume":"24","author":"M Liskov","year":"2011","unstructured":"Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. J. Cryptology 24(3), 588\u2013613 (2011)","journal-title":"J. Cryptology"},{"key":"4_CR62","first-page":"144","volume-title":"CMS 1996. IFIP Conference Proceedings","author":"S Lucks","year":"1996","unstructured":"Lucks, S.: BEAST: a fast block cipher for arbitrary blocksizes. In: Horster, P. (ed.) CMS 1996. IFIP Conference Proceedings, vol. 70, pp. 144\u2013153. Chapman & Hall, New York (1996)"},{"key":"4_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"386","DOI":"10.1007\/3-540-48285-7_33","volume-title":"Advances in Cryptology \u2014 EUROCRYPT 1993","author":"M Matsui","year":"1994","unstructured":"Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386\u2013397. Springer, Heidelberg (1994). doi:10.1007\/3-540-48285-7_33"},{"key":"4_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-540-24638-1_2","volume-title":"Theory of Cryptography","author":"U Maurer","year":"2004","unstructured":"Maurer, U., Renner, R., Holenstein, C.: Indifferentiability, impossibility results on reductions, and applications to the random oracle methodology. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 21\u201339. Springer, Heidelberg (2004). doi:10.1007\/978-3-540-24638-1_2"},{"key":"4_CR65","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1007\/978-3-642-03317-9_16","volume-title":"Fast Software Encryption","author":"F Mendel","year":"2009","unstructured":"Mendel, F., Rechberger, C., Schl\u00e4ffer, M., Thomsen, S.S.: The rebound attack: cryptanalysis of reduced Whirlpool and Gr\u00f8stl. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 260\u2013276. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-03317-9_16"},{"key":"4_CR66","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1007\/3-540-44448-3_22","volume-title":"Advances in Cryptology \u2014 ASIACRYPT 2000","author":"S Moriai","year":"2000","unstructured":"Moriai, S., Vaudenay, S.: On the pseudorandomness of top-level schemes of block ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 289\u2013302. Springer, Heidelberg (2000). doi:10.1007\/3-540-44448-3_22"},{"key":"4_CR67","unstructured":"Mouha, N.: The design space of lightweight cryptography. Cryptology ePrint Archive, Report 2015\/303 (2015)"},{"key":"4_CR68","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/978-3-662-47989-6_10","volume-title":"Advances in Cryptology \u2013 CRYPTO 2015","author":"N Mouha","year":"2015","unstructured":"Mouha, N., Luykx, A.: Multi-key security: the Even-Mansour construction revisited. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 209\u2013223. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-47989-6_10"},{"key":"4_CR69","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"306","DOI":"10.1007\/978-3-319-13051-4_19","volume-title":"Selected Areas in Cryptography \u2013 SAC 2014","author":"N Mouha","year":"2014","unstructured":"Mouha, N., Mennink, B., Herrewege, A.V., Watanabe, D., Preneel, B., Verbauwhede, I.: Chaskey: an efficient MAC algorithm for 32-bit microcontrollers. In: Joux, A., Youssef, A. (eds.) SAC 2014. LNCS, vol. 8781, pp. 306\u2013323. Springer, Heidelberg (2014). doi:10.1007\/978-3-319-13051-4_19"},{"key":"4_CR70","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-642-34704-7_5","volume-title":"Information Security and Cryptology","author":"N Mouha","year":"2012","unstructured":"Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57\u201376. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-34704-7_5"},{"key":"4_CR71","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/978-3-642-37682-5_3","volume-title":"Information Security and Cryptology \u2013 ICISC 2012","author":"C Rechberger","year":"2013","unstructured":"Rechberger, C.: On bruteforce-like cryptanalysis: new meet-in-the-middle attacks in symmetric cryptanalysis. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 33\u201336. Springer, Heidelberg (2013). doi:10.1007\/978-3-642-37682-5_3"},{"key":"4_CR72","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1007\/978-3-540-78967-3_13","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2008","author":"P Rogaway","year":"2008","unstructured":"Rogaway, P., Steinberger, J.: Security\/efficiency tradeoffs for permutation-based hashing. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 220\u2013236. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-78967-3_13"},{"key":"4_CR73","unstructured":"R\u00f8njom, S.: Personal Communication, March 2016"},{"key":"4_CR74","unstructured":"R\u00f8njom, S.: Invariant subspaces in Simpira. Cryptology ePrint Archive, Report 2016\/248 (2016)"},{"key":"4_CR75","unstructured":"Schroeppel, R.: The hasty pudding cipher - a tasty morsel, submission to the NIST AES competition (1998)"},{"key":"4_CR76","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/978-3-642-13858-4_2","volume-title":"Fast Software Encryption","author":"T Suzaki","year":"2010","unstructured":"Suzaki, T., Minematsu, K.: Improving the generalized Feistel. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 19\u201339. Springer, Heidelberg (2010). doi:10.1007\/978-3-642-13858-4_2"},{"key":"4_CR77","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-662-46800-5_12","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2015","author":"Y Todo","year":"2015","unstructured":"Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287\u2013314. Springer, Heidelberg (2015). doi:10.1007\/978-3-662-46800-5_12"},{"key":"4_CR78","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/3-540-48519-8_12","volume-title":"Fast Software Encryption","author":"D Wagner","year":"1999","unstructured":"Wagner, D.: The boomerang attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156\u2013170. Springer, Heidelberg (1999). doi:10.1007\/3-540-48519-8_12"},{"key":"4_CR79","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-642-25513-7_8","volume-title":"Cryptology and Network Security","author":"S Yanagihara","year":"2011","unstructured":"Yanagihara, S., Iwata, T.: On permutation layer of type 1, source-heavy, and target-heavy generalized Feistel structures. In: Lin, D., Tsudik, G., Wang, X. (eds.) CANS 2011. LNCS, vol. 7092, pp. 98\u2013117. Springer, Heidelberg (2011). doi:10.1007\/978-3-642-25513-7_8"},{"issue":"1","key":"4_CR80","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1587\/transfun.E96.A.2","volume":"96\u2013A","author":"S Yanagihara","year":"2013","unstructured":"Yanagihara, S., Iwata, T.: Improving the permutation layer of type 1, type 3, source-heavy, and target-heavy generalized Feistel structures. IEICE Trans. 96\u2013A(1), 2\u201314 (2013)","journal-title":"IEICE Trans."},{"issue":"4","key":"4_CR81","doi-asserted-by":"publisher","first-page":"952","DOI":"10.1587\/transfun.E97.A.952","volume":"97A","author":"S Yanagihara","year":"2014","unstructured":"Yanagihara, S., Iwata, T.: Type 1.x generalized Feistel structures. IEICE Trans. 97A(4), 952\u2013963 (2014)","journal-title":"IEICE Trans."},{"key":"4_CR82","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/978-3-319-26617-6_12","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2015","author":"H Zhang","year":"2015","unstructured":"Zhang, H., Wu, W.: Structural evaluation for generalized Feistel structures and applications to LBlock and TWINE. In: Biryukov, A., Goyal, V. (eds.) INDOCRYPT 2015. LNCS, vol. 9462, pp. 218\u2013237. Springer, Heidelberg (2015). doi:10.1007\/978-3-319-26617-6_12"},{"key":"4_CR83","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"461","DOI":"10.1007\/0-387-34805-0_42","volume-title":"Advances in Cryptology \u2014 CRYPTO 1989 Proceedings","author":"Y Zheng","year":"1990","unstructured":"Zheng, Y., Matsumoto, T., Imai, H.: On the construction of block ciphers provably secure and not relying on any unproved hypotheses. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 461\u2013480. Springer, Heidelberg (1990). doi:10.1007\/0-387-34805-0_42"}],"container-title":["Lecture Notes in Computer Science","Advances in Cryptology \u2013 ASIACRYPT 2016"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-53887-6_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,12]],"date-time":"2024-03-12T17:06:35Z","timestamp":1710263195000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-662-53887-6_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662538869","9783662538876"],"references-count":83,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-53887-6_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"9 November 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ASIACRYPT","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Theory and Application of Cryptology and Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Hanoi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Vietnam","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2016","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 December 2016","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 December 2016","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"asiacrypt2016","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.asiacrypt2016.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}