{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,8,9]],"date-time":"2024-08-09T02:15:35Z","timestamp":1723169735529},"reference-count":55,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2007,10,13]],"date-time":"2007-10-13T00:00:00Z","timestamp":1192233600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2008,7]]},"DOI":"10.1007\/s00145-007-9017-3","type":"journal-article","created":{"date-parts":[[2007,10,12]],"date-time":"2007-10-12T17:18:49Z","timestamp":1192209529000},"page":"430-457","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Cryptanalysis of an E0-like Combiner with Memory"],"prefix":"10.1007","volume":"21","author":[{"given":"Yi","family":"Lu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Serge","family":"Vaudenay","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2007,10,13]]},"reference":[{"key":"9017_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/978-3-540-25937-4_5","volume-title":"Fast Software Encryption 2004","author":"F. Armknecht","year":"2004","unstructured":"F.\u00a0Armknecht, Improving fast algebraic attacks, in Fast Software Encryption 2004, ed. by B.\u00a0Roy, W.\u00a0Meier. Lecture Notes in Computer Science, vol. 3017 (Springer, Berlin, 2004), pp. 65\u201382"},{"key":"9017_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"162","DOI":"10.1007\/978-3-540-45146-4_10","volume-title":"Advances in Cryptology\u2014CRYPTO2003","author":"F. Armknecht","year":"2003","unstructured":"F.\u00a0Armknecht, M.\u00a0Krause, Algebraic attacks on combiners with memory, in Advances in Cryptology\u2014CRYPTO2003, ed. by D.\u00a0Boneh. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 162\u2013175"},{"key":"9017_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1007\/11596219_9","volume-title":"Progress in Cryptology\u2014INDOCRYPT2005","author":"F. Armknecht","year":"2005","unstructured":"F.\u00a0Armknecht, M.\u00a0Krause, D.\u00a0Stegemann, Design principles for combiners with memory, in Progress in Cryptology\u2014INDOCRYPT2005, ed. by S.\u00a0Maitra, C.E.V.\u00a0Madhavan, R.\u00a0Venkatesan. Lecture Notes in Computer Science, vol. 3797 (Springer, Berlin, 2005), pp. 104\u2013117"},{"key":"9017_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"432","DOI":"10.1007\/978-3-540-30539-2_31","volume-title":"Advances in Cryptology\u2014ASIACRYPT2004","author":"T. Baign\u00e8res","year":"2004","unstructured":"T.\u00a0Baign\u00e8res, P.\u00a0Junod, S.\u00a0Vaudenay, How far can we go beyond linear cryptanalysis? in Advances in Cryptology\u2014ASIACRYPT2004, ed. by P.J.\u00a0Lee. Lecture Notes in Computer Science, vol. 3329 (Springer, Berlin, 2004), pp. 432\u2013450"},{"issue":"3","key":"9017_CR5","doi-asserted-by":"publisher","first-page":"384","DOI":"10.1109\/TIT.1978.1055873","volume":"IT-24","author":"E.R. Berlekamp","year":"1978","unstructured":"E.R.\u00a0Berlekamp, R.J.\u00a0McEliece, H.C.A. Van\u00a0Tilborg, On the inherent intractability of certain coding problems. IEEE Trans. Inf. Theory IT-24(3), 384\u2013386 (1978)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9017_CR6","unstructured":"Bluetooth specification (version 2.0 + EDR) (November 2004), \n                    http:\/\/www.bluetooth.org"},{"issue":"1","key":"9017_CR7","doi-asserted-by":"publisher","first-page":"367","DOI":"10.1109\/18.651067","volume":"44","author":"A. Canteaut","year":"1998","unstructured":"A.\u00a0Canteaut, F.\u00a0Chabaud, A new algorithm for finding minimum-weight words in a linear code: application to McEliece\u2019s cryptosystem and to narrow-sense BCH codes of length 511. IEEE Trans. Inf. Theory 44(1), 367\u2013378 (1998)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9017_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/3-540-44706-7_12","volume-title":"Fast Software Encryption 2000","author":"A. Canteaut","year":"2001","unstructured":"A.\u00a0Canteaut, E.\u00a0Filiol, Ciphertext only reconstruction of stream ciphers based on combination generators, in Fast Software Encryption 2000, ed. by B.\u00a0Schneier. Lecture Notes in Computer Science, vol.\u00a01978 (Springer, Berlin, 2001), pp. 165\u2013180"},{"key":"9017_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"573","DOI":"10.1007\/3-540-45539-6_40","volume-title":"Advances in Cryptology\u2014EUROCRYPT2000","author":"A. Canteaut","year":"2000","unstructured":"A.\u00a0Canteaut, M.\u00a0Trabbia, Improved fast correlation attacks using parity-check equations of weight 4 and 5, in Advances in Cryptology\u2014EUROCRYPT2000, ed. by B.\u00a0Preneel. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 573\u2013588"},{"key":"9017_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"176","DOI":"10.1007\/3-540-46416-6_16","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201991","author":"V. Chepyzhov","year":"1991","unstructured":"V.\u00a0Chepyzhov, B.\u00a0Smeets, On a fast correlation attack on certain stream ciphers, in Advances in Cryptology\u2014EUROCRYPT\u201991, ed. by D.W.\u00a0Davies. Lecture Notes in Computer Science, vol. 547 (Springer, Berlin, 1991), pp. 176\u2013185"},{"key":"9017_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/3-540-44706-7_13","volume-title":"Fast Software Encryption 2000","author":"V.V. Chepyzhov","year":"2001","unstructured":"V.V.\u00a0Chepyzhov, T.\u00a0Johansson, B.\u00a0Smeets, A simple algorithm for fast correlation attacks on stream ciphers, in Fast Software Encryption 2000, ed. by B.\u00a0Schneier. Lecture Notes in Computer Science, vol.\u00a01978 (Springer, Berlin, 2001), pp. 181\u2013195"},{"key":"9017_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"209","DOI":"10.1007\/3-540-46035-7_14","volume-title":"Advances in Cryptology\u2014EUROCRYPT2002","author":"P. Chose","year":"2002","unstructured":"P.\u00a0Chose, A.\u00a0Joux, M.\u00a0Mitton, Fast correlation attacks: an algorithmic point of view, in Advances in Cryptology\u2014EUROCRYPT2002, ed. by L.R.\u00a0Knudsen. Lecture Notes in Computer Science, vol. 2332 (Springer, Berlin, 2002), pp. 209\u2013221"},{"key":"9017_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1007\/3-540-60865-6_50","volume-title":"Fast Software Encryption\u201996","author":"A. Clark","year":"1996","unstructured":"A.\u00a0Clark, J.D.\u00a0Goli\u0107, E.\u00a0Dawson, A comparison of fast correlation attacks, in Fast Software Encryption\u201996, ed. by D.\u00a0Gollmann. Lecture Notes in Computer Science, vol. 1039 (Springer, Berlin, 1996), pp.\u00a0145\u2013157"},{"key":"9017_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"176","DOI":"10.1007\/978-3-540-45146-4_11","volume-title":"Advances in Cryptology\u2014CRYPTO2003","author":"N.T. Courtois","year":"2003","unstructured":"N.T.\u00a0Courtois, Fast algebraic attacks on stream ciphers with linear feedback, in Advances in Cryptology\u2014CRYPTO2003, ed. by D.\u00a0Boneh. Lecture Notes in Computer Science, vol. 2729 (Springer, Berlin, 2003), pp. 176\u2013194"},{"key":"9017_CR15","doi-asserted-by":"crossref","DOI":"10.1002\/0471200611","volume-title":"Elements of Information Theory","author":"T.M. Cover","year":"1991","unstructured":"T.M.\u00a0Cover, J.A.\u00a0Thomas, Elements of Information Theory (Wiley, New York, 1991)"},{"key":"9017_CR16","unstructured":"P.\u00a0Ekdahl, On LFSR based stream ciphers: Analysis and design. Ph.D. Thesis, Lund University, Nov 2003"},{"key":"9017_CR17","unstructured":"P.\u00a0Ekdahl, T.\u00a0Johansson, Some results on correlations in the Bluetooth stream cipher, in Proceedings of the 10th Joint Conference on Communications and Coding, Austria, 2000"},{"key":"9017_CR18","unstructured":"S.\u00a0Fluhrer, Improved key recovery of level 1 of the Bluetooth encryption system (2002), \n                    http:\/\/eprint.iacr.org\/2002\/068"},{"key":"9017_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"38","DOI":"10.1007\/3-540-45537-X_3","volume-title":"Selected Areas in Cryptography 2001","author":"S. Fluhrer","year":"2002","unstructured":"S.\u00a0Fluhrer, S.\u00a0Lucks, Analysis of the E0 encryption system, in Selected Areas in Cryptography 2001, ed.\u00a0by S.\u00a0Vaudenay, A.\u00a0Youssef. Lecture Notes in Computer Science, vol. 2259 (Springer, Berlin, 2002), pp.\u00a038\u201348"},{"key":"9017_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"586","DOI":"10.1007\/3-540-46885-4_56","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201989","author":"R. Forr\u00e9","year":"1990","unstructured":"R.\u00a0Forr\u00e9, A fast correlation attack on nonlinearly feedforward filtered shift-register sequences, in Advances in Cryptology\u2014EUROCRYPT\u201989, ed. by J.J.\u00a0Quisquater, J.\u00a0Vandewalle. Lecture Notes in Computer Science, vol. 434 (Springer, Berlin, 1990), pp. 586\u2013595"},{"key":"9017_CR21","volume-title":"Computers and Intractability: A Guide to the Theory of NP-Completeness","author":"M.R. Garey","year":"2000","unstructured":"M.R.\u00a0Garey, D.S.\u00a0Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness (Freeman, New York, 2000)"},{"key":"9017_CR22","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/BF00190805","volume":"9","author":"J.D. Goli\u0107","year":"1996","unstructured":"J.D.\u00a0Goli\u0107, Correlation properties of a general binary combiner with memory. J. Cryptol. 9, 111\u2013126 (1996)","journal-title":"J. Cryptol."},{"key":"9017_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1007\/3-540-60865-6_52","volume-title":"Fast Software Encryption\u201996","author":"J.D. Goli\u0107","year":"1996","unstructured":"J.D.\u00a0Goli\u0107, On the security of nonlinear filter generators, in Fast Software Encryption\u201996, ed. by D.\u00a0Gollmann. Lecture Notes in Computer Science, vol. 1039 (Springer, Berlin, 1996), pp. 173\u2013188"},{"key":"9017_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"238","DOI":"10.1007\/3-540-46035-7_16","volume-title":"Advances in Cryptology\u2014EUROCRYPT2002","author":"J.D. Goli\u0107","year":"2002","unstructured":"J.D.\u00a0Goli\u0107, V.\u00a0Bagini, G.\u00a0Morgari, Linear cryptanalysis of Bluetooth stream cipher, in Advances in Cryptology\u2014EUROCRYPT2002, ed. by L.R.\u00a0Knudsen. Lecture Notes in Computer Science, vol. 2332 (Springer, Berlin, 2002), pp. 238\u2013255"},{"key":"9017_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"390","DOI":"10.1007\/978-3-540-28628-8_24","volume-title":"Advances in Cryptology\u2014CRYPTO2004","author":"P. Hawkes","year":"2004","unstructured":"P.\u00a0Hawkes, G.G.\u00a0Rose, Rewriting variables: The complexity of fast algebraic attacks on stream ciphers, in Advances in Cryptology\u2014CRYPTO2004, ed. by M.\u00a0Franklin. Lecture Notes in Computer Science, vol.\u00a03152 (Springer, Berlin, 2004), pp. 390\u2013406"},{"key":"9017_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1007\/10719994_2","volume-title":"Information Security and Cryptology\u2014ICISC\u201999","author":"M. Hermelin","year":"2000","unstructured":"M.\u00a0Hermelin, K.\u00a0Nyberg, Correlation properties of the Bluetooth combiner, in Information Security and Cryptology\u2014ICISC\u201999, ed. by J.\u00a0Song. Lecture Notes in Computer Science, vol. 1787 (Springer, Berlin, 2000), pp. 17\u201329"},{"key":"9017_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"181","DOI":"10.1007\/3-540-48405-1_12","volume-title":"Advances in Cryptology\u2014CRYPTO\u201999","author":"T. Johansson","year":"1999","unstructured":"T.\u00a0Johansson, F.\u00a0J\u00f6nsson, Fast correlation attacks based on turbo code techniques, in Advances in Cryptology\u2014CRYPTO\u201999, ed. by M.\u00a0Wiener. Lecture Notes in Computer Science, vol. 1666 (Springer, Berlin, 1999), pp. 181\u2013197"},{"key":"9017_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"347","DOI":"10.1007\/3-540-48910-X_24","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201999","author":"T. Johansson","year":"1999","unstructured":"T.\u00a0Johansson, F.\u00a0J\u00f6nsson, Improved fast correlation attacks on stream ciphers via convolutional codes, in Advances in Cryptology\u2014EUROCRYPT\u201999, ed. by J.\u00a0Stern. Lecture Notes in Computer Science, vol.\u00a01592 (Springer, Berlin, 1999), pp. 347\u2013362"},{"key":"9017_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"300","DOI":"10.1007\/3-540-44598-6_19","volume-title":"Advances in Cryptology\u2014CRYPTO2000","author":"T. Johansson","year":"2000","unstructured":"T.\u00a0Johansson, F.\u00a0J\u00f6nsson, Fast correlation attacks through reconstruction of linear polynomials, in Advances in Cryptology\u2014CRYPTO2000, ed. by M.\u00a0Bellare. Lecture Notes in Computer Science, vol. 1880 (Springer, Berlin, 2000), pp. 300\u2013315"},{"key":"9017_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"222","DOI":"10.1007\/3-540-46035-7_15","volume-title":"Advances in Cryptology\u2014EUROCRYPT2002","author":"M. Krause","year":"2002","unstructured":"M.\u00a0Krause, BDD-based cryptanalysis of keystream generators, in Advances in Cryptology\u2014EUROCRYPT2002, ed. by L.R.\u00a0Knudsen. Lecture Notes in Computer Science, vol. 2332 (Springer, Berlin, 2002), pp. 222\u2013237"},{"key":"9017_CR31","volume-title":"Introduction to Finite Fields and Their Applications","author":"R. Lidl","year":"1986","unstructured":"R.\u00a0Lidl, H.\u00a0Niederreiter, Introduction to Finite Fields and Their Applications (Cambridge University Press, Cambridge, 1986)"},{"key":"9017_CR32","unstructured":"Y.\u00a0Lu, Applied stream ciphers in mobile communications. Ph.D. Thesis, EPFL, 2006"},{"key":"9017_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"97","DOI":"10.1007\/11535218_7","volume-title":"Advances in Cryptology\u2014CRYPTO2005","author":"Y. Lu","year":"2005","unstructured":"Y.\u00a0Lu, W.\u00a0Meier, S.\u00a0Vaudenay, The conditional correlation attack: a practical attack on Bluetooth encryption, in Advances in Cryptology\u2014CRYPTO2005, ed. by V.\u00a0Shoup. Lecture Notes in Computer Science, vol. 3621 (Springer, Berlin, 2005), pp. 97\u2013117"},{"key":"9017_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"483","DOI":"10.1007\/978-3-540-30539-2_34","volume-title":"Advances in Cryptology\u2014ASIACRYPT2004","author":"Y. Lu","year":"2004","unstructured":"Y.\u00a0Lu, S.\u00a0Vaudenay, Cryptanalysis of Bluetooth keystream generator two-level E0, in Advances in Cryptology\u2014ASIACRYPT2004, ed. by P.J.\u00a0Lee. Lecture Notes in Computer Science, vol. 3329 (Springer, Berlin, 2004), pp. 483\u2013499"},{"key":"9017_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1007\/978-3-540-28628-8_25","volume-title":"Advances in Cryptology\u2014CRYPTO2004","author":"Y. Lu","year":"2004","unstructured":"Y.\u00a0Lu, S.\u00a0Vaudenay, Faster correlation attack on Bluetooth keystream generator E0, in Advances in Cryptology\u2014CRYPTO2004, ed. by M.\u00a0Franklin. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 407\u2013425"},{"key":"9017_CR36","volume-title":"The Theory of Error-Correcting Codes","author":"F.J. MacWilliams","year":"1996","unstructured":"F.J.\u00a0MacWilliams, N.J.A.\u00a0Sloane, The Theory of Error-Correcting Codes, 9th edn. (North-Holland, Amsterdam, 1996)","edition":"9"},{"key":"9017_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"386","DOI":"10.1007\/3-540-48285-7_33","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201993","author":"M. Matsui","year":"1994","unstructured":"M.\u00a0Matsui, Linear cryptanalysis method for DES cipher, in Advances in Cryptology\u2014EUROCRYPT\u201993, ed. by T.\u00a0Helleseth. Lecture Notes in Computer Science, vol. 765 (Springer, Berlin, 1994), pp. 386\u2013397"},{"key":"9017_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1007\/3-540-45961-8_28","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201988","author":"W. Meier","year":"1988","unstructured":"W.\u00a0Meier, O.\u00a0Staffelbach, Fast correlation attacks on stream ciphers (extended abstract), in Advances in Cryptology\u2014EUROCRYPT\u201988, ed. by C.\u00a0G\u00fcnther. Lecture Notes in Computer Science, vol. 330 (Springer, Berlin, 1988), pp. 301\u2013314"},{"issue":"3","key":"9017_CR39","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1007\/BF02252874","volume":"1","author":"W. Meier","year":"1989","unstructured":"W.\u00a0Meier, O.\u00a0Staffelbach, Fast correlation attacks on certain stream ciphers. J. Cryptol. 1(3), 159\u2013176 (1989)","journal-title":"J. Cryptol."},{"key":"9017_CR40","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/BF00191322","volume":"5","author":"W. Meier","year":"1992","unstructured":"W.\u00a0Meier, O.\u00a0Staffelbach, Correlation properties of combiners with memory in stream ciphers. J. Cryptol. 5, 67\u201386 (1992)","journal-title":"J. Cryptol."},{"key":"9017_CR41","volume-title":"Handbook of Applied Cryptography","author":"A.J. Menezes","year":"1996","unstructured":"A.J.\u00a0Menezes, P.C. van\u00a0Oorschot, S.A.\u00a0Vanstone, Handbook of Applied Cryptography (CRC Press, Boca Raton, 1996)"},{"key":"9017_CR42","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/3-540-44706-7_14","volume-title":"Fast Software Encryption 2000","author":"M.J. Mihaljevi\u0107","year":"2001","unstructured":"M.J.\u00a0Mihaljevi\u0107, M.P.C.\u00a0Fossorier, H.\u00a0Imai, A low-complexity and high-performance algorithm for the fast correlation attack, in Fast Software Encryption 2000, ed. by B.\u00a0Schneier. Lecture Notes in Computer Science, vol. 1978 (Springer, Berlin, 2001), pp. 196\u2013212"},{"key":"9017_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/3-540-45473-X_17","volume-title":"Fast Software Encryption 2001","author":"M.J. Mihaljevi\u0107","year":"2002","unstructured":"M.J.\u00a0Mihaljevi\u0107, M.P.C.\u00a0Fossorier, H.\u00a0Imai, Fast correlation attack algorithm with list decoding and an application, in Fast Software Encryption 2001, ed. by M.\u00a0Matsui. Lecture Notes in Computer Science, vol. 2355 (Springer, Berlin, 2002), pp. 196\u2013210"},{"key":"9017_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"165","DOI":"10.1007\/BFb0030359","volume-title":"Advances in Cryptology\u2014AUSCRYPT\u201990","author":"M.J. Mihaljevi\u0107","year":"1990","unstructured":"M.J.\u00a0Mihaljevi\u0107, J.D.\u00a0Goli\u0107, A fast iterative algorithm for a shift register initial state reconstruction given the noisy output sequence, in Advances in Cryptology\u2014AUSCRYPT\u201990, ed. by J.\u00a0Seberry, J.\u00a0Pieprzyk. Lecture Notes in Computer Science, vol. 453 (Springer, Berlin, 1990), pp. 165\u2013175"},{"key":"9017_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"527","DOI":"10.1007\/3-540-46416-6_48","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201991","author":"M.J. Mihaljevi\u0107","year":"1991","unstructured":"M.J.\u00a0Mihaljevi\u0107, J.D.\u00a0Goli\u0107, A comparison of cryptanalytic principles based on iterative error-correction, in Advances in Cryptology\u2014EUROCRYPT\u201991, ed. by D.W.\u00a0Davies. Lecture Notes in Computer Science, vol. 547 (Springer, Berlin, 1991), pp. 527\u2013531"},{"key":"9017_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1007\/3-540-60865-6_51","volume-title":"Fast Software Encryption\u201996","author":"W.T. Penzhorn","year":"1996","unstructured":"W.T.\u00a0Penzhorn, Correlation attacks on stream ciphers: computing low-weight parity checks based on error-correcting codes, in Fast Software Encryption\u201996, ed. by D.\u00a0Gollmann. Lecture Notes in Computer Science, vol. 1039 (Springer, Berlin, 1996), pp. 159\u2013172"},{"key":"9017_CR47","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-82865-2","volume-title":"Analysis and Design of Stream Ciphers","author":"R.A. Rueppel","year":"1986","unstructured":"R.A.\u00a0Rueppel, Analysis and Design of Stream Ciphers (Springer, Berlin, 1986)"},{"key":"9017_CR48","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"260","DOI":"10.1007\/3-540-39799-X_20","volume-title":"Advances in Cryptology\u2014CRYPTO\u201985","author":"R.A. Rueppel","year":"1986","unstructured":"R.A.\u00a0Rueppel, Correlation immunity and the summation generator, in Advances in Cryptology\u2014CRYPTO\u201985, ed. by H.C.\u00a0Williams. Lecture Notes in Computer Science, vol. 218 (Springer, Berlin, 1986), pp. 260\u2013272"},{"key":"9017_CR49","unstructured":"M.\u00a0Saarinen, Re: Bluetooth and E0, 2000. Posted at \n                    sci.crypt.research"},{"issue":"1","key":"9017_CR50","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1109\/TC.1985.1676518","volume":"C-34","author":"T. Siegenthaler","year":"1985","unstructured":"T.\u00a0Siegenthaler, Decrypting a class of stream ciphers using ciphertext only. IEEE Trans. Comput. C-34(1), 81\u201385 (1985)","journal-title":"IEEE Trans. Comput."},{"key":"9017_CR51","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1007\/3-540-39805-8_12","volume-title":"Advances in Cryptology\u2014EUROCRYPT\u201985","author":"T. Siegenthaler","year":"1986","unstructured":"T.\u00a0Siegenthaler, Cryptanalysts representation of nonlinearly filtered ML-sequences, in Advances in Cryptology\u2014EUROCRYPT\u201985, ed. by F.\u00a0Pichler. Lecture Notes in Computer Science, vol. 219 (Springer, Berlin, 1986), pp. 103\u2013110"},{"key":"9017_CR52","unstructured":"S.\u00a0Vaudenay, An experiment on DES\u2014statistical cryptanalysis, in Proceedings of the 3rd ACM Conferences on Computer Security (1996), pp. 139\u2013147"},{"key":"9017_CR53","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"288","DOI":"10.1007\/3-540-45708-9_19","volume-title":"Advances in Cryptology\u2014CRYPTO2002","author":"D. Wagner","year":"2002","unstructured":"D.\u00a0Wagner, A generalized birthday problem, in Advances in Cryptology\u2014CRYPTO2002, ed. by M.\u00a0Yung. Lecture Notes in Computer Science, vol. 2442 (Springer, Berlin, 2002), pp. 288\u2013304"},{"key":"9017_CR54","volume-title":"Hadamard Matrix Analysis and Synthesis with Applications to Communications and Signal\/Image Processing","author":"R.K. Yarlagadda","year":"1997","unstructured":"R.K.\u00a0Yarlagadda, J.E.\u00a0Hershey, Hadamard Matrix Analysis and Synthesis with Applications to Communications and Signal\/Image Processing (Kluwer, Dordrecht, 1997)"},{"key":"9017_CR55","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1007\/0-387-34799-2_32","volume-title":"Advances in Cryptology\u2014CRYPTO\u201988","author":"K. Zeng","year":"1990","unstructured":"K.\u00a0Zeng, M.\u00a0Huang, On the linear syndrome method in cryptanalysis, in Advances in Cryptology\u2014CRYPTO\u201988, ed. by S.\u00a0Goldwasser. Lecture Notes in Computer Science, vol. 403 (Springer, Berlin, 1990), pp. 469\u2013478"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-007-9017-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-007-9017-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-007-9017-3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-007-9017-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,8]],"date-time":"2020-04-08T08:38:39Z","timestamp":1586335119000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-007-9017-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,10,13]]},"references-count":55,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2008,7]]}},"alternative-id":["9017"],"URL":"https:\/\/doi.org\/10.1007\/s00145-007-9017-3","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007,10,13]]},"assertion":[{"value":"12 June 2006","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 July 2007","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 October 2007","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}