{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,17]],"date-time":"2025-04-17T13:29:41Z","timestamp":1744896581280},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2015,4,18]],"date-time":"2015-04-18T00:00:00Z","timestamp":1429315200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2016,10]]},"DOI":"10.1007\/s00145-015-9207-3","type":"journal-article","created":{"date-parts":[[2015,4,17]],"date-time":"2015-04-17T22:28:18Z","timestamp":1429309698000},"page":"697-728","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Key Recovery Attacks on Iterated Even\u2013Mansour Encryption Schemes"],"prefix":"10.1007","volume":"29","author":[{"given":"Itai","family":"Dinur","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Orr","family":"Dunkelman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nathan","family":"Keller","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Adi","family":"Shamir","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,4,18]]},"reference":[{"key":"9207_CR1","doi-asserted-by":"crossref","unstructured":"E. Andreeva, A. Bogdanov, Y. Dodis, B. Mennink, J. P. Steinberger, On the indifferentiability of key-alternating ciphers. in CRYPTO (1), volume 8042 of Lecture Notes in Computer Science, ed. by R. Canetti, J.A. Garay (Springer, Berlin, 2013), pp. 531\u2013550","DOI":"10.1007\/978-3-642-40041-4_29"},{"key":"9207_CR2","doi-asserted-by":"crossref","unstructured":"K. Aoki, Y. Sasaki, Preimage attacks on one-block MD4, 63-step MD5 and more. in Selected Areas in Cryptography, volume 5381 of Lecture Notes in Computer Science, ed. by R.M. Avanzi, L. Keliher, F. Sica (Springer, Berlin, 2008), pp. 103\u2013119","DOI":"10.1007\/978-3-642-04159-4_7"},{"key":"9207_CR3","unstructured":"P.S.L.M. Barreto, V. Rijmen, The ANUBIS Block Cipher. Submission to the NESSIE project, 2000"},{"key":"9207_CR4","unstructured":"P.S.L.M. Barreto, V. Rijmen, The Khazad Legacy-Level Block Cipher. Submission to the NESSIE project, 2000"},{"key":"9207_CR5","doi-asserted-by":"crossref","unstructured":"A. Biryukov, D. Wagner, Slide attacks. in Knudsen [23], pp. 245\u2013259","DOI":"10.1007\/3-540-48519-8_18"},{"key":"9207_CR6","doi-asserted-by":"crossref","unstructured":"A. Bogdanov, D. Khovratovich, C. Rechberger, Biclique cryptanalysis of the full AES. in ASIACRYPT, volume 7073 of Lecture Notes in Computer Science, ed. by D.H. Lee, X. Wang (Springer, Berlin, 2011), pp. 344\u2013371","DOI":"10.1007\/978-3-642-25385-0_19"},{"key":"9207_CR7","doi-asserted-by":"crossref","unstructured":"A. Bogdanov, L.R. Knudsen, G. Leander, F.-X. Standaert, J. P. Steinberger, E. Tischhauser, Key-alternating ciphers in a provable setting: encryption using a small number of public permutations - (extended abstract). in Pointcheval and Johansson [31], pp. 45\u201362","DOI":"10.1007\/978-3-642-29011-4_5"},{"key":"9207_CR8","doi-asserted-by":"crossref","unstructured":"S. Chen, J.P. Steinberger, Tight security bounds for key-alternating ciphers. in EUROCRYPT, volume 8441 of Lecture Notes in Computer Science, ed. by P.Q. Nguyen, E. Oswald (Springer, Berlin, 2014), pp. 327\u2013350","DOI":"10.1007\/978-3-642-55220-5_19"},{"key":"9207_CR9","doi-asserted-by":"crossref","unstructured":"J. Daemen, Limitations of the Even-Mansour construction. in ASIACRYPT, volume 739 of Lecture Notes in Computer Science, ed. by H. Imai, R.L. Rivest, T. Matsumoto (Springer, Berlin, 1991), pp. 495\u2013498","DOI":"10.1007\/3-540-57332-1_46"},{"key":"9207_CR10","unstructured":"J. Daemen, M. Peeters, G.V. Assche, V. Rijmen, Nessie Proposal: NOEKEON. Submission to the NESSIE project, 2000"},{"key":"9207_CR11","doi-asserted-by":"crossref","unstructured":"I. Dinur, O. Dunkelman, N. Keller, A. Shamir. Key recovery attacks on 3-round Even-Mansour, 8-step LED-128, and full $$AES^2$$ A E S 2 . in Sako and Sarkar [33], pp. 337\u2013356","DOI":"10.1007\/978-3-642-42033-7_18"},{"key":"9207_CR12","doi-asserted-by":"crossref","unstructured":"I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Cryptanalysis of iterated Even-Mansour schemes with two keys. in P. Sarkar, T. Iwata, eds. Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7\u201311, 2014. Proceedings, Part I, volume 8873 of Lecture Notes in Computer Science (Springer, Berlin, 2014), pp. 439\u2013457","DOI":"10.1007\/978-3-662-45611-8_23"},{"key":"9207_CR13","doi-asserted-by":"crossref","unstructured":"I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Improved linear sieving techniques with applications to step-reduced LED-64. Presented at FSE 2014, to Appear to Lecture Notes in Computer Science, 2014","DOI":"10.1007\/978-3-662-46706-0_20"},{"key":"9207_CR14","doi-asserted-by":"crossref","unstructured":"O. Dunkelman, N. Keller, A. Shamir, Minimalism in cryptography: the Even-Mansour scheme revisited. in Pointcheval and Johansson [31], pp. 336\u2013354","DOI":"10.1007\/978-3-642-29011-4_21"},{"issue":"3","key":"9207_CR15","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"S. Even and Y. Mansour. A Construction of a Cipher from a Single Pseudorandom Permutation. J. Cryptology, 10(3):151\u2013162, 1997.","journal-title":"J. Cryptol."},{"key":"9207_CR16","doi-asserted-by":"crossref","unstructured":"P. Flajolet, A.M. Odlyzko, Random mapping statistics. in EUROCRYPT, volume 434 of Lecture Notes in Computer Science, ed. by J.-J. Quisquater, J. Vandewalle (Springer, Berlin, 1989), pp. 329\u2013354","DOI":"10.1007\/3-540-46885-4_34"},{"key":"9207_CR17","doi-asserted-by":"crossref","unstructured":"P. Flajolet, R. Sedgewick. Analytic Combinatorics. (Cambridge University Press, Cambridge, 2009)","DOI":"10.1017\/CBO9780511801655"},{"key":"9207_CR18","doi-asserted-by":"crossref","unstructured":"B. G\u00e9rard, V. Grosso, M. Naya-Plasencia, F.-X. Standaert, Block ciphers that are easier to mask: how far can we go? in CHES, volume 8086 of Lecture Notes in Computer Science, ed. by G. Bertoni, J.-S. Coron (Springer, Berlin, 2013), pp. 383\u2013399","DOI":"10.1007\/978-3-642-40349-1_22"},{"key":"9207_CR19","doi-asserted-by":"crossref","unstructured":"B. G\u00e9rard, V. Grosso, M. Naya-Plasencia, F.-X. Standaert, Block ciphers that are easier to mask: how far can we go? Cryptology ePrint Archive, Report 2013\/369, 2013. http:\/\/eprint.iacr.org\/","DOI":"10.1007\/978-3-642-40349-1_22"},{"key":"9207_CR20","doi-asserted-by":"crossref","unstructured":"J. Guo, T. Peyrin, A. Poschmann, M.J.B. Robshaw, The LED block cipher. in CHES, volume 6917 of Lecture Notes in Computer Science, ed. by B. Preneel, T. Takagi (Springer, Berlin, 2011), pp. 326\u2013341","DOI":"10.1007\/978-3-642-23951-9_22"},{"issue":"4","key":"9207_CR21","doi-asserted-by":"publisher","first-page":"401","DOI":"10.1109\/TIT.1980.1056220","volume":"26","author":"ME Hellman","year":"1980","unstructured":"M. E. Hellman. A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory, 26(4):401\u2013406, 1980.","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9207_CR22","doi-asserted-by":"crossref","unstructured":"J. Kim, S. Hong, S. Lee, J. H. Song, H. Yang, Truncated differential attacks on 8-round CRYPTON. in ICISC, volume 2971 of Lecture Notes in Computer Science, ed. by J.I. Lim, D.H. Lee (Springer, Berlin, 2003), pp. 446\u2013456","DOI":"10.1007\/978-3-540-24691-6_33"},{"key":"9207_CR23","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, ed. Fast Software Encryption, 6th International Workshop, FSE \u201999, Rome, Italy, March 24\u201326, 1999, Proceedings, volume 1636 of Lecture Notes in Computer Science (Springer, Berlin, 1999)","DOI":"10.1007\/3-540-48519-8"},{"key":"9207_CR24","doi-asserted-by":"crossref","unstructured":"R. Lampe, J. Patarin, Y. Seurin, An asymptotically tight security analysis of the iterated Even-Mansour cipher. in Wang and Sako [36], pp. 278\u2013295","DOI":"10.1007\/978-3-642-34961-4_18"},{"key":"9207_CR25","doi-asserted-by":"crossref","unstructured":"R. Lampe, Y. Seurin, How to construct an ideal cipher from a small set of public permutations. in Sako and Sarkar [33], pp. 444\u2013463","DOI":"10.1007\/978-3-642-42033-7_23"},{"key":"9207_CR26","doi-asserted-by":"crossref","unstructured":"C.H. Lim, A revised version of crypton - crypton V1.0. in Knudsen [23], pp. 31\u201345","DOI":"10.1007\/3-540-48519-8_3"},{"key":"9207_CR27","doi-asserted-by":"crossref","unstructured":"F. Mendel, V. Rijmen, D. Toz, K. Varici, Differential analysis of the LED block cipher. in Wang and Sako [36], pp. 190\u2013207","DOI":"10.1007\/978-3-642-34961-4_13"},{"key":"9207_CR28","doi-asserted-by":"crossref","unstructured":"M. Minier, H. Gilbert, Stochastic cryptanalysis of Crypton. in FSE, volume 1978 of Lecture Notes in Computer Science, ed. by B. Schneier (Springer, Berlin, 2000), pp. 121\u2013133","DOI":"10.1007\/3-540-44706-7_9"},{"key":"9207_CR29","doi-asserted-by":"crossref","unstructured":"I. Nikolic, L. Wang, S. Wu, Cryptanalysis of round-reduced LED. in FSE, volume 8424 of Lecture Notes in Computer Science, ed. by S. Moriai (Springer, Berlin, 2013), pp. 112\u2013129","DOI":"10.1007\/978-3-662-43933-3_7"},{"key":"9207_CR30","doi-asserted-by":"crossref","unstructured":"L. O\u2019Connor, On the distribution of characteristics in bijective mappings. in EUROCRYPT, volume 765 of Lecture Notes in Computer Science, ed. by T. Helleseth (Springer, Berlin, 1993), pp. 360\u2013370","DOI":"10.1007\/3-540-48285-7_31"},{"key":"9207_CR31","doi-asserted-by":"crossref","unstructured":"D. Pointcheval, T. Johansson, eds. Advances in Cryptology - EUROCRYPT 2012 - 31st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cambridge, UK, April 15\u201319, 2012. Proceedings, volume 7237 of Lecture Notes in Computer Science (Springer, Berlin, 2012)","DOI":"10.1007\/978-3-642-29011-4"},{"key":"9207_CR32","unstructured":"S.M. Ross. Introduction to Probability and Statistics for Engineers and Scientists, 2 edn. (Academic Press, New York, 2000)"},{"key":"9207_CR33","doi-asserted-by":"crossref","unstructured":"K. Sako, P. Sarkar, eds. Advances in Cryptology - ASIACRYPT 2013 - 19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, December 1\u20135, 2013, Proceedings, Part I, volume 8269 of Lecture Notes in Computer Science (Springer, Berlin, 2013)","DOI":"10.1007\/978-3-642-42045-0"},{"key":"9207_CR34","doi-asserted-by":"crossref","unstructured":"H. Soleimany, Probabilistic slide cryptanalysis and its applications to LED-64 and Zorro. Presented at FSE 2014, to appear to Lecture Notes in Computer Science. 2014","DOI":"10.1007\/978-3-662-46706-0_19"},{"key":"9207_CR35","unstructured":"J. Steinberger, Improved security bounds for key-alternating ciphers via Hellinger distance. Cryptology ePrint Archive, Report 2012\/481, 2012. http:\/\/eprint.iacr.org\/"},{"key":"9207_CR36","doi-asserted-by":"crossref","unstructured":"X. Wang, K. Sako, eds. Advances in Cryptology - ASIACRYPT 2012 - 18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2\u20136, 2012. Proceedings, volume 7658 of Lecture Notes in Computer Science (Springer, Berlin, 2012)","DOI":"10.1007\/978-3-642-34961-4"},{"issue":"4","key":"9207_CR37","first-page":"168","volume":"1","author":"Y Wei","year":"2010","unstructured":"Y. Wei, C. Li, and B. Sun. Related-Key Impossible Differential Attacks on Crypton. International Journal of Intelligent Computing Research, 1(4):168\u2013175, 2010.","journal-title":"Int. J. Intell. Comput. Res."}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-015-9207-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-015-9207-3\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-015-9207-3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-015-9207-3.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,5]],"date-time":"2022-05-05T11:01:55Z","timestamp":1651748515000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-015-9207-3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,4,18]]},"references-count":37,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2016,10]]}},"alternative-id":["9207"],"URL":"https:\/\/doi.org\/10.1007\/s00145-015-9207-3","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,4,18]]},"assertion":[{"value":"26 December 2013","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 April 2015","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}