{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T23:19:27Z","timestamp":1773962367688,"version":"3.50.1"},"reference-count":24,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2018,4,2]],"date-time":"2018-04-02T00:00:00Z","timestamp":1522627200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2019,10]]},"DOI":"10.1007\/s00145-018-9285-0","type":"journal-article","created":{"date-parts":[[2018,4,2]],"date-time":"2018-04-02T18:47:59Z","timestamp":1522694879000},"page":"1383-1422","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Nonlinear Invariant Attack: Practical Attack on Full SCREAM, iSCREAM, and Midori64"],"prefix":"10.1007","volume":"32","author":[{"given":"Yosuke","family":"Todo","sequence":"first","affiliation":[]},{"given":"Gregor","family":"Leander","sequence":"additional","affiliation":[]},{"given":"Yu","family":"Sasaki","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,4,2]]},"reference":[{"key":"9285_CR1","doi-asserted-by":"crossref","unstructured":"S. Banik, A. Bogdanov, T. Isobe, K. Shibutani, H. Hiwatari, T. Akishita, F. Regazzoni, Midori: a block cipher for low energy. in T. Iwata, J.H. Cheon, (eds), ASIACRYPT Part II. LNCS, vol. 9453 (Springer, 2015), pp. 411\u2013436","DOI":"10.1007\/978-3-662-48800-3_17"},{"key":"9285_CR2","doi-asserted-by":"crossref","unstructured":"E. Biham, A. Biryukov, A. Shamir, Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials, in J. Stern, editor, EUROCRYPT, LNCS, vol. 1592 (Springer, 1999), pp. 12\u201323","DOI":"10.1007\/3-540-48910-X_2"},{"key":"9285_CR3","doi-asserted-by":"crossref","unstructured":"C. Beierle, A. Canteaut, G. Leander, Y. Rotella, Proving resistance against invariant attacks: how to choose the round constants, in J. Katz, H. Shacham, editors, CRYPTO 2017, Part II. LNCS, vol. 10402 (Springer, 2017), pp. 647\u2013678","DOI":"10.1007\/978-3-319-63715-0_22"},{"key":"9285_CR4","doi-asserted-by":"crossref","unstructured":"C. Bouillaguet, O. Dunkelman, G. Leurent, P.-A. Fouque, Another look at complementation properties, in S. Hong , T. Iwata, editors, FSE. LNCS, vol. 6147 (Springer, 2010), pp. 347\u2013364","DOI":"10.1007\/978-3-642-13858-4_20"},{"key":"9285_CR5","doi-asserted-by":"crossref","unstructured":"A. Bogdanov, V. Rijmen, Linear hulls with correlation zero and linear cryptanalysis of block ciphers. Des. Codes Cryptogr., 70(3), 369\u2013383, (2014)","DOI":"10.1007\/s10623-012-9697-z"},{"key":"9285_CR6","doi-asserted-by":"crossref","unstructured":"E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems, in A. Menezes, S.A. Vanstone, editors, CRYPTO. LNCS. vol. 537 (Springer, 1990), pp. 2\u201321","DOI":"10.1007\/3-540-38424-3_1"},{"key":"9285_CR7","doi-asserted-by":"crossref","unstructured":"A. Biryukov, D. Wagner, Slide attacks, in L.R. Knudsen, editor, FSE. LNCS, vol. 1636 (Springer, 1999), pp. 245\u2013259","DOI":"10.1007\/3-540-48519-8_18"},{"key":"9285_CR8","doi-asserted-by":"crossref","unstructured":"J. Guo, J. Jean, I. Nikolic, K. Qiao, Y.\u00a0Sasaki, S. Sim, Invariant subspace attack against Midori64 and the resistance criteria for S-box designs. IACR Trans. Symm. Cryptol., 2016(1), 33\u201356, (2016)","DOI":"10.46586\/tosc.v2016.i1.33-56"},{"key":"9285_CR9","unstructured":"V. Grosso, G. Leurent, F.-X. Standaert, K. Varici, A. Journault, F. Durvaux, L. Gaspar, S. Kerckhof, SCREAM v1. 2014. Submission to CAESAR competition"},{"key":"9285_CR10","unstructured":"V. Grosso, G. Leurent, F.-X. Standaert, K. Varici, A. Journault, F. Durvaux, L. Gaspar, S. Kerckhof, SCREAM v3. 2015. Submission to CAESAR competition"},{"key":"9285_CR11","doi-asserted-by":"crossref","unstructured":"V. Grosso, G. Leurent, F.-X. Standaert, K. Varici, LS-Designs: Bitslice encryption for efficient masked software implementations, in C. Cid, C. Rechberger, editors, FSE. LNCS, vol. 8540 (Springer, 2014), pp. 18\u201337","DOI":"10.1007\/978-3-662-46706-0_2"},{"key":"9285_CR12","doi-asserted-by":"crossref","unstructured":"M. Hermelin, J.Y. Cho, K. Nyberg, Multidimensional linear cryptanalysis of reduced round Serpent, in Y.\u00a0Mu, W. Susilo, J. Seberry, editors, ACISP.LNCS, vol. 5107 (Springer, 2008), pp. 203\u2013215","DOI":"10.1007\/978-3-540-70500-0_15"},{"key":"9285_CR13","doi-asserted-by":"crossref","unstructured":"C. Harpes, G.G. Kramer, J.L. Massey, A generalization of linear cryptanalysis and the applicability of Matsui\u2019s piling-up lemma, in L.C. Guillou, J.-J. Quisquater, editors, EUROCRYPT. LNCS, vol. 921 (Springer, 1995), pp. 24\u201338","DOI":"10.1007\/3-540-49264-X_3"},{"key":"9285_CR14","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, Truncated and higher order differentials, in B. Preneel, editor, FSE. LNCS, vol. 1008 (Springer, 1994), pp. 196\u2013211","DOI":"10.1007\/3-540-60590-8_16"},{"key":"9285_CR15","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, M.J.B. Robshaw, Non-linear approximations in linear cryptanalysis, in U.M. Maurer, editor, EUROCRYPT. LNCS, vol. 1070 (Springer, 1996), pp. 224\u2013236","DOI":"10.1007\/3-540-68339-9_20"},{"key":"9285_CR16","doi-asserted-by":"crossref","unstructured":"G. Leander, M.A. Abdelraheem, H. AlKhzaimi, E. Zenner, A cryptanalysis of PRINTCIPHER: the invariant subspace attack, in P. Rogaway, editor, CRYPTO. LNCS, vol. 6841 (Springer, 2011), pp. 206\u2013221","DOI":"10.1007\/978-3-642-22792-9_12"},{"key":"9285_CR17","doi-asserted-by":"crossref","unstructured":"G. Leander, B. Minaud, S. R\u00f8njom, A generic approach to invariant subspace attacks: cryptanalysis of robin, iscream and zorro, in E. Oswald, M. Fischlin, editors, EUROCRYPT. LNCS, vol. 9056 (Springer, 2015), pp. 254\u2013283","DOI":"10.1007\/978-3-662-46800-5_11"},{"key":"9285_CR18","doi-asserted-by":"crossref","unstructured":"M. Liskov, R.L. Rivest, D. Wagner, Tweakable block ciphers. J. Cryptol., 24(3), 588\u2013613, (2011)","DOI":"10.1007\/s00145-010-9073-y"},{"key":"9285_CR19","doi-asserted-by":"crossref","unstructured":"M. Matsui, Linear cryptanalysis method for DES cipher, in T. Helleseth, editor, EUROCRYPT. LNCS, vol. 765 (Springer, 1993), pp. 386\u2013397","DOI":"10.1007\/3-540-48285-7_33"},{"key":"9285_CR20","doi-asserted-by":"crossref","unstructured":"S. Moriai, T. Shimoyama, T. Kaneko, Higher order differential attak of CAST cipher, in S. Vaudenay, editor, FSE. LNCS, vol. 1372 (Springer, 1998), pp. 17\u201331","DOI":"10.1007\/3-540-69710-1_2"},{"key":"9285_CR21","unstructured":"National Bureau of Standards, Data Encryption Standard (DES), (1977). Federal Information Processing Standards Publication 46"},{"key":"9285_CR22","unstructured":"M. \u00d6zen, M. \u00c7oban, F. Karako\u00e7, A guess-and-determine attack on reduced-round Khudra and weak keys of full cipher. IACR Cryptol. ePrint Arch., 2015, 1163, (2015)."},{"key":"9285_CR23","unstructured":"U.S. Department of Commerce\/National Institute of Standards and Technology, Specification for the Advanced Encryption Standard (AES), (2001). Federal Information Processing Standards Publication 197"},{"key":"9285_CR24","doi-asserted-by":"crossref","unstructured":"T. Van Le, R. Sparr, R. Wernsdorf, Y. Desmedt, Complementation-like and cyclic properties of AES round functions, in H. Dobbertin, V. Rijmen, A. Sowa, editors, AES Conference. LNCS, vol. 3373 (Springer, 2004), pp. 128\u2013141","DOI":"10.1007\/11506447_11"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-018-9285-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-018-9285-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-018-9285-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,17]],"date-time":"2022-08-17T20:50:26Z","timestamp":1660769426000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-018-9285-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,4,2]]},"references-count":24,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2019,10]]}},"alternative-id":["9285"],"URL":"https:\/\/doi.org\/10.1007\/s00145-018-9285-0","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,4,2]]},"assertion":[{"value":"15 June 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 February 2018","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 April 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}