{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T05:09:56Z","timestamp":1772600996205,"version":"3.50.1"},"reference-count":29,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2018,8,21]],"date-time":"2018-08-21T00:00:00Z","timestamp":1534809600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2019,10]]},"DOI":"10.1007\/s00145-018-9303-2","type":"journal-article","created":{"date-parts":[[2018,8,21]],"date-time":"2018-08-21T16:57:09Z","timestamp":1534870629000},"page":"1448-1490","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Efficient Dissection of Bicomposite Problems with Cryptanalytic Applications"],"prefix":"10.1007","volume":"32","author":[{"given":"Itai","family":"Dinur","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Orr","family":"Dunkelman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nathan","family":"Keller","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Adi","family":"Shamir","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,8,21]]},"reference":[{"key":"9303_CR1","doi-asserted-by":"crossref","unstructured":"P. Austrin, P. Kaski, M. Koivisto, J. M\u00e4\u00e4tt\u00e4, Space-time tradeoffs for subset sum: an improved worst case algorithm, in F.V. Fomin, R. Freivalds, M.Z. Kwiatkowska, D. Peleg, (eds.) ICALP (1). Lecture Notes in Computer Science, vol. 7965 (Springer, 2013), pp. 45\u201356","DOI":"10.1007\/978-3-642-39206-1_5"},{"issue":"3","key":"9303_CR2","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1109\/JCN.2016.000043","volume":"18","author":"CH Baek","year":"2016","unstructured":"C.H. Baek, J.H. Cheon, H. Hong, White-box AES implementation revisited. J. Commun. Netw. 18(3), 273\u2013287 (2016)","journal-title":"J. Commun. Netw."},{"key":"9303_CR3","doi-asserted-by":"crossref","unstructured":"A. Bar-On, O. Dunkelman, N. Keller, E. Ronen, A. Shamir, Improved key recovery attacks on AES with practical data and memory complexities, in Accepted to CRYPTO 2018, to appear in Lecture Notes in Computer Science (2018)","DOI":"10.1007\/s00145-019-09336-w"},{"key":"9303_CR4","doi-asserted-by":"crossref","unstructured":"A. Becker, J.S. Coron, A. Joux, Improved generic algorithms for hard knapsacks, in K.G. Paterson, (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 6632 (Springer, 2011), pp. 364\u2013385","DOI":"10.1007\/978-3-642-20465-4_21"},{"key":"9303_CR5","first-page":"1","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"Mihir Bellare","year":"1996","unstructured":"M. Bellare, R. Canetti, H. Krawczyk, Keying Hash functions for message authentication, in Koblitz, pp. 1\u201315"},{"issue":"3","key":"9303_CR6","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/s001459900050","volume":"12","author":"E Biham","year":"1999","unstructured":"E. Biham, Cryptanalysis of triple modes of operation. J. Cryptol. 12(3), 161\u2013184 (1999), https:\/\/doi.org\/10.1007\/s001459900050","journal-title":"J. Cryptol."},{"key":"9303_CR7","doi-asserted-by":"crossref","unstructured":"A. Canteaut, M. Naya-Plasencia, B. Vayssi\u00e8re, Sieve-in-the-middle: improved MITM attacks. In R. Canetti, J.A. Garay, (eds.) Advances in Cryptology\u2014CRYPTO 2013\u201433rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18\u201322, 2013. Proceedings, Part I. Lecture Notes in Computer Science, vol. 8042 (Springer, 2013), pp. 222\u2013240","DOI":"10.1007\/978-3-642-40041-4_13"},{"issue":"6","key":"9303_CR8","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1109\/C-M.1977.217750","volume":"10","author":"W Diffie","year":"1977","unstructured":"W. Diffie, M.E. Hellman, Special feature exhaustive cryptanalysis of the NBS data encryption standard. IEEE Comput. 10(6), 74\u201384 (1977), https:\/\/doi.org\/10.1109\/C-M.1977.217750","journal-title":"IEEE Comput."},{"key":"9303_CR9","doi-asserted-by":"crossref","unstructured":"I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems, in R. Safavi-Naini, R. Canetti, (eds.) CRYPTO. Lecture Notes in Computer Science, vol. 7417 (Springer, 2012), pp. 719\u2013740","DOI":"10.1007\/978-3-642-32009-5_42"},{"issue":"10","key":"9303_CR10","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1145\/2661434","volume":"57","author":"I Dinur","year":"2014","unstructured":"I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Dissection: a new paradigm for solving bicomposite search problems. Commun. ACM 57(10), 98\u2013105 (2014), https:\/\/doi.org\/10.1145\/2661434","journal-title":"Commun. ACM"},{"key":"9303_CR11","first-page":"433","volume-title":"Lecture Notes in Computer Science","author":"Itai Dinur","year":"2015","unstructured":"I. Dinur, O. Dunkelman, N. Keller, A. Shamir, New attacks on Feistel structures with improved memory complexities, in Gennaro and Robshaw, pp. 433\u2013454"},{"key":"9303_CR12","doi-asserted-by":"crossref","unstructured":"I. Dinur, O. Dunkelman, A. Shamir, Improved attacks on full gost, in A. Canteaut, (ed.) FSE. Lecture Notes in Computer Science, vol. 7549 (Springer, 2012), pp. 9\u201328","DOI":"10.1007\/978-3-642-34047-5_2"},{"key":"9303_CR13","doi-asserted-by":"crossref","unstructured":"S. Even, O. Goldreich, On the power of cascade ciphers, in D. Chaum, (ed.) Advances in Cryptology, Proceedings of CRYPTO \u201983, Santa Barbara, California, USA, August 21\u201324, 1983 (Plenum Press, New York, 1983), pp. 43\u201350","DOI":"10.1007\/978-1-4684-4730-9_4"},{"issue":"4","key":"9303_CR14","doi-asserted-by":"publisher","first-page":"401","DOI":"10.1109\/TIT.1980.1056220","volume":"26","author":"ME Hellman","year":"1980","unstructured":"M.E. Hellman, A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 26(4), 401\u2013406 (1980)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9303_CR15","doi-asserted-by":"crossref","unstructured":"N. Howgrave-Graham, A. Joux, New generic algorithms for hard knapsacks, In H. Gilbert, (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 6110 (Springer, 2010), pp. 235\u2013256","DOI":"10.1007\/978-3-642-13190-5_12"},{"key":"9303_CR16","doi-asserted-by":"crossref","unstructured":"T. Isobe, A single-key attack on the full GOST block cipher, in A. Joux, (ed.) Fast Software Encryption\u201418th International Workshop, FSE 2011, Lyngby, Denmark, February 13\u201316, 2011, Revised Selected Papers. Lecture Notes in Computer Science, vol. 6733 (Springer, 2011), pp. 290\u2013305","DOI":"10.1007\/978-3-642-21702-9_17"},{"key":"9303_CR17","doi-asserted-by":"crossref","unstructured":"A. Joux, Multicollisions in iterated Hash functions. Application to cascaded constructions, in M.K. Franklin, (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 3152 (Springer, 2004), pp. 306\u2013316","DOI":"10.1007\/978-3-540-28628-8_19"},{"key":"9303_CR18","unstructured":"P.Kirchner, P. Fouque, Time-memory trade-off for lattice enumeration in a ball, in IACR Cryptology ePrint Archive 2016 222 (2016)"},{"key":"9303_CR19","volume-title":"The Art of Computer Programming, Volume II: Seminumerical Algorithms","author":"DE Knuth","year":"1981","unstructured":"D.E. Knuth, The Art of Computer Programming, Volume II: Seminumerical Algorithms, 2nd Edition. (Addison-Wesley, Reading, 1981)","edition":"2"},{"key":"9303_CR20","first-page":"663","volume-title":"Lecture Notes in Computer Science","author":"Virginie Lallemand","year":"2015","unstructured":"V. Lallemand, M. Naya-Plasencia, Cryptanalysis of Full Sprout, in Gennaro and Robshaw, pp. 663\u2013682"},{"issue":"2","key":"9303_CR21","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/s00145-013-9166-5","volume":"28","author":"M Lamberger","year":"2015","unstructured":"M. Lamberger, F. Mendel, M. Schl\u00e4ffer, C. Rechberger, V. Rijmen, The rebound attack and subspace distinguishers: application to whirlpool. J. Cryptol. 28(2), 257\u2013296 (2015)","journal-title":"J. Cryptol."},{"key":"9303_CR22","doi-asserted-by":"crossref","unstructured":"D. Lokshtanov, J. Nederlof, Saving space by algebraization, in Schulman, L.J. (ed.) Proceedings of the 42nd ACM Symposium on Theory of Computing, STOC 2010, Cambridge, MA, USA, 5\u20138 June 2010 (ACM, 2010), pp. 321\u2013330, https:\/\/doi.org\/10.1145\/1806689.1806735","DOI":"10.1145\/1806689.1806735"},{"key":"9303_CR23","doi-asserted-by":"crossref","unstructured":"S. Lucks, Attacking triple encryption, in S. Vaudenay, (ed.) FSE. Lecture Notes in Computer Science, vol. 1372 (Springer, 1998), pp. 239\u2013253","DOI":"10.1007\/3-540-69710-1_16"},{"key":"9303_CR24","doi-asserted-by":"crossref","unstructured":"F. Mendel, C. Rechberger, M. Schl\u00e4ffer, S.S. Thomsen, The rebound attack: cryptanalysis of reduced Whirlpool and Gr\u00f8stl, in O. Dunkelman, (ed.) Fast Software Encryption, 16th International Workshop, FSE 2009, Leuven, Belgium, February 22\u201325, 2009, Revised Selected Papers. Lecture Notes in Computer Science, vol. 5665 (Springer, 2009), pp. 260\u2013276","DOI":"10.1007\/978-3-642-03317-9_16"},{"issue":"7","key":"9303_CR25","doi-asserted-by":"publisher","first-page":"465","DOI":"10.1145\/358699.358718","volume":"24","author":"RC Merkle","year":"1981","unstructured":"R.C. Merkle, M.E. Hellman, On the security of multiple encryption. Commun. ACM 24(7), 465\u2013467 (1981)","journal-title":"Commun. ACM"},{"key":"9303_CR26","doi-asserted-by":"crossref","unstructured":"M. Naya-Plasencia, How to improve rebound attacks, in P. Rogaway, (ed.) Advances in Cryptology\u2014CRYPTO 2011\u201431st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14\u201318, 2011. Proceedings. Lecture Notes in Computer Science, vol. 6841 (Springer, 2011), pp. 188\u2013205","DOI":"10.1007\/978-3-642-22792-9_11"},{"key":"9303_CR27","doi-asserted-by":"crossref","unstructured":"P.C. van Oorschot, M.J. Wiener, Improving implementable meet-in-the-middle attacks by orders of magnitude, in Koblitz, pp. 229\u2013236","DOI":"10.1007\/3-540-68697-5_18"},{"issue":"3","key":"9303_CR28","doi-asserted-by":"publisher","first-page":"456","DOI":"10.1137\/0210033","volume":"10","author":"R Schroeppel","year":"1981","unstructured":"R. Schroeppel, A. Shamir, $$\\text{ A } \\text{ T }=\\text{ O }(2^{\\text{ n\/2 }}),\\, \\text{ S=O }(2^{\\text{ n\/4 }})$$ A T = O ( 2 n\/2 ) , S=O ( 2 n\/4 ) algorithm for certain NP-complete problems. SIAM J. Comput. 10(3), 456\u2013464 (1981)","journal-title":"SIAM J. Comput."},{"key":"9303_CR29","doi-asserted-by":"crossref","unstructured":"J.R. Wang, Space-efficient randomized algorithms for K-SUM, in A.S. Schulz, D. Wagner, (eds.) Algorithms\u2014ESA 2014\u201422th Annual European Symposium, Wroclaw, Poland, September 8\u201310, 2014. Proceedings. Lecture Notes in Computer Science, vol. 8737 (Springer, 2014), pp. 810\u2013829","DOI":"10.1007\/978-3-662-44777-2_67"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-018-9303-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-018-9303-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-018-9303-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,29]],"date-time":"2022-08-29T22:47:04Z","timestamp":1661813224000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-018-9303-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,21]]},"references-count":29,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2019,10]]}},"alternative-id":["9303"],"URL":"https:\/\/doi.org\/10.1007\/s00145-018-9303-2","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,8,21]]},"assertion":[{"value":"26 November 2017","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 July 2018","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 August 2018","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}