{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T00:13:16Z","timestamp":1769299996786,"version":"3.49.0"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2018,11,12]],"date-time":"2018-11-12T00:00:00Z","timestamp":1541980800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100002666","name":"Aalto University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100002666","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2019,1]]},"DOI":"10.1007\/s00145-018-9308-x","type":"journal-article","created":{"date-parts":[[2018,11,12]],"date-time":"2018-11-12T10:49:52Z","timestamp":1542019792000},"page":"1-34","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Multidimensional Linear Cryptanalysis"],"prefix":"10.1007","volume":"32","author":[{"given":"Miia","family":"Hermelin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joo Yeon","family":"Cho","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kaisa","family":"Nyberg","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,11,12]]},"reference":[{"key":"9308_CR1","doi-asserted-by":"crossref","unstructured":"T. Baign\u00e8res, P. Junod, S. Vaudenay, How far can we go beyond linear cryptanalysis? in P.J. Lee, editor, Advances in Cryptology\u2014ASIACRYPT\u201904, LNCS, vol. 3329 (Springer, Berlin, 2004), pp. 432\u2013450","DOI":"10.1007\/978-3-540-30539-2_31"},{"key":"9308_CR2","doi-asserted-by":"crossref","unstructured":"T. Baign\u00e8res, S. Vaudenay, The complexity of distinguishing distributions (invited talk), in R. Safavi-Naini, editor, Information Theoretic Security. LNCS, vol. 5155 (Springer, Berlin, 2008), pp. 210\u2013222","DOI":"10.1007\/978-3-540-85093-9_20"},{"key":"9308_CR3","doi-asserted-by":"crossref","unstructured":"E. Biham, R. Anderson, L. Knudsen, Serpent: a new block cipher proposal, in S. Vaudenay, editor, Fast Software Encryption. LNCS, vol. 1372 (Springer, Berlin, 1998), pp. 222\u2013238","DOI":"10.1007\/3-540-69710-1_15"},{"key":"9308_CR4","doi-asserted-by":"crossref","unstructured":"A. Biryukov, C. De Canni\u00e8re, M. Quisquater, On multiple linear approximations, in M. Franklin, editor, Advances in Cryptology\u2014CRYPTO\u201904. LNCS, vol. 3152 (Springer, Berlin, 2004), pp. 1\u201322","DOI":"10.1007\/978-3-540-28628-8_1"},{"key":"9308_CR5","doi-asserted-by":"crossref","unstructured":"C. Blondeau, K. Nyberg, Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities, in P.Q. Nguyen, E. Oswald, editors., Advances in Cryptology\u2014EUROCRYPT 2014. LNCS, vol. 8441 (Springer, Berlin 2014), pp. 165\u2013182","DOI":"10.1007\/978-3-642-55220-5_10"},{"issue":"1\u2014-2","key":"9308_CR6","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/s10623-016-0268-6","volume":"82","author":"C Blondeau","year":"2017","unstructured":"C. Blondeau, K. Nyberg, Joint data and key distribution of simple, multiple, and multidimensional linear cryptanalysis test statistic and its impact to data complexity. Des. Codes Cryptogr., 82(1\u20132):319\u2013349, 2017.","journal-title":"Des. Codes Cryptogr."},{"key":"9308_CR7","doi-asserted-by":"crossref","unstructured":"A. Bogdanov, G. Leander, K. Nyberg, M. Wang, Integral and multidimensional linear distinguishers with correlation zero, in X. Wang, K. Sako, editors, Advances in Cryptology\u2014ASIACRYPT 2012. LNCS, vol. 7658 (Springer, Berlin, 2012), pp. 244\u2013261","DOI":"10.1007\/978-3-642-34961-4_16"},{"key":"9308_CR8","doi-asserted-by":"crossref","unstructured":"A. Bogdanov, E. Tischhauser, On the wrong key randomisation and key equivalence hypotheses in Matsui\u2019s Algorithm 2, in S. Moriai, editor, Fast Software Encryption\u201420th International Workshop, FSE 2013, LNCS, vol. 8424 (Springer, Berlin, 2013), pp. 19\u201338","DOI":"10.1007\/978-3-662-43933-3_2"},{"key":"9308_CR9","doi-asserted-by":"crossref","unstructured":"J.Y. Cho. Linear cryptanalysis of reduced-round PRESENT, in Pieprzyk [31] (pp. 302\u2013317).","DOI":"10.1007\/978-3-642-11925-5_21"},{"key":"9308_CR10","unstructured":"B.\u00a0Collard, F.-X. Standaert, J.-J. Quisquater, Experiments on the multiple linear cryptanalysis of reduced round Serpent, in K. Nyberg, editor, Fast Software Encryption. LNCS, vol. 5086 (Springer, Berlin, 2008), pp. 382\u2013397."},{"key":"9308_CR11","unstructured":"T.M. Cover, J.A. Thomas, Elements of Information Theory. Wiley Series in Telecommunications and Signal Processing, 2nd edn (Wiley-Interscience, 2006)."},{"issue":"4","key":"9308_CR12","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1112\/jlms\/s1-11.4.290","volume":"s1\u2014-11","author":"H Cram\u00e9r","year":"1936","unstructured":"H.\u00a0Cram\u00e9r and H.\u00a0Wold. Some theorems on distribution functions. J. Lond. Math. Soc., s1\u201311(4):290\u2013295, 1936.","journal-title":"J. Lond. Math. Soc."},{"key":"9308_CR13","unstructured":"H. Cram\u00e9r. Mathematical Methods of Statistics. Princeton Mathematical Series, 7th edn (Princeton University Press, 1957)."},{"key":"9308_CR14","unstructured":"H.A. David, Order Statistics. A Wiley Publication in Applied Statistics. 1 edn, (Wiley, New York, 1970)."},{"issue":"405","key":"9308_CR15","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1080\/01621459.1989.10478748","volume":"84","author":"FC Drost","year":"1989","unstructured":"F.C. Drost, W.C.M. Kallenberg, D.S.Moore, J.Oosterhoff, Power approximations to multinomial tests of fit. J. the Am. Stat. Assoc., 84(405):130\u2013141 (1989).","journal-title":"J. Am. Stat. Assoc."},{"key":"9308_CR16","doi-asserted-by":"crossref","unstructured":"H.\u00a0Englund, A.\u00a0Maximov, Attack the Dragon, in S. Maitra, C.E.\u00a0Veni Madhavan, editors, Progress in Cryptology\u2014INDOCRYPT\u201905. LNCS, vol. 3797 (Springer, Berlin, 2005), pp. 130\u2013142","DOI":"10.1007\/11596219_11"},{"key":"9308_CR17","doi-asserted-by":"crossref","unstructured":"C. Harpes, G.G. Kramer, J.L. Massey, A generalization of linear cryptanalysis and the applicability of Matsui\u2019s Piling-up lemma, in L.C. Guillou, J.-J. Quisquater, editors, Advances in Cryptology\u2014EUROCRYPT\u201995, LNCS, vol. 921 (Springer, Berlin, 1995), pp. 24\u201338","DOI":"10.1007\/3-540-49264-X_3"},{"key":"9308_CR18","unstructured":"M. Hermelin, K. Nyberg, Multidimensional linear distinguishing attacks and Boolean functions, in Fourth International Workshop on Boolean Functions: Cryptography and Applications (2008)."},{"key":"9308_CR19","doi-asserted-by":"crossref","unstructured":"M. Hermelin, K. Nyberg, Dependent linear approximations: the algorithm of Biryukov and others revisited, in Pieprzyk [31], pp. 318\u2013333.","DOI":"10.1007\/978-3-642-11925-5_22"},{"key":"9308_CR20","doi-asserted-by":"crossref","unstructured":"M. Hermelin, K. Nyberg, J.Y. Cho, Multidimensional linear cryptanalysis of reduced round Serpent. in J.\u00a0Seberry Y.\u00a0Mu, W.\u00a0Susilo, editor, Information Security and Privacy, LNCS, vol. 5107 (Springer, Berlin, 2008), pp. 203\u2013215","DOI":"10.1007\/978-3-540-70500-0_15"},{"key":"9308_CR21","doi-asserted-by":"crossref","unstructured":"J. Huang, S. Vaudenay, X. Lai, K. Nyberg, Capacity and data complexity in multidimensional linear attack, in R. Gennaro, M. Robshaw, editors, Advances in Cryptology\u2014CRYPTO 2015\u2014Part I. LNCS, vol. 9215 (Springer, Berlin, 2015), pp. 141\u2013160","DOI":"10.1007\/978-3-662-47989-6_7"},{"key":"9308_CR22","doi-asserted-by":"crossref","unstructured":"P.\u00a0Junod, S.\u00a0Vaudenay, Optimal key ranking procedures in a statistical cryptanalysis, in T. Johansson, editor, Fast Software Encryption. LNCS, vol. 2887 (Springer, Berlin, 2003), pp. 235\u2013246","DOI":"10.1007\/978-3-540-39887-5_18"},{"key":"9308_CR23","doi-asserted-by":"crossref","unstructured":"P. Junod, On the complexity of Matsui\u2019s attack, in S. Vaudenay, A.M. Youssef, editors, Selected Areas in Cryptography. LNCS, vol. 2259 (Springer, Berlin, 2001), pp. 199\u2013211","DOI":"10.1007\/3-540-45537-X_16"},{"key":"9308_CR24","doi-asserted-by":"crossref","unstructured":"P. Junod, On the optimality of linear, differential and sequential distingishers, in E.\u00a0Biham, editor, Advances in Cryptology\u2014EUROCRYPT 2003. LNCS, vol. 2656 (Springer, Berlin, 2003), pp. 17\u201332","DOI":"10.1007\/3-540-39200-9_2"},{"key":"9308_CR25","doi-asserted-by":"crossref","unstructured":"B.S.\u00a0Kaliski Jr., M.J.B. Robshaw, Linear cryptanalysis using multiple approximations, in Y.G. Desmedt, editor, Advances in Cryptology\u2014CRYPTO\u201994. LNCS, vol. 839 (Springer, Berlin, 1994), pp. 26\u201339","DOI":"10.1007\/3-540-48658-5_4"},{"key":"9308_CR26","doi-asserted-by":"crossref","unstructured":"M. Matsui, The first experimental cryptanalysis of the Data Encryption Standard, in Y.G. Desmedt, editor, Advances in Cryptology\u2014CRYPTO\u201994. LNCS, vol. 839 (Springer, Berlin, 1994), pp. 1\u201311","DOI":"10.1007\/3-540-48658-5_1"},{"key":"9308_CR27","doi-asserted-by":"crossref","unstructured":"M. Matsui, Linear cryptanalysis method for DES cipher. in T. Helleseth, editor, Advances in Cryptology\u2014EUROCRYPT\u201993. LNCS, vol. 765 (Springer, Berlin, 1994), pp. 386\u2013397","DOI":"10.1007\/3-540-48285-7_33"},{"key":"9308_CR28","unstructured":"A. Maximov, T. Johansson, Fast computation of large distributions and its cryptographic applications, in B. Roy, editor Advances in Cryptology\u2014ASIACRYPT. LNCS, vol. 3788 (Springer, Berlin, 2005), pp. 313\u2013332."},{"issue":"12","key":"9308_CR29","doi-asserted-by":"publisher","first-page":"5510","DOI":"10.1109\/TIT.2006.885528","volume":"52","author":"S Murphy","year":"2006","unstructured":"S.\u00a0Murphy, The independence of linear approximations in symmetric cryptology. IEEE Trans. Inf. Theory, 52(12):5510\u20135518 (2006)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9308_CR30","first-page":"1","volume":"8","author":"K Nyberg","year":"2018","unstructured":"K. Nyberg, Affine linear cryptanalysis, in Cryptography and Communications, 8 (2018), pp. 1\u201311.","journal-title":"Cryptogr. Commun."},{"key":"9308_CR31","doi-asserted-by":"crossref","unstructured":"J. Pieprzyk, (ed), Topics in Cryptology\u2014CT-RSA 2010, LNCS. vol. 5985 (Springer, Berlin, 2010).","DOI":"10.1007\/978-3-642-11925-5"},{"key":"9308_CR32","volume-title":"Beta Mathematics Handbook","author":"L R\u00e5de","year":"1992","unstructured":"L. R\u00e5de, B. Westergren, Beta Mathematics Handbook, 2nd edn. (CRC Press, Boca Raton, 1992)","edition":"2"},{"issue":"1","key":"9308_CR33","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1007\/s00145-007-9013-7","volume":"21","author":"AA Sel\u00e7uk","year":"2008","unstructured":"A.A. Sel\u00e7uk, On probability of success in linear and differential cryptanalysis. J. Cryptol., 21(1):131\u2013147 (2008)","journal-title":"J. Cryptol."},{"key":"9308_CR34","doi-asserted-by":"crossref","unstructured":"S. Vaudenay, An experiment on DES statistical cryptanalysis, in CCS\u201996: Proceedings of the 3rd ACM Conference on Computer and Communications Security, New York, NY, USA (1996), pp. 139\u2013147 ACM.","DOI":"10.1145\/238168.238206"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-018-9308-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-018-9308-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-018-9308-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,11]],"date-time":"2019-11-11T19:21:29Z","timestamp":1573500089000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-018-9308-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,11,12]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2019,1]]}},"alternative-id":["9308"],"URL":"https:\/\/doi.org\/10.1007\/s00145-018-9308-x","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,11,12]]},"assertion":[{"value":"27 May 2009","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 November 2018","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}