{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,9,29]],"date-time":"2022-09-29T04:41:18Z","timestamp":1664426478308},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2019,9,13]],"date-time":"2019-09-13T00:00:00Z","timestamp":1568332800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,9,13]],"date-time":"2019-09-13T00:00:00Z","timestamp":1568332800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2020,7]]},"DOI":"10.1007\/s00145-019-09332-0","type":"journal-article","created":{"date-parts":[[2019,9,13]],"date-time":"2019-09-13T19:10:41Z","timestamp":1568401841000},"page":"874-909","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Cryptanalytic Time\u2013Memory\u2013Data Trade-offs for FX-Constructions and the Affine Equivalence Problem"],"prefix":"10.1007","volume":"33","author":[{"given":"Itai","family":"Dinur","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,9,13]]},"reference":[{"key":"9332_CR1","doi-asserted-by":"crossref","unstructured":"M.R. Albrecht, B.\u00a0Driessen, E.B. Kavun, G.\u00a0Leander, C.\u00a0Paar, T.\u00a0Yal\u00e7in, Block ciphers\u2014focus on the linear layer (feat. PRIDE), in J.A. Garay, R.\u00a0Gennaro, editors, Advances in Cryptology\u2014CRYPTO 2014\u201434th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17\u201321, 2014, Proceedings, Part I. Lecture Notes in Computer Science, vol. 8616 (Springer, 2014), pp. 57\u201376","DOI":"10.1007\/978-3-662-44371-2_4"},{"key":"9332_CR2","doi-asserted-by":"crossref","unstructured":"E.\u00a0Barkan, E.\u00a0Biham, A.\u00a0Shamir, Rigorous bounds on cryptanalytic time\/memory tradeoffs, in C.\u00a0Dwork, editor, CRYPTO. Lecture Notes in Computer Science, vol. 4117 (Springer, 2006), pp. 1\u201321","DOI":"10.1007\/11818175_1"},{"key":"9332_CR3","doi-asserted-by":"crossref","unstructured":"C.\u00a0Beierle, J.\u00a0Jean, S.\u00a0K\u00f6lbl, G.\u00a0Leander, A.\u00a0Moradi, T.\u00a0Peyrin, Y.\u00a0Sasaki, P.\u00a0Sasdrich, S.M. Sim, The SKINNY family of block ciphers and its low-latency variant MANTIS, in M.\u00a0Robshaw, J.\u00a0Katz, editors, Advances in Cryptology\u2014CRYPTO 2016\u201436th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14\u201318, 2016, Proceedings, Part II. Lecture Notes in Computer Science, vol. 9815 (Springer, 2016), pp. 123\u2013153","DOI":"10.1007\/978-3-662-53008-5_5"},{"key":"9332_CR4","doi-asserted-by":"crossref","unstructured":"A.\u00a0Biryukov, C.D. Canni\u00e8re, A.\u00a0Braeken, B.\u00a0Preneel, A toolbox for cryptanalysis: linear and affine equivalence algorithms, in E.\u00a0Biham, editor, Advances in Cryptology\u2014EUROCRYPT 2003, International Conference on the Theory and Applications of Cryptographic Techniques, Warsaw, Poland, May 4\u20138, 2003, Proceedings. Lecture Notes in Computer Science, vol. 2656 (Springer, 2003), pp. 33\u201350","DOI":"10.1007\/3-540-39200-9_3"},{"key":"9332_CR5","doi-asserted-by":"crossref","unstructured":"A.\u00a0Biryukov, A.\u00a0Shamir, Cryptanalytic time\/memory\/data tradeoffs for stream ciphers, in T.\u00a0Okamoto, editor, ASIACRYPT. Lecture Notes in Computer Science, vol. 1976 (Springer, 2000), pp. 1\u201313","DOI":"10.1007\/3-540-44448-3_1"},{"key":"9332_CR6","doi-asserted-by":"crossref","unstructured":"A.\u00a0Biryukov, A.\u00a0Shamir, D.\u00a0Wagner, Real time cryptanalysis of A5\/1 on a PC, in B.\u00a0Schneier, editor, FSE. Lecture Notes in Computer Science, vol. 1978 (Springer, 2000), pp. 1\u201318","DOI":"10.1007\/3-540-44706-7_1"},{"key":"9332_CR7","doi-asserted-by":"crossref","unstructured":"A.\u00a0Biryukov, D.\u00a0Wagner, Advanced slide attacks, in B.\u00a0Preneel, editor, EUROCRYPT. Lecture Notes in Computer Science, vol. 1807 (Springer, 2000), pp. 589\u2013606","DOI":"10.1007\/3-540-45539-6_41"},{"key":"9332_CR8","unstructured":"Bitcoin network graphs. http:\/\/bitcoin.sipa.be\/"},{"key":"9332_CR9","doi-asserted-by":"crossref","unstructured":"J.\u00a0Borghoff, A.\u00a0Canteaut, T.\u00a0G\u00fcneysu, E.B. Kavun, M.\u00a0Knezevic, L.R. Knudsen, G.\u00a0Leander, V.\u00a0Nikov, C.\u00a0Paar, C.\u00a0Rechberger, P.\u00a0Rombouts, S.S. Thomsen, T.\u00a0Yal\u00e7in, PRINCE\u2014a low-latency block cipher for pervasive computing applications\u2014extended abstract, in X.\u00a0Wang, K.\u00a0Sako, editors, ASIACRYPT. Lecture Notes in Computer Science, vol. 7658 (Springer, 2012), pp. 208\u2013225","DOI":"10.1007\/978-3-642-34961-4_14"},{"key":"9332_CR10","unstructured":"J.\u00a0Borst, B.\u00a0Preneel, J.\u00a0Vandewalle, On the time\u2013memory tradeoff between exhaustive key search and table precomputation, in Proceedings of 19th Symposium in Information Theory in the Benelux, WIC (1998), pp. 111\u2013118"},{"issue":"1\u20133","key":"9332_CR11","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/s10623-008-9194-6","volume":"49","author":"M Brinkmann","year":"2008","unstructured":"M.\u00a0Brinkmann, G.\u00a0Leander. On the classification of APN functions up to dimension five. Des. Codes Cryptogr.49(1\u20133), 273\u2013288 (2008)","journal-title":"Des. Codes Cryptogr."},{"key":"9332_CR12","doi-asserted-by":"crossref","unstructured":"A.\u00a0Canteaut, J.\u00a0Rou\u00e9, On the behaviors of affine equivalent sboxes regarding differential and linear attacks, in Oswald, Fischlin [24], pp. 45\u201374","DOI":"10.1007\/978-3-662-46800-5_3"},{"key":"9332_CR13","doi-asserted-by":"crossref","unstructured":"J.\u00a0Daemen, Limitations of the Even\u2013Mansour construction, in ASIACRYPT, pp. 495\u2013498 (1991)","DOI":"10.1007\/3-540-57332-1_46"},{"key":"9332_CR14","doi-asserted-by":"crossref","unstructured":"I.\u00a0Dinur. Cryptanalytic time\u2013memory\u2013data tradeoffs for FX-constructions with applications to PRINCE and PRIDE, in Oswald, Fischlin [24], pp. 231\u2013253","DOI":"10.1007\/978-3-662-46800-5_10"},{"key":"9332_CR15","doi-asserted-by":"crossref","unstructured":"I.\u00a0Dinur, An improved affine equivalence algorithm for random permutations, in J.B. Nielsen, V.\u00a0Rijmen, editors, Advances in Cryptology\u2014EUROCRYPT 2018\u201437th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, April 29\u2013May 3, 2018 Proceedings, Part I. Lecture Notes in Computer Science, vol. 10820 (Springer, 2018), pp. 413\u2013442","DOI":"10.1007\/978-3-319-78381-9_16"},{"key":"9332_CR16","doi-asserted-by":"crossref","unstructured":"O.\u00a0Dunkelman, N.\u00a0Keller, A.\u00a0Shamir, Minimalism in cryptography: the Even\u2013Mansour scheme revisited, in D.\u00a0Pointcheval, T.\u00a0Johansson, editors, EUROCRYPT. Lecture Notes in Computer Science, vol. 7237 (Springer, 2012), pp. 336\u2013354","DOI":"10.1007\/978-3-642-29011-4_21"},{"issue":"3","key":"9332_CR17","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","volume":"10","author":"S Even","year":"1997","unstructured":"S.\u00a0Even, Y.\u00a0Mansour, A construction of a cipher from a single pseudorandom permutation. J. Cryptol., 10(3), 151\u2013162 (1997)","journal-title":"J. Cryptology"},{"key":"9332_CR18","doi-asserted-by":"crossref","unstructured":"P.\u00a0Fouque, A.\u00a0Joux, C.\u00a0Mavromati, Multi-user collisions: applications to discrete logarithm, Even\u2013Mansour and PRINCE, in P.\u00a0Sarkar, T.\u00a0Iwata, editors, Advances in Cryptology\u2014ASIACRYPT 2014\u201420th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7\u201311, 2014. Proceedings, Part I. Lecture Notes in Computer Science, vol. 8873 (Springer, 2014), pp. 420\u2013438","DOI":"10.1007\/978-3-662-45611-8_22"},{"issue":"4","key":"9332_CR19","doi-asserted-by":"publisher","first-page":"401","DOI":"10.1109\/TIT.1980.1056220","volume":"26","author":"ME Hellman","year":"1980","unstructured":"M.E. Hellman, A cryptanalytic time\u2013memory trade-off. IEEE Trans. Inf. Theory, 26(4), 401\u2013406 (1980)","journal-title":"IEEE Transactions on Information Theory"},{"key":"9332_CR20","doi-asserted-by":"crossref","unstructured":"J.\u00a0Kilian, P.\u00a0Rogaway, How to protect DES against exhaustive key search, in N.\u00a0Koblitz, editor, CRYPTO. Lecture Notes in Computer Science, vol. 1109 (Springer, 1996), pp. 252\u2013267","DOI":"10.1007\/3-540-68697-5_20"},{"key":"9332_CR21","unstructured":"G.\u00a0Leander, A.\u00a0Poschmann, On the classification of 4 bit s-boxes, in C.\u00a0Carlet, B.\u00a0Sunar, editors, Arithmetic of Finite Fields, First International Workshop, WAIFI 2007, Madrid, Spain, June 21\u201322, 2007, Proceedings. Lecture Notes in Computer Science, vol. 4547 (Springer, 2007), pp. 159\u2013176"},{"key":"9332_CR22","doi-asserted-by":"crossref","unstructured":"W.\u00a0Michiels, P.\u00a0Gorissen, H.D.L. Hollmann, Cryptanalysis of a generic class of white-box implementations, in R.M. Avanzi, L.\u00a0Keliher, F.\u00a0Sica, editors, Selected Areas in Cryptography, 15th International Workshop, SAC 2008, Sackville, New Brunswick, Canada, August 14\u201315, Revised Selected Papers. Lecture Notes in Computer Science, vol. 5381 (Springer, 2008), pp. 414\u2013428","DOI":"10.1007\/978-3-642-04159-4_27"},{"key":"9332_CR23","unstructured":"N.\u00a0I. of\u00a0Standards and Technology. Recommendation for Key Management\u2014Part 1: General (Revision 3). NIST Special Publication 800\u201357 (2012)"},{"key":"9332_CR24","doi-asserted-by":"crossref","unstructured":"E.\u00a0Oswald, M.\u00a0Fischlin, editors. Advances in Cryptology\u2014EUROCRYPT 2015\u201434th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26\u201330, 2015, Proceedings, Part I. Lecture Notes in Computer Science, vol. 9056 (Springer, 2015)","DOI":"10.1007\/978-3-662-46803-6"},{"key":"9332_CR25","doi-asserted-by":"crossref","unstructured":"J.\u00a0Patarin, Hidden fields equations (HFE) and isomorphisms of polynomials (IP): two new families of asymmetric algorithms, in U.M. Maurer, editor, Advances in Cryptology\u2014EUROCRYPT \u201996, International Conference on the Theory and Application of Cryptographic Techniques, Saragossa, Spain, May 12\u201316, 1996, Proceeding. Lecture Notes in Computer Science, vol. 1070 (Springer, 1996), pp. 33\u201348","DOI":"10.1007\/3-540-68339-9_4"},{"key":"9332_CR26","unstructured":"R.L. Rivest. DESX. Never Published (1984)"},{"key":"9332_CR27","doi-asserted-by":"crossref","unstructured":"F.-X. Standaert, G.\u00a0Rouvroy, J.-J. Quisquater, J.-D. Legat, A time-memory tradeoff using distinguished points: new analysis & FPGA results, in B.S.K. Jr., \u00c7etin Kaya\u00a0Ko\u00e7, C.\u00a0Paar, editors, CHES. Lecture Notes in Computer Science, vol. 2523 (Springer, 2002), pp. 593\u2013609","DOI":"10.1007\/3-540-36400-5_43"},{"issue":"1","key":"9332_CR28","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/PL00003816","volume":"12","author":"PC van Oorschot","year":"1999","unstructured":"P.C. van Oorschot, M.J. Wiener, Parallel collision search with cryptanalytic applications. J. Cryptol, 12(1), 1\u201328 (1999)","journal-title":"J. Cryptol."}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-019-09332-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00145-019-09332-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-019-09332-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,9,28]],"date-time":"2022-09-28T18:32:57Z","timestamp":1664389977000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00145-019-09332-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9,13]]},"references-count":28,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2020,7]]}},"alternative-id":["9332"],"URL":"https:\/\/doi.org\/10.1007\/s00145-019-09332-0","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,9,13]]},"assertion":[{"value":"12 October 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 August 2019","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"13 September 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}