{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T04:42:06Z","timestamp":1769316126116,"version":"3.49.0"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2021,5,20]],"date-time":"2021-05-20T00:00:00Z","timestamp":1621468800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,5,20]],"date-time":"2021-05-20T00:00:00Z","timestamp":1621468800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2021,7]]},"DOI":"10.1007\/s00145-021-09383-2","type":"journal-article","created":{"date-parts":[[2021,6,21]],"date-time":"2021-06-21T21:04:10Z","timestamp":1624309450000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["Modeling for Three-Subset Division Property without Unknown Subset"],"prefix":"10.1007","volume":"34","author":[{"given":"Yonglin","family":"Hao","sequence":"first","affiliation":[]},{"given":"Gregor","family":"Leander","sequence":"additional","affiliation":[]},{"given":"Willi","family":"Meier","sequence":"additional","affiliation":[]},{"given":"Yosuke","family":"Todo","sequence":"additional","affiliation":[]},{"given":"Qingju","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,5,20]]},"reference":[{"key":"9383_CR1","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, D. Wagner, Integral cryptanalysis, in Daemen, J., Rijmen, V., eds.: FSE\u00a02002. Volume 2365 of LNCS (Springer, Heidelberg, 2002), pp. 112\u2013127","DOI":"10.1007\/3-540-45661-9_9"},{"key":"9383_CR2","doi-asserted-by":"crossref","unstructured":"J. Daemen, L.R. Knudsen, V. Rijmen, The block cipher Square, in Biham, E., ed.: FSE\u201997. Volume 1267 of LNCS (Springer, Heidelberg, 1997), pp. 149\u2013165","DOI":"10.1007\/BFb0052343"},{"key":"9383_CR3","doi-asserted-by":"crossref","unstructured":"X. Lai, Higher order derivatives and differential cryptanalysis, in Communications and Cryptography. Volume 276 of The Springer International Series in Engineering and Computer Science (Springer, 1994), pp. 227\u2013233","DOI":"10.1007\/978-1-4615-2694-0_23"},{"key":"9383_CR4","doi-asserted-by":"crossref","unstructured":"Y. Todo, Structural evaluation by generalized integral property, in Oswald, E., Fischlin, M., eds.: EUROCRYPT\u00a02015, Part\u00a0I. Volume 9056 of LNCS (Springer, Heidelberg, 2015), pp. 287\u2013314","DOI":"10.1007\/978-3-662-46800-5_12"},{"key":"9383_CR5","doi-asserted-by":"crossref","unstructured":"Y. Todo, Integral cryptanalysis on full MISTY1, in Gennaro, R., Robshaw, M.J.B., eds.: CRYPTO\u00a02015, Part\u00a0I. Volume 9215 of LNCS (Springer, Heidelberg, 2015), pp. 413\u2013432","DOI":"10.1007\/978-3-662-47989-6_20"},{"key":"9383_CR6","doi-asserted-by":"crossref","unstructured":"Y. Sasaki, Y. Todo, New differential bounds and division property of Lilliput: Block cipher with extended generalized Feistel network, in Avanzi, R., Heys, H.M., eds.: SAC 2016. Volume 10532 of LNCS. (Springer, Heidelberg, 2016), pp. 264\u2013283","DOI":"10.1007\/978-3-319-69453-5_15"},{"key":"9383_CR7","doi-asserted-by":"crossref","unstructured":"Y. Todo, M. Morii, Bit-based division property and application to simon family, in Peyrin, T., ed.: FSE\u00a02016. Volume 9783 of LNCS (Springer, Heidelberg, 2016), pp. 357\u2013377","DOI":"10.1007\/978-3-662-52993-5_18"},{"key":"9383_CR8","doi-asserted-by":"crossref","unstructured":"N. Sugio, Y. Igarashi, T. Kaneko, K. Higuchi, New integral characteristics of KASUMI derived by division property, in Choi, D., Guilley, S., eds.: WISA 16. Volume 10144 of LNCS (Springer, Heidelberg, 2016), pp. 267\u2013279","DOI":"10.1007\/978-3-319-56549-1_23"},{"key":"9383_CR9","doi-asserted-by":"crossref","unstructured":"Z. Xiang, W. Zhang, Z. Bao, D. Lin, Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers, in Cheon, J.H., Takagi, T., eds.: ASIACRYPT\u00a02016, Part\u00a0I. Volume 10031 of LNCS (Springer, Heidelberg, 2016), pp. 648\u2013678","DOI":"10.1007\/978-3-662-53887-6_24"},{"key":"9383_CR10","doi-asserted-by":"crossref","unstructured":"L. Sun, W. Wang, M. Wang, Automatic search of bit-based division property for ARX ciphers and word-based division property, in Takagi, T., Peyrin, T., eds.: ASIACRYPT\u00a02017, Part\u00a0I. Volume 10624 of LNCS (Springer, Heidelberg, 2017), pp. 128\u2013157","DOI":"10.1007\/978-3-319-70694-8_5"},{"key":"9383_CR11","doi-asserted-by":"crossref","unstructured":"Y. Todo, T. Isobe, Y. Hao, W. Meier, Cube attacks on non-blackbox polynomials based on division property, in Katz, J., Shacham, H., eds.: CRYPTO\u00a02017, Part\u00a0III. Volume 10403 of LNCS (Springer, Heidelberg, 2017), pp. 250\u2013279","DOI":"10.1007\/978-3-319-63697-9_9"},{"key":"9383_CR12","doi-asserted-by":"crossref","unstructured":"Q. Wang, Y. Hao, Y. Todo, C. Li, T. Isobe, W. Meier, Improved division property based cube attacks exploiting algebraic properties of superpoly, in Shacham, H., Boldyreva, A., eds.: CRYPTO\u00a02018, Part\u00a0I. Volume 10991 of LNCS (Springer, Heidelberg, 2018), pp. 275\u2013305","DOI":"10.1007\/978-3-319-96884-1_10"},{"key":"9383_CR13","doi-asserted-by":"crossref","unstructured":"D.J. Bernstein, S. K\u00f6lbl, S. Lucks, P.M.C. Massolino, F. Mendel, K. Nawaz, T. Schneider, P. Schwabe, F.X. Standaert, Y. Todo, B. Viguier, Gimli : A cross-platform permutation, in Fischer, W., Homma, N., eds.: CHES\u00a02017. Volume 10529 of LNCS (Springer, Heidelberg, 2017), pp. 299\u2013320","DOI":"10.1007\/978-3-319-66787-4_15"},{"key":"9383_CR14","doi-asserted-by":"crossref","unstructured":"S. Banik, S.K. Pandey, T. Peyrin, Y. Sasaki, S.M. Sim, Y. Todo, GIFT: A small present - towards reaching the limit of lightweight encryption, in Fischer, W., Homma, N., eds.: CHES\u00a02017. Volume 10529 of LNCS (Springer, Heidelberg, 2017), pp. 321\u2013345","DOI":"10.1007\/978-3-319-66787-4_16"},{"key":"9383_CR15","doi-asserted-by":"crossref","unstructured":"Q. Wang, Z. Liu, K. Varici, Y. Sasaki, V. Rijmen, Y. Todo, Cryptanalysis of reduced-round SIMON32 and SIMON48, in Meier, W., Mukhopadhyay, D., eds.: INDOCRYPT\u00a02014. Volume 8885 of LNCS (Sringer, Heidelberg, 2014), pp. 143\u2013160","DOI":"10.1007\/978-3-319-13039-2_9"},{"key":"9383_CR16","doi-asserted-by":"crossref","unstructured":"K. Hu, M. Wang, Automatic search for a variant of division property using three subsets, in Matsui, M., ed.: CT-RSA\u00a02019. Volume 11405 of LNCS (Springer, Heidelberg, 2019), pp. 412\u2013432","DOI":"10.1007\/978-3-030-12612-4_21"},{"key":"9383_CR17","doi-asserted-by":"crossref","unstructured":"S. Wang, B. Hu, J. Guan, K. Zhang, T. Shi, MILP-aided method of searching division property using three subsets and applications, in Galbraith, S.D., Moriai, S., eds.: ASIACRYPT\u00a02019, Part\u00a0III. Volume 11923 of LNCS (Springer, Heidelberg, 2019), pp. 398\u2013427","DOI":"10.1007\/978-3-030-34618-8_14"},{"key":"9383_CR18","doi-asserted-by":"crossref","unstructured":"I. Dinur, A. Shamir, Cube attacks on tweakable black box polynomials, in Joux, A., ed.: EUROCRYPT\u00a02009. Volume 5479 of LNCS (Springer, Heidelberg, 2009), pp. 278\u2013299","DOI":"10.1007\/978-3-642-01001-9_16"},{"issue":"3","key":"9383_CR19","doi-asserted-by":"publisher","first-page":"81","DOI":"10.46586\/tosc.v2019.i3.81-102","volume":"2019","author":"CD Ye","year":"2019","unstructured":"C.D. Ye, T. Tian, Revisit division property based cube attacks: Key-recovery or distinguishing attacks? IACR Trans. Symm. Cryptol. 2019(3) (2019) 81\u2013102","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"9383_CR20","doi-asserted-by":"crossref","unstructured":"X. Fu, X. Wang, X. Dong, W. Meier, A key-recovery attack on 855-round Trivium, in Shacham, H., Boldyreva, A., eds.: CRYPTO\u00a02018, Part\u00a0II. Volume 10992 of LNCS (Springer, Heidelberg, 2018), pp. 160\u2013184","DOI":"10.1007\/978-3-319-96881-0_6"},{"key":"9383_CR21","doi-asserted-by":"crossref","unstructured":"J. Yang, M. Liu, D. Lin, Cube cryptanalysis of round-reduced ACORN, in Lin, Z., Papamanthou, C., Polychronakis, M., eds.: ISC\u00a02019. Volume 11723 of LNCS (Springer, Heidelberg, 2019), pp. 44\u201364","DOI":"10.1007\/978-3-030-30215-3_3"},{"key":"9383_CR22","doi-asserted-by":"crossref","unstructured":"Y. Hao, G. Leander, W. Meier, Y. Todo, Q. Wang, Modeling for three-subset division property without unknown subset - improved cube attacks against Trivium and Grain-128AEAD, in Canteaut, A., Ishai, Y., eds.: EUROCRYPT\u00a02020, Part\u00a0I. Volume 12105 of LNCS (Springer, Heidelberg, 2020), pp. 466\u2013495","DOI":"10.1007\/978-3-030-45721-1_17"},{"issue":"5","key":"9383_CR23","doi-asserted-by":"publisher","first-page":"959","DOI":"10.1007\/s12095-018-0294-5","volume":"10","author":"M Hamann","year":"2018","unstructured":"M. Hamann, M. Krause, On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks. Cryptogr. Commun. 10(5) (2018) 959\u20131012","journal-title":"Cryptogr. Commun."},{"key":"9383_CR24","doi-asserted-by":"crossref","unstructured":"Y. Todo, T. Isobe, W. Meier, K. Aoki, B. Zhang, Fast correlation attack revisited - cryptanalysis on full Grain-128a, Grain-128, and Grain-v1. In Shacham, H., Boldyreva, A., eds.: CRYPTO\u00a02018, Part\u00a0II. Volume 10992 of LNCS (Springer, Heidelberg, 2018), pp. 129\u2013159","DOI":"10.1007\/978-3-319-96881-0_5"},{"key":"9383_CR25","unstructured":"H. Wu, Acorn v3. Submission to CAESAR competition (2016) https:\/\/competitions.cr.yp.to\/round3\/acornv3.pdf."},{"key":"9383_CR26","doi-asserted-by":"crossref","unstructured":"A. Canteaut, S. Carpov, C. Fontaine, T. Lepoint, M. Naya-Plasencia, P. Paillier, R. Sirdey, Stream ciphers: a practical solution for efficient homomorphic-ciphertext compression. In Peyrin, T., ed.: FSE\u00a02016. Volume 9783 of LNCS (Springer, Heidelberg, 2016), pp. 313\u2013333","DOI":"10.1007\/978-3-662-52993-5_16"},{"issue":"1","key":"9383_CR27","doi-asserted-by":"publisher","first-page":"363","DOI":"10.46586\/tosc.v2020.i1.363-395","volume":"2020","author":"Y Hao","year":"2020","unstructured":"Y. Hao, L. Jiao, C. Li, W. Meier, Y. Todo, Q. Wang, Links between division property and other cube attack variants. IACR Trans. Symm. Cryptol. 2020(1) (2020) 363\u2013395","journal-title":"IACR Trans. Symm. Cryptol."},{"key":"9383_CR28","unstructured":"Y. Todo, M. Morii, Bit-based division property and application to Simon family. Cryptology ePrint Archive, Report 2016\/285 (2016) http:\/\/eprint.iacr.org\/2016\/285."},{"key":"9383_CR29","unstructured":"G.O. Inc., Gurobi optimizer 6.5. Official webpage, http:\/\/www.gurobi.com\/ (2015)"},{"key":"9383_CR30","doi-asserted-by":"crossref","unstructured":"P. Hebborn, B. Lambin, B., Leander, G., Todo, Y.: Lower bounds on the degree of block ciphers, in ASIACRYPT\u00a02020, Part\u00a0I. LNCS (Springer, Heidelberg, 2020), pp. 537\u2013566","DOI":"10.1007\/978-3-030-64837-4_18"},{"key":"9383_CR31","doi-asserted-by":"crossref","unstructured":"C. Boura, A. Canteaut, Another view of the division property. In Robshaw, M., Katz, J., eds.: CRYPTO\u00a02016, Part\u00a0I. Volume 9814 of LNCS (Springer, Heidelberg, 2016), pp. 654\u2013682","DOI":"10.1007\/978-3-662-53018-4_24"},{"key":"9383_CR32","unstructured":"C.D. Canni\u00e8re, B. Preneel, Trivium specifications (2006) eSTREAM portfolio, Profile 2 (HW)."},{"key":"9383_CR33","unstructured":"Y. Hao, L. Jiao, C. Li, W. Meier, Y. Todo, Q. Wang, Observations on the dynamic cube attack of 855-round TRIVIUM from Crypto\u201918. Cryptology ePrint Archive, Report 2018\/972 (2018) https:\/\/eprint.iacr.org\/2018\/972."},{"key":"9383_CR34","doi-asserted-by":"crossref","unstructured":"X. Fu, X. Wang, X. Dong, W. Meier, Y. Hao, B. Zhao, A refinement of \u201ca key-recovery attack on 855-round Trivium\" from crypto 2018. Cryptology ePrint Archive, Report 2018\/999 (2018) https:\/\/eprint.iacr.org\/2018\/999.","DOI":"10.1007\/978-3-319-96881-0_6"},{"key":"9383_CR35","unstructured":"M. Hell, T. Johansson, W. Meier, J. S\u00f6nnerup, H. Yoshida, Grain-128AEAD: a lightweight AEAD stream cipher (2019) Lightweight Cryptography (LWC) Standardization."},{"issue":"1","key":"9383_CR36","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1504\/IJWMC.2011.044106","volume":"5","author":"M \u00c5gren","year":"2011","unstructured":"M. \u00c5gren, M. Hell, T. Johansson, W. Meier, Grain-128a: a new version of Grain-128 with optional authentication. IJWMC 5(1), 48\u201359 (2011)","journal-title":"IJWMC"},{"key":"9383_CR37","unstructured":"CAESAR: Competition for authenticated encryption: security, applicability, and robustness (2014) https:\/\/competitions.cr.yp.to\/caesar.html."}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-021-09383-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00145-021-09383-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-021-09383-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,17]],"date-time":"2021-08-17T19:09:34Z","timestamp":1629227374000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00145-021-09383-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,20]]},"references-count":37,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2021,7]]}},"alternative-id":["9383"],"URL":"https:\/\/doi.org\/10.1007\/s00145-021-09383-2","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,5,20]]},"assertion":[{"value":"9 September 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 March 2021","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 March 2021","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 May 2021","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"22"}}