{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T08:52:58Z","timestamp":1765961578409},"reference-count":41,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2022,10,1]],"date-time":"2022-10-01T00:00:00Z","timestamp":1664582400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,10,1]],"date-time":"2022-10-01T00:00:00Z","timestamp":1664582400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Cryptol"],"published-print":{"date-parts":[[2022,10]]},"DOI":"10.1007\/s00145-022-09437-z","type":"journal-article","created":{"date-parts":[[2022,10,12]],"date-time":"2022-10-12T20:25:26Z","timestamp":1665606326000},"update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Improved Differential-Linear Attacks with Applications to ARX Ciphers"],"prefix":"10.1007","volume":"35","author":[{"given":"Christof","family":"Beierle","sequence":"first","affiliation":[]},{"given":"Marek","family":"Broll","sequence":"additional","affiliation":[]},{"given":"Federico","family":"Canale","sequence":"additional","affiliation":[]},{"given":"Nicolas","family":"David","sequence":"additional","affiliation":[]},{"given":"Antonio","family":"Fl\u00f3rez-Guti\u00e9rrez","sequence":"additional","affiliation":[]},{"given":"Gregor","family":"Leander","sequence":"additional","affiliation":[]},{"given":"Mar\u00eda","family":"Naya-Plasencia","sequence":"additional","affiliation":[]},{"given":"Yosuke","family":"Todo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,10,12]]},"reference":[{"key":"9437_CR1","doi-asserted-by":"crossref","unstructured":"C. Beierle, G. Leander, Y. Todo, Improved differential-linear attacks with applications to ARX ciphers, in Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Proceedings, Part III. LNCS, vol. 12172 (Springer, Cham, 2020), pp. 329\u2013358","DOI":"10.1007\/978-3-030-56877-1_12"},{"key":"9437_CR2","unstructured":"M. Broll, F. Canale, N. David, A. Fl\u00f3rez-Guti\u00e9rrez, G. Leander, M. Naya-Plasencia, Y. Todo, Further improving differential-linear attacks: Applications to Chaskey and Serpent. IACR Cryptol. ePrint Arch. 2021, 820 (2021). https:\/\/eprint.iacr.org\/2021\/820"},{"key":"9437_CR3","doi-asserted-by":"crossref","unstructured":"A. Shimizu, S. Miyaguchi, Fast data encipherment algorithm FEAL, in Chaum, D., Price, W.L. (eds.) EUROCRYPT \u201987, Proceedings. LNCS, vol. 304 (Springer, Berlin, Heidelberg, 1987), pp. 267\u2013278","DOI":"10.1007\/3-540-39118-5_24"},{"key":"9437_CR4","doi-asserted-by":"crossref","unstructured":"D.J. Bernstein, The Salsa20 family of stream ciphers, in Robshaw, M.J.B., Billet, O. (eds.) New Stream Cipher Designs - The eSTREAM Finalists. LNCS, vol. 4986 (Springer, Berlin, Heidelberg, 2008), pp. 84\u201397","DOI":"10.1007\/978-3-540-68351-3_8"},{"key":"9437_CR5","unstructured":"D.J. Bernstein, ChaCha, a variant of Salsa20 (2008). http:\/\/cr.yp.to\/chacha.html"},{"key":"9437_CR6","unstructured":"J.-P. Aumasson, L. Henzen, W. Meier, R.C.-W. Phan, SHA-3 proposal Blake. Submission to NIST (2008)"},{"key":"9437_CR7","doi-asserted-by":"crossref","unstructured":"J. Aumasson, S. Neves, Z. Wilcox-O\u2019Hearn, C. Winnerlein, BLAKE2: simpler, smaller, fast as MD5, in Jr., M.J.J., Locasto, M.E., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013, Proceedings. LNCS, vol. 7954 (Springer, Berlin, Heidelberg, 2013), pp. 119\u2013135","DOI":"10.1007\/978-3-642-38980-1_8"},{"key":"9437_CR8","doi-asserted-by":"crossref","unstructured":"D. Dinu, L. Perrin, A. Udovenko, V. Velichkov, J. Gro\u00dfsch\u00e4dl, A. Biryukov, Design strategies for ARX with provable bounds: Sparx and LAX, in Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Proceedings, Part I. LNCS, vol. 10031 (Springer, Berlin, Heidelberg, 2016), pp. 484\u2013513","DOI":"10.1007\/978-3-662-53887-6_18"},{"issue":"S1","key":"9437_CR9","doi-asserted-by":"publisher","first-page":"208","DOI":"10.46586\/tosc.v2020.iS1.208-261","volume":"2020","author":"C Beierle","year":"2020","unstructured":"C. Beierle, A. Biryukov, L.C. dos Santos, J. Gro\u00dfsch\u00e4dl, L. Perrin, A. Udovenko, V. Velichkov, Q. Wang, Lightweight AEAD and hashing using the Sparkle permutation family. IACR Trans. Symmetric Cryptol. 2020(S1), 208\u2013261 (2020)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"9437_CR10","doi-asserted-by":"crossref","unstructured":"N. Mouha, B. Mennink, A.V. Herrewege, D. Watanabe, B. Preneel, I. Verbauwhede, Chaskey: An efficient MAC algorithm for 32-bit microcontrollers, in Joux, A., Youssef, A.M. (eds.) SAC 2014, Revised Selected Papers. LNCS, vol. 8781 (Springer, Cham, 2014), pp. 306\u2013323","DOI":"10.1007\/978-3-319-13051-4_19"},{"key":"9437_CR11","doi-asserted-by":"crossref","unstructured":"L.R. Knudsen, D.A. Wagner, Integral cryptanalysis, in Daemen, J., Rijmen, V. (eds.) FSE 2002, Revised Papers. LNCS, vol. 2365 (Springer, Berlin, Heidelberg, 2002), pp. 112\u2013127","DOI":"10.1007\/3-540-45661-9_9"},{"issue":"4","key":"9437_CR12","doi-asserted-by":"publisher","first-page":"1383","DOI":"10.1007\/s00145-018-9285-0","volume":"32","author":"Y Todo","year":"2019","unstructured":"Y. Todo, G. Leander, Y. Sasaki, Nonlinear invariant attack: Practical attack on full SCREAM, iSCREAM, and Midori64. J. Cryptol. 32(4), 1383\u20131422 (2019)","journal-title":"J. Cryptol."},{"key":"9437_CR13","doi-asserted-by":"crossref","unstructured":"D. Khovratovich, I. Nikolic, Rotational cryptanalysis of ARX, in Hong, S., Iwata, T. (eds.) FSE 2010, Revised Selected Papers. LNCS, vol. 6147 (Springer, Berlin, Heidelberg, 2010), pp. 333\u2013346","DOI":"10.1007\/978-3-642-13858-4_19"},{"issue":"1","key":"9437_CR14","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/BF00630563","volume":"4","author":"E Biham","year":"1991","unstructured":"E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3\u201372 (1991)","journal-title":"J. Cryptol."},{"key":"9437_CR15","doi-asserted-by":"crossref","unstructured":"M. Matsui, Linear cryptanalysis method for DES cipher, in Helleseth, T. (ed.) EUROCRYPT \u201993, Proceedings. LNCS, vol. 765 (Springer, Berlin, Heidelberg, 1993), pp. 386\u2013397","DOI":"10.1007\/3-540-48285-7_33"},{"key":"9437_CR16","doi-asserted-by":"crossref","unstructured":"H. Lipmaa, S. Moriai, Efficient algorithms for computing differential properties of addition, in Matsui, M. (ed.) FSE 2001, Revised Papers. LNCS, vol. 2355 (Springer, Berlin, Heidelberg, 2001), pp. 336\u2013350","DOI":"10.1007\/3-540-45473-X_28"},{"key":"9437_CR17","doi-asserted-by":"crossref","unstructured":"J. Wall\u00e9n, Linear approximations of addition modulo 2$${}^{\\text{n}}$$, in Johansson, T. (ed.) FSE 2003, Revised Papers. LNCS, vol. 2887 (Springer, Berlin, Heidelberg, 2003), pp. 261\u2013273","DOI":"10.1007\/978-3-540-39887-5_20"},{"key":"9437_CR18","doi-asserted-by":"crossref","unstructured":"S.K. Langford, M.E. Hellman, Differential-linear cryptanalysis, in Desmedt, Y. (ed.) CRYPTO \u201994, Proceedings. LNCS, vol. 839 (Springer, Berlin, Heidelberg, 1994), pp. 17\u201325","DOI":"10.1007\/3-540-48658-5_3"},{"key":"9437_CR19","doi-asserted-by":"crossref","unstructured":"G. Leurent, Improved differential-linear cryptanalysis of 7-round Chaskey with partitioning, in Fischlin, M., Coron, J. (eds.) EUROCRYPT 2016, Proceedings, Part I. LNCS, vol. 9665 (Springer, Berlin, Heidelberg, 2016), pp. 344\u2013371","DOI":"10.1007\/978-3-662-49890-3_14"},{"issue":"2","key":"9437_CR20","first-page":"261","volume":"2016","author":"AR Choudhuri","year":"2016","unstructured":"A.R. Choudhuri, S. Maitra, Significantly improved multi-bit differentials for reduced round Salsa and ChaCha. IACR Trans. Symmetric Cryptol. 2016(2), 261\u2013287 (2016)","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"9437_CR21","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1016\/j.dam.2017.04.034","volume":"227","author":"S Dey","year":"2017","unstructured":"S. Dey, S. Sarkar, Improved analysis for reduced round Salsa and Chacha. Discrete Appl. Math. 227, 58\u201369 (2017)","journal-title":"Discrete Appl. Math."},{"key":"9437_CR22","doi-asserted-by":"crossref","unstructured":"J. Aumasson, S. Fischer, S. Khazaei, W. Meier, ,C. Rechberger, New features of Latin dances: Analysis of Salsa, ChaCha, and Rumba, in Nyberg, K. (ed.) FSE 2008, Revised Selected Papers. LNCS, vol. 5086 (Springer, Berlin, Heidelberg, 2008), pp. 470\u2013488","DOI":"10.1007\/978-3-540-71039-4_30"},{"key":"9437_CR23","doi-asserted-by":"crossref","unstructured":"Z. Shi, B. Zhang, D. Feng, W. Wu, Improved key recovery attacks on reduced-round Salsa20 and ChaCha, in Kwon, T., Lee, M., Kwon, D. (eds.) ICISC 2012, Revised Selected Papers. LNCS, vol. 7839 (Springer, Berlin, Heidelberg, 2012), pp. 337\u2013351","DOI":"10.1007\/978-3-642-37682-5_24"},{"key":"9437_CR24","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1016\/j.dam.2016.02.020","volume":"208","author":"S Maitra","year":"2016","unstructured":"S. Maitra, Chosen IV cryptanalysis on reduced round ChaCha and Salsa. Discrete Appl. Math. 208, 88\u201397 (2016)","journal-title":"Discrete Appl. Math."},{"key":"9437_CR25","unstructured":"S. Miyashita, R. Ito, A. Miyaji, Pnb-focused differential cryptanalysis of ChaCha stream cipher. IACR Cryptol. ePrint Arch. 2021, 1537 (2021). https:\/\/eprint.iacr.org\/2021\/1537 (to appear at ACISP 2022)"},{"key":"9437_CR26","doi-asserted-by":"crossref","unstructured":"M. Coutinho, T.C.S. Neto, Improved linear approximations to ARX ciphers and attacks against ChaCha, in Canteaut, A., Standaert, F. (eds.) EUROCRYPT 2021, Proceedings, Part I. LNCS, vol. 12696 (Springer, Cham, 2021), pp. 711\u2013740","DOI":"10.1007\/978-3-030-77870-5_25"},{"key":"9437_CR27","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2022.3171865","author":"S Dey","year":"2022","unstructured":"S. Dey, C. Dey, S. Sarkar, W. Meier, Revisiting cryptanalysis on ChaCha from Crypto 2020 and Eurocrypt 2021. IEEE Trans. Inf. Theory 68(9),6114\u20136133 (2022). https:\/\/doi.org\/10.1109\/TIT.2022.3171865","journal-title":"IEEE Trans. Inf. Theory"},{"key":"9437_CR28","unstructured":"M. Coutinho, T.C.S. Neto, Improved linear approximations to ARX ciphers and attacks against ChaCha. IACR Cryptol. ePrint Arch. 2021, 224 (2021). https:\/\/eprint.iacr.org\/2021\/224"},{"key":"9437_CR29","doi-asserted-by":"crossref","unstructured":"E. Biham, Y. Carmeli, An improvement of linear cryptanalysis with addition operations with applications to FEAL-8X, in Joux, A., Youssef, A.M. (eds.) SAC 2014, Revised Selected Papers. LNCS, vol. 8781 (Springer, Cham, 2014), pp. 59\u201376","DOI":"10.1007\/978-3-319-13051-4_4"},{"key":"9437_CR30","doi-asserted-by":"crossref","unstructured":"J. Neyman, E.S. Pearson, On the problem of the most efficient tests of statistical hypotheses. Philos. Trans. R. Soc. Lond. Ser. A Containing Papers of a Mathematical or Physical Character 231, 289\u2013337 (1933)","DOI":"10.1098\/rsta.1933.0009"},{"key":"9437_CR31","doi-asserted-by":"crossref","unstructured":"T. Baign\u00e8res, P. Junod, S. Vaudenay, How far can we go beyond linear cryptanalysis? in Lee, P.J. (ed.) ASIACRYPT 2004, Proceedings. LNCS, vol. 3329 (Springer, Berlin, Heidelberg, 2004), pp. 432\u2013450","DOI":"10.1007\/978-3-540-30539-2_31"},{"key":"9437_CR32","doi-asserted-by":"crossref","unstructured":"C. Blondeau, B. G\u00e9rard, K. Nyberg, Multiple differential cryptanalysis using LLR and $$\\chi $$ 2 statistics, in Visconti, I., Prisco, R.D. (eds.) SCN 2012, Proceedings. LNCS, vol. 7485 (Springer, Berlin, Heidelberg, 2012), pp. 343\u2013360","DOI":"10.1007\/978-3-642-32928-9_19"},{"key":"9437_CR33","doi-asserted-by":"crossref","unstructured":"B. Collard, F. Standaert, J. Quisquater, Improving the time complexity of Matsui\u2019s linear cryptanalysis, in Nam, K., Rhee, G. (eds.) ICISC 2007, Proceedings. LNCS, vol. 4817 (Springer, Berlin, Heidelberg, 2007), pp. 77\u201388","DOI":"10.1007\/978-3-540-76788-6_7"},{"key":"9437_CR34","doi-asserted-by":"crossref","unstructured":"E. Biham, O. Dunkelman, N. Keller, Enhancing differential-linear cryptanalysis, in Zheng, Y. (ed.) ASIACRYPT 2002, Proceedings. LNCS, vol. 2501 (Springer, Berlin, Heidelberg, 2002), pp. 254\u2013266","DOI":"10.1007\/3-540-36178-2_16"},{"key":"9437_CR35","doi-asserted-by":"crossref","unstructured":"A. Bar-On, O. Dunkelman, N. Keller, A. Weizman, DLCT: A new tool for differential-linear cryptanalysis, in Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Proceedings, Part I. LNCS, vol. 11476 (Springer, Cham, 2019), pp. 313\u2013342","DOI":"10.1007\/978-3-030-17653-2_11"},{"key":"9437_CR36","doi-asserted-by":"crossref","unstructured":"S. Knellwolf, W. Meier, M. Naya-Plasencia, Conditional differential cryptanalysis of NLFSR-based cryptosystems, in Abe, M. (ed.) ASIACRYPT 2010, Proceedings. LNCS, vol. 6477 (Springer, Berlin, Heidelberg, 2010), pp. 130\u2013145","DOI":"10.1007\/978-3-642-17373-8_8"},{"issue":"3","key":"9437_CR37","doi-asserted-by":"publisher","first-page":"859","DOI":"10.1007\/s00145-016-9237-5","volume":"30","author":"C Blondeau","year":"2017","unstructured":"C. Blondeau, G. Leander, K. Nyberg, Differential-linear cryptanalysis revisited. J. Cryptol. 30(3), 859\u2013888 (2017)","journal-title":"J. Cryptol."},{"key":"9437_CR38","volume-title":"Boolean Functions for Cryptography and Coding Theory","author":"C Carlet","year":"2021","unstructured":"C. Carlet, Boolean Functions for Cryptography and Coding Theory (Cambridge University Press, Cambridge, 2021)"},{"key":"9437_CR39","doi-asserted-by":"crossref","unstructured":"K. Nyberg, Linear approximation of block ciphers, in Santis, A.D. (ed.) EUROCRYPT 1994. LNCS, vol. 950 (Springer, Berlin, Heidelberg, 1994), pp. 439\u2013444","DOI":"10.1007\/BFb0053460"},{"key":"9437_CR40","unstructured":"N. Mouha, Chaskey: a MAC algorithm for microcontrollers - status update and proposal of Chaskey-12. IACR Cryptol. ePrint Arch. 2015, 1182 (2015). https:\/\/eprint.iacr.org\/2015\/1182"},{"key":"9437_CR41","unstructured":"M. Coutinho, T.C.S. Neto, New multi-bit differentials to improve attacks against ChaCha. IACR Cryptol. ePrint Arch. 2020, 350 (2020). https:\/\/eprint.iacr.org\/2020\/350"}],"container-title":["Journal of Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-022-09437-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s00145-022-09437-z\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s00145-022-09437-z.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,20]],"date-time":"2022-10-20T20:12:02Z","timestamp":1666296722000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s00145-022-09437-z"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10]]},"references-count":41,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2022,10]]}},"alternative-id":["9437"],"URL":"https:\/\/doi.org\/10.1007\/s00145-022-09437-z","relation":{},"ISSN":["0933-2790","1432-1378"],"issn-type":[{"value":"0933-2790","type":"print"},{"value":"1432-1378","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,10]]},"assertion":[{"value":"27 December 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 June 2022","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"29 July 2022","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 October 2022","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"29"}}