{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T20:05:53Z","timestamp":1750277153923,"version":"3.37.3"},"reference-count":39,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2024,3,4]],"date-time":"2024-03-04T00:00:00Z","timestamp":1709510400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,3,4]],"date-time":"2024-03-04T00:00:00Z","timestamp":1709510400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62002024","62202062"],"award-info":[{"award-number":["62002024","62202062"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2024,6]]},"DOI":"10.1007\/s10623-024-01362-5","type":"journal-article","created":{"date-parts":[[2024,3,4]],"date-time":"2024-03-04T17:01:46Z","timestamp":1709571706000},"page":"1663-1728","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Combining MILP modeling with algebraic bias evaluation for linear mask search: improved fast correlation attacks on SNOW"],"prefix":"10.1007","volume":"92","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5155-9889","authenticated-orcid":false,"given":"Xinxin","family":"Gong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4069-2438","authenticated-orcid":false,"given":"Yonglin","family":"Hao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qingju","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,3,4]]},"reference":[{"issue":"4","key":"1362_CR1","doi-asserted-by":"publisher","first-page":"99","DOI":"10.46586\/tosc.v2017.i4.99-129","volume":"2017","author":"A Abdelkhalek","year":"2017","unstructured":"Abdelkhalek A., Sasaki Y., Todo Y., Tolba M., Youssef A.M.: MILP modeling for (large) S-boxes to optimize probability of differential characteristics. IACR Trans. Symmetric Cryptol. 2017(4), 99\u2013129 (2017).","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1362_CR2","doi-asserted-by":"crossref","unstructured":"Beierle C., Biryukov A., Cardoso\u00a0dos Santos L., Gro\u00dfsch\u00e4dl J., Perrin L., Udovenko A., Velichkov V., Wang Q.: Alzette: A 64-bit arx-box. In: Micciancio D., Ristenpart T. (eds.) Advances in Cryptology \u2013 CRYPTO (2020), pp. 419\u2013448. Springer, Cham (2020).","DOI":"10.1007\/978-3-030-56877-1_15"},{"key":"1362_CR3","first-page":"181","volume-title":"FSE 2000","author":"VV Chepyzhov","year":"2000","unstructured":"Chepyzhov V.V., Johansson T., Smeets B.J.M.: A simple algorithm for fast correlation attacks on stream ciphers. In: Schneier B. (ed.) FSE 2000, vol. 1978, pp. 181\u2013195. LNCS. Springer, Berlin (2000)."},{"key":"1362_CR4","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/3-540-46035-7_14","volume-title":"EUROCRYPT 2002","author":"P Chose","year":"2002","unstructured":"Chose P., Joux A., Mitton M.: Fast correlation attacks: an algorithmic point of view. In: Knudsen L.R. (ed.) EUROCRYPT 2002, pp. 209\u2013221. Springer, Berlin (2002)."},{"key":"1362_CR5","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1007\/3-540-45708-9_33","volume-title":"CRYPTO 2002","author":"D Coppersmith","year":"2002","unstructured":"Coppersmith D., Halevi S., Jutla C.: Cryptanalysis of stream ciphers with linear masking. In: Yung M. (ed.) CRYPTO 2002, pp. 515\u2013532. Springer, Berlin (2002)."},{"key":"1362_CR6","doi-asserted-by":"crossref","unstructured":"Cui T., Chen S., Fu K., Wang M., Jia K.: New automatic tool for finding impossible differentials and zero-correlation linear approximations. Sci. China Inf. Sci. 64(2) (2021).","DOI":"10.1007\/s11432-018-1506-4"},{"key":"1362_CR7","doi-asserted-by":"crossref","unstructured":"Ekdahl P., Johansson T.: A new version of the stream cipher SNOW. In: Nyberg K., Heys H.M. (eds.) SAC 2002. LNCS, vol.\u00a02595, pp. 47\u201361. Springer.","DOI":"10.1007\/3-540-36492-7_5"},{"issue":"3","key":"1362_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.46586\/tosc.v2019.i3.1-42","volume":"2019","author":"P Ekdahl","year":"2019","unstructured":"Ekdahl P., Johansson T., Maximov A., Yang J.: A new SNOW stream cipher called SNOW-V. IACR Trans. Symmetric Cryptol. 2019(3), 1\u201342 (2019).","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1362_CR9","doi-asserted-by":"crossref","unstructured":"Ekdahl P., Maximov A., Johansson T., Yang J.: SNOW-Vi: an extreme performance variant of SNOW-V for lower grade cpus. In: WiSec 2021, pp. 261\u2013272. (ACM) (06).","DOI":"10.1145\/3448300.3467829"},{"key":"1362_CR10","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-030-23696-0_14","volume-title":"Progress in Cryptology - AFRICACRYPT 2019","author":"M ElSheikh","year":"2019","unstructured":"ElSheikh M., Abdelkhalek A., Youssef A.M.: On MILP-based automatic search for differential trails through modular additions with application to bel-t. In: Buchmann J., Nitaj A., Rachidi T. (eds.) Progress in Cryptology - AFRICACRYPT 2019, pp. 273\u2013296. Springer, Cham (2019)."},{"key":"1362_CR11","first-page":"268","volume-title":"FSE 2016","author":"K Fu","year":"2016","unstructured":"Fu K., Wang M., Guo Y., Sun S., Hu L.: MILP-based automatic search algorithms for differential and linear trails for Speck. In: Peyrin T. (ed.) FSE 2016, vol. 9783, pp. 268\u2013288. LNCS. Springer, Berlin (2016)."},{"key":"1362_CR12","doi-asserted-by":"crossref","unstructured":"Funabiki Y., Todo Y., Isobe T., Morii M.: Several MILP-aided attacks against SNOW 2.0. In: Camenisch J., Papadimitratos P. (eds.) CANS 2018. LNCS, vol. 11124, pp. 394\u2013413. Springer, Berlin (2018).","DOI":"10.1007\/978-3-030-00434-7_20"},{"key":"1362_CR13","doi-asserted-by":"crossref","unstructured":"Gong X., Zhang B.: Fast computation of linear approximation over certain composition functions and applications to SNOW 2.0 and SNOW 3G. Des. Codes Cryptogr. 88(11), 2407\u20132431 (2020).","DOI":"10.1007\/s10623-020-00790-3"},{"key":"1362_CR14","doi-asserted-by":"crossref","unstructured":"Gong X., Zhang B.: Comparing large-unit and bitwise linear approximations of SNOW 2.0 and SNOW 3G and related attacks. IACR Trans. Symmetric Cryptol. 2021(2), 71\u2013103 (2021).","DOI":"10.46586\/tosc.v2021.i2.71-103"},{"issue":"1","key":"1362_CR15","doi-asserted-by":"publisher","first-page":"378","DOI":"10.46586\/tosc.v2021.i1.378-410","volume":"2021","author":"X Gong","year":"2021","unstructured":"Gong X., Zhang B.: Resistance of SNOW-V against fast correlation attacks. IACR Trans. Symmetric Cryptol. 2021(1), 378\u2013410 (2021).","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1362_CR16","first-page":"466","volume-title":"EUROCRYPT 2020, Part I","author":"Y Hao","year":"2020","unstructured":"Hao Y., Leander G., Meier W., Todo Y., Wang Q.: Modeling for three-subset division property without unknown subset - improved cube attacks against Trivium and Grain-128AEAD. In: Canteaut A., Ishai Y. (eds.) EUROCRYPT 2020, Part I, vol. 12105, pp. 466\u2013495. LNCS. Springer, Berlin (2020)."},{"key":"1362_CR17","doi-asserted-by":"publisher","first-page":"392","DOI":"10.1007\/978-3-030-92062-3_14","volume-title":"ASIACRYPT 2021, Part I","author":"K Hu","year":"2021","unstructured":"Hu K., Sun S., Todo Y., Wang M., Wang Q.: Massive superpoly recovery with nested monomial predictions. In: Tibouchi M., Wang H. (eds.) ASIACRYPT 2021, Part I, vol. 13090, pp. 392\u2013421. LNCS. Springer, Berlin (2021)."},{"key":"1362_CR18","doi-asserted-by":"crossref","unstructured":"Huang S., Wang X., Xu G., Wang M., Zhao J.: Conditional cube attack on reduced-round Keccak sponge function. In: Coron J., Nielsen J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 259\u2013288 (2017).","DOI":"10.1007\/978-3-319-56614-6_9"},{"key":"1362_CR19","doi-asserted-by":"crossref","unstructured":"Matsui M.: Linear cryptanalysis method for DES cipher. In: Helleseth T. (ed.) EUROCRYPT\u201993. LNCS, vol.\u00a0765, pp. 386\u2013397. Springer, Berlin.","DOI":"10.1007\/3-540-48285-7_33"},{"key":"1362_CR20","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/11593447_17","volume-title":"Advances in Cryptology - ASIACRYPT 2005","author":"A Maximov","year":"2005","unstructured":"Maximov A., Johansson T.: Fast computation of large distributions and its cryptographic applications. In: Roy B. (ed.) Advances in Cryptology - ASIACRYPT 2005, pp. 313\u2013332. Springer, Berlin (2005)."},{"key":"1362_CR21","first-page":"57","volume-title":"Inscrypt 2011","author":"N Mouha","year":"2011","unstructured":"Mouha N., Wang Q., Gu D., Preneel B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu C., Yung M., Lin D. (eds.) Inscrypt 2011, vol. 7537, pp. 57\u201376. LNCS. Springer, Berlin (2011)."},{"issue":"1","key":"1362_CR22","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1016\/S0166-218X(00)00351-6","volume":"111","author":"K Nyberg","year":"2001","unstructured":"Nyberg K.: Correlation theorems in cryptanalysis. Discret. Appl. Math. 111(1), 177\u2013188 (2001). https:\/\/doi.org\/10.1016\/S0166-218X(00)00351-6.","journal-title":"Discret. Appl. Math."},{"key":"1362_CR23","doi-asserted-by":"crossref","unstructured":"Nyberg K., Wall\u00e9n J.: Improved linear distinguishers for SNOW 2.0. In: Robshaw M.J.B. (ed.) FSE 2006. LNCS, vol.\u00a04047, pp. 144\u2013162. Springer, Berlin (2006).","DOI":"10.1007\/11799313_10"},{"key":"1362_CR24","unstructured":"SAGE E.: Specification of the 3GPP confidentiality and integrity algorithms UEA2 & UIA2, document 2: SNOW 3G specification, v1.1 (2006)."},{"key":"1362_CR25","doi-asserted-by":"crossref","unstructured":"Shi Z., Jin C., Zhang J., Cui T., Ding L., Jin Y.: A correlation attack on full SNOW-V and SNOW-Vi. In: EUROCRYPT (2022)","DOI":"10.1007\/978-3-031-07082-2_2"},{"key":"1362_CR26","doi-asserted-by":"crossref","unstructured":"Sun L., Wang W., Liu R., Wang M.: MILP-aided bit-based division property for ARX ciphers. Sci. China Inf. Sci. 61(11), 118102:1\u2013118102:3 (2018).","DOI":"10.1007\/s11432-017-9321-7"},{"key":"1362_CR27","first-page":"158","volume-title":"Advances in Cryptology - ASIACRYPT 2014","author":"S Sun","year":"2014","unstructured":"Sun S., Hu L., Wang P., Qiao K., Ma X., Song L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBLOCK, DES(L) and other bit-oriented block ciphers. In: Sarkar P., Iwata T. (eds.) Advances in Cryptology - ASIACRYPT 2014, pp. 158\u2013178. Springer, Berlin (2014)."},{"key":"1362_CR28","unstructured":"Sun Y.: Towards the least inequalities for describing a subset in $$z_2^n$$. Cryptology ePrint Archive, Report 2021\/1084 (2021)."},{"issue":"12","key":"1362_CR29","doi-asserted-by":"publisher","first-page":"1720","DOI":"10.1109\/TC.2018.2835480","volume":"67","author":"Y Todo","year":"2018","unstructured":"Todo Y., Isobe T., Hao Y., Meier W.: Cube attacks on non-blackbox polynomials based on division property. IEEE Trans. Comput. 67(12), 1720\u20131736 (2018).","journal-title":"IEEE Trans. Comput."},{"key":"1362_CR30","first-page":"129","volume-title":"CRYPTO 2018, Part II","author":"Y Todo","year":"2018","unstructured":"Todo Y., Isobe T., Meier W., Aoki K., Zhang B.: Fast correlation attack revisited - cryptanalysis on full Grain-128a, Grain-128, and Grain-v1. In: Shacham H., Boldyreva A. (eds.) CRYPTO 2018, Part II, vol. 10992, pp. 129\u2013159. LNCS. Springer, Berlin (2018)."},{"key":"1362_CR31","unstructured":"Udovenko A.: MILP modeling of boolean functions by minimum number of inequalities. Cryptology ePrint Archive, Report 2021\/1099 (2021)."},{"key":"1362_CR32","doi-asserted-by":"publisher","first-page":"288","DOI":"10.1007\/3-540-45708-9_19","volume-title":"Advances in Cryptology - CRYPTO 2002","author":"D Wagner","year":"2002","unstructured":"Wagner D.: A generalized birthday problem. In: Yung M. (ed.) Advances in Cryptology - CRYPTO 2002, pp. 288\u2013304. Springer, Berlin (2002)."},{"key":"1362_CR33","doi-asserted-by":"publisher","first-page":"275","DOI":"10.1007\/978-3-319-96884-1_10","volume-title":"CRYPTO 2018, Part I","author":"Q Wang","year":"2018","unstructured":"Wang Q., Hao Y., Todo Y., Li C., Isobe T., Meier W.: Improved division property based cube attacks exploiting algebraic properties of superpoly. In: Shacham H., Boldyreva A. (eds.) CRYPTO 2018, Part I, vol. 10991, pp. 275\u2013305. LNCS. Springer, Berlin (2018)."},{"key":"1362_CR34","doi-asserted-by":"crossref","unstructured":"Watanabe D., Biryukov A., Canni\u00e8re C.D.: A distinguishing attack of SNOW 2.0 with linear masking method. In: Matsui M., Zuccherato R.J. (eds.) SAC 2003. LNCS, vol.\u00a03006, pp. 222\u2013233. Springer, Berlin (2003).","DOI":"10.1007\/978-3-540-24654-1_16"},{"key":"1362_CR35","doi-asserted-by":"crossref","unstructured":"Xiang Z., Zhang W., Bao Z., Lin D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon J.H., Takagi T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 648\u2013678 (2016).","DOI":"10.1007\/978-3-662-53887-6_24"},{"issue":"4","key":"1362_CR36","first-page":"249","volume":"2019","author":"J Yang","year":"2019","unstructured":"Yang J., Johansson T., Maximov A.: Vectorized linear approximations for attacks on SNOW 3G. IACR Trans. Symmetric Cryptol. 2019(4), 249\u2013271 (2019).","journal-title":"IACR Trans. Symmetric Cryptol."},{"issue":"3","key":"1362_CR37","doi-asserted-by":"publisher","first-page":"54","DOI":"10.46586\/tosc.v2021.i3.54-83","volume":"2021","author":"J Yang","year":"2021","unstructured":"Yang J., Johansson T., Maximov A.: Improved guess-and-determine and distinguishing attacks on SNOW-V. IACR Trans. Symmetric Cryptol. 2021(3), 54\u201383 (2021).","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1362_CR38","doi-asserted-by":"crossref","unstructured":"Zhang B., Xu C., Meier W.: Fast correlation attacks over extension fields, large-unit linear approximation and cryptanalysis of SNOW 2.0. In: Gennaro R., Robshaw M. (eds.) CRYPTO 2015, Part I. LNCS, vol.\u00a09215, pp. 643\u2013662. Springer, Berlin (2015).","DOI":"10.1007\/978-3-662-47989-6_31"},{"issue":"10","key":"1362_CR39","doi-asserted-by":"publisher","first-page":"2449","DOI":"10.1007\/s10623-022-01090-8","volume":"90","author":"Z Zhou","year":"2022","unstructured":"Zhou Z., Feng D., Zhang B.: Efficient and extensive search for precise linear approximations with high correlations of full SNOW-V. Des. Codes Cryptogr. 90(10), 2449\u20132479 (2022). https:\/\/doi.org\/10.1007\/s10623-022-01090-8.","journal-title":"Des. Codes Cryptogr."}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-024-01362-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10623-024-01362-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-024-01362-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,17]],"date-time":"2024-05-17T18:08:11Z","timestamp":1715969291000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10623-024-01362-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,4]]},"references-count":39,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2024,6]]}},"alternative-id":["1362"],"URL":"https:\/\/doi.org\/10.1007\/s10623-024-01362-5","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"type":"print","value":"0925-1022"},{"type":"electronic","value":"1573-7586"}],"subject":[],"published":{"date-parts":[[2024,3,4]]},"assertion":[{"value":"7 February 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"15 January 2024","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 January 2024","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"4 March 2024","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}