{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T00:31:48Z","timestamp":1771979508919,"version":"3.50.1"},"reference-count":38,"publisher":"Springer Science and Business Media LLC","issue":"8","license":[{"start":{"date-parts":[[2025,5,10]],"date-time":"2025-05-10T00:00:00Z","timestamp":1746835200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,5,10]],"date-time":"2025-05-10T00:00:00Z","timestamp":1746835200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100006254","name":"Ruhr-Universit\u00e4t Bochum","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100006254","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2025,8]]},"abstract":"Abstract<\/jats:title>\n Recently, Baudrin et al. analyzed a special case of Wagner\u2019s commutative diagram cryptanalysis, referred to as commutative cryptanalysis<\/jats:italic>. For a family \n \n $$(E_k)_k$$<\/jats:tex-math>\n \n \n \n (<\/mml:mo>\n \n E<\/mml:mi>\n k<\/mml:mi>\n <\/mml:msub>\n )<\/mml:mo>\n <\/mml:mrow>\n k<\/mml:mi>\n <\/mml:msub>\n <\/mml:math>\n <\/jats:alternatives>\n <\/jats:inline-formula> of permutations on a finite vector space G<\/jats:italic>, commutative cryptanalysis exploits the existence of affine permutations \n \n $$A,B :G \\rightarrow G$$<\/jats:tex-math>\n \n \n A<\/mml:mi>\n ,<\/mml:mo>\n B<\/mml:mi>\n :<\/mml:mo>\n G<\/mml:mi>\n \u2192<\/mml:mo>\n G<\/mml:mi>\n <\/mml:mrow>\n <\/mml:math>\n <\/jats:alternatives>\n <\/jats:inline-formula>, \n \n $$I \\notin \\{A,B\\}$$<\/jats:tex-math>\n \n \n I<\/mml:mi>\n \u2209<\/mml:mo>\n {<\/mml:mo>\n A<\/mml:mi>\n ,<\/mml:mo>\n B<\/mml:mi>\n }<\/mml:mo>\n <\/mml:mrow>\n <\/mml:math>\n <\/jats:alternatives>\n <\/jats:inline-formula> such that \n \n $$E_k \\circ A (x) = B \\circ E_k(x)$$<\/jats:tex-math>\n \n \n \n E<\/mml:mi>\n k<\/mml:mi>\n <\/mml:msub>\n \u2218<\/mml:mo>\n A<\/mml:mi>\n \n (<\/mml:mo>\n x<\/mml:mi>\n )<\/mml:mo>\n <\/mml:mrow>\n =<\/mml:mo>\n B<\/mml:mi>\n \u2218<\/mml:mo>\n \n E<\/mml:mi>\n k<\/mml:mi>\n <\/mml:msub>\n \n (<\/mml:mo>\n x<\/mml:mi>\n )<\/mml:mo>\n <\/mml:mrow>\n <\/mml:mrow>\n <\/mml:math>\n <\/jats:alternatives>\n <\/jats:inline-formula> holds with high probability, taken over inputs x<\/jats:italic>, for a significantly large set of weak keys<\/jats:italic>\n k<\/jats:italic>. Several attacks against symmetric cryptographic primitives can be formulated within the framework of commutative cryptanalysis, most importantly differential attacks, as well as rotational and rotational-differential attacks. Besides, the notion of c<\/jats:italic>-differentials on S-boxes can be analyzed as a special case within this framework. We discuss the relations between a general notion of commutative cryptanalysis, with A<\/jats:italic> and B<\/jats:italic> being arbitrary functions over a finite Abelian group, and differential cryptanalysis, both from the view of conducting an attack on a symmetric cryptographic primitive, as well as from the view of a theoretical study of cryptographic S-boxes.\n<\/jats:p>","DOI":"10.1007\/s10623-025-01625-9","type":"journal-article","created":{"date-parts":[[2025,5,10]],"date-time":"2025-05-10T11:30:13Z","timestamp":1746876613000},"page":"3243-3281","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Commutative cryptanalysis as a generalization of differential cryptanalysis"],"prefix":"10.1007","volume":"93","author":[{"given":"Jules","family":"Baudrin","sequence":"first","affiliation":[]},{"given":"Christof","family":"Beierle","sequence":"additional","affiliation":[]},{"given":"Patrick","family":"Felke","sequence":"additional","affiliation":[]},{"given":"Gregor","family":"Leander","sequence":"additional","affiliation":[]},{"given":"Patrick","family":"Neumann","sequence":"additional","affiliation":[]},{"given":"L\u00e9o","family":"Perrin","sequence":"additional","affiliation":[]},{"given":"Lukas","family":"Stennes","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,10]]},"reference":[{"issue":"1","key":"1625_CR1","doi-asserted-by":"publisher","first-page":"57","DOI":"10.46586\/tosc.v2016.i1.57-70","volume":"2016","author":"T Ashur","year":"2016","unstructured":"Ashur T., Liu Y.: Rotational cryptanalysis in the presence of constants. IACR Trans. Symmetr. Cryptol. 2016(1), 57\u201370 (2016).","journal-title":"IACR Trans. Symmetr. Cryptol."},{"key":"1625_CR2","doi-asserted-by":"crossref","unstructured":"Bartoli D., K\u00f6lsch L., Micheli G.: Differential biases, c-differential uniformity, and their relation to differential attacks. In: Petkova-Nikova S., Panario D. (eds.) Arithmetic of Finite Fields, pp. 191\u2013212. Springer Nature Switzerland (2025).","DOI":"10.1007\/978-3-031-81824-0_13"},{"key":"1625_CR3","unstructured":"Baudrin J.: Algebraic properties of symmetric ciphers and of their non-linear components. Ph.D thesis, Sorbonne Universit\u00e9 (2024)."},{"issue":"4","key":"1625_CR4","doi-asserted-by":"publisher","first-page":"299","DOI":"10.46586\/tosc.v2023.i4.299-329","volume":"2023","author":"J Baudrin","year":"2023","unstructured":"Baudrin J., Felke P., Leander G., Neumann P., Perrin L., Stennes L.: Commutative cryptanalysis made practical. IACR Trans. Symmetr. Cryptol. 2023(4), 299\u2013329 (2023).","journal-title":"IACR Trans. Symmetr. Cryptol."},{"issue":"7","key":"1625_CR5","doi-asserted-by":"publisher","first-page":"4863","DOI":"10.1109\/TIT.2021.3071533","volume":"67","author":"C Beierle","year":"2021","unstructured":"Beierle C., Brinkmann M., Leander G.: Linearly self-equivalent APN permutations in small dimension. IEEE Trans. Inf. Theory 67(7), 4863\u20134875 (2021).","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"4","key":"1625_CR6","doi-asserted-by":"publisher","first-page":"80","DOI":"10.46586\/tosc.v2018.i4.80-101","volume":"2018","author":"C Beierle","year":"2018","unstructured":"Beierle C., Canteaut A., Leander G.: Nonlinear approximations in cryptanalysis revisited. IACR Trans. Symmetr. Cryptol. 2018(4), 80\u2013101 (2018).","journal-title":"IACR Trans. Symmetr. Cryptol."},{"key":"1625_CR7","doi-asserted-by":"crossref","unstructured":"Beierle C., Felke P., Leander G., Neumann P., Stennes L.: On perfect linear approximations and differentials over two-round SPNs. In: Handschuh H., Lysyanskaya A. (eds.) Advances in Cryptology\u2014CRYPTO 2023\u201443rd Annual International Cryptology Conference, CRYPTO 2023, Santa Barbara, CA, USA, August 20\u201324, 2023, Proceedings, Part III, Volume 14083 of Lecture Notes in Computer Science, pp. 209\u2013239. Springer (2023).","DOI":"10.1007\/978-3-031-38548-3_8"},{"issue":"1","key":"1625_CR8","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/BF00630563","volume":"4","author":"E Biham","year":"1991","unstructured":"Biham E., Shamir A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3\u201372 (1991).","journal-title":"J. Cryptol."},{"key":"1625_CR9","doi-asserted-by":"publisher","DOI":"10.1016\/j.ffa.2022.102088","volume":"83","author":"A Bors","year":"2022","unstructured":"Bors A., Wang Q.: Coset-wise affine functions and cycle types of complete mappings. Finite Fields Their Appl. 83, 102088 (2022).","journal-title":"Finite Fields Their Appl."},{"key":"1625_CR10","unstructured":"Calderini M., Civino R., Invernizzi R.: Optimal s-boxes against alternative operations (2024). CoRR arXiv:2403.20059."},{"key":"1625_CR11","doi-asserted-by":"publisher","first-page":"658","DOI":"10.1016\/j.jalgebra.2020.10.034","volume":"569","author":"M Calderini","year":"2021","unstructured":"Calderini M., Civino R., Sala M.: On properties of translation groups in the affine general linear group with applications to cryptography. J. Algebra 569, 658\u2013680 (2021).","journal-title":"J. Algebra"},{"issue":"3","key":"1625_CR12","doi-asserted-by":"publisher","first-page":"297","DOI":"10.5486\/PMD.2006.3594","volume":"69","author":"A Caranti","year":"2006","unstructured":"Caranti A., Dalla Volta F., Sala M.: Abelian regular subgroups of the affine group and radical rings. Publ. Math. Debrecen 69(3), 297\u2013308 (2006).","journal-title":"Publ. Math. Debrecen"},{"key":"1625_CR13","doi-asserted-by":"crossref","unstructured":"Carlet C.: Boolean Functions for Cryptography and Coding Theory. Cambridge University Press (2021).","DOI":"10.1017\/9781108606806"},{"issue":"2","key":"1625_CR14","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1023\/A:1008344232130","volume":"15","author":"C Carlet","year":"1998","unstructured":"Carlet C., Charpin P., Zinoviev V.A.: Codes, bent functions and permutations suitable for DES-like cryptosystems. Des. Codes Cryptogr. 15(2), 125\u2013156 (1998).","journal-title":"Des. Codes Cryptogr."},{"issue":"2\u20133","key":"1625_CR15","doi-asserted-by":"publisher","first-page":"225","DOI":"10.1007\/s10623-018-0516-z","volume":"87","author":"R Civino","year":"2019","unstructured":"Civino R., Blondeau C., Sala M.: Differential attacks: using alternative operations. Des. Codes Cryptogr. 87(2\u20133), 225\u2013247 (2019).","journal-title":"Des. Codes Cryptogr."},{"issue":"1","key":"1625_CR16","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1137\/0110009","volume":"10","author":"R Crowell","year":"1962","unstructured":"Crowell R.: Graphs of linear transformations over finite fields. J. Soc. Indust. Appl. Math. 10(1), 103\u2013112 (1962).","journal-title":"J. Soc. Indust. Appl. Math."},{"key":"1625_CR17","unstructured":"Daemen J.: Cipher and hash function design strategies based on linear and differential cryptanalysis. Ph.D Thesis, Doctoral Dissertation, KU Leuven (1995)."},{"key":"1625_CR18","doi-asserted-by":"crossref","unstructured":"Daemen J., Rijmen V.: The Design of Rijndael\u2014The Advanced Encryption Standard (AES), Information Security and Cryptography, 2nd edn. Springer (2020).","DOI":"10.1007\/978-3-662-60769-5"},{"issue":"3","key":"1625_CR19","doi-asserted-by":"publisher","first-page":"426","DOI":"10.4153\/CJM-1971-045-7","volume":"23","author":"JD Dixon","year":"1971","unstructured":"Dixon J.D.: Maximal Abelian subgroups of the symmetric groups. Can. J. Math. 23(3), 426\u2013438 (1971).","journal-title":"Can. J. Math."},{"issue":"9","key":"1625_CR20","doi-asserted-by":"publisher","first-page":"5781","DOI":"10.1109\/TIT.2020.2971988","volume":"66","author":"P Ellingsen","year":"2020","unstructured":"Ellingsen P., Felke P., Riera C., Stanica P., Tkachenko A.: C-differentials, multiplicative uniformity, and (almost) perfect c-nonlinearity. IEEE Trans. Inf. Theory 66(9), 5781\u20135789 (2020).","journal-title":"IEEE Trans. Inf. Theory"},{"issue":"1","key":"1625_CR21","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1109\/TCT.1959.1086506","volume":"6","author":"B Elspas","year":"1959","unstructured":"Elspas B.: The theory of autonomous linear sequential networks. IRE Trans. Circuit Theory 6(1), 45\u201360 (1959).","journal-title":"IRE Trans. Circuit Theory"},{"key":"1625_CR22","unstructured":"ETSI\/SAGE. Specification of the 3GPP confidentiality and integrity algorithms 128-EEA3 & 128-EIA3. document 4: design and evaluation report. Technical report (2011). https:\/\/www.gsma.com\/about-us\/wp-content\/uploads\/2014\/12\/EEA3_EIA3_Design_Evaluation_v2_0.pdf."},{"key":"1625_CR23","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1016\/S0024-3795(96)00530-7","volume":"263","author":"H Fripertinger","year":"1997","unstructured":"Fripertinger H.: Cycle indices of linear, affine, and projective groups. Linear Algebra Appl. 263, 133\u2013156 (1997).","journal-title":"Linear Algebra Appl."},{"key":"1625_CR24","unstructured":"Gantmacher F.R.: The Theory of Matrices, vol. 1, 2. Translated by K. A. Hirsch. Chelsea Publishing Co., New York (1959)."},{"key":"1625_CR25","unstructured":"Grosso V., Leurent G., Standaert F.-X., Varici K., Durvaux F., Gaspar L., Kerckhof S.: SCREAM & iSCREAM, side-channel resistant authenticated encryption with masking. v1 of a CAESAR submission. http:\/\/competitions.cr.yp.to\/round1\/screamv1.pdf (2014)."},{"issue":"2","key":"1625_CR26","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1016\/j.jpaa.2014.04.023","volume":"219","author":"S Guest","year":"2015","unstructured":"Guest S., Morris J., Praeger C.E., Spiga P.: Affine transformations of finite vector spaces with large orders or few cycles. J. Pure Appl. Algebra 219(2), 308\u2013330 (2015).","journal-title":"J. Pure Appl. Algebra"},{"key":"1625_CR27","doi-asserted-by":"crossref","unstructured":"Khovratovich D., Nikolic I.: Rotational cryptanalysis of ARX. In: Hong S., Iwata T. (eds) Fast Software Encryption, 17th International Workshop, FSE 2010, Seoul, Korea, February 7\u201310, 2010, Revised Selected Papers, Volume 6147 of Lecture Notes in Computer Science, pp. 333\u2013346. Springer (2010).","DOI":"10.1007\/978-3-642-13858-4_19"},{"key":"1625_CR28","unstructured":"Lai X.: Additive and linear structures of cryptographic functions. In: Preneel B. (ed.) Fast Software Encryption: Second International Workshop. Leuven, Belgium, 14\u201316 December 1994, Proceedings, Volume 1008 of Lecture Notes in Computer Science, pp. 75\u201385. Springer (1994)."},{"key":"1625_CR29","doi-asserted-by":"crossref","unstructured":"Lai X., Massey J.L., Murphy S.: Markov ciphers and differential cryptanalysis. In: Davies D.W. (ed.) Advances in Cryptology\u2014EUROCRYPT \u201991, Workshop on the Theory and Application of of Cryptographic Techniques, Brighton, UK, April 8\u201311, 1991, Proceedings, Volume 547 of Lecture Notes in Computer Science, pp. 17\u201338. Springer (1991).","DOI":"10.1007\/3-540-46416-6_2"},{"key":"1625_CR30","doi-asserted-by":"crossref","unstructured":"Lidl R., Niederreiter H.: Finite Fields. Cambridge University Press (1997).","DOI":"10.1017\/CBO9780511525926"},{"key":"1625_CR31","doi-asserted-by":"crossref","unstructured":"Liu T., Tessaro S., Vaikuntanathan V.: The t-wise independence of substitution-permutation networks. In: Malkin T., Peikert C. (eds.) Advances in Cryptology\u2014CRYPTO 2021\u201441st Annual International Cryptology Conference, CRYPTO 2021, Virtual Event, August 16\u201320, 2021, Proceedings, Part IV, Volume 12828 of Lecture Notes in Computer Science, pp. 454\u2013483. Springer (2021).","DOI":"10.1007\/978-3-030-84259-8_16"},{"key":"1625_CR32","doi-asserted-by":"crossref","unstructured":"Liu T., Tessaro S., Vaikuntanathan V.: The t-wise independence of substitution-permutation networks. IACR Cryptol. ePrint Arch. 507 (2021).","DOI":"10.1007\/978-3-030-84259-8_16"},{"key":"1625_CR33","doi-asserted-by":"crossref","unstructured":"Mennink B.: Modeling security. In: Symmetric Cryptography, vol. 1, Chapter\u00a010, pp. 135\u2013146. Wiley (2024).","DOI":"10.1002\/9781394256358.ch10"},{"issue":"4","key":"1625_CR34","doi-asserted-by":"publisher","first-page":"691","DOI":"10.1007\/s12095-021-00551-6","volume":"14","author":"S Mesnager","year":"2022","unstructured":"Mesnager S., Mandal B., Msahli M.: Survey on recent trends towards generalized differential and boomerang uniformities. Cryptogr. Commun. 14(4), 691\u2013735 (2022).","journal-title":"Cryptogr. Commun."},{"key":"1625_CR35","unstructured":"Nyberg K.: Differentially uniform mappings for cryptography. In: Helleseth T. (ed.) Advances in Cryptology\u2014EUROCRYPT \u201993, Workshop on the Theory and Application of of Cryptographic Techniques, Lofthus, Norway, May 23\u201327, 1993, Proceedings, Volume 765 of Lecture Notes in Computer Science, pp. 55\u201364. Springer (1993)."},{"issue":"1","key":"1625_CR36","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/s10623-015-0151-x","volume":"78","author":"A Pott","year":"2016","unstructured":"Pott A.: Almost perfect and planar functions. Des. Codes Cryptogr. 78(1), 141\u2013195 (2016).","journal-title":"Des. Codes Cryptogr."},{"key":"1625_CR37","doi-asserted-by":"crossref","unstructured":"Wagner D.A.: Towards a unifying view of block cipher cryptanalysis. In: Roy B.K., Meier W. (eds.) Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5\u20137, 2004, Revised Papers, Volume 3017 of Lecture Notes in Computer Science, pp. 16\u201333. Springer (2004).","DOI":"10.1007\/978-3-540-25937-4_2"},{"issue":"1","key":"1625_CR38","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1016\/0016-0032(67)90115-9","volume":"283","author":"K Wang","year":"1967","unstructured":"Wang K.: Transition graphs of affine transformation on vector spaces over finite fields. J. Franklin Inst. 283(1), 55\u201372 (1967).","journal-title":"J. Franklin Inst."}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-025-01625-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10623-025-01625-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-025-01625-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,6]],"date-time":"2025-09-06T14:25:48Z","timestamp":1757168748000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10623-025-01625-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,10]]},"references-count":38,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2025,8]]}},"alternative-id":["1625"],"URL":"https:\/\/doi.org\/10.1007\/s10623-025-01625-9","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,5,10]]},"assertion":[{"value":"14 October 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 March 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 May 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}