{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T02:20:12Z","timestamp":1771294812022,"version":"3.50.1"},"reference-count":88,"publisher":"Association for Computing Machinery (ACM)","issue":"POPL","license":[{"start":{"date-parts":[[2024,1,2]],"date-time":"2024-01-02T00:00:00Z","timestamp":1704153600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["2072309, 61872340"],"award-info":[{"award-number":["2072309, 61872340"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"CAS Project for Young Scientists in Basic Research","award":["YSBR-040"],"award-info":[{"award-number":["YSBR-040"]}]},{"name":"ISCAS New Cultivation Project","award":["ISCAS-PYFX-202201"],"award-info":[{"award-number":["ISCAS-PYFX-202201"]}]},{"name":"State Key Laboratory of Novel Software Technology, Nanjing University","award":["KFKT2023A04"],"award-info":[{"award-number":["KFKT2023A04"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2024,1,2]]},"abstract":"\n Differential cryptanalysis is a powerful algorithmic-level attack, playing a central role in evaluating the security of symmetric cryptographic primitives. In general, the resistance against differential cryptanalysis can be characterized by the maximum expected differential characteristic probability. In this paper, we present generic and extensible approaches based on mixed integer linear programming (MILP) to bound such probability. We design a high-level cryptography-specific language\n EasyBc<\/jats:sc>\n tailored for block ciphers and provide various rigorous procedures as differential denotational semantics, to automate the generation of MILP from block ciphers written in\n EasyBc<\/jats:sc>\n . We implement an open-sourced tool that provides support for fully automated resistance evaluation of block ciphers against differential cryptanalysis. The tool is extensively evaluated on 23 real-life cryptographic primitives including all the 10 finalists of the NIST lightweight cryptography standardization process. The experiments confirm the expressivity of\n EasyBc<\/jats:sc>\n and show that the tool can effectively prove the resistance against differential cryptanalysis for all block ciphers under consideration.\n EasyBc<\/jats:sc>\n makes resistance evaluation against differential cryptanalysis easily accessible to cryptographers.\n <\/jats:p>","DOI":"10.1145\/3632871","type":"journal-article","created":{"date-parts":[[2024,1,5]],"date-time":"2024-01-05T20:48:51Z","timestamp":1704487731000},"page":"848-881","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["EasyBC: A Cryptography-Specific Language for Security Analysis of Block Ciphers against Differential Cryptanalysis"],"prefix":"10.1145","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-5840-0246","authenticated-orcid":false,"given":"Pu","family":"Sun","sequence":"first","affiliation":[{"name":"ShanghaiTech University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0581-2679","authenticated-orcid":false,"given":"Fu","family":"Song","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Beijing, China"},{"name":"University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2988-6012","authenticated-orcid":false,"given":"Yuqi","family":"Chen","sequence":"additional","affiliation":[{"name":"ShanghaiTech University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5993-1665","authenticated-orcid":false,"given":"Taolue","family":"Chen","sequence":"additional","affiliation":[{"name":"Birkbeck University of London, London, UK"}]}],"member":"320","published-online":{"date-parts":[[2024,1,5]]},"reference":[{"key":"e_1_3_1_2_1","doi-asserted-by":"publisher","unstructured":"Ahmed Abdelkhalek Yu Sasaki Yosuke Todo Mohamed Tolba and Amr M Youssef. 2017. MILP modeling for (large) s-boxes to optimize probability of differential characteristics. IACR Transactions on Symmetric Cryptology (2017) 99\u2013129. https:\/\/doi.org\/10.13154\/TOSC.V2017.I4.99-12910.13154\/TOSC.V2017.I4.99-129","DOI":"10.13154\/TOSC.V2017.I4.99-129"},{"key":"e_1_3_1_3_1","doi-asserted-by":"publisher","unstructured":"Jos\u00e9 Bacelar Almeida Manuel Barbosa Gilles Barthe Arthur Blot Benjamin Gr\u00e9goire Vincent Laporte Tiago Oliveira Hugo Pacheco Benedikt Schmidt and Pierre-Yves Strub. 2017. Jasmin: High-Assurance and High-Speed Cryptography. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM 1807\u20131823. https:\/\/doi.org\/10.1145\/3133956.313407810.1145\/3133956.3134078","DOI":"10.1145\/3133956.3134078"},{"key":"e_1_3_1_4_1","doi-asserted-by":"publisher","unstructured":"Kazumaro Aoki Kunio Kobayashi and Shiho Moriai. 1997. Best differential characteristic search of FEAL. In Proceedings of the International Workshop on Fast Software Encryption. 41\u201353. https:\/\/doi.org\/10.1007\/BFB005233310.1007\/BFB0052333","DOI":"10.1007\/BFB0052333"},{"key":"e_1_3_1_5_1","doi-asserted-by":"publisher","unstructured":"Jean-Philippe Aumasson Philipp Jovanovic and Samuel Neves. 2014. Analysis of NORX: Investigating Differential and Rotational Properties. In Proceedings of the 3rd International Conference on Cryptology and Information Security in Latin America. 306\u2013324. https:\/\/doi.org\/10.1007\/978-3-319-16295-9_1710.1007\/978-3-319-16295-9_17","DOI":"10.1007\/978-3-319-16295-9_17"},{"key":"e_1_3_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/S10623-022-01074-8"},{"key":"e_1_3_1_7_1","unstructured":"Subhadeep Banik Avik Chakraborti Tetsu Iwata Kazuhiko Minematsu Mridul Nandi Thomas Peyrin Yu Sasaki Siang Meng Sim and Yosuke Todo. 2020. GIFT-COFB. IACR Cryptol. ePrint Arch. (2020) 738."},{"key":"e_1_3_1_8_1","doi-asserted-by":"publisher","unstructured":"Subhadeep Banik Sumit Kumar Pandey Thomas Peyrin Yu Sasaki Siang Meng Sim and Yosuke Todo. 2017. GIFT: A Small Present - Towards Reaching the Limit of Lightweight Encryption. In Proceedings of the 19th International Conference on Cryptographic Hardware and Embedded Systems. 321\u2013345. https:\/\/doi.org\/10.1007\/978-3-319-66787-4_1610.1007\/978-3-319-66787-4_16","DOI":"10.1007\/978-3-319-66787-4_16"},{"key":"e_1_3_1_9_1","unstructured":"Zhenzhen Bao Avik Chakraborti Nilanjan Datta Jian Guo Mridul Nandi Thomas Peyrin and Kan Yasuda. 2019. PHOTON-beetle authenticated encryption and hash family. NIST Lightweight Compet. Round (2019) 115."},{"key":"e_1_3_1_10_1","doi-asserted-by":"publisher","unstructured":"Zhenzhen Bao Wentao Zhang and Dongdai Lin. 2014. Speeding up the search algorithm for the best differential and best linear trails. In Proceedings of the International Conference on Information Security and Cryptology. 259\u2013285. https:\/\/doi.org\/10.1007\/978-3-319-16745-9_1510.1007\/978-3-319-16745-9_15","DOI":"10.1007\/978-3-319-16745-9_15"},{"key":"e_1_3_1_11_1","doi-asserted-by":"publisher","unstructured":"Ray Beaulieu Douglas Shors Jason Smith Stefan Treatman-Clark Bryan Weeks and Louis Wingers. 2015. The SIMON and SPECK lightweight block ciphers. In Proceedings of the 52nd Annual Design Automation Conference. 175:1\u2013175:6. https:\/\/doi.org\/10.1145\/2744769.274794610.1145\/2744769.2747946","DOI":"10.1145\/2744769.2747946"},{"key":"e_1_3_1_12_1","doi-asserted-by":"publisher","unstructured":"Christof Beierle Alex Biryukov Luan Cardoso dos Santos Johann Gro\u00dfsch\u00e4dl L\u00e9o Perrin Aleksei Udovenko Vesselin Velichkov and Qingju Wang. 2020. Alzette: A 64-Bit ARX-box - (Feat. CRAX and TRAX). In Proceedings of 40th Annual InternationalCryptology Conference. 419\u2013448. https:\/\/doi.org\/10.1007\/978-3-030-56877-1_1510.1007\/978-3-030-56877-1_15","DOI":"10.1007\/978-3-030-56877-1_15"},{"key":"e_1_3_1_13_1","doi-asserted-by":"crossref","unstructured":"Christof Beierle Alex Biryukov Luan Cardoso dos Santos Johann Gro\u00dfsch\u00e4dl L\u00e9o Perrin Aleksei Udovenko Vesselin Velichkov Qingju Wang and Alex Biryukov. 2019. Schwaemm and Esch: lightweight authenticated encryption and hashing using the sparkle permutation family. NIST round 2 (2019).","DOI":"10.46586\/tosc.v2020.iS1.208-261"},{"key":"e_1_3_1_14_1","doi-asserted-by":"publisher","unstructured":"Christof Beierle J\u00e9r\u00e9my Jean Stefan K\u00f6lbl Gregor Leander Amir Moradi Thomas Peyrin Yu Sasaki Pascal Sasdrich and Siang Meng Sim. 2016. The SKINNY family of block ciphers and its low-latency variant MANTIS. In Proceedings of the Annual International Cryptology Conference. 123\u2013153. https:\/\/doi.org\/10.1007\/978-3-662-53008-5_510.1007\/978-3-662-53008-5_5","DOI":"10.1007\/978-3-662-53008-5_5"},{"key":"e_1_3_1_15_1","doi-asserted-by":"publisher","unstructured":"Tim Beyne Yu Long Chen Christoph Dobraunig and Bart Mennink. 2020. Dumbo Jumbo and Delirium: Parallel Authenticated Encryption for the Lightweight Circus. IACR Trans. Symmetric Cryptol. (2020) 5\u201330. https:\/\/doi.org\/10.13154\/TOSC.V2020.IS1.5-3010.13154\/TOSC.V2020.IS1.5-30","DOI":"10.13154\/TOSC.V2020.IS1.5-30"},{"key":"e_1_3_1_16_1","doi-asserted-by":"publisher","unstructured":"Eli Biham and Adi Shamir. 1990. Differential Cryptanalysis of DES-like Cryptosystems. In Proceedings of the 10th Annual International Cryptology Conference. 2\u201321. https:\/\/doi.org\/10.1007\/3-540-38424-3_110.1007\/3-540-38424-3_1","DOI":"10.1007\/3-540-38424-3_1"},{"key":"e_1_3_1_17_1","doi-asserted-by":"publisher","unstructured":"Alex Biryukov and Christophe De Canni\u00e8re. 2011. Linear cryptanalysis for block ciphers. Encyclopedia of cryptography and security (2011) 722\u2013725. https:\/\/doi.org\/10.1007\/978-1-4419-5906-5_58910.1007\/978-1-4419-5906-5_589","DOI":"10.1007\/978-1-4419-5906-5_589"},{"key":"e_1_3_1_18_1","doi-asserted-by":"publisher","unstructured":"Alex Biryukov and Ivica Nikoli\u0107. 2010. Automatic search for related-key differential characteristics in byte-oriented block ciphers: Application to AES Camellia Khazad and others. In Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques. 322\u2013344. https:\/\/doi.org\/10.1007\/978-3-642-13190-5_1710.1007\/978-3-642-13190-5_17","DOI":"10.1007\/978-3-642-13190-5_17"},{"key":"e_1_3_1_19_1","doi-asserted-by":"publisher","unstructured":"Nikolaj S. Bj\u00f8rner and Anh-Dung Phan. 2014. vZ - Maximal Satisfaction with Z3. In Proceedings of the 6th International Symposium on Symbolic Computation in Software Science. 1\u20139. https:\/\/doi.org\/10.29007\/JMXJ10.29007\/JMXJ","DOI":"10.29007\/JMXJ"},{"key":"e_1_3_1_20_1","doi-asserted-by":"publisher","unstructured":"Nikolaj S. Bj\u00f8rner Anh-Dung Phan and Lars Fleckenstein. 2015. vZ - An Optimizing SMT Solver. In Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems. 194\u2013199. https:\/\/doi.org\/10.1007\/978-3-662-46681-0_1410.1007\/978-3-662-46681-0_14","DOI":"10.1007\/978-3-662-46681-0_14"},{"key":"e_1_3_1_21_1","volume-title":"Analysis and design of block cipher constructions.","author":"Bogdanov Andrey","year":"2010","unstructured":"Andrey Bogdanov. 2010. Analysis and design of block cipher constructions. Ph. D. Dissertation. Ruhr University Bochum."},{"key":"e_1_3_1_22_1","doi-asserted-by":"publisher","unstructured":"Andrey Bogdanov Lars R Knudsen Gregor Leander Christof Paar Axel Poschmann Matthew JB Robshaw Yannick Seurin and Charlotte Vikkelsoe. 2007. PRESENT: An ultra-lightweight block cipher. In Proceedings of the International workshop on cryptographic hardware and embedded systems. 450\u2013466. https:\/\/doi.org\/10.1007\/978-3-540-74735-2_3110.1007\/978-3-540-74735-2_31","DOI":"10.1007\/978-3-540-74735-2_31"},{"key":"e_1_3_1_23_1","first-page":"917","volume-title":"In Proceedings of the 26th USENIX Security Symposium,","author":"Bond Barry","year":"2017","unstructured":"Barry Bond, Chris Hawblitzel, Manos Kapritsos, K. Rustan M. Leino, Jacob R. Lorch, Bryan Parno, Ashay Rane, Srinath T. V. Setty, and Laure Thompson. 2017. Vale: Verifying High-Performance Cryptographic Assembly Code. In Proceedings of the 26th USENIX Security Symposium, Engin Kirda and Thomas Ristenpart (Eds.). 917\u2013934."},{"key":"e_1_3_1_24_1","doi-asserted-by":"publisher","unstructured":"Christina Boura and Daniel Coggia. 2020. Efficient MILP modelings for Sboxes and linear layers of SPN ciphers. IACR Transactions on Symmetric Cryptology (2020) 327\u2013361. https:\/\/doi.org\/10.13154\/TOSC.V2020.I3.327-36110.13154\/TOSC.V2020.I3.327-361","DOI":"10.13154\/TOSC.V2020.I3.327-361"},{"key":"e_1_3_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2527269.2527277"},{"key":"e_1_3_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314605"},{"key":"e_1_3_1_27_1","unstructured":"Zhan Chen Ning Wang and Xiaoyun Wang. 2015. Impossible Differential Cryptanalysis of Reduced Round SIMON. IACR Cryptol. ePrint Arch. (2015) 286."},{"key":"e_1_3_1_28_1","unstructured":"Tingting Cui Keting Jia Kai Fu Shiyao Chen and Meiqin Wang. 2016. New Automatic Search Tool for Impossible Differentials and Zero-Correlation Linear Approximations. IACR Cryptol. ePrint Arch. (2016) 689."},{"key":"e_1_3_1_29_1","doi-asserted-by":"publisher","unstructured":"Joan Daemen Seth Hoffert Micha\u00ebl Peeters Gilles Van Assche and Ronny Van Keer. 2020. Xoodyak a lightweight cryptographic scheme. IACR Trans. Symmetric Cryptol. (2020) 60\u201387. https:\/\/doi.org\/10.13154\/TOSC.V2020.IS1.60-8710.13154\/TOSC.V2020.IS1.60-87","DOI":"10.13154\/TOSC.V2020.IS1.60-87"},{"key":"e_1_3_1_30_1","unstructured":"Joan Daemen and Vincent Rijmen. 1999. AES proposal: Rijndael. (1999)."},{"key":"e_1_3_1_31_1","doi-asserted-by":"publisher","unstructured":"Albert Danial. 2021. cloc: v1.92. https:\/\/doi.org\/10.5281\/zenodo.576007710.5281\/zenodo.5760077","DOI":"10.5281\/zenodo.5760077"},{"key":"e_1_3_1_32_1","doi-asserted-by":"publisher","unstructured":"Christoph Dobraunig Maria Eichlseder Stefan Mangard Florian Mendel Bart Mennink Robert Primas and Thomas Unterluggauer. 2020. ISAP v2.0. IACR Trans. Symmetric Cryptol. (2020) 390\u2013416. https:\/\/doi.org\/10.13154\/TOSC.V2020.IS1.390-41610.13154\/TOSC.V2020.IS1.390-416","DOI":"10.13154\/TOSC.V2020.IS1.390-416"},{"key":"e_1_3_1_33_1","unstructured":"Christoph Dobraunig Maria Eichlseder Florian Mendel and Martin Schl\u00e4ffer. 2016. ASCON v1. 2. Submission to the CAESAR Competition (2016)."},{"key":"e_1_3_1_34_1","first-page":"12","article-title":"Data Encryption Standard (DES)","volume":"24","author":"Fox Dirk","year":"2000","unstructured":"Dirk Fox. 2000. Data Encryption Standard (DES). Datenschutz und Datensicherheit 24, 12 (2000).","journal-title":"Datenschutz und Datensicherheit"},{"key":"e_1_3_1_35_1","doi-asserted-by":"publisher","unstructured":"Kai Fu Meiqin Wang Yinghua Guo Siwei Sun and Lei Hu. 2016. MILP-based automatic search algorithms for differential and linear trails for speck. In Proceedings of the International Conference on Fast Software Encryption. 268\u2013288. https:\/\/doi.org\/10.1007\/978-3-662-52993-5_1410.1007\/978-3-662-52993-5_14","DOI":"10.1007\/978-3-662-52993-5_14"},{"key":"e_1_3_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3428015"},{"key":"e_1_3_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3008852"},{"key":"e_1_3_1_38_1","doi-asserted-by":"publisher","unstructured":"Zheng Gong Svetla Nikova and Yee Wei Law. 2011. KLEIN: a new family of lightweight block ciphers. In Proceedings of the International Workshop on Radio Frequency Identification: Security and Privacy Issues. 1\u201318. https:\/\/doi.org\/10.1007\/978-3-642-25286-0_110.1007\/978-3-642-25286-0_1","DOI":"10.1007\/978-3-642-25286-0_1"},{"key":"e_1_3_1_39_1","unstructured":"LLC Gurobi Optimization. 2018. Gurobi optimizer reference manual."},{"key":"e_1_3_1_40_1","doi-asserted-by":"publisher","unstructured":"Martin Hell Thomas Johansson Alexander Maximov Willi Meier and Hirotaka Yoshida. 2021. Grain-128AEADv2: Strengthening the Initialization Against Key Reconstruction. In Proceedings of the 20th International Conference on Cryptology and Network Security. 24\u201341. https:\/\/doi.org\/10.1007\/978-3-030-92548-2_210.1007\/978-3-030-92548-2_2","DOI":"10.1007\/978-3-030-92548-2_2"},{"key":"e_1_3_1_41_1","doi-asserted-by":"publisher","unstructured":"Howard M Heys. 2002. A tutorial on linear and differential cryptanalysis. Cryptologia (2002) 189\u2013221. https:\/\/doi.org\/10.1080\/0161-11029189088510.1080\/0161-110291890885","DOI":"10.1080\/0161-110291890885"},{"key":"e_1_3_1_42_1","doi-asserted-by":"publisher","unstructured":"Howard M. Heys and Stafford E. Tavares. 1996. Substitution-Permutation Networks Resistant to Differential and Linear Cryptanalysis. J. Cryptol. (1996) 1\u201319. https:\/\/doi.org\/10.1007\/BF0225478910.1007\/BF02254789","DOI":"10.1007\/BF02254789"},{"key":"e_1_3_1_43_1","doi-asserted-by":"publisher","unstructured":"Murat Burhan Ilter and Ali Aydin Sel\u00e7uk. 2021. A New MILP Model for Matrix Multiplications with Applications to KLEIN and PRINCE. In Proceedings of the 18th International Conference on Security and Cryptography. 420\u2013427. https:\/\/doi.org\/10.5220\/001051950420042710.5220\/0010519504200427","DOI":"10.5220\/0010519504200427"},{"key":"e_1_3_1_44_1","doi-asserted-by":"publisher","unstructured":"Tetsu Iwata Mustafa Khairallah Kazuhiko Minematsu and Thomas Peyrin. 2020. Duel of the Titans: The Romulus and Remus Families of Lightweight AEAD Algorithms. IACR Trans. Symmetric Cryptol. (2020) 43\u2013120. https:\/\/doi.org\/10.13154\/TOSC.V2020.I1.43-12010.13154\/TOSC.V2020.I1.43-120","DOI":"10.13154\/TOSC.V2020.I1.43-120"},{"key":"e_1_3_1_45_1","doi-asserted-by":"publisher","unstructured":"Maryam Izadi Babak Sadeghiyan Seyed Saeed Sadeghian and Hossein Arabnezhad Khanooki. 2009. MIBS: A New Lightweight Block Cipher. In Proceedings of the 8th International Conference on Cryptology and Network Security. 334\u2013348. https:\/\/doi.org\/10.1007\/978-3-642-10433-6_2210.1007\/978-3-642-10433-6_22","DOI":"10.1007\/978-3-642-10433-6_22"},{"key":"e_1_3_1_46_1","doi-asserted-by":"publisher","DOI":"10.1093\/COMJNL\/BXAA090"},{"key":"e_1_3_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.1979.1675242"},{"key":"e_1_3_1_48_1","doi-asserted-by":"publisher","DOI":"10.1201\/b17668"},{"key":"e_1_3_1_49_1","doi-asserted-by":"publisher","unstructured":"Jongsung Kim Seokhie Hong Jaechul Sung Sangjin Lee Jongin Lim and Soohak Sung. 2003. Impossible differential cryptanalysis for block cipher structures. In Proceedings of the International Conference on Cryptology in India. 82\u201396. https:\/\/doi.org\/10.1007\/978-3-540-24582-7_610.1007\/978-3-540-24582-7_6","DOI":"10.1007\/978-3-540-24582-7_6"},{"key":"e_1_3_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-49248-8_2"},{"key":"e_1_3_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-47989-6_8"},{"key":"e_1_3_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-46416-6_2"},{"key":"e_1_3_1_53_1","unstructured":"Lingchen Li Wenling Wu Yafei Zheng and Lei Zhang. 2019. The Relationship between the Construction and Solution of the MILP Models and Applications. IACR Cryptol. ePrint Arch. (2019) 49."},{"key":"e_1_3_1_54_1","doi-asserted-by":"publisher","DOI":"10.46586\/TOSC.V2022.I3.341-367"},{"key":"e_1_3_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-37709-9_13"},{"key":"e_1_3_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/S11432-018-9772-0"},{"key":"e_1_3_1_57_1","doi-asserted-by":"publisher","unstructured":"Zhengbin Liu Yongqiang Li and Mingsheng Wang. 2017. Optimal Differential Trails in SIMON-like Ciphers. IACR Trans. Symmetric Cryptol. 2017 (2017) 358\u2013379. https:\/\/doi.org\/10.13154\/TOSC.V2017.I1.358-37910.13154\/TOSC.V2017.I1.358-379","DOI":"10.13154\/TOSC.V2017.I1.358-379"},{"key":"e_1_3_1_58_1","doi-asserted-by":"publisher","unstructured":"Mohammad Mahzoun Liliya Kraleva Raluca Posteuca and Tomer Ashur. 2022. Differential Cryptanalysis of K-Cipher. In IEEE Symposium on Computers and Communications. 1\u20137. https:\/\/doi.org\/10.1109\/ISCC55528.2022.991292610.1109\/ISCC55528.2022.9912926","DOI":"10.1109\/ISCC55528.2022.9912926"},{"key":"e_1_3_1_59_1","doi-asserted-by":"publisher","unstructured":"Rusydi H Makarim and Raghvendra Rohit. 2022. Towards Tight Differential Bounds of ASCON: A Hybrid Usage of SMT and MILP. IACR Transactions on Symmetric Cryptology (2022) 303\u2013340. https:\/\/doi.org\/10.46586\/TOSC.V2022.I3.303-34010.46586\/TOSC.V2022.I3.303-340","DOI":"10.46586\/TOSC.V2022.I3.303-340"},{"key":"e_1_3_1_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFB0053451"},{"key":"e_1_3_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314636"},{"key":"e_1_3_1_62_1","unstructured":"Nicky Mouha and Bart Preneel. 2013. Towards finding optimal differential characteristics for ARX: Application to Salsa20. Cryptology ePrint Archive (2013)."},{"key":"e_1_3_1_63_1","doi-asserted-by":"publisher","unstructured":"Nicky Mouha Qingju Wang Dawu Gu and Bart Preneel. 2011. Differential and linear cryptanalysis using mixed-integer linear programming. In Proceedings of the International Conference on Information Security and Cryptology. 57\u201376. https:\/\/doi.org\/10.1007\/978-3-642-34704-7_510.1007\/978-3-642-34704-7_5","DOI":"10.1007\/978-3-642-34704-7_5"},{"key":"e_1_3_1_64_1","first-page":"1","article-title":"A SLOC counting standard","volume":"2007","author":"Nguyen Vu","year":"2007","unstructured":"Vu Nguyen, Sophia Deeds-Rubin, Thomas Tan, and Barry Boehm. 2007. A SLOC counting standard. In Cocomo ii forum, Vol. 2007. 1\u201316.","journal-title":"Cocomo ii forum,"},{"key":"e_1_3_1_65_1","unstructured":"NIST. 2023. Finalists of NIST lightweight cryptography standardization process. https:\/\/csrc.nist.gov\/Projects\/lightweightcryptography\/finalists."},{"key":"e_1_3_1_66_1","doi-asserted-by":"crossref","unstructured":"Kaisa Nyberg. 1996. Generalized feistel networks. In Proceedings of the International conference on the theory and application of cryptology and information security. 91\u2013104.","DOI":"10.1007\/BFb0034838"},{"key":"e_1_3_1_67_1","doi-asserted-by":"publisher","unstructured":"Yu Sasaki and Yosuke Todo. 2017. New algorithm for modeling S-box in MILP based differential and division trail search. In Proceedings of the International Conference for Information Technology and Communications. 150\u2013165. https:\/\/doi.org\/10.1007\/978-3-319-69284-5_1110.1007\/978-3-319-69284-5_11","DOI":"10.1007\/978-3-319-69284-5_11"},{"key":"e_1_3_1_68_1","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1949.tb00928.x"},{"key":"e_1_3_1_69_1","doi-asserted-by":"publisher","unstructured":"Kyoji Shibutani Takanori Isobe Harunaga Hiwatari Atsushi Mitsuda Toru Akishita and Taizo Shirai. 2011. Piccolo: an ultra-lightweight blockcipher. In Proceedings of the International workshop on cryptographic hardware and embedded systems. 342\u2013357. https:\/\/doi.org\/10.1007\/978-3-642-23951-9_2310.1007\/978-3-642-23951-9_23","DOI":"10.1007\/978-3-642-23951-9_23"},{"key":"e_1_3_1_70_1","doi-asserted-by":"publisher","unstructured":"Ling Song Zhangjie Huang and Qianqian Yang. 2016. Automatic Differential Analysis of ARX Block Ciphers with Application to SPECK and LEA. In Proceedings of the 21st Australasian Conference on Information Security and Privacy. 379\u2013394. https:\/\/doi.org\/10.1007\/978-3-319-40367-0_2410.1007\/978-3-319-40367-0_24","DOI":"10.1007\/978-3-319-40367-0_24"},{"key":"e_1_3_1_71_1","doi-asserted-by":"publisher","DOI":"10.13154\/TOSC.V2018.I3.93-123"},{"key":"e_1_3_1_72_1","doi-asserted-by":"publisher","DOI":"10.46586\/TOSC.V2021.I1.269-315"},{"key":"e_1_3_1_73_1","doi-asserted-by":"crossref","unstructured":"Pu Sun Fu Song Yuqi Chen and Taolue Chen. 2023. EasyBC: A Cryptography-Specific Language for Security Analysis of Block Ciphers against Differential Cryptanalysis (Full version). Technical Report. https:\/\/github.com\/S3L-official\/EasyBC.","DOI":"10.1145\/3632871"},{"key":"e_1_3_1_74_1","doi-asserted-by":"publisher","unstructured":"Siwei Sun Lei Hu Ling Song Yonghong Xie and Peng Wang. 2013. Automatic security evaluation of block ciphers with S-bP structures against related-key differential attacks. In Proceedings of the International Conference on Information Security and Cryptology. 39\u201351. https:\/\/doi.org\/10.1007\/978-3-319-12087-4_310.1007\/978-3-319-12087-4_3","DOI":"10.1007\/978-3-319-12087-4_3"},{"key":"e_1_3_1_75_1","unstructured":"Siwei Sun Lei Hu Meiqin Wang Peng Wang Kexin Qiao Xiaoshuang Ma Danping Shi Ling Song and Kai Fu. 2014b. Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties. Cryptology ePrint Archive (2014)."},{"key":"e_1_3_1_76_1","doi-asserted-by":"publisher","unstructured":"Siwei Sun Lei Hu Peng Wang Kexin Qiao Xiaoshuang Ma and Ling Song. 2014a. Automatic security evaluation and (related-key) differential characteristic search: application to SIMON PRESENT LBlock DES(L) and other bit-oriented block ciphers. In Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security. 158\u2013178. https:\/\/doi.org\/10.1007\/978-3-662-45611-8_910.1007\/978-3-662-45611-8_9","DOI":"10.1007\/978-3-662-45611-8_9"},{"key":"e_1_3_1_77_1","unstructured":"Yao Sun. 2021. Towards the Least Inequalities for Describing a Subset in Z2n. IACR Cryptol. ePrint Arch. (2021) 1084."},{"key":"e_1_3_1_78_1","doi-asserted-by":"publisher","unstructured":"Tomoyasu Suzaki Kazuhiko Minematsu Sumio Morioka and Eita Kobayashi. 2012. TWINE: A Lightweight Block Cipher for Multiple Platforms. In Proceedings of the International Conference on Selected Areas in Cryptography. 339\u2013354. https:\/\/doi.org\/10.1007\/978-3-642-35999-6_2210.1007\/978-3-642-35999-6_22","DOI":"10.1007\/978-3-642-35999-6_22"},{"key":"e_1_3_1_79_1","doi-asserted-by":"publisher","DOI":"10.1016\/J.JISA.2022.103316"},{"key":"e_1_3_1_80_1","unstructured":"Aleksei Udovenko. 2021. MILP modeling of Boolean functions by minimum number of inequalities. Cryptology ePrint Archive (2021)."},{"key":"e_1_3_1_81_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99136-8_7"},{"key":"e_1_3_1_82_1","unstructured":"Hongjun Wu and Tao Huang. 2019. TinyJAMBU: A family of lightweight authenticated encryption algorithms. Submission to the NIST Lightweight Cryptography Standardization Process (2019)."},{"key":"e_1_3_1_83_1","doi-asserted-by":"crossref","unstructured":"Shengbao Wu and Mingsheng Wang. 2012. Automatic search of truncated impossible differentials for word-oriented block ciphers. In Proceedings of the International Conference on Cryptology in India. 283\u2013302.","DOI":"10.1007\/978-3-642-34931-7_17"},{"key":"e_1_3_1_84_1","doi-asserted-by":"publisher","unstructured":"Wenling Wu and Lei Zhang. 2011. LBlock: a lightweight block cipher. In Proceedings of the International conference on applied cryptography and network security. 327\u2013344. https:\/\/doi.org\/10.1007\/978-3-642-21554-4_1910.1007\/978-3-642-21554-4_19","DOI":"10.1007\/978-3-642-21554-4_19"},{"key":"e_1_3_1_85_1","doi-asserted-by":"publisher","unstructured":"Jun Yin Chuyan Ma Lijun Lyu Jian Song Guang Zeng Chuangui Ma and Fushan Wei. 2017. Improved cryptanalysis of an ISO standard lightweight block cipher with refined MILP modelling. In Proceedings of the International Conference on Information Security and Cryptology. 404\u2013426. https:\/\/doi.org\/10.1007\/978-3-319-75160-3_2410.1007\/978-3-319-75160-3_24","DOI":"10.1007\/978-3-319-75160-3_24"},{"key":"e_1_3_1_86_1","doi-asserted-by":"publisher","unstructured":"Pei Zhang and Wenying Zhang. 2018. Differential cryptanalysis on block cipher skinny with MILP program. Security and Communication Networks 2018 (2018). https:\/\/doi.org\/10.1155\/2018\/378040710.1155\/2018\/3780407","DOI":"10.1155\/2018\/3780407"},{"key":"e_1_3_1_87_1","doi-asserted-by":"publisher","DOI":"10.1007\/S11432-015-5459-7"},{"key":"e_1_3_1_88_1","doi-asserted-by":"publisher","unstructured":"Yingjie Zhang Siwei Sun Jiahao Cai and Lei Hu. 2018. Speeding up MILP aided differential characteristic search with Matsui\u2019s strategy. In Proceedings of the International Conference on Information Security. 101\u2013115. https:\/\/doi.org\/10.1007\/978-3-319-99136-8_610.1007\/978-3-319-99136-8_6","DOI":"10.1007\/978-3-319-99136-8_6"},{"key":"e_1_3_1_89_1","doi-asserted-by":"publisher","unstructured":"Chunning Zhou Wentao Zhang Tianyou Ding and Zejun Xiang. 2019. Improving the MILP-based security evaluation algorithm against differential\/linear cryptanalysis using a divide-and-conquer approach. IACR Transactions on Symmetric Cryptology (2019) 438\u2013469. https:\/\/doi.org\/10.13154\/TOSC.V2019.I4.438-46910.13154\/TOSC.V2019.I4.438-469","DOI":"10.13154\/TOSC.V2019.I4.438-469"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3632871","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3632871","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,4]],"date-time":"2025-07-04T20:07:49Z","timestamp":1751659669000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3632871"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,2]]},"references-count":88,"journal-issue":{"issue":"POPL","published-print":{"date-parts":[[2024,1,2]]}},"alternative-id":["10.1145\/3632871"],"URL":"https:\/\/doi.org\/10.1145\/3632871","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1,2]]},"assertion":[{"value":"2024-01-05","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}