{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T20:41:23Z","timestamp":1767991283561,"version":"3.49.0"},"reference-count":8,"publisher":"Wiley","license":[{"start":{"date-parts":[[2020,1,21]],"date-time":"2020-01-21T00:00:00Z","timestamp":1579564800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key Research and Development Program of China","doi-asserted-by":"crossref","award":["2017YFB0801900"],"award-info":[{"award-number":["2017YFB0801900"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2020,1,21]]},"abstract":"Linear cryptanalysis is an important evaluation method for cryptographic primitives against key recovery attack. In this paper, we revisit the Walsh transformation for linear correlation calculation of modular addition, and an efficient algorithm is proposed to construct the input-output mask space of specified correlation weight. By filtering out the impossible large correlation weights in the first round, the search space of the first round can be substantially reduced. We introduce a concept of combinational linear approximation table (cLAT) for modular addition with two inputs. When one input mask is fixed, another input mask and the output mask can be obtained by the Splitting-Lookup-Recombination<\/jats:italic> approach. We first split the n<\/jats:italic>-bit fixed input mask into several subvectors and then find the corresponding bits of other masks, and in the recombination phase, pruning conditions can be used. By this approach, a large number of search branches in the middle rounds can be pruned. With the combination of the optimization strategies and the branch-and-bound search algorithm, we can improve the search efficiency for linear characteristics on ARX ciphers. The linear hulls for SPECK32\/48\/64 with a higher average linear potential (ALP<\/mml:mtext><\/mml:mrow><\/mml:math>) than existing results have been obtained. For SPARX variants, an 11-round linear trail and a 10-round linear hull have been found for SPARX-64 and a 10-round linear trail and a 9-round linear hull are obtained for SPARX-128. For Chaskey, a 5-round linear trail with a correlation of 2<\/mml:mn><\/mml:mrow>\u2212<\/mml:mo>61<\/mml:mn><\/mml:mrow><\/mml:msup><\/mml:mrow><\/mml:math> has been obtained. For CHAM-64, 34\/35-round optimal linear characteristics with a correlation of 2<\/mml:mn><\/mml:mrow>\u2212<\/mml:mo>31<\/mml:mn><\/mml:mrow><\/mml:msup><\/mml:mrow>\/<\/mml:mo>2<\/mml:mn><\/mml:mrow>\u2212<\/mml:mo>33<\/mml:mn><\/mml:mrow><\/mml:msup><\/mml:mrow><\/mml:mrow><\/mml:mrow><\/mml:math> are found.<\/jats:p>","DOI":"10.1155\/2020\/4898612","type":"journal-article","created":{"date-parts":[[2020,1,21]],"date-time":"2020-01-21T18:31:13Z","timestamp":1579631473000},"page":"1-14","source":"Crossref","is-referenced-by-count":12,"title":["Automatic Search for the Linear (Hull) Characteristics of ARX Ciphers: Applied to SPECK, SPARX, Chaskey, and CHAM-64"],"prefix":"10.1155","volume":"2020","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1856-689X","authenticated-orcid":true,"given":"Mingjiang","family":"Huang","sequence":"first","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"},{"name":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5732-5258","authenticated-orcid":true,"given":"Liming","family":"Wang","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"}]}],"member":"311","reference":[{"key":"1","first-page":"511","volume":"2017","year":"2017","journal-title":"Cryptology ePrint Archive"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1007\/s10623-012-9668-4"},{"issue":"1","key":"20","first-page":"358","volume":"2017","year":"2017","journal-title":"Transactions on Symmetric Cryptology"},{"key":"21","first-page":"576","volume":"2017","year":"2017","journal-title":"Cryptology ePrint Archive"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.13154\/tosc.v2017.i1.329-357"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1016\/j.ipl.2015.11.005"},{"key":"27","first-page":"1182","volume":"2015","year":"2015","journal-title":"IACR Cryptology ePrint Archive"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1145\/321765.321781"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2020\/4898612.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2020\/4898612.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2020\/4898612.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,21]],"date-time":"2020-01-21T18:31:15Z","timestamp":1579631475000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2020\/4898612\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,21]]},"references-count":8,"alternative-id":["4898612","4898612"],"URL":"https:\/\/doi.org\/10.1155\/2020\/4898612","relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"value":"1939-0114","type":"print"},{"value":"1939-0122","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,1,21]]}}}