{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T02:54:42Z","timestamp":1772679282421,"version":"3.50.1"},"reference-count":25,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T00:00:00Z","timestamp":1772668800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T00:00:00Z","timestamp":1772668800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"the National Key R&D Program of China","award":["2024YFB4504900"],"award-info":[{"award-number":["2024YFB4504900"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62422214"],"award-info":[{"award-number":["62422214"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62472421"],"award-info":[{"award-number":["62472421"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172410"],"award-info":[{"award-number":["62172410"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"the National Cryptologic Science Foundation of China","award":["2025NCSF01012"],"award-info":[{"award-number":["2025NCSF01012"]}]},{"name":"the Strategic Priority Research Program of the Chinese Academy of Sciences","award":["XDB0690200"],"award-info":[{"award-number":["XDB0690200"]}]},{"name":"the Youth Innovation Promotion Association of Chinese Academy of Sciences, the International Partnership Program of Chinese Academy of Sciences","award":["205GJHZ2024005FN"],"award-info":[{"award-number":["205GJHZ2024005FN"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>\n                    Integral cryptanalysis is a pivotal technique in symmetric-key cryptography. This paper enhances the integral key-recovery analysis of the Feistel-based cipher Zodiac by introducing a systematic framework for identifying optimal key recovery attack paths. This framework leverages the conversion relationship between zero-correlation linear and integral distinguishers, seamlessly integrating distinguisher construction with key recovery into a coherent process. During the key recovery phase, we apply the partial-sum technique to reduce computational complexity and adaptively adjust the number of distinguisher rounds to optimize performance. We reduce the computational complexity of the full-round attack on Zodiac-192 from\n                    <jats:inline-formula>\n                      <jats:alternatives>\n                        <jats:tex-math>$$2^{190}$$<\/jats:tex-math>\n                        <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n                          <mml:msup>\n                            <mml:mn>2<\/mml:mn>\n                            <mml:mn>190<\/mml:mn>\n                          <\/mml:msup>\n                        <\/mml:math>\n                      <\/jats:alternatives>\n                    <\/jats:inline-formula>\n                    to\n                    <jats:inline-formula>\n                      <jats:alternatives>\n                        <jats:tex-math>$$2^{87}$$<\/jats:tex-math>\n                        <mml:math xmlns:mml=\"http:\/\/www.w3.org\/1998\/Math\/MathML\">\n                          <mml:msup>\n                            <mml:mn>2<\/mml:mn>\n                            <mml:mn>87<\/mml:mn>\n                          <\/mml:msup>\n                        <\/mml:math>\n                      <\/jats:alternatives>\n                    <\/jats:inline-formula>\n                    . Our analysis also identifies two 14-round integral distinguishers: the longest known for Zodiac. Interestingly, we identify that the optimal full-round key recovery is achieved by pairing the partial-sum technique with the 13-round distinguisher, not the longer 14-round one. This result clearly demonstrates that the longest distinguisher does not guarantee the most efficient key recovery attack. Also we performed a non-standard extension (adding one round) on Zodiac, achieving the first 17-round key recovery attack on Zodiac-192.\n                  <\/jats:p>","DOI":"10.1186\/s42400-026-00566-7","type":"journal-article","created":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T02:03:41Z","timestamp":1772676221000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Improved integral cryptanalysis of block cipher Zodiac"],"prefix":"10.1186","volume":"9","author":[{"given":"Yi","family":"Guo","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2809-8647","authenticated-orcid":false,"given":"Danping","family":"Shi","sequence":"additional","affiliation":[]},{"given":"Lei","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Xu","family":"Guo","sequence":"additional","affiliation":[]},{"given":"Zhiru","family":"Chen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,3,5]]},"reference":[{"key":"566_CR1","doi-asserted-by":"publisher","unstructured":"Abdelkhalek A, Sasaki Y, Todo Y, Tolba M, Youssef AM (2017) MILP modeling for (large) S-boxes to optimize probability of differential characteristics. IACR Transactions on Symmetric Cryptology 4:99\u2013129. https:\/\/doi.org\/10.13154\/tosc.v2017.i4.99-129","DOI":"10.13154\/tosc.v2017.i4.99-129"},{"key":"566_CR2","unstructured":"Biham E (1995) On Matsui\u2019s linear cryptanalysis. In: Advances in Cryptology-EUROCRYPT\u201994: Workshop on the Theory and Application of Cryptographic Techniques Perugia, Italy, May 9\u201312, 1994 Proceedings 13, 341\u2013355. Springer"},{"key":"566_CR3","doi-asserted-by":"crossref","unstructured":"Biham E, Biryukov A, Shamir A (1999) Miss in the middle attacks on IDEA and Khufu. In: Fast Software Encryption: 6th International Workshop, FSE\u201999 Rome, Italy, March 24\u201326, 1999 Proceedings 6, 124\u2013138. Springer","DOI":"10.1007\/3-540-48519-8_10"},{"key":"566_CR4","doi-asserted-by":"publisher","unstructured":"Biryukov A, Shamir A (2001) Structural cryptanalysis of SASAS. In: Pfitzmann, B. (ed.) Advances in Cryptology - EUROCRYPT 2001, International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, May 6\u201310, 2001, Proceeding. Lecture Notes in Computer Science, 2045, 394\u2013405. Springer, Berlin, Heidelberg. https:\/\/doi.org\/10.1007\/3-540-44987-6_24","DOI":"10.1007\/3-540-44987-6_24"},{"key":"566_CR5","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/978-3-642-55220-5_10","volume-title":"Advances in Cryptology - EUROCRYPT 2014","author":"C Blondeau","year":"2014","unstructured":"Blondeau C, Nyberg K (2014) Links between truncated differential and multidimensional linear properties of block ciphers and underlying attack complexities. In: Nguyen PQ, Oswald E (eds) Advances in Cryptology - EUROCRYPT 2014. Springer, Berlin, Heidelberg, pp 165\u2013182"},{"key":"566_CR6","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-642-34961-4_16","volume-title":"Advances in Cryptology - ASIACRYPT 2012","author":"A Bogdanov","year":"2012","unstructured":"Bogdanov A, Leander G, Nyberg K, Wang M (2012) Integral and multidimensional linear distinguishers with correlation zero. In: Wang X, Sako K (eds) Advances in Cryptology - ASIACRYPT 2012. Springer, Berlin, Heidelberg, pp 244\u2013261"},{"key":"566_CR7","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/978-3-662-60769-5_7","volume-title":"The design of Rijndael: The Advanced Encryption Standard (AES)","author":"J Daemen","year":"2020","unstructured":"Daemen J, Rijmen V (2020) Correlation matrices. The design of Rijndael: The Advanced Encryption Standard (AES), pp 91\u2013113. https:\/\/doi.org\/10.1007\/978-3-662-60769-5_7"},{"key":"566_CR8","doi-asserted-by":"publisher","unstructured":"Daemen J, Knudsen LR, Rijmen V (1997) The block cipher Square. In: Biham, E. (ed.) Fast Software Encryption, 4th International Workshop, FSE \u201997, Haifa, Israel, January 20\u201322, 1997, Proceedings. Lecture Notes in Computer Science, 1267, 149\u2013165. Springer, Berlin, Heidelberg. https:\/\/doi.org\/10.1007\/BFb0052343","DOI":"10.1007\/BFb0052343"},{"key":"566_CR9","doi-asserted-by":"publisher","first-page":"213","DOI":"10.1007\/3-540-44706-7_15","volume-title":"Fast software encryption","author":"N Ferguson","year":"2001","unstructured":"Ferguson N, Kelsey J, Lucks S, Schneier B, Stay M, Wagner D, Whiting D (2001) Improved cryptanalysis of Rijndael. In: Goos G, Hartmanis J, Leeuwen J, Schneier B (eds) Fast software encryption. Springer, Berlin, Heidelberg, pp 213\u2013230"},{"key":"566_CR11","doi-asserted-by":"publisher","unstructured":"Hadipour H, Sadeghi S, Eichlseder M (2023) Finding the impossible: Automated search for full impossible-differential, zero-correlation, and integral attacks. In: Hazay, C., Stam, M. (eds.) Advances in Cryptology - EUROCRYPT 2023\u201342nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23\u201327, 2023, Proceedings, Part IV. Lecture Notes in Computer Science, 14007, 128\u2013157. Springer, Cham. https:\/\/doi.org\/10.1007\/978-3-031-30634-1_5","DOI":"10.1007\/978-3-031-30634-1_5"},{"key":"566_CR10","doi-asserted-by":"publisher","first-page":"234","DOI":"10.46586\/tosc.v2024.i1.234-325","volume":"1","author":"H Hadipour","year":"2024","unstructured":"Hadipour H, Gerhalter S, Sadeghi S, Eichlseder M (2024) Improved search for integral, impossible differential and zero-correlation attacks: Application to Ascon, ForkSKINNY, SKINNY, MANTIS, PRESENT and QARMAv2. IACR Trans Symmet Cryptol 1:234\u2013325. https:\/\/doi.org\/10.46586\/tosc.v2024.i1.234-325","journal-title":"IACR Trans Symmet Cryptol"},{"key":"566_CR12","doi-asserted-by":"crossref","unstructured":"Hermelin M, Cho JY, Nyberg K (2009) Multidimensional extension of Matsui\u2019s Algorithm 2. In: Fast Software Encryption Workshop. https:\/\/api.semanticscholar.org\/CorpusID:8436738","DOI":"10.1007\/978-3-642-03317-9_13"},{"key":"566_CR13","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1007\/978-3-540-24582-7_6","volume-title":"Progress in Cryptology - INDOCRYPT 2003","author":"J Kim","year":"2003","unstructured":"Kim J, Hong S, Sung J, Lee S, Lim J, Sung S (2003) Impossible differential cryptanalysis for block cipher structures. In: Johansson T, Maitra S (eds) Progress in Cryptology - INDOCRYPT 2003. Springer, Berlin, Heidelberg, pp 82\u201396"},{"key":"566_CR14","doi-asserted-by":"publisher","unstructured":"Knudsen LR, Wagner DA (2002) Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) Fast Software Encryption, 9th International Workshop, FSE 2002, Leuven, Belgium, February 4\u20136, 2002, Revised Papers. Lecture Notes in Computer Science, 2365, 112\u2013127. Springer, Berlin, Heidelberg. https:\/\/doi.org\/10.1007\/3-540-45661-9_9","DOI":"10.1007\/3-540-45661-9_9"},{"key":"566_CR15","doi-asserted-by":"publisher","unstructured":"Lai X (1994). Higher Order Derivatives and Differential Cryptanalysis. 227\u2013233. https:\/\/doi.org\/10.1007\/978-1-4615-2694-0_23","DOI":"10.1007\/978-1-4615-2694-0_23"},{"key":"566_CR16","unstructured":"Lee C, Jun K, Jung M, Park S, Kim J (2013) Zodiac version 1.0 (revised) architeeture and specification. Standardization Workshop on Information Security Technology 2000"},{"key":"566_CR17","doi-asserted-by":"publisher","unstructured":"Lucks S (2001) The saturation attack - A bait for twofish. In: Matsui, M. (ed.) Fast Software Encryption, 8th International Workshop, FSE 2001 Yokohama, Japan, April 2\u20134, 2001, Revised Papers. Lecture Notes in Computer Science, 2355, 1\u201315. Springer, Berlin, Heidelberg. https:\/\/doi.org\/10.1007\/3-540-45473-X_1","DOI":"10.1007\/3-540-45473-X_1"},{"key":"566_CR18","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1016\/j.ins.2013.08.051","volume":"263","author":"Y Luo","year":"2014","unstructured":"Luo Y, Lai X, Wu Z, Gong G (2014) A unified method for finding impossible differentials of block cipher structures. Inf Sci 263:211\u2013220. https:\/\/doi.org\/10.1016\/j.ins.2013.08.051","journal-title":"Inf Sci"},{"key":"566_CR19","doi-asserted-by":"publisher","unstructured":"Ma M, Zhao Y, Liu Q (2017) Integral zero-correlation cryptanalysis on Zodiac. Computer Applications 44(2), 202\u2013205. https:\/\/doi.org\/10.11896\/j.issn.1002-137X.2017.02.032","DOI":"10.11896\/j.issn.1002-137X.2017.02.032"},{"key":"566_CR20","doi-asserted-by":"crossref","unstructured":"Nyberg K (1994) Linear approximation of block ciphers. In: Workshop on the Theory and Application of of Cryptographic Techniques, 439\u2013444. Springer","DOI":"10.1007\/BFb0053460"},{"issue":"11","key":"566_CR21","doi-asserted-by":"publisher","first-page":"2790","DOI":"10.3724\/SP.J.1146.2010.00388","volume":"32","author":"CL Peng Zhang","year":"2010","unstructured":"Peng Zhang CL (2010) Ruilin Li: New square attack on Zodiac. Journal of Electronics & Information Technology 32(11):2790\u20132784","journal-title":"Journal of Electronics & Information Technology"},{"issue":"8","key":"566_CR22","doi-asserted-by":"publisher","first-page":"1911","DOI":"10.3724\/SP.J.1001.2011.03875","volume":"22","author":"B Sun","year":"2011","unstructured":"Sun B, Zhang P, Li C (2011) Impossible differential and integral cryptanalysis of Zodiac. Journal of Software 22(8):1911\u20131917. https:\/\/doi.org\/10.3724\/SP.J.1001.2011.03875","journal-title":"Journal of Software"},{"key":"566_CR23","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-662-47989-6_5","volume-title":"Advances in Cryptology - CRYPTO 2015","author":"B Sun","year":"2015","unstructured":"Sun B, Liu Z, Rijmen V, Li R, Cheng L, Wang Q, Alkhzaimi H, Li C (2015) Links among impossible differential, integral and zero correlation linear cryptanalysis. In: Gennaro R, Robshaw M (eds) Advances in Cryptology - CRYPTO 2015. Springer, Berlin, Heidelberg, pp 95\u2013115"},{"key":"566_CR24","doi-asserted-by":"publisher","unstructured":"Sun S, Gerault D, Lafourcade P, Yang Q, Todo Y, Qiao K, Hu L (2017) Analysis of AES, SKINNY, and others with constraint programming. IACR Transactions on Symmetric Cryptology 1:281\u2013306. https:\/\/doi.org\/10.13154\/tosc.v2017.i1.281-306","DOI":"10.13154\/tosc.v2017.i1.281-306"},{"key":"566_CR25","doi-asserted-by":"publisher","unstructured":"Sun L, Gerault D, Wang W, Wang M (2020) On the usage of deterministic (related-key) truncated differentials and multidimensional linear approximations for SPN ciphers. IACR Transactions on Symmetric Cryptology 3:262\u2013287. https:\/\/doi.org\/10.13154\/tosc.v2020.i3.262-287","DOI":"10.13154\/tosc.v2020.i3.262-287"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00566-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-026-00566-7","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00566-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T02:03:49Z","timestamp":1772676229000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-026-00566-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,5]]},"references-count":25,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["566"],"URL":"https:\/\/doi.org\/10.1186\/s42400-026-00566-7","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,5]]},"assertion":[{"value":"13 November 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 February 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 March 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"131"}}