{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:35:09Z","timestamp":1767339309665,"version":"3.41.2"},"reference-count":71,"publisher":"International Association for Cryptologic Research","license":[{"start":{"date-parts":[[2024,4,9]],"date-time":"2024-04-09T00:00:00Z","timestamp":1712620800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2024,6,3]]},"abstract":" In this paper, we aim to explore the design of low-latency authenticated encryption schemes particularly for memory encryption, with a focus on the temporal uniqueness property. To achieve this, we present the low-latency Pseudo-Random Function (PRF) called Twinkle with an output up to 1152 bits. Leveraging only one block of Twinkle, we developed Twinkle-AE, a specialized authenticated encryption scheme with six variants covering different cache line sizes and security requirements. We also propose Twinkle-PA, a pointer authentication algorithm, which takes a 64-bit pointer and 64-bit context as input and outputs a tag of 1 to 32 bits.<\/jats:p>\n We conducted thorough security evaluations of both the PRFs and these schemes, examining their robustness against various common attacks. The results of our cryptanalysis indicate that these designs successfully achieve their targeted security objectives.<\/jats:p>\n Hardware implementations using the FreePDK45nm library show that Twinkle-AE achieves an encryption and authentication latency of 3.83 ns for a cache line. In comparison, AES-CTR with WC-MAC scheme and Ascon-128a achieve latencies of 9.78 ns and 27.30 ns, respectively. Moreover, Twinkle-AE is also most area-effective for the 1024-bit cache line. For the pointer authentication scheme Twinkle-PA, the latency is 2.04 ns, while QARMA-64-sigma0 has a latency of 5.57 ns. <\/jats:p>","DOI":"10.62056\/a3n59qgxq","type":"journal-article","created":{"date-parts":[[2024,7,8]],"date-time":"2024-07-08T15:52:04Z","timestamp":1720453924000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":3,"title":["Twinkle: A family of Low-latency Schemes for Authenticated Encryption and Pointer Authentication"],"prefix":"10.62056","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-8895-676X","authenticated-orcid":false,"given":"Jianhua","family":"Wang","sequence":"first","affiliation":[{"name":"Shield Lab, Huawei Technologies Co., Ltd.","place":["China"]}]},{"given":"Tao","family":"Huang","sequence":"additional","affiliation":[{"name":"Shield Lab, Huawei International Pte. Ltd.","place":["Singapore"]}]},{"given":"Shuang","family":"Wu","sequence":"additional","affiliation":[{"name":"Shield Lab, Huawei International Pte. Ltd.","place":["Singapore"]}]},{"given":"Zilong","family":"Liu","sequence":"additional","affiliation":[{"name":"HiSilicon Technologies Co. Ltd.","place":["China"]}]}],"member":"48349","published-online":{"date-parts":[[2024,7,8]]},"reference":[{"author":"The CAESAR committee","key":"ref1:CAESAR","article-title":"CAESAR: competition for authenticated encryption: security,\n applicability, and robustness"},{"key":"ref2:Halderman2009","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1145\/1506409.1506429","article-title":"Lest we remember: cold-boot attacks on encryption keys","volume":"52","author":"J. Alex Halderman","year":"2009","journal-title":"Commun. ACM"},{"key":"ref3:DBLP:journals\/tocs\/BaumannPH15","doi-asserted-by":"publisher","DOI":"10.1145\/2799647","article-title":"Shielding Applications from an Untrusted Cloud with Haven","volume":"33","author":"Andrew Baumann","year":"2015","journal-title":"ACM Trans. Comput. Syst."},{"key":"ref4:Yitbarek2017","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1109\/HPCA.2017.10","article-title":"Cold Boot Attacks are Still Hot: Security Analysis of Memory\n Scramblers in Modern Processors","volume-title":"2017 IEEE International Symposium on High Performance\n Computer Architecture, HPCA 2017, Austin, TX, USA, February 4-8, 2017","author":"Salessawi Ferede Yitbarek","year":"2017"},{"key":"ref5:Won2021","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/ICCAD51958.2021.9643512","article-title":"DeepFreeze: Cold Boot Attacks and High Fidelity Model\n Recovery on Commercial EdgeML Device","volume-title":"IEEE\/ACM International Conference On Computer Aided\n Design, ICCAD 2021, Munich, Germany, November 1-4, 2021","author":"Yoo-Seung Won","year":"2021"},{"article-title":"A Memory Encryption Engine Suitable for General Purpose\n Processors","year":"2016","author":"Shay Gueron","key":"ref6:cryptoeprint:2016\/204"},{"article-title":"Intel Trust Domain Extensions","year":"2020","author":"Intel","key":"ref7:IntelTDX2020"},{"article-title":"Secure Encrypted Virtualization (SEV)","year":"2019","author":"AMD","key":"ref8:AMDSEV"},{"article-title":"Arm CCA Security Model","year":"2021","author":"ARM","key":"ref9:ARMCCA"},{"key":"ref10:Avanzi2022CryptographicPO","doi-asserted-by":"crossref","DOI":"10.1145\/3560810.3565289","article-title":"Cryptographic Protection of Random Access Memory: How\n Inconspicuous can Hardening Against the most Powerful Adversaries be?","author":"Roberto Maria Avanzi","year":"2022","journal-title":"Proceedings of the 2022 on Cloud Computing Security\n Workshop"},{"key":"ref11:DBLP:conf\/sp\/LiWW0TZ22","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1109\/SP46214.2022.9833768","article-title":"A Systematic Look at Ciphertext Side Channels on AMD\n SEV-SNP","volume-title":"43rd IEEE Symposium on Security and Privacy, SP 2022,\n San Francisco, CA, USA, May 22-26, 2022","author":"Mengyuan Li","year":"2022"},{"key":"ref12:DBLP:conf\/uss\/DengLTWYZ23","article-title":"CipherH: Automated Detection of Ciphertext Side-channel\n Vulnerabilities in Cryptographic Implementations","volume-title":"32nd USENIX Security Symposium, USENIX Security 2023,\n Anaheim, CA, USA, August 9-11, 2023","author":"Sen Deng","year":"2023"},{"key":"ref13:DBLP:conf\/micro\/LeMayRDDGNGWSGS21","series-title":"MICRO '21","isbn-type":"print","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1145\/3466752.3480076","article-title":"Cryptographic Capability Computing","volume-title":"MICRO-54: 54th Annual IEEE\/ACM International Symposium on\n Microarchitecture","author":"Michael LeMay","year":"2021","ISBN":"https:\/\/id.crossref.org\/isbn\/9781450385572"},{"key":"ref14:AC:BCGKKK12","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-642-34961-4_14","article-title":"PRINCE - A Low-Latency Block Cipher for Pervasive\n Computing Applications - Extended Abstract","volume-title":"ASIACRYPT\u00a02012","volume":"7658","author":"Julia Borghoff","year":"2012"},{"key":"ref15:DBLP:conf\/sacrypt\/BozilovEKLLMNRT20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1007\/978-3-030-81652-0_19","article-title":"PRINCEv2 - More Security for (Almost) No Overhead","volume-title":"Selected Areas in Cryptography - SAC 2020 - 27th\n International Conference, Halifax, NS, Canada (Virtual Event), October 21-23,\n 2020, Revised Selected Papers","volume":"12804","author":"Dusan Bozilov","year":"2020"},{"key":"ref16:C:BJKLMP16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-662-53008-5_5","article-title":"The SKINNY Family of Block Ciphers and Its Low-Latency\n Variant MANTIS","volume-title":"CRYPTO\u00a02016, Part\u00a0II","volume":"9815","author":"Christof Beierle","year":"2016"},{"key":"ref17:ToSC:Avanzi17","doi-asserted-by":"publisher","first-page":"4","DOI":"10.13154\/tosc.v2017.i1.4-44","article-title":"The QARMA Block Cipher Family","volume":"2017","author":"Roberto Avanzi","year":"2017","journal-title":"IACR Trans. Symm. Cryptol.","ISSN":"https:\/\/id.crossref.org\/issn\/2519-173X","issn-type":"electronic"},{"key":"ref18:DBLP:journals\/iacr\/AvanziBDEGNR23","doi-asserted-by":"publisher","first-page":"25","DOI":"10.46586\/tosc.v2023.i3.25-73","article-title":"The QARMAv2 Family of Tweakable Block Ciphers","volume":"2023","author":"Roberto Avanzi","year":"2023","journal-title":"IACR Transactions on Symmetric Cryptology"},{"article-title":"K-Cipher: A Low Latency, Bit Length Parameterizable Cipher","year":"2020","author":"Michael Kounavis","key":"ref19:Kcipher"},{"key":"ref20:DBLP:conf\/iscc\/MahzounKPA22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/ISCC55528.2022.9912926","article-title":"Differential Cryptanalysis of K-Cipher","volume-title":"IEEE Symposium on Computers and Communications, ISCC\n 2022, Rhodes, Greece, June 30 - July 3, 2022","author":"Mohammad Mahzoun","year":"2022"},{"key":"ref21:TCHES:LMMR21","doi-asserted-by":"publisher","first-page":"510","DOI":"10.46586\/tches.v2021.i4.510-545","article-title":"The SPEEDY Family of Block Ciphers Engineering an Ultra\n Low-Latency Cipher from Gate Level for Secure Processor Architectures","volume":"2021","author":"Gregor Leander","year":"2021","journal-title":"IACR TCHES","ISSN":"https:\/\/id.crossref.org\/issn\/2569-2925","issn-type":"electronic"},{"key":"ref22:ToSC:BILMS21","doi-asserted-by":"publisher","first-page":"37","DOI":"10.46586\/tosc.v2021.i1.37-77","article-title":"Orthros: A Low-Latency PRF","volume":"2021","author":"Subhadeep Banik","year":"2021","journal-title":"IACR Trans. Symm. Cryptol.","ISSN":"https:\/\/id.crossref.org\/issn\/2519-173X","issn-type":"electronic"},{"key":"ref23:Anand_2024","doi-asserted-by":"publisher","first-page":"545","DOI":"10.46586\/tches.v2024.i2.545-587","article-title":"Gleeok: A Family of Low-Latency PRFs and its Applications to\n Authenticated Encryption","volume":"2024","author":"Ravi Anand","year":"2024","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n Systems"},{"key":"ref24:SCARF","isbn-type":"print","first-page":"1937","article-title":"SCARF \u2013 A Low-Latency Block Cipher for\n Secure Cache-Randomization","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Federico Canale","year":"2023","ISBN":"https:\/\/id.crossref.org\/isbn\/9781939133373"},{"key":"ref25:9813718","doi-asserted-by":"publisher","first-page":"2628","DOI":"10.1109\/TIFS.2022.3188146","article-title":"ELM: A Low-Latency and Scalable Memory Encryption Scheme","volume":"17","author":"Akiko Inoue","year":"2022","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"ref26:DBLP:journals\/tches\/BelkheyarDDGR23","doi-asserted-by":"publisher","first-page":"326","DOI":"10.46586\/tches.v2023.i1.326-368","article-title":"BipBip: A Low-Latency Tweakable Block Cipher with Small\n Dimensions","volume":"2023","author":"Yanis Belkheyar","year":"2023","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"article-title":"Low-Latency Crypto: An Emerging Paradigm of Lightweight\n Cryptography","year":"2022","author":"Santosh Ghosh","key":"ref27:intellwc"},{"article-title":"Need for Low-latency Ciphers - A Comparative Study of NIST\n LWC Finalists","year":"2022","author":"Tolga Yalcin","key":"ref28:lwcGoogle"},{"key":"ref29:WEGMAN1981265","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1016\/0022-0000(81)90033-7","article-title":"New hash functions and their use in authentication and set\n equality","volume":"22","author":"Mark N. Wegman","year":"1981","journal-title":"Journal of Computer and System Sciences","ISSN":"https:\/\/id.crossref.org\/issn\/0022-0000","issn-type":"electronic"},{"key":"ref30:EC:Bernstein05","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1007\/11426639_10","article-title":"Stronger Security Bounds for Wegman-Carter-Shoup\n Authenticators","volume-title":"EUROCRYPT\u00a02005","volume":"3494","author":"Daniel J. Bernstein","year":"2005"},{"key":"ref31:C:CogSeu16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-662-53018-4_5","article-title":"EWCDM: An Efficient, Beyond-Birthday Secure, Nonce-Misuse\n Resistant MAC","volume-title":"CRYPTO\u00a02016, Part\u00a0I","volume":"9814","author":"Beno\u00eet Cogliati","year":"2016"},{"key":"ref32:EC:BDPA13","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-642-38348-9_19","article-title":"Keccak","volume-title":"EUROCRYPT\u00a02013","volume":"7881","author":"Guido Bertoni","year":"2013"},{"key":"ref33:JC:DEMS21","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/s00145-021-09398-9","article-title":"Ascon v1.2: Lightweight Authenticated Encryption and\n Hashing","volume":"34","author":"Christoph Dobraunig","year":"2021","journal-title":"Journal of Cryptology"},{"key":"ref34:EC:BelKroRog98","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1007\/BFb0054132","article-title":"Luby-Rackoff Backwards: Increasing Security by Making\n Block Ciphers Non-invertible","volume-title":"EUROCRYPT'98","volume":"1403","author":"Mihir Bellare","year":"1998"},{"key":"ref35:C:HWKS98","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1007\/BFb0055742","article-title":"Building PRFs from PRPs","volume-title":"CRYPTO'98","volume":"1462","author":"Chris Hall","year":"1998"},{"key":"ref36:AC:EveMan91","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/3-540-57332-1_17","article-title":"A Construction of a Cipher From a Single Pseudorandom\n Permutation","volume-title":"ASIACRYPT'91","volume":"739","author":"Shimon Even","year":"1993"},{"key":"ref37:JC:EveMan97","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1007\/s001459900025","article-title":"A Construction of a Cipher from a Single Pseudorandom\n Permutation","volume":"10","author":"Shimon Even","year":"1997","journal-title":"Journal of Cryptology"},{"key":"ref38:C:BDKV21","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/978-3-030-84252-9_12","article-title":"Thinking Outside the Superbox","volume-title":"CRYPTO\u00a02021, Part\u00a0III","volume":"12827","author":"Nicolas Bordes","year":"2021"},{"key":"ref39:Bogdanov_ches","isbn-type":"print","doi-asserted-by":"publisher","first-page":"450","DOI":"10.1007\/978-3-540-74735-2_31","article-title":"PRESENT: An Ultra-Lightweight Block Cipher","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2007","author":"A. Bogdanov","year":"2007","ISBN":"https:\/\/id.crossref.org\/isbn\/9783540747352"},{"article-title":"RECTANGLE: A Bit-slice Lightweight Block Cipher Suitable\n for Multiple Platforms","year":"2014","author":"Wentao Zhang","key":"ref40:EPRINT:ZBLRYV14"},{"key":"ref41:CHES:BPPSST17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-319-66787-4_16","article-title":"GIFT: A Small Present - Towards Reaching the Limit of\n Lightweight Encryption","volume-title":"CHES\u00a02017","volume":"10529","author":"Subhadeep Banik","year":"2017"},{"key":"ref42:Kim2020","doi-asserted-by":"publisher","first-page":"210935","DOI":"10.1109\/ACCESS.2020.3039273","article-title":"Classification of 4-bit S-Boxes for BOGI Permutation","volume":"8","author":"Seonggyeom Kim","year":"2020","journal-title":"IEEE Access"},{"key":"ref43:ToSC:BGLS19","doi-asserted-by":"publisher","first-page":"330","DOI":"10.13154\/tosc.v2019.i1.330-394","article-title":"Peigen \u2013 a Platform for Evaluation, Implementation, and\n Generation of S-boxes","volume":"2019","author":"Zhenzhen Bao","year":"2019","journal-title":"IACR Trans. Symm. Cryptol.","ISSN":"https:\/\/id.crossref.org\/issn\/2519-173X","issn-type":"electronic"},{"key":"ref44:AC:BBISHA15","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-662-48800-3_17","article-title":"Midori: A Block Cipher for Low Energy","volume-title":"ASIACRYPT\u00a02015, Part\u00a0II","volume":"9453","author":"Subhadeep Banik","year":"2015"},{"key":"ref45:Daemen1991","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/3-540-57332-1_46","article-title":"Limitations of the Even-Mansour Construction","volume-title":"Advances in Cryptology - ASIACRYPT '91, International\n Conference on the Theory and Applications of Cryptology, Fujiyoshida, Japan,\n November 11-14, 1991, Proceedings","volume":"739","author":"Joan Daemen","year":"1991"},{"key":"ref46:C:CLLSS14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-662-44371-2_3","article-title":"Minimizing the Two-Round Even-Mansour Cipher","volume-title":"CRYPTO\u00a02014, Part\u00a0I","volume":"8616","author":"Shan Chen","year":"2014"},{"key":"ref47:C:BihSha90","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1007\/3-540-38424-3_1","article-title":"Differential Cryptanalysis of DES-like Cryptosystems","volume-title":"CRYPTO'90","volume":"537","author":"Eli Biham","year":"1991"},{"key":"ref48:Nicky2012Differential","isbn-type":"print","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-642-34704-7_5","article-title":"Differential and Linear Cryptanalysis Using Mixed-Integer\n Linear Programming","volume-title":"Information Security and Cryptology","author":"Nicky Mouha","year":"2012","ISBN":"https:\/\/id.crossref.org\/isbn\/9783642347047"},{"key":"ref49:AC:SHWQMS14","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1007\/978-3-662-45611-8_9","article-title":"Automatic Security Evaluation and (Related-key) Differential\n Characteristic Search: Application to SIMON, PRESENT, LBlock,\n DES(L) and Other Bit-Oriented Block Ciphers","volume-title":"ASIACRYPT\u00a02014, Part\u00a0I","volume":"8873","author":"Siwei Sun","year":"2014"},{"article-title":"Towards Finding Optimal Differential Characteristics for\n ARX: Application to Salsa20","year":"2013","author":"Nicky Mouha","key":"ref50:EPRINT:MouPre13"},{"key":"ref51:ToSC:SunWanWan21a","doi-asserted-by":"publisher","first-page":"269","DOI":"10.46586\/tosc.v2021.i1.269-315","article-title":"Accelerating the Search of Differential and Linear\n Characteristics with the SAT Method","volume":"2021","author":"Ling Sun","year":"2021","journal-title":"IACR Trans. Symm. Cryptol.","ISSN":"https:\/\/id.crossref.org\/issn\/2519-173X","issn-type":"electronic"},{"key":"ref52:FSE12:DaeAss12","isbn-type":"print","doi-asserted-by":"publisher","first-page":"422","DOI":"10.1007\/978-3-642-34047-5_24","article-title":"Differential Propagation Analysis of Keccak","volume-title":"Fast Software Encryption","author":"Joan Daemen","year":"2012","ISBN":"https:\/\/id.crossref.org\/isbn\/9783642340475"},{"key":"ref53:ToSC:MelDaeAss17","doi-asserted-by":"publisher","first-page":"329","DOI":"10.13154\/tosc.v2017.i1.329-357","article-title":"New techniques for trail bounds and application to\n differential trails in Keccak","volume":"2017","author":"Silvia Mella","year":"2017","journal-title":"IACR Trans. Symm. Cryptol.","ISSN":"https:\/\/id.crossref.org\/issn\/2519-173X","issn-type":"electronic"},{"key":"ref54:Mehrdad_Mella_Grassi_Daemen_2022","doi-asserted-by":"publisher","first-page":"253","DOI":"10.46586\/tosc.v2022.i2.253-288","article-title":"Differential Trail Search in Cryptographic Primitives with\n Big-Circle Chi:: Application to Subterranean","volume":"2022","author":"Alireza Mehrdad","year":"2022","journal-title":"IACR Transactions on Symmetric Cryptology"},{"key":"ref55:EC:Todo15","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-662-46800-5_12","article-title":"Structural Evaluation by Generalized Integral Property","volume-title":"EUROCRYPT\u00a02015, Part\u00a0I","volume":"9056","author":"Yosuke Todo","year":"2015"},{"key":"ref56:FSE:TodMor16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1007\/978-3-662-52993-5_18","article-title":"Bit-Based Division Property and Application to Simon\n Family","volume-title":"FSE\u00a02016","volume":"9783","author":"Yosuke Todo","year":"2016"},{"key":"ref57:AC:XZBL16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"648","DOI":"10.1007\/978-3-662-53887-6_24","article-title":"Applying MILP Method to Searching Integral Distinguishers\n Based on Division Property for 6 Lightweight Block Ciphers","volume-title":"ASIACRYPT\u00a02016, Part\u00a0I","volume":"10031","author":"Zejun Xiang","year":"2016"},{"key":"ref58:AC:SunWanWan17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1007\/978-3-319-70694-8_5","article-title":"Automatic Search of Bit-Based Division Property for ARX\n Ciphers and Word-Based Division Property","volume-title":"ASIACRYPT\u00a02017, Part\u00a0I","volume":"10624","author":"Ling Sun","year":"2017"},{"article-title":"CADICAL at the SAT Race 2019","year":"2019","author":"Armin Biere","key":"ref59:Biere2019CADICALAT"},{"key":"ref60:EC:BihBirSha99","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/3-540-48910-X_2","article-title":"Cryptanalysis of Skipjack Reduced to 31 Rounds Using\n Impossible Differentials","volume-title":"EUROCRYPT'99","volume":"1592","author":"Eli Biham","year":"1999"},{"key":"ref61:FSE:Knudsen94","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"196","DOI":"10.1007\/3-540-60590-8_16","article-title":"Truncated and Higher Order Differentials","volume-title":"FSE'94","volume":"1008","author":"Lars R. Knudsen","year":"1995"},{"key":"ref62:EC:Evertse87","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1007\/3-540-39118-5_23","article-title":"Linear Structures in Blockciphers","volume-title":"EUROCRYPT'87","volume":"304","author":"Jan-Hendrik Evertse","year":"1988"},{"key":"ref63:FSE:Lai94","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/3-540-60590-8_6","article-title":"Additive and Linear Structures of Cryptographic Functions","volume-title":"FSE'94","volume":"1008","author":"Xuejia Lai","year":"1995"},{"key":"ref64:Sylvie2001","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1023\/A:1008399109102","article-title":"Characterization of Linear Structures","volume":"22","author":"Sylvie Dubuc","year":"2001","journal-title":"Des. Codes Cryptography"},{"key":"ref65:C:BCLR17","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"647","DOI":"10.1007\/978-3-319-63715-0_22","article-title":"Proving Resistance Against Invariant Attacks: How to Choose\n the Round Constants","volume-title":"CRYPTO\u00a02017, Part\u00a0II","volume":"10402","author":"Christof Beierle","year":"2017"},{"key":"ref66:C:LAAZ11","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-642-22792-9_12","article-title":"A Cryptanalysis of PRINTcipher: The Invariant Subspace\n Attack","volume-title":"CRYPTO\u00a02011","volume":"6841","author":"Gregor Leander","year":"2011"},{"key":"ref67:EC:LeaMinRon15","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-662-46800-5_11","article-title":"A Generic Approach to Invariant Subspace Attacks:\n Cryptanalysis of Robin, iSCREAM and Zorro","volume-title":"EUROCRYPT\u00a02015, Part\u00a0I","volume":"9056","author":"Gregor Leander","year":"2015"},{"key":"ref68:ToSC:GJNQSM16","doi-asserted-by":"publisher","first-page":"33","DOI":"10.13154\/tosc.v2016.i1.33-56","article-title":"Invariant Subspace Attack Against Midori64 and The\n Resistance Criteria for S-box Designs","volume":"2016","author":"Jian Guo","year":"2016","journal-title":"IACR Trans. Symm. Cryptol.","ISSN":"https:\/\/id.crossref.org\/issn\/2519-173X","issn-type":"electronic"},{"key":"ref69:AC:TodLeaSas16","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-53890-6_1","article-title":"Nonlinear Invariant Attack - Practical Attack on Full\n SCREAM, iSCREAM, and Midori64","volume-title":"ASIACRYPT\u00a02016, Part\u00a0II","volume":"10032","author":"Yosuke Todo","year":"2016"},{"key":"ref70:AC:Dutta20","series-title":"LNCS","doi-asserted-by":"publisher","first-page":"601","DOI":"10.1007\/978-3-030-64837-4_20","article-title":"Minimizing the Two-Round Tweakable Even-Mansour Cipher","volume-title":"ASIACRYPT\u00a02020, Part\u00a0I","volume":"12491","author":"Avijit Dutta","year":"2020"},{"key":"ref71:DBLP:conf\/cardis\/DaemenR98a","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1007\/10721064_26","article-title":"The Block Cipher Rijndael","volume-title":"Smart Card Research and Applications, This International\n Conference, CARDIS '98, Louvain-la-Neuve, Belgium, September 14-16, 1998,\n Proceedings","volume":"1820","author":"Joan Daemen","year":"1998"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T21:26:59Z","timestamp":1733866019000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/1\/2\/20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,8]]},"references-count":71,"URL":"https:\/\/doi.org\/10.62056\/a3n59qgxq","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"type":"electronic","value":"3006-5496"}],"subject":[],"published":{"date-parts":[[2024,7,8]]},"assertion":[{"value":"2024-04-09","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-06-03","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc1-2-72"}}