{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T04:09:40Z","timestamp":1767931780583,"version":"3.49.0"},"reference-count":99,"publisher":"International Association for Cryptologic Research","issue":"4","license":[{"start":{"date-parts":[[2025,10,8]],"date-time":"2025-10-08T00:00:00Z","timestamp":1759881600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IACR CiC"],"accepted":{"date-parts":[[2025,12,2]]},"abstract":"<jats:p>We propose a lightweight block cipher named BAKSHEESH, which draws inspiration from GIFT (CHES'17). BAKSHEESH runs for 35 rounds, which is 12.5 per cent fewer rounds compared to GIFT-128 whilst maintaining the same security claims against classical attacks. However, we also present an alternate (but equivalent) angle of BAKSHEESH that follows the heritage of ZORRO (CHES'13).<\/jats:p>\n                  <jats:p>In the GIFT heritage version, BAKSHEESH uses a 4-bit SBox that has a non-trivial Linear Structure (LS). In the alternate ZORRO heritage specification, it employs a 3-bit SBox and realises a partial non-linear layer.<\/jats:p>\n                  <jats:p>BAKSHEESH is suitable for efficient hardware and software implementations, and also offers an edge on side channel countermeasures and other niche applications. For instance, our study on the threshold implementation shows that BAKSHEESH offers a few-fold advantage over other lightweight ciphers.<\/jats:p>\n                  <jats:p>We therefore create a new paradigm of lightweight ciphers through adequate deliberation on the design choice and solidify it with appropriate security analysis and ample implementation\/benchmark.<\/jats:p>","DOI":"10.62056\/ae890lmol","type":"journal-article","created":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T23:39:47Z","timestamp":1767915587000},"update-policy":"https:\/\/doi.org\/10.62056\/adfjwm02dj","source":"Crossref","is-referenced-by-count":0,"title":["BAKSHEESH: Similar Yet Different From GIFT (and ZORRO)"],"prefix":"10.62056","volume":"2","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5639-7372","authenticated-orcid":false,"given":"Anubhab","family":"Baksi","sequence":"first","affiliation":[{"id":[{"id":"https:\/\/ror.org\/012a77v79","id-type":"ROR","asserted-by":"publisher"}],"name":"Lund University","place":["Lund, Sweden"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7844-5267","authenticated-orcid":false,"given":"Jakub","family":"Breier","sequence":"additional","affiliation":[{"name":"TTControl GmbH","place":["Vienna, Austria"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8818-6983","authenticated-orcid":false,"given":"Anupam","family":"Chattopadhyay","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02e7b5302","id-type":"ROR","asserted-by":"publisher"}],"name":"Nanyang Technological University","place":["Singapore, Singapore"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8282-7180","authenticated-orcid":false,"given":"Tom\u00e1\u0161","family":"Gerlich","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/046akcc76","id-type":"ROR","asserted-by":"publisher"}],"name":"Brno University of Technology","place":["Brno, Czechia"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5044-3534","authenticated-orcid":false,"given":"Sylvain","family":"Guilley","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/01naq7912","id-type":"ROR","asserted-by":"publisher"}],"name":"T\u00e9l\u00e9com Paris","place":["Paris, France"]},{"name":"Secure-IC","place":["Rennes, France"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3056-9241","authenticated-orcid":false,"given":"Naina","family":"Gupta","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02e7b5302","id-type":"ROR","asserted-by":"publisher"}],"name":"Nanyang Technological University","place":["Singapore, Singapore"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Takanori","family":"Isobe","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/035t8zc32","id-type":"ROR","asserted-by":"publisher"}],"name":"University of Osaka","place":["Osaka, Japan"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1082-4049","authenticated-orcid":false,"given":"Arpan","family":"Jati","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02e7b5302","id-type":"ROR","asserted-by":"publisher"}],"name":"Nanyang Technological University","place":["Singapore, Singapore"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0833-8068","authenticated-orcid":false,"given":"Petr","family":"Jedlicka","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/046akcc76","id-type":"ROR","asserted-by":"publisher"}],"name":"Brno University of Technology","place":["Brno, Czechia"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6757-6109","authenticated-orcid":false,"given":"Hyunjun","family":"Kim","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02c5gc203","id-type":"ROR","asserted-by":"publisher"}],"name":"Hansung University","place":["Seoul, South Korea"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fukang","family":"Liu","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/05dqf9946","id-type":"ROR","asserted-by":"publisher"}],"name":"Institute of Science Tokyo","place":["Tokyo, Japan"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6504-5619","authenticated-orcid":false,"given":"Zden\u011bk","family":"Martin\u00e1sek","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/046akcc76","id-type":"ROR","asserted-by":"publisher"}],"name":"Brno University of Technology","place":["Brno, Czechia"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kosei","family":"Sakamoto","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/033y26782","id-type":"ROR","asserted-by":"publisher"}],"name":"Mitsubishi Electric Corporation","place":["Tokyo, Japan"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0069-9061","authenticated-orcid":false,"given":"Hwajeong","family":"Seo","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/02c5gc203","id-type":"ROR","asserted-by":"publisher"}],"name":"Hansung University","place":["Seoul, South Korea"]}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2306-9978","authenticated-orcid":false,"given":"Rentaro","family":"Shiba","sequence":"additional","affiliation":[{"id":[{"id":"https:\/\/ror.org\/033y26782","id-type":"ROR","asserted-by":"publisher"}],"name":"Mitsubishi Electric Corporation","place":["Tokyo, Japan"]},{"id":[{"id":"https:\/\/ror.org\/04chrp450","id-type":"ROR","asserted-by":"publisher"}],"name":"Nagoya University","place":["Nagoya, Japan"]}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"48349","published-online":{"date-parts":[[2026,1,8]]},"reference":[{"key":"ref1:fixslice-ep","doi-asserted-by":"publisher","first-page":"402","DOI":"10.46586\/tches.v2021.i1.402-425","article-title":"Fixslicing: A New GIFT Representation","volume":"2021","author":"Alexandre Adomnicai","year":"2021","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref2:gift-eprint","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1007\/978-3-319-66787-4_16","article-title":"GIFT: A Small Present","author":"Subhadeep Banik","year":"2017"},{"key":"ref3:pyjamask","volume-title":"Pyjamask v1.0","author":"Dahmun Goudarzi","year":"2019"},{"key":"ref4:zorro-bc","doi-asserted-by":"publisher","first-page":"383","DOI":"10.1007\/978-3-642-40349-1_22","article-title":"Block Ciphers That Are Easier to Mask: How Far Can We Go?","author":"Beno\u00eet G\u00e9rard","year":"2013"},{"key":"ref5:undisturbed-bits","volume-title":"Relating Undisturbed Bits to Other Properties of\n  Substitution Boxes","author":"Rusydi H. Makarim","year":"2014"},{"key":"ref6:anubhab1","isbn-type":"print","doi-asserted-by":"crossref","DOI":"10.1007\/978-981-16-6522-6","volume-title":"Classical and Physical Security of Symmetric Key\n  Cryptographic Algorithms","author":"Anubhab Baksi","year":"2022","ISBN":"https:\/\/id.crossref.org\/isbn\/9789811665240"},{"key":"ref7:fault-survey-acm","doi-asserted-by":"publisher","DOI":"10.1145\/3530054","article-title":"A Survey on Fault Attacks on Symmetric Key Cryptosystems","volume":"55","author":"Anubhab Baksi","year":"2023","journal-title":"ACM Computing Surveys"},{"key":"ref8:fault-book","series-title":"Information Security and Cryptography","isbn-type":"print","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-29656-7","volume-title":"Fault Analysis in Cryptography","year":"2012","ISBN":"https:\/\/id.crossref.org\/isbn\/9783642296550"},{"key":"ref9:branchno-indocrypt","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"361","DOI":"10.1007\/978-3-030-35423-7_18","article-title":"On the Relationship between Resilient Boolean Functions and\n  Linear Branch Number of S-boxes","volume":"11898","author":"Sumanta Sarkar","year":"2019"},{"key":"ref10:anubhab","volume-title":"Classical and Physical Security of Symmetric Key\n  Cryptographic Algorithms","author":"Anubhab Baksi","year":"2021"},{"key":"ref11:zorro-total-break","volume-title":"Total Break of Zorro using Linear and Differential Attacks","author":"Shahram Rasoolzadeh","year":"2014"},{"key":"ref12:diff-lin-full-zorro","isbn-type":"print","doi-asserted-by":"publisher","first-page":"308","DOI":"10.1007\/978-3-319-07536-5_19","article-title":"Differential Cryptanalysis and Linear Distinguisher of\n  Full-Round Zorro","author":"Yanfeng Wang","year":"2014","ISBN":"https:\/\/id.crossref.org\/isbn\/9783319075365"},{"key":"ref13:zorro-cryptana","doi-asserted-by":"publisher","first-page":"383","DOI":"10.1007\/978-3-662-46706-0_21","article-title":"Cryptanalysis of Zorro","author":"Jian Guo","year":"2014"},{"key":"ref14:improved-zorro-like","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1007\/978-3-319-13051-4_12","article-title":"Improved Analysis of Zorro-Like Ciphers","author":"Achiya Bar-On","year":"2014"},{"key":"ref15:dpa-book","isbn-type":"print","volume-title":"Power analysis attacks - Revealing the secrets of smart\n  cards","author":"Stefan Mangard","year":"2007","ISBN":"https:\/\/id.crossref.org\/isbn\/9780387308579"},{"key":"ref16:dpa-book2","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-6783-0","volume-title":"Advanced DPA Theory and Practice: Towards the Security\n  Limits of Secure Embedded Circuits","author":"Eric Peeters","year":"2013"},{"key":"ref17:baksheesh-eprint","volume-title":"BAKSHEESH: Similar Yet Different From GIFT","author":"Anubhab Baksi","year":"2023"},{"key":"ref18:amit-baksheesh","isbn-type":"print","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1007\/978-981-96-0944-4_6","article-title":"More Vulnerabilities of Linear Structure Sbox-Based Ciphers\n  Reveal Their Inability to\u00a0Resist DFA","author":"Amit Jana","year":"2025","ISBN":"https:\/\/id.crossref.org\/isbn\/9789819609444"},{"key":"ref19:tofa-tches25","doi-asserted-by":"publisher","first-page":"614","DOI":"10.46586\/tches.v2025.i3.614-643","article-title":"ToFA: Towards Fault Analysis of GIFT and GIFT-like Ciphers\n  Leveraging Truncated Impossible Differentials","volume":"2025","author":"Anup Kumar Kundu","year":"2025","journal-title":"IACR Transactions on Cryptographic Hardware and Embedded\n  Systems"},{"key":"ref20:linear-sun-baksheesh-inscrypt","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-981-96-5566-3_2","article-title":"Investigation of the Optimal Linear Characteristics of\n  BAKSHEESH","volume":"15529","author":"Yuxuan Peng","year":"2025"},{"key":"ref21:linear-sun-baksheesh","volume-title":"Investigation of the Optimal Linear Characteristics of\n  BAKSHEESH (Full Version)","author":"Yuxuan Peng","year":"2024"},{"key":"ref22:siwei-baksheesh-inscrypt","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/978-981-96-4734-7_19","article-title":"Cryptanalysis of BAKSHEESH Block Cipher","volume":"15529","author":"Shengyuan Xu","year":"2025"},{"key":"ref23:biz-baksheesh","isbn-type":"print","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-031-80311-6_7","article-title":"BIZness: Bit Invariant Zero-Sum Property Based on Division\n  Trail","author":"Shibam Ghosh","year":"2025","ISBN":"https:\/\/id.crossref.org\/isbn\/9783031803116"},{"key":"ref24:boomerang-baksheesh","doi-asserted-by":"publisher","first-page":"5343","DOI":"10.1109\/TIT.2024.3381655","article-title":"Revisiting the Boomerang Attack From a Perspective of\n  3-Differential","volume":"70","author":"Libo Wang","year":"2024","journal-title":"IEEE Transactions on Information Theory"},{"key":"ref25:difa-rent-2025","volume-title":"DIFA-Rent: Division Property Based Fault Attacks on\n  DEFAULT and BAKSHEESH","author":"Shibam Ghosh","year":"2025"},{"key":"ref26:mifa-2025","volume-title":"MIFA: An MILP-based Framework for Improving Differential\n  Fault Attacks","author":"Hanbeom Shin","year":"2025"},{"key":"ref27:present","doi-asserted-by":"publisher","first-page":"450","DOI":"10.1007\/978-3-540-74735-2_31","article-title":"PRESENT: An ultra-lightweight block cipher","volume":"4727","author":"Andrey Bogdanov","year":"2007"},{"key":"ref28:arpan-thresh-db","doi-asserted-by":"publisher","first-page":"2110","DOI":"10.1109\/TIFS.2019.2957974","article-title":"Threshold Implementations of GIFT: A Trade-Off Analysis","volume":"15","author":"Arpan Jati","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref29:trifle","volume-title":"TRIFLE","author":"Nilanjan Datta","year":"2019"},{"key":"ref30:lsdesign-hal","article-title":"LS-Designs: Bitslice Encryption for Efficient Masked\n  Software Implementations","author":"Vincent Grosso","year":"2014"},{"key":"ref31:rasta-crypto","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"662","DOI":"10.1007\/978-3-319-96884-1_22","article-title":"Rasta: A Cipher with Low ANDdepth and Few ANDs per\n  Bit","volume":"10991","author":"Christoph Dobraunig","year":"2018"},{"key":"ref32:lowmc","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1007\/978-3-662-46800-5_17","article-title":"Ciphers for MPC and FHE","volume":"9056","author":"Martin Albrecht","year":"2015"},{"key":"ref33:kreyvium-fse","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-3-662-52993-5_16","article-title":"Stream Ciphers: A Practical Solution for Efficient\n  Homomorphic-Ciphertext Compression","volume":"9783","author":"Anne Canteaut","year":"2016"},{"key":"ref34:claude13guilley","article-title":"Side-Channel Indistinguishability","author":"Claude Carlet","year":"2013","journal-title":"HAL Open Science"},{"key":"ref35:ARMADILLO","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"398","DOI":"10.1007\/978-3-642-15031-9_27","article-title":"ARMADILLO: A Multi-purpose Cryptographic Primitive\n  Dedicated to Hardware","volume":"6225","author":"St\u00e9phane Badel","year":"2010"},{"key":"ref36:picaro-ep","volume-title":"PICARO - A Block Cipher Allowing Efficient Higher-Order\n  Side-Channel Resistance \u2013 Extended Version \u2013","author":"Gilles Piret","year":"2012"},{"key":"ref37:scream","volume-title":"SCREAM & iSCREAM: Side-Channel Resistant Authenticated\n  Encryption with Masking","author":"Vincent Grosso","year":"2014"},{"key":"ref38:biham_shamir","series-title":"Lecture Notes in Computer Science","isbn-type":"print","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/BFb0052259","article-title":"Differential Fault Analysis of Secret Key Cryptosystems","volume":"1294","author":"Eli Biham","year":"1997","ISBN":"https:\/\/id.crossref.org\/isbn\/9783540633846"},{"key":"ref39:DBLP:conf\/crypto\/Kocher96","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","article-title":"Timing Attacks on Implementations of Diffie-Hellman, RSA,\n  DSS, and Other Systems","volume":"1109","author":"Paul C. Kocher","year":"1996"},{"key":"ref40:DBLP:conf\/ches\/GandolfiMO01","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/3-540-44709-1_21","article-title":"Electromagnetic Analysis: Concrete Results","volume":"2162","author":"Karine Gandolfi","year":"2001"},{"key":"ref41:KocherJJ99","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/3-540-48405-1_25","article-title":"Differential Power Analysis","author":"Paul C. Kocher","year":"1999"},{"key":"ref42:cpa04","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-28632-5_2","article-title":"Correlation Power Analysis with a Leakage Model","author":"Eric Brier","year":"2004"},{"key":"ref43:Coron00","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"229","DOI":"10.1007\/3-540-44598-6_14","article-title":"On the Exact Security of Full Domain Hash","volume":"1880","author":"Jean-S\u00e9bastien Coron","year":"2000"},{"key":"ref44:Mesquita05","first-page":"169","article-title":"A new hardware countermeasure for masking power signatures\n  of crypto cores","author":"Daniel Mesquita","year":"2005"},{"key":"ref45:nikova2006threshold","doi-asserted-by":"publisher","first-page":"529","DOI":"10.1007\/11935308_38","article-title":"Threshold implementations against side-channel attacks and\n  glitches","author":"Svetla Nikova","year":"2006"},{"key":"ref46:begul","volume-title":"Threshold Implementations As Countermeasure Against\n  Higher-Order Differential Power Analysis","author":"Beg\u00fcl Bilgin","year":"2015"},{"key":"ref47:schneider2015leakage","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1007\/978-3-662-48324-4_25","article-title":"Leakage Assessment Methodology \u2013 A Clear Roadmap for\n  Side-Channel Evaluations","volume":"9293","author":"Tobias Schneider","year":"2015"},{"key":"ref48:serpent","isbn-type":"print","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/3-540-69710-1_15","article-title":"Serpent: A New Block Cipher Proposal","author":"Eli Biham","year":"1998","ISBN":"https:\/\/id.crossref.org\/isbn\/9783540697107"},{"key":"ref49:gift-eprint-extended","volume-title":"GIFT: A Small Present (Extended Version)","author":"Subhadeep Banik","year":"2017"},{"key":"ref50:ullrich-thesis","volume-title":"The design and efficient software implementation of\n  S-boxes","author":"Markus Ullrich","year":"2010"},{"key":"ref51:design-aes","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-662-04722-4","volume-title":"The Design of Rijndael: AES - The Advanced Encryption\n  Standard","author":"Joan Daemen","year":"2002"},{"key":"ref52:bilgin2020low","doi-asserted-by":"publisher","first-page":"144","DOI":"10.13154\/tosc.v2020.i1.144-184","article-title":"Low and depth and efficient inverses: a guide on s-boxes for\n  low-latency masking","volume":"2020","author":"Beg\u00fcl Bilgin","year":"2020","journal-title":"IACR Transactions on Symmetric Cryptology"},{"key":"ref53:pipo-ep","volume-title":"A New Method for Designing Lightweight S-boxes with High\n  Differential and Linear Branch Numbers, and Its Application","author":"Hangi Kim","year":"2020"},{"key":"ref54:cryptoeprint:2016:254","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-3-662-49890-3_13","article-title":"Towards Stream Ciphers for Efficient FHE with Low-Noise\n  Ciphertexts","volume":"9665","author":"Pierrick M\u00e9aux","year":"2016"},{"key":"ref55:mimc-asiacrypt","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/978-3-662-53887-6_7","article-title":"MiMC: Efficient Encryption and Cryptographic Hashing with\n  Minimal Multiplicative Complexity","volume":"10031","author":"Martin Albrecht","year":"2016"},{"key":"ref56:rubato-ep","volume-title":"Rubato: Noisy Ciphers for Approximate Homomorphic Encryption\n  (Full Version)","author":"Jincheol Ha","year":"2022"},{"key":"ref57:cryptoeprint:2019:426","doi-asserted-by":"publisher","first-page":"1","DOI":"10.13154\/tosc.v2020.i3.1-45","article-title":"Design of Symmetric-Key Primitives for Advanced\n  Cryptographic Protocols","volume":"2020","author":"Abdelrahaman Aly","year":"2020","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref58:seacipher","isbn-type":"print","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1007\/11733447_16","article-title":"SEA: A Scalable Encryption Algorithm for Small Embedded\n  Applications","author":"Fran\u00e7ois-Xavier Standaert","year":"2006","ISBN":"https:\/\/id.crossref.org\/isbn\/9783540333111"},{"key":"ref59:printcipher","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-642-15031-9_2","article-title":"PRINTcipher: A Block Cipher for IC-Printing","volume":"6225","author":"Lars R. Knudsen","year":"2010"},{"key":"ref60:canniere-thesis","volume-title":"Analysis and Design of Symmetric Encryption Algorithms","author":"Christophe De\u00a0Canni\u00e8re","year":"2007"},{"key":"ref61:prince","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-642-34961-4_14","article-title":"PRINCE - A Low-Latency Block Cipher for Pervasive\n  Computing Applications","author":"Julia Borghoff","year":"2012"},{"key":"ref62:prince-eprint","volume-title":"PRINCE - A Low-Latency Block Cipher for Pervasive\n  Computing Applications (Full Version)","author":"Julia Borghoff","year":"2012"},{"key":"ref63:skinny-crypto","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1007\/978-3-662-53008-5_5","article-title":"The SKINNY Family of Block Ciphers and Its Low-Latency\n  Variant MANTIS","author":"Christof Beierle","year":"2016"},{"key":"ref64:ti_sg","volume-title":"From Substitution Box To Threshold","author":"Anubhab Baksi","year":"2023"},{"key":"ref65:midori-eprint","doi-asserted-by":"publisher","first-page":"411","DOI":"10.1007\/978-3-662-48800-3_17","article-title":"Midori: A Block Cipher for Low Energy","author":"Subhadeep Banik","year":"2015"},{"key":"ref66:milp-secitc","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/978-3-030-69255-1_4","article-title":"New Insights on Differential and Linear Bounds Using Mixed\n  Integer Linear Programming","volume":"12596","author":"Anubhab Baksi","year":"2020"},{"key":"ref67:bogip-iwsec","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-58208-1_1","article-title":"On the Design of Bit Permutation Based Ciphers \u2013 The\n  Interplay Among S-box, Bit Permutation and Key-addition","volume":"12231","author":"Sumanta Sarkar","year":"2020"},{"key":"ref68:led","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-642-23951-9_22","article-title":"The LED Block Cipher","author":"Jian Guo","year":"2011"},{"key":"ref69:robin-attack","isbn-type":"print","doi-asserted-by":"publisher","first-page":"254","DOI":"10.1007\/978-3-662-46800-5_11","article-title":"A Generic Approach to Invariant Subspace Attacks:\n  Cryptanalysis of Robin, iSCREAM and Zorro","author":"Gregor Leander","year":"2015","ISBN":"https:\/\/id.crossref.org\/isbn\/9783662468005"},{"key":"ref70:backdoor-ep","volume-title":"Big Brother Is Watching You: A Closer Look At Backdoor\n  Construction","author":"Anubhab Baksi","year":"2022"},{"key":"ref71:princev2-ep","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1007\/978-3-030-81652-0_19","article-title":"PRINCEv2 - More Security for (Almost) No Overhead","author":"Du\u0161an Bo\u017eilov","year":"2021"},{"key":"ref72:default-attack-ep","volume-title":"Information-Combining Differential Fault Attacks on\n  DEFAULT","author":"Marcel Nageler","year":"2021"},{"key":"ref73:sat-diff-lin","volume-title":"Accelerating the Search of Differential and Linear\n  Characteristics with the SAT Method","author":"Ling Sun","year":"2021"},{"key":"ref74:milp-ep-eprint","volume-title":"New Insights on Differential and Linear Bounds Using Mixed\n  Integer Linear Programming (Full Version)","author":"Anubhab Baksi","year":"2020"},{"key":"ref75:DBLP:conf\/issac\/BettaleFP12","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1145\/2442829.2442843","article-title":"Solving polynomial systems over finite fields: improved\n  analysis of the hybrid approach","author":"Luk Bettale","year":"2012"},{"key":"ref76:DBLP:conf\/fse\/DaemenKR97","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"149","DOI":"10.1007\/BFb0052343","article-title":"The Block Cipher Square","volume":"1267","author":"Joan Daemen","year":"1997"},{"key":"ref77:DBLP:conf\/fse\/KnudsenW02","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1007\/3-540-45661-9_9","article-title":"Integral Cryptanalysis","author":"Lars R. Knudsen","year":"2002"},{"key":"ref78:TodoDivisionProperty","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/978-3-662-46800-5_12","article-title":"Structural Evaluation by Generalized Integral Property","author":"Yosuke Todo","year":"2015"},{"key":"ref79:DBLP:conf\/asiacrypt\/XiangZBL16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"648","DOI":"10.1007\/978-3-662-53887-6_24","article-title":"Applying MILP Method to Searching Integral Distinguishers\n  Based on Division Property for 6 Lightweight Block Ciphers","volume":"10031","author":"Zejun Xiang","year":"2016"},{"key":"ref80:eurocrypt\/BihamBS99","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1007\/3-540-48910-X_2","article-title":"Cryptanalysis of Skipjack Reduced to 31 Rounds Using\n  Impossible Differentials","author":"Eli Biham","year":"1999"},{"key":"ref81:DBLP:conf\/eurocrypt\/SasakiT17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"185","DOI":"10.1007\/978-3-319-56617-7_7","article-title":"New Impossible Differential Search Tool from Design and\n  Cryptanalysis Aspects - Revealing Structural Properties of Several Ciphers","volume":"10212","author":"Yu Sasaki","year":"2017"},{"key":"ref82:DBLP:conf\/crypto\/LeanderAAZ11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/978-3-642-22792-9_12","article-title":"A Cryptanalysis of PRINTcipher: The Invariant Subspace\n  Attack","volume":"6841","author":"Gregor Leander","year":"2011"},{"key":"ref83:DBLP:conf\/asiacrypt\/TodoLS16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-662-53890-6_1","article-title":"Nonlinear Invariant Attack - Practical Attack on Full\n  SCREAM, iSCREAM, and Midori64","volume":"10032","author":"Yosuke Todo","year":"2016"},{"key":"ref84:gohr19","isbn-type":"print","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/978-3-030-26951-7_6","article-title":"Improving Attacks on Round-Reduced Speck32\/64 Using Deep\n  Learning","author":"Aron Gohr","year":"2019","ISBN":"https:\/\/id.crossref.org\/isbn\/9783030269517"},{"key":"ref85:ml-1","volume-title":"Machine Learning Assisted Differential Distinguishers For\n  Lightweight Ciphers","author":"Anubhab Baksi","year":"2020"},{"key":"ref86:ml-new","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2023.3270396","volume-title":"New Results on Machine Learning Based Distinguishers","author":"Anubhab Baksi","year":"2023"},{"key":"ref87:DBLP:conf\/crypto\/AokiS09","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1007\/978-3-642-03356-8_5","article-title":"Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0\n  and SHA-1","volume":"5677","author":"Kazumaro Aoki","year":"2009"},{"key":"ref88:DBLP:conf\/eurocrypt\/SasakiA09","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1007\/978-3-642-01001-9_8","article-title":"Finding Preimages in Full MD5 Faster Than Exhaustive\n  Search","volume":"5479","author":"Yu Sasaki","year":"2009"},{"key":"ref89:DBLP:conf\/asiacrypt\/BogdanovKR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1007\/978-3-642-25385-0_19","article-title":"Biclique Cryptanalysis of the Full AES","volume":"7073","author":"Andrey Bogdanov","year":"2011"},{"key":"ref90:infective","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-020-00224-9","article-title":"To Infect Or Not To Infect: A Critical Analysis Of Infective\n  Countermeasures In Fault Attacks","author":"Anubhab Baksi","year":"2020","journal-title":"Journal of Cryptographic Engineering"},{"key":"ref91:conf\/cf\/YanO19","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1145\/3310273.3323399","article-title":"Examining the Practical Side Channel Resilience of\n  ARX-boxes","author":"Yan Yan","year":"2019"},{"key":"ref92:piccolo","doi-asserted-by":"publisher","first-page":"342","DOI":"10.1007\/978-3-642-23951-9_23","article-title":"Piccolo: An Ultra-Lightweight Blockcipher","author":"Kyoji Shibutani","year":"2011"},{"key":"ref93:twine","volume-title":"TWINE : A Lightweight , Versatile Block Cipher","author":"Tomoyasu Suzaki","year":"2011"},{"key":"ref94:GaoConstructing19","isbn-type":"print","doi-asserted-by":"publisher","first-page":"433","DOI":"10.1007\/978-3-030-12612-4_22","article-title":"Constructing TI-Friendly Substitution Boxes Using\n  Shift-Invariant Permutations","author":"Si Gao","year":"2019","ISBN":"https:\/\/id.crossref.org\/isbn\/9783030126124"},{"key":"ref95:robin-fse","isbn-type":"print","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1007\/978-3-662-46706-0_2","article-title":"LS-Designs: Bitslice Encryption for Efficient Masked\n  Software Implementations","author":"Vincent Grosso","year":"2015","ISBN":"https:\/\/id.crossref.org\/isbn\/9783662467060"},{"key":"ref96:lighter","doi-asserted-by":"publisher","first-page":"130","DOI":"10.13154\/tosc.v2017.i4.130-168","article-title":"Optimizing Implementations of Lightweight Building Blocks","volume":"2017","author":"J\u00e9r\u00e9my Jean","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref97:lighterr","doi-asserted-by":"publisher","first-page":"260","DOI":"10.1109\/SOCC46988.2019.1570548320","article-title":"LIGHTER-R: Optimized Reversible Circuit Implementation For\n  SBoxes","author":"Vishnu Asutosh Dasu","year":"2019"},{"key":"ref98:socc-2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/SOCC62300.2024.10737862","article-title":"Quantum Implementation of Linear and Non-Linear Layers","author":"Anubhab Baksi","year":"2024"},{"key":"ref99:dorcis-ep","volume-title":"DORCIS: Depth Optimized Quantum Implementation of\n  Substitution Boxes","author":"Matthew Chun","year":"2023"}],"container-title":["IACR Communications in Cryptology"],"original-title":[],"language":"en","deposited":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T23:40:49Z","timestamp":1767915649000},"score":1,"resource":{"primary":{"URL":"https:\/\/cic.iacr.org\/p\/2\/4\/31"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,8]]},"references-count":99,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2026,1,8]]}},"URL":"https:\/\/doi.org\/10.62056\/ae890lmol","archive":["Internet Archive","Internet Archive"],"relation":{},"ISSN":["3006-5496"],"issn-type":[{"value":"3006-5496","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,8]]},"assertion":[{"value":"2025-10-08","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2025-12-02","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"cc2-4-67"}}