论文信息 - The Block Cipher Companion

The Block Cipher Companion

Block ciphers encrypt blocks of plaintext, messages, into blocks of ciphertext under the action of a secret key, and the process of encryption is reversed by decryption which uses the same user-supplied key. Block ciphers are fundamental to modern cryptography, in fact they are the most widely used cryptographic primitive useful in their own right, and in the construction of other cryptographic mechanisms. In this book the authors provide a technically detailed, yet readable, account of the state of the art of block cipher analysis, design, and deployment. The authors first describe the most prominent block ciphers and give insights into their design. They then consider the role of the cryptanalyst, the adversary, and provide an overview of some of the most important cryptanalytic methods. The book will be of value to graduate and senior undergraduate students of cryptography and to professionals engaged in cryptographic design. An important feature of the presentation is the authors' exhaustive bibliography of the field, each chapter closing with comprehensive supporting notes.

Matthew J. B. Robshaw | Lars R. Knudsen | M. Robshaw | L. Knudsen

[1] Valérie Nachef,et al. Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions , 2007, ASIACRYPT.

[2] Christophe Giraud,et al. An Implementation of DES and AES, Secure against Some Attacks , 2001, CHES.

[3] Kazuo Ohta,et al. Results of Switching-Closure-Test on FEAL (Extended Abstract) , 1991, ASIACRYPT.

[4] Scott R. Fluhrer. Cryptanalysis of the Mercy Block Cipher , 2001, FSE.

[5] Jean-Jacques Quisquater,et al. Security of the MISTY Structure in the Luby-Rackoff Model: Improved Results , 2004, Selected Areas in Cryptography.

[6] Hiroshi Miyauchi,et al. Cryptanalysis of DES Implemented on Computers with Cache , 2003, CHES.

[7] Martin E. Hellman,et al. A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[8] Eyal Kushilevitz,et al. Improved Cryptanalysis of RC5 , 1998, EUROCRYPT.

[9] Jean-Jacques Quisquater,et al. How Easy is Collision Search? Application to DES (Extended Summary) , 1990, EUROCRYPT.

[10] Bruce Schneier,et al. Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent , 2000, FSE.

[11] Xuejia Lai. Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[12] 염흥렬,et al. [서평]「Applied Cryptography」 , 1997 .

[13] Gregory V. Bard,et al. Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[14] Vincent Rijmen,et al. The Design of Rijndael , 2002, Information Security and Cryptography.

[15] Nicolas Courtois. Feistel Schemes and Bi-linear Cryptanalysis , 2004, CRYPTO.

[16] Feng Dengguo,et al. Collision attack and pseudorandomness of reduced-round camellia , 2004 .

[17] Walter Fumy,et al. On the F-function of FEAL , 1987, CRYPTO.

[18] Hua Chen,et al. Collision Attack and Pseudorandomness of Reduced-Round Camellia , 2004, Selected Areas in Cryptography.

[19] Lars R. Knudsen,et al. A Key-schedule Weakness in SAFER K-64 , 1995, CRYPTO.

[20] Mitsuru Matsui,et al. New Block Encryption Algorithm MISTY , 1997, FSE.

[21] Eli Biham,et al. Cryptanalysis of Ladder-DES , 1997, FSE.

[22] Pascal Junod,et al. Revisiting the IDEA Philosophy , 2009, FSE.

[23] L. Knudsen,et al. Distinguishing attack on five-round Feistel networks , 2003 .

[24] Matthew Kwan. Simultaneous Attacks in Differential Cryptanalysis (Getting More Pairs Per Encryption) , 1991, ASIACRYPT.

[25] Toshinobu Kaneko,et al. Higher Order Differential Attak of CAST Cipher , 1998, FSE.

[26] Pierre-Alain Fouque,et al. Practical Symmetric On-Line Encryption , 2003, FSE.

[27] Lars R. Knudsen,et al. Provable Security Against Differential Cryptanalysis , 1992, CRYPTO.

[28] Serge Vaudenay,et al. Adaptive-Attack Norm for Decorrelation and Super-Pseudorandomness , 1999, Selected Areas in Cryptography.

[29] Shoji Miyaguchi. The FEAL-8 Cryptosystem and a Call for Attack , 1989, CRYPTO.

[30] Niels Ferguson,et al. A Simple Algebraic Representation of Rijndael , 2001, Selected Areas in Cryptography.

[31] Eli Biham,et al. Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[32] Ingrid Schaumüller-Bichl,et al. Cryptonalysis of the Data Encryption Standard by the Method of Formal Coding , 1982, EUROCRYPT.

[33] Don Coppersmith,et al. The Data Encryption Standard (DES) and its strength against attacks , 1994, IBM J. Res. Dev..

[34] Ueli Maurer. A Simplified and Generalized Treatment of Luby-Rackoff Pseudorandom Permutation Generator , 1992, EUROCRYPT.

[35] Vincent Rijmen,et al. The Block Cipher BKSQ , 1998, CARDIS.

[36] Frédéric Muller,et al. A New Attack against Khazad , 2003, ASIACRYPT.

[37] Adi Shamir,et al. On the Security of DES , 1985, CRYPTO.

[38] Xuejia Lai,et al. Security of Iterated Hash Functions Based on Block Ciphers , 1994, CRYPTO.

[39] Johann Großschädl,et al. Instruction Set Extensions for Efficient AES Implementation on 32-bit Processors , 2006, CHES.

[40] Ueli Maurer,et al. Cascade ciphers: The importance of being first , 1993, Journal of Cryptology.

[41] Eli Biham,et al. Two Practical and Provably Secure Block Ciphers: BEARS and LION , 1996, FSE.

[42] Yasuo Hatano,et al. Higher Order Differential Attack of Camellia (II) , 2002, Selected Areas in Cryptography.

[43] Yvo Desmedt,et al. Efficient Hardware and Software Implementations for the DES , 1985, CRYPTO.

[44] Serge Vaudenay. Decorrelation over Infinite Domains: The Encrypted CBC-MAC Case , 2000, Selected Areas in Cryptography.

[45] Joo Yeon Cho,et al. Linear Cryptanalysis of Reduced-Round PRESENT , 2010, CT-RSA.

[46] Charles Cresson Wood,et al. Security for computer networks : D.W. Davies and W.L. Price New York: John Wiley and Sons, 1984. 386 + xix pages, $19.50 , 1985, Computers & security.

[47] Bart Preneel,et al. Attacks on Fast Double Block Length Hash Functions , 1998, Journal of Cryptology.

[48] Reinhard Posch,et al. A 155 Mbps Triple-DES Network Encryptor , 2000, CHES.

[49] Monk-Ping Leong,et al. Tradeoffs in Parallel and Serial Implementations of the International Data Encryption Algorithm IDEA , 2001, CHES.

[50] Lars R. Knudsen,et al. The Security of Feistel Ciphers with Six Rounds or Less , 2002, Journal of Cryptology.

[51] Akashi Satoh,et al. A Compact Rijndael Hardware Architecture with S-Box Optimization , 2001, ASIACRYPT.

[52] Cunsheng Ding,et al. On Almost Perfect Nonlinear Permutations , 1994, EUROCRYPT.

[53] Taizo Shirai,et al. Improved Upper Bounds of Differential and Linear Characteristic Probability for Camellia , 2002, FSE.

[54] Hideki Imai,et al. On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses , 1989, CRYPTO.

[55] Emmanuel Prouff,et al. DPA Attacks and S-Boxes , 2005, FSE.

[56] Bruce Schneier,et al. Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[57] Carlo Harpes,et al. A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.

[58] Kenneth G. Paterson,et al. Padding Oracle Attacks on the ISO CBC Mode Encryption Standard , 2004, CT-RSA.

[59] Eli Biham,et al. Differential Cryptanalysis of Feal and N-Hash , 1991, EUROCRYPT.

[60] Toshinobu Kaneko. A Known-Plaintext Attack of FEAL-4 Based on the System of Linear Equations on Difference , 1991, ASIACRYPT.

[61] Amir Moradi,et al. A Generalized Method of Differential Fault Attack Against AES Cryptosystem , 2006, CHES.

[62] Philippe Oechslin,et al. Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[63] Olivier Billet,et al. Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[64] Stafford E. Tavares,et al. On the Design of SP Networks From an Information Theoretic Point of View , 1992, CRYPTO.

[65] Vincent Rijmen,et al. Linear Frameworks for Block Ciphers , 2001, Des. Codes Cryptogr..

[66] Serge Vaudenay,et al. Perfect Diffusion Primitives for Block Ciphers , 2004, Selected Areas in Cryptography.

[67] Willi Meier,et al. The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption , 2005, CRYPTO.

[68] Tsutomu Matsumoto,et al. Optimization of Time-Memory Trade-Off Cryptanalysis and Its Application to DES, FEAL-32, and Skipjack (Special Section on Cryptography and Information Security) , 1996 .

[69] Yuliang Zheng,et al. The SPEED Cipher , 1997, Financial Cryptography.

[70] Ivan Damgård,et al. The Breaking of the AR Hash Function , 1993, EUROCRYPT.

[71] Lars R. Knudsen,et al. The Interpolation Attack on Block Ciphers , 1997, FSE.

[72] Willi Meier,et al. Improved Differential Attacks on RC5 , 1996, CRYPTO.

[73] Sangwoo Park,et al. On the Security of CAMELLIA against the Square Attack , 2002, FSE.

[74] Milos Drutarovský,et al. Two Methods of Rijndael Implementation in Reconfigurable Hardware , 2001, CHES.

[75] Ivan Damgård,et al. Two-Key Triple Encryption , 1998, Journal of Cryptology.

[76] Alex Biryukov,et al. The Design of a Stream Cipher LEX , 2006, Selected Areas in Cryptography.

[77] Håvard Raddum. Cryptanalysis of IDEA-X/2 , 2003, FSE.

[78] Christof Paar,et al. Ultra-Lightweight Implementations for Smart Devices - Security for 1000 Gate Equivalents , 2008, CARDIS.

[79] Serge Vaudenay,et al. On the Security of CS-Cipher , 1999, FSE.

[80] Mitsuru Matsui,et al. Linear Cryptanalysis of LOKI and s2DES , 1994, ASIACRYPT.

[81] Mitsuru Matsui,et al. New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis , 1996, FSE.

[82] Khoongming Khoo,et al. Cryptographic Properties and Application of a Generalized Unbalanced Feistel Network Structure , 2009, ACISP.

[83] Eli Biham,et al. Rectangle Attacks on 49-Round SHACAL-1 , 2003, FSE.

[84] Douglas R. Stinson,et al. Cryptography: Theory and Practice , 1995 .

[85] Tetsu Iwata,et al. New Security Proofs for the 3GPP Confidentiality and Integrity Algorithms , 2004, FSE.

[86] Antoine Joux,et al. Blockwise-Adaptive Attackers: Revisiting the (In)Security of Some Provably Secure Encryption Models: CBC, GEM, IACBC , 2002, CRYPTO.

[87] Jean-Didier Legat,et al. ICEBERG : An Involutional Cipher Efficient for Block Encryption in Reconfigurable Hardware , 2004, FSE.

[88] Bruce Schneier,et al. Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[89] Kaoru Kurosawa,et al. Probabilistic Higher Order Differential Attack and Higher Order Bent Functions , 1999, ASIACRYPT.

[90] Hiroshi Miyano,et al. A Method to Estimate the Number of Ciphertext Pairs for Differential Cryptanalysis , 1991, ASIACRYPT.

[91] Vincent Rijmen,et al. Two Attacks on Reduced IDEA , 1997, EUROCRYPT.

[92] Henri Gilbert,et al. A Statistical Attack of the FEAL-8 Cryptosystem , 1990, CRYPTO.

[93] Kaoru Kurosawa,et al. Generalization of Higher Order SAC to Vector Output Boolean Functions , 1996, ASIACRYPT.

[94] Ralph Wernsdorf,et al. Markov Ciphers and Alternating Groups , 1994, EUROCRYPT.

[95] Jennifer Seberry,et al. Highly Nonlinear 0-1 Balanced Boolean Functions Satisfying Strict Avalanche Criterion , 1992, AUSCRYPT.

[96] Serge Vaudenay,et al. Feistel Ciphers with L2-Decorrelation , 1998, Selected Areas in Cryptography.

[97] Máire O'Neill,et al. High Performance Single-Chip FPGA Rijndael Algorithm Implementations , 2001, CHES.

[98] Eli Biham,et al. A New Attack on 6-Round IDEA , 2007, FSE.

[99] Jean-Jacques Quisquater,et al. A Differential Fault Attack Technique against SPN Structures, with Application to the AES and KHAZAD , 2003, CHES.

[100] Yvo Desmedt,et al. Efficient Hardware Implementation of the DES , 1985, CRYPTO.

[101] Bart Preneel,et al. Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings , 2007, IACR Cryptol. ePrint Arch..

[102] Charanjit S. Jutla,et al. Generalized Birthday Arracks on Unbalanced Feistel Networks , 1998, CRYPTO.

[103] David A. Wagner. Towards a Unifying View of Block Cipher Cryptanalysis , 2004, FSE.

[104] Steven Trimberger,et al. A 12 Gbps DES Encryptor/Decryptor Core in an FPGA , 2000, CHES.

[105] L. Knudsen. Iterative Characteristics of DES and S^2-DES , 1993 .

[106] François-Xavier Standaert,et al. A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[107] Eyal Kushilevitz,et al. From Differential Cryptanalysis to Ciphertext-Only Attacks , 1998, CRYPTO.

[108] Cryptanalysis of a Reduced Version of the Block Cipher E2 , 1999, FSE.

[109] Paul C. Kocher,et al. Differential Power Analysis , 1999, CRYPTO.

[110] Stefan Lucks. On Security of the 128-Bit Block Cipher DEAL , 1999, FSE.

[111] Claus Diem,et al. The XL-Algorithm and a Conjecture from Commutative Algebra , 2004, ASIACRYPT.

[112] Chae Hoon Lim,et al. CRYPTON: A New 128-bit Block Cipher - Specification and Analysis , 1998 .

[113] Raphael C.-W. Phan,et al. Impossible differential cryptanalysis of 7-round Advanced Encryption Standard (AES) , 2004, Inf. Process. Lett..

[114] Serge Vaudenay,et al. Provable Security for Block Ciphers by Decorrelation , 1998, STACS.

[115] Stefan Lucks. The Saturation Attack - A Bait for Twofish , 2000, FSE.

[116] James L. Massey,et al. SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm , 1993, FSE.

[117] Seokhie Hong,et al. Known-IV Attacks on Triple Modes of Operation of Block Ciphers , 2001, ASIACRYPT.

[118] Tsutomu Matsumoto,et al. Security of Camellia against Truncated Differential Cryptanalysis , 2001, FSE.

[119] Sangjin Lee,et al. Impossible Differential Cryptanalysis of Reduced Round XTEA and TEA , 2002, FSE.

[120] Pascal Junod,et al. New Attacks Against Reduced-Round Versions of IDEA , 2005, FSE.

[121] Kazuhiko Minematsu,et al. Beyond-Birthday-Bound Security Based on Tweakable Block Cipher , 2009, FSE.

[122] Paulo S. L. M. Barreto,et al. Improved SQUARE Attacks against Reduced-Round HIEROCRYPT , 2001, FSE.

[123] Chae Hoon Lim,et al. Hardware Design and Performance Estimation of the 128-bit Block Cipher Crypton , 1999, CHES.

[124] Serge Vaudenay,et al. Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[125] Jean-Jacques Quisquater,et al. Other Cycling Tests for DES (Abstract) , 1987, CRYPTO.

[126] Marine Minier,et al. New Results on the Pseudorandomness of Some Blockcipher Constructions , 2001, FSE.

[127] Antoine Joux,et al. Blockwise Adversarial Model for On-line Ciphers and Symmetric Encryption Schemes , 2004, Selected Areas in Cryptography.

[128] Markus Dichtl,et al. Problems with the Linear Cryptanalysis of DES Using More Than One Active S-box per Round , 1994, FSE.

[129] Shai Halevi,et al. A Tweakable Enciphering Mode , 2003, CRYPTO.

[130] Kaoru Kurosawa,et al. Non-cryptographic primitive for pseudorandom permutation , 2003, Theor. Comput. Sci..

[131] Matthew J. B. Robshaw,et al. Linear Cryptanalysis Using Multiple Approximations and FEAL , 1994, FSE.

[132] Donghoon Chang,et al. Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98 , 2002, Selected Areas in Cryptography.

[133] Chris J. Mitchell,et al. Partial Key Recovery Attack Against RMAC , 2004, Journal of Cryptology.

[134] Yuliang Zheng,et al. On Relationships among Avalanche, Nonlinearity, and Correlation Immunity , 2000, ASIACRYPT.

[135] Joos Vandewalle,et al. Linear Cryptanalysis of Reduced-Round Versions of the SAFER Block Cipher Family , 2000, FSE.

[136] Serge Vaudenay,et al. Decorrelation: A Theory for Block Cipher Security , 2003, Journal of Cryptology.

[137] David Canright,et al. A Very Compact S-Box for AES , 2005, CHES.

[138] Ronald L. Rivest,et al. Is the Data Encryption Standard a Group? (Preliminary Abstract) , 1985, EUROCRYPT.

[139] Kyoji Shibutani,et al. On Feistel Structures Using a Diffusion Switching Mechanism , 2006, FSE.

[140] Jens-Peter Kaps,et al. Chai-Tea, Cryptographic Hardware Implementations of xTEA , 2008, INDOCRYPT.

[141] Jean-Jacques Quisquater,et al. SEA: A Scalable Encryption Algorithm for Small Embedded Applications , 2006, CARDIS.

[142] Alex Biryukov,et al. Analysis of Involutional Ciphers: Khazad and Anubis , 2003, FSE.

[143] Tadayoshi Kohno,et al. CWC: A High-Performance Conventional Authenticated Encryption Mode , 2004, FSE.

[144] Matthew J. B. Robshaw,et al. Essential Algebraic Structure within the AES , 2002, CRYPTO.

[145] Vincent Rijmen,et al. A Side-Channel Analysis Resistant Description of the AES S-Box , 2005, FSE.

[146] Kenneth G. Paterson,et al. Padding Oracle Attacks on CBC-Mode Encryption with Secret and Random IVs , 2005, FSE.

[147] Stefan Lucks. Ciphers Secure against Related-Key Attacks , 2004, FSE.

[148] José D. P. Rolim,et al. A Comparative Study of Performance of AES Final Candidates Using FPGAs , 2000, CHES.

[149] Serge Vaudenay,et al. Proving the Security of AES Substitution-Permutation Network , 2005, Selected Areas in Cryptography.

[150] John Black,et al. Black-Box Analysis of the Block-Cipher-Based Hash-Function Constructions from PGV , 2002, CRYPTO.

[151] Henri Gilbert,et al. A Chosen Plaintext Attack of the 16-round Khufu Cryptosystem , 1994, CRYPTO.

[152] Charanjit S. Jutla. Lower Bound on Linear Authenticated Encryption , 2003, Selected Areas in Cryptography.

[153] Lars R. Knudsen,et al. Attacks on Block Ciphers of Low Algebraic Degree , 2001, Journal of Cryptology.

[154] Xuejia Lai,et al. A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[155] Mitsuru Matsui,et al. Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis , 2000, Selected Areas in Cryptography.

[156] J. Wolfowitz. Review: William Feller, An introduction to probability theory and its applications. Vol. I , 1951 .

[157] Orr Dunkelman,et al. An Improved Impossible Differential Attack on MISTY1 , 2008, ASIACRYPT.

[158] Bruce Schneier,et al. Mod n Cryptanalysis, with Applications Against RC5P and M6 , 1999, FSE.

[159] Wen-Feng Qi,et al. Construction and Analysis of Boolean Functions of 2t+1 Variables with Maximum Algebraic Immunity , 2006, ASIACRYPT.

[160] Alex Biryukov,et al. Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[161] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[162] David Chaum,et al. Crytanalysis of DES with a Reduced Number of Rounds: Sequences of Linear Factors in Block Ciphers , 1985, CRYPTO.

[163] Mitsuru Matsui,et al. A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[164] Eli Biham,et al. New Results on Boomerang and Rectangle Attacks , 2002, FSE.

[165] Chris Charnes,et al. Linear Nonequivalence versus Nonlinearity , 1992, AUSCRYPT.

[166] Joe Kilian,et al. How to Protect DES Against Exhaustive Key Search , 1996, CRYPTO.

[167] Lars R. Knudsen. Iterative Characteristics of DES and s²-DES , 1992, CRYPTO.

[168] James L. Massey,et al. SAFER K-64: One Year Later , 1994, FSE.

[169] Lars R. Knudsen,et al. New Potentially 'Weak' Keys for DES and LOKI (Extended Abstract) , 1994, EUROCRYPT.

[170] S. Akl,et al. Two New Secret Key Cryptosystems , 1985, EUROCRYPT.

[171] Adi Shamir,et al. A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony , 2010, CRYPTO.

[172] David A. Wagner,et al. Integral Cryptanalysis , 2002, FSE.

[173] Mihir Bellare,et al. The EAX Mode of Operation , 2004, FSE.

[174] Serge Vaudenay,et al. Links Between Differential and Linear Cryptanalysis , 1994, EUROCRYPT.

[175] Vincent Rijmen,et al. A Family of Trapdoor Ciphers , 1997, FSE.

[176] Justin M. Reyneri,et al. Drainage and the DES , 1982, CRYPTO.

[177] Henk Meijer,et al. New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs , 2001, EUROCRYPT.

[178] Michael Luby,et al. How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[179] Kaisa Nyberg,et al. Constructions of Bent Functions and Difference Sets , 1991, EUROCRYPT.

[180] Joos Vandewalle,et al. Security Considerations in the Design and Implementation of a new DES chip , 1987, EUROCRYPT.

[181] Jongsung Kim,et al. Related-Key Rectangle Attack on the Full SHACAL-1 , 2006, Selected Areas in Cryptography.

[182] Claude E. Shannon,et al. Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[183] Chao Li,et al. New Cryptanalysis of Block Ciphers with Low Algebraic Degree , 2009, FSE.

[184] Martin R. Albrecht,et al. Algebraic Techniques in Differential Cryptanalysis , 2009, IACR Cryptol. ePrint Arch..

[185] Christof Paar,et al. Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker , 2006, CHES.

[186] Hüseyin Demirci. Square-like Attacks on Reduced Rounds of IDEA , 2002, Selected Areas in Cryptography.

[187] Stefan Tillich,et al. Attacking State-of-the-Art Software Countermeasures-A Case Study for AES , 2008, CHES.

[188] Kaoru Kurosawa,et al. Root Finding Interpolation Attack , 2000, Selected Areas in Cryptography.

[189] Sébastien Kunz-Jacques,et al. New Improvements of Davies-Murphy Cryptanalysis , 2005, ASIACRYPT.

[190] Matthew J. B. Robshaw,et al. Fast Block Cipher Proposal , 1993, FSE.

[191] Vincent Rijmen,et al. AES implementation on a grain of sand , 2005 .

[192] Anand Desai,et al. New Paradigms for Constructing Symmetric Encryption Schemes Secure against Chosen-Ciphertext Attack , 2000, CRYPTO.

[193] Andrey Bogdanov,et al. Improved Side-Channel Collision Attacks on AES , 2007, Selected Areas in Cryptography.

[194] Sandra Dominikus,et al. Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[195] Whitfield Diffie,et al. Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard , 1977, Computer.

[196] Serge Vaudenay,et al. Resistance Against General Iterated Attacks , 1999, EUROCRYPT.

[197] Valérie Nachef,et al. Generic Attacks on Unbalanced Feistel Schemes with Contracting Functions , 2006, ASIACRYPT.

[198] Wolfgang Fichtner,et al. 2Gbit/s Hardware Realizations of RIJNDAEL and SERPENT: A Comparative Analysis , 2002, CHES.

[199] Serge Vaudenay,et al. On the Weak Keys of Blowfish , 1996, FSE.

[200] Bruce Schneier,et al. Unbalanced Feistel Networks and Block Cipher Design , 1996, FSE.

[201] Kazumaro Aoki. Efficient Evaluation of Security against Generalized Interpolation Attack , 1999, Selected Areas in Cryptography.

[202] Axel Poschmann,et al. Lightweight cryptography: cryptographic engineering for a pervasive world , 2009, IACR Cryptol. ePrint Arch..

[203] Fabrice Noilhan. Software Optimization of Decorrelation Module , 1999, Selected Areas in Cryptography.

[204] Ramarathnam Venkatesan,et al. Foiling Birthday Attacks in Length-Doubling Transformations - Benes: A Non-Reversible Alternative to Feistel , 1996, EUROCRYPT.

[205] Anne Canteaut,et al. Degree of Composition of Highly Nonlinear Functions and Applications to Higher Order Differential Cryptanalysis , 2002, EUROCRYPT.

[206] John P. Steinberger,et al. Security/Efficiency Tradeoffs for Permutation-Based Hashing , 2008, EUROCRYPT.

[207] Bart Preneel,et al. Power Analysis of an FPGA: Implementation of Rijndael: Is Pipelining a DPA Countermeasure? , 2004, CHES.

[208] Lars R. Knudsen,et al. Practically Secure Feistel Ciphers , 1994 .

[209] Panu Hämäläinen,et al. Design and Implementation of Low-Area and Low-Power AES Encryption Hardware Core , 2006, 9th EUROMICRO Conference on Digital System Design (DSD'06).

[210] Jean-Didier Legat,et al. A Time-Memory Tradeoff Using Distinguished Points: New Analysis & FPGA Results , 2002, CHES.

[211] Cameron Patterson. A Dynamic FPGA Implementation of the Serpent Block Cipher , 2000, CHES.

[212] Amr M. Youssef,et al. On the Interpolation Attacks on Block Ciphers , 2000, FSE.

[213] Jung Hee Cheon,et al. Improved Impossible Differential Cryptanalysis of Rijndael and Crypton , 2001, ICISC.

[214] Henk Meijer,et al. Modeling Linear Characteristics of Substitution-Permutation Networks , 1999, Selected Areas in Cryptography.

[215] Vincent Rijmen,et al. Attack on Six Rounds of Crypton , 1999, FSE.

[216] Gustavus J. Simmons,et al. Cycle Structures of the DES with Weak and Semi-Weak Keys , 1986, CRYPTO.

[217] Sangjin Lee,et al. Improving the Upper Bound on the Maximum Differential and the Maximum Linear Hull Probability for SPN Structures and AES , 2003, FSE.

[218] John Black,et al. Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption , 2002, USENIX Security Symposium.

[219] Kazumaro Aoki. On Maximum Non-averaged Differential Probability , 1998, Selected Areas in Cryptography.

[220] William Millan,et al. Linear Redundancy in S-Boxes , 2003, FSE.

[221] Paul Crowley,et al. Mercy: A Fast Large Block Cipher for Disk Sector Encryption , 2000, FSE.

[222] Luke O'Connor,et al. Convergence in Differential Distributions , 1995, EUROCRYPT.

[223] Eli Biham,et al. An improvement of Davies’ attack on DES , 1994, Journal of Cryptology.

[224] Joos Vandewalle,et al. Boolean Functions Satisfying Higher Order Propagation Criteria , 1991, EUROCRYPT.

[225] Henri Gilbert. The Security of "One-Block-to-Many" Modes of Operation , 2003, FSE.

[226] Kim-Kwang Raymond Choo. Privacy on the Line: The Politics of Wiretapping and Encryption, Updated and Expanded Edition , 2008, The Computer Journal.

[227] Joan Daemen,et al. Limitations of the Even-Mansour Construction , 1991, ASIACRYPT.

[228] Eli Biham,et al. Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[229] Willi Meier,et al. Correlations in RC6 with a Reduced Number of Rounds , 2000, FSE.

[230] Matthew J. B. Robshaw,et al. Key-Dependent S-Boxes and Differential Cryptanalysis , 2002, Des. Codes Cryptogr..

[231] Hitoshi Yanami,et al. Differential and Linear Cryptanalysis of a Reduced-Round SC2000 , 2002, FSE.

[232] Eli Biham,et al. Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[233] Karl Gass,et al. A DES ASIC Suitable for Network Encryption at 10 Gbps and Beyond , 1999, CHES.

[234] Virgil D. Gligor,et al. Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes , 2001, FSE.

[235] Xuejia Lai,et al. Hash Function Based on Block Ciphers , 1992, EUROCRYPT.

[236] Ulrich Kühn,et al. Cryptanalysis of Reduced-Round MISTY , 2001, EUROCRYPT.

[237] Christof Paar,et al. DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction , 2004, CHES.

[238] John Black,et al. The Ideal-Cipher Model, Revisited: An Uninstantiable Blockcipher-Based Hash Function , 2006, FSE.

[239] Akashi Satoh,et al. An Optimized S-Box Circuit Architecture for Low Power AES Design , 2002, CHES.

[240] Yvo Desmedt,et al. Several Exhaustive Key Search Machines and DES , 1986, International Conference on the Theory and Application of Cryptographic Techniques.

[241] Kaoru Kurosawa,et al. How to Enhance the Security of the 3GPP Confidentiality and Integrity Algorithms , 2005, FSE.

[242] Jennifer Seberry,et al. Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI , 1991, ASIACRYPT.

[243] Vladimir Furman. Differential Cryptanalysis of Nimbus , 2001, FSE.

[244] Robert J. Zuccherato,et al. An Attack on CFB Mode Encryption as Used by OpenPGP , 2005, Selected Areas in Cryptography.

[245] Tetsu Iwata,et al. New Blockcipher Modes of Operation with Beyond the Birthday Bound Security , 2006, FSE.

[246] Mitsuru Matsui,et al. On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[247] Antoine Joux,et al. On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction , 2002, FSE.

[248] Guido Bertoni,et al. Efficient Software Implementation of AES on 32-Bit Platforms , 2002, CHES.

[249] Matthew J. B. Robshaw,et al. Analysis of SHA-1 in Encryption Mode , 2001, CT-RSA.

[250] Eli Biham,et al. A Unified Approach to Related-Key Attacks , 2008, FSE.

[251] Sean Murphy,et al. Computational and Algebraic Aspects of the Advanced Encryption Standard , 2004 .

[252] Xuejia Lai,et al. On the design and security of block ciphers , 1992 .

[253] David J. Wheeler. A Bulk Data Encription Algorithm , 1993, FSE.

[254] Helger Lipmaa,et al. IDEA: A Cipher For Multimedia Architectures? , 1998, Selected Areas in Cryptography.

[255] Christof Paar,et al. New Lightweight DES Variants , 2007, FSE.

[256] Jennifer Seberry,et al. Pitfalls in Designing Substitution Boxes (Extended Abstract) , 1994, CRYPTO.

[257] Phillip Rogaway,et al. Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC , 2004, ASIACRYPT.

[258] Toshinobu Kaneko,et al. Differential Cryptanalysis of Reduced Rounds of GOST , 2000, Selected Areas in Cryptography.

[259] Serge Vaudenay,et al. Optimal Key Ranking Procedures in a Statistical Cryptanalysis , 2003, FSE.

[260] Don Coppersmith,et al. The Real Reason for Rivest's Phenomenon , 1985, CRYPTO.

[261] Yvo Desmedt,et al. Dependence of Output on Input in DES: Small Avalanche Characteristics , 1985, CRYPTO.

[262] Joseph Bonneau,et al. Cache-Collision Timing Attacks Against AES , 2006, CHES.

[263] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[264] Sarvar Patel,et al. Luby-Rackoff Ciphers: Why XOR Is Not So Exclusive , 2002, Selected Areas in Cryptography.

[265] Ralph C. Merkle,et al. Fast Software Encryption Functions , 1990, CRYPTO.

[266] Nasir D. Memon,et al. Algebraic properties of cryptosystem PGM , 1992, Journal of Cryptology.

[267] Kenji Ohkuma,et al. The Block Cipher Hierocrypt , 2000, Selected Areas in Cryptography.

[268] Louis Goubin,et al. DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[269] Shoichi Hirose,et al. Some Plausible Constructions of Double-Block-Length Hash Functions , 2006, FSE.

[270] Adi Shamir,et al. Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[271] Vincent Rijmen,et al. On the Decorrelated Fast Cipher (DFC) and Its Theory , 1999, FSE.

[272] Jean-Jacques Quisquater,et al. Exhaustive Key Search of the DES: Updates and Refinements , 2005 .

[273] S. Murphy. Overestimates for the Gain of Multiple Linear Approximations in Symmetric Cryptology , 2011, IEEE Transactions on Information Theory.

[274] Stafford E. Tavares,et al. Constructing Large Cryptographically Strong S-boxes , 1992, AUSCRYPT.

[275] Khoongming Khoo,et al. An Analysis of XSL Applied to BES , 2007, FSE.

[276] Shoji Miyaguchi,et al. The FEAL Cipher Family , 1990, CRYPTO.

[277] Jacques Patarin,et al. Luby-Rackoff: 7 Rounds Are Enough for 2n(1-epsilon)Security , 2003, CRYPTO.

[278] Alex Biryukov,et al. Cryptanalysis of SAFER++ , 2003, CRYPTO.

[279] Burton S. Kaliski,et al. On Differential and Linear Crytoanalysis of the RC5 Encryption Algorithm , 1995, CRYPTO.

[280] Bart Preneel. Cryptographic hash functions , 1994, Eur. Trans. Telecommun..

[281] Dong Hoon Lee,et al. Resistance of S-Boxes against Algebraic Attacks , 2004, FSE.

[282] Stafford E. Tavares,et al. Toward Provable Security of Substitution-Permutation Encryption Networks , 1998, Selected Areas in Cryptography.

[283] Eli Biham,et al. Differential-Linear Cryptanalysis of Serpent , 2003, FSE.

[284] G. R. Blakley,et al. Information Theory Without the Finiteness Assumption, II: Unfolding the DES , 1985, CRYPTO.

[285] David A. Wagner. Cryptanalysis of Some Recently-Proposed Multiple Modes of Operation , 1998, FSE.

[286] David A. Wagner,et al. On the Structure of Skipjack , 2001, Discret. Appl. Math..

[287] Lars R. Knudsen,et al. Truncated Differentials of SAFER , 1996, FSE.

[288] Frédéric Valette,et al. The Davies-Murphy Power Attack , 2004, ASIACRYPT.

[289] Adi Shamir,et al. Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization , 1999, CRYPTO.

[290] Eli Biham,et al. Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer , 1991, CRYPTO.

[291] Bruce Schneier,et al. Key-Schedule Cryptanalysis of DEAL , 1999, Selected Areas in Cryptography.

[292] Raphael C.-W. Phan. Classes of impossible differentials of advanced encryption standard , 2002 .

[293] Stafford E. Tavares,et al. A Layered Approach to the Design of Private Key Cryptosystems , 1985, CRYPTO.

[294] Toshinobu Kaneko,et al. Interpolation Attacks of the Block Cipher: SNAKE , 1999, FSE.

[295] Ralph C. Merkle,et al. One Way Hash Functions and DES , 1989, CRYPTO.

[296] Ernest F. Brickell,et al. Structure in the S-boxes of the DES , 1986, CRYPTO.

[297] Phillip Rogaway,et al. Nonce-Based Symmetric Encryption , 2004, FSE.

[298] Eli Biham,et al. An Improvement of Davies' Attack on DES , 1994, EUROCRYPT.

[299] Xiaoyun Wang,et al. Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[300] Kwangjo Kim,et al. Securing DES S-boxes against Three Robust Cryptanalysis , 1995 .

[301] Carlisle M. Adams,et al. Key-Dependent S-Box Manipulations , 1998, Selected Areas in Cryptography.

[302] Vincent Rijmen,et al. Equivalent Keys of HPC , 1999, ASIACRYPT.

[303] Joos Vandewalle,et al. Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[304] Andrey Bogdanov,et al. Multiple-Differential Side-Channel Collision Attacks on AES , 2008, CHES.

[305] Eli Biham,et al. A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[306] Babak Sadeghiyan,et al. On Necessary and Sufficient Conditions for the Construction of Super Pseudorandom Permutations , 1991, ASIACRYPT.

[307] Eli Biham,et al. Related-Key Boomerang and Rectangle Attacks , 2005, EUROCRYPT.

[308] Masayuki Kanda,et al. Practical Security Evaluation against Differential and Linear Cryptanalyses for Feistel Ciphers with SPN Round Function , 2000, Selected Areas in Cryptography.

[309] Ueli Maurer,et al. The Security of Many-Round Luby-Rackoff Pseudo-Random Permutations , 2003, EUROCRYPT.

[310] Joos Vandewalle,et al. Weak Keys for IDEA , 1994, CRYPTO.

[311] Iwata Tetsu,et al. The 128-bit Blockcipher CLEFIA , 2007 .

[312] Emmanuel Mayer,et al. A Generic Method to Design Modes of Operation Beyond the Birthday Bound , 2007, Selected Areas in Cryptography.

[313] Carlisle M. Adams,et al. The structured design of cryptographically good s-boxes , 1990, Journal of Cryptology.

[314] Eli Biham,et al. The Rectangle Attack - Rectangling the Serpent , 2001, EUROCRYPT.

[315] Liam Keliher,et al. Refined Analysis of Bounds Related to Linear and Differential Cryptanalysis for the AES , 2004, AES Conference.

[316] Eli Biham,et al. Differential Cryptanalysis of the Full 16-Round DES , 1992, Annual International Cryptology Conference.

[317] Vincent Rijmen,et al. AES and the Wide Trail Design Strategy , 2002, EUROCRYPT.

[318] Eli Biham,et al. Differential Cryptanalysis of Lucifer , 1993, CRYPTO.

[319] Scott R. Fluhrer,et al. The Security of the Extended Codebook (XCB) Mode of Operation , 2007, IACR Cryptol. ePrint Arch..

[320] Bart Preneel,et al. On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds , 2004, ASIACRYPT.

[321] Thomas Baignères,et al. KFC - The Krazy Feistel Cipher , 2006, ASIACRYPT.

[322] Matthew J. B. Robshaw,et al. Further Comments on the Structure of Rijndael , 2000 .

[323] Vincent Rijmen,et al. CIPHERTEXT-ONLY ATTACK ON AKELARRE , 2000, Cryptologia.

[324] Ingrid Verbauwhede,et al. Architectural Optimization for a 1.82Gbits/sec VLSI Implementation of the AES Rijndael Algorithm , 2001, CHES.

[325] Stafford E. Tavares,et al. An Expanded Set of S-box Design Criteria Based on Information Theory and its Relation to Differential-Like Attacks , 1991, EUROCRYPT.

[326] Johan Wallén. Linear Approximations of Addition Modulo 2n , 2003, FSE.

[327] Lars R. Knudsen,et al. Practically Secure Feistel Cyphers , 1993, FSE.

[328] Adina di Porto,et al. VINO: A Block Cipher Including Variable Permutations , 1993, FSE.

[329] Spyros S. Magliveras,et al. Symmetric Block Ciphers Based on Group Bases , 2000, Selected Areas in Cryptography.

[330] Lars R. Knudsen,et al. Cryptanalysis of C2 , 2009, CRYPTO.

[331] Ronald L. Rivest,et al. Is the Data Encryption Standard a group? (Results of cycling experiments on DES) , 1988, Journal of Cryptology.

[332] Babak Sadeghiyan,et al. A Construction for Super Pseudorandom Permutations from A Single Pseudorandom Function , 1992, EUROCRYPT.

[333] Philip Hawkes,et al. XOR and Non-XOR Differential Probabilities , 1999, EUROCRYPT.

[334] Kazuo Ohta,et al. Differential-Linear Cryptanalysis of FEAL-8 , 1995 .

[335] Luke O'Connor. On the Distribution of Characteristics in Bijective Mappings , 1993, EUROCRYPT.

[336] Jennifer Seberry,et al. On the Design of Permutation P in DES Type Cryptosystems , 1990, EUROCRYPT.

[337] Pascal Junod. On the Complexity of Matsui's Attack , 2001, Selected Areas in Cryptography.

[338] Marine Minier. A Three Rounds Property of the AES , 2004, AES Conference.

[339] Stefan Mangard,et al. Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[340] Lars R. Knudsen,et al. Chosen-text attack on CBC-MAC , 1997 .

[341] Arash Reyhani-Masoleh,et al. A Lightweight Concurrent Fault Detection Scheme for the AES S-Boxes Using Normal Basis , 2008, CHES.

[342] Yuliang Zheng,et al. Strong Linear Dependence and Unbiased Distribution of Non-propagative Vectors , 1999, Selected Areas in Cryptography.

[343] David A. Wagner,et al. The Boomerang Attack , 1999, FSE.

[344] Joos Vandewalle,et al. A New Approach to Block Cipher Design , 1993, FSE.

[345] Sean Murphy,et al. Likelihood Estimation for Block Cipher Keys , 2006 .

[346] E. Drea,et al. Code Breakers: The Inside Story of Bletchley Park. , 2015 .

[347] Vincent Rijmen,et al. The Block Cipher Square , 1997, FSE.

[348] Meiqin Wang,et al. Differential Cryptanalysis of Reduced-Round PRESENT , 2008, AFRICACRYPT.

[349] Ali Aydin Selçuk,et al. A New Meet-in-the-Middle Attack on the IDEA Block Cipher , 2003, Selected Areas in Cryptography.

[350] Antoine Joux,et al. Authenticated On-Line Encryption , 2003, Selected Areas in Cryptography.

[351] Kaoru Kurosawa,et al. On Cryptographically Secure Vectorial Boolean Functions , 1999, ASIACRYPT.

[352] Akashi Satoh,et al. Unified Hardware Architecture for 128-Bit Block Ciphers AES and Camellia , 2003, CHES.

[353] Jacques Stern,et al. XMX: A Firmware-Oriented Block Cipher Based on Modular Multiplications , 1997, FSE.

[354] Cees J. A. Jansen,et al. Modes of Blockcipher Algorithms and their Protection Against Active Eavesdropping , 1987, EUROCRYPT.

[355] Bart Preneel,et al. Hash Functions Based on Block Ciphers and Quaternary Codes , 1996, ASIACRYPT.

[356] Nikolay A. Moldovyan,et al. A cipher based on data-dependent permutations , 2001, Journal of Cryptology.

[357] Howard M. Heys,et al. Substitution-permutation networks resistant to differential and linear cryptanalysis , 1996, Journal of Cryptology.

[358] Mitsuru Matsui,et al. Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[359] Shoji Miyaguchi,et al. Fast Data Encipherment Algorithm FEAL , 1987, EUROCRYPT.

[360] Eli Biham,et al. Enhancing Differential-Linear Cryptanalysis , 2002, ASIACRYPT.

[361] Sarvar Patel,et al. Efficient Constructions of Variable-Input-Length Block Ciphers , 2004, Selected Areas in Cryptography.

[362] Kaisa Nyberg,et al. S-boxes and Round Functions with Controllable Linearity and Differential Uniformity , 1994, FSE.

[363] Thomas Baignères,et al. Dial C for Cipher , 2006, Selected Areas in Cryptography.

[364] Luke O'Connor. An analysis of a class of algorithms for S-box construction , 2006, Journal of Cryptology.

[365] Kaoru Kurosawa,et al. OMAC: One-Key CBC MAC , 2003, IACR Cryptol. ePrint Arch..

[366] Toshinobu Kaneko,et al. Quadratic Relation of S-box and Its Application to the Linear Attack of Full Round DES , 1998, CRYPTO.

[367] Stafford E. Tavares,et al. On the Design of S-Boxes , 1985, CRYPTO.

[368] Lars R. Knudsen. New Potentially 'Weak' Keys for DES and LOKI (Extended Abstract) , 1994, EUROCRYPT.

[369] Kazumaro Aoki,et al. Security of E2 against Truncated Differential Cryptanalysis , 1999, Selected Areas in Cryptography.

[370] S. Murphy. The Return of the Boomerang , 2009 .

[371] Joos Vandewalle,et al. Analytical Characteristics of the DES , 1983, CRYPTO.

[372] Kaisa Nyberg,et al. Perfect Nonlinear S-Boxes , 1991, EUROCRYPT.

[373] Gonzalo Álvarez,et al. Akelarre : a new Block Cipher Algorithm , 2007 .

[374] Matthew J. Weiner,et al. Efficient DES Key Search , 1994 .

[375] Seokhie Hong,et al. Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis , 2000, ASIACRYPT.

[376] Joos Vandewalle,et al. Linear Cryptanalysis of RC5 and RC6 , 1999, FSE.

[377] Ali Aydin Selçuk,et al. A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[378] David A. Cox,et al. Ideals, Varieties, and Algorithms , 1997 .

[379] Oded Goldreich,et al. On the power of cascade ciphers , 1985, TOCS.

[380] Hideki Imai,et al. Comparison Between XL and Gröbner Basis Algorithms , 2004, ASIACRYPT.

[381] Xiaoyun Wang,et al. How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[382] John Black,et al. On the Impossibility of Highly-Efficient Blockcipher-Based Hash Functions , 2005, EUROCRYPT.

[383] Kwangjo Kim,et al. Reconstruction of s2DES S-boxes and their Immunity to Differential Cryptanalysis , 1993 .

[384] Zulfikar Ramzan,et al. On the Round Security of Symmetric-Key Cryptographic Primitives , 2000, CRYPTO.

[385] Vincent Rijmen,et al. Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds , 1993, CRYPTO.

[386] Thomas Pornin,et al. Optimal Resistance Against the Davies and Murphy Attack , 1998, ASIACRYPT.

[387] Florian Mendel,et al. Cryptanalysis of MDC-2 , 2009, EUROCRYPT.

[388] Kaoru Kurosawa,et al. Round Security and Super-Pseudorandomness of MISTY Type Structure , 2001, FSE.

[389] John Manferdelli,et al. DES Has No Per Round Linear Factors , 1985, CRYPTO.

[390] Lars R. Knudsen,et al. Block Ciphers: Analysis, Design and Applications , 1994 .

[391] Jan-Hendrik Evertse,et al. Linear Structures in Blockciphers , 1987, EUROCRYPT.

[392] Craig Gentry,et al. Eliminating Random Permutation Oracles in the Even-Mansour Cipher , 2004, ASIACRYPT.

[393] Robert S. Winternitz. Producing a One-Way Hash Function from DES , 1983, CRYPTO.

[394] Martin E. Hellman,et al. Time-memory-processor trade-offs , 1988, IEEE Trans. Inf. Theory.

[395] Howard M. Heys,et al. A Timing Attack on RC5 , 1998, Selected Areas in Cryptography.

[396] Vincent Rijmen,et al. Cryptanalysis of McGuffin , 1994, FSE.

[397] Jongsung Kim,et al. Related-Key Rectangle Attacks on Reduced AES-192 and AES-256 , 2007, FSE.

[398] Kenji Koyama,et al. How to Strengthen DES-like Cryptosystems against Differential Cryptanalysis (Special Section on Cryptography and Information Security) , 1993 .

[399] Antoine Joux. Cryptanalysis of the EMD Mode of Operation , 2003, EUROCRYPT.

[400] R. R. Jueneman,et al. Analysis of Certain Aspects of Output Feedback Mode , 1982, CRYPTO.

[401] R. Forre,et al. Methods and instruments for designing S-boxes , 1990, Journal of Cryptology.

[402] Eli Biham,et al. In How Many Ways Can You Write Rijndael? , 2002, ASIACRYPT.

[403] Jovan Dj. Golic,et al. A Unified Markow Approach to Differential and Linear Cryptanalysis , 1994, ASIACRYPT.

[404] Roger M. Needham,et al. TEA, a Tiny Encryption Algorithm , 1994, FSE.

[405] Markku-Juhani O. Saarinen. Cryptanalysis of Block Ciphers Based on SHA-1 and MD5 , 2003, FSE.

[406] Michael J. Wiener,et al. DES is not a Group , 1992, CRYPTO.

[407] Lars R. Knudsen,et al. New Attacks on all Double Block Length Hash Functions of Hash Rate 1, including the Parallel-DM , 1994, EUROCRYPT.

[408] Donald W. Davies. Some Regular Properties of the 'Data Encryption Standard' Algorithm , 1982, CRYPTO.

[409] Jean-Didier Legat,et al. Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs , 2003, CHES.

[410] Thomas Jakobson,et al. Cryptanalysis of Block Ciphers with Probabilistic Non-linear Relations of Low Degree , 1998, CRYPTO.

[411] Andrew J. Clark,et al. DESV-1: A Variation of the Data Encryption Standard (DES) , 1994, ASIACRYPT.

[412] Carlisle M. Adams,et al. Good S-Boxes Are Easy To Find , 1989, CRYPTO.

[413] Tsutomu Matsumoto,et al. A Strategy for Constructing Fast Round Functions with Practical Security Against Differential and Linear Cryptanalysis , 1998, Selected Areas in Cryptography.

[414] Ulrich Kühn,et al. Improved Cryptanalysis of MISTY1 , 2002, FSE.

[415] Ludger Hemme,et al. A Differential Fault Attack Against Early Rounds of (Triple-)DES , 2004, CHES.

[416] Jennifer Seberry,et al. LOKI - A Cryptographic Primitive for Authentication and Secrecy Applications , 1990, AUSCRYPT.

[417] Josef Pieprzyk,et al. Introducing the new LOKI97 Block Cipher , 1998 .

[418] Jennifer Seberry,et al. Structures of Cryptographic Functions with Strong Avalanche Characteristics (Extended Abstract) , 1994, ASIACRYPT.

[419] Gaëtan Leurent,et al. An Analysis of the XSL Algorithm , 2005, ASIACRYPT.

[420] Yvo Desmedt,et al. Propagation Characteristics of the DES , 1984, EUROCRYPT.

[421] Paul C. van Oorschot,et al. White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[422] Lars R. Knudsen,et al. A Differential Attack on Reduced-Round SC2000 , 2001, Selected Areas in Cryptography.

[423] Ueli Maurer,et al. Luby-Rackoff Ciphers from Weak Round Functions? , 2006, EUROCRYPT.

[424] Wenling Wu,et al. Cryptanalysis of Reduced-Round SMS4 Block Cipher , 2008, ACISP.

[425] Peter C. Wayner,et al. Content-Addressable Search Engines and DES-like Systems , 1992, CRYPTO.

[426] Carlo Harpes,et al. Partitioning Cryptanalysis , 1997, FSE.

[427] Marine Minier,et al. Stochastic Cryptanalysis of Crypton , 2000, FSE.

[428] Sean Murphy,et al. The effectiveness of the linear hull effect , 2012, J. Math. Cryptol..

[429] Mark Blunden,et al. Related Key Attacks on Reduced Round KASUMI , 2001, FSE.

[430] D. Kahn. The codebreakers : the story of secret writing , 1968 .

[431] Jennifer Seberry,et al. Further Observations on the Structure of the AES Algorithm , 2003, FSE.

[432] Lars R. Knudsen,et al. Provable security against a differential attack , 1994, Journal of Cryptology.

[433] Yukiyasu Tsunoo,et al. Impossible Differential Cryptanalysis of CLEFIA , 2008, FSE.

[434] Kazuhiro Yokoyama,et al. The Block Cipher SC2000 , 2001, FSE.

[435] Kaisa Nyberg,et al. Multidimensional Extension of Matsui's Algorithm 2 , 2009, FSE.

[436] Eli Biham,et al. How to Strengthen DES Using Existing Hardware , 1994, ASIACRYPT.

[437] G.E. Moore,et al. Cramming More Components Onto Integrated Circuits , 1998, Proceedings of the IEEE.

[438] Eli Biham,et al. Miss in the Middle Attacks on IDEA and Khufu , 1999, FSE.

[439] Susan Landau,et al. Polynomials in the Nation's Service: Using Algebra to Design the Advanced Encryption Standard , 2004, Am. Math. Mon..

[440] Thilo Zieschang. Combinatorial Properties of Basic Encryption Operations (Extended Abstract) , 1997, EUROCRYPT.

[441] Matt Henricksen,et al. Bit-Pattern Based Integral Attack , 2008, FSE.

[442] Kaisa Nyberg,et al. On the Construction of Highly Nonlinear Permutations , 1992, EUROCRYPT.

[443] Kouichi Itoh,et al. A Very Compact Hardware Implementation of the MISTY1 Block Cipher , 2008, CHES.

[444] Orr Dunkelman,et al. A New Attack on the LEX Stream Cipher , 2008, ASIACRYPT.

[445] Sangjin Lee,et al. Saturation Attacks on Reduced Round Skipjack , 2002, FSE.

[446] Ronald L. Rivest,et al. The RC5 Encryption Algorithm , 1994, FSE.

[447] Jacques Stern,et al. Differential Cryptanalysis for Multivariate Schemes , 2005, EUROCRYPT.

[448] Ed Dawson,et al. Comparison of Block Ciphers , 1990, AUSCRYPT.

[449] Ali Aydin Selçuk,et al. On Probability of Success in Linear and Differential Cryptanalysis , 2008, Journal of Cryptology.

[450] Serge Vaudenay,et al. FOX : A New Family of Block Ciphers , 2004, Selected Areas in Cryptography.

[451] William Millan,et al. Efficient Methods for Generating MARS-Like S-Boxes , 2000, FSE.

[452] Antoine Joux,et al. A Statistical Attack on RC6 , 2000, FSE.

[453] Jung Hee Cheon,et al. S-boxes with Controllable Nonlinearity , 1999, EUROCRYPT.

[454] Lars R. Knudsen,et al. Cryptanalysis of LOKI , 1991, ASIACRYPT.

[455] David A. Wagner,et al. Truncated Differentials and Skipjack , 1999, CRYPTO.

[456] Johannes Blömer,et al. Provably Secure Masking of AES , 2004, IACR Cryptol. ePrint Arch..

[457] Sean Murphy. The cryptanalysis of FEAL-4 with 20 chosen plaintexts , 2004, Journal of Cryptology.

[458] Matt Henricksen,et al. Cryptanalysis of the CRUSH Hash Function , 2007, Selected Areas in Cryptography.

[459] Moses D. Liskov,et al. On Tweaking Luby-Rackoff Blockciphers , 2007, ASIACRYPT.

[460] Robert H. Deng,et al. Cryptanalysis of Rijmen-Preneel Trapdoor Ciphers , 1998, ASIACRYPT.

[461] Kaisa Nyberg,et al. Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[462] Josef Pieprzyk,et al. Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[463] Johannes A. Buchmann,et al. A Zero-Dimensional Gröbner Basis for AES-128 , 2006, FSE.

[464] Matthew J. B. Robshaw,et al. Non-Linear Approximations in Linear Cryptanalysis , 1996, EUROCRYPT.

[465] Eli Biham,et al. New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[466] Matthew J. B. Robshaw,et al. Small Scale Variants of the AES , 2005, FSE.

[467] Donald W. Davies,et al. Some Regular Properties of the DES , 1981, CRYPTO.

[469] Mike Bond,et al. Experience Using a Low-Cost FPGA Design to Crack DES Keys , 2002, CHES.

[470] Christof Paar,et al. A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[471] Takeshi Koshiba,et al. Multiple Linear Cryptanalysis of a Reduced Round RC6 , 2002, FSE.

[472] Chae Hoon Lim,et al. A Revised Version of Crypton - Crypton V1.0 , 1999, FSE.

[473] Sean Murphy. An Analysis of SAFER , 1998, Journal of Cryptology.

[474] Seokhie Hong,et al. Known-IV, Known-in-Advance-IV, and Replayed-and-Known-IV Attacks on Multiple Modes of Operation of Block Ciphers , 2006, Journal of Cryptology.

[475] Rainer A. Rueppel,et al. Attacks on the HKM/HFX Cryptosystem , 1996, FSE.

[476] Joan Feigenbaum,et al. A formal treatment of remotely keyed encryption , 1998, SODA '99.

[477] Martin E. Hellman,et al. On the security of multiple encryption , 1981, CACM.

[478] Mihir Bellare,et al. Luby-Rackoff Backwards: Increasing Security by Making Block Ciphers Non-invertible , 1998, EUROCRYPT.

[479] Chae Hoon Lim,et al. mCrypton - A Lightweight Block Cipher for Security of Low-Cost RFID Tags and Sensors , 2005, WISA.

[481] Cihangir Tezcan,et al. Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT , 2009, ACISP.

[482] Bruce Schneier,et al. The Electronic Privacy Papers , 2007 .

[483] Ron Rivest. A Description of the RC2(r) Encryption Algorithm , 1998, RFC.

[484] Håvard Raddum,et al. More Dual Rijndaels , 2004, AES Conference.

[485] Bert den Boer. Cryptanalysis of F.E.A.L , 1988, EUROCRYPT.

[486] Vincent Rijmen,et al. Improved Characteristics for Differential Cryptanalysis of Hash Functions Based on Block Ciphers , 1994, FSE.

[487] Jean-Jacques Quisquater,et al. Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent , 2008, FSE.

[488] Ali Aydin Selçuk. New Results in Linear Cryptanalysis of RC5 , 1998, FSE.

[489] Frank A. Feldman. Fast Spectral Tests for Measuring Nonrandomness and the DES , 1987, CRYPTO.

[490] H. Feistel. Cryptography and Computer Privacy , 1973 .

[491] Paul C. van Oorschot,et al. A Known Plaintext Attack on Two-Key Triple Encryption , 1991, EUROCRYPT.

[492] Jacques Patarin,et al. Security of Random Feistel Schemes with 5 or More Rounds , 2004, CRYPTO.

[493] Jennifer Seberry,et al. Relationships among Nonlinearity Criteria (extended Abstract) , 1994 .

[494] Kyoji Shibutani,et al. Improving Immunity of Feistel Ciphers against Differential Cryptanalysis by Using Multiple MDS Matrices , 2004, FSE.

[495] Eli Biham. Cryptanalysis of Triple Modes of Operation , 1999, Journal of Cryptology.

[496] Kazuo Ohta,et al. Linear Cryptanalysis of the Fast Data Encipherment Algorithm , 1994, CRYPTO.

[497] David Pointcheval,et al. (Semantic Security and Pseudo-Random Permutations) , 2004 .

[498] Mihir Bellare,et al. The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[499] Eli Biham,et al. On Matsui's Linear Cryptanalysis , 1994, EUROCRYPT.

[500] J. A. Gordon,et al. Are Big S-Boxes Best? , 1982, EUROCRYPT.

[501] Takeshi Sugawara,et al. High-Performance Concurrent Error Detection Scheme for AES Hardware , 2008, CHES.

[502] Lars R. Knudsen,et al. Truncated and Higher Order Differentials , 1994, FSE.

[503] Henri Gilbert,et al. A Known Plaintext Attack of FEAL-4 and FEAL-6 , 1991, CRYPTO.

[504] Stefan Lucks. Two-Pass Authenticated Encryption Faster Than Generic Composition , 2005, FSE.

[505] Ronald L. Rivest,et al. Improved Analysis of Some Simplified Variants of RC6 , 1999, FSE.

[506] Serge Vaudenay,et al. How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.

[507] Serge Vaudenay,et al. On the Pseudorandomness of Top-Level Schemes of Block Ciphers , 2000, ASIACRYPT.

[508] Jennifer Seberry,et al. Key Scheduling In Des Type Cryptosystems , 1990, AUSCRYPT.

[509] Sangjin Lee,et al. Impossible Differential Cryptanalysis of Zodiac , 2001, FSE.

[510] Paul C. van Oorschot,et al. Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude , 1996, CRYPTO.

[511] Kaoru Kurosawa,et al. On the Pseudorandomness of the AES Finalists - RC6 and Serpent , 2000, FSE.

[512] Luke O'Connor,et al. Enumerating Nondegenerate Permutations , 1991, EUROCRYPT.

[513] Alex Biryukov,et al. Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[514] Mihir Bellare,et al. Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography , 2000, ASIACRYPT.

[515] Christof Paar,et al. Fast DES Implementation for FPGAs and Its Application to a Universal Key-Search Machine , 1998, Selected Areas in Cryptography.

[516] Willi Meier,et al. On the Security of the IDEA Block Cipher , 1994, EUROCRYPT.

[517] Vincent Rijmen,et al. Known-Key Distinguishers for Some Block Ciphers , 2007, ASIACRYPT.

[518] Vincent Rijmen,et al. On the Design and Security of RC2 , 1998, FSE.

[519] Thomas Shrimpton,et al. Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem , 2006, IACR Cryptol. ePrint Arch..

[520] Alex Biryukov,et al. Advanced Slide Attacks , 2000, EUROCRYPT.

[521] Eli Biham,et al. Cryptanalysis of Multiple Modes of Operation , 1994, Journal of Cryptology.

[522] J. Seberry,et al. Relationships among nonlinearity criteria , 1994 .

[523] Jacques Patarin,et al. About Feistel Schemes with Six (or More) Rounds , 1998, FSE.

[524] Hideki Imai,et al. A Recursive Construction Method of S-boxes Satisfying Strict Avalanche Criterion , 1990, CRYPTO.

[525] Jakob Jonsson,et al. On the Security of CTR + CBC-MAC , 2002, Selected Areas in Cryptography.

[526] Eli Biham,et al. Cryptanalysis of the ANSI X9.52 CBCM mode , 2001, Journal of Cryptology.

[527] Bruce Schneier,et al. Cryptanalysis of the Cellular Encryption Algorithm , 1997, CRYPTO.

[528] Ingrid Schaumüller-Bichl,et al. Zur Analyse des Data encryption standard und Synthese verwandter Chiffriersysteme , 1982 .

[529] Howard M. Heys,et al. A TUTORIAL ON LINEAR AND DIFFERENTIAL CRYPTANALYSIS , 2002, Cryptologia.

[530] Chao Li,et al. New Observation on Camellia , 2005, Selected Areas in Cryptography.

[531] Philip Hawkes,et al. Differential-Linear Weak Key Classes of IDEA , 1998, EUROCRYPT.

[532] Mitsuru Matsui,et al. The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[533] David A. Wagner,et al. Tweakable Block Ciphers , 2002, CRYPTO.

[534] Stefan Lucks,et al. Faster Luby-Rackoff Ciphers , 1996, FSE.

[535] John Black,et al. A Block-Cipher Mode of Operation for Parallelizable Message Authentication , 2002, EUROCRYPT.

[536] Hans Eberle,et al. A High-Speed DES Implementation for Network Applications , 1992, CRYPTO.

[537] Jiqiang Lu. Attacking Reduced-Round Versions of the SMS4 Block Cipher in the Chinese WAPI Standard , 2007, ICICS.

[538] Joos Vandewalle,et al. Propagation Characteristics of Boolean Functions , 1991, EUROCRYPT.

[539] Stefan Lucks,et al. Attacking Triple Encryption , 1998, FSE.

[540] Matthew J. B. Robshaw,et al. Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[541] Ali Aydin Selçuk,et al. Improved DST Cryptanalysis of IDEA , 2006, Selected Areas in Cryptography.

[542] Kaisa Nyberg,et al. Generalized Feistel Networks , 1996, ASIACRYPT.

[543] Kazumaro Aoki,et al. Best Differential Characteristic Search of FEAL , 1996, FSE.

[544] Louis Goubin,et al. Cryptanalysis of white box DES implementations , 2007, IACR Cryptol. ePrint Arch..

[545] Jacques Stern,et al. Linear Cryptanalysis of Non Binary Ciphers , 2007, Selected Areas in Cryptography.

[546] Thomas A. Berson,et al. Long Key Variants of DES , 1982, CRYPTO.

[547] Bruce Schneier,et al. On the Twofish Key Schedule , 1998, Selected Areas in Cryptography.

[548] Shai Halevi,et al. MARS - a candidate cipher for AES , 1999 .

[549] Eli Biham,et al. Rigorous Bounds on Cryptanalytic Time/Memory Tradeoffs , 2006, CRYPTO.

[550] Joos Vandewalle,et al. On the time-memory tradeoff between exhaustive key search and table precomputation , 1998 .

[551] Jongsung Kim,et al. Amplified Boomerang Attack against Reduced-Round SHACAL , 2002, ASIACRYPT.

[552] Kenji Ohkuma,et al. Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis , 2009, Selected Areas in Cryptography.

[553] Adi Shamir,et al. A T=O(2n/2), S=O(2n/4) Algorithm for Certain NP-Complete Problems , 1981, SIAM J. Comput..

[554] Kaisa Nyberg,et al. Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[555] Serge Vaudenay,et al. On the Lai-Massey Scheme , 1999, ASIACRYPT.

[556] Mohammad Umar Siddiqi,et al. Generalised impossible differentials of advanced encryption standard , 2001 .

[557] Matthew J. B. Robshaw,et al. Algebraic aspects of the advanced encryption standard , 2006 .

[558] John Black,et al. CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions , 2000, Journal of Cryptology.

[559] Kwangjo Kim,et al. Construction of DES-like S-boxes Based on Boolean Functions Satisfyieng the SAC , 1991, ASIACRYPT.

[560] Christophe Giraud,et al. Provably Secure S-Box Implementation Based on Fourier Transform , 2006, CHES.

[561] D. Garling,et al. Algebra, Volume 1 , 1969, Mathematical Gazette.

[562] Christof Paar,et al. A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[563] Stefan Lucks,et al. Attacking 9 and 10 Rounds of AES-256 , 2009, ACISP.

[564] Alan G. Konheim. Cryptography, a primer , 1981 .

[565] Joan Daemen. Cryptanalysis of 2,5 Rounds of IDEA (Extended Abstract) , 1993 .

[566] K. P. Subbalakshmi,et al. On Efficient Message Authentication Via Block Cipher Design Techniques , 2007, ASIACRYPT.

[567] Kaoru Kurosawa,et al. TMAC: Two-Key CBC MAC , 2003, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[568] Philip Hawkes,et al. On Applying Linear Cryptanalysis to IDEA , 1996, ASIACRYPT.

[569] Jovan Dj. Golic,et al. Multiplicative Masking and Power Analysis of AES , 2002, CHES.

[570] Toshinobu Kaneko,et al. Cryptanalysis of Five Rounds of CRYPTON Using Impossible Differentials , 1999, ASIACRYPT.

[571] Thomas W. Cusick,et al. The REDOC II Cryptosystem , 1990, CRYPTO.

[572] Matthew J. B. Robshaw,et al. The Cryptanalysis of Reduced-Round SMS4 , 2009, Selected Areas in Cryptography.

[573] Bruce Schneier,et al. Cryptanalysis of SPEED , 1998, Financial Cryptography.

[574] Jacques Patarin,et al. How to Construct Pseudorandom and Super Pseudorandom Permutations from one Single Pseudorandom Function , 1992, EUROCRYPT.

[575] Susan K. Langford,et al. Differential-Linear Cryptanalysis , 1994, CRYPTO.

[576] Andreea A.S. Ionescu,et al. SECURITY IN COMPUTER NETWORKS , 2012 .

[577] Jacques Patarin,et al. New Results on Pseudorandom Permutation Generators Based on the DES Scheme , 1991, CRYPTO.

[578] Mahmoud Ahmadian,et al. NanoCMOS-Molecular Realization of Rijndael , 2006, CHES.

[579] Lei Hu,et al. Analysis of the SMS4 Block Cipher , 2007, ACISP.

[580] Vincent Rijmen,et al. Differential Cryptanalysis of the ICE Encryption Algorithm , 1998, FSE.

[581] Lars R. Knudsen,et al. Cryptanalysis of LOKI91 , 1992, AUSCRYPT.

[582] Jun-Hui Yang,et al. Patterns of Entropy Drop of the Key in an S-Box of the DES , 1987, CRYPTO.

[583] Vincent Rijmen,et al. Differential Cryptanalysis of Q , 2001, FSE.

[584] Stefan Lucks,et al. Attacking Seven Rounds of Rijndael under 192-bit and 256-bit Keys , 2000, AES Candidate Conference.

[585] Meiqin Wang,et al. Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT , 2009, CANS.

[586] Yevgeniy Dodis,et al. A New Mode of Operation for Block Ciphers and Length-Preserving MACs , 2008, EUROCRYPT.

[587] Jean-Jacques Quisquater,et al. How Easy is Collision Search. New Results and Applications to DES , 1989, CRYPTO.

[588] Xuejia Lai,et al. Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[589] Jongsung Kim,et al. Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192 , 2005, FSE.

[590] Alex Biryukov,et al. Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds , 2010, IACR Cryptol. ePrint Arch..

[591] Yuliang Zheng,et al. The Nonhomomorphicity of Boolean Functions , 1998, Selected Areas in Cryptography.

[592] Louis Granboulan. Flaws in differential cryptanalysis of Skipjack , 2001, IACR Cryptol. ePrint Arch..

[593] Toshinobu Kaneko,et al. Higher Order Differential Attack Using Chosen Higher Order Differences , 1998, Selected Areas in Cryptography.

[594] Yvo Desmedt,et al. The Importance of "Good" Key Scheduling Schemes (How to Make a Secure DES Scheme with <= 48 Bit Keys) , 1986, CRYPTO.

[595] Yishay Mansour,et al. A construction of a cipher from a single pseudorandom permutation , 1997, Journal of Cryptology.

[596] Kazuhiko Minematsu,et al. Improved Security Analysis of XEX and LRW Modes , 2006, Selected Areas in Cryptography.

[597] Charanjit S. Jutla,et al. Encryption Modes with Almost Free Message Integrity , 2001, Journal of Cryptology.

[598] Jorge Nakahara,et al. Cryptanalysis of the ISDB Scrambling Algorithm (MULTI2) , 2009, FSE.

[599] Seokhie Hong,et al. Provable Security against Differential and Linear Cryptanalysis for the SPN Structure , 2000, FSE.

[600] Matthew Kwan,et al. The Design of the ICE Encryption Algorithm , 1997, FSE.

[601] Mihir Bellare,et al. The Security of Cipher Block Chaining , 1994, CRYPTO.

[602] S. Landau. Standing the Test of Time : The Data Encryption Standard , 2000 .

[603] David A. Wagner,et al. Multiplicative Differentials , 2002, FSE.

[604] Christof Paar,et al. On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[605] Eli Biham,et al. Linear Cryptanalysis of Reduced Round Serpent , 2001, FSE.

[606] Ronald L. Rivest,et al. Is DES a Pure Cipher? (Results of More Cycling Experiments on DES) , 1985, CRYPTO.

[607] Joos Vandewalle,et al. Additional Properties in the S-Boxes of the DES , 1986, EUROCRYPT.

[608] Ralph Wernsdorf,et al. The One-Round Functions of the DES Generate the Alternating Group , 1992, EUROCRYPT.

[609] Johannes Blömer,et al. Analysis of countermeasures against access driven cache attacks on AES , 2007, IACR Cryptol. ePrint Arch..

[610] Jongin Lim,et al. On the Security of Rijndael-Like Structures against Differential and Linear Cryptanalysis , 2002, ASIACRYPT.

[611] Alex Biryukov,et al. On Multiple Linear Approximations , 2004, IACR Cryptol. ePrint Arch..

[612] Matthew J. B. Robshaw,et al. The Cryptanalysis of the AES - A Brief Survey , 2004, AES Conference.

[613] Vincent Rijmen,et al. Answer to “new observations on Rijndael” , 2000 .

[614] Carlisle M. Adams,et al. Constructing Symmetric Ciphers Using the CAST Design Procedure , 1997, Des. Codes Cryptogr..

[615] Sean Murphy. Comments on the Security of the AES and the XSL Technique , 2002 .

[616] Olivier Billet,et al. A Traceable Block Cipher , 2003, ASIACRYPT.

[617] John P. Steinberger,et al. The Collision Intractability of MDC-2 in the Ideal Cipher Model , 2007, IACR Cryptol. ePrint Arch..

[618] Moti Yung,et al. A Subliminal Channel in Secret Block Ciphers , 2004, Selected Areas in Cryptography.

[619] Adi Shamir,et al. Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.

[620] Steve Babbage,et al. On MISTY1 Higher Order Differential Cryptanalysis , 2000, ICISC.

[621] Mitsuru Matsui,et al. How to Maximize Software Performance of Symmetric Primitives on Pentium III and 4 Processors , 2005, FSE.

[622] Ralph Wernsdorf,et al. The Round Functions of RIJNDAEL Generate the Alternating Group , 2002, FSE.

[623] Don R. Morrison,et al. Subtractive encryptors: alternatives to the DES , 1983, SIGA.

[624] Kazukuni Kobara,et al. Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis , 2001, ASIACRYPT.

[625] J. Vandewalle,et al. Security and Performance Optimization of a new DES data encryption chip , 1987, ESSCIRC '87: 13th European Solid-State Circuits Conference.

[626] Eli Biham,et al. Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR , 1998, Selected Areas in Cryptography.

[627] Toshinobu Kaneko,et al. On the Strength of KASUMI without FL Functions against Higher Order Differential Attack , 2000, ICISC.

[628] Yvo Desmedt,et al. Related-Key Differential Cryptanalysis of 192-bit Key AES Variants , 2003, Selected Areas in Cryptography.

[629] Eli Biham,et al. A Related-Key Rectangle Attack on the Full KASUMI , 2005, ASIACRYPT.

[630] Hideki Imai,et al. CRYPTREC Project - Cryptographic Evaluation Project for the Japanese Electronic Government , 2000, ASIACRYPT.

[631] Luke O'Connor,et al. Properties of Linear Approximation Tables , 1994, FSE.

[632] Vincent Rijmen,et al. The Cipher SHARK , 1996, FSE.

[633] Alex Biryukov,et al. A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms , 2003, EUROCRYPT.

[634] Ueli Maurer,et al. Non-Expanding, Key-Minimal, Robustly-Perfect, Linear and Bilinear Ciphers , 1987, EUROCRYPT.

[635] Christof Paar,et al. New Designs in Lightweight Symmetric Encryption , 2008 .

[636] Sean Murphy,et al. Pairs and triplets of DES S-boxes , 2004, Journal of Cryptology.

[637] Luke O'Connor,et al. On the Distribution of Characteristics in Composite Permutations , 1993, CRYPTO.

[638] Bruce Schneier,et al. Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[639] Robert H. Deng,et al. Improved Truncated Differential Attacks on SAFER , 1998, ASIACRYPT.

[640] Andrey Bogdanov,et al. PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[641] Moni Naor,et al. On the Construction of Pseudorandom Permutations: Luby—Rackoff Revisited , 1996, Journal of Cryptology.

[642] Eli Biham,et al. New Combined Attacks on Block Ciphers , 2005, FSE.

[643] Serge Vaudenay,et al. On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER , 1994, FSE.

[644] Bruce Schneier,et al. The MacGuffin Block Cipher Algorithm , 1994, FSE.

[645] Bart Preneel,et al. On the Security of Double and 2-Key Triple Modes of Operation , 1999, FSE.

[646] J.L. Smith,et al. Some cryptographic techniques for machine-to-machine data communications , 1975, Proceedings of the IEEE.

[647] Josef Pieprzyk,et al. Comments on Soviet Encryption Algorithm , 1994, EUROCRYPT.

[648] Dengguo Feng,et al. Improved Related-Key Impossible Differential Attacks on Reduced-Round AES-192 , 2006, Selected Areas in Cryptography.

[649] J. Faugère. A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[650] Eli Biham,et al. New Types of Cryptanalytic Attacks Using related Keys (Extended Abstract) , 1994, EUROCRYPT.

[651] Henk Meijer,et al. Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael , 2001, Selected Areas in Cryptography.

[652] Bruce Schneier,et al. Improved Cryptanalysis of Rijndael , 2000, FSE.

[653] John O. Pliam. A polynomial-time universal security amplifier in the class of block ciphers , 2001, Commun. Inf. Syst..

[654] Elena Trichina,et al. Simplified Adaptive Multiplicative Masking for AES , 2002, CHES.

[655] Matthew J. B. Robshaw,et al. New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[656] Joos Vandewalle,et al. Correlation Matrices , 1994, FSE.

[657] Marine Minier,et al. A Collision Attack on 7 Rounds of Rijndael , 2000, AES Candidate Conference.

[658] Kouichi Sakurai,et al. Improving Linear Cryptanalysis of LOKI91 by Probabilistic Counting Method , 1997, FSE.

[659] Jacques Patarin,et al. Generic Attacks on Feistel Schemes , 2001, ASIACRYPT.

[660] Alex Biryukov,et al. The Boomerang Attack on 5 and 6-Round Reduced AES , 2004, AES Conference.

[661] Kenneth G. Paterson,et al. A weak cipher that generates the symmetric group , 1994, Journal of Cryptology.

[662] Stefan Lucks,et al. How to Make DES-based Smartcards fit for the 21-st Century , 2000, CARDIS.

[663] Kris Gaj,et al. Very Compact FPGA Implementation of the AES Algorithm , 2003, CHES.

[664] Serge Vaudenay,et al. A Universal Encryption Standard , 1999, Selected Areas in Cryptography.

[665] Seokhie Hong,et al. Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST , 2004, FSE.

[666] Seungjoo Kim,et al. Differential and linear cryptanalysis for 2-round SPNs , 2003, Inf. Process. Lett..

[667] Donald W. Davies,et al. The average Cycle size of the Key-Stream in Output Feedback Encipherment , 1982, EUROCRYPT.

[668] Lars R. Knudsen,et al. DES-X (or DESX) , 2005, Encyclopedia of Cryptography and Security.

[669] David A. Wagner,et al. Markov Truncated Differential Cryptanalysis of Skipjack , 2002, Selected Areas in Cryptography.

[670] Josef Pieprzyk,et al. How to Construct Pseudorandom Permutations from Single Pseudorandom Functions , 1991, EUROCRYPT.

[671] Tim Good,et al. AES on FPGA from the Fastest to the Smallest , 2005, CHES.

[672] Pascal Junod,et al. On the Optimality of Linear, Differential, and Sequential Distinguishers , 2003, EUROCRYPT.

[673] J. Faugère. A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[674] Susan Landau,et al. Privacy on the Line , 1998 .