{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,3,2]],"date-time":"2024-03-02T01:57:46Z","timestamp":1709344666389},"reference-count":65,"publisher":"Walter de Gruyter GmbH","issue":"1","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,1,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Permutation-based modes have been established for lightweight authenticated encryption, as can be seen from the high interest in the ongoing NIST lightweight competition. However, their security is upper bounded by <jats:italic>O<\/jats:italic>(<jats:italic>\u03c3<\/jats:italic>\n                  <jats:sup>2<\/jats:sup>\/2<jats:italic>\n                     <jats:sup>c<\/jats:sup>\n                  <\/jats:italic>) bits, where <jats:italic>\u03c3<\/jats:italic> are the number of calls and <jats:italic>c<\/jats:italic> is the hidden capacity of the state. The development of more schemes that provide higher security bounds led to the CHES\u201918 proposal Beetle that raised the bound to <jats:italic>O<\/jats:italic>(<jats:italic>r\u03c3<\/jats:italic>\/2<jats:italic>\n                     <jats:sup>c<\/jats:sup>\n                  <\/jats:italic>), where <jats:italic>r<\/jats:italic> is the public rate of the state.<\/jats:p>\n               <jats:p>While authenticated encryption can be performed in an on-line manner, authenticated decryption assumes that the resulting plaintext is buffered and never released if the corresponding tag is incorrect. Since lightweight devices may lack the resources for buffering, additional robustness guarantees, such as integrity under release of unverified plaintexts (I<jats:sc>nt<\/jats:sc>-RUP), are desirable. In this stronger setting, the security of the established schemes, including Beetle, is limited by <jats:italic>O<\/jats:italic>(<jats:italic>q<jats:sub>p<\/jats:sub>q<jats:sub>d<\/jats:sub>\n                  <\/jats:italic>\/2<jats:italic>\n                     <jats:sup>c<\/jats:sup>\n                  <\/jats:italic>), where <jats:italic>q<jats:sub>d<\/jats:sub>\n                  <\/jats:italic> is the maximal number of decryption queries, and <jats:italic>q<jats:sub>p<\/jats:sub>\n                  <\/jats:italic> that of off-line primitive queries, which motivates novel approaches.<\/jats:p>\n               <jats:p>This work proposes Oribatida, a permutation-based AE scheme that derives <jats:italic>s<\/jats:italic>-bit masks from previous permutation outputs to mask ciphertext blocks. Oribatida can provide a security bound of <jats:italic>O<\/jats:italic>(<jats:italic>r\u03c3<\/jats:italic>\n                  <jats:sup>2<\/jats:sup>\/<jats:sup>\n                     <jats:italic>c<\/jats:italic>+<jats:italic>s<\/jats:italic>\n                  <\/jats:sup>), which allows smaller permutations for the same level of security. It provides a security level dominated by \n<jats:inline-formula>\n                     <jats:alternatives>\n                        <jats:inline-graphic xmlns:xlink=\"http:\/\/www.w3.org\/1999\/xlink\" xlink:href=\"graphic\/j_jmc-2020-0018_ineq_238.png\" \/>\n                        <m:math xmlns:m=\"http:\/\/www.w3.org\/1998\/Math\/MathML\" display=\"inline\">\n                           <m:mrow>\n                              <m:mi>O<\/m:mi>\n                              <m:mo stretchy=\"false\">(<\/m:mo>\n                              <m:msubsup>\n                                 <m:mo>\u03c3<\/m:mo>\n                                 <m:mi>d<\/m:mi>\n                                 <m:mn>2<\/m:mn>\n                              <\/m:msubsup>\n                              <m:msup>\n                                 <m:mrow>\n                                    <m:mo>\/<\/m:mo>\n                                    <m:mn>2<\/m:mn>\n                                 <\/m:mrow>\n                                 <m:mi>c<\/m:mi>\n                              <\/m:msup>\n                              <m:mo stretchy=\"false\">)<\/m:mo>\n                           <\/m:mrow>\n                        <\/m:math>\n                        <jats:tex-math>O(\\sigma_d^2{\/2^c})<\/jats:tex-math>\n                     <\/jats:alternatives>\n                  <\/jats:inline-formula>\n under I<jats:sc>nt<\/jats:sc>-RUP adversaries, which eliminates the dependency on primitive queries. We prove its security under nonce-respecting and I<jats:sc>nt<\/jats:sc>-RUP adversaries. We show that our I<jats:sc>nt<\/jats:sc>-RUP bound is tight and show general attacks on previous constructions.<\/jats:p>","DOI":"10.1515\/jmc-2020-0018","type":"journal-article","created":{"date-parts":[[2021,2,20]],"date-time":"2021-02-20T23:38:22Z","timestamp":1613864302000},"page":"305-344","source":"Crossref","is-referenced-by-count":5,"title":["The Oribatida v1.3 Family of Lightweight Authenticated Encryption Schemes"],"prefix":"10.1515","volume":"15","author":[{"given":"Arghya","family":"Bhattacharjee","sequence":"first","affiliation":[{"name":"Applied Statistics Unit, Indian Statistical Institute , Kolkata , India"}]},{"given":"Cuauhtemoc Mancillas","family":"L\u00f3pez","sequence":"additional","affiliation":[{"name":"Computer Science Department , CINVESTAV-IPN , Mexico , Mexico"}]},{"given":"Eik","family":"List","sequence":"additional","affiliation":[{"name":"Bauhaus-Universit\u00e4t Weimar , Weimar , Germany"}]},{"given":"Mridul","family":"Nandi","sequence":"additional","affiliation":[{"name":"Applied Statistics Unit, Indian Statistical Institute , Kolkata , India"}]}],"member":"374","published-online":{"date-parts":[[2021,1,29]]},"reference":[{"key":"2021081821075367205_j_jmc-2020-0018_ref_001","unstructured":"M. A. Abdelraheem, J. Alizadeh, H. AlKhzaimi, M. R. Aref, N. Bagheri, P. Gauravaram, and M. M. Lauridsen. Improved Linear Cryptanalysis of Round Reduced SIMON. IACR Cryptology ePrint Archive, 2014:681, 2014."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_002","doi-asserted-by":"crossref","unstructured":"M. A. Abdelraheem, J. Alizadeh, H. A. AlKhzaimi, M. R. Aref, N. Bagheri, and P. Gauravaram. Improved Linear Cryptanalysis of Reduced-Round SIMON-32 and SIMON-48. In A. Biryukov and V. Goyal, editors, INDOCRYPT, volume 9462 of LNCS, pages 153\u2013179. Springer, 2015.","DOI":"10.1007\/978-3-319-26617-6_9"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_003","doi-asserted-by":"crossref","unstructured":"F. Abed, E. List, S. Lucks, and J. Wenzel. Differential Cryptanalysis of Round-Reduced Simon and Speck. In C. Cid and C. Rechberger, editors, FSE, volume 8540 of LNCS, pages 525\u2013545. Springer, 2014.","DOI":"10.1007\/978-3-662-46706-0_27"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_004","unstructured":"J. Alizadeh, N. Bagheri, P. Gauravaram, A. Kumar, and S. K. Sanadhya. Linear Cryptanalysis of Round Reduced SIMON. IACR Cryptology ePrint Archive, 2013:663, 2013."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_005","unstructured":"R. AlTawy, G. Gong, M. He, A. Jha, K. Mandal, M. Nandi, and R. Rohit. SpoC: An Authenticated Cipher. Technical report, Feb 24 2019. First-round submission to the NIST Lightweight Cryptography Competition. https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/round-1\/spec-doc\/spoc-spec.pdf."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_006","doi-asserted-by":"crossref","unstructured":"E. Andreeva, B. Bilgin, A. Bogdanov, A. Luykx, B. Mennink, N. Mouha, and K. Yasuda. APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography. In C. Cid and C. Rechberger, editors, FSE, volume 8540 of LNCS, pages 168\u2013186. Springer, 2014.","DOI":"10.1007\/978-3-662-46706-0_9"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_007","doi-asserted-by":"crossref","unstructured":"E. Andreeva, A. Bogdanov, A. Luykx, B. Mennink, N. Mouha, and K. Yasuda. How to Securely Release Unverified Plaintext in Authenticated Encryption. In P. Sarkar and T. Iwata, editors, ASIACRYPT I, volume 8873 of LNCS, pages 105\u2013125. Springer, 2014.","DOI":"10.1007\/978-3-662-45611-8_6"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_008","doi-asserted-by":"crossref","unstructured":"E. Andreeva, J. Daemen, B. Mennink, and G. V. Assche. Security of Keyed Sponge Constructions Using a Modular Proof Approach. In G. Leander, editor, FSE, volume 9054 of LNCS, pages 364\u2013384. Springer, 2015.","DOI":"10.1007\/978-3-662-48116-5_18"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_009","doi-asserted-by":"crossref","unstructured":"J. Aumasson, P. Jovanovic, and S. Neves. NORX: Parallel and Scalable AEAD. In M. Kutylowski and J. Vaidya, editors, ESORICS II, volume 8713 of LNCS, pages 19\u201336. Springer, 2014.","DOI":"10.1007\/978-3-319-11212-1_2"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_010","unstructured":"R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks, and L. Wingers. The SIMON and SPECK Families of Lightweight Block Ciphers. IACR Cryptology ePrint Archive, 2013:404, 2013."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_011","doi-asserted-by":"crossref","unstructured":"M. Bellare, A. Boldyreva, L. R. Knudsen, and C. Namprempre. Online Ciphers and the Hash-CBC Construction. In J. Kilian, editor, CRYPTO, volume 2139 of LNCS, pages 292\u2013309. Springer, 2001.","DOI":"10.1007\/3-540-44647-8_18"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_012","doi-asserted-by":"crossref","unstructured":"M. Bellare and P. Rogaway. Random Oracles are Practical: A Paradigm for Designing Eflcient Protocols. In D. E. Denning, R. Pyle, R. Ganesan, R. S. Sandhu, and V. Ashby, editors, ACM CCS, pages 62\u201373. ACM, 1993.","DOI":"10.1145\/168588.168596"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_013","doi-asserted-by":"crossref","unstructured":"G. Bertoni, J. Daemen, S. Hoffert, M. Peeters, G. V. Assche, and R. V. Keer. Farfalle: parallel permutation-based cryptography. IACR Trans. Symmetric Cryptol., 2017(4):1\u201338, 2017.","DOI":"10.46586\/tosc.v2017.i4.1-38"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_014","doi-asserted-by":"crossref","unstructured":"G. Bertoni, J. Daemen, M. Peeters, and G. V. Assche. On the Indifferentiability of the Sponge Construction. In N. P. Smart, editor, EUROCRYPT, volume 4965 of LNCS, pages 181\u2013197. Springer, 2008.","DOI":"10.1007\/978-3-540-78967-3_11"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_015","doi-asserted-by":"crossref","unstructured":"G. Bertoni, J. Daemen, M. Peeters, and G. V. Assche. Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications. In A. Miri and S. Vaudenay, editors, SAC, volume 7118 of LNCS, pages 320\u2013337. Springer, 2011.","DOI":"10.1007\/978-3-642-28496-0_19"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_016","unstructured":"G. Bertoni, J. Daemen, M. Peeters, and G. V. Assche. Permutation-based encryption, authentication and authenticated encryption. Directions in Authenticated Ciphers, 2012."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_017","unstructured":"G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche. Sponge functions. In ECRYPT hash workshop, volume 2007, 2007."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_018","unstructured":"G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche. On the security of the keyed sponge construction. In SHA-3 competition (round 3), volume 2011, 2011."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_019","unstructured":"G. Bertoni, J. Daemen, M. Peeters, G. van Assche, and R. van Keer. Ketje v2. 2016. Submission to the CAESAR competition http:\/\/competitions.cr.yp.to\/caesar-submissions.html."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_020","unstructured":"G. Bertoni, J. Daemen, M. Peeters, G. van Assche, and R. van Keer. Keyak v2. 2016. Submission to the CAESAR competition http:\/\/competitions.cr.yp.to\/caesar-submissions.html."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_021","unstructured":"A. Bhattacharjee, E. List, C. M. L\u00f3pez, and M. Nandi. The Oribatida Family of Lightweight Authenticated Encryption Schemes Version v1.2. Technical report, Sep 27 2019. Second-round submission to the NIST Lightweight Cryptography Competition. https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/lightweight-cryptography\/documents\/round-2\/spec-doc-rnd2\/oribatida-spec-round2.pdf."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_022","doi-asserted-by":"crossref","unstructured":"A. Biryukov, A. Roy, and V. Velichkov. Differential Analysis of Block Ciphers SIMON and SPECK. In C. Cid and C. Rechberger, editors, FSE, volume 8540 of LNCS, pages 546\u2013570. Springer, 2014.","DOI":"10.1007\/978-3-662-46706-0_28"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_023","doi-asserted-by":"crossref","unstructured":"J. Black and P. Rogaway. A Block-Cipher Mode of Operation for Parallelizable Message Authentication. In L. R. Knudsen, editor, EUROCRYPT, volume 2332 of LNCS, pages 384\u2013397. Springer, 2002.","DOI":"10.1007\/3-540-46035-7_25"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_024","unstructured":"A. Chakraborti, N. Datta, A. Jha, C. M. Lopez, M. Nandi, and Y. Sasaki. LOTUS-AEAD and LOCUS-AEAD. Technical report, Feb 26 2019. First-round submission to the NIST Lightweight Cryptography Competition. https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/round-1\/spec-doc\/lotus-aead-and-locus-aead-spec.pdf."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_025","doi-asserted-by":"crossref","unstructured":"A. Chakraborti, N. Datta, M. Nandi, and K. Yasuda. Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018(2):218\u2013241, 2018. Updated version at https:\/\/eprint.iacr.org\/2018\/805.","DOI":"10.46586\/tches.v2018.i2.218-241"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_026","doi-asserted-by":"crossref","unstructured":"A. Chakraborti, N. Datta, M. Nandi, and K. Yasuda. Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers. http:\/\/eprint.iacr.org\/2018\/805, 2018.","DOI":"10.46586\/tches.v2018.i2.218-241"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_027","unstructured":"A. Chakraborti, A. Jha, C. M. Lopez, M. Nandi, and Y. Sasaki. ESTATE. Technical report, Mar 29 2019. First-round submission to the NIST Lightweight Cryptography Competition. https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/round-1\/spec-doc\/spoc-spec.pdf."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_028","unstructured":"D. Chang, M. Dworkin, S. Hong, J. Kelsey, and M. Nandi. A Keyed Sponge Construction with Pseudorandomness in the Standard Model. In The Third SHA-3 Candidate Conference, volume 3, page 7, March 2012."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_029","doi-asserted-by":"crossref","unstructured":"H. Chen and X. Wang. Improved Linear Hull Attack on Round-Reduced Simon with Dynamic Key-Guessing Techniques. In T. Peyrin, editor, FSE, volume 9783 of LNCS, pages 428\u2013449. Springer, 2016.","DOI":"10.1007\/978-3-662-52993-5_22"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_030","doi-asserted-by":"crossref","unstructured":"S. Chen and J. P. Steinberger. Tight Security Bounds for Key-Alternating Ciphers. In P. Q. Nguyen and E. Oswald, editors, EUROCRYPT, volume 8441 of LNCS, pages 327\u2013350. Springer, 2014. Full version at https:\/\/eprint.iacr.org\/2013\/222.","DOI":"10.1007\/978-3-642-55220-5_19"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_031","doi-asserted-by":"crossref","unstructured":"J. Coron, Y. Dodis, A. Mandal, and Y. Seurin. A Domain Extender for the Ideal Cipher. In D. Micciancio, editor, TCC, volume 5978 of LNCS, pages 273\u2013289. Springer, 2010. Full version at https:\/\/eprint.iacr.org\/2009\/356.","DOI":"10.1007\/978-3-642-11799-2_17"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_032","doi-asserted-by":"crossref","unstructured":"J. Daemen, B. Mennink, and G. V. Assche. Full-State Keyed Duplex with Built-In Multi-user Support. In T. Takagi and T. Peyrin, editors, ASIACRYPT II, volume 10625 of LNCS, pages 606\u2013637. Springer, 2017.","DOI":"10.1007\/978-3-319-70697-9_21"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_033","doi-asserted-by":"crossref","unstructured":"I. Dinur, O. Dunkelman, M. Gutman, and A. Shamir. Improved Top-Down Techniques in Differential Cryptanalysis. In K. E. Lauter and F. Rodr\u00edguez-Henr\u00edquez, editors, LATINCRYPT, volume 9230 of LNCS, pages 139\u2013156. Springer, 2015.","DOI":"10.1007\/978-3-319-22174-8_8"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_034","unstructured":"C. Dobraunig, M. Eichlseder, F. Mendel, and M. Schl\u00e4ffer. Ascon v1.2 Submission to the CAESAR Competition. September 15 2016. Submission to the CAESAR competition. http:\/\/competitions.cr.yp.to\/caesar-submissions.html."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_035","doi-asserted-by":"crossref","unstructured":"C. Dobraunig and B. Mennink. Security of the Suflx Keyed Sponge. IACR Trans. Symmetric Cryptol., 2019(4):223\u2013248, 2019.","DOI":"10.46586\/tosc.v2019.i4.223-248"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_036","doi-asserted-by":"crossref","unstructured":"M. Dworkin. FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. Technical report, 2015.","DOI":"10.6028\/NIST.FIPS.202"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_037","doi-asserted-by":"crossref","unstructured":"P. Ga\u017ei, K. Pietrzak, and S. Tessaro. The Exact PRF Security of Truncation: Tight Bounds for Keyed Sponges and Truncated CBC. In R. Gennaro and M. Robshaw, editors, CRYPTO I, volume 9215 of LNCS, pages 368\u2013387. Springer, 2015.","DOI":"10.1007\/978-3-662-47989-6_18"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_038","doi-asserted-by":"crossref","unstructured":"S. Halevi. EME*: Extending EME to Handle Arbitrary-Length Messages with Associated Data. In A. Canteaut and K. Viswanathan, editors, INDOCRYPT, volume 3348 of LNCS, pages 315\u2013327. Springer, 2004.","DOI":"10.1007\/978-3-540-30556-9_25"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_039","doi-asserted-by":"crossref","unstructured":"V. T. Hoang, T. Krovetz, and P. Rogaway. Robust Authenticated-Encryption AEZ and the Problem That It Solves. In E. Oswald and M. Fischlin, editors, EUROCRYPT (1), volume 9056 of LNCS, pages 15\u201344. Springer, 2015. Full version at https:\/\/eprint.iacr.org\/2014\/793.","DOI":"10.1007\/978-3-662-46800-5_2"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_040","unstructured":"ISO\/IEC. Information technology \u2013 Automatic identification and data capture techniques \u2013 Part 21: Crypto Suite SIMON Security Services for Air Interface Communications. https:\/\/www.iso.org\/standard\/70388.html, Oct 2018."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_041","doi-asserted-by":"crossref","unstructured":"P. Jovanovic, A. Luykx, and B. Mennink. Beyond 2c\/2 Security in Sponge-Based Authenticated Encryption Modes. In P. Sarkar and T. Iwata, editors, ASIACRYPT I, volume 8873 of LNCS, pages 85\u2013104. Springer, 2014.","DOI":"10.1007\/978-3-662-45611-8_5"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_042","doi-asserted-by":"crossref","unstructured":"S. K\u00f6lbl, G. Leander, and T. Tiessen. Observations on the SIMON Block Cipher Family. In R. Gennaro and M. Robshaw, editors, CRYPTO, volume 9215 of LNCS, pages 161\u2013185. Springer, 2015.","DOI":"10.1007\/978-3-662-47989-6_8"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_043","doi-asserted-by":"crossref","unstructured":"K. Kondo, Y. Sasaki, Y. Todo, and T. Iwata. On the Design Rationale of SIMON Block Cipher: Integral Attacks and Impossible Differential Attacks against SIMON Variants. IEICE Transactions, 101-A(1):88\u201398, 2018.","DOI":"10.1587\/transfun.E101.A.88"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_044","doi-asserted-by":"crossref","unstructured":"Z. Liu, Y. Li, and M. Wang. Optimal Differential Trails in SIMON-like Ciphers. IACR Trans. Symmetric Cryptol., 2017(1):358\u2013379, 2017.","DOI":"10.46586\/tosc.v2017.i1.358-379"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_045","unstructured":"Z. Liu, Y. Li, and M. Wang. The Security of SIMON-like Ciphers Against Linear Cryptanalysis. IACR Cryptology ePrint Archive, 2017:576, 2017."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_046","doi-asserted-by":"crossref","unstructured":"M. Matsui. On Correlation Between the Order of S-boxes and the Strength of DES. In A. D. Santis, editor, EUROCRYPT, volume 950 of LNCS, pages 366\u2013375. Springer, 1994.","DOI":"10.1007\/BFb0053451"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_047","doi-asserted-by":"crossref","unstructured":"U. M. Maurer, R. Renner, and C. Holenstein. Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology. In M. Naor, editor, TCC, volume 2951 of LNCS, pages 21\u201339. Springer, 2004.","DOI":"10.1007\/978-3-540-24638-1_2"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_048","doi-asserted-by":"crossref","unstructured":"B. Mennink. Key Prediction Security of Keyed Sponges. IACR Trans. Symmetric Cryptol., 2018(4):128\u2013149, 2018.","DOI":"10.46586\/tosc.v2018.i4.128-149"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_049","doi-asserted-by":"crossref","unstructured":"B. Mennink, R. Reyhanitabar, and D. Viz\u00e1r. Security of full-state keyed sponge and duplex: Applications to authenticated encryption. In T. Iwata and J. H. Cheon, editors, ASIACRYPT II, volume 9453 of LNCS, pages 465\u2013489. Springer, 2015.","DOI":"10.1007\/978-3-662-48800-3_19"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_050","doi-asserted-by":"crossref","unstructured":"K. Minematsu. Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions. In P. Q. Nguyen and E. Oswald, editors, EUROCRYPT, volume 8441 of LNCS, pages 275\u2013292. Springer, 2014. Full version at https:\/\/eprint.iacr.org\/2013\/628.pdf.","DOI":"10.1007\/978-3-642-55220-5_16"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_051","doi-asserted-by":"crossref","unstructured":"N. Mouha, B. Mennink, A. V. Herrewege, D. Watanabe, B. Preneel, and I. Verbauwhede. Chaskey: An Eflcient MAC Algorithm for 32-bit Microcontrollers. In A. Joux and A. M. Youssef, editors, SAC, volume 8781 of LNCS, pages 306\u2013323. Springer, 2014.","DOI":"10.1007\/978-3-319-13051-4_19"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_052","doi-asserted-by":"crossref","unstructured":"Y. Naito and K. Yasuda. New Bounds for Keyed Sponges with Extendable Output: Independence Between Capacity and Message Length. In T. Peyrin, editor, FSE, volume 9783 of LNCS, pages 3\u201322. Springer, 2016.","DOI":"10.1007\/978-3-662-52993-5_1"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_053","unstructured":"NIST. Submission Requirements and Evaluation Criteria for the Lightweight Cryptography Standardization Process. https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/final-lwc-submission-requirements-august2018.pdf, August 27 2018."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_054","unstructured":"J. Patarin. The \u201cCoeflcients H\u201d Technique. In R. M. Avanzi, L. Keliher, and F. Sica, editors, SAC, volume 5381 of LNCS, pages 328\u2013345. Springer, 2008."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_055","doi-asserted-by":"crossref","unstructured":"H. Raddum. Algebraic Analysis of the Simon Block Cipher Family. In K. E. Lauter and F. Rodr\u00edguez-Henr\u00edquez, editors, LATINCRYPT, volume 9230 of LNCS, pages 157\u2013169. Springer, 2015.","DOI":"10.1007\/978-3-319-22174-8_9"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_056","doi-asserted-by":"crossref","unstructured":"P. Rogaway, M. Bellare, J. Black, and T. Krovetz. OCB: a block-cipher mode of operation for eflcient authenticated encryption. In M. K. Reiter and P. Samarati, editors, ACM-CCS, pages 196\u2013205. ACM, 2001.","DOI":"10.1145\/501983.502011"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_057","doi-asserted-by":"crossref","unstructured":"P. Rogaway and T. Shrimpton. A Provable-Security Treatment of the Key-Wrap Problem. In S. Vaudenay, editor, EUROCRYPT, volume 4004 of LNCS, pages 373\u2013390. Springer, 2006.","DOI":"10.1007\/11761679_23"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_058","unstructured":"R. Rohit and G. Gong. Correlated Sequence Attack on Reduced-Round Simon-32\/64 and Simeck-32\/64. IACR Cryptology ePrint Archive, 2018:699, 2018."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_059","unstructured":"R. Rohit and S. Sarkar. [lwc-forum] ROUND 2 OFFICIAL COMMENT: Oribatida. NIST lwc forum mailing list, 17 September 17:09 2019."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_060","doi-asserted-by":"crossref","unstructured":"C. E. Shannon. Communication theory of secrecy systems. The Bell system technical journal, 28(4):656\u2013715, 1949.","DOI":"10.1002\/j.1538-7305.1949.tb00928.x"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_061","unstructured":"H. Sui, W. Wu, L. Zhang, and D. Zhang. LAEM (Lightweight Authentication Encryption Mode). Technical report, Mar 25 2019. First-round submission to the NIST Lightweight Cryptography Competition. https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Lightweight-Cryptography\/documents\/round-1\/spec-doc\/LAEM-spec.pdf."},{"key":"2021081821075367205_j_jmc-2020-0018_ref_062","doi-asserted-by":"crossref","unstructured":"Y. Todo and M. Morii. Bit-Based Division Property and Application to Simon Family. In T. Peyrin, editor, FSE, volume 9783 of LNCS, pages 357\u2013377. Springer, 2016.","DOI":"10.1007\/978-3-662-52993-5_18"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_063","doi-asserted-by":"crossref","unstructured":"X. Wang, B. Wu, L. Hou, and D. Lin. Automatic Search for Related-Key Differential Trails in SIMON-like Block Ciphers Based on MILP. In L. Chen, M. Manulis, and S. Schneider, editors, ISC, volume 11060 of LNCS, pages 116\u2013131. Springer, 2018.","DOI":"10.1007\/978-3-319-99136-8_7"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_064","doi-asserted-by":"crossref","unstructured":"Z. Xiang, W. Zhang, Z. Bao, and D. Lin. Applying MILP Method to Searching Integral Distinguishers Based on Division Property for 6 Lightweight Block Ciphers. In J. H. Cheon and T. Takagi, editors, ASIACRYPT I, volume 10031 of LNCS, pages 648\u2013678, 2016.","DOI":"10.1007\/978-3-662-53887-6_24"},{"key":"2021081821075367205_j_jmc-2020-0018_ref_065","doi-asserted-by":"crossref","unstructured":"H. Zhang, W. Wu, and Y. Wang. Integral Attack Against Bit-Oriented Block Ciphers. In S. Kwon and A. Yun, editors, ICISC, volume 9558 of LNCS, pages 102\u2013118. Springer, 2015.","DOI":"10.1007\/978-3-319-30840-1_7"}],"container-title":["Journal of Mathematical Cryptology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/jmc-2020-0018\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/jmc-2020-0018\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,8,18]],"date-time":"2021-08-18T21:28:14Z","timestamp":1629322094000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/jmc-2020-0018\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,1]]},"references-count":65,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2020,11,17]]},"published-print":{"date-parts":[[2020,11,17]]}},"alternative-id":["10.1515\/jmc-2020-0018"],"URL":"https:\/\/doi.org\/10.1515\/jmc-2020-0018","relation":{},"ISSN":["1862-2984"],"issn-type":[{"value":"1862-2984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,1,1]]}}}  <script>parent.window.postMessage('ixistenz.url:https://api.crossref.org/works/10.1515%2FJMC-2020-0018', '*'); </script> <div id='browserdiffcontainer' style='position: fixed; right: 10px; top: 10vh; min-width: 60px;  border: 1px solid white; background: rgb(251, 189, 0);; opacity: 0.9; font-family: helvetica, arial, sans serif;  font-size: 12px; z-index: 20001; padding-bottom: 20px;'><div onclick="toggle('browserdiffcontainerlist'); return false;" style='background: rgb(151, 89, 0);; color: white; '><strong>&nbsp; <span class='glyphicon glyphicon-minus'></span> NODES</strong></div><div id='browserdiffcontainerlist' style='padding-left: 10px; padding-right: 5px; max-height: 50vh; overflow: auto; '><div><a href='#diffid884' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:884', '*');; return false;" style='text-decoration: none; '>Idea </a> <a style='color: white;' href='#diffid884'><sup>1</sup></a></div><div><a href='#diffid119' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:119', '*');; return false;" style='text-decoration: none; '>idea </a> <a style='color: white;' href='#diffid119'><sup>1</sup></a></div><div><a href='#diffid115' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:115', '*');; return false;" style='text-decoration: none; '>Project </a> <a style='color: white;' href='#diffid115'><sup>6</sup></a></div><div><a href='#diffid122' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:122', '*');; return false;" style='text-decoration: none; '>todo </a> <a style='color: white;' href='#diffid122'><sup>2</sup></a></div></div></div>
<script>
function toggle( divname ) {
  var x = document.getElementById( divname );
  if (x.style.display === 'none') {
    x.style.display = 'block';
  } else {
    x.style.display = 'none';
  }
} </script>