{"id":"https://openalex.org/W4381429484","doi":"https://doi.org/10.46586/tosc.v2023.i2.189-223","title":"Boosting Differential-Linear Cryptanalysis of ChaCha7 with MILP","display_name":"Boosting Differential-Linear Cryptanalysis of ChaCha7 with MILP","publication_year":2023,"publication_date":"2023-06-16","ids":{"openalex":"https://openalex.org/W4381429484","doi":"https://doi.org/10.46586/tosc.v2023.i2.189-223"},"language":"en","primary_location":{"id":"doi:10.46586/tosc.v2023.i2.189-223","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2023.i2.189-223","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/10983/10416","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tosc.iacr.org/index.php/ToSC/article/download/10983/10416","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5084032744","display_name":"Emanuele Bellini","orcid":"https://orcid.org/0000-0002-2349-0247"},"institutions":[{"id":"https://openalex.org/I4210087059","display_name":"Technology Innovation Institute","ror":"https://ror.org/001kv2y39","country_code":"AE","type":"facility","lineage":["https://openalex.org/I4210087059"]}],"countries":["AE"],"is_corresponding":true,"raw_author_name":"Emanuele Bellini","raw_affiliation_strings":["Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, UAE"],"affiliations":[{"raw_affiliation_string":"Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, UAE","institution_ids":["https://openalex.org/I4210087059"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048652347","display_name":"David G\u00e9rault","orcid":"https://orcid.org/0000-0001-8583-0668"},"institutions":[{"id":"https://openalex.org/I4210087059","display_name":"Technology Innovation Institute","ror":"https://ror.org/001kv2y39","country_code":"AE","type":"facility","lineage":["https://openalex.org/I4210087059"]}],"countries":["AE"],"is_corresponding":false,"raw_author_name":"David Gerault","raw_affiliation_strings":["Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, UAE"],"affiliations":[{"raw_affiliation_string":"Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, UAE","institution_ids":["https://openalex.org/I4210087059"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082735115","display_name":"Juan Grados","orcid":"https://orcid.org/0000-0002-3863-3714"},"institutions":[{"id":"https://openalex.org/I4210087059","display_name":"Technology Innovation Institute","ror":"https://ror.org/001kv2y39","country_code":"AE","type":"facility","lineage":["https://openalex.org/I4210087059"]}],"countries":["AE"],"is_corresponding":false,"raw_author_name":"Juan Grados","raw_affiliation_strings":["Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, UAE"],"affiliations":[{"raw_affiliation_string":"Cryptography Research Centre, Technology Innovation Institute, Abu Dhabi, UAE","institution_ids":["https://openalex.org/I4210087059"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5075496360","display_name":"Rusydi H. Makarim","orcid":"https://orcid.org/0000-0002-3234-4399"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rusydi H. Makarim","raw_affiliation_strings":["Independent Researcher"],"affiliations":[{"raw_affiliation_string":"Independent Researcher","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012053340","display_name":"Thomas Peyrin","orcid":"https://orcid.org/0000-0002-2690-9197"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Thomas Peyrin","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5084032744"],"corresponding_institution_ids":["https://openalex.org/I4210087059"],"apc_list":null,"apc_paid":null,"fwci":3.1526,"has_fulltext":true,"cited_by_count":18,"citation_normalized_percentile":{"value":0.93271151,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"189","last_page":"223"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11017","display_name":"Chaos-based Image/Signal Encryption","score":0.995199978351593,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11130","display_name":"Coding theory and cryptography","score":0.9800999760627747,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/linear-cryptanalysis","display_name":"Linear cryptanalysis","score":0.8859647512435913},{"id":"https://openalex.org/keywords/block-cipher","display_name":"Block cipher","score":0.6959980726242065},{"id":"https://openalex.org/keywords/higher-order-differential-cryptanalysis","display_name":"Higher-order differential cryptanalysis","score":0.6789827346801758},{"id":"https://openalex.org/keywords/impossible-differential-cryptanalysis","display_name":"Impossible differential cryptanalysis","score":0.5792779326438904},{"id":"https://openalex.org/keywords/differential","display_name":"Differential (mechanical device)","score":0.5620800256729126},{"id":"https://openalex.org/keywords/differential-cryptanalysis","display_name":"Differential cryptanalysis","score":0.5542692542076111},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5439505577087402},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.5300713777542114},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.48608162999153137},{"id":"https://openalex.org/keywords/time-complexity","display_name":"Time complexity","score":0.42993980646133423},{"id":"https://openalex.org/keywords/computation","display_name":"Computation","score":0.42577147483825684},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.3865569829940796},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.19968447089195251},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.09744438529014587},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.08495250344276428}],"concepts":[{"id":"https://openalex.org/C82424418","wikidata":"https://www.wikidata.org/wiki/Q1826463","display_name":"Linear cryptanalysis","level":4,"score":0.8859647512435913},{"id":"https://openalex.org/C106544461","wikidata":"https://www.wikidata.org/wiki/Q543151","display_name":"Block cipher","level":3,"score":0.6959980726242065},{"id":"https://openalex.org/C151607707","wikidata":"https://www.wikidata.org/wiki/Q11673206","display_name":"Higher-order differential cryptanalysis","level":5,"score":0.6789827346801758},{"id":"https://openalex.org/C120488936","wikidata":"https://www.wikidata.org/wiki/Q3005748","display_name":"Impossible differential cryptanalysis","level":5,"score":0.5792779326438904},{"id":"https://openalex.org/C93226319","wikidata":"https://www.wikidata.org/wiki/Q193137","display_name":"Differential (mechanical device)","level":2,"score":0.5620800256729126},{"id":"https://openalex.org/C36123800","wikidata":"https://www.wikidata.org/wiki/Q1224471","display_name":"Differential cryptanalysis","level":4,"score":0.5542692542076111},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5439505577087402},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.5300713777542114},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.48608162999153137},{"id":"https://openalex.org/C311688","wikidata":"https://www.wikidata.org/wiki/Q2393193","display_name":"Time complexity","level":2,"score":0.42993980646133423},{"id":"https://openalex.org/C45374587","wikidata":"https://www.wikidata.org/wiki/Q12525525","display_name":"Computation","level":2,"score":0.42577147483825684},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.3865569829940796},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.19968447089195251},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.09744438529014587},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.08495250344276428},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.46586/tosc.v2023.i2.189-223","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2023.i2.189-223","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/10983/10416","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:10c4b21bf2e84678aa734362f76e6f37","is_oa":true,"landing_page_url":"https://doaj.org/article/10c4b21bf2e84678aa734362f76e6f37","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, Vol 2023, Iss 2 (2023)","raw_type":"article"},{"id":"pmh:oai:dr.ntu.edu.sg:10356/171650","is_oa":true,"landing_page_url":"https://hdl.handle.net/10356/171650","pdf_url":null,"source":{"id":"https://openalex.org/S4306402609","display_name":"DR-NTU (Nanyang Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172675005","host_organization_name":"Nanyang Technological University","host_organization_lineage":["https://openalex.org/I172675005"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal Article"}],"best_oa_location":{"id":"doi:10.46586/tosc.v2023.i2.189-223","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2023.i2.189-223","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/10983/10416","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4381429484.pdf"},"referenced_works_count":34,"referenced_works":["https://openalex.org/W5758508","https://openalex.org/W1518716055","https://openalex.org/W1556727271","https://openalex.org/W1574565813","https://openalex.org/W1577801461","https://openalex.org/W1883151075","https://openalex.org/W2109116994","https://openalex.org/W2116206740","https://openalex.org/W2132271754","https://openalex.org/W2336016133","https://openalex.org/W2400479413","https://openalex.org/W2474984267","https://openalex.org/W2495518322","https://openalex.org/W2573641754","https://openalex.org/W2615105912","https://openalex.org/W2941076300","https://openalex.org/W3007085939","https://openalex.org/W3022717772","https://openalex.org/W3030624396","https://openalex.org/W3037810589","https://openalex.org/W3080620279","https://openalex.org/W3082788884","https://openalex.org/W3158476145","https://openalex.org/W3160691049","https://openalex.org/W3179206707","https://openalex.org/W3202606210","https://openalex.org/W3215409458","https://openalex.org/W4200087606","https://openalex.org/W4206524369","https://openalex.org/W4249246802","https://openalex.org/W4281692724","https://openalex.org/W4285161459","https://openalex.org/W4312339546","https://openalex.org/W4366310679"],"related_works":["https://openalex.org/W4230315357","https://openalex.org/W57168481","https://openalex.org/W2560473362","https://openalex.org/W1410349837","https://openalex.org/W2950215720","https://openalex.org/W2949235530","https://openalex.org/W2381793496","https://openalex.org/W1990201054","https://openalex.org/W2791274315","https://openalex.org/W2509111091"],"abstract_inverted_index":{"In":[0],"this":[1],"paper,":[2],"we":[3,22,33,116,147,163],"present":[4],"an":[5],"improved":[6],"differential-linear":[7,19,57,152],"cryptanalysis":[8],"of":[9,51,55,63,113,134,178],"the":[10,29,46,49,52,56,66,85,105,131,157,186],"ChaCha":[11,95,121,138,169],"stream":[12],"cipher.":[13],"Our":[14],"main":[15],"contributions":[16],"are":[17],"new":[18,92],"distinguishers":[20],"that":[21,77,100,126],"were":[23],"able":[24],"to":[25,28,97,123,140,171],"build":[26],"thanks":[27],"following":[30],"improvements:":[31],"a)":[32],"considered":[34],"a":[35,60,72,91,111,118,135,150,165,175,182],"larger":[36],"search":[37],"space,":[38],"including":[39],"2-bit":[40],"differences":[41],"(besides":[42],"1-bit":[43],"differences)":[44],"for":[45,84,94,120],"difference":[47],"at":[48,190],"beginning":[50],"differential":[53,67],"part":[54],"trail;":[58],"b)":[59],"better":[61],"choice":[62],"mask":[64],"between":[65],"and":[68],"linear":[69,79,86],"parts;":[70],"c)":[71],"carefully":[73],"crafted":[74],"MILP":[75,145],"tool":[76],"finds":[78],"trails":[80],"with":[81,156,174],"higher":[82],"correlation":[83],"part.":[87],"We":[88],"eventually":[89],"obtain":[90,117,164],"distinguisher":[93,119,136],"reduced":[96,122,139,170],"7":[98,172],"rounds":[99,125,173],"requires":[101,127],"2166.89":[102],"computations,":[103,129],"improving":[104,180],"previous":[106],"record":[107],"(ASIACRYPT":[108],"2022)":[109],"by":[110,181],"factor":[112,183],"247.":[114],"Also,":[115],"7.5":[124,141],"2251.4":[128],"being":[130],"first":[132],"time":[133],"against":[137],"rounds.":[142],"Using":[143],"our":[144],"tool,":[146],"also":[148],"found":[149],"5-round":[151],"distinguisher.":[153],"When":[154],"combined":[155],"probabilistic":[158],"neutral":[159],"bits":[160],"(PNB)":[161],"framework,":[162],"key-recovery":[166],"attack":[167],"on":[168],"computational":[176],"complexity":[177],"2206.8,":[179],"214.2":[184],"upon":[185],"recent":[187],"result":[188],"published":[189],"EUROCRYPT":[191],"2022.":[192]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":8}],"updated_date":"2026-01-24T23:23:39.755997","created_date":"2025-10-10T00:00:00"}