{"id":"https://openalex.org/W4389622506","doi":"https://doi.org/10.46586/tosc.v2023.i4.299-329","title":"Commutative Cryptanalysis Made Practical","display_name":"Commutative Cryptanalysis Made Practical","publication_year":2023,"publication_date":"2023-12-08","ids":{"openalex":"https://openalex.org/W4389622506","doi":"https://doi.org/10.46586/tosc.v2023.i4.299-329"},"language":"en","primary_location":{"id":"doi:10.46586/tosc.v2023.i4.299-329","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2023.i4.299-329","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/11290/10824","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tosc.iacr.org/index.php/ToSC/article/download/11290/10824","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005568748","display_name":"Jules Baudrin","orcid":null},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en informatique et en automatique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"funder","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Jules Baudrin","raw_affiliation_strings":["Inria, Paris, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Inria, Paris, France","institution_ids":["https://openalex.org/I1326498283"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5061729195","display_name":"Patrick Felke","orcid":"https://orcid.org/0000-0001-6644-2010"},"institutions":[{"id":"https://openalex.org/I4210104665","display_name":"University of Applied Sciences Emden Leer","ror":"https://ror.org/01bc76c69","country_code":"DE","type":"education","lineage":["https://openalex.org/I4210104665"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Patrick Felke","raw_affiliation_strings":["University of Applied Sciences Emden/Leer, Emden, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Applied Sciences Emden/Leer, Emden, Germany","institution_ids":["https://openalex.org/I4210104665"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078330300","display_name":"Gregor Leander","orcid":"https://orcid.org/0000-0002-2579-8587"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Gregor Leander","raw_affiliation_strings":["Ruhr University Bochum, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ruhr University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029665892","display_name":"Patrick Neumann","orcid":"https://orcid.org/0000-0003-1624-4256"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Patrick Neumann","raw_affiliation_strings":["Ruhr University Bochum, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ruhr University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077352004","display_name":"L\u00e9o Perrin","orcid":"https://orcid.org/0000-0002-4722-7005"},"institutions":[{"id":"https://openalex.org/I1326498283","display_name":"Institut national de recherche en informatique et en automatique","ror":"https://ror.org/02kvxyf05","country_code":"FR","type":"funder","lineage":["https://openalex.org/I1326498283"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"L\u00e9o Perrin","raw_affiliation_strings":["Inria, Paris, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Inria, Paris, France","institution_ids":["https://openalex.org/I1326498283"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5003561249","display_name":"Lukas Stennes","orcid":"https://orcid.org/0000-0002-6703-6476"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lukas Stennes","raw_affiliation_strings":["Ruhr University Bochum, Bochum, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Ruhr University Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5005568748"],"corresponding_institution_ids":["https://openalex.org/I1326498283"],"apc_list":null,"apc_paid":null,"fwci":1.0088,"has_fulltext":true,"cited_by_count":6,"citation_normalized_percentile":{"value":0.81697158,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"2023","issue":"4","first_page":"299","last_page":"329"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11130","display_name":"Coding theory and cryptography","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11130","display_name":"Coding theory and cryptography","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11797","display_name":"graph theory and CDMA systems","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/block-cipher","display_name":"Block cipher","score":0.8103532195091248},{"id":"https://openalex.org/keywords/impossible-differential-cryptanalysis","display_name":"Impossible differential cryptanalysis","score":0.7339981198310852},{"id":"https://openalex.org/keywords/differential-cryptanalysis","display_name":"Differential cryptanalysis","score":0.7176638841629028},{"id":"https://openalex.org/keywords/higher-order-differential-cryptanalysis","display_name":"Higher-order differential cryptanalysis","score":0.6690880656242371},{"id":"https://openalex.org/keywords/cryptanalysis","display_name":"Cryptanalysis","score":0.5826730728149414},{"id":"https://openalex.org/keywords/commutative-property","display_name":"Commutative property","score":0.5807649493217468},{"id":"https://openalex.org/keywords/differential","display_name":"Differential (mechanical device)","score":0.5470969080924988},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.5116408467292786},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4408615827560425},{"id":"https://openalex.org/keywords/discrete-mathematics","display_name":"Discrete mathematics","score":0.3848511874675751},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.3644647002220154},{"id":"https://openalex.org/keywords/pure-mathematics","display_name":"Pure mathematics","score":0.3565230369567871},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.34692108631134033},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.33620506525039673},{"id":"https://openalex.org/keywords/algebra-over-a-field","display_name":"Algebra over a field","score":0.32427555322647095},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.23386642336845398},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.07731816172599792}],"concepts":[{"id":"https://openalex.org/C106544461","wikidata":"https://www.wikidata.org/wiki/Q543151","display_name":"Block cipher","level":3,"score":0.8103532195091248},{"id":"https://openalex.org/C120488936","wikidata":"https://www.wikidata.org/wiki/Q3005748","display_name":"Impossible differential cryptanalysis","level":5,"score":0.7339981198310852},{"id":"https://openalex.org/C36123800","wikidata":"https://www.wikidata.org/wiki/Q1224471","display_name":"Differential cryptanalysis","level":4,"score":0.7176638841629028},{"id":"https://openalex.org/C151607707","wikidata":"https://www.wikidata.org/wiki/Q11673206","display_name":"Higher-order differential cryptanalysis","level":5,"score":0.6690880656242371},{"id":"https://openalex.org/C181149355","wikidata":"https://www.wikidata.org/wiki/Q897511","display_name":"Cryptanalysis","level":3,"score":0.5826730728149414},{"id":"https://openalex.org/C183778304","wikidata":"https://www.wikidata.org/wiki/Q165474","display_name":"Commutative property","level":2,"score":0.5807649493217468},{"id":"https://openalex.org/C93226319","wikidata":"https://www.wikidata.org/wiki/Q193137","display_name":"Differential (mechanical device)","level":2,"score":0.5470969080924988},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.5116408467292786},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4408615827560425},{"id":"https://openalex.org/C118615104","wikidata":"https://www.wikidata.org/wiki/Q121416","display_name":"Discrete mathematics","level":1,"score":0.3848511874675751},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3644647002220154},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.3565230369567871},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.34692108631134033},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.33620506525039673},{"id":"https://openalex.org/C136119220","wikidata":"https://www.wikidata.org/wiki/Q1000660","display_name":"Algebra over a field","level":2,"score":0.32427555322647095},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.23386642336845398},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.07731816172599792},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.46586/tosc.v2023.i4.299-329","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2023.i4.299-329","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/11290/10824","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},{"id":"pmh:oai:HAL:hal-04277884v3","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-04277884","pdf_url":"https://inria.hal.science/hal-04277884/document","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, 2023, 2023 (4), pp.299-329. &#x27E8;10.46586/tosc.v2023.i4.299-329&#x27E9;","raw_type":"Journal articles"},{"id":"pmh:oai:doaj.org/article:22abda218f3c42f0ae57eae137e7e7db","is_oa":true,"landing_page_url":"https://doaj.org/article/22abda218f3c42f0ae57eae137e7e7db","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, Vol 2023, Iss 4 (2023)","raw_type":"article"},{"id":"pmh:oai:opus.hs-emden-leer.de:687","is_oa":false,"landing_page_url":"https://opus.hs-emden-leer.de/frontdoor/index/index/docId/687","pdf_url":null,"source":{"id":"https://openalex.org/S7407053446","display_name":"Hochschulschriftenserver der Hochschule Emden/Leer","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"doc-type:article"}],"best_oa_location":{"id":"doi:10.46586/tosc.v2023.i4.299-329","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2023.i4.299-329","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/11290/10824","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G18682879","display_name":null,"funder_award_id":"390781972","funder_id":"https://openalex.org/F4320320879","funder_display_name":"Deutsche Forschungsgemeinschaft"},{"id":"https://openalex.org/G2360901479","display_name":null,"funder_award_id":"ANR-21-CE39-0012","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G2636060959","display_name":"Security Evaluation of Lightweight Encryption using new Cryptanalysis Techniques","funder_award_id":"ANR-20-CE48-0017","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"}],"funders":[{"id":"https://openalex.org/F4320320879","display_name":"Deutsche Forschungsgemeinschaft","ror":"https://ror.org/018mejw64"},{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4389622506.pdf"},"referenced_works_count":44,"referenced_works":["https://openalex.org/W930621015","https://openalex.org/W1483908684","https://openalex.org/W1489021826","https://openalex.org/W1494217786","https://openalex.org/W1528065150","https://openalex.org/W1542256670","https://openalex.org/W1554594656","https://openalex.org/W1562545139","https://openalex.org/W1607876066","https://openalex.org/W1822166485","https://openalex.org/W1894646615","https://openalex.org/W2076637888","https://openalex.org/W2111902481","https://openalex.org/W2243712200","https://openalex.org/W2293947265","https://openalex.org/W2395600724","https://openalex.org/W2575578850","https://openalex.org/W2576980242","https://openalex.org/W2771007556","https://openalex.org/W2794985459","https://openalex.org/W2796051658","https://openalex.org/W2821805785","https://openalex.org/W2908939209","https://openalex.org/W2910049226","https://openalex.org/W2914378055","https://openalex.org/W2931553591","https://openalex.org/W2952350086","https://openalex.org/W2971685500","https://openalex.org/W3013470388","https://openalex.org/W3036777052","https://openalex.org/W3038327836","https://openalex.org/W3126177689","https://openalex.org/W3134650729","https://openalex.org/W3185456757","https://openalex.org/W3187037621","https://openalex.org/W4205482204","https://openalex.org/W4235295916","https://openalex.org/W4253766483","https://openalex.org/W4287753899","https://openalex.org/W4288112122","https://openalex.org/W4311870301","https://openalex.org/W4312547397","https://openalex.org/W4312786043","https://openalex.org/W4385654073"],"related_works":["https://openalex.org/W1410349837","https://openalex.org/W4230315357","https://openalex.org/W57168481","https://openalex.org/W2949235530","https://openalex.org/W1489035426","https://openalex.org/W2791274315","https://openalex.org/W2072296411","https://openalex.org/W4389258837","https://openalex.org/W2950215720","https://openalex.org/W1849484603"],"abstract_inverted_index":{"About":[0],"20":[1],"years":[2],"ago,":[3],"Wagner":[4],"showed":[5],"that":[6,78,173,234],"most":[7],"of":[8,17,23,34,57,104,127,151,179,197,203,208,250,253],"the":[9,15,32,97,101,124,163,195,206,209,219,230,241],"(then)":[10],"known":[11],"techniques":[12],"used":[13],"in":[14,154,160,200,215,229],"cryptanalysis":[16],"block":[18],"ciphers":[19],"were":[20],"particular":[21,55],"cases":[22],"what":[24],"he":[25],"called":[26],"commutative":[27,62,125,210],"diagram":[28],"cryptanalysis.":[29],"However,":[30],"to":[31,45,186,217],"best":[33,242],"our":[35,201],"knowledge,":[36],"this":[37,49,58,105],"general":[38],"framework":[39,59],"has":[40],"not":[41,184],"yet":[42],"been":[43],"leveraged":[44],"find":[46,140],"concrete":[47],"attacks.In":[48],"paper,":[50],"we":[51,108,122,139,167,193],"focus":[52],"on":[53],"a":[54,68,87,156,198,236,248],"case":[56],"and":[60,75,114,120,132,159,244],"develop":[61,96],"cryptanalysis,":[63],"whereby":[64,205],"an":[65,176],"attacker":[66],"targeting":[67],"primitive":[69],"E":[70,79,85],"constructs":[71],"affine":[72],"permutations":[73],"A":[74,81],"B":[76,83],"such":[77],"\u25cb":[80,84],"=":[82],"with":[86,135],"high":[88,169,188],"probability,":[89],"possibly":[90],"for":[91,100,148,247],"some":[92,226],"weak":[93,152,165,220,251],"keys.":[94],"We":[95,223],"tools":[98],"needed":[99],"practical":[102],"use":[103],"technique:":[106],"first,":[107],"generalize":[109],"differential":[110,115,190],"uniformity":[111],"into":[112,117],"\u201cA-uniformity\u201d":[113],"trails":[116],"\u201ccommutative":[118],"trails\u201d,":[119],"second":[121],"investigate":[123],"behaviour":[126],"S-box":[128,233],"layers,":[129],"matrix":[130],"multiplications,":[131],"key":[133,221],"additions.Equipped":[134],"these":[136],"new":[137],"techniques,":[138],"probability-one":[141],"distinguishers":[142],"using":[143],"only":[144],"two":[145],"chosen":[146],"plaintexts":[147],"large":[149],"classes":[150],"keys":[153,252],"both":[155],"modified":[157],"Midori":[158,204],"Scream.":[161],"For":[162],"same":[164],"keys,":[166],"deduce":[168],"probability":[170,189,207,239],"truncated":[171],"differentials":[172],"can":[174,212],"cover":[175],"arbitrary":[177],"number":[178],"rounds,":[180],"but":[181],"which":[182,245],"do":[183],"correspond":[185],"any":[187],"trails.":[191],"Similarly,":[192],"show":[194,225],"existence":[196],"trade-off":[199],"variant":[202],"trail":[211],"be":[213],"decreased":[214],"order":[216],"increase":[218],"density.":[222],"also":[224],"statistical":[227],"patterns":[228],"AES":[231],"super":[232],"have":[235],"much":[237],"higher":[238],"than":[240],"differentials,":[243],"hold":[246],"class":[249],"density":[254],"about":[255],"2\u22124.5.":[256]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":1}],"updated_date":"2026-05-07T13:39:58.223016","created_date":"2025-10-10T00:00:00"}