{"id":"https://openalex.org/W4411209099","doi":"https://doi.org/10.46586/tosc.v2025.i2.124-165","title":"Improved Quantum Linear Attacks and Application to CAST","display_name":"Improved Quantum Linear Attacks and Application to CAST","publication_year":2025,"publication_date":"2025-06-11","ids":{"openalex":"https://openalex.org/W4411209099","doi":"https://doi.org/10.46586/tosc.v2025.i2.124-165"},"language":"en","primary_location":{"id":"doi:10.46586/tosc.v2025.i2.124-165","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i2.124-165","pdf_url":"https://ojs.ub.ruhr-uni-bochum.de/index.php/ToSC/article/download/12246/12053","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://ojs.ub.ruhr-uni-bochum.de/index.php/ToSC/article/download/12246/12053","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5118124194","display_name":"Kaveh Bashiri","orcid":null},"institutions":[{"id":"https://openalex.org/I1317578790","display_name":"Federal Office for Information Security","ror":"https://ror.org/03v7mmm26","country_code":"DE","type":"other","lineage":["https://openalex.org/I1317578790"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Kaveh Bashiri","raw_affiliation_strings":["Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI), Bonn, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI), Bonn, Germany","institution_ids":["https://openalex.org/I1317578790"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007342233","display_name":"Xavier Bonnetain","orcid":null},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I4210121838","display_name":"Laboratoire Lorrain de Recherche en Informatique et ses Applications","ror":"https://ror.org/02vnf0c38","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I1326498283","https://openalex.org/I277688954","https://openalex.org/I4210107720","https://openalex.org/I4210121838","https://openalex.org/I4210159245","https://openalex.org/I90183372"]},{"id":"https://openalex.org/I90183372","display_name":"Universit\u00e9 de Lorraine","ror":"https://ror.org/04vfs2w97","country_code":"FR","type":"education","lineage":["https://openalex.org/I90183372"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Xavier Bonnetain","raw_affiliation_strings":["Universit\u00e9 de Lorraine, CNRS, Inria, LORIA, Nancy, France","CARAMBA - Cryptology, arithmetic : algebraic methods for better algorithms (615 rue du Jardin Botanique\r\n54600 Villers-l\u00e8s-Nancy - France)"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Universit\u00e9 de Lorraine, CNRS, Inria, LORIA, Nancy, France","institution_ids":["https://openalex.org/I90183372","https://openalex.org/I4210121838","https://openalex.org/I1294671590"]},{"raw_affiliation_string":"CARAMBA - Cryptology, arithmetic : algebraic methods for better algorithms (615 rue du Jardin Botanique\r\n54600 Villers-l\u00e8s-Nancy - France)","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042788047","display_name":"Akinori Hosoyamada","orcid":"https://orcid.org/0000-0003-2910-2302"},"institutions":[{"id":"https://openalex.org/I2251713219","display_name":"NTT (Japan)","ror":"https://ror.org/00berct97","country_code":"JP","type":"company","lineage":["https://openalex.org/I2251713219"]},{"id":"https://openalex.org/I3019243323","display_name":"Center for Theoretical Physics","ror":"https://ror.org/04kfyt897","country_code":"PL","type":"facility","lineage":["https://openalex.org/I3019243323","https://openalex.org/I99542240"]},{"id":"https://openalex.org/I4210105847","display_name":"NTT Basic Research Laboratories","ror":"https://ror.org/01m2pas06","country_code":"JP","type":"facility","lineage":["https://openalex.org/I4210105847"]}],"countries":["JP","PL"],"is_corresponding":false,"raw_author_name":"Akinori Hosoyamada","raw_affiliation_strings":["NTT Social Informatics Laboratories, Tokyo, Japan; NTT Research Center for Theoretical Quantum Information, Atsugi, Japan","NTT Social Informatics Laboratories, Tokyo, Japan","NTT Social Informatics Laboratories (Japan)","NTT Research Center for Theoretical Quantum Information, Atsugi, Japan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"NTT Social Informatics Laboratories, Tokyo, Japan; NTT Research Center for Theoretical Quantum Information, Atsugi, Japan","institution_ids":["https://openalex.org/I4210105847","https://openalex.org/I2251713219"]},{"raw_affiliation_string":"NTT Social Informatics Laboratories, Tokyo, Japan","institution_ids":[]},{"raw_affiliation_string":"NTT Social Informatics Laboratories (Japan)","institution_ids":[]},{"raw_affiliation_string":"NTT Research Center for Theoretical Quantum Information, Atsugi, Japan","institution_ids":["https://openalex.org/I3019243323"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014141126","display_name":"N. D. Lang","orcid":"https://orcid.org/0000-0002-2768-9878"},"institutions":[{"id":"https://openalex.org/I51441396","display_name":"Bauhaus-Universit\u00e4t Weimar","ror":"https://ror.org/033bb5z47","country_code":"DE","type":"education","lineage":["https://openalex.org/I51441396"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Nathalie Lang","raw_affiliation_strings":["Bauhaus-Universit\u00e4t Weimar, Weimar, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Bauhaus-Universit\u00e4t Weimar, Weimar, Germany","institution_ids":["https://openalex.org/I51441396"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071570125","display_name":"Andr\u00e9 Schrottenloher","orcid":"https://orcid.org/0000-0002-1329-8630"},"institutions":[{"id":"https://openalex.org/I1294671590","display_name":"Centre National de la Recherche Scientifique","ror":"https://ror.org/02feahw73","country_code":"FR","type":"government","lineage":["https://openalex.org/I1294671590"]},{"id":"https://openalex.org/I2802519937","display_name":"Institut de Recherche en Informatique et Syst\u00e8mes Al\u00e9atoires","ror":"https://ror.org/00myn0z94","country_code":"FR","type":"facility","lineage":["https://openalex.org/I1294671590","https://openalex.org/I1294671590","https://openalex.org/I1326498283","https://openalex.org/I205703379","https://openalex.org/I2802204017","https://openalex.org/I2802519937","https://openalex.org/I28221208","https://openalex.org/I4210127572","https://openalex.org/I4210159245","https://openalex.org/I56067802"]},{"id":"https://openalex.org/I56067802","display_name":"Universit\u00e9 de Rennes","ror":"https://ror.org/015m7wh34","country_code":"FR","type":"education","lineage":["https://openalex.org/I56067802"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Andr\u00e9 Schrottenloher","raw_affiliation_strings":["Univ Rennes, Inria, CNRS, IRISA, Rennes, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Univ Rennes, Inria, CNRS, IRISA, Rennes, France","institution_ids":["https://openalex.org/I2802519937","https://openalex.org/I56067802","https://openalex.org/I1294671590"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5118124194"],"corresponding_institution_ids":["https://openalex.org/I1317578790"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.05918845,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2025","issue":"2","first_page":"124","last_page":"165"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10682","display_name":"Quantum Computing Algorithms and Architecture","score":0.9659000039100647,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10682","display_name":"Quantum Computing Algorithms and Architecture","score":0.9659000039100647,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10020","display_name":"Quantum Information and Cryptography","score":0.9284999966621399,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/quantum","display_name":"Quantum","score":0.49115368723869324},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.4132007956504822},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.24698179960250854},{"id":"https://openalex.org/keywords/quantum-mechanics","display_name":"Quantum mechanics","score":0.18385463953018188}],"concepts":[{"id":"https://openalex.org/C84114770","wikidata":"https://www.wikidata.org/wiki/Q46344","display_name":"Quantum","level":2,"score":0.49115368723869324},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.4132007956504822},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.24698179960250854},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.18385463953018188}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.46586/tosc.v2025.i2.124-165","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i2.124-165","pdf_url":"https://ojs.ub.ruhr-uni-bochum.de/index.php/ToSC/article/download/12246/12053","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},{"id":"pmh:oai:HAL:hal-05243650v1","is_oa":true,"landing_page_url":"https://inria.hal.science/hal-05243650","pdf_url":null,"source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, 2025, 2025 (2), pp.124-165. ⟨10.46586/tosc.v2025.i2.124-165⟩","raw_type":"Journal articles"},{"id":"pmh:oai:doaj.org/article:10426b595c3b45ae8bd34c7c49149d6a","is_oa":true,"landing_page_url":"https://doaj.org/article/10426b595c3b45ae8bd34c7c49149d6a","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, Vol 2025, Iss 2 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.46586/tosc.v2025.i2.124-165","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i2.124-165","pdf_url":"https://ojs.ub.ruhr-uni-bochum.de/index.php/ToSC/article/download/12246/12053","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1181629854","display_name":"Quantum Attacks and new Tools for Symmetric Cryptanalysis","funder_award_id":"ANR-24-CE39-7894","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G2191957979","display_name":null,"funder_award_id":"ANR-22-PETQ-0007","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G5463327868","display_name":null,"funder_award_id":"ANR-22-PETQ-0008","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"},{"id":"https://openalex.org/G8138296111","display_name":null,"funder_award_id":"ANR-22-PETQ-0008 PQ-TLS","funder_id":"https://openalex.org/F4320320883","funder_display_name":"Agence Nationale de la Recherche"}],"funders":[{"id":"https://openalex.org/F4320320883","display_name":"Agence Nationale de la Recherche","ror":"https://ror.org/00rbzpz17"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4411209099.pdf","grobid_xml":"https://content.openalex.org/works/W4411209099.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"This":[0],"paper":[1],"studies":[2],"quantum":[3,67,82,172],"linear":[4,27,179],"key-recovery":[5],"attacks":[6,13,16,41,183],"on":[7,151,157,175],"block":[8],"ciphers.":[9,162],"The":[10,181],"first":[11],"such":[12],"were":[14],"last-rounds":[15],"proposed":[17,45,65],"by":[18,46],"Kaplan":[19],"et":[20,48],"al.":[21,49],"(ToSC":[22],"2016),":[23],"which":[24,52,73,85],"combine":[25,120],"a":[26,30,33,66,81,87],"distinguisher":[28],"with":[29,124,167],"guess":[31],"of":[32,69,89,170],"partial":[34],"key.":[35,138],"However,":[36],"the":[37,43,57,76,93,96,103,121,136,158,165,185],"most":[38],"efficient":[39],"classical":[40],"use":[42,131],"framework":[44],"Collard":[47],"(ICISC":[50],"2007),":[51],"computes":[53],"experimental":[54],"correlations":[55],"using":[56],"Fast":[58],"Walsh-Hadamard":[59],"Transform.":[60],"Recently,":[61],"Schrottenloher":[62],"(CRYPTO":[63],"2023)":[64],"version":[68],"this":[70,110,117,141],"technique,":[71],"in":[72,109],"one":[74],"uses":[75],"available":[77],"data":[78],"to":[79,134,143],"create":[80],"correlation":[83,122],"state,":[84,111],"is":[86,101,106],"superposition":[88],"subkey":[90,105],"candidates":[91],"where":[92],"amplitudes":[94],"are":[95],"corresponding":[97],"correlations.":[98],"A":[99],"limitation":[100],"that":[102],"good":[104],"not":[107],"marked":[108],"and":[112,146,160,178],"cannot":[113],"be":[114],"found":[115],"easily.In":[116],"paper,":[118],"we":[119,129],"state":[123],"another":[125],"distinguisher.":[126],"From":[127],"here,":[128],"can":[130],"Amplitude":[132],"Amplification":[133],"recover":[135],"right":[137],"We":[139,163],"apply":[140],"idea":[142,156],"Feistel":[144],"ciphers":[145],"exemplify":[147],"different":[148],"attack":[149],"strategies":[150],"LOKI91":[152],"before":[153],"applying":[154],"our":[155],"CAST-128":[159],"CAST-256":[161],"demonstrate":[164],"approach":[166],"two":[168],"kinds":[169],"distinguishers,":[171],"distinguishers":[173],"based":[174],"Simon\u2019s":[176],"algorithm":[177],"distinguishers.":[180],"resulting":[182],"outperform":[184],"previous":[186],"Grover-meet-Simon":[187],"attacks.":[188]},"counts_by_year":[],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-10-10T00:00:00"}