{"id":"https://openalex.org/W4414549833","doi":"https://doi.org/10.46586/tosc.v2025.i3.475-515","title":"Trail-Estimator: An Automated Verifier for Differential Trails in Block Ciphers","display_name":"Trail-Estimator: An Automated Verifier for Differential Trails in Block Ciphers","publication_year":2025,"publication_date":"2025-09-25","ids":{"openalex":"https://openalex.org/W4414549833","doi":"https://doi.org/10.46586/tosc.v2025.i3.475-515"},"language":"en","primary_location":{"id":"doi:10.46586/tosc.v2025.i3.475-515","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i3.475-515","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12478/12191","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12478/12191","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012053340","display_name":"Thomas Peyrin","orcid":"https://orcid.org/0000-0002-2690-9197"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Thomas Peyrin","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5052462411","display_name":"Quan Quan Tan","orcid":"https://orcid.org/0000-0002-6294-3894"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Quan Quan Tan","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100659997","display_name":"Hongyi Zhang","orcid":"https://orcid.org/0000-0003-0020-0574"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Hongyi Zhang","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072480567","display_name":"Chunning Zhou","orcid":"https://orcid.org/0000-0002-0986-3609"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Chunning Zhou","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5012053340"],"corresponding_institution_ids":["https://openalex.org/I172675005"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.27265672,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2025","issue":"3","first_page":"475","last_page":"515"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10767","display_name":"Advanced Photonic Communication Systems","score":0.9631999731063843,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10767","display_name":"Advanced Photonic Communication Systems","score":0.9631999731063843,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9370999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10232","display_name":"Optical Network Technologies","score":0.9117000102996826,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/block-cipher","display_name":"Block cipher","score":0.6771000027656555},{"id":"https://openalex.org/keywords/differential","display_name":"Differential (mechanical device)","score":0.5446000099182129},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.5105999708175659},{"id":"https://openalex.org/keywords/probability-distribution","display_name":"Probability distribution","score":0.5023000240325928},{"id":"https://openalex.org/keywords/constraint","display_name":"Constraint (computer-aided design)","score":0.4747999906539917},{"id":"https://openalex.org/keywords/probabilistic-logic","display_name":"Probabilistic logic","score":0.4481000006198883},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4447000026702881},{"id":"https://openalex.org/keywords/differential-cryptanalysis","display_name":"Differential cryptanalysis","score":0.3871999979019165}],"concepts":[{"id":"https://openalex.org/C106544461","wikidata":"https://www.wikidata.org/wiki/Q543151","display_name":"Block cipher","level":3,"score":0.6771000027656555},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6169999837875366},{"id":"https://openalex.org/C93226319","wikidata":"https://www.wikidata.org/wiki/Q193137","display_name":"Differential (mechanical device)","level":2,"score":0.5446000099182129},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.5105999708175659},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.505299985408783},{"id":"https://openalex.org/C149441793","wikidata":"https://www.wikidata.org/wiki/Q200726","display_name":"Probability distribution","level":2,"score":0.5023000240325928},{"id":"https://openalex.org/C2776036281","wikidata":"https://www.wikidata.org/wiki/Q48769818","display_name":"Constraint (computer-aided design)","level":2,"score":0.4747999906539917},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.47429999709129333},{"id":"https://openalex.org/C49937458","wikidata":"https://www.wikidata.org/wiki/Q2599292","display_name":"Probabilistic logic","level":2,"score":0.4481000006198883},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4447000026702881},{"id":"https://openalex.org/C36123800","wikidata":"https://www.wikidata.org/wiki/Q1224471","display_name":"Differential cryptanalysis","level":4,"score":0.3871999979019165},{"id":"https://openalex.org/C55439883","wikidata":"https://www.wikidata.org/wiki/Q360812","display_name":"Correctness","level":2,"score":0.3718999922275543},{"id":"https://openalex.org/C34736171","wikidata":"https://www.wikidata.org/wiki/Q918333","display_name":"Preprocessor","level":2,"score":0.3353999853134155},{"id":"https://openalex.org/C98763669","wikidata":"https://www.wikidata.org/wiki/Q176645","display_name":"Markov chain","level":2,"score":0.30230000615119934},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.29510000348091125},{"id":"https://openalex.org/C159886148","wikidata":"https://www.wikidata.org/wiki/Q176645","display_name":"Markov process","level":2,"score":0.2879999876022339},{"id":"https://openalex.org/C23130292","wikidata":"https://www.wikidata.org/wiki/Q5275358","display_name":"Differential privacy","level":2,"score":0.2775000035762787},{"id":"https://openalex.org/C126255220","wikidata":"https://www.wikidata.org/wiki/Q141495","display_name":"Mathematical optimization","level":1,"score":0.2660999894142151},{"id":"https://openalex.org/C44492722","wikidata":"https://www.wikidata.org/wiki/Q327069","display_name":"Conditional probability","level":2,"score":0.26330000162124634},{"id":"https://openalex.org/C110121322","wikidata":"https://www.wikidata.org/wiki/Q865811","display_name":"Distribution (mathematics)","level":2,"score":0.25760000944137573},{"id":"https://openalex.org/C107673813","wikidata":"https://www.wikidata.org/wiki/Q812534","display_name":"Bayesian probability","level":2,"score":0.2540999948978424}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.46586/tosc.v2025.i3.475-515","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i3.475-515","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12478/12191","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:2d9bd20b338c4e2fa11df41d1c992b6f","is_oa":true,"landing_page_url":"https://doaj.org/article/2d9bd20b338c4e2fa11df41d1c992b6f","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, Vol 2025, Iss 3 (2025)","raw_type":"article"},{"id":"pmh:oai:dr.ntu.edu.sg:10356/207926","is_oa":false,"landing_page_url":"https://hdl.handle.net/10356/207926","pdf_url":null,"source":{"id":"https://openalex.org/S4306402609","display_name":"DR-NTU (Nanyang Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172675005","host_organization_name":"Nanyang Technological University","host_organization_lineage":["https://openalex.org/I172675005"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Journal Article"}],"best_oa_location":{"id":"doi:10.46586/tosc.v2025.i3.475-515","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i3.475-515","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12478/12191","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4414549833.pdf","grobid_xml":"https://content.openalex.org/works/W4414549833.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Differential":[0],"cryptanalysis":[1],"is":[2,123,157,200,219],"a":[3,91,96,117,145],"powerful":[4],"technique":[5],"for":[6,81,164,183,190,194],"attacking":[7],"block":[8,85,171],"ciphers,":[9,86],"wherein":[10],"the":[11,23,103,134,140,165,191,201,228],"Markov":[12],"cipher":[13],"assumption":[14],"and":[15,25,44,55,95,143,169,185,187,196],"stochastic":[16],"hypothesis":[17],"are":[18],"commonly":[19],"employed":[20],"to":[21,110,131,159,204],"simplify":[22],"search":[24],"probability":[26,46,147,230],"estimation":[27],"of":[28,52,88,149,232],"differential":[29,82,118,150,162,234],"trails.":[30,151,235],"However,":[31],"these":[32,53,214],"assumptions":[33,54],"often":[34],"neglect":[35],"inherent":[36],"algebraic":[37],"constraints,":[38],"potentially":[39],"resulting":[40],"in":[41,213],"invalid":[42],"trails":[43,83,163],"inaccurate":[45],"estimates.":[47],"Some":[48],"studies":[49],"identified":[50],"violations":[51],"explored":[56],"how":[57],"they":[58,65],"impose":[59],"constraints":[60,182,189,208],"on":[61,84],"key":[62,141],"material,":[63],"but":[64],"have":[66],"not":[67],"yet":[68],"fully":[69],"captured":[70],"all":[71,113],"relevant":[72],"ones.":[73],"This":[74],"study":[75],"proposes":[76],"Trail-Estimator,":[77],"an":[78],"automated":[79],"verifier":[80],"consisting":[87],"two":[89],"parts:":[90],"constraint":[92,114,136],"detector":[93],"Cons-Collector":[94,122],"solving":[97],"tool":[98,203],"Cons-Solver.":[99],"We":[100],"first":[101,192,202],"establish":[102],"fundamental":[104],"principles":[105],"that":[106,176],"will":[107],"allow":[108],"us":[109],"systematically":[111],"identify":[112],"subsets":[115],"within":[116],"trail,":[119],"upon":[120],"which":[121],"built.":[124],"Then,":[125],"Cons-Solver":[126],"utilizes":[127],"specialized":[128],"preprocessing":[129],"techniques":[130],"efficiently":[132],"solve":[133],"detected":[135],"subsets,":[137],"thereby":[138],"determining":[139],"space":[142],"providing":[144],"comprehensive":[146],"distribution":[148,231],"To":[152],"validate":[153],"its":[154,224],"effectiveness,":[155],"Trail-Estimator":[156,177],"applied":[158],"verify":[160],"17":[161],"SKINNY,":[166],"LBLOCK,":[167],"TWINE,":[168],"AES":[170],"ciphers.":[172,215],"Experimental":[173],"results":[174],"show":[175],"consistently":[178],"identifies":[179],"previously":[180],"undetected":[181],"SKINNY":[184],"AES,":[186],"discovers":[188],"time":[193],"LBLOCK":[195],"TWINE.":[197],"Notably,":[198],"it":[199],"discover":[205],"long":[206],"nonlinear":[207],"extending":[209],"beyond":[210],"five":[211],"rounds":[212],"Furthermore,":[216],"Trail-Estimator\u2019s":[217],"accuracy":[218],"validated":[220],"by":[221],"experiments":[222],"showing":[223],"predictions":[225],"closely":[226],"match":[227],"real":[229],"short-round":[233]},"counts_by_year":[],"updated_date":"2026-03-13T14:20:09.374765","created_date":"2025-10-10T00:00:00"}