{"id":"https://openalex.org/W4417433695","doi":"https://doi.org/10.46586/tosc.v2025.i4.1-30","title":"Nostalgia Cipher: Can Filtered LFSRs Be Secure Again? An Application to Hybrid Homomorphic Encryption with Sub-50 ms Latency","display_name":"Nostalgia Cipher: Can Filtered LFSRs Be Secure Again? An Application to Hybrid Homomorphic Encryption with Sub-50 ms Latency","publication_year":2025,"publication_date":"2025-12-17","ids":{"openalex":"https://openalex.org/W4417433695","doi":"https://doi.org/10.46586/tosc.v2025.i4.1-30"},"language":"en","primary_location":{"id":"doi:10.46586/tosc.v2025.i4.1-30","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i4.1-30","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12609/12317","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12609/12317","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5120834965","display_name":"Nabil Chacal","orcid":null},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]},{"id":"https://openalex.org/I195731000","display_name":"Universit\u00e9 de Versailles Saint-Quentin-en-Yvelines","ror":"https://ror.org/03mkjjy25","country_code":"FR","type":"education","lineage":["https://openalex.org/I195731000","https://openalex.org/I277688954"]}],"countries":["FR","LU"],"is_corresponding":false,"raw_author_name":"Nabil Chacal","raw_affiliation_strings":["Universit\u00e9 de Versailles UVSQ, Versailles, France; Universit\u00e9 du Luxembourg, Esch-sur-Alzette, Luxembourg; Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information, Paris, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Universit\u00e9 de Versailles UVSQ, Versailles, France; Universit\u00e9 du Luxembourg, Esch-sur-Alzette, Luxembourg; Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information, Paris, France","institution_ids":["https://openalex.org/I195731000","https://openalex.org/I186903577"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069499774","display_name":"Antonio Guimar\u00e3es","orcid":"https://orcid.org/0000-0001-5110-6639"},"institutions":[{"id":"https://openalex.org/I4210162154","display_name":"IMDEA Software Institute","ror":"https://ror.org/04xvfkh51","country_code":"ES","type":"facility","lineage":["https://openalex.org/I105140100","https://openalex.org/I4210162154"]}],"countries":["ES"],"is_corresponding":false,"raw_author_name":"Antonio Guimar\u00e3es","raw_affiliation_strings":["IMDEA Software Institute, Madrid, Spain"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"IMDEA Software Institute, Madrid, Spain","institution_ids":["https://openalex.org/I4210162154"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056420748","display_name":"Ange Martinelli","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108273","display_name":"Agence Nationale de S\u00e9curit\u00e9 du M\u00e9dicament et des Produits de Sant\u00e9","ror":"https://ror.org/01g80gk13","country_code":"FR","type":"government","lineage":["https://openalex.org/I4210108273"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Ange Martinelli","raw_affiliation_strings":["Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information, Paris, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information, Paris, France","institution_ids":["https://openalex.org/I4210108273"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011712559","display_name":"Pierrick M\u00e9aux","orcid":"https://orcid.org/0000-0001-5733-4341"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Pierrick M\u00e9aux","raw_affiliation_strings":["Universit\u00e9 du Luxembourg, Esch-sur-Alzette, Luxembourg"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Universit\u00e9 du Luxembourg, Esch-sur-Alzette, Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5015654452","display_name":"Romain Poussier","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108273","display_name":"Agence Nationale de S\u00e9curit\u00e9 du M\u00e9dicament et des Produits de Sant\u00e9","ror":"https://ror.org/01g80gk13","country_code":"FR","type":"government","lineage":["https://openalex.org/I4210108273"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Romain Poussier","raw_affiliation_strings":["Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information, Paris, France"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information, Paris, France","institution_ids":["https://openalex.org/I4210108273"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.7588,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.89925035,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":"2025","issue":"4","first_page":"1","last_page":"30"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9613000154495239,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9613000154495239,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11130","display_name":"Coding theory and cryptography","score":0.025599999353289604,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.0052999998442828655,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/homomorphic-encryption","display_name":"Homomorphic encryption","score":0.6883000135421753},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.6248999834060669},{"id":"https://openalex.org/keywords/shift-register","display_name":"Shift register","score":0.5806000232696533},{"id":"https://openalex.org/keywords/stream-cipher","display_name":"Stream cipher","score":0.5059000253677368},{"id":"https://openalex.org/keywords/cryptanalysis","display_name":"Cryptanalysis","score":0.49140000343322754},{"id":"https://openalex.org/keywords/linear-feedback-shift-register","display_name":"Linear feedback shift register","score":0.4706999957561493},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4555000066757202},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.4514999985694885},{"id":"https://openalex.org/keywords/security-parameter","display_name":"Security parameter","score":0.40380001068115234},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.3824000060558319}],"concepts":[{"id":"https://openalex.org/C158338273","wikidata":"https://www.wikidata.org/wiki/Q2154943","display_name":"Homomorphic encryption","level":3,"score":0.6883000135421753},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6711999773979187},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.6248999834060669},{"id":"https://openalex.org/C49654631","wikidata":"https://www.wikidata.org/wiki/Q746165","display_name":"Shift register","level":3,"score":0.5806000232696533},{"id":"https://openalex.org/C92950451","wikidata":"https://www.wikidata.org/wiki/Q864718","display_name":"Stream cipher","level":3,"score":0.5059000253677368},{"id":"https://openalex.org/C181149355","wikidata":"https://www.wikidata.org/wiki/Q897511","display_name":"Cryptanalysis","level":3,"score":0.49140000343322754},{"id":"https://openalex.org/C159862308","wikidata":"https://www.wikidata.org/wiki/Q681101","display_name":"Linear feedback shift register","level":4,"score":0.4706999957561493},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4555000066757202},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.4514999985694885},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.43779999017715454},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.4341000020503998},{"id":"https://openalex.org/C2776711565","wikidata":"https://www.wikidata.org/wiki/Q7445058","display_name":"Security parameter","level":3,"score":0.40380001068115234},{"id":"https://openalex.org/C113775141","wikidata":"https://www.wikidata.org/wiki/Q428691","display_name":"Computer engineering","level":1,"score":0.40209999680519104},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.3824000060558319},{"id":"https://openalex.org/C120226833","wikidata":"https://www.wikidata.org/wiki/Q5172844","display_name":"Correlation attack","level":4,"score":0.36469998955726624},{"id":"https://openalex.org/C14036430","wikidata":"https://www.wikidata.org/wiki/Q3736076","display_name":"Function (biology)","level":2,"score":0.34950000047683716},{"id":"https://openalex.org/C94375191","wikidata":"https://www.wikidata.org/wiki/Q11205","display_name":"Arithmetic","level":1,"score":0.336899995803833},{"id":"https://openalex.org/C129844170","wikidata":"https://www.wikidata.org/wiki/Q41299","display_name":"Quadratic equation","level":2,"score":0.3319999873638153},{"id":"https://openalex.org/C81917197","wikidata":"https://www.wikidata.org/wiki/Q628760","display_name":"Selection (genetic algorithm)","level":2,"score":0.3215000033378601},{"id":"https://openalex.org/C9376300","wikidata":"https://www.wikidata.org/wiki/Q168817","display_name":"Algebraic number","level":2,"score":0.3165000081062317},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.31520000100135803},{"id":"https://openalex.org/C15927051","wikidata":"https://www.wikidata.org/wiki/Q246593","display_name":"Cryptographic primitive","level":4,"score":0.3140000104904175},{"id":"https://openalex.org/C94520183","wikidata":"https://www.wikidata.org/wiki/Q190746","display_name":"Advanced Encryption Standard","level":3,"score":0.29670000076293945},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.288100004196167},{"id":"https://openalex.org/C187455244","wikidata":"https://www.wikidata.org/wiki/Q942353","display_name":"Boolean function","level":2,"score":0.2694000005722046},{"id":"https://openalex.org/C77926391","wikidata":"https://www.wikidata.org/wiki/Q603880","display_name":"Finite field","level":2,"score":0.2678999900817871},{"id":"https://openalex.org/C201866948","wikidata":"https://www.wikidata.org/wiki/Q228206","display_name":"Random number generation","level":2,"score":0.26010000705718994},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.2556999921798706},{"id":"https://openalex.org/C45737032","wikidata":"https://www.wikidata.org/wiki/Q748364","display_name":"S-box","level":4,"score":0.2547999918460846},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.2535000145435333},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.2535000145435333},{"id":"https://openalex.org/C178774983","wikidata":"https://www.wikidata.org/wiki/Q734896","display_name":"Pseudorandom function family","level":3,"score":0.2533000111579895}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.46586/tosc.v2025.i4.1-30","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i4.1-30","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12609/12317","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:ac76a06597e94914a49bd387866bf778","is_oa":true,"landing_page_url":"https://doaj.org/article/ac76a06597e94914a49bd387866bf778","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IACR Transactions on Symmetric Cryptology, Vol 2025, Iss 4 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.46586/tosc.v2025.i4.1-30","is_oa":true,"landing_page_url":"https://doi.org/10.46586/tosc.v2025.i4.1-30","pdf_url":"https://tosc.iacr.org/index.php/ToSC/article/download/12609/12317","source":{"id":"https://openalex.org/S4210236173","display_name":"IACR Transactions on Symmetric Cryptology","issn_l":"2519-173X","issn":["2519-173X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IACR Transactions on Symmetric Cryptology","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1643949827","display_name":null,"funder_award_id":"AEI/10.13039/501100011033","funder_id":"https://openalex.org/F4320335598","funder_display_name":"Agencia Estatal de Investigaci\u00f3n"},{"id":"https://openalex.org/G2262748287","display_name":null,"funder_award_id":"501100011033","funder_id":"https://openalex.org/F4320335598","funder_display_name":"Agencia Estatal de Investigaci\u00f3n"},{"id":"https://openalex.org/G300979063","display_name":null,"funder_award_id":"10.13039/501100011033","funder_id":"https://openalex.org/F4320335598","funder_display_name":"Agencia Estatal de Investigaci\u00f3n"},{"id":"https://openalex.org/G3480869486","display_name":null,"funder_award_id":"13039","funder_id":"https://openalex.org/F4320335598","funder_display_name":"Agencia Estatal de Investigaci\u00f3n"},{"id":"https://openalex.org/G4079952795","display_name":null,"funder_award_id":"MICIU/AEI/10.13039/501100011033","funder_id":"https://openalex.org/F4320335598","funder_display_name":"Agencia Estatal de Investigaci\u00f3n"},{"id":"https://openalex.org/G5080475149","display_name":null,"funder_award_id":"10.13039","funder_id":"https://openalex.org/F4320335598","funder_display_name":"Agencia Estatal de Investigaci\u00f3n"},{"id":"https://openalex.org/G7084143925","display_name":null,"funder_award_id":"AEI/10","funder_id":"https://openalex.org/F4320335598","funder_display_name":"Agencia Estatal de Investigaci\u00f3n"},{"id":"https://openalex.org/G7266728691","display_name":null,"funder_award_id":"13039/501100011033","funder_id":"https://openalex.org/F4320335598","funder_display_name":"Agencia Estatal de Investigaci\u00f3n"},{"id":"https://openalex.org/G7535663061","display_name":null,"funder_award_id":"AEI/10.","funder_id":"https://openalex.org/F4320335598","funder_display_name":"Agencia Estatal de Investigaci\u00f3n"}],"funders":[{"id":"https://openalex.org/F4320335598","display_name":"Agencia Estatal de Investigaci\u00f3n","ror":null}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4417433695.pdf","grobid_xml":"https://content.openalex.org/works/W4417433695.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Linear":[0],"Feedback":[1],"Shift":[2],"Registers":[3],"(LFSRs)":[4],"combined":[5],"with":[6],"non":[7],"linear":[8],"filtering":[9,109],"functions":[10],"have":[11],"long":[12],"been":[13],"a":[14,21,58,67,89,104,142,164],"fundamental":[15],"design":[16,132],"for":[17,97,155],"stream":[18],"ciphers,":[19],"offering":[20],"wellunderstood":[22],"structure":[23],"that":[24,78],"remains":[25],"easy":[26],"to":[27,50,181],"analyze.":[28],"However,":[29],"the":[30,38,61,115,127],"introduction":[31],"of":[32,130,147,166,175],"algebraic":[33],"attacks":[34],"in":[35,114,137,173,184],"2003":[36],"shifted":[37],"focus":[39],"toward":[40],"more":[41],"complex":[42],"designs,":[43],"as":[44,57,108],"filtered":[45,79,91,171],"LFSRs":[46,80,172],"required":[47],"larger":[48],"registers":[49],"maintain":[51],"security.":[52],"While":[53],"this":[54,85,138],"was":[55],"seen":[56],"drawback":[59],"at":[60],"time,":[62],"it":[63],"is":[64],"no":[65],"longer":[66],"limiting":[68],"factor,":[69],"and":[70,133,188],"emerging":[71],"cryptographic":[72],"applications":[73,187],"benefit":[74],"from":[75],"specialized":[76],"designs\u2014challenges":[77],"can":[81],"effectively":[82],"address.":[83],"In":[84,145],"work,":[86],"we":[87,179],"propose":[88],"new":[90],"LFSR":[92],"design,":[93],"called":[94],"Nostalgia,":[95],"tailored":[96],"Hybrid":[98],"Homomorphic":[99],"Encryption":[100],"(HHE).":[101],"We":[102,124],"use":[103],"weightwise":[105],"quadratic":[106],"function":[107],"function,":[110],"leveraging":[111],"its":[112,135],"efficiency":[113,136],"HHE":[116,150,157],"setting":[117,139],"while":[118],"ensuring":[119],"security":[120,177],"against":[121],"classical":[122],"attacks.":[123],"also":[125],"discuss":[126],"parameter":[128],"selection":[129],"our":[131,149],"demonstrate":[134],"by":[140,163],"providing":[141],"proof-of-concept":[143],"implementation.":[144],"terms":[146],"latency,":[148],"solution":[151],"outperforms":[152],"current":[153],"state-of-the-art":[154],"TFHE-based":[156],"(Baudrin":[158],"et":[159],"al.,":[160],"Crypto":[161],"2025)":[162],"factor":[165],"6.1":[167],"times.":[168],"By":[169],"revisiting":[170],"light":[174],"modern":[176],"requirements,":[178],"aim":[180],"renew":[182],"interest":[183],"their":[185],"potential":[186],"stimulate":[189],"further":[190],"cryptanalysis":[191],"efforts.":[192]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-12-17T00:00:00"}