, 110 7.2 Snippet for a bitsliced C implementation of Littlun- 111 7.3 Snippet for a bitsliced C implementation of Littlun-1
, 140 9.1 A good (one bit) disturbance vector for SHA-0, ., vol.150, issue.92
, Block Ciphers -Focus on the Linear Layer, CRYPTO 2014, pp.57-76, 2014.
, Exhaustive search for small dimension recursive MDS diffusion layers for block ciphers and hash functions, 2013 IEEE International Symposium on Information Theory, pp.1551-1555, 2013.
DOI : 10.1109/ISIT.2013.6620487
URL : https://hal.archives-ouvertes.fr/hal-00823082
, Direct Construction of Recursive MDS Diffusion Layers Using Shortened BCH Codes, Cid and Rechberger [CR15]
DOI : 10.1007/978-3-662-46706-0_1
URL : https://hal.archives-ouvertes.fr/hal-01044597
, Diffusion Matrices from Algebraic-Geometry Codes with Efficient SIMD Implementation, Lecture Notes in Computer Science, vol.8781, pp.243-260, 2014.
DOI : 10.1007/978-3-319-13051-4_15
URL : https://hal.archives-ouvertes.fr/hal-01094085
, Preimage Attacks on One-Block MD4, 63-Step MD5 and More, Lecture Notes in Computer Science, vol.83, issue.1, pp.103-119, 2008.
DOI : 10.1007/11426639_2
, Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1, Halevi [Hal09], pp.70-89
DOI : 10.1007/978-3-642-03356-8_5
, 8-bit AVR Microcontroller with 1K Byte Flash
, 8-bit AVR Microcontroller with 8KBytes In-System Programmable Flash, Rev, pp.2486-2488, 2013.
, Serpent: A New Block Cipher Proposal, Lecture Notes in Computer Science, vol.1372, pp.98-222, 1998.
DOI : 10.1007/3-540-69710-1_15
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.130.8684
, Compositional Verification of Higher-Order Masking: Application to a Verifying Masking Compiler, IACR Cryptology ePrint Archive, pp.2015-506, 2015.
, Cryptographic Schemes Based on the ASASA Structure:??Black-Box,??White-Box, and??Public-Key (Extended Abstract), ASIACRYPT 2014 (Palash Sarkar and Tetsu Iwata, pp.63-84, 2014.
DOI : 10.1007/978-3-662-45611-8_4
, Near-Collisions of SHA-0 , in Franklin, pp.290-305
, Another View of the Division Property, pp.654-682
DOI : 10.1007/978-3-662-53018-4_24
URL : https://hal.archives-ouvertes.fr/hal-01401016
, Higher-Order Differential Properties of Keccak and Luffa, Lecture Notes in Computer Science, vol.6733, pp.252-269, 2011.
DOI : 10.1007/978-3-642-13858-4_15
URL : https://hal.archives-ouvertes.fr/inria-00537741
, Collisions of SHA-0 and Reduced SHA-1, Cramer [Cra05], pp.36-57
DOI : 10.1007/11426639_3
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.297.2092
, Cryptanalysis of SHA-0 and Reduced SHA-1, Journal of Cryptology, vol.28, issue.1, pp.110-160, 2015.
DOI : 10.1007/s00145-014-9179-8
, Keying Hash Functions for Message Authentication, Lecture Notes in Computer Science, vol.1109, issue.96, pp.1-15, 1996.
DOI : 10.1007/3-540-68697-5_1
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.134.8430
, Michaël Peeters, and Gilles Van Assche, Sponge functions, Ecrypt Hash Workshop, 2007.
, Michaël Peeters, and Gilles Van Assche, On the Indifferentiability of the Sponge Construction, 2008.
, The Keccak reference, 2011.
DOI : 10.1007/978-3-642-38348-9_19
, Aurore Guillevic, and François Morain, Improving NFS for the Discrete Logarithm Problem in Non-prime Finite Fields, Oswald and Fischlin [OF15], pp.129-155
, Victor Lomné, and Thomas Peyrin, Implementing Lightweight Block Ciphers on x86 Architectures, Lange et al. [LLL14], pp.324-351
DOI : 10.1007/978-3-662-43414-7_17
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.400.5884
, UMAC: Fast and Secure Message Authentication, p.99
DOI : 10.1007/3-540-48405-1_14
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.114.7878
, White-Box Cryptography Revisited, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pp.1058-1069, 2015.
DOI : 10.1145/2810103.2813699
, The Design of a Stream Cipher LEX, Lecture Notes in Computer Science, vol.4356, pp.67-75, 2006.
DOI : 10.1007/978-3-540-74462-7_6
, A Theoretical Treatment of Related-Key Attacks: RKA-PRPs, RKA-PRFs, and Applications, Lecture Notes in Computer Science, vol.2656, pp.491-506, 2003.
DOI : 10.1007/3-540-39200-9_31
, PRESENT: An Ultra-Lightweight Block Cipher, CHES Lecture Notes in Computer Science, vol.4727, pp.450-466, 2007.
DOI : 10.1007/978-3-540-74735-2_31
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.122.2536
, The Security of the Cipher Block Chaining Message Authentication Code, Journal of Computer and System Sciences, vol.61, issue.3, pp.362-399, 2000.
DOI : 10.1006/jcss.1999.1694
, The Khazad Legacy-Level Block Cipher, 2001.
, The Whirlpool Hashing Function, 2003.
, Structural Cryptanalysis of SASAS, EURO- CRYPT, Lecture Notes in Computer Science, vol.2045, pp.394-405, 2001.
DOI : 10.1007/s00145-010-9062-1
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.106.3400
, The SIMON and SPECK Families of Lightweight Block Ciphers, IACR Cryptology ePrint Archive, pp.2013-404, 2013.
, Multivariate Linear Cryptanalysis: The Past and Future of PRESENT, IACR Cryptology ePrint Archive, vol.2016, p.667, 2016.
, Construction of Lightweight S-Boxes Using Feistel and MISTY Structures, Lecture Notes in Computer Science, vol.28, issue.4, pp.373-393, 2015.
DOI : 10.1007/978-3-642-21554-4_19
URL : https://hal.archives-ouvertes.fr/hal-01205187
, Cécile Malinaud, and Prashant Puniya, Merkle-Damgård Revisited: How to Construct a Hash Function, Shoup [Sho05], pp.430-448
, White-Box Cryptography and an AES Implementation, Lecture Notes in Computer Science, vol.2595, pp.250-270, 2002.
DOI : 10.1007/3-540-36492-7_17
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.7710
, Conversion from Arithmetic to Boolean Masking with Logarithmic Complexity, pp.130-149
, Secure Conversion between Boolean and Arithmetic Masking of Any Order, Batina and Robshaw [BR14], pp.188-205
, Linear Cryptanalysis of Reduced-Round PRESENT , CT-RSA, Lecture Notes in Computer Science, vol.5985, pp.302-317, 2010.
, Differential collisions in SHA-0, Lecture Notes in Computer Science, vol.1462, pp.56-71, 1998.
DOI : 10.1007/BFb0055720
, New Automatic Search Tool for Impossible Differentials and Zero-Correlation Linear Approximations, IACR Cryptology ePrint Archive, pp.2016-689, 2016.
, A Serial-In???Serial-Out Hardware Architecture for Systematic Encoding of Hermitian Codes via Gr??bner Bases, IEEE Transactions on Communications, vol.52, issue.8, pp.1322-1332, 2004.
DOI : 10.1109/TCOMM.2004.833020
, A Statistical Saturation Attack against the Block Cipher PRESENT, Lecture Notes in Computer Science, vol.5473, pp.195-210, 2009.
DOI : 10.1007/978-3-540-68164-9_4
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.188.2035
, Tight Security Bounds for Key-Alternating Ciphers, pp.327-350
DOI : 10.1007/978-3-642-55220-5_19
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.295.903
, On the Provable Security of the Iterated Even-Mansour Cipher Against Related-Key and Chosen-Key Attacks, Oswald and Fischlin [OF15], pp.584-613
DOI : 10.1007/978-3-662-46800-5_23
, Cipher and Hash Function Design Strategies based on linear and differential cryptanalysis, 1995.
, A Design Principle for Hash Functions, pp.416-427
DOI : 10.1007/0-387-34805-0_39
, RIPEMD-160: A strengthened version of RIPEMD, Gollmann [Gol96], pp.71-82
DOI : 10.1007/3-540-60865-6_44
, Decomposing the ASASA Block Cipher Construction, IACR Cryptology ePrint Archive, vol.2015, p.507, 2015.
, Formal Aspects of Mobile Code Security, 1999.
, Related-Key Forgeries for Pr??st-OTR, pp.282-296
DOI : 10.1007/978-3-662-48116-5_14
, Special Feature Exhaustive Cryptanalysis of the NBS Data Encryption Standard, Computer, vol.10, issue.6, pp.74-84, 1977.
DOI : 10.1109/C-M.1977.217750
, Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions with Applications to PRINCE and PRIDE, pp.231-253
DOI : 10.1007/978-3-662-46800-5_10
URL : https://hal.archives-ouvertes.fr/hal-01235168
, A New Attack on the LEX Stream Cipher, Lecture Notes in Computer Science, vol.107, issue.5, pp.539-556, 2008.
DOI : 10.1007/3-540-69053-0_17
, The block cipher Square, Lecture Notes in Computer Science, vol.1267, pp.149-165, 1997.
DOI : 10.1007/BFb0052343
, Minimalism in Cryptography: The Even-Mansour Scheme Revisited, Lecture Notes in Computer Science, vol.7237, pp.2012-336, 2012.
DOI : 10.1007/978-3-642-29011-4_21
, White-Box Security Notions for Symmetric Encryption Schemes, pp.247-264
DOI : 10.1007/978-3-662-43414-7_13
, The Noekeon Block Cipher, 2000.
, The Design of Rijndael: AES ? The Advanced Encryption Standard, Information Security and Cryptography, 2002.
DOI : 10.1007/978-3-662-04722-4
, Finding SHA-1 Characteristics: General Results and Applications, Lecture Notes in Computer Science, vol.4284, pp.1-20, 2006.
, Probability distributions of correlation and differentials in block ciphers, Journal of Mathematical Cryptology, vol.1, issue.3, pp.221-242, 2007.
DOI : 10.1515/JMC.2007.011
, Preimages for Reduced SHA-0 and SHA-1 , CRYPTO, Lecture Notes in Computer Science, vol.5157, pp.179-202, 2008.
, Weight distributions of geometric Goppa codes, Transactions of the American Mathematical Society, vol.351, issue.09, pp.3609-3639, 1999.
DOI : 10.1090/S0002-9947-99-02179-0
, Higher-Order Differential Meet-in-the-middle Preimage Attacks on SHA-1 and BLAKE, Gennaro and Robshaw [GR15], pp.683-701
DOI : 10.1007/978-3-662-47989-6_33
URL : https://hal.archives-ouvertes.fr/hal-01183070
, A Construction of a Cipher From a Single Pseudorandom Permutation, p.91
, Security Amplification against Meet-in-the-Middle Attacks Using Whitening, Lecture Notes in Computer Science, vol.8308, pp.252-269, 2013.
DOI : 10.1007/978-3-642-45239-0_15
URL : https://hal.archives-ouvertes.fr/hal-01094298
, Efficient and Provable White-Box Primitives, Lecture Notes in Computer Science, vol.17, issue.1, pp.159-188, 2016.
DOI : 10.1007/978-3-662-46803-6_15
, Ballot 152 -Issuance of SHA-1 certificates through 2016 , Cabforum mailing list, 2015.
, Ballot 152 -Issuance of SHA-1 certificates through 2016 , Cabforum mailing list, 2015.
, The Related-Key Security of Iterated Even???Mansour Ciphers, pp.342-363
DOI : 10.1007/978-3-662-48116-5_17
, Advances in Cryptology ? CRYPTO, Lecture Notes in Computer Science, vol.3152, 2004.
, Algebraic Curves ? An Introduction to Algebraic Geometry, 2008.
, Statistical tables for biological, agricultural and medical research, 1948.
, Collision for 75-step SHA-1: Intensive Parallelization with GPU , IACR Cryptology ePrint Archive, p.641, 2011.
, María Naya-Plasencia, and François-Xavier Standaert, Block Ciphers That Are Easier to Mask: How Far Can We Go?, CHES Lecture Notes in Computer Science, vol.2013, issue.8086, pp.383-399, 2013.
, Analysis of BLAKE2, Lecture Notes in Computer Science, vol.8366, pp.402-423, 2014.
, Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2, Lecture Notes in Computer Science, vol.6477, pp.56-75, 2010.
DOI : 10.1007/978-3-642-17373-8_4
, François-Xavier Standaert, and Kerem Varici, LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations, Cid and Rechberger [CR15], pp.18-37
DOI : 10.1007/978-3-662-46706-0_2
, The PHOTON Family of Lightweight Hash Functions, Lecture Notes in Computer Science, vol.6841, pp.222-239, 2011.
DOI : 10.1007/978-3-642-22792-9_13
, The LED Block Cipher, Lecture Notes in Computer Science, vol.6917, pp.326-341, 2011.
DOI : 10.1007/978-3-642-23951-9_22
, Key-Recovery Attack on the ASASA Cryptosystem with Expanding S-Boxes, Gennaro and Robshaw [GR15], pp.475-490
DOI : 10.1007/978-3-662-47989-6_23
, Accelerating AES with Vector Permute Instructions, Clavier and Gaj [CG09], pp.18-32
DOI : 10.1007/978-3-642-04138-9_2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.520.9451
, Systematic encoding via Grobner bases for a class of algebraic-geometric Goppa codes, IEEE Transactions on Information Theory, vol.41, issue.6, pp.1752-1761, 1995.
DOI : 10.1109/18.476247
, CLOC: Authenticated Encryption for Short Input, Cid and Rechberger [CR15], pp.149-167
DOI : 10.1007/978-3-662-46706-0_8
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.431.1635
, Private Circuits: Securing Hardware against Probing Attacks, Lecture Notes in Computer Science, vol.2729, pp.463-481, 2003.
DOI : 10.1007/978-3-540-45146-4_27
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.115.9436
, Accélérateurs logiciels et matériels pour l'algèbre linéaire creuse sur les corps finis. (Hardware and Software Accelerators for Sparse Linear Algebra over Finite Fields), 2015.
, Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions, pp.306-316
DOI : 10.1007/978-3-540-28628-8_19
, Hash Functions and the (Amplified) Boomerang Attack, Lecture Notes in Computer Science, vol.4622, pp.244-263, 2007.
DOI : 10.1007/978-3-540-74143-5_14
, FOX : A New Family of Block Ciphers, Lecture Notes in Computer Science, vol.3357, pp.114-129, 2004.
DOI : 10.1007/978-3-540-30564-4_8
, From Distinguishers to Key Recovery: Improved Related-Key Attacks on Even-Mansour, Lecture Notes in Computer Science, vol.9290, pp.177-188, 2015.
DOI : 10.1007/978-3-319-23318-5_10
URL : https://hal.archives-ouvertes.fr/hal-01245365
, The Littlun S-box and the Fly Block Cipher, 2016.
, New Preimage Attacks against Reduced SHA-1, Safavi-Naini and Canetti [SC12], pp.367-383
DOI : 10.1007/978-3-642-32009-5_22
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.259.6003
, Practical Free-Start Collision Attacks on 76-step SHA-1, Gennaro and Robshaw [GR15], pp.623-642
DOI : 10.1007/978-3-662-47989-6_30
URL : https://hal.archives-ouvertes.fr/hal-01183066
, How to Protect DES Against Exhaustive Key Search (an Analysis of DESX), Journal of Cryptology, vol.14, issue.1, pp.17-35, 2001.
DOI : 10.1007/s001450010015
, Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family, Canteaut [Can12], pp.244-263
DOI : 10.1007/978-3-642-34047-5_15
, Second Preimages on n-Bit Hash Functions for Much Less than 2 n Work, Cramer [Cra05], pp.474-490
DOI : 10.1007/11426639_28
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.116.9667
, Faster and Timing-Attack Resistant AES-GCM, Clavier and Gaj [CG09], pp.1-17
DOI : 10.1007/978-3-642-04138-9_1
, Higher Order Derivatives and Differential Cryptanalysis, Communications and Cryptography, pp.227-233, 1994.
DOI : 10.1007/978-1-4615-2694-0_23
, Introduction to Coding Theory, Graduate Texts in Mathematics, vol.86, 1999.
, Markov Ciphers and Differential Cryptanalysis, Lecture Notes in Computer Science, vol.547, issue.91, pp.17-38, 1991.
DOI : 10.1007/3-540-46416-6_2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.36.2323
, A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro, Oswald and Fischlin [OF15], pp.254-283
DOI : 10.1007/978-3-662-46800-5_11
, On the Classification of 4 Bit S-Boxes, Lecture Notes in Computer Science, vol.4547, pp.159-176, 2007.
DOI : 10.1007/978-3-540-73074-3_13
, Cryptanalysis of Full RIPEMD-128, pp.228-244
DOI : 10.1007/978-3-642-38348-9_14
, A Failure-Friendly Design??Principle for??Hash??Functions, Lecture Notes in Computer Science, vol.3788, pp.474-494, 2005.
DOI : 10.1007/11593447_26
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.91.9598
, Classification and generation of disturbance vectors for collision attacks against SHA-1, Designs, Codes and Cryptography, vol.59, issue.1-3, pp.247-263, 2011.
DOI : 10.1007/s10623-010-9458-9
, Key-Recovery Attacks on ASASA, Tetsu Iwata Lecture Notes in Computer Science, vol.9453, pp.3-27, 2015.
DOI : 10.1007/978-3-662-48800-3_1
URL : https://hal.archives-ouvertes.fr/hal-01245381
, XPX: Generalized Tweakable Even-Mansour with Improved Security Guarantees, pp.64-94
DOI : 10.1007/978-3-662-53018-4_3
, A Digital Signature Based on a Conventional Encryption Function, CRYPTO '87 (Carl Pomerance, Lecture Notes in Computer Science, vol.293, pp.369-378, 1987.
, One Way Hash Functions and DES, pp.428-446
, SHA-1 Deprecation Update, Microsoft blog, 2015.
, Parallelizable Rate-1 Authenticated Encryption from Pseudorandom Functions, pp.275-292
DOI : 10.1007/978-3-642-55220-5_16
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.431.9300
, Continuing to Phase Out SHA-1 Certificates, Mozilla Security Blog, 2015.
, Collisions on SHA-0 in One Hour, pp.16-35
DOI : 10.1007/978-3-540-71039-4_2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.412.4652
, The Impact of Carries on the Complexity of Collision Attacks on SHA-1, Lecture Notes in Computer Science, vol.4047, pp.278-292, 2006.
DOI : 10.1007/11799313_18
, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology, Lecture Notes in Computer Science, vol.2951, pp.21-39, 2004.
, Collision Attack on 5 Rounds of Gr??stl, Cid and Rechberger [CR15], pp.509-521
DOI : 10.1007/978-3-662-46706-0_26
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.465.6594
, The Theory of Error-Correcting Codes, 2006.
, On the Distribution of Characteristics in Bijective Mappings, J. Cryptology, vol.8, issue.2, pp.67-86, 1995.
, Hash functions based on block ciphers: a synthetic approach, Lecture Notes in Computer Science, vol.773, pp.93-368, 1993.
DOI : 10.1007/3-540-48329-2_31
URL : https://lirias.kuleuven.be/bitstream/123456789/234170/2/article-48.pdf
, The Cipher SHARK, Gollmann [Gol96], pp.99-111
, The MD4 Message Digest Algorithm, Lecture Notes in Computer Science, vol.537, pp.90-303, 1990.
DOI : 10.17487/rfc1320
, RFC 1321: The MD5 Message-Digest Algorithm, 1992.
DOI : 10.17487/rfc1321
, Analyse de la résistance des chiffrements par blocs aux attaques linéaires et différentielles. (On the resistance of block ciphers to differential and linear cryptanalyses), 2015.
, Finding Preimages in Full MD5 Faster Than Exhaustive Search, Lecture Notes in Computer Science, vol.5479, pp.134-152, 2009.
DOI : 10.1007/11426639_2
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.476.1544
, Cryptanalysis of Block Ciphers Based on SHA-1 and MD5, Lecture Notes in Computer Science, vol.2887, pp.36-44, 2003.
DOI : 10.1007/978-3-540-39887-5_4
, Cryptographic Analysis of All 4 × 4-Bit S-Boxes, Lecture Notes in Computer Science, vol.7118, pp.118-133, 2011.
, When Will We See Collisions for SHA-1?, Schneier on Security, 2012.
, Recursive Diffusion Layers for Block Ciphers and Hash Functions, Canteaut [Can12], pp.385-401
DOI : 10.1007/978-3-642-34047-5_22
URL : http://infoscience.epfl.ch/record/176365
, Algebraic-geometric codes and multidimensional cyclic codes: a unified theory and algorithms for decoding using Grobner bases, IEEE Transactions on Information Theory, vol.41, issue.6, pp.1733-1751, 1995.
DOI : 10.1109/18.476246
, Freestart Collision for Full SHA-1, Lecture Notes in Computer Science, vol.9665, pp.459-483, 2016.
DOI : 10.1007/978-3-662-49890-3_18
URL : https://hal.archives-ouvertes.fr/hal-01251023
, TWINE: A Lightweight Block Cipher for Multiple Platforms, pp.339-354
DOI : 10.1007/978-3-642-35999-6_22
, Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate, Halevi [Hal09], pp.55-69
DOI : 10.1007/978-3-642-03356-8_4
, Attacks on Hash Functions and Applications, 2012.
, New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis, pp.245-261
DOI : 10.1007/978-3-642-38348-9_15
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.1027.5684
, Algebraic Function Fields and Codes, Graduate Texts in Mathematics, vol.254, 2009.
, Efficient Cache Attacks on AES, and Countermeasures, Journal of Cryptology, vol.10, issue.4, pp.37-71, 2010.
DOI : 10.1007/s00145-009-9049-y
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.150.1984
, Algebraic Geometric Codes: Basic Notions, Mathematical Surveys and Monographs, vol.139, 2007.
DOI : 10.1090/surv/139
, Finding Optimal Bitsliced Implementations of 4 × 4-bit S-boxes, 2011.
, Recursive Diffusion Layers for (Lightweight) Block Ciphers and Hash Functions, pp.355-371
DOI : 10.1007/978-3-642-35999-6_23
, Finding Collisions in the Full SHA-1, Shoup [Sho05], pp.17-36
DOI : 10.1007/11535218_2
, Efficient Collision Search Attacks on SHA-0, Shoup [Sho05], pp.1-16
DOI : 10.1007/11535218_1
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.86.9654
, A strict evaluation method on the number of conditions for the SHA-1 collision search, Proceedings of the 2008 ACM symposium on Information, computer and communications security , ASIACCS '08, pp.10-20, 2008.
DOI : 10.1145/1368310.1368316
, A New Strategy for Finding a Differential Path of SHA-1, Lecture Notes in Computer Science, vol.4586, pp.45-58, 2007.
DOI : 10.1007/978-3-540-73458-1_4
, RECTANGLE: ?????????????????????????????????????????????????????????, Science China Information Sciences, vol.41, issue.12, pp.2014-84, 2014.
DOI : 10.1007/s11432-015-5459-7
, Improved preimage attack on one-block MD4, Journal of Systems and Software, vol.85, issue.4, pp.981-994, 2012.
DOI : 10.1016/j.jss.2011.11.1020
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.400.6489
, Bit-Pattern Based Integral Attack, pp.363-381