Block ciphers -focus on the linear layer (feat. PRIDE). In: CRYPTO (2), Lecture Notes in Computer Science, vol.8616, pp.57-76, 2014. ,
Farfalle: parallel permutation-based cryptography, IACR Trans. Symmetric Cryptol, vol.2017, issue.4, pp.1-38, 2017. ,
Slide attacks, FSE. Lecture Notes in Computer Science, vol.1636, pp.245-259, 1999. ,
Quantum key-recovery on full AEZ, Selected Areas in Cryptography -SAC 2017, vol.10719, pp.394-406, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01650026
Hidden shift quantum cryptanalysis and implications, ASIACRYPT 2018, vol.11272, pp.560-592, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01953914
On quantum slide attacks, Selected Areas in Cryptography -SAC 2019, 2020. ,
URL : https://hal.archives-ouvertes.fr/hal-01946399
PRINCE -A low-latency block cipher for pervasive computing applications -extended abstract, ASIACRYPT. Lecture Notes in Computer Science, vol.7658, pp.208-225, 2012. ,
Quantum amplitude amplification and estimation, Contemporary Mathematics, vol.305, pp.53-74, 2002. ,
Quantum cryptanalysis of hash and claw-free functions, LATIN '98: Theoretical Informatics, Third Latin American Symposium, vol.1380, pp.163-169, 1998. ,
Saturnin: a suite of lightweight symmetric algorithms for post-quantum security, 2019. ,
Codes, bent functions and permutations suitable for DES-like cryptosystems, Designs, Codes and Cryptography, vol.15, issue.2, pp.125-156, 1998. ,
An efficient quantum collision search algorithm and implications on symmetric cryptography, ASI-ACRYPT, vol.10625, pp.211-240, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01651007
Beetle family of lightweight and secure authenticated encryption ciphers, IACR Trans. Cryptogr. Hardw. Embed. Syst, vol.2018, issue.2, pp.218-241, 2018. ,
Adiantum: length-preserving encryption for entrylevel processors, IACR Trans. Symmetric Cryptol, issue.4, pp.39-61, 2018. ,
Limitations of the even-mansour construction, ASIACRYPT 1991, vol.739, pp.495-498, 1991. ,
The design of xoodoo and xoofff, IACR Trans. Symmetric Cryptol, issue.4, pp.1-38, 2018. ,
Cryptanalytic time-memory-data tradeoffs for fx-constructions with applications to PRINCE and PRIDE, EUROCRYPT 2015. Lecture Notes in Computer Science, vol.9056, pp.231-253, 2015. ,
URL : https://hal.archives-ouvertes.fr/hal-01235168
Cryptanalysis of iterated evenmansour schemes with two keys, ASIACRYPT 2014, vol.8873, pp.439-457, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-01086179
A construction of a cipher from a single pseudorandom permutation, J. Cryptology, vol.10, issue.3, pp.151-162, 1997. ,
Quantum Security of Cryptographic Primitives, 2017. ,
Applying grover's algorithm to AES: quantum resource estimates, PQCrypto. Lecture Notes in Computer Science, vol.9606, pp.29-43, 2016. ,
A Fast Quantum Mechanical Algorithm for Database Search, Proceedings of the Twenty-Eighth Annual ACM Symposium on the Theory of Computing, pp.212-219, 1996. ,
Cryptanalysis against symmetric-key schemes with online classical queries and offline quantum computations, CT-RSA, vol.10808, pp.198-218, 2018. ,
Breaking symmetric cryptosystems using quantum period finding, Lecture Notes in Computer Science, vol.9815, issue.2, pp.207-237, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01404196
Quantum differential and linear cryptanalysis, IACR Trans. Symmetric Cryptol, vol.2016, issue.1, pp.71-94, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01652807
How to protect DES against exhaustive key search, CRYPTO. Lecture Notes in Computer Science, vol.1109, pp.252-267, 1996. ,
A subexponential-time quantum algorithm for the dihedral hidden subgroup problem, SIAM J. Comput, vol.35, issue.1, pp.170-188, 2005. ,
Another subexponential-time quantum algorithm for the dihedral hidden subgroup problem, TQC 2013. LIPIcs, vol.22, pp.20-34, 2013. ,
Quantum distinguisher between the 3-round feistel cipher and the random permutation, IEEE International Symposium on Information Theory, ISIT 2010, Proceedings, pp.2682-2685, 2010. ,
Security on the quantum-type even-mansour cipher, Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, pp.312-316, 2012. ,
Grover Meets Simon -Quantumly Attacking the FXconstruction, ASIACRYPT 2017, vol.10625, pp.161-178, 2017. ,
XTS: A mode of AES for encrypting hard disks, IEEE Security & Privacy, vol.8, issue.3, pp.68-69, 2010. ,
Chaskey: An efficient MAC algorithm for 32-bit microcontrollers, Selected Areas in Cryptography, vol.8781, pp.306-323, 2014. ,
, National Institute of Standards and Technlology: Submission requirements and evaluation criteria for the post-quantum cryptography standardization process, 2016.
Quantum computation and quantum information, 2002. ,
A note on quantum related-key attacks, Inf. Process. Lett, vol.115, issue.1, pp.40-44, 2015. ,
, , 2015.
Algorithms for quantum computation: Discrete logarithms and factoring, 35th Annual Symposium on Foundations of Computer Science, pp.124-134, 1994. ,
On the Power of Quantum Computation, 35th Annual Symposium on Foundations of Computer Science, pp.116-123, 1994. ,
Chosen-key attacks on a block cipher, Cryptologia, vol.11, issue.1, pp.16-20, 1987. ,
, Note that, given such S ? , by using an ancilla qubit we can implement a unitary operator S ? such that