The same property also holds for the inverse function, S ?1 16 , whose components have degree 9, The choice of the 4-bit Sboxes 0 and 1 guarantees that all components of the Super-Sbox (i.e., all non-trivial linear combinations of its coordinates) have degree 9, vol.8616, pp.57-76, 2014. ,
Quantum walk algorithm for element distinctness, SIAM J. Comput, vol.37, issue.1, pp.210-239, 2007. ,
Quantumsecure message authentication via blind-unforgeability. IACR Cryptology ePrint Archive, 2018. ,
Post-quantum security of the CBC, CFB, OFB, CTR, and XTS modes of operation, Post-Quantum Cryptography -7th International Workshop, pp.44-63, 2016. ,
, , 2016.
Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials, LNCS, vol.1592, pp.12-23, 1999. ,
On the influence of the algebraic degree of ?1 on the algebraic degree of ?, IEEE Trans. Information Theory, vol.59, issue.1, pp.691-702, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-00738398
Higher-order differential properties of Keccak and Luffa, LNCS, vol.6733, pp.252-269, 2011. ,
URL : https://hal.archives-ouvertes.fr/inria-00537741
Keying hash functions for message authentication, CRYPTO'96, vol.1109, pp.1-15, 1996. ,
Improved key recovery attacks on reduced-round AES with practical data and memory complexities, CRYPTO 2018, Part II, vol.10992, pp.185-212, 2018. ,
New proofs for NMAC and HMAC: Security without collision resistance, Journal of Cryptology, vol.28, issue.4, pp.844-878, 2015. ,
Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete, SHARCS 2009, pp.105-116, 2009. ,
Quantum cryptanalysis of hash and claw-free functions, LNCS, vol.1380, pp.163-169, 1998. ,
The SKINNY family of block ciphers and its low-latency variant MANTIS, CRYPTO 2016, Part II, vol.9815, pp.123-153, 2016. ,
A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications, LNCS, vol.2656, pp.491-506, 2003. ,
Related-key cryptanalysis of the full AES-192 and AES-256, LNCS, vol.5912, pp.1-18, 2009. ,
Distinguisher and related-key attack on the full AES-256, LNCS, vol.5677, pp.231-249, 2009. ,
Biclique cryptanalysis of the full AES, LNCS, vol.7073, pp.344-371, 2011. ,
Making the impossible possible, Journal of Cryptology, vol.31, issue.1, pp.101-133, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01953916
Authenticated encryption: Relations among notions and analysis of the generic composition paradigm, Journal of Cryptology, vol.21, issue.4, pp.469-491, 2008. ,
Quantum security analysis of AES. IACR Cryptology ePrint Archive, 2019. ,
URL : https://hal.archives-ouvertes.fr/hal-02397049
Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient cryptography, LNCS, vol.1976, pp.317-330, 2000. ,
Quantum-secure message authentication codes, LNCS, vol.7881, pp.592-608, 2013. ,
Secure signatures and chosen ciphertext security in a quantum computing world, CRYPTO 2013, Part II, vol.8043, pp.361-379, 2013. ,
An efficient quantum collision search algorithm and implications on symmetric cryptography, Part, vol.II, pp.211-240, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01651007
Improved key recovery attacks on reduced-round AES in the single-key setting, LNCS, vol.7881, pp.371-387, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-01094304
The block cipher Square, LNCS, vol.1267, pp.149-165, 1997. ,
MDS matrices with lightweight circuits, IACR Trans. Symm. Cryptol, vol.2018, issue.2, pp.48-78, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01944495
AES Proposal: Rijndael. Submission to the NIST AES competition, 1999. ,
AES and the wide trail design strategy (invited talk), LNCS, vol.2332, pp.108-109, 2002. ,
The Design of Rijndael: AES -The Advanced Encryption Standard. Information Security and Cryptography, 2002. ,
A meet-in-the-middle attack on 8-round AES, LNCS, vol.5086, pp.116-126, 2008. ,
Quantum Security of Cryptographic Primitives, 2017. ,
SHA-3 proposal: ECHO. Submission to NIST, 2008. ,
Semantic security and indistinguishability in the quantum world, CRYPTO 2016, Part III, vol.9816, pp.60-89, 2016. ,
Monty Python and the Holy Grail. Distributed by EMI Films, 1975. ,
Grøstl -a SHA-3 candidate. Submission to NIST, 2008. ,
Applying Grover's algorithm to AES: Quantum resource estimates, pp.29-43, 2016. ,
Improving integral attacks against Rijndael-256 up to 9 rounds, LNCS, vol.5023, pp.1-15, 2008. ,
How significant are the known collision and element distinctness quantum algorithms?, Quantum Information & Computation, vol.4, pp.201-206, 2004. ,
Mixture differential cryptanalysis: a new approach to distinguishers and attacks on round-reduced AES, IACR Trans. Symm. Cryptol, vol.2018, issue.2, pp.133-160, 2018. ,
A fast quantum mechanical algorithm for database search, 28th ACM STOC, pp.212-219, 1996. ,
A new structuraldifferential property of 5-round AES, Part, vol.II, pp.289-317, 2017. ,
Building quantum-one-way functions from block ciphers: Davies-Meyer and Merkle-Damgård constructions, ASIACRYPT 2018, Part I, volume 11272 of LNCS, pp.275-304, 2018. ,
The LANE hash function. Submission to NIST, 2008. ,
, Quantum cryptanalysis in the RAM model: Claw-finding attacks on SIKE. IACR Cryptology ePrint Archive, 2019.
Breaking symmetric cryptosystems using quantum period finding, CRYPTO 2016, Part II, vol.9815, pp.207-237, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01404196
Quantum differential and linear cryptanalysis, IACR Trans. Symm. Cryptol, vol.2016, issue.1, pp.71-94, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01652807
Quantum distinguisher between the 3-round Feistel cipher and the random permutation, ISIT 2010, pp.2682-2685, 2010. ,
Security on the quantum-type even-mansour cipher, ISITA 2012, pp.312-316, 2012. ,
On the Classification of 4 Bit S-Boxes ,
, LNCS, vol.4547, pp.159-176, 2007.
The missing difference problem, and its applications to counter mode encryption, EUROCRYPT 2018, Part II, vol.10821, pp.745-770, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01953390
Searching for subspace trails and truncated differentials, IACR Trans. Symm. Cryptol, vol.2018, issue.1, pp.74-100, 2018. ,
Distinguishers for ciphers and known key attack against Rijndael with large blocks, LNCS, vol.5580, pp.60-76 ,
URL : https://hal.archives-ouvertes.fr/inria-00524350
, , 2009.
3D: A three-dimensional block cipher, CANS 08, vol.5339, pp.252-267, 2008. ,
, SP 800-38A: Recommendation for Block Cipher Modes of Operation: Methods and Techniques, 2001.
, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, NIST FIPS PUB, vol.202, 2015.
, Submission requirements and evaluation criteria for the post-quantum cryptography standardization process, 2016.
, Quantum Computing: Progress and Prospects, 2018.
Quantum computation and quantum information, 2002. ,
Impossible-differential attacks on large-block Rijndael, LNCS, vol.4779, pp.104-117, 2007. ,
, , 2007.
Yoyo tricks with AES, ASIACRYPT 2017, Part I, vol.10624, pp.217-243, 2017. ,
Known-key attacks on Rijndael with large blocks and strengthening ShiftRow parameter, LNCS, vol.10, pp.301-315, 2010. ,
Algorithms for quantum computation: Discrete logarithms and factoring, 35th FOCS, pp.124-134, 1994. ,
On the power of quantum computation, 35th FOCS, pp.116-123, 1994. ,
Post-quantum security models for authenticated encryption, pp.64-78, 2016. ,
New insights on AES-like SPN ciphers, CRYPTO 2016, Part I, vol.9814, pp.605-624, 2016. ,
Quantum security of NMAC and related constructions -PRF domain extension against quantum attacks, Part, vol.II, pp.283-309, 2017. ,
Finding optimal bitsliced implementations of 4x4-bit s-boxes, SKEW 2011, 2011. ,
Parallel collision search with cryptanalytic applications, Journal of Cryptology, vol.12, issue.1, pp.1-28, 1999. ,
Improved impossible differential attacks on large-block Rijndael, Taekyoung Kwon, Mun-Kyu Lee, and Daesung Kwon, vol.12, pp.126-140, 2013. ,
A note on the quantum collision and set equality problems, Quantum Information & Computation, vol.15, pp.557-567, 2015. ,
How to record quantum queries, and applications to quantum indifferentiability, Cryptology ePrint Archive, 2018. ,
Improved impossible differential attacks on large-block Rijndael, LNCS, vol.5222, pp.298-315, 2008. ,
,
A) */ \ 14 MUL_INV(x8, x9, xa, xb, tmp) ,
,