.. .. Définitions,

. .. Le-prg-considéré,

. .. Attaque-"supposer,

. .. ,

. .. Attaques, 6.4 Sur la dimension de l'espace des annulateurs

. .. Conclusion, , vol.194

[. Bibliographie, A. Abd-+-16a]-elena-andreeva, N. Bogdanov, A. Datta, B. Luykx et al., Cryptanalysis of full morus. ASIACRYPT 2018, pp.1-30, 2016.

J. Aumasson, M. Finiasz, W. Meier, and S. Vaudenay, TCHo : A hardware-oriented trapdoor cipher, LNCS, vol.4586, pp.184-199, 2007.

M. Alekhnovich, E. A. Hirsch, and D. Itsykson, Exponential lower bounds for the running time of DPLL algorithms on satisfiable formulas, Josep Díaz, Juhani Karhumäki, Arto Lepistö et Donald Sannella,éditeurs : ICALP 2004, vol.3142, pp.84-96, 2004.

B. Applebaum, Y. Ishai, and . Kushilevitz, Cryptography in NC 0 . In 45th FOCS, pp.166-175, 2004.

B. Applebaum, Y. Ishai, and . Kushilevitz, On pseudorandom generators with linear stretch in NC 0, Computational Complexity, vol.17, issue.1, pp.38-69, 2008.

J. Aumasson, Miroslaw Kutylowski et Jaideep Vaidya,éditeurs : ESORICS 2014, Part II, vol.8713, pp.19-36, 2014.

B. Applebaum and S. Lovett, Algebraic attacks against random local functions and their countermeasures, Daniel Wichs et Yishay Mansour,éditeurs : 48th ACM STOC, pp.1087-1100, 2016.

R. J. Anderson, Searching for the optimum correlation attack, Bart Preneel,éditeur : FSE'94, volume 1008 de LNCS, pp.137-143, 1995.

B. Applebaum, ;. Martin, R. Albrecht, C. Rechberger, and T. Schneider, Tyge Tiessen et Michael Zohner : Ciphers for MPC and FHE, Elisabeth Oswald et Marc Fischlin,éditeurs : EUROCRYPT 2015, Part I, volume 9056 de LNCS, vol.165, pp.430-454, 2015.

R. Avanzi, The QARMA block cipher family, IACR Trans. Symm. Cryptol, vol.2017, issue.1, pp.4-44, 2017.

M. Aigner, M. Günter, and . Ziegler, Proofs from THE BOOK, 2004.

S. Babbage, ;. Banik, A. Bogdanov, T. Isobe, K. Shibutani et al., Toru Akishita et Francesco Regazzoni : Midori : A block cipher for low energy, European Convention on Security and Detection, numéro 408. IEEE Conference Publication, vol.9453, pp.411-436, 1995.

C. Boura, A. Canteaut, and C. De-cannière, Higher-order differential properties of Keccak and Luffa, Antoine Joux,éditeur : FSE 2011, vol.6733, pp.252-269
URL : https://hal.archives-ouvertes.fr/inria-00537741

J. Springer, A. Borghoff, T. Canteaut, . Güneysu, M. Elif-bilge-kavun et al., PRINCE -A low-latency block cipher for pervasive computing applications -extended abstract, Xiaoyun Wang et Kazue Sako,éditeurs : ASIACRYPT 2012, vol.7658, pp.208-225, 2011.

C. Beierle, A. Canteaut, G. Leander, and Y. Rotella, Proving resistance against invariant attacks : How to choose the round constants, Part, vol.II, pp.647-678, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01631130

G. Bertoni and J. Daemen, Michaël Peeters et Gilles Van Assche : Sponge functions. Ecrypt Hash Workshop, 2007.

G. Bertoni and J. Daemen, Michaël Peeters et Gilles Van Assche : Permutation-based encryption, authentication and authenticated encryption, DIAC, 2012.

G. Bertoni and J. Daemen, Michael Peeters et Gilles Van Assche : Keccak, Thomas Johansson et Phong Q. Nguyen, editeurs : EUROCRYPT 2013, vol.7881, pp.313-314

. Springer, , 2013.

G. Bertoni, J. Daemen, M. Peeters, and G. Van-assche, On the indifferentiability of the sponge construction, LNCS, vol.4965, pp.181-197, 2008.

G. Bertoni, J. Daemen, M. Peeters, and G. Van-assche, Duplexing the sponge : Single-pass authenticated encryption and other applications, LNCS, vol.7118, pp.320-337, 2011.

L. Bettale, Cryptanalyse algébrique : outils et applications, 2011.

S. Banik, T. Isobe, J. Masakatu-morii-;-christof-beierle, S. Jean, G. Kölbl et al., The SKINNY family of block ciphers and its low-latency variant MANTIS, On design of robust lightweight stream cipher with short internal state. IEICE Transactions, vol.9815, pp.450-466, 2007.

K. Bhargavan and G. Leurent, On the practical (in-)security of 64-bit block ciphers : Collision attacks on HTTP over TLS and openvpn, éditeurs : Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp.456-467, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01404208

E. Richard and . Blahut, Theory and practice of error control codes, 1983.

R. E. Blahut, ;. Braeken, J. Lano, N. Mentens, and B. , Preneel et I. Verbauwhede : SFINKS : a synchronous stream cipher for restricted hardware environments, Fast algorithms for digital signal processing, 1985.

A. Bogdanov and Y. Qiao, On the security of Goldreich's one-way function, Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques, pp.392-405

. Springer, , 2009.

A. Bogdanov and C. Rechberger, A 3-subset meetin-the-middle attack : Cryptanalysis of the lightweight block cipher KTANTAN, Alex Biryukov, Guang Gong et Douglas R. Stinson,éditeurs : SAC 2010, vol.6544, pp.229-240

R. Springer, D. Beaulieu, J. Shors, S. Smith, and . Treatmanclark, Bryan Weeks et Louis Wingers : The SIMON and SPECK families of lightweight block ciphers, Cryptology ePrint Archive, 2011.

B. Buchberger, A theoretical basis for the reduction of polynomials to canonical forms, SIGSAM Bull, vol.10, issue.3, pp.19-29

A. Biryukov and D. Wagner, éditeur : FSE'99, volume 1636 de LNCS, pp.245-259

. Springer, , 1999.

A. Biryukov and D. Wagner, Advanced slide attacks, Bart Preneel,éditeur : EUROCRYPT 2000, volume 1807 de LNCS, pp.589-606, 2000.

C. De-cannière, Trivium : A stream cipher construction inspired by block cipher design principles, LNCS, vol.4176, pp.171-186, 2006.

. Springer, , 2006.

C. Carlet, On the higher order nonlinearities of algebraic immune functions, Cynthia Dwork,éditeur : CRYPTO 2006, vol.4117, pp.584-601, 2006.

C. Carlet-;-anne-canteaut, S. Carpov, C. Fontaine, and T. Lepoint, María Naya-Plasencia, Pascal Paillier et Renaud Sirdey : Stream ciphers : A practical solution for efficient homomorphicciphertext compression, Yves Crama et Peter Hammer,éditeurs : Boolean Methods and Models, vol.7881, pp.1-55, 2007.

J. Cook, O. Etesami, R. Miller, . Luca-trevisan-;-colin, T. Chaigneau et al., On the one-way function candidate proposed by Goldreich, Cryptanalysis of NORX v2.0. IACR Trans. Symm. Cryptol, vol.6, pp.156-174, 2014.

P. Chose, A. Joux, and M. Mitton, Fast correlation attacks : An algorithmic point of view, In Lars R. Knudsen, vol.2332, pp.209-221, 2002.

V. Vladimor, T. Chepyzhov, . Johansson, and J. M. Ben, Smeets : A simple algorithm for fast correlation attacks on stream ciphers, Bruce Schneier,éditeur : FSE 2000, volume 1978 de LNCS, pp.181-195, 2001.

M. Cryan and . Peter-bro-miltersen, On pseudorandom generators in NC, Jirí Sgall, Ales Pultr et Petr Kolman,éditeurs : Mathematical Foundations of Computer Science, vol.2136, pp.272-284, 2001.

N. Courtois and W. Meier, Algebraic attacks on stream ciphers with linear feedback, Eli Biham,éditeur : EURO-CRYPT 2003, volume 2656 de LNCS, pp.345-359, 2003.

C. Carlet, P. Méaux, and Y. Rotella, Boolean functions with restricted input and their robustness ; application to the FLIP cipher, IACR Trans. Symm. Cryptol, vol.2017, issue.3, pp.192-227, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01633506

C. Carlet, P. Méaux, and Y. Rotella, Boolean functions with restricted input and their robustness ; application to the FLIP cipher, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01633506

, Anne Canteaut et María Naya-Plasencia : Correlation attacks on combination generators, Cryptography and Communications, vol.4, issue.3-4, pp.147-171, 2012.

A. Canteaut, M. Naya-plasencia-et-bastien, and . Vayssière, Sieve-in-the-middle : Improved MITM attacks, Ran Canetti et Juan A. Garay,éditeurs : CRYPTO 2013, Part I, vol.8042, pp.222-240, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00857358

N. Courtois, Fast algebraic attacks on stream ciphers with linear feedback, Dan Boneh,éditeur : CRYPTO 2003, volume 2729 de LNCS, pp.176-194, 2003.

A. Canteaut and Y. Rotella, Attacks against filter generators exploiting monomial mappings, Thomas Peyrin,éditeur : FSE 2016, volume 9783 de LNCS, pp.78-98, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01401009

A. Canteaut and . Trabbia, Improved fast correlation attacks using parity-check equations of weight 4 and 5, Bart Preneel,éditeur : EUROCRYPT 2000, volume 1807 de LNCS, pp.573-588, 2000.

I. Dinur, O. Dunkelman, N. Keller, and A. Shamir, Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems, Mendel et Christian Rechberger : Rasta : A cipher with low ANDdepth and few ANDs per bit, vol.7417, pp.719-740, 2018.

C. Dobraunig, M. Eichlseder, F. Mendel, and M. Schläffer, , 2017.

D. Steven-dummit, M. Richard, and . Foote, Abstract algebra

A. Duc, J. Guo, T. Peyrin, and L. Wei, Unaligned rebound attack : Application to Keccak, Anne Canteaut, vol.7549, pp.402-421, 2012.

W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Trans. Information Theory, vol.22, issue.6, pp.644-654, 1976.

Y. Doröz, Y. Hu, and B. Sunar, Homomorphic AES evaluation using the modified LTV scheme, Des. Codes Cryptography, vol.80, issue.2, pp.333-358, 2016.

J. F. Dillon, Elementary Hadamard difference sets, 1974.

I. Dumer and O. Kapralova, Spherically punctured biorthogonal codes, IEEE Trans. Information Theory, vol.59, issue.9, pp.6010-6017, 2013.

I. Dumer and O. Kapralova, Spherically punctured reedmuller codes, IEEE Trans. Information Theory, vol.63, issue.5, pp.2773-2780, 2017.

S. Duval and G. Leurent, MDS matrices with lightweight circuits. IACR Trans. Symmetric Cryptol, vol.2018, issue.2, pp.48-78, 2018.

S. Duval, V. Lallemand, and Y. Rotella, Cryptanalysis of the FLIP family of stream ciphers, Matthew Robshaw et Jonathan Katz,éditeurs : CRYPTO 2016, Part I, vol.9814, pp.457-475, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01404145

X. Dong, Z. Li, X. Wang, and L. Qin, Cube-like attack on round-reduced initialization of Ketje Sr, IACR Trans. Symm. Cryptol, vol.2017, issue.1, pp.259-280, 2017.

H. Dobbertin, Construction of Bent functions and balanced Boolean functions with high nonlinearity, Bart Preneel,éditeur : FSE'94, volume 1008 de LNCS, pp.61-74, 1995.

J. Daemen and M. Peeters, Gilles Van Assche et Vincent Rijmen : Noekeon, Proceedings of the first NESSIE Workshop, 2000.

J. Daemen and . Vincent-rijmen, The Design of Rijndael : AES -The Advanced Encryption Standard. Information Security and Cryptography, 2002.

Y. Doröz, A. Shahverdi, T. Eisenbarth, and B. Sunar, Toward practical homomorphic evaluation of block ciphers using Prince, éditeurs : FC 2014 Workshops, vol.8438, pp.208-220, 2014.

O. Dunkelman, G. Sekar, and B. Preneel, Improved meet-in-the-middle attacks on reduced-round DES, LNCS, vol.4859, pp.86-100, 2007.

E. Dawson and C. Wu, On the linear structure of symmetric Boolean functions, Australasian Journal of Combinatorics, vol.16, pp.239-243, 1997.

, Cryptology : The eSTREAM Stream Cipher Project, 2005.

P. Ekdahl and T. Johansson, SNOW -a new stream cipher, Proceedings of First NESSIE Workshop, 2000.

J. Faugere, A new efficient algorithm for computing Grobner bases (F4), Journal of Pure and Applied Algebra, vol.139, issue.1, pp.61-88, 1999.
URL : https://hal.archives-ouvertes.fr/hal-01148855

J. Charles-faugere, A new efficient algorithm for computing Grobner bases without reduction to zero (F5), Proceedings of the 2002 International Symposium on Symbolic and Algebraic Computation, ISSAC '02, pp.75-83, 2002.

T. Fuhr, M. Naya-plasencia, and Y. Rotella, Staterecovery attacks on modified Ketje Jr. IACR Trans. Symmetric Cryptol, vol.2018, issue.1, pp.29-56, 2018.

P. Flajolet and R. Sedgewick, Analytic Combinatorics, 2009.
URL : https://hal.archives-ouvertes.fr/inria-00072739

C. Gentry, Fully homomorphic encryption using ideal lattices, Michael Mitzenmacher,éditeur : 41st ACM STOC, pp.169-178, 2009.

W. Solomon, G. Golomb, and . Gong, Signal Design for Good Correlation : For Wireless Communication, Cryptography, and Radar, 2004.

O. Goldreich, S. Goldwasser, and S. Micali, How to construct random functions, Journal of the ACM, vol.33, issue.4, pp.792-807, 1986.

C. Gentry, S. Halevi, and N. P. Smart, Homomorphic evaluation of the AES circuit, Reihaneh Safavi-Naini et Ran Canetti,éditeurs : CRYPTO 2012, vol.7417, pp.850-867, 2012.

M. Giesbrecht-;-jian-guo, J. Jean, I. Nikolic, K. Qiao, Y. Sasaki et al., Invariant subspace attack against Midori64 and the resistance criteria for S-box designs, IACR Trans. Symm. Cryptol, vol.24, issue.5, pp.33-56, 1995.

J. Guo, M. Liu, and L. Song, Linear structures : Applications to cryptanalysis of round-reduced Keccak, Jung Hee Cheon et Tsuyoshi Takagi,éditeurs : ASIACRYPT 2016, Part I, volume 10031 de LNCS, pp.249-274, 2016.

N. Shay-gueron and . Mouha, SPHINCS-simpira : Fast stateless hash-based signatures with post-quantum security, Cryptology ePrint Archive, 2017.

J. Dj, Golic : Cryptanalysis of alleged A5 stream cipher, Walter Fumy,éditeur : EUROCRYPT'97, volume 1233 de LNCS, pp.239-255, 1997.

O. Goldreich, Candidate one-way functions based on expander graphs, Cryptology ePrint Archive, 2000.

, Guang Gong : A closer look at selective DFT attacks, 2011.

D. H. Gottlieb, A certain class of incidence matrices, Proceedings of the American Mathematical Society, vol.17, issue.6, pp.1233-1237, 1966.

J. Guo, T. Peyrin, A. Poschmann, and J. B. Matthew, Robshaw : The LED block cipher, Bart Preneel et Tsuyoshi Takagi,éditeurs : CHES 2011, vol.6917, pp.326-341, 2011.

G. Gong and S. Rønjom, Tor Helleseth et Honggang Hu : Fast discrete Fourier spectra attacks on stream ciphers, IEEE Trans. Information Theory, vol.57, issue.8, pp.5555-5565, 2011.

S. Halevi, D. Coppersmith, S. Charanjit, and . Jutla, Scream : A software-efficient stream cipher, LNCS, vol.2365, pp.195-209

. Springer, , 2002.

M. E. Hellman, A cryptanalytic time-memory trade-off, IEEE Trans. Information Theory, vol.26, issue.4, pp.401-406, 1980.

, Tor Helleseth : Maximal-length sequences, Encyclopedia of Cryptography and Security, pp.763-766, 2011.

. Israel-nathan-herstein, Topics in Algebra, 1975.

T. Herlestam, On linear shift registers with permuted feedback, Ingemar Ingemarsson,éditeur : EUROCRYPT'86, pp.38-39, 1986.

M. Hell, T. Johansson, and L. Brynielsson, An overview of distinguishing attacks on stream ciphers, Cryptography and Communications, vol.1, issue.1, pp.71-94, 2009.

M. Hell, T. Johansson, and W. Meier, Grain : A stream cipher for constrained environments, 2005.

P. Hawkes and G. G. Rose, Exploiting multiples of the connection polynomial in word-oriented stream ciphers, Tatsuaki Okamoto,éditeur : ASIACRYPT 2000, volume 1976 de LNCS, pp.303-316, 2000.

T. Helleseth and S. Rønjom, Simplifying algebraic attacks with univariate analysis, Information Theory and Applications -ITA 2011, pp.153-159, 2011.

J. Jean, Cryptanalysis of Haraka. IACR Trans. Symm. Cryptol, vol.2016, issue.1, pp.1-12, 2016.

T. Jönsson, Improved fast correlation attacks on stream ciphers via convolutional codes, Jacques Stern, editeur : EUROCRYPT'99, volume 1592 de LNCS, pp.347-362

. Springer, , 1999.

T. Jönsson, Fast correlation attacks through reconstruction of linear polynomials, Mihir Bellare, vol.1880, pp.300-315, 2000.

. Springer, , 2000.

N. L. Johnson and S. Kotz, Urn models and their application : an approach to modern discrete probability theory, Wiley Series in Probability and Statistics : Applied Probability and Statist ICS Sesction Series, 1977.

J. Jean and I. Nikolic, Internal differential boomerangs : Practical analysis of the round-reduced Keccak-f permutation, Gregor Leander,éditeur : FSE 2015, vol.9054, pp.537-556, 2015.

J. Jean and I. Nikoli?, Thomas Peyrin et Yannick Seurin : Deoxys-II. Soumissionà la compétition CAESAR, 2017.

, Auguste Kerckhoffs : La cryptographie militaire, Journal des sciences militaires, vol.1883, pp.5-83

E. L. Key, An analysis of the structure and complexity of nonlinear binary sequence generators, IEEE Trans. Information Theory, vol.22, pp.732-736, 1976.

S. Kölbl, M. M. Lauridsen, F. Mendel, and C. Rechberger, Haraka -efficient short-input hashing for postquantum applications, Cryptology ePrint Archive, 2016.

L. R. Knudsen, G. Leander, A. Poschmann, J. B. Matthew, and . Robshaw, PRINTcipher : A block cipher for IC-printing

, Stefan Mangard et François-Xavier Standaert,éditeurs : CHES 2010, vol.6225, pp.16-32, 2010.

T. Kranz, G. Leander, K. Stoffelen, and F. Wiemer, Shorter linear straight-line programs for MDS matrices, IACR Trans. Symm. Cryptol, vol.2017, issue.4, pp.188-211, 2017.

D. Khovratovich, M. Naya-plasencia, A. Röck, and M. Schläffer, Cryptanalysis of Luffa v2 components, Alex Biryukov, Guang Gong et Douglas R. Stinson,éditeurs : SAC 2010, vol.6544, pp.388-409, 2011.

L. R. Knudsen and . Vincent-rijmen, Known-key distinguishers for some block ciphers, Kaoru Kurosawa,éditeur : ASIA-CRYPT 2007, vol.4833, pp.315-324, 2007.

T. Krovetz and P. Rogaway, , 2017.

V. F. Kolchin, B. A. Sevastianov, and V. P. Chistiakov, Random allocations. Scripta series in mathematics, 1978.

G. Leander, M. A. Abdelraheem, H. Alkhzaimi, and E. Zenner, A cryptanalysis of PRINTcipher : The invariant subspace attack, Phillip Rogaway,éditeur : CRYPTO 2011, vol.6841, pp.206-221, 2011.

G. Landsberg-;-mario-lamberger, F. Mendel, C. Rechberger, V. Rijmen, and M. Schläffer, Rebound distinguishers : Results on the full Whirlpool compression function, Mitsuru Matsui, vol.111, pp.126-143, 1893.

G. Leander, B. Minaud, and S. Rønjom, A generic approach to invariant subspace attacks : Cryptanalysis of robin, iSCREAM and Zorro, Elisabeth Oswald et Marc Fischlin, editeurs : EUROCRYPT 2015, Part I, volume 9056 de LNCS, pp.254-283, 2015.

, Rudolf Lidl et Harald Niederreiter : Finite Fields, 1983.

T. Lepoint and M. Naehrig, A comparison of the homomorphic encryption schemes FV and YASHE, LNCS, vol.8469, pp.318-335, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01006484

V. Lallemand and M. Naya-plasencia, Cryptanalysis of full Sprout, CRYPTO 2015, Part I, volume 9215 de LNCS, pp.663-682, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01237150

E. Lucas, Théorie des fonctions numériques simplement périodiques, American Journal of Mathematics, vol.1, issue.2, pp.184-196, 1878.

Y. Lu and S. Vaudenay, Faster correlation attack on Bluetooth keystream generator E0, LNCS, vol.3152, pp.407-425, 2004.

H. Daniel and M. , Gaussian elimination is not optimal, revisited, J. Log. Algebr. Meth. Program, vol.85, issue.5, pp.999-1010, 2016.

J. L. Massey, Shift-register synthesis and BCH decoding, IEEE Trans. Information Theory, vol.15, issue.1, pp.122-127, 1969.

J. Robert, McEliece : Finite Fields for Computer Scientists and Engineers, 1987.

J. Miodrag, . Mihaljevic, and P. C. Marc, Fossorier et Hideki Imai : A low-complexity and high-performance algorithm for the fast correlation attack, Bruce Schneier,éditeur : FSE 2000, volume 1978 de LNCS, pp.196-212, 2001.

A. Maximov, T. Johansson, and S. Babbage, An improved correlation attack on A5/1, LNCS, vol.3357, pp.1-18, 2004.

P. Méaux, A. Journault, F. Standaert, and C. Carlet, Towards stream ciphers for efficient FHE with low-noise ciphertexts, Marc Fischlin et Jean-Sébastien Coron, editeurs : EUROCRYPT 2016, Part I, volume 9665 de LNCS, pp.311-343, 2016.

W. Meier, E. Pasalic, and C. Carlet, Algebraic attacks and decomposition of boolean functions, Christian Cachin et Jan Camenisch,éditeurs : EUROCRYPT, vol.3027, pp.474-491, 2004.

F. , J. Macwilliams, J. A. Neil, and . Sloane, The theory of error-correcting codes, 1977.

W. Meier and O. Staffelbach, Fast correlation attacks on certain stream ciphers, Journal of Cryptology, vol.1, issue.3, pp.159-176, 1989.

L. James, S. Massey, and . Serconek, A Fourier transform approach to the linear complexity of nonlinearly filtered sequences, Yvo Desmedt,éditeur : CRYPTO'94, vol.839, pp.332-340, 1994.

E. Mossel, A. Shpilka, and . Luca-trevisan, On e-biased generators in NC0, FOCS 2003, pp.136-145, 2003.

S. Mesnager, Z. Zhou, and C. Ding, On the nonlinearity of Boolean functions with restricted input. Cryptography and Communications, 2018.

M. Naya-plasencia, Cryptanalysis of Achterbahn-128/80, Alex Biryukov,éditeur : FSE 2007, vol.4593, pp.73-86, 2007.
URL : https://hal.archives-ouvertes.fr/inria-00111964

M. Naya-plasencia, How to improve rebound attacks, Phillip Rogaway,éditeur : CRYPTO 2011, vol.6841, pp.188-205, 2011.

Y. Nawaz and G. Gong, The WG stream cipher

M. Naehrig and K. E. , Lauter et Vinod Vaikuntanathan : Can homomorphic encryption be practical, Christian Cachin et Thomas Ristenpart,éditeurs : CCSW 2011, pp.113-124, 2011.

O. Ryan, D. Donnell, and . Witmer, Goldreich's PRG : evidence for near-optimal polynomial stretch, IEEE 29th Conference on Computational Complexity, CCC 2014, pp.1-12, 2014.

S. Rønjom and C. Cid, Nonlinear equivalence of stream ciphers, Seokhie Hong et Tetsu Iwata,éditeurs : FSE 2010, vol.6147, pp.40-54, 2010.

S. Rønjom, G. Gong, and T. Helleseth, On attacks on filtering generators using linear subspace structures, Guang Gong, Tor Helleseth et Hong-Yeop Song, editeurs : Sequences, Subsequences, and Consequences, vol.4893, pp.204-217, 2007.

S. Rønjom and T. Helleseth, A new attack on the filter generator, IEEE Information Theory, vol.53, issue.5, pp.1752-1758, 2007.

, Sondre Rønjom : Powers of subfield polynomials and algebraic attacks on word-based stream ciphers. Cryptology ePrint Archive, 2015.

S. Rønjom, Invariant subspaces in Simpira. Cryptology ePrint Archive, 2016.

R. A. Rueppel and O. Staffelbach, Products of linear recurring sequences with maximum complexity, IEEE Trans. Information Theory, vol.33, issue.1, pp.124-131, 1987.

R. L. Rivest, A. Shamir, and M. Leonard, Adleman : A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM, vol.21, issue.2, pp.120-126, 1978.

A. Rainer, Rueppel : Analysis and Design of stream ciphers, 1986.

Y. Sasaki, Meet-in-the-middle preimage attacks on AES hashing modes and an application to Whirlpool, Antoine Joux, vol.6733, pp.378-396, 2011.

P. Savický, ;. Stevens, E. Bursztein, P. Karpman, A. Albertini et al., On the bent boolean functions that are symmetric, Eur. J. Comb, vol.15, issue.4, pp.570-596, 1994.

C. Shannon, Communication theory of secrecy systems, Bell System Technical Journal, vol.28, pp.656-715

T. Siegenthaler, Correlation-immunity of nonlinear combining functions for cryptographic applications, IEEE Trans. Information Theory, IT, vol.30, issue.5, pp.776-780, 1984.

T. Siegenthaler-;-yosuke, T. Todo, W. Isobe, and . Meier, Kazumaro Aoki et Bin Zhang : Fast correlation attack revisited, cryptanalysis on full Grain-128a, Grain-128, and Grain-v1, IEEE Trans. Computers, vol.34, issue.1, pp.81-85, 1985.

Y. Todo, G. Leander, and Y. Sasaki, Nonlinear invariant attack -practical attack on full SCREAM, iSCREAM, and Midori64, vol.10032, pp.3-33

. Springer, , 2016.

H. Wu and T. Huang, , 2017.

R. M. Wilson, A diagonal form for the incidence matrices of t-subsets vs. k-subsets, Eur. J. Comb, vol.11, issue.6, pp.609-615, 1990.

H. Wu and B. Preneel, , 2017.

H. Wu, , 2017.

M. Amr, G. Youssef, and . Gong, Bohan Yang et Ingrid Verbauwhede : RECTANGLE : A bit-slice lightweight block cipher suitable for multiple platforms, Birgit Pfitzmann,éditeur : EUROCRYPT 2001, volume 2045 de LNCS, pp.406-419, 2001.

B. Zhang, X. Gong, and W. Meier, Fast correlation attacks on Grain-like small state stream ciphers, IACR Trans. Symm. Cryptol, vol.2017, issue.4, pp.58-81, 2017.

N. Zierler, Linear recurring sequences, J. Soc. Indus. Appl. Math, vol.7, pp.31-48, 1959.