[1]

K. Aoki, Y. Sasaki, Preimage attacks on one-block MD4, 63-step MD5 and more, in *SAC*, ed. by R.M. Avanzi, L. Keliher, F. Sica. Lecture Notes in Computer Science, vol. 5381 (Springer, Berlin, 2008), pp. 103–119

[2]

E. Biham, O. Dunkelman, N. Keller, Improved slide attacks, in *[3]* (2007), pp. 153–166

[3]

A. Biryukov (ed.),

*Fast Software Encryption, 14th International Workshop, FSE 2007*, Luxembourg, Luxembourg, 26–28 March, 2007, Revised Selected Papers. Lecture Notes in Computer Science, vol. 4593 (Springer, Berlin, 2007)

MATH[4]

A. Biryukov, D. Wagner, Slide attacks, in *FSE*, ed. by L.R. Knudsen. Lecture Notes in Computer Science, vol. 1636 (Springer, Berlin, 1999), pp. 245–259

[5]

A. Biryukov, D. Wagner, Advanced slide attacks, in *EUROCRYPT*, ed. by B. Preneel. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 589–606

[6]

A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J.B. Robshaw, Y. Seurin, C. Vikkelsoe, PRESENT: an ultra-lightweight block cipher, in *CHES*, ed. by P. Paillier, I. Verbauwhede. Lecture Notes in Computer Science, vol. 4727 (Springer, Berlin, 2007), pp. 450–466

[7]

A. Bogdanov, C. Rechberger, A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN, in

*Selected Areas in Cryptography*, ed. by A. Biryukov, G. Gong, D.R. Stinson. Lecture Notes in Computer Science, vol. 6544 (Springer, Berlin, 2010), pp. 229–240

CrossRef[8]

C.D. Cannière, O. Dunkelman, M. Knezevic, KATAN and KTANTAN—A family of small and efficient hardware-oriented block ciphers, in *CHES*, ed. by C. Clavier, K. Gaj. Lecture Notes in Computer Science, vol. 5747 (Springer, Berlin, 2009), pp. 272–288

[9]

D. Chaum, J. Evertse, Crytanalysis of DES with a reduced number of rounds: sequences of linear factors in block ciphers, in *CRYPTO*, ed. by H.C. Williams. Lecture Notes in Computer Science, vol. 218 (Springer, Berlin, 1985), pp. 192–211

[10]

H. Demirci, A.A. Selçuk, A meet-in-the-middle attack on 8-round AES, in *[25]* (2008), pp. 116–126

[11]

H. Demirci, I. Taskin, M. Çoban, A. Baysal, Improved meet-in-the-middle attacks on AES, in *INDOCRYPT*, ed. by B.K. Roy, N. Sendrier. Lecture Notes in Computer Science, vol. 5922 (Springer, Berlin, 2009), pp. 144–156

[12]

W. Diffie, M.E. Hellman, Exhaustive cryptanalysis of the NBS data encryption standard.

*Computer*
**10**, 74–84 (1977)

CrossRef[13]

O. Dunkelman, G. Sekar, B. Preneel, Improved meet-in-the-middle attacks on reduced-round DES, in *INDOCRYPT*, ed. by K. Srinathan, C.P. Rangan, M. Yung. Lecture Notes in Computer Science, vol. 4859 (Springer, Berlin, 2007), pp. 86–100

[14]

O. Dunkelman, N. Keller, A. Shamir, Improved single-key attacks on 8-round AES-192 and AES-256, in *ASIACRYPT*, ed. by M. Abe. Lecture Notes in Computer Science, vol. 6477 (Springer, Berlin, 2010), pp. 158–176

[15]

E. Fleischmann, M. Gorski, J. Hüehne, S. Lucks, Key recovery attack on full GOST. Block cipher with negligible time and memory, in *Western European Workshop on Research in Cryptology (WEWoRC)*. LNCS, vol. 6429 (Springer, Berlin, 2009) (to appear)

[16]

J. Guo, T. Peyrin, A. Poschmann, M.J.B. Robshaw, The LED block cipher, in *[27]* (2011), pp. 326–341

[17]

S. Indesteege, N. Keller, O. Dunkelman, E. Biham, B. Preneel, A practical attack on KeeLoq, in *EUROCRYPT*, ed. by N.P. Smart. Lecture Notes in Computer Science, vol. 4965 (Springer, Berlin, 2008), pp. 1–18

[18]

O. Kara, Reflection cryptanalysis of some ciphers, in *INDOCRYPT*, ed. by D.R. Chowdhury, V. Rijmen, A. Das. Lecture Notes in Computer Science, vol. 5365 (Springer, Berlin, 2008), pp. 294–307

[19]

O. Kara, C. Manap, A new class of weak keys for blowfish, in *[3]* (2007), pp. 167–180

[20]

J. Kelsey, B. Schneier, D. Wagner, Key-schedule cryptoanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES, in *CRYPTO*, ed. by N. Koblitz. Lecture Notes in Computer Science, vol. 1109 (Springer, Berlin, 1996), pp. 237–251

[21]

Y. Ko, S. Hong, W. Lee, S. Lee, J.-S. Kang, Related key differential attacks on 27 rounds of XTEA and full-round GOST, in *FSE*, ed. by B.K. Roy, W. Meier. Lecture Notes in Computer Science, vol. 3017 (Springer, Berlin, 2004), pp. 299–316

[22]

F. Mendel, N. Pramstaller, C. Rechberger, A (second) preimage attack on the GOST hash function, in *[25]* (2008), pp. 224–234

[23]

F. Mendel, N. Pramstaller, C. Rechberger, M. Kontak, J. Szmidt, Cryptanalysis of the GOST Hash function, in *CRYPTO*, ed. by D. Wagner. Lecture Notes in Computer Science, vol. 5157 (Springer, Berlin, 2008), pp. 162–178

[24]

National Soviet Bureau of Standards. Information Processing System—Cryptographic Protection—Cryptographic Algorithm GOST 28147-89 (1989)

[25]

K. Nyberg (ed.), *Fast Software Encryption, 15th International Workshop, Revised Selected Papers, FSE 2008*, Lausanne, Switzerland, 10–13 February, 2008. Lecture Notes in Computer Science, vol. 5086 (Springer, Berlin, 2008)

[26]

A. Poschmann, S. Ling, H. Wang, 256 bit standardized crypto for 650 GE-GOST revisited, in *CHES*, ed. by S. Mangard, F.-X. Standaert. Lecture Notes in Computer Science, vol. 6225 (Springer, Berlin, 2010), pp. 219–233

[27]

B. Preneel, T. Takagi (eds.),

*Proceedings Cryptographic Hardware and Embedded Systems—CHES 2011—13th International Workshop*, Nara, Japan, September 28–October 1, 2011. Lecture Notes in Computer Science, vol. 6917 (Springer, Berlin, 2011)

MATH[28]

V. Rudskoy, On zero practical significance of “Key recovery attack on full GOST block cipher with zero time and memory”. Cryptology ePrint Archive, Report 2010/111 (2010).

http://eprint.iacr.org/
[29]

M.-J.O. Saarinen, A chosen key attack against the secret S-boxes of GOST. Unpublished manuscript (1998)

[30]

Y. Sasaki, K. Aoki, Finding preimages in full MD5 faster than exhaustive search, in *EUROCRYPT*, ed. by A. Joux. Lecture Notes in Computer Science, vol. 5479 (Springer, Berlin, 2009), pp. 134–152

[31]

B. Schneier, Description of a new variable-length key, 64-bit block cipher (Blowfish), in *FSE*, ed. by R.J. Anderson. Lecture Notes in Computer Science, vol. 809 (Springer, Berlin, 1993), pp. 191–204

[32]

B. Schneier, *Applied Cryptography: Protocols, Algorithms, and Source Code in C*, 2nd edn. (Wiley, New York, 1995)

[33]

H. Seki, T. Kaneko, Differential cryptanalysis of reduced rounds of GOST, in *SAC*, ed. by D.R. Stinson, S.E. Tavares. Lecture Notes in Computer Science, vol. 2012 (Springer, Berlin, 2011), pp. 315–323

[34]

M. Steil, 17 Mistakes Microsoft Made in the Xbox Security System (2005)

[35]

K. Shibutani, T. Isobe, H. Hiwatari, A. Mitsuda, T. Akishita, T. Shirai, Piccolo: an ultra-lightweight blockcipher, in *[27]* (2011), pp. 342–357

[36]

D.J. Wheeler, R.M. Needham, TEA, a tiny encryption algorithm, in *FSE*, ed. by B. Preneel. Lecture Notes in Computer Science, vol. 1008 (Springer, Berlin, 1994), pp. 363–366