1.

C. M. Adams, A formal and practical design procedure for substitution-permutation network cryptosystems, Ph.D. Thesis, Department of Electrical Engineering, Queen's University (1990).

2.

C. M. Adams and S. E. Tavares, The use of bent sequences to achieve higher-order strict avalanche criterion in S-box design, Technical Report TR 90-013, Dept. of Elec. Eng., Queen's University, Kingston, Ontario, Canada, Jan. (1990).

Google Scholar3.

C. M. Adams and S. E. Tavares, Generating and counting binary bent sequences,

*IEEE Transactions on Information Theory*, Vol. IT-36, (1990) pp. 1170–1173.

Google Scholar4.

C. M. Adams, On immunity against Biham and Shamir's “Differential Cryptanalysis”,

*Information Processing Letters*, Vol. 41 (1992) pp. 77–80.

Google Scholar5.

C. M. Adams and S. E. Tavares, Designing s-boxes for ciphers resistant to differential cryptanalysis, Proceedings of the 3rd Symposium on the State and Progress of Research in Cryptography, Rome, Italy, Feb. (1993) pp. 181–190.

6.

C. M. Adams, Simple and effective key scheduling for symmetric ciphers, Workshop Record of the Workshop on Selected Areas in Cryptography (SAC 94), May 5–6 (1994) pp. 129–133.

7.

C. M. Adams, Designing DES-like ciphers with guaranteed resistance to differential and linear attacks, Workshop Record of the Workshop on Selected Areas in Cryptography (SAC 95), May 18–19 (1995) pp. 133–144.

8.

E. Biham and A. Shamir, *Differential Cryptanalysis of the Data Encryption Standard*, Springer-Verlag (1993).

9.

E. Biham, New types of cryptanalytic attacks using related keys, Advances in Cryptology: Proc. of Eurocrypt '93, Springer-Verlag (1994) pp. 398–409.

10.

L. Brown, J. Pieprzyk, and J. Seberry, LOKI—A cryptographic primitive for authentication and secrecy applications, Advances in Cryptology: Proc. of Auscrypt '90 (1990) pp. 229–236.

11.

L. Brown, M. Kwan, J. Pieprzyk, and J. Seberry, Improving resistance to differential cryptanalysis and the redesign of LOKI, Advances in Cryptology: Proc. of Asiacrypt '91.

12.

D. Coppersmith, The real reason for Rivest's phenomenon, Adv. in Cryptology: Proc. of Crypto '85, Springer-Verlag, New York (1986) pp. 535–536.

Google Scholar13.

D. Coppersmith, The data encryption standard (DES) and its strength against attacks,

*IBM Journal of Research and Development*, Vol. 38,No. 3 (1994) pp. 243–250.

Google Scholar14.

D. Davies, Some regular properties of the ‘data encryption standard’ algorithm, Advances in Cryptology: Proc. of Crypto '82, Springer-Verlag, New York (1983) pp. 89–96.

Google Scholar15.

D. Davies, A message authenticator algorithm suitable for a mainframe computer, Advances in Cryptology: Proc. of Crypto '84, Springer-Verlag, New York (1985) pp. 394–400.

Google Scholar16.

M. Dawson and S. E. Tavares, An expanded set of S-box design criteria based on information theory and its relation to differential-like attacks, Advances in Cryptology: Proc. of Eurocrypt '91, Springer-Verlag (1992) pp. 352–367.

17.

W. Diffie and M. E. Hellman, Privacy and Authentication: An Introduction to Cryptography,

*Proceedings of the IEEE*, Vol. 67, (1979) pp. 397–427.

Google Scholar18.

H. Feistel, Cryptography and computer privacy,

*Scientific American*, Vol. 228 (1973) pp. 15–23.

Google Scholar19.

H. Feistel, W. Notz, and J. L. Smith, Some cryptographic techniques for machine-to-machine data communications,

*Proceedings of the IEEE*, Vol. 63 (1975) pp. 1545–1554.

Google Scholar20.

E. Grossman and B. Tuckerman, Analysis of a Feistel-like cipher weakened by having no rotating key, Technical Report RC 6375, IBM (1977).

21.

C. Harpes, G. Kramer, and J. Massey, A generalization of linear cryptanalysis and the applicability of Matsui's piling-up lemma, Proc. of Eurocrypt '95, Springer-Verlag (1995) pp. 24–38.

22.

H. M. Heys and S. E. Tavares, Cryptanalysis of tree-structured substitution-permutation networks,

*IEE Electronics Letters*, Vol. 29,No. 1 (1993) pp. 40–41.

Google Scholar23.

H. M. Heys, The design of substitution-permutation network ciphers resistant to cryptanalysis, Ph.D. Thesis, Department of Electrical and Computer Engineering, Queen's University (1994).

24.

H. M. Heys and S. E. Tavares, On the security of the CAST encryption algorithm, Canadian Conference on Electrical and Computer Engineering, Halifax, Nova Scotia, Canada, Sept. (1994) pp. 332–335.

25.

B. S. Kaliski Jr., R. L. Rivest, and A. T. Sherman, Is the data encryption standard a group? (Results of cycling experiments on DES),

*Journal of Cryptology*, Vol. 1-1 (1988) pp. 3–36.

Google Scholar26.

J. B. Kam and G. I. Davida, Structured design of substitution-permutation encryption networks,

*IEEE Trans. on Computers*, Vol. C-28 (1979) pp. 747–753.

Google Scholar27.

L. R. Knudsen, Cryptanalysis of LOKI91, Advances in Cryptology: Proc. of Auscrypt '92, Springer-Verlag (1993) pp. 196–208.

28.

L. R. Knudsen, Iterative characteristics of DES and s2-DES, Advances in Cryptology: Proc. of Crypto '92, Springer-Verlag (1993) pp. 497–511.

29.

X. Lai and J. L. Massey, A proposal for a new block encryption standard, Adv. in Cryptology: Proc. of Eurocrypt '90, Springer-Verlag, (1991) pp. 389–404.

30.

X. Lai, J. L. Massey, and S. Murphy, Markov ciphers and differential cryptanalysis, Advances in Cryptology: Proc. of Eurocrypt '91, Springer-Verlag (1991) pp. 17–38.

31.

J. Lee, H. M. Heys, and S. E. Tavares, On the resistance of the CAST encryption algorithm to differential cryptanalysis, Workshop Record of the Workshop on Selected Areas in Cryptography (SAC 95), May 18–19 (1995) pp. 107–120.

32.

J. Massey, SAFERK-64: A byte-oriented block-ciphering algorithm, Proceedings of the Cambridge Security Workshop on Fast Software Encryption, Cambridge, U.K., Springer-Verlag, Dec. 9–11 (1993) pp. 1–17. [See also: SAFER K-64: One Year Later, in Proceedings of the Second International Workshop on Fast Software Encryption, Springer-Verlag (1995) pp. 212–241; and Strengthened Key Schedule for the Cipher SAFER, posted to the USENET newsgroup sci.crypt, September 9 (1995)]

Google Scholar33.

M. Matsui, Linear cryptanalysis method for DES cipher, Advances in Cryptology: Proc. of Eurocrypt '93, Springer-Verlag, (1994) pp. 386–397.

34.

W. Meier and O. Staffelbach, Nonlinearity criteria for cryptographic functions, Adv. in Cryptology: Proc. of Eurocrypt '89, Springer-Verlag (1990) pp. 549–562.

35.

H. Meijer, Multiplication-permutation encryption networks, Technical Report # 85-171, Queen's University, Dept. of Computing and Information Science (1985).

36.

R. Merkle, A fast software one-way hash function,

*Journal of Cryptology*, Vol. 3,No. 1 (1990) pp. 43–58.

Google Scholar37.

R. Merkle, Fast software encryption functions, Advances in Cryptology: Proc. of Crypto '90, Springer-Verlag, New York (1991) pp. 477–501.

Google Scholar38.

S. Miyaguchi, A. Shiraishi, and A. Shimizu, Fast data encryption algorithm feal-8, *Review of Electrical Communications Laboratories*, Vol. 36,No. 4 (1988).

39.

S. Miyaguchi, The FEAL cipher family, Advances in Cryptology: Proc. of Crypto '90, Springer-Verlag, New York (1991) pp. 627–638.

Google Scholar40.

J. H. Moore and G. J. Simmons, Cycle structure of the DES with weak and semi-weak keys, Advances in Cryptology: Proc. of Crypto '86, Springer-Verlag, New York (1987) pp. 9–32.

Google Scholar41.

National Bureau of Standards (U.S.), Data Encryption Standard (DES), Federal Information Processing Standards Publication 46, Jan. 15 (1977).

42.

K. Nyberg, Constructions of bent functions and difference sets, Advances in Cryptology: Proc. of Eurocrypt '90, Springer-Verlag, (1991) pp. 151–160.

43.

K. Nyberg, Perfect nonlinear S-boxes, Advances in Cryptology: Proc. of Eurocrypt '91, Springer-Verlag (1991) pp. 378–386.

44.

K. Nyberg and L. Knudsen, Provable security against differential cryptanalysis, Advances in Cryptology: Proc. of Crypto '92, Springer-Verlag (1993) pp. 566–574.

45.

L. O'Connor, An average case analysis of a differential attack on a class of SP-networks, Workshop Record of the Workshop on Selected Areas in Cryptography (SAC 95), May 18–19 (1995) pp. 121–130.

46.

B. Preneel, W. Van Leekwijck, L. Van Linden, R. Govaerts, and J. Vandewalle, Propagation characteristics of boolean functions, Advances in Cryptology: Proc. of Eurocrypt '90, Springer-Verlag, Berlin (1991) pp. 161–173.

Google Scholar47.

V. Rijmen, B. Preneel, On weaknesses of non-surjective round functions, Workshop Record of the Workshop on Selected Areas in Cryptography (SAC 95), May 18–19 (1995) pp. 100–106.

48.

R. Rivest, The RC5 encryption algorithm, Proceedings of the Second International Workshop on Fast Software Encryption, Springer-Verlag (1995) pp. 86–96.

49.

B. Schneier, The blowfish encryption algorithm, Proceedings of the Cambridge Security Workshop on Fast Software Encryption, Cambridge, U.K., Springer-Verlag, Dec. 9–11 (1993) pp. 191–204.

Google Scholar50.

J. Seberry, X.-M. Zhang, and Y. Zheng, Systematic generation of cryptographically robust S-Boxes (Extended Abstract), Proceedings of the 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, USA, Nov. 3–5 (1993) pp. 171–182.

51.

C. E. Shannon, Communication theory of secrecy systems,

*Bell Systems Technical Journal*, Vol. 28 (1949) pp. 656–715.

Google Scholar52.

M. Sivabalan, S. E. Tavares, and L. E. Peppard, On the design of SP networks from an information theoretic point of view, Advances in Cryptology: Proc. of Crypto '92, Springer-Verlag (1993) pp. 260–279.

53.

A. F. Webster, Plaintext/ciphertext bit dependencies in cryptographic systems, M.Sc. Thesis, Department of Electrical Engineering, Queen's University, Kingston, Ont. (1985).

Google Scholar54.

A. F. Webster and S. E. Tavares, On the design of S-Boxes, Adv. in Cryptology: Proc. of Crypto '85, Springer-Verlag, New York (1986) pp. 523–534.

Google Scholar55.

M. Wiener, personal communication.

56.

A. Youssef, personal communication.