It is now more than five years since the Belgian block cipher Rijndael was chosen as the Advanced Encryption Standard {AES). Joan Daemen and Vincent Rijmcn used algebraic techniques to provide an unparalleled level of assurance against many standard statistical cryptanalytic tech- niques. The cipher is a fitting tribute to their distinctive approach to cipher design. Since the publication of the AES, however, the very same algebraic structures have been the subject of increasing cryptanalytic attention and this monograph has been written to summarise current research. We hope that this work will be of interest to both cryptogra- phers and algebraists and will stimulate future research. During the writing of this monograph we have found reasons to thank many people. We are especially grateful to the British Engineering and Physical Sciences Research Council (EPSRC) for their funding of the research project Security Analysis of the Advanced Encryption System (Grant GR/S42637), and to Susan Lagerstrom-Fifc and Sharon Palleschi at Springer. Wo would also hke to thank Glaus Diem, Maura Paterson, and Ludovic Perret for their valuable comments. Finally, the support of our families at home and our colleagues at work has been invaluable and particularly appreciated.

Block ciphers encrypt blocks of plaintext, messages, into blocks of ciphertext under the action of a secret key, and the process of encryption is reversed by decryption which uses the same user-supplied key. Block ciphers are fundamental to modern cryptography, in fact they are the most widely used cryptographic primitive - useful in their own right, and in the construction of other cryptographic mechanisms.

In this book the authors provide a technically detailed, yet readable, account of the state of the art of block cipher analysis, design, and deployment. The authors first describe the most prominent block ciphers and give insights into their design. They then consider the role of the cryptanalyst, the adversary, and provide an overview of some of the most important cryptanalytic methods.

The book will be of value to graduate and senior undergraduate students of cryptography and to professionals engaged in cryptographic design. An important feature of the presentation is the authors' exhaustive bibliography of the field, each chapter closing with comprehensive supporting notes.

This book constitutes the proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2014, held in Busan, South Korea, in September 2014. The 33 full papers included in this volume were carefully reviewed and selected from 127 submissions. They are organized in topical sections named: side-channel attacks; new attacks and constructions; countermeasures; algorithm specific SCA; ECC implementations; implementations; hardware implementations of symmetric cryptosystems; PUFs; and RNGs and SCA issues in hardware.

Thequestion"Streamciphers: deadoralive?"wasposedbyAdiShamir.Intended to provokedebate, the questioncouldnot havebeen better, ormorestarkly, put. However, itwasnotShamir'sintentiontosuggestthatstreamciphersthemselves were obsolete; rather he was questioning whether stream ciphers of a dedicated designwererelevantnowthattheAESispervasivelydeployedandcanbeusedas a perfectly acceptablestreamcipher. To explore this question the eSTREAM Project was launched in 2004, part of the EU-sponsored ECRYPT Framework VI Network of Excellence. The goal of the project was to encourage academia and industry to consider the "dead stream cipher" and to explore what could be achieved with a dedicated design. Now, after several years of hard work, the project has come to a close and the 16 ciphers in the ?nal phase of eSTREAM are the subject of this book. The designers of all the ?nalist ciphers are to be congratulated. Regardless of whether a particular algorithm appears in the ?nal portfolio, in reaching the third phase of eSTREAM all the algorithms constitute a signi?cant milestone in the development of stream ciphers. However, in addition to thanking all designers, implementers, and crypt- alysts who participated in eSTREAM, this is a ?tting place to o?er thanks to some speci?c individuals.

The three volume-set, LNCS 9814, LNCS 9815, and LNCS 9816, constitutes the refereed proceedings of the 36th Annual International Cryptology Conference, CRYPTO 2016, held in Santa Barbara, CA, USA, in August 2016. The 70 revised full papers presented were carefully reviewed and selected from 274 submissions. The papers are organized in the following topical sections: provable security for symmetric cryptography; asymmetric cryptography and cryptanalysis; cryptography in theory and practice; compromised systems; symmetric cryptanalysis; algorithmic number theory; symmetric primitives; asymmetric cryptography; symmetric cryptography; cryptanalytic tools; hardware-oriented cryptography; secure computation and protocols; obfuscation; quantum techniques; spooky encryption; IBE, ABE, and functional encryption; automated tools and synthesis; zero knowledge; theory.

The three volume-set, LNCS 9814, LNCS 9815, and LNCS 9816, constitutes the refereed proceedings of the 36th Annual International Cryptology Conference, CRYPTO 2016, held in Santa Barbara, CA, USA, in August 2016. The 70 revised full papers presented were carefully reviewed and selected from 274 submissions. The papers are organized in the following topical sections: provable security for symmetric cryptography; asymmetric cryptography and cryptanalysis; cryptography in theory and practice; compromised systems; symmetric cryptanalysis; algorithmic number theory; symmetric primitives; asymmetric cryptography; symmetric cryptography; cryptanalytic tools; hardware-oriented cryptography; secure computation and protocols; obfuscation; quantum techniques; spooky encryption; IBE, ABE, and functional encryption; automated tools and synthesis; zero knowledge; theory.

The three volume-set, LNCS 9814, LNCS 9815, and LNCS 9816, constitutes the refereed proceedings of the 36th Annual International Cryptology Conference, CRYPTO 2016, held in Santa Barbara, CA, USA, in August 2016. The 70 revised full papers presented were carefully reviewed and selected from 274 submissions. The papers are organized in the following topical sections: provable security for symmetric cryptography; asymmetric cryptography and cryptanalysis; cryptography in theory and practice; compromised systems; symmetric cryptanalysis; algorithmic number theory; symmetric primitives; asymmetric cryptography; symmetric cryptography; cryptanalytic tools; hardware-oriented cryptography; secure computation and protocols; obfuscation; quantum techniques; spooky encryption; IBE, ABE, and functional encryption; automated tools and synthesis; zero knowledge; theory.

The two volume-set, LNCS 9215 and LNCS 9216, constitutes the refereed proceedings of the 35th Annual International Cryptology Conference, CRYPTO 2015, held in Santa Barbara, CA, USA, in August 2015. The 74 revised full papers presented were carefully reviewed and selected from 266 submissions. The papers are organized in the following topical sections: lattice-based cryptography; cryptanalytic insights; modes and constructions; multilinear maps and IO; pseudorandomness; block cipher cryptanalysis; integrity; assumptions; hash functions and stream cipher cryptanalysis; implementations; multiparty computation; zero-knowledge; theory; signatures; non-signaling and information-theoretic crypto; attribute-based encryption; new primitives; and fully homomorphic/functional encryption.

The two volume-set, LNCS 9215 and LNCS 9216, constitutes the refereed proceedings of the 35th Annual International Cryptology Conference, CRYPTO 2015, held in Santa Barbara, CA, USA, in August 2015. The 74 revised full papers presented were carefully reviewed and selected from 266 submissions. The papers are organized in the following topical sections: lattice-based cryptography; cryptanalytic insights; modes and constructions; multilinear maps and IO; pseudorandomness; block cipher cryptanalysis; integrity; assumptions; hash functions and stream cipher cryptanalysis; implementations; multiparty computation; zero-knowledge; theory; signatures; non-signaling and information-theoretic crypto; attribute-based encryption; new primitives; and fully homomorphic/functional encryption.

It is now more than five years since the Belgian block cipher Rijndael was chosen as the Advanced Encryption Standard {AES). Joan Daemen and Vincent Rijmcn used algebraic techniques to provide an unparalleled level of assurance against many standard statistical cryptanalytic tech- niques. The cipher is a fitting tribute to their distinctive approach to cipher design. Since the publication of the AES, however, the very same algebraic structures have been the subject of increasing cryptanalytic attention and this monograph has been written to summarise current research. We hope that this work will be of interest to both cryptogra- phers and algebraists and will stimulate future research. During the writing of this monograph we have found reasons to thank many people. We are especially grateful to the British Engineering and Physical Sciences Research Council (EPSRC) for their funding of the research project Security Analysis of the Advanced Encryption System (Grant GR/S42637), and to Susan Lagerstrom-Fifc and Sharon Palleschi at Springer. Wo would also hke to thank Glaus Diem, Maura Paterson, and Ludovic Perret for their valuable comments. Finally, the support of our families at home and our colleagues at work has been invaluable and particularly appreciated.