. .. Even-mansour,

. .. Macs,

.. .. Sponges,

, Let E 1 , E 2 be two elliptic curves over K, An isogeny ?

, Relations 1,2 and 3 are direct applications of Lemma 11.1. For relation 4, Lemma 11.1 tells us that k 3 r3s

M. Aagaard, R. Altawy, G. Gong, K. Mandal, and R. Rohit, ACE: An Authenticated Encryption and Hash Algorithm. NIST lightweight competition round 1 candidate, p.114, 2019.

, Advanced Encryption Standard (AES)". In: National Institute of Standards and Technology (NIST), FIPS PUB 197, 2001.

M. R. Albrecht, B. Driessen, G. Elif-bilge-kavun, C. Leander, T. Paar et al., Block Ciphers -Focus on the Linear Layer (feat. PRIDE)". In: CRYPTO 2014, Part I, LNCS, vol.8616, p.109, 2014.

M. R. Albrecht, L. Grassi, C. Rechberger, A. Roy, and T. Tiessen, MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity, ASIACRYPT 2016, Part I, vol.10031, pp.191-219, 2016.

M. R. Albrecht, L. Grassi, L. Perrin, S. Ramacher, C. Rechberger et al., Feistel Structures for MPC, and More, ESORICS 2019, vol.149, p.148, 2019.

A. Mishal-almazrooie, R. Samsudin, K. N. Abdullah, and . Mutter, Quantum reversible circuit of AES-128, Quantum Information Processing, vol.17, pp.170-172, 2018.

E. Andreeva, A. Bogdanov, N. Datta, A. Luykx, B. Mennink et al., COLM v1. CAESAR competition round 3 candidate, p.18, 2016.

G. Alagic and A. Russell, Quantum-Secure Symmetric-Key Cryptography Based on Hidden Shifts, EUROCRYPT 2017, Part III, vol.10212, pp.65-93, 2017.

S. Aaronson and Y. Shi, Quantum lower bounds for the collision and the element distinctness problems, J. ACM, vol.51, p.45, 2004.

B. Bahrak and M. R. Aref, Impossible differential attack on seven-round AES-128, IET Information Security, vol.2, p.165, 2008.

Z. Bao, A. Chakraborti, N. Datta, J. Guo, M. Nandi et al., PHOTON-Beetle Authenticated Encryption and Hash Family. NIST lightweight competition round 1 candidate, p.115, 2019.

A. Bar-on, E. Biham, O. Dunkelman, and N. Keller, Efficient Slide Attacks, Journal of Cryptology, vol.31, pp.641-670, 2018.

C. H. Bennett and G. Brassard, Quantum cryptography: Public key distribution and coin tossing, Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing, p.23, 1984.

D. Bacon, A. M. Childs, and W. Van-dam, Optimal measurements for the dihedral hidden subgroup problem, Chicago J. Theor. Comput. Sci, p.67, 2006.

A. Becker, J. Coron, and A. Joux, Improved Generic Algorithms for Hard Knapsacks, EUROCRYPT 2011, vol.6632, pp.58-60, 2011.
URL : https://hal.archives-ouvertes.fr/hal-00664332

R. Bröker, D. Charles, and K. Lauter, Evaluating Large Degree Isogenies and Applications to Pairing Based Cryptography, LNCS, vol.5209, p.158, 2008.

E. Biham, O. Dunkelman, and N. Keller, Improved Slide Attacks". In: FSE, Alex Biryukov, vol.4593, p.129, 2007.

E. Biham, O. Dunkelman, and N. Keller, A Unified Approach to Related-Key Attacks, Kaisa Nyberg, vol.5086, p.106, 2008.

C. Beierle, A. Biryukov, L. Cardoso, J. Santos, L. Großschädl et al., Schwa-emm and Esch: Lightweight Authenticated Encryption and Hashing using the Sparkle Permutation Family. NIST lightweight competition round 1 candidate, p.115, 2019.

C. H. Bennett, E. Bernstein, G. Brassard, and U. V. Vazirani, Strengths and Weaknesses of Quantum Computing, In: SIAM J. Comput, vol.26, p.38, 1997.

C. H. Bennett, Time/Space Trade-Offs for Reversible Computation, vol.18, p.30, 1989.

G. Bertoni, J. Daemen, M. Peeters, and G. Van-assche, Sponge functions, ECRYPT hash workshop, p.19, 2007.

G. Bertoni, J. Daemen, M. Peeters, and G. Van-assche, On the Indifferentiability of the Sponge Construction, LNCS, vol.4965, p.114, 2008.

G. Bertoni, J. Daemen, M. Peeters, and G. Van-assche, Permutation Based Encryption, Authentication and Authenticated Encryption, Workshop Records of DIAC 2012, p.114, 2012.

G. Bertoni, J. Daemen, M. Peeters, and G. Van-assche, Duplexing the Sponge: Single-Pass Authenticated Encryption and Other Applications, LNCS, vol.7118, p.114, 2012.

D. J. Bernstein, S. Jeffery, T. Lange, and A. Meurer, Quantum Algorithms for the Subset-Sum Problem, Post-Quantum Cryptography -5th International Workshop, PQCrypto, pp.16-33, 2013.

G. Bertoni, J. Daemen, S. Hoffert, M. Peeters, G. Van-assche et al., Farfalle: parallel permutation-based cryptography, In: IACR Trans. Symm. Cryptol, vol.108, p.100, 2017.

D. J. Bernstein, S. Kölbl, S. Lucks, P. Massolino, F. Mendel et al., NIST lightweight competition round 1 candidate, p.114, 2019.

D. J. Bernstein, T. Lange, C. Martindale, and L. Panny, Quantum Circuits for the CSIDH: Optimizing Quantum Evaluation of Isogenies, EUROCRYPT 2019, Part II, vol.11477, pp.409-441, 2019.

D. J. Bernstein, The Poly1305-AES Message-Authentication Code". In: FSE 2005, vol.3557, pp.32-49, 2005.

G. Brassard and P. Høyer, An Exact Quantum Polynomial-Time Algorithm for Simon's Problem, Fifth Israel Symposium on Theory of Computing and Systems, p.52, 1997.

G. Brassard, P. Høyer, and A. Tapp, Quantum Cryptanalysis of Hash and Claw-Free Functions, LATIN '98: Theoretical Informatics, Third Latin American Symposium, vol.1380, p.45, 1998.

J. Biasse, X. Bonnetain, B. Pring, A. Schrottenloher, and W. Youmans, Trade-off between classical and quantum circuit size of the attack against CSIDH, J. Mathematical Cryptology, 2019.

E. Biham, New Types of Cryptanalytic Attacks Using related Keys (Extended Abstract)". In: EUROCRYPT'93. Ed. by Tor Helleseth, vol.765, p.106, 1994.

J. Biasse, A. Iezzi, and M. J. Jacobson, A Note on the Security of CSIDH, INDOCRYPT 2018. Ed. by Debrup Chakraborty and Tetsu Iwata, vol.11356, p.159, 2018.

A. Biryukov and D. Khovratovich, Related-Key Cryptanalysis of the Full AES-192 and AES-256, ASIACRYPT 2009. Ed. by Mitsuru Matsui, vol.5912, p.165, 2009.

A. Biryukov, D. Khovratovich, and I. Nikolic, Distinguisher and Related-Key Attack on the Full AES-256, LNCS, vol.5677, p.165, 2009.

M. Bellare, J. Kilian, and P. Rogaway, The Security of the Cipher Block Chaining Message Authentication Code, Journal of Computer and System Sciences, vol.61, issue.3, p.110, 2000.

A. Bogdanov, D. Khovratovich, and C. Rechberger, Biclique Cryptanalysis of the Full AES, ASIACRYPT 2011, vol.7073, p.170, 2011.

W. Beullens, T. Kleinjung, and F. Vercauteren, CSI-FiSh: Efficient Isogeny based Signatures through Class Group Computations, IACR Cryptology ePrint Archive 2019, p.161, 2019.

J. Daniel, T. Bernstein, and . Lange, Post-quantum cryptography, Nature, vol.549, pp.188-194, 2017.

X. Bonnetain and M. Naya-plasencia, Hidden Shift Quantum Cryptanalysis and Implications, vol.11272, p.110, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01953914

X. Bonnetain, M. Naya-plasencia, and A. Schrottenloher, On Quantum Slide Attacks, SAC 2019, vol.129, p.99, 2019.
URL : https://hal.archives-ouvertes.fr/hal-01946399

X. Bonnetain, M. Naya-plasencia, and A. Schrottenloher, Quantum Security Analysis of AES, In: IACR Trans. Symm. Cryptol. 2019, vol.2, pp.2519-173, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02397049

A. Bogdanov, D. Chang, M. Ghosh, and S. Sanadhya, Bicliques with Minimal Data and Time Complexity for AES

, LNCS. Springer, vol.8949, p.170, 2015.

X. Bonnetain, P. Derbez, S. Duval, J. Jean, G. Leurent et al., An easy attack on AEZ, FSE 2017 rump session, p.117, 2017.

X. Bonnetain, A. Hosoyamada, M. Naya-plasencia, Y. Sasaki, and A. Schrottenloher, Quantum Attacks without Superposition Queries: the Offline Simon's Algorithm, LNCS, vol.87, p.90, 2019.

X. Bonnetain, Quantum Key-Recovery on Full AEZ, SAC 2017
URL : https://hal.archives-ouvertes.fr/hal-01650026

C. Adams and J. Camenisch, LNCS, vol.10719, pp.394-406, 2017.

X. Bonnetain, Collisions on Feistel-MiMC and univariate GMiMC, vol.129, p.9, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02400343

X. Bonnetain, Improved Low-qubit Hidden Shift Algorithms, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02400414

J. Borghoff, A. Canteaut, T. Güneysu, M. Elif-bilge-kavun, L. R. Kne?evi? et al., PRINCE -A Low-Latency Block Cipher for Pervasive Computing Applications -Extended Abstract, LNCS, vol.7658, pp.208-225, 2012.

C. Boura, V. Lallemand, M. Naya-plasencia, and V. Suder, Making the Impossible Possible, Journal of Cryptology, vol.31, pp.101-133, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01953916

M. Boyer, G. Brassard, P. Høyer, and A. Tapp, Tight Bounds on Quantum Searching, Fortschritte der Physik, vol.46, p.38, 1998.

X. Bonnetain, L. Perrin, and S. Tian, Anomalies and Vector Space Search: Tools for S-Box Analysis, LNCS, p.10, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02396738

J. Black and P. Rogaway, CBC MACs for Arbitrary-Length Messages: The Three-Key Constructions, CRYPTO 2000. Ed. by Mihir Bellare, vol.1880, p.110, 2000.

G. Brassard, P. Høyer, M. Mosca, and A. Tapp, Quantum Amplitude Amplification and Estimation, Quantum Computation and Information, AMS Contemporary Mathematics 305, vol.38, p.35, 2002.

X. Bonnetain and A. Schrottenloher, Quantum Security Analysis of CSIDH and Ordinary Isogeny-based Schemes, vol.57, p.153, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01896046

A. Biryukov and D. Wagner, Advanced Slide Attacks, EUROCRYPT 2000

, Bart Preneel, vol.1807, pp.589-606, 2000.

A. Biryukov and D. Wagner, Slide Attacks". In: FSE'99

. Knudsen, LNCS. Springer, vol.1636, p.129, 1999.

A. Canteaut, S. Duval, G. Leurent, M. Naya-plasencia, L. Perrin et al., Saturnin: a suite of lightweight symmetric algorithms for post-quantum security. NIST lightweight competition round 1 candidate, vol.116, p.100, 2019.
URL : https://hal.archives-ouvertes.fr/hal-02436763

W. Castryck, T. Lange, C. Martindale, L. Panny, and J. Renes, CSIDH: An Efficient Post-Quantum Commutative Group Action, ASIACRYPT 2018, Part III, vol.11274, pp.395-427, 2018.

C. Chaigneau and H. Gilbert, Is AEZ v4.1 Sufficiently Resilient Against Key-Recovery Attacks?, In: IACR Trans. Symm. Cryptol, vol.117, p.126, 2016.
URL : https://hal.archives-ouvertes.fr/hal-02163304

A. Chakraborti, N. Datta, M. Nandi, and K. Yasuda, Beetle Family of Lightweight and Secure Authenticated Encryption Ciphers, IACR TCHES 2018, vol.2, p.115, 2018.

D. Cheung, D. Maslov, J. Mathew, and D. K. Pradhan, On the Design and Optimization of a Quantum Polynomial-Time Attack on Elliptic Curve Cryptography, Theory of Quantum Computation, Communication, and Cryptography". In: ed. by Yasuhito Kawano and Michele Mosca, p.180, 2008.

J. Czajkowski, A. Hülsing, and C. Schaffner, Quantum Indistinguishability of Random Sponges, IACR Cryptology ePrint Archive 2019, p.114, 2019.

A. M. Childs, D. Jao, and V. Soukharev, Constructing elliptic curve isogenies in quantum subexponential time, J. Mathematical Cryptology, vol.8, p.153, 2014.

A. Chailloux, M. Naya-plasencia, and A. Schrottenloher, An Efficient Quantum Collision Search Algorithm and Implications on Symmetric Cryptography, ASIACRYPT 2017, Part II
URL : https://hal.archives-ouvertes.fr/hal-01651007

, LNCS. Springer, vol.10625, p.46, 2017.

J. Couveignes, Hard Homogeneous Spaces. Cryptology ePrint Archive, Report, vol.154, 2006.

J. Daemen, S. Hoffert, G. Van-assche, and R. V. Keer, The design of Xoodoo and Xoofff, In: IACR Trans. Symm. Cryptol, vol.4, p.100, 2018.

J. Daemen, S. Hoffert, M. Peeters, G. Van-assche, and R. V. Keer, Xoodyak, a lightweight cryptographic scheme. NIST lightweight competition round 1 candidate, p.114, 2019.

J. Daemen, Limitations of the Even-Mansour Construction (Rump Session)". In: ASIACRYPT'91, vol.739, p.108, 1993.

X. Dong, B. Dong, and X. Wang, Quantum Attacks on Some Feistel Block Ciphers, Cryptology ePrint Archive, 2018.

, Data Encryption Standard, NBS FIPS PUB, vol.46, 1977.

P. Derbez, P. Fouque, and J. Jean, Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting, EUROCRYPT 2013
URL : https://hal.archives-ouvertes.fr/hal-01094304

, LNCS. Springer, Heidelberg, vol.7881, pp.371-387, 2013.

D. Luca, S. D. Feo, and . Galbraith, SeaSign: Compact Isogeny Signatures from Class Group Actions, EUROCRYPT 2019, Part III, vol.11478, p.153, 2019.

W. Diffie and M. E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, vol.22, p.15, 1976.

I. Dinur, O. Dunkelman, N. Keller, and A. Shamir, Reflections on slide with a twist attacks, Des. Codes Cryptography, vol.77, pp.633-651, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01235172

I. Dinur, An Algorithmic Framework for the Generalized Birthday Problem. Cryptology ePrint Archive, p.61, 2018.

J. Daemen, L. R. Knudsen, and V. Rijmen, The Block Cipher Square, LNCS, vol.1267, pp.149-165, 1997.

O. Dunkelman, N. Keller, and A. Shamir, Improved Single-Key Attacks on 8-Round AES-192 and AES-256

, LNCS, vol.6477, pp.158-176, 2010.

O. Dunkelman, N. Keller, and A. Shamir, Minimalism in Cryptography: The Even-Mansour Scheme Revisited, EUROCRYPT 2012, vol.7237, p.107, 2012.

O. Dunkelman, N. Keller, and A. Shamir, Slidex Attacks on the Even-Mansour Encryption Scheme, Journal of Cryptology, vol.28, pp.1-28, 2015.

J. Luca-de-feo, B. Kieffer, and . Smith, Towards Practical Key Exchange from Ordinary Isogeny Graphs, ASIACRYPT 2018, Part III, vol.11274, pp.365-394, 2018.

X. Dong, Z. Li, and X. Wang, Quantum cryptanalysis on some generalized Feistel schemes, SCIENCE CHINA Information Sciences, vol.62, p.99, 2019.

C. Dobraunig, M. Eichlseder, F. Mendel, and M. Schläffer, Ascon v1.2. NIST lightweight competition round 1 candidate, vol.114, p.18, 2019.

T. Decru, L. Panny, and F. Vercauteren, Faster SeaSign Signatures Through Improved Rejection Sampling, Post-Quantum Cryptography -10th International Conference, PQCrypto, p.153, 2019.

J. Daemen and V. Rijmen, The Design of Rijndael: AES -The Advanced Encryption Standard. Information Security and Cryptography, p.119, 2002.

J. Daemen and V. Rijmen, Probability distributions of correlation and differentials in block ciphers, J. Mathematical Cryptology, vol.1, issue.3, p.55, 2007.

H. Demirci and A. Selçuk, A Meet-in-the-Middle Attack on 8-Round AES". In: FSE 2008, vol.5086, pp.116-126, 2008.

M. Ettinger and P. Høyer, On Quantum Algorithms for Noncommutative Hidden Subgroups, STACS 99, 16th Annual Symposium on Theoretical Aspects of Computer Science, vol.1563, pp.478-487, 1999.

M. Ettinger, P. Høyer, and E. Knill, The quantum query complexity of the hidden subgroup problem is polynomial, Information Processing Letters, vol.91, p.47, 2004.

S. Even and Y. Mansour, A Construction of a Cipher from a Single Pseudorandom Permutation, Journal of Cryptology, vol.10, issue.3, p.107, 1997.

N. Ferguson, J. Kelsey, S. Lucks, B. Schneier, M. Stay et al., Improved Cryptanalysis of Rijndael, 2000.

, LNCS, pp.213-230, 1978.

R. P. Feynman, Simulating Physics with Computers, International Journal of Theoretical Physics, vol.21, p.23, 1982.

J. Pierre-alain-fouque, T. Jean, and . Peyrin, Structural Evaluation of AES and Chosen-Key Distinguisher of 9-Round AES-128, CRYPTO 2013, Part I, vol.8042, p.165, 2013.

T. Fuhr, G. Leurent, and V. Suder, Collision Attacks Against CAESAR Candidates -Forgery and Key-Recovery Against AEZ and Marble, ASIACRYPT 2015, Part II. Ed. by Tetsu Iwata and Jung Hee Cheon, vol.9453, pp.510-532, 2015.
URL : https://hal.archives-ouvertes.fr/hal-01102031

P. Flajolet and A. M. Odlyzko, Random Mapping Statistics, LNCS, vol.434, p.83, 1990.
URL : https://hal.archives-ouvertes.fr/inria-00075445

T. Gagliardoni, Quantum Security of Cryptographic Primitives". PhD thesis, p.21, 2017.

M. Dworkin, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, National Institute of Standards and Technology (NIST), 2007.

D. Steven, F. Galbraith, N. P. Hess, and . Smart, Extending the GHS Weil Descent Attack, EUROCRYPT 2002, vol.2332, p.158, 2002.

H. Gilbert and M. Minier, A Collision Attack on 7 Rounds of Rijndael, AES Candidate Conference, p.165, 2000.

D. Gligoroski, H. Mihajloska, and D. Otte, GAGE and InGAGE v1.0. NIST lightweight competition round 1 candidate, p.114, 2019.

N. Gama and P. Q. Nguyen, Predicting Lattice Reduction, EURO-CRYPT, vol.4965, p.160, 2008.

M. Grassl, B. Langenberg, M. Roetteler, and R. Steinwandt, Applying Grover's Algorithm to AES: Quantum Resource Estimates, Post-Quantum Cryptography -7th International Workshop, PQCrypto, vol.165, pp.170-172, 2016.

K. Lov and . Grover, A Fast Quantum Mechanical Algorithm for Database Search, 28th ACM STOC, p.35, 1996.

A. Hosoyamada and K. Aoki, On Quantum Related-Key Attacks on Iterated Even-Mansour Ciphers, LNCS, vol.10418, pp.131-133, 2017.

A. Hosoyamada and T. Iwata, 4-Round Luby-Rackoff Construction is a qPRP

. Springer, , p.105, 2019.

T. Viet-tung-hoang, P. Krovetz, and . Rogaway, Robust Authenticated-Encryption AEZ and the Problem That It Solves, EUROCRYPT 2015, Part I

, LNCS. Springer, Heidelberg, vol.9056, pp.15-44, 2015.

A. Helm and A. May, Subset Sum Quantumly in 1.17 n ". In: 13th Conference on the Theory of Quantum Computation, Communication and Cryptography, TQC 2018, 2018.

, LIPIcs. Schloss Dagstuhl -Leibniz-Zentrum fuer Informatik, vol.111, p.59, 2018.

L. James, K. S. Hafner, and . Mccurley, A rigorous subexponential algorithm for computation of class groups, Journal of the American mathematical society, vol.2, issue.4, p.158, 1989.

W. Hoeffding, Probability Inequalities for Sums of Bounded Random Variables, Journal of the American Statistical Association, vol.58, p.67, 1963.

G. Hanrot, X. Pujol, and D. Stehlé, Terminating BKZ, IACR Cryptology ePrint Archive, p.159, 2011.

A. Hosoyamada and Y. Sasaki, Quantum Demiric-Selçuk Meet-in-the-Middle Attacks: Applications to 6-Round Generic Feistel Constructions, LNCS, vol.11035, p.30, 2018.

A. Hosoyamada and K. Yasuda, Building Quantum-One-Way Functions from Block Ciphers: Davies-Meyer and Merkle-Damgård Constructions, LNCS, vol.11272, p.101, 2018.

G. Ito and T. Iwata, Quantum Distinguishing Attacks against Type-1

, Generalized Feistel Ciphers, IACR Cryptology ePrint Archive 2019, vol.105, p.99, 2019.

T. Iwata and K. Kurosawa, OMAC: One-Key CBC MAC, FSE 2003, vol.2887, p.110, 2003.

G. Ito, A. Hosoyamada, R. Matsumoto, Y. Sasaki, and T. Iwata, Quantum Chosen-Ciphertext Attacks Against Feistel Ciphers, LNCS, vol.11405, pp.391-411, 2019.

A. Jalali, R. Azarderakhsh, D. Mehran-mozaffari-kermani, and . Jao, Towards Optimized and Constant-Time CSIDH on Embedded Devices

, Lecture Notes in Computer Science, vol.11421, p.153, 2019.

D. Jao and L. De-feo, Towards Quantum-Resistant Cryptosystems from Supersingular Elliptic Curve Isogenies, Post-Quantum Cryptography -4th International Workshop, PQCrypto, p.153, 2011.
URL : https://hal.archives-ouvertes.fr/hal-00652846

J. Jean, I. Nikoli?, T. Peyrin, and Y. Seurin, Deoxys v1.41. CAESAR competition round 3 candidate, vol.18, 2016.

J. Jean, TikZ for Cryptographers, vol.166, p.121

A. Joux, Algorithmic Cryptanalysis, p.44, 2009.

R. Kannan, Improved Algorithms for Integer Programming and Related Lattice Problems, Proceedings of the 15th Annual ACM Symposium on Theory of Computing, p.159, 1983.

M. Kaplan, G. Leurent, A. Leverrier, and M. Naya-plasencia, Breaking Symmetric Cryptosystems Using Quantum Period Finding, CRYPTO 2016, Part II, vol.9815
URL : https://hal.archives-ouvertes.fr/hal-01404196

. Springer, , pp.207-237, 2016.

F. Wilhelm and K. , Die Geheimschriften und die Dechiffrir-Kunst. Berlin: E. S. Mittler und Sohn, p.14

A. Kerckhoffs, La cryptographie militaire, Journal des sciences militaires 9, p.14, 1883.

?. ????-?, ?????? IXth century (cit, p.14

A. Y. Kitaev, Quantum measurements and the Abelian Stabilizer Problem, Electronic Colloquium on Computational Complexity (ECCC), vol.3, issue.3, p.30, 1996.

H. Kuwakado and M. Morii, Quantum distinguisher between the 3-round Feistel cipher and the random permutation, IEEE International Symposium on Information Theory, ISIT 2010, vol.104, p.99, 2010.

H. Kuwakado and M. Morii, Security on the quantum-type Even-Mansour cipher, Proceedings of the International Symposium on Information Theory and its Applications, ISITA 2012, vol.108, p.99, 2012.

T. Krovetz and P. Rogaway, OCB v1.1. CAESAR competition round 3 candidate, vol.18, 2016.

J. Kilian and P. Rogaway, How to Protect DES Against Exhaustive Key Search, Heidelberg, vol.1109, p.108, 1996.

D. Khovratovich, C. Rechberger, and A. Savelieva, Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family". In: FSE 2012, vol.7549, p.170, 2012.

G. Kuperberg, A Subexponential-Time Quantum Algorithm for the Dihedral Hidden Subgroup Problem, SIAM Journal on Computing, vol.35, pp.170-188, 2005.

G. Kuperberg, Another Subexponential-time Quantum Algorithm for the Dihedral Hidden Subgroup Problem". In: 8th Conference on the Theory of Quantum Computation, Communication and Cryptography, vol.22, pp.20-34, 2013.

L. R. Knudsen and D. Wagner, Integral Cryptanalysis". In: FSE 2002, vol.2365, p.165, 2002.

A. Langley, W. Chang, N. Mavrogiannopoulos, J. Strömbergson, and S. Josefsson, ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)". In: RFC 7905, p.111, 2016.

A. Lemaire, Application de l'hypercalculie et de l'informatique quantique gravifique à l'intelligence artificielle générale, pp.1-217, 2010.

G. Leander and A. May, Grover Meets Simon -Quantumly Attacking the FX-construction, ASIACRYPT 2017, Part II, vol.10625, p.99, 2017.

M. Luby and C. Rackoff, How to construct pseudorandom permutations from pseudorandom functions, SIAM Journal on Computing, vol.17, p.103, 1988.

M. Liskov, R. L. Rivest, and D. Wagner, Tweakable Block Ciphers, LNCS, vol.2442, p.110, 2002.

G. Leurent and F. Sibleyras, The Missing Difference Problem, and Its Applications to Counter Mode Encryption, EUROCRYPT 2018, Part II
URL : https://hal.archives-ouvertes.fr/hal-01961739

, LNCS. Springer, vol.10821, p.111, 2018.

J. Lu, O. Dunkelman, N. Keller, and J. Kim, New Impossible Differential Attacks on AES". In: INDOCRYPT 2008, vol.5365, p.165, 2008.

H. Mala, M. Dakhilalian, V. Rijmen, and M. Modarres-hashemi, Improved Impossible Differential Cryptanalysis of 7-Round AES-128". In: INDOCRYPT 2010. Ed. by Guang Gong and Kishan Chand Gupta, vol.6498, p.165, 2010.

L. Martin, XTS: A Mode of AES for Encrypting Hard Disks, IEEE Security & Privacy, vol.8, issue.3, p.110, 2010.

M. Meyer, F. Campos, and S. Reith, On Lions and Elligators: An Efficient Constant-Time Implementation of CSIDH, Post-Quantum Cryptography -10th International Conference, PQCrypto, p.153, 2019.

M. Garey and D. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, p.58, 1979.

M. Mosca and A. Ekert, The Hidden Subgroup Problem and Eigenvalue Estimation on a Quantum Computer, Quantum Computing and Quantum Communications, vol.1509, pp.174-188, 1998.

F. Miller, Telegraphic Code to Insure Privacy and Secrecy in the Transmission of Telegrams, p.14

N. Mouha, B. Mennink, A. Van-herrewege, D. Watanabe, B. Preneel et al., Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers, SAC 2014, vol.8781, p.110, 2014.

M. Meyer and S. Reith, A Faster Way to the CSIDH, INDOCRYPT 2018. Ed. by Debrup Chakraborty and Tetsu Iwata, vol.11356, p.153, 2018.

L. Minder and A. Sinclair, The Extended k-tree Algorithm, Journal of Cryptology, vol.25, p.61, 2012.

M. Mosca and C. Zalka, Exact quantum Fourier transforms and discrete logarithm algorithms, International Journal of Quantum Information, p.30, 2004.

A. Michael, I. L. Nielsen, and . Chuang, Quantum Computation and Quantum Information: 10th Anniversary Edition, p.23, 2010.

B. Ni and X. Dong, Improved quantum attack on Type-1 Generalized Feistel Schemes and Its application to CAST-256, IACR Cryptology ePrint Archive 2019, vol.105, p.99, 2019.

I. National, Submission Requirements and Evaluation Criteria for the Post-Quantum Cryptography Standardization Process, Standards, and Technology (NIST), vol.157, p.15, 2016.

I. Nikolic and Y. Sasaki, Refinements of the k-tree Algorithm for the Generalized Birthday Problem, ASIACRYPT 2015, Part II, vol.9453, p.61, 2015.

J. Patarin, New Results on Pseudorandom Permutation Generators Based on the DES Scheme, CRYPTO'91. Ed. by Joan Feigenbaum, vol.576

. Springer, , p.103, 1992.

D. Penazzi, Yarará and Coral v1. NIST lightweight competition round 1 candidate, p.114, 2019.

?. ??????, Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms, p.182, 2017.

D. Penazzi and M. Montes, Shamash (and Shamashash) (version 1). NIST lightweight competition round 1 candidate, p.114, 2019.

J. M. Pollard, A monte carlo method for factorization, BIT Numerical Mathematics, vol.15, issue.3, p.44, 1975.

J. M. Pollard, Monte Carlo Methods for Index Computation pmod pq, Mathematics of Computation, vol.32, p.46, 1978.

O. Regev, A Subexponential Time Algorithm for the Dihedral Hidden Subgroup Problem with Polynomial Space, 2004.

E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, RFC 8446, pp.1-160, 2018.

P. Rogaway, Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC, ASIACRYPT 2004

, LNCS. Springer, vol.3329, p.110, 2004.

A. Rostovtsev and A. Stolbunov, Public-Key Cryptosystem Based On Isogenies, Cryptology ePrint Archive, vol.154, p.153, 2006.

M. Roetteler and R. Steinwandt, A note on quantum related-key attacks, Inf. Process. Lett, vol.115, p.99, 2015.

R. L. Rivest, A. Shamir, and L. M. Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the Association for Computing Machinery, vol.21, p.15, 1978.

O. Markku-juhani and . Saarinen, SNEIKEN and SNEIKHA. NIST lightweight competition round 1 candidate, p.114, 2019.

C. Schnorr and M. Euchner, Lattice basis reduction: Improved practical algorithms and solving subset sum problems, In: Math. Program, vol.66, p.158, 1994.

, Secure Hash Standard, National Institute of Standards and Technology (NIST), NIST FIPS PUB 180, p.101, 2001.

, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, National Institute of Standards and Technology (NIST), NIST FIPS PUB 202, 2015.

C. E. Shannon, Communication theory of secrecy systems, Bell Systems Technical Journal, vol.28, pp.656-715, 1949.

W. Peter and . Shor, Algorithms for Quantum Computation: Discrete Logarithms and Factoring, 35th FOCS, vol.46, pp.124-134, 1994.

V. Shoup, On Fast and Provably Secure Message Authentication Based on Universal Hashing, LNCS. Springer, vol.1109, pp.313-328, 1996.

R. Azarderakhsh, B. Koziel, M. Campagna, B. Lamacchia, C. Costello et al., Supersingular Isogeny Key Encapsulation, p.153, 2017.
URL : https://hal.archives-ouvertes.fr/hal-02171951

J. H. Silverman, The arithmetic of elliptic curves, vol.106, p.154, 1986.

D. R. Simon, On the Power of Quantum Computation, 35th FOCS, vol.46, p.49, 1994.

S. Sarkar, K. Mandal, and D. Saha, Sycon v1.0. NIST lightweight competition round 1 candidate, p.114, 2019.

T. Santoli and C. Schaffner, Using Simon's algorithm to attack symmetric-key cryptographic primitives, Quantum Information & Computation, vol.17, p.99, 2017.

R. Schroeppel and A. Shamir, A T=O(2 n/2 ), S=O(2 n/4 ) Algorithm for Certain NP-Complete Problems, In: SIAM J. Comput, vol.10, pp.456-464, 1981.

C. Suetonius and T. , Vita divi Iuli, vol.121, p.13

J. Tate, Endomorphisms of abelian varieties over finite fields". In: Inventiones mathematicae, vol.2, p.155, 1966.

T. Toffoli, Reversible Computing, ICALP 80, vol.85, p.29, 1980.

G. Sandford and V. , Secret signaling system, US 1310719A, p.14, 1919.

V. Blaise-de, Traicté des chiffres, ou Secrètes manières d'escrire. Premier pillier de la grand, p.14

C. Paul, M. J. Van-oorschot, and . Wiener, Parallel Collision Search with Cryptanalytic Applications, Journal of Cryptology, vol.12, p.45, 1999.

D. Wagner, A Generalized Birthday Problem, CRYPTO 2002. Ed. by Moti Yung, vol.2442, p.61, 2002.

N. Mark, L. Wegman, and . Carter, New Hash Functions and Their Use in Authentication and Set Equality, Journal of Computer and System Sciences, vol.22, pp.265-279, 1981.

S. Wiesner, Conjugate Coding, SIGACT News, vol.15, p.23, 1983.

H. Wu and B. Preneel, AEGIS. CAESAR competition round 3 candidate, vol.18, 2016.

H. Wu, ACORN. CAESAR competition round 3 candidate, vol.18, 2016.

W. K. Wootters and W. H. Zurek, A single quantum cannot be cloned, Nature, vol.299, p.26, 1982.

C. Zalka, Grover's quantum searching algorithm is optimal, Physical Review A, vol.60, p.38, 1999.

Y. Zheng, T. Matsumoto, and H. Imai, On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses, LNCS, vol.435, pp.461-480, 1990.

, Dans la même collection Au sein de l'équipe SECRET : -Mathématiques discrètes appliquées à la cryptographie symétrique, Constructions pour la cryptographie à bas coût, 2018.

, Au sein de l'équipe COSMIQ : -Cryptographie fondée sur les codes : nouvelles approches pour constructions et preuves ; contribution en cryptanalyse, 2019.