pith. sign in

arxiv: 2604.21436 · v2 · submitted 2026-04-23 · 💻 cs.CR

A Stackelberg Model for Hybridization in Cryptography

Willie Kouam , Stefan Rass , Zahra Seyedi , Shahzad Ahmad , Eckhard Pfluegel This is my paper

Pith reviewed 2026-05-09 21:38 UTC · model grok-4.3

classification 💻 cs.CR
keywords Stackelberg gamehybrid cryptographygame theorydynamic programminglinear programmingresource constraintscryptanalysispost-quantum cryptography
0
0 comments X

The pith

Cryptographic hybridization can be optimized by modeling it as a Stackelberg game where the defender randomizes over algorithms that the attacker observes before responding.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The authors treat the choice of encryption algorithms in hybrid cryptography as a game between a defender protecting data and an attacker trying to break it. The defender commits first to a randomized selection among classical, post-quantum, or combined schemes, taking into account both security levels and operational costs. The attacker then sees the realized choice and picks the most effective cryptanalysis technique within their resource limits. To compute solutions, the paper solves the attacker's best-response problem with dynamic programming and the defender's choice of randomization probabilities with a linear program. This matters because it gives a precise way to find mixed strategies that minimize the chance of successful attacks under real constraints.

Core claim

We model this interaction as a Stackelberg cryptographic hybridization problem under resource constraints. Here, the defender randomizes over encryption algorithms, and the attacker observes the choice before selecting suitable cryptanalysis methods. The attacker's decision is framed as a conditional optimization problem, which we refer to as the attacker subgame. We then propose a dynamic programming approach for the attacker's subgame, while the defender's Stackelberg optimization is formulated as a linear program.

What carries the argument

The attacker subgame, a conditional optimization problem solved via dynamic programming to determine the attacker's best response to each possible defender algorithm choice.

If this is right

  • Optimal mixed strategies for the defender can be computed efficiently as solutions to a linear program.
  • The attacker's optimal cryptanalysis choice for any observed algorithm can be found using dynamic programming under resource limits.
  • The model explicitly accounts for costs of both encryption and cryptanalysis, leading to balanced security-cost trade-offs.
  • Equilibrium solutions provide randomized defense policies that account for the attacker's rational response.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Real deployments may require extensions if the attacker cannot observe the exact algorithm, such as using mixed strategies without full information.
  • This Stackelberg approach could be applied to other areas like software security or network protocol design where one party commits to a defense first.
  • Validating the computed strategies against actual attack success rates on hybrid systems would test the model's practical value.

Load-bearing premise

The attacker can observe the defender's randomized choice of encryption algorithm before selecting cryptanalysis methods.

What would settle it

A simulation comparing the defender's optimal randomization probabilities and resulting security when the attacker has full observation of the algorithm versus when the attacker only knows the probability distribution over algorithms.

Figures

Figures reproduced from arXiv: 2604.21436 by Eckhard Pfluegel, Shahzad Ahmad, Stefan Rass, Willie Kouam, Zahra Seyedi.

Figure 1
Figure 1. Figure 1: Threshold approximation for the AttackerDP algorithm: Using a DP execution time limit of 0.2 seconds, the threshold number of methods is approximately 310. This threshold is specific to this simulation and the chosen parameters (number of methods, budget, success probabilities, and costs) and may vary if the parameters or hardware change. Our parameters are as follows: • DP benchmark: maximum number of met… view at source ↗
Figure 2
Figure 2. Figure 2: Relevance of the proposed optimal defender strategy. The figure shows that any deviation from the optimal strategy leads to a reduction in the defender’s utility. This degradation is particularly significant for purely random strategies. In contrast, strategies that partially incorporate the proposed optimization framework (by enforcing only a subset of the constraints) achieve improved performance, but st… view at source ↗
read the original abstract

Similar to a strategic interaction between rational and intelligent agents, cryptography problems can be examined through the prism of game theory. In this setting, the agent aiming to protect a message is called the defender, while the one attempting to decrypt it, generally for malicious purposes, is the attacker. To strengthen security in cryptography, various strategies have been developed, among which hybridization stands out as a key concept in modern cryptographic design. This strategy allows the defender to select among different encryption algorithms (classical, post-quantum, or hybrid) while carefully balancing security and operational costs. On the other side, the attacker, limited by available resources, chooses cryptanalysis methods capable of breaching the selected algorithm. We model this interaction as a Stackelberg cryptographic hybridization problem under resource constraints. Here, the defender randomizes over encryption algorithms, and the attacker observes the choice before selecting suitable cryptanalysis methods. The attacker's decision is framed as a conditional optimization problem, which we refer to as the ``attacker subgame''. We then propose a dynamic programming approach for the attacker's subgame, while the defender's Stackelberg optimization is formulated as a linear program.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The paper claims to model the strategic interaction between a defender choosing among classical, post-quantum, or hybrid encryption algorithms and a resource-constrained attacker choosing cryptanalysis methods as a Stackelberg game. The defender commits to a mixed strategy over algorithms; the attacker observes the realized choice and solves a conditional optimization problem (the 'attacker subgame') via dynamic programming; the defender's problem is formulated as a linear program to compute the optimal mixed strategy.

Significance. If the modeling assumptions hold and the proposed solution methods are correct, the framework could provide a quantitative tool for optimizing hybridization strategies that explicitly account for attacker responses under resource limits. The reduction of the attacker's problem to dynamic programming and the defender's to a linear program follows standard Stackelberg techniques, but the manuscript supplies no derivations, examples, or validation, so any significance remains prospective.

major comments (2)
  1. [Abstract] Abstract: The Stackelberg formulation is defined by the assumption that the attacker perfectly observes the defender's realized (randomized) algorithm choice before solving the conditional subgame. This observability is load-bearing for the subgame to be well-defined as stated, yet the manuscript provides no justification, relaxation, or discussion of how it maps to cryptographic practice where algorithm selection is typically hidden.
  2. [Abstract] Abstract: The dynamic programming approach for the attacker subgame and the linear-program formulation for the defender lack any explicit state definitions, transition rules, objective functions, or complexity analysis. Without these details or accompanying validation (e.g., small-scale numerical solutions or security bounds), it is impossible to verify that the proposed methods correctly compute the claimed Stackelberg equilibrium.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments on our manuscript. We address each major comment below and will revise the paper to incorporate the suggested clarifications and details.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The Stackelberg formulation is defined by the assumption that the attacker perfectly observes the defender's realized (randomized) algorithm choice before solving the conditional subgame. This observability is load-bearing for the subgame to be well-defined as stated, yet the manuscript provides no justification, relaxation, or discussion of how it maps to cryptographic practice where algorithm selection is typically hidden.

    Authors: We agree that the perfect-observability assumption is central to the standard Stackelberg leader-follower structure and merits explicit justification in the cryptographic setting. In the model the defender commits to a mixed strategy over algorithms (classical, post-quantum, or hybrid), after which the attacker observes the realized choice and solves the resulting conditional resource-allocation problem. This observability is intended to capture scenarios in which the attacker can determine the algorithm in use through protocol negotiation, metadata, or limited side-channel information. We acknowledge that algorithm selection is often hidden in practice and will add a new subsection that (i) states the assumption clearly, (ii) discusses its plausibility for hybridization protocols, and (iii) outlines possible relaxations to imperfect-information or Bayesian Stackelberg games. revision: yes

  2. Referee: [Abstract] Abstract: The dynamic programming approach for the attacker subgame and the linear-program formulation for the defender lack any explicit state definitions, transition rules, objective functions, or complexity analysis. Without these details or accompanying validation (e.g., small-scale numerical solutions or security bounds), it is impossible to verify that the proposed methods correctly compute the claimed Stackelberg equilibrium.

    Authors: The manuscript presents the high-level modeling framework and solution architecture but omits the detailed mathematical specifications. The attacker subgame is solved by dynamic programming whose states encode the attacker’s remaining computational budget together with the current progress toward breaking the chosen algorithm; transitions correspond to allocating discrete resource units to candidate cryptanalysis techniques, and the objective is to maximize the probability of successful decryption within the budget. The defender’s problem is then expressed as a linear program whose variables are the probabilities of each algorithm and whose constraints incorporate the expected payoffs obtained from the solved subgames. We recognize that explicit state definitions, Bellman recursions, transition functions, complexity statements (polynomial in the number of algorithms and budget granularity), and a small-scale numerical illustration were not supplied. We will expand the manuscript with these elements, include a worked numerical example that computes the equilibrium mixed strategy, and discuss the security bounds implied by the resulting value of the game. revision: yes

Circularity Check

0 steps flagged

No significant circularity; direct modeling of Stackelberg interaction

full rationale

The paper formulates the cryptographic hybridization problem directly as a Stackelberg game in which the defender commits to a mixed strategy over encryption algorithms (classical/PQ/hybrid) and the attacker responds with a conditional optimization solved via dynamic programming, with the defender's problem cast as a linear program. No equations or steps reduce by construction to fitted parameters, self-definitions, or prior self-citations; the attacker's subgame and defender's LP are presented as standard solution techniques applied to the stated model. The observability assumption is an explicit modeling choice rather than a derived result, and no renaming of known results or ansatz smuggling occurs. The derivation chain is therefore self-contained as an original game-theoretic modeling exercise.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The model rests on standard game-theoretic assumptions about rational players and observability; no free parameters, new entities, or ad-hoc axioms are stated in the abstract.

axioms (2)
  • domain assumption Both defender and attacker are rational and intelligent agents seeking to optimize their objectives.
    Core premise of the Stackelberg cryptographic game described in the abstract.
  • domain assumption The attacker observes the defender's algorithm choice before acting.
    Required for the Stackelberg structure and attacker subgame formulation.

pith-pipeline@v0.9.0 · 5509 in / 1352 out tokens · 40772 ms · 2026-05-09T21:38:11.101530+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

53 extracted references · 2 canonical work pages

  1. [1]

    Status report on the third round of the nist post-quantum cryptography standardization process

    Gorjan Alagic, Gorjan Alagic, Daniel Apon, David Cooper, Quynh Dang, Thinh Dang, John Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl Miller, et al. Status report on the third round of the nist post-quantum cryptography standardization process. 2022

    2022

  2. [2]

    Amanatidis, F

    G. Amanatidis, F. Fusco, P. Lazos, S. Leonardi, A. Marchetti-Spaccamela, and R. Reif- fenhäuser. Submodular maximization subject to a knapsack constraint: Combinatorial algorithms with near-optimal adaptive complexity. InProceedings of the 38th International Conference on Machine Learning (ICML 2021), volume 139, pages 231–242. PMLR, 2021

    2021

  3. [3]

    Amanatidis, F

    G. Amanatidis, F. Fusco, P. Lazos, S. Leonardi, and R. Reiffenhäuser. Fast adaptive non- monotone submodular maximization subject to a knapsack constraint. InAdvances in Neural Information Processing Systems (NeurIPS 2020), 2020

    2020

  4. [4]

    Capacitated Dynamic Programming: Faster Knapsack and Graph Algorithms

    Kyriakos Axiotis and Christos Tzamos. Capacitated dynamic programming: Faster knap- sack and graph algorithms.arXiv preprint arXiv:1802.06440, 2018

    work page Pith review arXiv 2018

  5. [5]

    Nistspecialpublication800–175brevision1guidelineforusingcryptographic standards in the federal government: Crypto-graphic mechanisms.Computer Science, pages 1–83, 2018

    ElaineBarker. Nistspecialpublication800–175brevision1guidelineforusingcryptographic standards in the federal government: Crypto-graphic mechanisms.Computer Science, pages 1–83, 2018

    2018

  6. [6]

    Transitioning the use of cryptographic algorithms and key lengths

    Elaine Barker and Allen Roginsky. Transitioning the use of cryptographic algorithms and key lengths. Technical report, National Institute of Standards and Technology, 2018

    2018

  7. [7]

    ebacs: Ecryptbenchmarkingofcryptographicsystems, 2011

    DanielJBernsteinandTanjaLange. ebacs: Ecryptbenchmarkingofcryptographicsystems, 2011

    2011

  8. [8]

    Related-Key Cryptanalysis of the Full AES- 192 and AES-256

    Alex Biryukov and Dmitry Khovratovich. Related-Key Cryptanalysis of the Full AES- 192 and AES-256. In David Hutchison, Takeo Kanade, Josef Kittler, Jon M. Kleinberg, Friedemann Mattern, John C. Mitchell, Moni Naor, Oscar Nierstrasz, C. Pandu Rangan, Bernhard Steffen, Madhu Sudan, Demetri Terzopoulos, Doug Tygar, Moshe Y. Vardi, Ger- hard Weikum, and Mitsu...

    2009

  9. [9]

    Biclique Cryptanaly- sis of the Full AES

    Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger. Biclique Cryptanaly- sis of the Full AES. In David Hutchison, Takeo Kanade, Josef Kittler, Jon M. Kleinberg, Friedemann Mattern, John C. Mitchell, Moni Naor, Oscar Nierstrasz, C. Pandu Rangan, Bernhard Steffen, Madhu Sudan, Demetri Terzopoulos, Doug Tygar, Moshe Y. Vardi, Ger- hard Weikum, Do...

    2011

  10. [10]

    Twenty years of attacks on the rsa cryptosystem.Notices of the AMS, 46(2):203–213, 1999

    Dan Boneh et al. Twenty years of attacks on the rsa cryptosystem.Notices of the AMS, 46(2):203–213, 1999

    1999

  11. [11]

    Crystals-kyber: a cca-secure module-lattice-based kem

    Joppe Bos, Léo Ducas, Eike Kiltz, Tancrède Lepoint, Vadim Lyubashevsky, John M Schanck, Peter Schwabe, Gregor Seiler, and Damien Stehlé. Crystals-kyber: a cca-secure module-lattice-based kem. In2018 IEEE European symposium on security and privacy (EuroS&P), pages 353–367. IEEE, 2018

    2018

  12. [12]

    Jutla, Josyula R

    Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. Towards Sound Approaches to Counteract Power-Analysis Attacks. In Michael Wiener, editor,Advances in Cryptology — CRYPTO’ 99, pages 398–412, Berlin, Heidelberg, 1999. Springer

    1999

  13. [13]

    US Department of Commerce, National Institute of Standards and Technology ..., 2016

    Lily Chen, Lily Chen, Stephen Jordan, Yi-Kai Liu, Dustin Moody, Rene Peralta, Ray A Perlner, and Daniel Smith-Tone.Report on post-quantum cryptography, volume 12. US Department of Commerce, National Institute of Standards and Technology ..., 2016

    2016

  14. [14]

    S. Cui, K. Han, J. Tang, H. Huang, X. Li, and A. Zhiyuli. Practical parallel algorithms for submodular maximization subject to a knapsack constraint with nearly optimal adaptivity. InProceedings of the AAAI Conference on Artificial Intelligence (AAAI 2023), 2023

    2023

  15. [15]

    Practical parallel algorithms for submodular maximization subject to a knapsack constraint with nearly optimal adaptivity

    Shuang Cui, Kai Han, Jing Tang, He Huang, Xueying Li, and Aakas Zhiyuli. Practical parallel algorithms for submodular maximization subject to a knapsack constraint with nearly optimal adaptivity. InProceedings of the AAAI Conference on Artificial Intelligence, volume 37, pages 7261–7269, 2023

    2023

  16. [16]

    Springer, 2002

    Joan Daemen and Vincent Rijmen.The design of Rijndael, volume 2. Springer, 2002

    2002

  17. [17]

    Advancing the Idea of Probabilistic Neutral Bits: First Key Recovery Attack on 7.5 Round ChaCha.IEEE Transactions on Information Theory, 70(8):6091– 6106, August 2024

    Sabyasachi Dey. Advancing the Idea of Probabilistic Neutral Bits: First Key Recovery Attack on 7.5 Round ChaCha.IEEE Transactions on Information Theory, 70(8):6091– 6106, August 2024

    2024

  18. [18]

    Dilip Kumar, Sikhar Patranabis, Jakub Breier, Debdeep Mukhopadhyay, Shivam Bhasin, Anupam Chattopadhyay, and Anubhab Baksi

    S.V. Dilip Kumar, Sikhar Patranabis, Jakub Breier, Debdeep Mukhopadhyay, Shivam Bhasin, Anupam Chattopadhyay, and Anubhab Baksi. A Practical Fault Attack on ARX- Like Ciphers with a Case Study on ChaCha20. In2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pages 33–40, September 2017

    2017

  19. [19]

    Crystals-dilithium: A lattice-based digital signature scheme

    Léo Ducas, Eike Kiltz, Tancrede Lepoint, Vadim Lyubashevsky, Peter Schwabe, Gregor Seiler, and Damien Stehlé. Crystals-dilithium: A lattice-based digital signature scheme. IACR Transactions on Cryptographic Hardware and Embedded Systems, pages 238–268, 2018

    2018

  20. [20]

    Differential Fault Analysis on A.E.S

    Pierre Dusart, Gilles Letourneux, and Olivier Vivolo. Differential Fault Analysis on A.E.S. In Gerhard Goos, Juris Hartmanis, Jan Van Leeuwen, Jianying Zhou, Moti Yung, and Yongfei Han, editors,Applied Cryptography and Network Security, volume 2846, pages 293–306. Springer Berlin Heidelberg, Berlin, Heidelberg, 2003. Series Title: Lecture Notes in Compute...

    2003

  21. [21]

    Ene and H

    A. Ene and H. L. Nguyen. A nearly-linear time algorithm for submodular maximization with a knapsack constraint. InProceedings of the 30th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA 2019), 2019

    2019

  22. [22]

    Applying Grover’s Algorithm to AES: Quantum Resource Estimates

    Markus Grassl, Brandon Langenberg, Martin Roetteler, and Rainer Steinwandt. Applying Grover’s Algorithm to AES: Quantum Resource Estimates. In Tsuyoshi Takagi, editor, Post-Quantum Cryptography, volume 9606, pages 29–43. Springer International Publishing, Cham, 2016. Series Title: Lecture Notes in Computer Science

    2016

  23. [23]

    Enhanced montgomery multiplication

    Shay Gueron. Enhanced montgomery multiplication. InInternational Workshop on Cryp- tographic Hardware and Embedded Systems, pages 46–56. Springer, 2002

    2002

  24. [24]

    Intel’s new aes instructions for enhanced performance and security

    Shay Gueron. Intel’s new aes instructions for enhanced performance and security. In International Workshop on Fast Software Encryption, pages 51–66. Springer, 2009

    2009

  25. [25]

    A Hybrid Lattice Basis Reduction and Quantum Search Attack on LWE, 2017

    Florian Göpfert, Christine van Vredendaal, and Thomas Wunderer. A Hybrid Lattice Basis Reduction and Quantum Search Attack on LWE, 2017. Publication info: Published elsewhere. PQCrypto 2017

    2017

  26. [26]

    Signature Correction Attack on Dilithium Signature Scheme, March 2022

    Saad Islam, Koksal Mus, Richa Singh, Patrick Schaumont, and Berk Sunar. Signature Correction Attack on Dilithium Signature Scheme, March 2022. arXiv:2203.00637 [cs]

    work page arXiv 2022

  27. [27]

    Lenstra, Emmanuel Thomé, Joppe W

    Thorsten Kleinjung, Kazumaro Aoki, Jens Franke, Arjen K. Lenstra, Emmanuel Thomé, Joppe W. Bos, Pierrick Gaudry, Alexander Kruppa, Peter L. Montgomery, Dag Arne Osvik, Herman te Riele, Andrey Timofeev, and Paul Zimmermann. Factorization of a 768-Bit RSA Modulus. In Tal Rabin, editor,Advances in Cryptology – CRYPTO 2010, pages 333–350, Berlin, Heidelberg, ...

    2010

  28. [28]

    Differential Power Analysis

    Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis. In Michael Wiener, editor,Advances in Cryptology — CRYPTO’ 99, pages388–397, Berlin, Heidelberg,

  29. [29]

    Paul C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Neal Koblitz, editor,Advances in Cryptology — CRYPTO ’96, pages 104–113, Berlin, Heidelberg, 1996. Springer

    1996

  30. [30]

    Springer Science & Business Media, 2013

    Panos Kouvelis and Gang Yu.Robust discrete optimization and its applications, volume 14. Springer Science & Business Media, 2013

    2013

  31. [31]

    To insure or not to insure: How attackers exploit cyber-insurance via game theory.Computers & Security, page 104585, 2025

    Zhen Li and Qi Liao. To insure or not to insure: How attackers exploit cyber-insurance via game theory.Computers & Security, page 104585, 2025

    2025

  32. [32]

    Sok: Security evaluation of sbox-based block ciphers

    Joelle Lim, Derrick Ng, and Ruth Ng. Sok: Security evaluation of sbox-based block ciphers. Cryptology ePrint Archive, 2022

    2022

  33. [33]

    Optimizing sensor allocation against attackers with uncertain intentions: a worst-case regret minimization approach

    Haoxiang Ma, Shuo Han, Charles A Kamhoua, and Jie Fu. Optimizing sensor allocation against attackers with uncertain intentions: a worst-case regret minimization approach. IEEE Control Systems Letters, 7:2863–2868, 2023

    2023

  34. [34]

    On weierstrass extreme value theorem.Optimization letters, 8(1):391–393, 2014

    Juan Enrique Martínez-Legaz. On weierstrass extreme value theorem.Optimization letters, 8(1):391–393, 2014

    2014

  35. [35]

    Profil- ing Side-Channel Attacks on Dilithium: A Small Bit-Fiddling Leak Breaks It All, 2022

    Soundes Marzougui, Vincent Ulitzsch, Mehdi Tibouchi, and Jean-Pierre Seifert. Profil- ing Side-Channel Attacks on Dilithium: A Small Bit-Fiddling Leak Breaks It All, 2022. Publication info: Preprint. MINOR revision. 25

    2022

  36. [36]

    Hassen Mestiri. Evaluating AES Security: Correlation Power Analysis Attack Implementa- tion using the Switching Distance Power Model.Engineering, Technology & Applied Science Research, 15(1):20314–20320, February 2025

    2025

  37. [37]

    PNB-focused Differential Cryptanalysis of ChaCha Stream Cipher, 2021

    Shotaro Miyashita, Ryoma Ito, and Atsuko Miyaji. PNB-focused Differential Cryptanalysis of ChaCha Stream Cipher, 2021. Publication info: Published elsewhere. ACISP 2022

    2021

  38. [38]

    Post-quantum cryptography: Nist’s plan for the future

    Dustin Moody. Post-quantum cryptography: Nist’s plan for the future. InThe seventh international conference on post-quntum cryptography, Japan, 2016

    2016

  39. [39]

    Countering arp spoofing attacks in software-defined networks using a game-theoretic approach.Computers & Security, 139:103696, 2024

    Fabrice Mvah, Vianney Kengne Tchendji, Clémentin Tayou Djamegni, Ahmed H Anwar, Deepak K Tosh, and Charles Kamhoua. Countering arp spoofing attacks in software-defined networks using a game-theoretic approach.Computers & Security, 139:103696, 2024

    2024

  40. [40]

    Secure hash standard

    National Institute of Standards and Technology (US). Secure hash standard. Technical Re- port NIST FIPS 180-4, National Institute of Standards and Technology (U.S.), Washington, D.C., 2015

    2015

  41. [41]

    Advanced Encryption Standard (AES)

    National Institute of Standards and Technology (US). Advanced Encryption Standard (AES). Technical Report NIST FIPS 197-upd1, National Institute of Standards and Tech- nology (U.S.), Washington, D.C., May 2023

    2023

  42. [42]

    On the complexity of side-channel attacks on AES-256 – methodology and quantitative results on cache attacks, 2007

    Michael Neve and Kris Tiri. On the complexity of side-channel attacks on AES-256 – methodology and quantitative results on cache attacks, 2007. Publication info: Published elsewhere. Unknown where it was published

    2007

  43. [43]

    Deployed armor protection: the application of a game theoretic model for security at the los angeles international airport

    James Pita, Manish Jain, Janusz Marecki, Fernando Ordóñez, Christopher Portway, Milind Tambe, Craig Western, Praveen Paruchuri, and Sarit Kraus. Deployed armor protection: the application of a game theoretic model for security at the los angeles international airport. InProceedings of the 7th international joint conference on Autonomous agents and multiag...

    2008

  44. [44]

    J. M. Pollard. Monte Carlo Methods for Index Computation (mod p).Mathematics of Computation, 32(143):918, July 1978

    1978

  45. [45]

    Game-theoretic apt defense: An experimental study on robotics.Computers & Security, 132:103328, 2023

    Stefan Rass, Sandra König, Jasmin Wachter, Víctor Mayoral-Vilches, and Emmanouil Panaousis. Game-theoretic apt defense: An experimental study on robotics.Computers & Security, 132:103328, 2023

    2023

  46. [46]

    Peter W. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer.SIAM Journal on Computing, 26(5):1484–1509, 1997

    1997

  47. [47]

    Cambridge university press, 2011

    Milind Tambe.Security and game theory: algorithms, deployed systems, lessons learned. Cambridge university press, 2011

    2011

  48. [48]

    Improving the Biclique Cryptanalysis of AES

    Biaoshuai Tao and Hongjun Wu. Improving the Biclique Cryptanalysis of AES. In Ernest Foo and Douglas Stebila, editors,Information Security and Privacy, volume 9144, pages 39–56. Springer International Publishing, Cham, 2015. Series Title: Lecture Notes in Computer Science

    2015

  49. [49]

    stealthy takeover

    Marten Van Dijk, Ari Juels, Alina Oprea, and Ronald L Rivest. Flipit: The game of “stealthy takeover”.Journal of Cryptology, 26(4):655–713, 2013

    2013

  50. [50]

    Far Field EM Side-Channel Attack on AES Using Deep Learning, 2020

    Ruize Wang, Huanyu Wang, and Elena Dubrova. Far Field EM Side-Channel Attack on AES Using Deep Learning, 2020. Publication info: Published elsewhere. Minor revision. 4th ACM Workshop on Attacks and Solutions in Hardware Security (ASHES’2020), November 13, 2020. 26

    2020

  51. [51]

    Differential-Linear Cryptanalysis of Reduced Round ChaCha.IACR Transactions on Symmetric Cryptology, 2024(2):166–189, June 2024

    Zhichao Xu, Hong Xu, Lin Tan, and Wenfeng Qi. Differential-Linear Cryptanalysis of Reduced Round ChaCha.IACR Transactions on Symmetric Cryptology, 2024(2):166–189, June 2024

    2024

  52. [52]

    Security defense decision method based on potential differential game for complex networks.Computers & Security, 129:103187, 2023

    Hengwei Zhang, Yan Mi, Yumeng Fu, Xiaohu Liu, Yuchen Zhang, Jindong Wang, and Jinglei Tan. Security defense decision method based on potential differential game for complex networks.Computers & Security, 129:103187, 2023

    2023

  53. [53]

    Case: Cache-assisted secure execution on arm processors

    Ning Zhang, Kun Sun, Wenjing Lou, and Y Thomas Hou. Case: Cache-assisted secure execution on arm processors. In2016 IEEE Symposium on Security and Privacy (SP), pages 72–90. IEEE, 2016. 27

    2016