====== Prøst ======

===== The Algorithm ===== 
  * Author(s): Elif Bilge Kavun, Martin M. Lauridsen, Gregor Leander, Christian Rechberger, Peter Schwabe, Tolga Yalçın
  * CAESAR submission: [[http://competitions.cr.yp.to/round1/proestv1.pdf|Prøst]]
  * Updated version: [[http://proest.compute.dtu.dk/proestv11.pdf|Prøst v1.1]]
  * Web: [[http://proest.compute.dtu.dk/|proest.compute.dtu.dk]]
  * [[https://www.google.com/maps/place/51%C2%B026%2749.6%22N+7%C2%B015%2754.4%22E/@51.447123,7.265119,15z/data=!3m1!4b1!4m2!3m1!1s0x0:0x0|Location]]

===== Cryptanalysis =====
^ What ^ Target ^ Reference ^
| Analysis of ShiftPlanes constants | Prøst core | Beierle, Jovanovic, Lauridsen, Leander, and Rechberger [(:ref:caesar:cryptoeprint2015212)] |
| Related-key key-recovery | Prøst-OTR | Karpman [(:ref:caesar:cryptoeprint2015134)] |
| Attack on 8-round PRØST-128 in Single-Key Even-Mansour | Prøst-128 in SEM | Todo and Aoki [(:ref:caesar:todoAokiProest)] |
| Related-key Forgery | Prøst-OTR | Dobraunig, Eichlseder, and Mendel in [[http://light-sec.org/fse2015/index.php/event/accepted-papers|FSE 2015]] (to appear) |
| On the behaviors of affine equivalent Sboxes regarding differential and linear attacks | Prøst core | Canteaut and Roué in [[https://www.cosic.esat.kuleuven.be/eurocrypt_2015/accepted.shtml|Eurocrypt 2015]] (to appear) |

~~REFNOTES~~