[1] 3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, 3G security, V3.1.1: ‘Specification of the 3GPP Confidentiality and Integrity Algorithms: Document 2: KASUMI Specification’, 2001 [2] Biham, E., Dunkelman, O., and Keller, N.: ‘A Related-Key Rectangle Attack on the Full KASUMI’. Proc. ASIACRYPT, Chennai, India, 2005, LNCS-3788, Springer, pp. 443-461 [3] Dunkelman, O., Keller, N., and Shamir, A.: ‘A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony’. Proc. CRYPTO 2010, Santa Barbara, California, 2010, LNCS-6223, pp. 393-410 [4] ETSI/SAGE: ‘Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2&UIA2. Document 2: SNOW 3G Specification, version 1.1’ (September 2006) http://www.3gpp.org/ftp [5] Ekdahl, P., and Johansson, T.: ‘A New Version of the Stream Cipher SNOW’. Proc. SAC, St. Johns, Canada, 2002, LNCS-2595, Springer-Verlag, pp. 47-61 [6] Berbain, C., Billet, O., Canteaut, A., Courtois, N., Debraize, B., Gilbert, H., Goubin, L., Gouget, A., Granboulan, L., Lauradoux, C., Minier, M., Pornin, T. and Siber H.: ‘Decimv2, The eSTREAM Finalists’. (2008), LNCS-4986, Springer, pp. 140-151 [7] Watanabe, D., Furuya, S., Takaragi, K. and Preneel, B: ‘A New Keystream Generator MUGI’, Proc. FSE 2002, LNCS-2259, Springer-Verlag, pp. 179-194 [8] Boesgaard, M., Vesterager, M., Pedersen, T., Christiansen, J. and Scavenius, O.: ‘Rabbit: A High-Performance Stream Cipher’, Proc. FSE 2003, LNCS-2887, Springer, pp. 307-329 [9] ETSI/SAGE: ‘Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2&UIA2. Document 5: Design and Evaluation Report, version 1.1’ (September 2006), http://www.3gpp.org/ftp [10] Biryukov, A., Priemuth-Schmid D. and Zhang B.: ‘Multiset Collision Attacks on Reduced-Round SNOW 3G and SNOW 3G©’, ACNS 2010, LNCS, Vol. 6123, pp. 139-153, Springer-Verlag, 2010 [11] Iwata, T., and Kohno, T.: ‘New Security Proofs for the 3GPP Confidentiality and Integrity Algorithms’, Proc. FSE, New Delhi, India, 2004, LNCS-3017, Springer-Verlag, pp. 427-445 [12] De Cannie`re C., O¨ zgu¨l Ku¨c¸u¨k and Preneel B.: ‘Analysis of Grain’s Initialization Algorithm’, Proc. AFRICACRYPT, Casablanca, Marocco, 2008, LNCS-4047, Springer-Verlag, pp. 276-289 [13] Priemuth-Schmid, D., and Biryukov, A.: ‘Slid Pairs in Salsa20 and Trivium’, Proc. INDOCRYPT, Khargpur, India, 2008, Springer-Verlag, LNCS-5365, pp. 1-14 [14] Wu, H. and Preneel, B.: ‘Resynchronization Attacks on WG and LEX’, Proc. FSE, Graz, Austria, 2006, LNCS-4047, Springer, pp.422-432 [15] Daemen, J., and Rijmen, V.: ‘The Design of Rijndael: AES - The Advanced Encryption Standard (Information Security and Cryptography’, (Springer, 2002, 1st edition) [16] Knudsen, L., and Rijmen, V.: ‘Known-Key Distinguishers for Some Block Ciphers’, Proc. ASIACRYPT, Kuching, Sarawak, Malasia,2007, LNCS-4833, pp. 315-324 [17] Biryukov, A., Khovratovich, D., and Nikolic, I.: ‘Distinguisher and related-key attack on the full AES-256’, Proc. CRYPTO, Santa Barbara, California, 2009, LNCS-5677, pp. 231-249 [18] ETSI/SAGE: ‘Document 2: Specification of the 3GPP Confidentiality and Integrity Algorthithms 128-EEA3 & 128-EUA3: ZUC specification’, Version 1.4, 2010. Available at: http://gsmworld.com/our-work/programmes-and-initiatives/fraud-and-security/gsm_security_algorithms.htm [19] Wu, H., Nguyen, P., Wang, H., Ling, S.: Cryptanalysis of Stream Cipher ZUC in the 3GPP Confidentiality & Integrity Algorithms 128-EEA3 & 128-EIA3’, Asiacrypt 2010 Rump Session talk. Available at: http://www.spms.ntu.edu.sg/Asiacrypt2010/Common/rumpsession.html