Maximums of the Additive Differential Probability of Exclusive-Or
At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕(α,β → γ) of exclusive-or where differences α,β,γ ∈ Fn2 are expressed using addition modulo 2n. This probability is used in the analysis of symmetric-key primitives that combine XOR and modular addition, such as the increa...
| Main Authors: | , , , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2021-06-01
|
| Series: | IACR Transactions on Symmetric Cryptology |
| Subjects: | |
| Online Access: | https://tosc.iacr.org/index.php/ToSC/article/view/8912 |
| id |
doaj-7ae3184896c24600af06b3fc5179a4d1 |
|---|---|
| record_format |
Article |
| spelling |
doaj-7ae3184896c24600af06b3fc5179a4d12021-06-11T14:10:26ZengRuhr-Universität BochumIACR Transactions on Symmetric Cryptology2519-173X2021-06-012021210.46586/tosc.v2021.i2.292-313Maximums of the Additive Differential Probability of Exclusive-OrNicky Mouha0Nikolay Kolomeec1Danil Akhtiamov2Ivan Sutormin3Matvey Panferov4Kseniya Titova5Tatiana Bonich6Evgeniya Ishchukova7Natalia Tokareva8Bulat Zhantulikov9Strativia, Largo, MD, USASobolev Institute of Mathematics, Novosibirsk, RussiaThe Hebrew University of Jerusalem, Jerusalem, IsraelSobolev Institute of Mathematics, Novosibirsk, RussiaNovosibirsk State University, Novosibirsk, RussiaNovosibirsk State University, Novosibirsk, RussiaNovosibirsk State University, Novosibirsk, RussiaSouthern Federal University, Taganrog, RussiaSobolev Institute of Mathematics, Novosibirsk, RussiaNovosibirsk State University, Novosibirsk, Russia At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕(α,β → γ) of exclusive-or where differences α,β,γ ∈ Fn2 are expressed using addition modulo 2n. This probability is used in the analysis of symmetric-key primitives that combine XOR and modular addition, such as the increasingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,βadp⊕(α,β → γ) = adp⊕(0,γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α,β such that adp⊕( α,β → γ) = adp⊕(0,γ → γ), and we obtain recurrence formulas for calculating adp⊕. To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕(0,γ → γ), and we find all γ that satisfy this minimum value. https://tosc.iacr.org/index.php/ToSC/article/view/8912Differential cryptanalysisARXXORmodular addition |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Nicky Mouha Nikolay Kolomeec Danil Akhtiamov Ivan Sutormin Matvey Panferov Kseniya Titova Tatiana Bonich Evgeniya Ishchukova Natalia Tokareva Bulat Zhantulikov |
| spellingShingle |
Nicky Mouha Nikolay Kolomeec Danil Akhtiamov Ivan Sutormin Matvey Panferov Kseniya Titova Tatiana Bonich Evgeniya Ishchukova Natalia Tokareva Bulat Zhantulikov Maximums of the Additive Differential Probability of Exclusive-Or IACR Transactions on Symmetric Cryptology Differential cryptanalysis ARX XOR modular addition |
| author_facet |
Nicky Mouha Nikolay Kolomeec Danil Akhtiamov Ivan Sutormin Matvey Panferov Kseniya Titova Tatiana Bonich Evgeniya Ishchukova Natalia Tokareva Bulat Zhantulikov |
| author_sort |
Nicky Mouha |
| title |
Maximums of the Additive Differential Probability of Exclusive-Or |
| title_short |
Maximums of the Additive Differential Probability of Exclusive-Or |
| title_full |
Maximums of the Additive Differential Probability of Exclusive-Or |
| title_fullStr |
Maximums of the Additive Differential Probability of Exclusive-Or |
| title_full_unstemmed |
Maximums of the Additive Differential Probability of Exclusive-Or |
| title_sort |
maximums of the additive differential probability of exclusive-or |
| publisher |
Ruhr-Universität Bochum |
| series |
IACR Transactions on Symmetric Cryptology |
| issn |
2519-173X |
| publishDate |
2021-06-01 |
| description |
At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕(α,β → γ) of exclusive-or where differences α,β,γ ∈ Fn2 are expressed using addition modulo 2n. This probability is used in the analysis of symmetric-key primitives that combine XOR and modular addition, such as the increasingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,βadp⊕(α,β → γ) = adp⊕(0,γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α,β such that adp⊕( α,β → γ) = adp⊕(0,γ → γ), and we obtain recurrence formulas for calculating adp⊕. To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕(0,γ → γ), and we find all γ that satisfy this minimum value.
|
| topic |
Differential cryptanalysis ARX XOR modular addition |
| url |
https://tosc.iacr.org/index.php/ToSC/article/view/8912 |
| work_keys_str_mv |
AT nickymouha maximumsoftheadditivedifferentialprobabilityofexclusiveor AT nikolaykolomeec maximumsoftheadditivedifferentialprobabilityofexclusiveor AT danilakhtiamov maximumsoftheadditivedifferentialprobabilityofexclusiveor AT ivansutormin maximumsoftheadditivedifferentialprobabilityofexclusiveor AT matveypanferov maximumsoftheadditivedifferentialprobabilityofexclusiveor AT kseniyatitova maximumsoftheadditivedifferentialprobabilityofexclusiveor AT tatianabonich maximumsoftheadditivedifferentialprobabilityofexclusiveor AT evgeniyaishchukova maximumsoftheadditivedifferentialprobabilityofexclusiveor AT nataliatokareva maximumsoftheadditivedifferentialprobabilityofexclusiveor AT bulatzhantulikov maximumsoftheadditivedifferentialprobabilityofexclusiveor |
| _version_ |
1721381987931914240 |