Research output: Contribution to journal › Article › peer-review
Maximums of the additive differential probability of exclusive-or. / Mouha, Nicky; Kolomeec, Nikolay; Akhtiamov, Danil et al.
In: IACR Transactions on Symmetric Cryptology, Vol. 2021, No. 2, 2021, p. 292-313.Research output: Contribution to journal › Article › peer-review
}
TY - JOUR
T1 - Maximums of the additive differential probability of exclusive-or
AU - Mouha, Nicky
AU - Kolomeec, Nikolay
AU - Akhtiamov, Danil
AU - Sutormin, Ivan
AU - Panferov, Matvey
AU - Titova, Kseniya
AU - Bonich, Tatiana
AU - Ishchukova, Evgeniya
AU - Tokareva, Natalia
AU - Zhantulikov, Bulat
N1 - Funding Information: The work is supported by Mathematical Center in Akademgorodok under agreement No. 075-15-2019-1613 with the Ministry of Science and Higher Education of the Russian Federation and Laboratory of Cryptography JetBrains Research. The authors are very grateful to organizers of The First Workshop at the Mathematical Center in Akadem-gorodok. Publisher Copyright: © 2021, Ruhr-Universitat Bochum. All rights reserved.
PY - 2021
Y1 - 2021
N2 - At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕ (α, β → γ) of exclusive-or where differences α, β, γ ∈ Fn2 are expressed using addition modulo 2n . This probability is used in the analysis of symmetric-key primitives that combine XOR and modular addition, such as the increas-ingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,β adp⊕ (α, β → γ) = adp⊕ (0, γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α, β such that adp⊕ (α, β → γ) = adp⊕ (0, γ → γ), and we obtain recurrence formulas for calculating adp⊕ . To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕ (0, γ → γ), and we find all γ that satisfy this minimum value.
AB - At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕ (α, β → γ) of exclusive-or where differences α, β, γ ∈ Fn2 are expressed using addition modulo 2n . This probability is used in the analysis of symmetric-key primitives that combine XOR and modular addition, such as the increas-ingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,β adp⊕ (α, β → γ) = adp⊕ (0, γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α, β such that adp⊕ (α, β → γ) = adp⊕ (0, γ → γ), and we obtain recurrence formulas for calculating adp⊕ . To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕ (0, γ → γ), and we find all γ that satisfy this minimum value.
KW - ARX
KW - Differential cryptanalysis
KW - Modular addition
KW - XOR
UR - http://www.scopus.com/inward/record.url?scp=85108784834&partnerID=8YFLogxK
U2 - 10.46586/tosc.v2021.i2.292-313
DO - 10.46586/tosc.v2021.i2.292-313
M3 - Article
AN - SCOPUS:85108784834
VL - 2021
SP - 292
EP - 313
JO - IACR Transactions on Symmetric Cryptology
JF - IACR Transactions on Symmetric Cryptology
SN - 2519-173X
IS - 2
ER -
ID: 34097609