Standard

On additive differential probabilities of a composition of bitwise XORs. / Sutormin, I. A.; Kolomeec, N. A.

в: Прикладная дискретная математика, Том 60, 2023, стр. 59-75.

Результаты исследований: Научные публикации в периодических изданияхстатьяРецензирование

Harvard

Sutormin, IA & Kolomeec, NA 2023, 'On additive differential probabilities of a composition of bitwise XORs', Прикладная дискретная математика, Том. 60, стр. 59-75. https://doi.org/10.17223/20710410/60/5

APA

Sutormin, I. A., & Kolomeec, N. A. (2023). On additive differential probabilities of a composition of bitwise XORs. Прикладная дискретная математика, 60, 59-75. https://doi.org/10.17223/20710410/60/5

Vancouver

Sutormin IA, Kolomeec NA. On additive differential probabilities of a composition of bitwise XORs. Прикладная дискретная математика. 2023;60:59-75. doi: 10.17223/20710410/60/5

Author

Sutormin, I. A. ; Kolomeec, N. A. / On additive differential probabilities of a composition of bitwise XORs. в: Прикладная дискретная математика. 2023 ; Том 60. стр. 59-75.

BibTeX

@article{36ad21fa613544129a6aceb30761e92f,
title = "On additive differential probabilities of a composition of bitwise XORs",
abstract = "We study the additive differential probabilities adp k of compositions of k − 1 bitwise XORs. For vectors α1, . . ., αk+1 ∈ Zn2 , it is defined as the probability of transformation input differences α1, . . ., αk to the output difference αk+1 by the function x1 . . . xk, where x1, . . ., xk ∈ Zn2 and k > 2. It is used for differential cryptanalysis of symmetric-key primitives, such as Addition-Rotation-XOR constructions. Several results which are known for adp2 are generalized for adp k . Some argument symmetries are proven for adp k . Recurrence formulas which allow us to reduce the dimension of the arguments are obtained. All impossible differentials as well as all differentials of adp k with the probability 1 are found. For even k, it is proven that α1max ,...,αk adp k (α1, . . ., αk → αk+1) = adp k (0, . . ., 0, αk+1 → αk+1). Matrices that can be used for efficient calculating adp k are constructed. It is also shown that the cases of even and odd k differ significantly.",
keywords = "ARX, XOR, additive differential probabilities, differential cryptanalysis",
author = "Sutormin, {I. A.} and Kolomeec, {N. A.}",
note = "The work was carried out within the framework of the state contract of the Sobolev Institute of Mathematics (project no. FWNF–2022–0018). Публикация для корректировки.",
year = "2023",
doi = "10.17223/20710410/60/5",
language = "English",
volume = "60",
pages = "59--75",
journal = "Прикладная дискретная математика",
issn = "2071-0410",
publisher = "Tomsk State University",

}

RIS

TY - JOUR

T1 - On additive differential probabilities of a composition of bitwise XORs

AU - Sutormin, I. A.

AU - Kolomeec, N. A.

N1 - The work was carried out within the framework of the state contract of the Sobolev Institute of Mathematics (project no. FWNF–2022–0018). Публикация для корректировки.

PY - 2023

Y1 - 2023

N2 - We study the additive differential probabilities adp k of compositions of k − 1 bitwise XORs. For vectors α1, . . ., αk+1 ∈ Zn2 , it is defined as the probability of transformation input differences α1, . . ., αk to the output difference αk+1 by the function x1 . . . xk, where x1, . . ., xk ∈ Zn2 and k > 2. It is used for differential cryptanalysis of symmetric-key primitives, such as Addition-Rotation-XOR constructions. Several results which are known for adp2 are generalized for adp k . Some argument symmetries are proven for adp k . Recurrence formulas which allow us to reduce the dimension of the arguments are obtained. All impossible differentials as well as all differentials of adp k with the probability 1 are found. For even k, it is proven that α1max ,...,αk adp k (α1, . . ., αk → αk+1) = adp k (0, . . ., 0, αk+1 → αk+1). Matrices that can be used for efficient calculating adp k are constructed. It is also shown that the cases of even and odd k differ significantly.

AB - We study the additive differential probabilities adp k of compositions of k − 1 bitwise XORs. For vectors α1, . . ., αk+1 ∈ Zn2 , it is defined as the probability of transformation input differences α1, . . ., αk to the output difference αk+1 by the function x1 . . . xk, where x1, . . ., xk ∈ Zn2 and k > 2. It is used for differential cryptanalysis of symmetric-key primitives, such as Addition-Rotation-XOR constructions. Several results which are known for adp2 are generalized for adp k . Some argument symmetries are proven for adp k . Recurrence formulas which allow us to reduce the dimension of the arguments are obtained. All impossible differentials as well as all differentials of adp k with the probability 1 are found. For even k, it is proven that α1max ,...,αk adp k (α1, . . ., αk → αk+1) = adp k (0, . . ., 0, αk+1 → αk+1). Matrices that can be used for efficient calculating adp k are constructed. It is also shown that the cases of even and odd k differ significantly.

KW - ARX

KW - XOR

KW - additive differential probabilities

KW - differential cryptanalysis

UR - https://www.scopus.com/record/display.uri?eid=2-s2.0-85175444887&origin=inward&txGid=79e75636648458201a137ee4ef4c4843

UR - https://www.elibrary.ru/item.asp?id=53971747

UR - https://www.mendeley.com/catalogue/2aef4501-797b-355c-ab90-861f54d5809f/

U2 - 10.17223/20710410/60/5

DO - 10.17223/20710410/60/5

M3 - Article

VL - 60

SP - 59

EP - 75

JO - Прикладная дискретная математика

JF - Прикладная дискретная математика

SN - 2071-0410

ER -

ID: 59187858