Maximums of the Additive Differential Probability of Exclusive-Or

IF 1.7 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

IACR Transactions on Symmetric Cryptology Pub Date : 2021-01-01 DOI:10.46586/tosc.v2021.i2.292-313

N. Mouha, N. Kolomeec, D. Akhtiamov, I. Sutormin, M. Panferov, Kseniya A. Titova, T. Bonich, E. Ishchukova, N. Tokareva, Bulat Zhantulikov

{"title":"Maximums of the Additive Differential Probability of Exclusive-Or","authors":"N. Mouha, N. Kolomeec, D. Akhtiamov, I. Sutormin, M. Panferov, Kseniya A. Titova, T. Bonich, E. Ishchukova, N. Tokareva, Bulat Zhantulikov","doi":"10.46586/tosc.v2021.i2.292-313","DOIUrl":null,"url":null,"abstract":"At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕(α, β → γ) of exclusive-or where differences α, β, γ ∈ F2 are expressed using addition modulo 2. This probability is used in the analysis of symmetrickey primitives that combine XOR and modular addition, such as the increasingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,β adp⊕(α, β → γ) = adp⊕(0, γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α, β such that adp⊕(α, β → γ) = adp⊕(0, γ → γ), and we obtain recurrence formulas for calculating adp⊕. To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕(0, γ → γ), and we find all γ that satisfy this minimum value.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"16 1","pages":"292-313"},"PeriodicalIF":1.7000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Transactions on Symmetric Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tosc.v2021.i2.292-313","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 2

Abstract

At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕(α, β → γ) of exclusive-or where differences α, β, γ ∈ F2 are expressed using addition modulo 2. This probability is used in the analysis of symmetrickey primitives that combine XOR and modular addition, such as the increasingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,β adp⊕(α, β → γ) = adp⊕(0, γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α, β such that adp⊕(α, β → γ) = adp⊕(0, γ → γ), and we obtain recurrence formulas for calculating adp⊕. To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕(0, γ → γ), and we find all γ that satisfy this minimum value.

查看原文本刊更多论文

异或的加性微分概率的极大值

在FSE 2004上，Lipmaa等人研究了异或的加性微分概率adp⊕(α， β→γ)，其中差分α， β， γ∈F2用加法模2表示。这个概率用于分析结合异或和模块化加法的对称基元，例如日益流行的加法-旋转-异或(ARX)结构。本文的重点是最大微分，这有助于构建微分轨迹。我们提供了FSE 2004论文中关于maxα，β adp⊕(α， β→γ) = adp⊕(0，γ→γ)的定理3的缺失证明。进一步证明了总存在两个或八个不同的α， β对，使得adp⊕(α， β→γ) = adp⊕(0，γ→γ)，并得到了计算adp⊕的递推公式。为了深入了解可能的微分概率范围，我们还研究了其他性质，如adp⊕(0，γ→γ)的最小值，并找到了满足该最小值的所有γ。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IACR Transactions on Symmetric Cryptology Mathematics-Applied Mathematics

CiteScore

5.50

自引率

22.90%

发文量