N. Mouha, N. Kolomeec, D. Akhtiamov, I. Sutormin, M. Panferov, Kseniya A. Titova, T. Bonich, E. Ishchukova, N. Tokareva, Bulat Zhantulikov
{"title":"异或的加性微分概率的极大值","authors":"N. Mouha, N. Kolomeec, D. Akhtiamov, I. Sutormin, M. Panferov, Kseniya A. Titova, T. Bonich, E. Ishchukova, N. Tokareva, Bulat Zhantulikov","doi":"10.46586/tosc.v2021.i2.292-313","DOIUrl":null,"url":null,"abstract":"At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕(α, β → γ) of exclusive-or where differences α, β, γ ∈ F2 are expressed using addition modulo 2. This probability is used in the analysis of symmetrickey primitives that combine XOR and modular addition, such as the increasingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,β adp⊕(α, β → γ) = adp⊕(0, γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α, β such that adp⊕(α, β → γ) = adp⊕(0, γ → γ), and we obtain recurrence formulas for calculating adp⊕. To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕(0, γ → γ), and we find all γ that satisfy this minimum value.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"16 1","pages":"292-313"},"PeriodicalIF":1.7000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Maximums of the Additive Differential Probability of Exclusive-Or\",\"authors\":\"N. Mouha, N. Kolomeec, D. Akhtiamov, I. Sutormin, M. Panferov, Kseniya A. Titova, T. Bonich, E. Ishchukova, N. Tokareva, Bulat Zhantulikov\",\"doi\":\"10.46586/tosc.v2021.i2.292-313\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕(α, β → γ) of exclusive-or where differences α, β, γ ∈ F2 are expressed using addition modulo 2. This probability is used in the analysis of symmetrickey primitives that combine XOR and modular addition, such as the increasingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,β adp⊕(α, β → γ) = adp⊕(0, γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α, β such that adp⊕(α, β → γ) = adp⊕(0, γ → γ), and we obtain recurrence formulas for calculating adp⊕. To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕(0, γ → γ), and we find all γ that satisfy this minimum value.\",\"PeriodicalId\":37077,\"journal\":{\"name\":\"IACR Transactions on Symmetric Cryptology\",\"volume\":\"16 1\",\"pages\":\"292-313\"},\"PeriodicalIF\":1.7000,\"publicationDate\":\"2021-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IACR Transactions on Symmetric Cryptology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.46586/tosc.v2021.i2.292-313\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Transactions on Symmetric Cryptology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.46586/tosc.v2021.i2.292-313","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
Maximums of the Additive Differential Probability of Exclusive-Or
At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕(α, β → γ) of exclusive-or where differences α, β, γ ∈ F2 are expressed using addition modulo 2. This probability is used in the analysis of symmetrickey primitives that combine XOR and modular addition, such as the increasingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,β adp⊕(α, β → γ) = adp⊕(0, γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α, β such that adp⊕(α, β → γ) = adp⊕(0, γ → γ), and we obtain recurrence formulas for calculating adp⊕. To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕(0, γ → γ), and we find all γ that satisfy this minimum value.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
