On CCZ-equivalence of addition mod 2 n

Schulte-Geers, Ernst

doi:10.1007/s10623-012-9668-4

Cited by 29 publications

(29 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to avoid the recursive expression, an explicit result on calculating the correlation of linear approximations in modular addition is proven by SchulteGeers [21]. Despite the recursive property of the carry, modular addition is CCZequivalent to a vectorial quadratic boolean function.…”

Section: Propagation Of Masks Through Modular Additionmentioning

confidence: 99%

Automatic Search of Linear Trails in ARX with Applications to SPECK and Chaskey

Liu

Wang

Rijmen

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we study linear cryptanalysis of the ARX structure by means of automatic search. To evaluate the security of ARX designs against linear cryptanalysis, it is crucial to find (round-reduced) linear trails with maximum correlation. We model the problem of finding optimal linear trails by the boolean satisfiability problem (SAT), translate the propagation of masks through ARX operations into bitwise expressions and constraints, and then solve the problem using a SAT solver. We apply the method to find optimal linear trails for roundreduced versions of the block cipher SPECK and the MAC algorithm Chaskey. For SPECK with block size 32/48/64/96/128, we can find optimal linear trails for 22/11/13/9/9 rounds respectively, which largely improves previous results, especially on larger versions. A 3-round optimal linear trail of Chaskey is presented for the first time as far as we know. In addition, our method can be used to enumerate the trails in a linear hull, and we present two linear hulls with the distributions of trails for round-reduced SPECK32. Our work provides designers with more accurate evaluation against linear cryptanalysis on ARX designs, especially for primitives with large block sizes and many rounds.

show abstract

Section: Propagation Of Masks Through Modular Additionmentioning

confidence: 99%

Automatic Search of Linear Trails in ARX with Applications to SPECK and Chaskey

Liu

Wang

Rijmen

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The DP and LC of modular addition have been thoroughly studied in the literature and optimal methods for their computation have been proposed by several authors: [17,33,22] (for xdp + ) and [32,26,20,27,10,33] (for xlc + ). All cited methods are linear in the size of the differences (resp.…”

Section: Preliminariesmentioning

confidence: 99%

“…1. It has three parts: first round (lines (4)- (14)), middle rounds (lines (16)- (25)) and last round (lines (27)- (37)). Every part is composed of two blocks corresponding to the two levels of recursion.…”

Section: Best Trail Search For Speckmentioning

confidence: 99%

Automatic Search for the Best Trails in ARX: Application to Block Cipher Speck

Biryukov

Velichkov

Corre

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We propose the first adaptation of Matsui's algorithm for finding the best differential and linear trails to the class of ARX ciphers. It is based on a branch-and-bound search strategy, does not use any heuristics and returns optimal results. The practical application of the new algorithm is demonstrated on reduced round variants of block ciphers from the Speck family. More specifically, we report the probabilities of the best differential trails for up to 10, 9, 8, 7, and 7 rounds of Speck32, Speck48, Speck64, Speck96 and Speck128 respectively, together with the exact number of differential trails that have the best probability. The new results are used to compute bounds, under the Markov assumption, on the security of Speck against single-trail differential cryptanalysis. Finally, we propose two new ARX primitives with provable bounds against single-trail differential and linear cryptanalysis -a long standing open problem in the area of ARX design.

show abstract

“…Some authors have studied the properties of the components of these ciphers from theoretical aspects [15][16][17][18][19][20][21][22][23][24]. In [15,16], linear and differential properties of SIMON-like ciphers were investigated, from the mathematical viewpoint, and an efficient formula for computing linear and differential probabilities of SIMON was presented.…”

Section: Introductionmentioning

confidence: 99%

“…In [19,20], upon some theoretical studies, upper bounds for differential probabilities and squared correlations for SIMON-like ciphers were provided, and provably optimal differential trails for various versions of SIMON were presented. In [21][22][23][24], linear properties of addition mod 2 n were investigated, from the mathematical viewpoint.…”

Section: Introductionmentioning

confidence: 99%

Further Observations on SIMON and SPECK Block Cipher Families

Dehnavi

2018

Cryptography

View full text Add to dashboard Cite

SIMON and SPECK families of block ciphers are well-known lightweight ciphers designed by the NSA. In this note, based on the previous investigations on SIMON, a closed formula for the squared correlations and differential probabilities of the mapping φ(x) = x S 1 (x) on F n 2 is given. From the aspects of linear and differential cryptanalysis, this mapping is equivalent to the core quadratic mapping of SIMON via rearrangement of coordinates and EA -equivalence. Based on the proposed explicit formula, a full description of DDT and LAT of φ is provided. In the case of SPECK, as the only nonlinear operation in this family of ciphers is addition mod 2 n , after reformulating the formula for linear and differential probabilities of addition mod 2 n , straightforward algorithms for finding the output masks with maximum squared correlation, given the input masks, as well as the output differences with maximum differential probability, given the input differences, are presented. By the aid of the tools given in this paper, the process of the search for linear and differential characteristics of SIMON and SPECK families of block ciphers could be sped up, and the complexity of linear and differential attacks against these ciphers could be reduced.

show abstract

On CCZ-equivalence of addition mod 2 n

Cited by 29 publications

References 8 publications

Automatic Search of Linear Trails in ARX with Applications to SPECK and Chaskey

Automatic Search of Linear Trails in ARX with Applications to SPECK and Chaskey

Automatic Search for the Best Trails in ARX: Application to Block Cipher Speck

Further Observations on SIMON and SPECK Block Cipher Families

Contact Info

Product

Resources

About