Abstract
Rotational cryptanalysis is a statistical method for attacking ARX constructions. It was previously shown that ARX-C, i.e., ARX with the injection of constants can be used to implement any function. In this paper we investigate how rotational cryptanalysis is affected when constants are injected into the state. We introduce the notion of an RX-difference, generalizing the idea of a rotational difference. We show how RX-differences behave around modular addition, and give a formula to calculate their transition probability. We experimentally verify the formula using Speck32/64, and present a 7-round distinguisher based on RX-differences. We then discuss two types of constants: round constants, and constants which are the result of using a fixed key, and provide recommendations to designers for optimal choice of parameters.
Original language | English |
---|---|
Pages (from-to) | 57-70 |
Number of pages | 14 |
Journal | IACR Transactions on Symmetric Cryptology |
Volume | 2016 |
Issue number | 1 |
DOIs | |
Publication status | Published - 1 Dec 2016 |
Externally published | Yes |
Keywords
- Rotational cryptanalysis
- ARX
- RX-difference