Analysis of ARX Functions: Pseudo-linear Methods for Approximation, Differentials, and Evaluating Diffusion

This paper explores the approximation of addition mod 2n by addition mod 2w, where 1 ≤ w ≤ n, in ARX functions that use large words (e.g., 32-bit words or 64-bit words). Three main areas are explored. First, pseudo-linear approximations aim to approximate the bits of a w-bit window of the state after some rounds. Second, the methods used in these approximations are also used to construct truncated differentials. Third, branch number metrics for diffusion are examined for ARX functions with large words, and variants of the differential and linear branch number characteristics based on pseudo-linear methods are introduced. These variants are called effective differential branch number and effective linear branch number, respectively. Applications of these approximation, differential, and diffusion evaluation techniques are demonstrated on Threefish-256 and Threefish-512.

[1]  Bart Preneel,et al.  Cryptanalysis of the Stream Cipher ABC v2 , 2006, Selected Areas in Cryptography.

[2]  David A. Wagner,et al.  Tweakable Block Ciphers , 2002, CRYPTO.

[3]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[4]  Willi Meier,et al.  Cryptographic Significance of the Carry for Ciphers Based on Integer Addition , 1990, CRYPTO.

[5]  J. Wallén ON THE DIFFERENTIAL AND LINEAR PROPERTIES OF ADDITION , 2003 .

[6]  Serge Vaudenay,et al.  Links Between Differential and Linear Cryptanalysis , 1994, EUROCRYPT.

[7]  Vincent Rijmen,et al.  The Wide Trail Design Strategy , 2001, IMACC.

[8]  Susan K. Langford,et al.  Differential-Linear Cryptanalysis , 1994, CRYPTO.

[9]  Ivica Nikolic,et al.  Rotational Cryptanalysis of ARX , 2010, FSE.

[10]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[11]  Josef Pieprzyk,et al.  Multiple Modular Additions and Crossword Puzzle Attack on NLSv2 , 2007, ISC.

[12]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[13]  Jacques Stern,et al.  Linear Cryptanalysis of Non Binary Ciphers , 2007, Selected Areas in Cryptography.

[14]  Johan Wallén Linear Approximations of Addition Modulo 2n , 2003, FSE.

[15]  Kaisa Nyberg,et al.  Correlation Theorems in Cryptanalysis , 2001, Discret. Appl. Math..

[16]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[17]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[18]  Kaisa Nyberg,et al.  Improved Linear Distinguishers for SNOW 2.0 , 2006, FSE.

[19]  Kaisa Nyberg,et al.  Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[20]  Bruce Schneier,et al.  Mod n Cryptanalysis, with Applications Against RC5P and M6 , 1999, FSE.

[21]  Keting Jia,et al.  Improved Related-Key Boomerang Attacks on Round-Reduced Threefish-512 , 2009, ISPEC.

[22]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[23]  Willi Meier,et al.  Improved Cryptanalysis of Skein , 2009, IACR Cryptol. ePrint Arch..

[24]  Stefan Lucks,et al.  The Skein Hash Function Family , 2009 .

[25]  Poorvi L. Vora,et al.  Pseudo-Linear Approximations for ARX Ciphers: With Application to Threefish , 2010, IACR Cryptol. ePrint Arch..