Paper 2022/512

A Bit-Vector Differential Model for the Modular Addition by a Constant and its Applications to Differential and Impossible-Differential Cryptanalysis

Seyyed Arash Azimi, Adrián Ranea, Mahmoud Salmasizadeh, Javad Mohajeri, Mohammad Reza Aref, and Vincent Rijmen

Abstract

ARX algorithms are a class of symmetric-key algorithms constructed by Addition, Rotation, and XOR. To evaluate the resistance of an ARX cipher against differential and impossible-differential cryptanalysis, the recent automated methods employ constraint satisfaction solvers to search for optimal characteristics or impossible differentials. The main difficulty in formulating this search is finding the differential models of the non-linear operations. While an efficient bit-vector differential model was obtained for the modular addition with two variable inputs, no differential model for the modular addition by a constant has been proposed so far, preventing ARX ciphers including this operation from being evaluated with automated methods. In this paper, we present the first bit-vector differential model for the $n$-bit modular addition by a constant input. Our model contains $O(\log_2(n))$ basic bit-vector constraints and describes the binary logarithm of the differential probability. We describe an SMT-based automated method that includes our model to search for differential characteristics of ARX ciphers including constant additions. We also introduce a new automated method for obtaining impossible differentials where we do not search over a small pre-defined set of differences, such as low-weight differences, but let the SMT solver search through the space of differences. Moreover, we implement both methods in our open-source tool \texttt{ArxPy} to find characteristics and impossible differentials of ARX ciphers with constant additions in a fully automated way. As some examples, we provide related-key impossible differentials and differential characteristics of TEA, XTEA, HIGHT, LEA, SHACAL-1, and SHACAL-2, which achieve better results compared to previous works.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
modular additionARXSMTautomated tooldifferential cryptanalysisimpossible differential
Contact author(s)
arash_azimi @ ee sharif edu
adrian ranea @ esat kuleuven be
History
2022-05-02: received
Short URL
https://ia.cr/2022/512
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/512,
      author = {Seyyed Arash Azimi and Adrián Ranea and Mahmoud Salmasizadeh and Javad Mohajeri and Mohammad Reza Aref and Vincent Rijmen},
      title = {A Bit-Vector Differential Model for the Modular Addition by a Constant and its Applications to Differential and Impossible-Differential Cryptanalysis},
      howpublished = {Cryptology ePrint Archive, Paper 2022/512},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/512}},
      url = {https://eprint.iacr.org/2022/512}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.