An Automated Tool for Rotational-XOR Cryptanalysis of ARX-based Primitives
نویسندگان
چکیده
In ARX structures, constants that are not rotational invariant are often injected into the state, in the form of round constants or as a result of using a fixed key. Rotational cryptanalysis cannot deal with such constants. Rotational cryptanalysis in the presence of constants, also known as rotational-XOR cryptanalysis, is a recently proposed statistical technique to attack ARX primitives. The newly proposed technique investigates how constants affect rotational cryptanalysis by introducing the notion of an RX-difference, which generalizes the idea of a rotational difference. Previously, a 7-round distinguisher for Speck, an ARX block cipher designed by the NSA, was found, mainly to demonstrate the proposed technique. In this paper, it is shown that longer distinguishers exist for Speck32/64, as well as other versions of speck, by using rotational-XOR cryptanalysis . This was done by means of an automated search tool. More specifically, the propagation of RX-differences through ARX structures are transformed into bitwise equations and these equations are then solved by a SAT-solver. Using this method, distinguishers with more rounds than previously reported are found for Speck32/64 and Speck48/96, as well as a 13-round distinguisher for Speck96/144 with a higher probability than previously reported, under the condition that two related keys are available.
منابع مشابه
An Easy to Use Tool for Rotational-XOR Cryptanalysis of ARX Block Ciphers
An increasing number of lightweight cryptographic primitives have been published in the last years. Some of these proposals only use additions, rotations and XORs, and these ARX primitives have shown a great performance in software. In this paper, a computer tool to automate the security evaluation of ARX block ciphers is shown. Our tool takes a Python implementation of an ARX block cipher and ...
متن کاملRotational-XOR Cryptanalysis of Reduced-round SPECK
In this paper we formulate a SAT/SMT model for Rotational-XOR (RX) cryptanalysis in ARX primitives for the first time. The model is successfully applied to the block cipher family Speck, and distinguishers covering more rounds than previously are found, as well as RX-characteristics requiring less data to detect. In particular, we present distinguishers for 10, 11 and 12 rounds for Speck32/64 w...
متن کاملUNAF: A Special Set of Additive Differences with Application to the Differential Analysis of ARX
Due to their fast performance in software, an increasing number of cryptographic primitives are constructed using the operations addition modulo 2, bit rotation and XOR (ARX). However, the resistance of ARX-based ciphers against differential cryptanalysis is not well understood. In this paper, we propose a new tool for evaluating more accurately the probabilities of additive differentials over ...
متن کاملTowards Finding Optimal Differential Characteristics for ARX: Application to Salsa20⋆
Abstract. An increasing number of cryptographic primitives are built using the ARX operations: addition modulo 2, bit rotation and XOR. Because of their very fast performance in software, ARX ciphers are becoming increasingly common. However, there is currently no rigorous understanding of the security of ARX ciphers against one of the most common attacks in symmetric-key cryptography: differen...
متن کاملRotational Cryptanalysis of ARX
In this paper we analyze the security of systems based on modular additions, rotations, and XORs (ARX systems). We provide both theoretical support for their security and practical cryptanalysis of real ARX primitives. We use a technique called rotational cryptanalysis, that is universal for the ARX systems and is quite efficient. We illustrate the method with the best known attack on reduced v...
متن کامل