Abstract: At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕ (α, β → γ) of exclusive-or where differences α, β, γ ∈ Fn2 are expressed using addition modulo 2n . This probability is used in the analysis of symmetric-key primitives that combine XOR and modular addition, such as the increas-ingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,β adp⊕ (α, β → γ) = adp⊕ (0, γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α, β such that adp⊕ (α, β → γ) = adp⊕ (0, γ → γ), and we obtain recurrence formulas for calculating adp⊕ . To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕ (0, γ → γ), and we find all γ that satisfy this minimum value.

Cite: Mouha N. , Kolomeec N. , Akhtiamov D. , Sutormin I. , Panferov M. , Titova K. , Bonich T. , Ishchukova E. , Tokareva N. , Zhantulikov B.
Maximums of the additive differential probability of exclusive-or
IACR Transactions on Symmetric Cryptology. 2021. V.2021. N2. P.292-313. DOI: 10.46586/tosc.v2021.i2.292-313 WOS Scopus OpenAlex

Identifiers:

Web of science:	WOS:000661483500009
Scopus:	2-s2.0-85108784834
OpenAlex:	W3167606741

Citing:

DB	Citing
Scopus	4
OpenAlex	4
Web of science	3

Altmetrics: