Abstract
We show that addition mod 2n is CCZ-equivalent to a quadratic vectorial Boolean function. We use this to reduce the solution of systems of differential equations of addition to the solution of an equivalent system of linear equations and to derive a fully explicit formula for the correlation coefficients, which leads to enhanced results about the Walsh transform of addition mod 2n. The results have direct applications in the cryptanalysis of cryptographic primitives which use addition mod 2n.
Similar content being viewed by others
References
Alquié D.: Approximating Addition by XOR: How to Go All the Way. Tech. Rep. 072/2010, Cryptology ePrint Archive (2010). Available at http://eprint.iacr.org/2010/072.
Biham E., Shamir A.: Differential cryptanalysis of FEAL and n-Hash. In: Advances in Cryptology— EUROCRYPT 1991, no. 547 in Lecture Notes in Computer Science, pp. 1–16. Springer, Berlin (1991).
Carlet C., Charpin P., Zinoviev V.: Codes, bent functions and permutations suitable for DES-like crypto systems. Des. Codes Cryptogr. 15(2), 125–156 (1998)
Holte J.: Carries, combinatorics and an amazing matrix. Am. Math. Mon. 104(2), 138–149 (1997)
Leurent G., Thomsen S.: Practical partial collisions on the compression function of BMW. In: Fast Software Encryption 2011, no. 6733 in Lecture Notes in Computer Science. Springer, Berlin (2011).
Lipmaa H., Moriai S.: Efficient algorithms for computing differential properties of addition. In: Fast Software Encryption 2001, no. 2355 in Lecture Notes in Computer Science, pp. 336–350. Springer, Berlin (2002).
Nyberg C., Wallén J.: Improved linear distinguishers for SNOW 2.0. In: Fast Software Encryption 2006, no. 4047 in Lecture Notes in Computer Science, pp. 336–350. Springer, Berlin (2006).
Paul S., Preneel B.: Solving systems of differential equations of addition. In: ACISP 2005, no. 3574 in Lecture Notes in Computer Science, pp. 75–88. Springer, Berlin (2006). Extended Version available as Technical Report 294/2004 at http://eprint.iacr.org/2004/294.
Rueppel R.A.: Correlation immunity and the summation generator. In: Advances in Cryptology—CRYPT0 ’85, no. 218 in Lecture Notes in Computer Science, pp. 260–272. Springer, Berlin (1986).
Sarkar P.: On Approximating addition by exclusive Or. Tech. Rep. 047/2009, Cryptology ePrint Archive (2009). Available at http://eprint.iacr.org/2009/047.
Staffelbach O., Meier W.: Cryptographic significance of the carry for ciphers based on integer addition. In: Advances in Cryptology—CRYPT0 ’90, no. 537 in Lecture Notes in Computer Science, pp. 601–614. Springer, Berlin (1990).
Wallén J.: Linear approximations of addition mod 2n. In: Fast Software Encryption 2003, no. 2887 in Lecture Notes in Computer Science, pp. 261–273. Springer, Berlin (2003).
Author information
Authors and Affiliations
Corresponding author
Additional information
This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Coding and Cryptography”.
Rights and permissions
About this article
Cite this article
Schulte-Geers, E. On CCZ-equivalence of addition mod 2n . Des. Codes Cryptogr. 66, 111–127 (2013). https://doi.org/10.1007/s10623-012-9668-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-012-9668-4