Fast Software Encryption

Volume 6147 of the series Lecture Notes in Computer Science pp 333-346

Rotational Cryptanalysis of ARX

  • Dmitry KhovratovichAffiliated withUniversity of Luxembourg
  • , Ivica NikolićAffiliated withUniversity of Luxembourg


In this paper we analyze the security of systems based on modular additions, rotations, and XORs (ARX systems). We provide both theoretical support for their security and practical cryptanalysis of real ARX primitives. We use a technique called rotational cryptanalysis, that is universal for the ARX systems and is quite efficient. We illustrate the method with the best known attack on reduced versions of the block cipher Threefish (the core of Skein). Additionally, we prove that ARX with constants are functionally complete, i.e. any function can be realized with these operations.


ARX cryptanalysis rotational cryptanalysis