Advertisement

On the Additive Differential Probability of Exclusive-Or

  • Helger Lipmaa
  • Johan Wallén
  • Philippe Dumas
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3017)

Abstract

We study the differential probability adp  ⊕  of exclusive-or when differences are expressed using addition modulo 2 N . This function is important when analysing symmetric primitives that mix exclusive-or and addition—especially when addition is used to add in the round keys. (Such primitives include idea, Mars, rc6 and Twofish.) We show that adp  ⊕  can be viewed as a formal rational series with a linear representation in base 8. This gives a linear-time algorithm for computing adp  ⊕ , and enables us to compute several interesting properties like the fraction of impossible differentials, and the maximal differential probability for any given output difference. Finally, we compare our results with the dual results of Lipmaa and Moriai on the differential probability of addition modulo 2 N when differences are expressed using exclusive-or.

Keywords

Additive differential probability differential cryptanalysis rational series 
Download to read the full conference paper text

References

  1. Burwick, C., Coppersmith, D., D’Avignon, E., Gen-naro, R., Halevi, S., Jutla, C., Matyas Jr., S.M., O’Connor, L., Peyravian, M., Safford, D., Zunic, N.: MARS — A Candidate Cipher for AES. In (June 1998), Available from http://www.research.ibm.com/security/mars.html
  2. Berson, T.A.: Differential Cryptanalysis Mod 232 with Applications to MD5. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 71–80. Springer, Heidelberg (1992)CrossRefGoogle Scholar
  3. Berstel, J., Reutenauer, C.: Rational Series and Their Languages. EATCS Monographs on Theoretical Computer Science. Springer, Heidelberg (1988)zbMATHGoogle Scholar
  4. Biham, E., Shamir, A.: Diferential Cryptanalysis of DES-like Cryp- tosystems. Journal of Cryptology 4(1), 3–72 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  5. Lipmaa, H.: On Diferential Properties of Pseudo-Hadamard Transform and Related Mappings. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 48–61. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. Lipmaa, H., Moriai, S.: Efficient Algorithms for Computing Diferential Properties of Addition. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 336–350. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. Lai, X., Massey, J.L., Murphy, S.: Markov Ciphers and Differential Cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)Google Scholar
  8. Rivest, R.L., Robshaw, M.J.B., Sidney, R., Yin, Y.L.: The RC6 Block Cipher (June 1998), Available from http://theory.lcs.mit.edu/~rivest/rc6.ps
  9. Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., Ferguson, N.: The Twofish Encryption Algorithm: A 128-Bit Block Cipher, April 1999. John Wiley & Sons, Chichester (1999) ISBN: 0471353817Google Scholar
  10. Wallén, J.: Linear Approximations of Addition Modulo 2n. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 261–273. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Helger Lipmaa
    • 1
  • Johan Wallén
    • 1
  • Philippe Dumas
    • 2
  1. 1.Laboratory for Theoretical Computer ScienceHelsinki University of TechnologyEspooFinland
  2. 2.Algorithms Project, INRIA RocquencourtLe Chesnay CedexFrance

Personalised recommendations

Cite paper