Abstract
When choosing the non-linear layer in a symmetric design, the number of differentials with given differential probability (DP) gives information about how such non-linear layer may perform in the wide trail strategy. Namely, less differentials with high \(\mathrm {DP}\) means less opportunity to form trails with high \(\mathrm {DP}\) over multiple rounds. Multiple cryptographic primitives use the \(\chi \) mapping as basis of their non-linear layer. Among them, Keccak-\(f\), Ascon, Xoodoo, and Subterranean. In the first three, the \(\chi \) mapping operates on groups of few bits (5 in Keccak-\(f\) and Ascon, and 3 in Xoodoo), while in Subterranean it operates on the full state, that is on 257 bits. In the former case, determining the number of differentials with given differential probability is an easy task, while the latter case is more involved. In this paper, we present a method to determine the number of differentials with given DP over \(\chi \) operating on any number of bits.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: RadioGatún, a belt-and-mill hash function. Cryptology ePrint Archive, Report 2006/369 (2006). Presented at the Second Cryptographic Hash Workshop, Santa Barbara, 24–25 August 2006
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The keccak reference (2011)
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 313–314. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_19
Daemen, J.: Cipher and hash function design, strategies based on linear and differential cryptanalysis. Ph.D. thesis. K.U. Leuven (1995). http://jda.noekeon.org/
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2: lightweight authenticated encryption and hashing. J. Cryptol. 34(3), 33 (2021)
Daemen, J., Hoffert, S., Van Assche, G., Van Keer, R.: The design of Xoodoo and Xoofff. IACR Trans. Symmetric Cryptol. 2018(4), 1–38 (2018)
Daemen, J., Massolino, P.M.C., Mehrdad, A., Rotella, Y.: The subterranean 2.0 cipher suite. IACR Trans. Symmetric Cryptol. 2020(S1), 262–294 (2020)
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography, Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
NIST. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions (2015). https://www.nist.gov/publications/sha-3-standard-permutation-based-hash-and-extendable-output-functions
Acknowledgements
Joan Daemen and Alireza Mehrdad are supported by the European Research Council under the ERC advanced grant agreement under grant ERC-2017-ADG Nr. 788980 ESCADA.
Silvia Mella is supported by the Cryptography Research Center of the Technology Innovation Institute (TII), Abu Dhabi (UAE), under the TII-Radboud project with title Evaluation and Implementation of Lightweight Cryptographic Primitives and Protocols.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Daemen, J., Mehrdad, A., Mella, S. (2022). Computing the Distribution of Differentials over the Non-linear Mapping \(\chi \). In: Batina, L., Picek, S., Mondal, M. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2021. Lecture Notes in Computer Science(), vol 13162. Springer, Cham. https://doi.org/10.1007/978-3-030-95085-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-95085-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95084-2
Online ISBN: 978-3-030-95085-9
eBook Packages: Computer ScienceComputer Science (R0)