Cryptology ePrint Archive: Report 2014/317

Analysis of NORX: Investigating Differential and Rotational Properties

Jean-Philippe Aumasson and Philipp Jovanovic and Samuel Neves

Abstract: This paper presents a thorough analysis of the AEAD scheme NORX, focussing on differential and rotational properties. We first introduce mathematical models that describe differential propagation with respect to the non-linear operation of NORX. Afterwards, we adapt a framework previously proposed for ARX designs allowing us to automatise the search for differentials and characteristics. We give upper bounds on the differential probability for a small number of steps of the NORX core permutation. For example, in a scenario where an attacker can only modify the nonce during initialisation, we show that characteristics have probabilities of less than $2^{-60}$ ($32$-bit) and $2^{-53}$ ($64$-bit) after only one round. Furthermore, we describe how we found the best characteristics for four rounds, which have probabilities of $2^{-584}$ ($32$-bit) and $2^{-836}$ ($64$-bit), respectively. Finally, we discuss some rotational properties of the core permutation which yield some first, rough bounds and can be used as a basis for future studies.

Category / Keywords: NORX, AEAD, LRX, differential cryptanalysis, rotational cryptanalysis

Original Publication (with minor differences): Latincrypt 2014

Date: received 5 May 2014, last revised 2 Oct 2014

Contact author: jovanovic at fim uni-passau de

Available format(s): PDF | BibTeX Citation

Version: 20141002:150852 (All versions of this report)

Short URL: ia.cr/2014/317

Discussion forum: Show discussion | Start new discussion