Paper 2014/317
Analysis of NORX: Investigating Differential and Rotational Properties
Jean-Philippe Aumasson, Philipp Jovanovic, and Samuel Neves
Abstract
This paper presents a thorough analysis of the AEAD scheme NORX, focussing on differential and rotational properties. We first introduce mathematical models that describe differential propagation with respect to the non-linear operation of NORX. Afterwards, we adapt a framework previously proposed for ARX designs allowing us to automatise the search for differentials and characteristics. We give upper bounds on the differential probability for a small number of steps of the NORX core permutation. For example, in a scenario where an attacker can only modify the nonce during initialisation, we show that characteristics have probabilities of less than $2^{-60}$ ($32$-bit) and $2^{-53}$ ($64$-bit) after only one round. Furthermore, we describe how we found the best characteristics for four rounds, which have probabilities of $2^{-584}$ ($32$-bit) and $2^{-836}$ ($64$-bit), respectively. Finally, we discuss some rotational properties of the core permutation which yield some first, rough bounds and can be used as a basis for future studies.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published elsewhere. Minor revision. Latincrypt 2014
- Keywords
- NORXAEADLRXdifferential cryptanalysisrotational cryptanalysis
- Contact author(s)
- jovanovic @ fim uni-passau de
- History
- 2014-10-02: revised
- 2014-05-06: received
- See all versions
- Short URL
- https://ia.cr/2014/317
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/317,
author = {Jean-Philippe Aumasson and Philipp Jovanovic and Samuel Neves},
title = {Analysis of NORX: Investigating Differential and Rotational Properties},
howpublished = {Cryptology ePrint Archive, Paper 2014/317},
year = {2014},
note = {\url{https://eprint.iacr.org/2014/317}},
url = {https://eprint.iacr.org/2014/317}
}
