Paper 2014/317

Analysis of NORX

Philipp Jovanovic and Samuel Neves and Jean-Philippe Aumasson

Abstract

This paper presents a thorough security analysis of the AEAD scheme NORX, focussing on differential and rotational properties of the core permutation. To examine its differential properties, we first introduce mathematical models that describe differential propagation with respect to the non-linear operation of NORX. Then we adapt the framework previously proposed for ARX designs, which allows us to automatise the search for differentials and differential characteristics. We give upper bounds on the differential probability of a small number of steps of the NORX core permutation, and show how we found the best characteristics for four rounds, which have probabilities of $2^{-584}$ ($32$-bit) and $2^{-836}$ ($64$-bit), respectively. Finally, we discuss some rotational properties of the core permutation which can be used as a basis for future studies.