Cryptology ePrint Archive: Report 2015/186

Higher Order Differential Analysis of NORX

Sourav Das and Subhamoy Maitra and and Willi Meier

Abstract: In this paper, we analyse the higher order differential properties of NORX, an AEAD scheme submitted to CAESAR competition. NORX is a sponge based construction. Previous efforts, by the designers themselves, have focused on the first order differentials and rotational properties for a small number of steps of the NORX core permutation, which turn out to have quite low biases when extended to the full permutation. In our work, the higher order differential properties are identified that allow to come up with practical distinguishers of the 4-round full permutation for NORX64 and half round less than the full permutation (i.e., 3.5-round) for NORX32. These distinguishers are similar to zero-sum distinguishers but are probabilistic in nature rather than deterministic, and are of order as low as four. The distinguishers have very low complexities, and are significantly more efficient than the generic generalized birthday attack for the same configurations of zero-sums. While these distinguishers identify sharper non-randomness than what the designers identified, our results do not lend themselves for cryptanalysis of full-round NORX encryption or authentication.

Category / Keywords: secret-key cryptography / NORX, Authenticated Encryption, CAESAR, ARX, Higher-order Differential, Bias.

Date: received 2 Mar 2015

Contact author: sourav10101976 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20150304:163637 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]