Cryptology ePrint Archive: Report 2015/186
Higher Order Differential Analysis of NORX
Sourav Das and Subhamoy Maitra and and Willi Meier
Abstract: In this paper, we analyse the higher order differential properties of NORX, an AEAD scheme submitted to CAESAR competition. NORX is a sponge based construction. Previous efforts, by the designers themselves, have focused on the first order differentials and rotational properties for a small number of steps of the NORX core permutation, which turn out to have quite low biases when extended to the full permutation. In our work, the higher order differential properties are identified that allow to come up with practical distinguishers of the 4-round full permutation for NORX64 and half round less than the full permutation (i.e., 3.5-round) for NORX32. These distinguishers are similar to zero-sum distinguishers but are probabilistic in nature rather than deterministic, and are of order as low as four. The distinguishers have very low complexities, and are significantly more efficient than the generic generalized birthday attack for the same configurations of zero-sums. While these distinguishers identify sharper non-randomness than what the designers identified, our results do not lend themselves for cryptanalysis of full-round NORX encryption or authentication.
Category / Keywords: secret-key cryptography / NORX, Authenticated Encryption, CAESAR, ARX, Higher-order Differential, Bias.
Date: received 2 Mar 2015
Contact author: sourav10101976 at gmail com
Available format(s): PDF | BibTeX Citation
Version: 20150304:163637 (All versions of this report)
Short URL: ia.cr/2015/186
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]