Paper 2015/186
Higher Order Differential Analysis of NORX
Sourav Das, Subhamoy Maitra, and Willi Meier
Abstract
In this paper, we analyse the higher order differential properties of NORX, an AEAD scheme submitted to CAESAR competition. NORX is a sponge based construction. Previous efforts, by the designers themselves, have focused on the first order differentials and rotational properties for a small number of steps of the NORX core permutation, which turn out to have quite low biases when extended to the full permutation. In our work, the higher order differential properties are identified that allow to come up with practical distinguishers of the 4-round full permutation for NORX64 and half round less than the full permutation (i.e., 3.5-round) for NORX32. These distinguishers are similar to zero-sum distinguishers but are probabilistic in nature rather than deterministic, and are of order as low as four. The distinguishers have very low complexities, and are significantly more efficient than the generic generalized birthday attack for the same configurations of zero-sums. While these distinguishers identify sharper non-randomness than what the designers identified, our results do not lend themselves for cryptanalysis of full-round NORX encryption or authentication.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- NORXAuthenticated EncryptionCAESARARXHigher-order DifferentialBias.
- Contact author(s)
- sourav10101976 @ gmail com
- History
- 2015-03-04: received
- Short URL
- https://ia.cr/2015/186
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/186,
author = {Sourav Das and Subhamoy Maitra and Willi Meier},
title = {Higher Order Differential Analysis of {NORX}},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/186},
year = {2015},
url = {https://eprint.iacr.org/2015/186}
}
