Cryptology ePrint Archive: Report 2021/189

Rotational Cryptanalysis From a Differential-linear Perspective: Practical Distinguishers for Round-reduced FRIET, Xoodoo, and Alzette

Yunwen Liu and Siwei Sun and Chao Li

Abstract: The differential-linear attack, combining the power of the two most effective techniques for symmetric-key cryptanalysis, was proposed by Langford and Hellman at CRYPTO 1994. From the exact formula for evaluating the bias of a differential-linear distinguisher (JoC 2017), to the differential-linear connectivity table (DLCT) technique for dealing with the dependencies in the switch between the differential and linear parts (EUROCRYPT 2019), and to the improvements in the context of cryptanalysis of ARX primitives (CRYPTO 2020), we have seen significant development of the differential-linear attack during the last four years. In this work, we further extend this framework by replacing the differential part of the attack by rotational-xor differentials. Along the way, we establish the theoretical link between the rotational-xor differential and linear approximations, revealing that it is nontrivial to directly apply the closed formula for the bias of ordinary differential- linear attack to rotational differential-linear cryptanalysis. We then revisit the rotational cryptanalysis from the perspective of differential- linear cryptanalysis and generalize Morawiecki et al.ís technique for analyzing Keccak, which leads to a practical method for estimating the bias of a (rotational) differential-linear distinguisher in the special case where the output linear mask is a unit vector. Finally, we apply the rotational differential-linear technique to the permutations involved in FRIET, Xoodoo, Alzette, and SipHash. This gives significant improvements over existing cryptanalytic results or offers explanations for previous experimental distinguishers without a theoretical foundation. To confirm the validity of our analysis, all distinguishers with practical complexities are verified experimentally.

Category / Keywords: secret-key cryptography / Differential-linear Cryptanalysis; Rotational Cryptanalysis; ARX; FRIET; Xoodoo; Alzette; SipHash

Original Publication (with minor differences): IACR-EUROCRYPT-2021

Date: received 20 Feb 2021, last revised 20 Feb 2021

Contact author: univerlyw at hotmail com, siweisun isaac at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20210221:010436 (All versions of this report)

Short URL: ia.cr/2021/189


[ Cryptology ePrint archive ]