A Bit-Vector Differential Model for the Modular Addition by a Constant and its Applications to Differential and Impossible-Differential Cryptanalysis

Seyyed Arash Azimi; Adrián Ranea; Mahmoud Salmasizadeh; Javad Mohajeri; Mohammad Reza Aref; Vincent Rijmen

Paper 2022/512

A Bit-Vector Differential Model for the Modular Addition by a Constant and its Applications to Differential and Impossible-Differential Cryptanalysis

Seyyed Arash Azimi, Adrián Ranea, Mahmoud Salmasizadeh, Javad Mohajeri, Mohammad Reza Aref, and Vincent Rijmen

Abstract

ARX algorithms are a class of symmetric-key algorithms constructed by Addition, Rotation, and XOR. To evaluate the resistance of an ARX cipher against differential and impossible-differential cryptanalysis, the recent automated methods employ constraint satisfaction solvers to search for optimal characteristics or impossible differentials. The main difficulty in formulating this search is finding the differential models of the non-linear operations. While an efficient bit-vector differential model was obtained for the modular addition with two variable inputs, no differential model for the modular addition by a constant has been proposed so far, preventing ARX ciphers including this operation from being evaluated with automated methods. In this paper, we present the first bit-vector differential model for the -bit modular addition by a constant input. Our model contains basic bit-vector constraints and describes the binary logarithm of the differential probability. We describe an SMT-based automated method that includes our model to search for differential characteristics of ARX ciphers including constant additions. We also introduce a new automated method for obtaining impossible differentials where we do not search over a small pre-defined set of differences, such as low-weight differences, but let the SMT solver search through the space of differences. Moreover, we implement both methods in our open-source tool \texttt{ArxPy} to find characteristics and impossible differentials of ARX ciphers with constant additions in a fully automated way. As some examples, we provide related-key impossible differentials and differential characteristics of TEA, XTEA, HIGHT, LEA, SHACAL-1, and SHACAL-2, which achieve better results compared to previous works.

Metadata

Available format(s): PDF
Category: Secret-key cryptography
Publication info: Preprint.
Keywords: modular addition ARX SMT automated tool differential cryptanalysis impossible differential
Contact author(s): arash_azimi @ ee sharif edu
adrian ranea @ esat kuleuven be
History: 2022-05-02: received
Short URL: https://ia.cr/2022/512
License: CC BY

BibTeX

@misc{cryptoeprint:2022/512,
      author = {Seyyed Arash Azimi and Adrián Ranea and Mahmoud Salmasizadeh and Javad Mohajeri and Mohammad Reza Aref and Vincent Rijmen},
      title = {A Bit-Vector Differential Model for the Modular Addition by a Constant and its Applications to Differential and Impossible-Differential Cryptanalysis},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/512},
      year = {2022},
      url = {https://eprint.iacr.org/2022/512}
}