Abstract
We study the differential probability adp ⊕ of exclusive-or when differences are expressed using addition modulo 2N. This function is important when analysing symmetric primitives that mix exclusive-or and addition—especially when addition is used to add in the round keys. (Such primitives include idea, Mars, rc6 and Twofish.) We show that adp ⊕ can be viewed as a formal rational series with a linear representation in base 8. This gives a linear-time algorithm for computing adp ⊕ , and enables us to compute several interesting properties like the fraction of impossible differentials, and the maximal differential probability for any given output difference. Finally, we compare our results with the dual results of Lipmaa and Moriai on the differential probability of addition modulo 2N when differences are expressed using exclusive-or.
Chapter PDF
Similar content being viewed by others
References
Burwick, C., Coppersmith, D., D’Avignon, E., Gen-naro, R., Halevi, S., Jutla, C., Matyas Jr., S.M., O’Connor, L., Peyravian, M., Safford, D., Zunic, N.: MARS — A Candidate Cipher for AES. In (June 1998), Available from http://www.research.ibm.com/security/mars.html
Berson, T.A.: Differential Cryptanalysis Mod 232 with Applications to MD5. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 71–80. Springer, Heidelberg (1992)
Berstel, J., Reutenauer, C.: Rational Series and Their Languages. EATCS Monographs on Theoretical Computer Science. Springer, Heidelberg (1988)
Biham, E., Shamir, A.: Diferential Cryptanalysis of DES-like Cryp- tosystems. Journal of Cryptology 4(1), 3–72 (1991)
Lipmaa, H.: On Diferential Properties of Pseudo-Hadamard Transform and Related Mappings. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 48–61. Springer, Heidelberg (2002)
Lipmaa, H., Moriai, S.: Efficient Algorithms for Computing Diferential Properties of Addition. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 336–350. Springer, Heidelberg (2001)
Lai, X., Massey, J.L., Murphy, S.: Markov Ciphers and Differential Cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)
Rivest, R.L., Robshaw, M.J.B., Sidney, R., Yin, Y.L.: The RC6 Block Cipher (June 1998), Available from http://theory.lcs.mit.edu/~rivest/rc6.ps
Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., Ferguson, N.: The Twofish Encryption Algorithm: A 128-Bit Block Cipher, April 1999. John Wiley & Sons, Chichester (1999) ISBN: 0471353817
Wallén, J.: Linear Approximations of Addition Modulo 2n. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 261–273. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lipmaa, H., Wallén, J., Dumas, P. (2004). On the Additive Differential Probability of Exclusive-Or. In: Roy, B., Meier, W. (eds) Fast Software Encryption. FSE 2004. Lecture Notes in Computer Science, vol 3017. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25937-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-25937-4_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22171-5
Online ISBN: 978-3-540-25937-4
eBook Packages: Springer Book Archive