TY - JOUR
AU - Mouha, Nicky
AU - Kolomeec, Nikolay
AU - Akhtiamov, Danil
AU - Sutormin, Ivan
AU - Panferov, Matvey
AU - Titova, Kseniya
AU - Bonich, Tatiana
AU - Ishchukova, Evgeniya
AU - Tokareva, Natalia
AU - Zhantulikov, Bulat
PY - 2021/06/11
Y2 - 2021/07/30
TI - Maximums of the Additive Differential Probability of Exclusive-Or
JF - IACR Transactions on Symmetric Cryptology
JA - ToSC
VL - 2021
IS - 2
SE - Articles
DO - 10.46586/tosc.v2021.i2.292-313
UR - https://tosc.iacr.org/index.php/ToSC/article/view/8912
SP - 292-313
AB - At FSE 2004, Lipmaa et al. studied the additive differential probability adp⊕(α,β → γ) of exclusive-or where differences α,β,γ ∈ Fn2 are expressed using addition modulo 2n. This probability is used in the analysis of symmetric-key primitives that combine XOR and modular addition, such as the increasingly popular Addition-Rotation-XOR (ARX) constructions. The focus of this paper is on maximal differentials, which are helpful when constructing differential trails. We provide the missing proof for Theorem 3 of the FSE 2004 paper, which states that maxα,βadp⊕(α,β → γ) = adp⊕(0,γ → γ) for all γ. Furthermore, we prove that there always exist either two or eight distinct pairs α,β such that adp⊕( α,β → γ) = adp⊕(0,γ → γ), and we obtain recurrence formulas for calculating adp⊕. To gain insight into the range of possible differential probabilities, we also study other properties such as the minimum value of adp⊕(0,γ → γ), and we find all γ that satisfy this minimum value.
ER -