On additive differential probabilities of a composition of bitwise XORs
We study the additive differential probabilities adp® of compositions of k — 1 bitwise XORs. For vectors a1,...,ak+1 G Zn, it is defined as the probability of transformation input differences a1,...,ak to the output difference ak+1 by the function x1 ф ... ф xk, where x1,... ,xk G Zn and k > 2. I...
| Published in: | Прикладная дискретная математика № 60. С. 59-75 |
|---|---|
| Main Author: | |
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Online Access: | http://vital.lib.tsu.ru/vital/access/manager/Repository/koha:001003090 |
| LEADER | 02258nab a2200313 c 4500 | ||
|---|---|---|---|
| 001 | koha001003090 | ||
| 005 | 20230614170300.0 | ||
| 007 | cr | | ||
| 008 | 230607|2023 ru s a eng d | ||
| 024 | 7 | |a 10.17223/20710410/60/5 |2 doi | |
| 035 | |a koha001003090 | ||
| 040 | |a RU-ToGU |b rus |c RU-ToGU | ||
| 100 | 1 | |a Sutormin, I. A. | |
| 245 | 1 | 0 | |a On additive differential probabilities of a composition of bitwise XORs |c I. A. Sutormin, N. A. Kolomeec |
| 246 | 1 | 1 | |a Разностные характеристики по модулю 2n композиции нескольких побитовых исключающих или |
| 336 | |a Текст | ||
| 337 | |a электронный | ||
| 504 | |a Библиогр.: 17 назв. | ||
| 520 | 3 | |a We study the additive differential probabilities adp® of compositions of k — 1 bitwise XORs. For vectors a1,...,ak+1 G Zn, it is defined as the probability of transformation input differences a1,...,ak to the output difference ak+1 by the function x1 ф ... ф xk, where x1,... ,xk G Zn and k > 2. It is used for differential cryptanalysis of symmetric-key primitives, such as Addition-Rotation-XOR constructions. Several results which are known for adp2® are generalized for adpk®. Some argument symmetries are proven for adpk®. Recurrence formulas which allow us to reduce the dimension of the arguments are obtained. All impossible differentials as well as all differentials of adpk® with the probability 1 are found. For even k, it is proven that max adp® (a1,..., ak ak+1) = adp®(0,..., 0, ak+1 ak+1). Matrices that can a1,...,ak be used for efficient calculating adpk® are constructed. It is also shown that the cases of even and odd k differ significantly. | |
| 653 | |a разностные характеристики | ||
| 653 | |a сложение по модулю | ||
| 653 | |a разностный криптоанализ | ||
| 655 | 4 | |a статьи в журналах | |
| 700 | 1 | |a Kolomeec, N. A. | |
| 773 | 0 | |t Прикладная дискретная математика |d 2023 |g № 60. С. 59-75 |x 2071-0410 |w 0210-48760 | |
| 852 | 4 | |a RU-ToGU | |
| 856 | 4 | |u http://vital.lib.tsu.ru/vital/access/manager/Repository/koha:001003090 | |
| 908 | |a статья | ||
| 999 | |c 1003090 |d 1003090 | ||