CISUC

Analysis of NORX: Investigating Differential and Rotational Properties

Authors

Samuel Neves
Jean-Philippe Aumasson
Philipp Jovanovic

Abstract

This paper presents a thorough analysis of the AEAD scheme NORX, focussing on
differential and rotational properties. We first introduce mathematical models
that describe differential propagation with respect to the non-linear operation
of NORX. Afterwards, we adapt a framework previously proposed for ARX designs
allowing us to automatise the search for differentials and characteristics. We
give upper bounds on the differential probability for a small number of steps of
the NORX core permutation. For example, in a scenario where an attacker can only
modify the nonce during initialisation, we show that characteristics have
probabilities of less than $2^{-60}$ ($32$-bit) and $2^{-53}$ ($64$-bit) after
only one round. Furthermore, we describe how we found the best characteristics
for four rounds, which have probabilities of $2^{-584}$ ($32$-bit) and
$2^{-836}$ ($64$-bit), respectively. Finally, we discuss some rotational
properties of the core permutation which yield some first, rough bounds and can
be used as a basis for future studies.

Keywords

NORX, AEAD, LRX, differential cryptanalysis, rotational cryptanalysis

Conference

Latincrypt 2014 2014


Cited by

Year 2015 : 2 citations

 Stefan Kölbl, Gregor Leander , Tyge Tiessen. "Observations on the SIMON Block Cipher Family." In Advances in Cryptology -- CRYPTO 2015 - 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2015, Proceedings, Part I.

 Sourav Das and Subhamoy Maitra and Willi Meier. "Higher Order Differential Analysis of NORX." Cryptology ePrint Archive, Report 2015/186, 2015.

Year 2014 : 4 citations

 Jean-Philippe Aumasson and Phillip Jovanovic and Samuel Neves. "NORX: Parallel and Scalable AEAD." In Computer Security - ESORICS 2014 - 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014.

 Aleksandar Kircanski, "Analysis of Boomerang Differential Trails via a SAT-Based Constraint Solver URSA", https://eprint.iacr.org/2014/563, 2014.

 Martin Stanek, "Experimenting with Shuffle Block Cipher and SMT Solvers", https://eprint.iacr.org/2014/919, 2014.

 Siwei Sun, Lei Hu, Meiqin Wang, Peng Wang, Kexin Qiao, Xiaoshuang Ma, Danping Shi, Ling Song, Kai Fu. "Towards Finding the Best Characteristics of Some Bit-oriented Block Ciphers and Automatic Enumeration of (Related-key) Differential and Linear Characteristics with Predefined Properties." Cryptology ePrint Archive, Report 2014/747, 2014.