Geodesic
Calculation of the differential probabilities for the sum of $k$ numbers modulo $2^n$
Prikladnaya Diskretnaya Matematika. Supplement, no. 15 (2022), pp. 54-57.

Voir la notice de l'article provenant de la source Math-Net.Ru

We study the differential probabilities $\mathrm{xdp}_{\mathrm{k}}^+(\alpha^1, \dots, \alpha^k \to \alpha^0)$ of the function $f(x_1,\dots, x_k) = x_1 + \dots + x_k \mod 2^n$, $\alpha^0, \alpha^1, \dots, \alpha^k \in \mathbb{Z}_2^n$, where differences are expressed using bitwise “exclusive or”. These values are used in differential cryptanalysis of cryptographic primitives which contain bitwise “exclusive or” and addition modulo $2^n$, such as ARX-constructions. We propose analytic expressions of matrices that are used for calculating $\mathrm{xdp}_{\mathrm{k}}^+$. We also study the differential probability $\mathrm{adp}^{\oplus}(\alpha, \beta \to \gamma)$ of the function $x \oplus y$, $\alpha, \beta, \gamma \in \mathbb{Z}_2^n$, where differences are expressed using addition modulo $2^n$, and describe all triples of differences whose probabilities are greater than ${1}/{4}$.
Mots-clés : ARX
Keywords: exclusive or, modular addition, differential cryptanalysis, differential probabilities. 
@article{PDMA_2022_15_a13,
     author = {A. S. Mokrousov},
     title = {Calculation of the differential probabilities for the sum of $k$ numbers modulo $2^n$},
     journal = {Prikladnaya Diskretnaya Matematika. Supplement},
     pages = {54--57},
     publisher = {mathdoc},
     number = {15},
     year = {2022},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDMA_2022_15_a13/}
}
TY  - JOUR
AU  - A. S. Mokrousov
TI  - Calculation of the differential probabilities for the sum of $k$ numbers modulo $2^n$
JO  - Prikladnaya Diskretnaya Matematika. Supplement
PY  - 2022
SP  - 54
EP  - 57
IS  - 15
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDMA_2022_15_a13/
LA  - ru
ID  - PDMA_2022_15_a13
ER  - 
%0 Journal Article
%A A. S. Mokrousov
%T Calculation of the differential probabilities for the sum of $k$ numbers modulo $2^n$
%J Prikladnaya Diskretnaya Matematika. Supplement
%D 2022
%P 54-57
%N 15
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDMA_2022_15_a13/
%G ru
%F PDMA_2022_15_a13
A. S. Mokrousov. Calculation of the differential probabilities for the sum of $k$ numbers modulo $2^n$. Prikladnaya Diskretnaya Matematika. Supplement, no. 15 (2022), pp. 54-57. http://geodesic.mathdoc.fr/item/PDMA_2022_15_a13/

[1] Shimizu A. and Miyaguchi S., “Fast data encipherment algorithm FEAL”, LNCS, 304, 1988, 267–278 | Zbl

[2] Wheeler D. J. and Needham R. M., “TEA, a tiny encryption algorithm”, LNCS, 1008, 1995, 363–366 | Zbl

[3] Bernstein D. J., Salsa20 specification. eSTREAM Project algorithm description, 2005 http://www.ecrypt.eu.org/stream/salsa20pf.html

[4] Beaulieu R., Shors D., Smith J., et al., The SIMON and SPECK Families of Lightweight Block Ciphers, https://eprint.iacr.org/2013/404

[5] Biham E. and Shamir A., “Differential cryptanalysis of DES-like cryptosystems”, J. Cryptology, 1991, no. 4, 3–72 | DOI | MR | Zbl

[6] Mouha N., Velichkov V., De Cannière C., and Preneel B., “The differential analysis of S-functions”, LNCS, 6544, 2011, 36–56 | MR | Zbl

[7] Lipmaa H. and Moriai S., “Efficient algorithms for computing differential properties of addition”, LNCS, 2355, 2002, 336–350 | Zbl

[8] Mouha N., Kolomeec N., Akhtiamov D., et al., “Maximums of the additive differential probability of Exclusive-Or”, IACR Trans. Symmetric Cryptology, 2021, no. 2, 292–313 | DOI | MR