Abstract
This paper introduces a method to construct integral distinguishers for ARX ciphers. The basic idea of this method is to utilize the symmetry between the zero-correlation linear distinguishers and integral distinguishers. Combined with an automatic searching method on zero-correlation linear distinguishers of ARX ciphers, a subspace for the distinguishers is constructed. This subspace can finally be turned into an integral distinguisher based on the symmetry between these two distinguishers. Three ARX block ciphers, HIGHT, LEA and SPECK, are used to validate the effectiveness of this method. For LEA, four nine-round integral distinguishers are constructed, which is one more round than the previous best result derived with division property. For SPECK32, two more six-round integral distinguishers are constructed, whose number of active bits is reduced by one bit.
Highlights
Large numbers of cryptographic primitives using only addition, rotation and XOR three operations have been proposed for the past several years, which are generally denoted as ARX ciphers
For the past several years, the division property [14], which was proposed by Todo at Eurocrypt 2015, has led in the area of automatic construction for integral distinguishers for many block cipher structures
(A concrete example is for ARX block cipher LEA, the current longest integral distinguisher is eight-round [25,27], which is derived with bit-based division property
Summary
Large numbers of cryptographic primitives using only addition, rotation and XOR three operations have been proposed for the past several years, which are generally denoted as ARX ciphers. For the past several years, the division property [14], which was proposed by Todo at Eurocrypt 2015, has led in the area of automatic construction for integral distinguishers for many block cipher structures. This property can explore the hidden properties between the traditional ALL and BALANCE properties in integral cryptanalysis. For ARX-based designs, at ISP 2014, Wen et al revealed a relation between the zero-correlation linear distinguishers and integral distinguishers [24] This has made the foundation to construct integral distinguishers for ARX ciphers in the theoretical perspective
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
