Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differential experiments using parallel alternative operations

Marco Calderini, Roberto Civino, Riccardo Invernizzi

TL;DR

This work extends differential cryptanalysis to parallel alternative operations $\circ$ derived from translation groups, introducing a formal framework with $V=(\mathbb{F}_2)^n$, weak-key space $W_\circ$, dot product $a\cdot b$, and the linearity group $H_\circ=\mathrm{GL}(V,+)\cap\mathrm{GL}(V,\circ)$. It constructs a $d=n-2$ case and demonstrates that a diffusion layer in $H_\circ$ enables $\circ$-differential analysis, then designs a 16-bit SPN with 4 parallel 4-bit S-boxes $\gamma$ and a parallel $\circ$ (via $\mathbf{b}=(0,1)$) to empirically compare $\circ$-differentials with XOR differentials. The experiments show that $\circ$-differentials can achieve substantially higher probabilities than classical differentials (e.g., for 17 rounds, $2^{-14.411}$ vs $2^{-14.993}$), suggesting stronger differential trails under the alternative operation and potential trapdoor vulnerabilities if diffusion is aligned with $H_\circ$. The results motivate open problems, including extending the theory to parallel operations and characterizing a large space of $\circ$-based ciphers, as well as understanding how design choices influence differential properties. Overall, the paper highlights the sensitivity of differential cryptanalysis to the underlying algebraic structure of the addition operation and points to new avenues for both cryptanalytic insights and cipher design considerations.

Abstract

The use of alternative operations in differential cryptanalysis, or alternative notions of differentials, are lately receiving increasing attention. Recently, Civino et al. managed to design a block cipher which is secure w.r.t. classical differential cryptanalysis performed using XOR-differentials, but weaker with respect to the attack based on an alternative difference operation acting on the first s-box of the block. We extend this result to parallel alternative operations, i.e. acting on each s-box of the block. First, we recall the mathematical framework needed to define and use such operations. After that, we perform some differential experiments against a toy cipher and compare the effectiveness of the attack w.r.t. the one that uses XOR-differentials.

Differential experiments using parallel alternative operations

TL;DR

This work extends differential cryptanalysis to parallel alternative operations derived from translation groups, introducing a formal framework with , weak-key space , dot product , and the linearity group . It constructs a case and demonstrates that a diffusion layer in enables -differential analysis, then designs a 16-bit SPN with 4 parallel 4-bit S-boxes and a parallel (via ) to empirically compare -differentials with XOR differentials. The experiments show that -differentials can achieve substantially higher probabilities than classical differentials (e.g., for 17 rounds, vs ), suggesting stronger differential trails under the alternative operation and potential trapdoor vulnerabilities if diffusion is aligned with . The results motivate open problems, including extending the theory to parallel operations and characterizing a large space of -based ciphers, as well as understanding how design choices influence differential properties. Overall, the paper highlights the sensitivity of differential cryptanalysis to the underlying algebraic structure of the addition operation and points to new avenues for both cryptanalytic insights and cipher design considerations.

Abstract

The use of alternative operations in differential cryptanalysis, or alternative notions of differentials, are lately receiving increasing attention. Recently, Civino et al. managed to design a block cipher which is secure w.r.t. classical differential cryptanalysis performed using XOR-differentials, but weaker with respect to the attack based on an alternative difference operation acting on the first s-box of the block. We extend this result to parallel alternative operations, i.e. acting on each s-box of the block. First, we recall the mathematical framework needed to define and use such operations. After that, we perform some differential experiments against a toy cipher and compare the effectiveness of the attack w.r.t. the one that uses XOR-differentials.
Paper Structure (7 sections, 3 theorems, 12 equations, 6 figures)

This paper contains 7 sections, 3 theorems, 12 equations, 6 figures.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Construction of alternative operations
  4. Experiments on a 16-bit block cipher with 4-bit s-boxes
  5. The target cipher and its trapdoor
  6. Brute-forcing differentials
  7. Open problems

Key Result

theorem thmcountertheorem

Let $\mathcal{T} < \mathop{\mathrm{Sym}}\nolimits(V)$ be an elementary abelian regular subgroup. Then, there exists $g \in \mathop{\mathrm{Sym}}\nolimits(V)$ such that $\mathcal{T} = \mathop{\mathrm{T}}\nolimits^g = g^{-1}\mathop{\mathrm{T}}\nolimits g$.

Figures (6)

  • Figure 1: The chosen diffusion layer
  • Figure 2: Cayley table of $\circ_4$
  • Figure 3: The chosen s-box $\gamma$
  • Figure 4: DDT of $\gamma$ w.r.t. $+$
  • Figure 5: DDT of $\gamma$ w.r.t. $\circ$
  • ...and 1 more figures

Theorems & Definitions (6)

  • definition thmcounterdefinition
  • theorem thmcountertheorem: dixon1971maximal
  • definition thmcounterdefinition
  • proposition thmcounterproposition
  • definition thmcounterdefinition
  • theorem thmcountertheorem