Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/181432
Title: Perfect monomial prediction for modular addition
Authors: Hu, Kai
Yap, Trevor
Keywords: Computer and Information Science
Issue Date: 2024
Source: Hu, K. & Yap, T. (2024). Perfect monomial prediction for modular addition. IACR Transactions On Symmetric Cryptology, 2024(3), 177-199. https://dx.doi.org/10.46586/tosc.v2024.i3.177-199
Journal: IACR Transactions on Symmetric Cryptology 
Abstract: Modular addition is often the most complex component of typical Addition-Rotation-XOR (ARX) ciphers, and the division property is the most effective tool for detecting integral distinguishers. Thus, having a precise division property model for modular addition is crucial in the search for integral distinguishers in ARX ciphers. Current division property models for modular addition either (a) express the operation as a Boolean circuit and apply standard propagation rules for basic operations (COPY, XOR, AND), or (b) treat it as a sequence of smaller functions with carry bits, modeling each function individually. Both approaches were originally proposed for the two-subset bit-based division property (2BDP), which is theoretically imprecise and may overlook some balanced bits. Recently, more precise versions of the division property, such as parity sets, three-subset bit-based division property without unknown subsets (3BDPwoU) or monomial prediction (MP), and algebraic transition matrices have been proposed. However, little attention has been given to modular addition within these precise models. The propagation rule for the precise division property of a vectorial Boolean function f requires that u can propagate to v if and only if the monomial πu(x) appears in πv(f). Braeken and Semaev (FSE 2005) studied the algebraic structure of modular addition and showed that for x ⊞ y = z, the monomial πu(x)πv(y) appears in πw(z) if and only if u + v = w. Their theorem directly leads to a precise division property model for modular addition. Surprisingly, this model has not been applied in division property searches, to the best of our knowledge. In this paper, we apply Braeken and Semaev’s theorem to search for integral dis-tinguishers in ARX ciphers, leading to several new results. First, we improve the state-of-the-art integral distinguishers for all variants of the Speck family, significantly enhancing search efficiency for Speck-32/48/64/96 and detecting new integral distin-guishers for Speck-48/64/96/128. Second, we determine the exact degrees of output bits for 7-round Speck-32 and all/16/2 output bits for 2/3/4-round Alzette for the first time. Third, we revisit the choice of rotation parameters in Speck instances, providing a criterion that enhances resistance against integral distinguishers. Additionally, we offer a simpler proof for Braeken and Semaev’s theorem using monomial prediction, demonstrating the potential of division property methods in the study of Boolean functions. We hope that the proposed methods will be valuable in the future design of ARX ciphers.
URI: https://hdl.handle.net/10356/181432
ISSN: 2519-173X
DOI: 10.46586/tosc.v2024.i3.177-199
Schools: School of Physical and Mathematical Sciences 
Research Centres: Temasek Laboratories @ NTU 
Rights: © 2024 Kai Hu, Trevor Yap. Licensed under Creative Commons License CC-BY 4.0.
Fulltext Permission: open
Fulltext Availability: With Fulltext
Appears in Collections:SPMS Journal Articles

Files in This Item:
File Description SizeFormat 
ToSC2024_3_04.pdf796.62 kBAdobe PDFThumbnail
View/Open

Page view(s)

46
Updated on Jan 23, 2025

Download(s)

8
Updated on Jan 23, 2025

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.