Title: Rotational Differential-Linear Cryptanalysis of ARX Ciphers
|Affiliation:||University of Chinese Academy of Sciences|
|Zoom:||Please email Jesse Elliott|
The differential-linear attack, combining the power of the two most effective techniques for symmetric-key cryptanalysis, was proposed by Langford and Hellman at CRYPTO 1994. We further extend this framework by replacing the differential part of the attack by rotational differentials. We then revisit the rotational cryptanalysis from the perspective of differential-linear cryptanalysis and generalize Morawiecki et al.’s technique for analyzing Keccak, which leads to a practical method for estimating the bias of a (rotational) differential-linear distinguisher in the special case where the output linear mask is a unit vector. We show rotational differential-linear attacks on FRIET, Xoodoo, Alzette, and SipHash. Finally, we propose several open problems.