On the Probability and Automatic Search of Rotational-XOR Cryptanalysis on ARX Ciphers.

Rotational-XOR cryptanalysis is a very recent technique for ARX ciphers. In this paper, the probability propagation formula of RX-cryptanalysis in modular addition is extended, and the calculation of RX-difference probability for any rotation parameter (⁠|$0<k<n$|⁠) can be realized. By proposing a concept of RX-offset and constructing the corresponding distribution table, the propagation of RX-difference in modular addition can be derived from the propagation of XOR-difference. Combined with the improvement of the automatic search tool for XOR-differential characteristics of ARX ciphers, we only need to add one more operation in each round, i.e. traverse the possible value of RX-offset and XOR it with the output XOR-difference of modular addition, thus it can achieve the search for RX-differential characteristics. With this method, the RX-differential distinguisher of ARX-C primitives without or with linear key schedule can be searched. For the applications, we have obtained the third-party RX-cryptanalysis results for Alzette and CHAM for the first time as far as we know. [ABSTRACT FROM AUTHOR]