Design Strategies for ARX with Provable Bounds: Sparx and LAX

Daniel Dinu; Léo Perrin; Aleksei Udovenko; Vesselin Velichkov; Johann Großschädl; Alex Biryukov

doi:10.1007/978-3-662-53887-6_18

Design Strategies for ARX with Provable Bounds: Sparx and LAX

Daniel Dinu, Léo Perrin, Aleksei Udovenko, Vesselin Velichkov, Johann Großschädl, Alex Biryukov

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis. The latter has been a long standing open problem in the area of ARX design. The wide-trail design strategy (WTS), that is at the basis of many S-box based ciphers, including the AES, is not suitable for ARX designs due to the lack of S-boxes in the latter. In this paper we address the mentioned limitation by proposing the long trail design strategy (LTS) – a dual of the WTS that is applicable (but not limited) to ARX constructions. In contrast to the WTS, that prescribes the use of small and efficient S-boxes at the expense of heavy linear layers with strong mixing properties, the LTS advocates the use of large (ARX-based) S-Boxes together with sparse linear layers. With the help of the so-called long-trail argument, a designer can bound the maximum differential and linear probabilities for any number of rounds of a cipher built according to the LTS.

To illustrate the effectiveness of the new strategy, we propose Sparx – a family of ARX-based block ciphers designed according to the LTS. Sparx has 32-bit ARX-based S-boxes and has provable bounds against differential and linear cryptanalysis. In addition, Sparx is very efficient on a number of embedded platforms. Its optimized software implementation ranks in the top 6 of the most software-efficient ciphers along with Simon, Speck, Chaskey, LEA and RECTANGLE.

As a second contribution we propose another strategy for designing ARX ciphers with provable properties, that is completely independent of the LTS. It is motivated by a challenge proposed earlier by Wallén and uses the differential properties of modular addition to minimize the maximum differential probability across multiple rounds of a cipher. A new primitive, called LAX, is designed following those principles. LAX partly solves the Wallén challenge.

Original language	English
Title of host publication	Advances in Cryptology -- ASIACRYPT 2016
Editors	Jung Hee Cheon, Tsuyoshi Takagi
Place of Publication	Berlin, Heidelberg
Publisher	Springer
Pages	484-513
Number of pages	30
ISBN (Electronic)	978-3-662-53887-6
ISBN (Print)	978-3-662-53887-6
DOIs	https://doi.org/10.1007/978-3-662-53887-6_18
Publication status	E-pub ahead of print - 9 Nov 2016
Event	22nd International Conference on the Theory and Application of Cryptology and Information Security - Hanoi, Viet Nam Duration: 4 Dec 2016 → 8 Dec 2016 https://www.iacr.org/conferences/asiacrypt2016/www.asiacrypt2016.org/index.html

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer, Berlin, Heidelberg
Volume	10031
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Name	Security and Cryptology
Volume	10031

Conference

Conference	22nd International Conference on the Theory and Application of Cryptology and Information Security
Abbreviated title	ASIACRYPT 2016
Country/Territory	Viet Nam
City	Hanoi
Period	4/12/16 → 8/12/16
Internet address	https://www.iacr.org/conferences/asiacrypt2016/www.asiacrypt2016.org/index.html

Access to Document

10.1007/978-3-662-53887-6_18Licence: All Rights Reserved

Cite this

Dinu, D., Perrin, L., Udovenko, A., Velichkov, V., Großschädl, J., & Biryukov, A. (2016). Design Strategies for ARX with Provable Bounds: Sparx and LAX. In J. H. Cheon, & T. Takagi (Eds.), Advances in Cryptology -- ASIACRYPT 2016 (pp. 484-513). (Lecture Notes in Computer Science; Vol. 10031), (Security and Cryptology; Vol. 10031). Springer. Advance online publication. https://doi.org/10.1007/978-3-662-53887-6_18

@inproceedings{7ffd1e3ff0654b0e8c4fc71a5675c1f2,

title = "Design Strategies for ARX with Provable Bounds: Sparx and LAX",

abstract = "We present, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis. The latter has been a long standing open problem in the area of ARX design. The wide-trail design strategy (WTS), that is at the basis of many S-box based ciphers, including the AES, is not suitable for ARX designs due to the lack of S-boxes in the latter. In this paper we address the mentioned limitation by proposing the long trail design strategy (LTS) – a dual of the WTS that is applicable (but not limited) to ARX constructions. In contrast to the WTS, that prescribes the use of small and efficient S-boxes at the expense of heavy linear layers with strong mixing properties, the LTS advocates the use of large (ARX-based) S-Boxes together with sparse linear layers. With the help of the so-called long-trail argument, a designer can bound the maximum differential and linear probabilities for any number of rounds of a cipher built according to the LTS.To illustrate the effectiveness of the new strategy, we propose Sparx – a family of ARX-based block ciphers designed according to the LTS. Sparx has 32-bit ARX-based S-boxes and has provable bounds against differential and linear cryptanalysis. In addition, Sparx is very efficient on a number of embedded platforms. Its optimized software implementation ranks in the top 6 of the most software-efficient ciphers along with Simon, Speck, Chaskey, LEA and RECTANGLE.As a second contribution we propose another strategy for designing ARX ciphers with provable properties, that is completely independent of the LTS. It is motivated by a challenge proposed earlier by Wall{\'e}n and uses the differential properties of modular addition to minimize the maximum differential probability across multiple rounds of a cipher. A new primitive, called LAX, is designed following those principles. LAX partly solves the Wall{\'e}n challenge.",

author = "Daniel Dinu and L{\'e}o Perrin and Aleksei Udovenko and Vesselin Velichkov and Johann Gro{\ss}sch{\"a}dl and Alex Biryukov",

year = "2016",

month = nov,

day = "9",

doi = "10.1007/978-3-662-53887-6_18",

language = "English",

isbn = "978-3-662-53887-6",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "484--513",

editor = "Cheon, {Jung Hee} and Tsuyoshi Takagi",

booktitle = "Advances in Cryptology -- ASIACRYPT 2016",

address = "United Kingdom",

note = "22nd International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2016 ; Conference date: 04-12-2016 Through 08-12-2016",

url = "https://www.iacr.org/conferences/asiacrypt2016/www.asiacrypt2016.org/index.html",

}

Dinu, D, Perrin, L, Udovenko, A, Velichkov, V, Großschädl, J & Biryukov, A 2016, Design Strategies for ARX with Provable Bounds: Sparx and LAX. in JH Cheon & T Takagi (eds), Advances in Cryptology -- ASIACRYPT 2016. Lecture Notes in Computer Science, vol. 10031, Security and Cryptology, vol. 10031, Springer, Berlin, Heidelberg, pp. 484-513, 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Viet Nam, 4/12/16. https://doi.org/10.1007/978-3-662-53887-6_18

Design Strategies for ARX with Provable Bounds: Sparx and LAX. / Dinu, Daniel; Perrin, Léo; Udovenko, Aleksei et al.
Advances in Cryptology -- ASIACRYPT 2016. ed. / Jung Hee Cheon; Tsuyoshi Takagi. Berlin, Heidelberg: Springer, 2016. p. 484-513 (Lecture Notes in Computer Science; Vol. 10031), (Security and Cryptology; Vol. 10031).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Design Strategies for ARX with Provable Bounds: Sparx and LAX

AU - Dinu, Daniel

AU - Perrin, Léo

AU - Udovenko, Aleksei

AU - Velichkov, Vesselin

AU - Großschädl, Johann

AU - Biryukov, Alex

PY - 2016/11/9

Y1 - 2016/11/9

N2 - We present, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis. The latter has been a long standing open problem in the area of ARX design. The wide-trail design strategy (WTS), that is at the basis of many S-box based ciphers, including the AES, is not suitable for ARX designs due to the lack of S-boxes in the latter. In this paper we address the mentioned limitation by proposing the long trail design strategy (LTS) – a dual of the WTS that is applicable (but not limited) to ARX constructions. In contrast to the WTS, that prescribes the use of small and efficient S-boxes at the expense of heavy linear layers with strong mixing properties, the LTS advocates the use of large (ARX-based) S-Boxes together with sparse linear layers. With the help of the so-called long-trail argument, a designer can bound the maximum differential and linear probabilities for any number of rounds of a cipher built according to the LTS.To illustrate the effectiveness of the new strategy, we propose Sparx – a family of ARX-based block ciphers designed according to the LTS. Sparx has 32-bit ARX-based S-boxes and has provable bounds against differential and linear cryptanalysis. In addition, Sparx is very efficient on a number of embedded platforms. Its optimized software implementation ranks in the top 6 of the most software-efficient ciphers along with Simon, Speck, Chaskey, LEA and RECTANGLE.As a second contribution we propose another strategy for designing ARX ciphers with provable properties, that is completely independent of the LTS. It is motivated by a challenge proposed earlier by Wallén and uses the differential properties of modular addition to minimize the maximum differential probability across multiple rounds of a cipher. A new primitive, called LAX, is designed following those principles. LAX partly solves the Wallén challenge.

AB - We present, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis. The latter has been a long standing open problem in the area of ARX design. The wide-trail design strategy (WTS), that is at the basis of many S-box based ciphers, including the AES, is not suitable for ARX designs due to the lack of S-boxes in the latter. In this paper we address the mentioned limitation by proposing the long trail design strategy (LTS) – a dual of the WTS that is applicable (but not limited) to ARX constructions. In contrast to the WTS, that prescribes the use of small and efficient S-boxes at the expense of heavy linear layers with strong mixing properties, the LTS advocates the use of large (ARX-based) S-Boxes together with sparse linear layers. With the help of the so-called long-trail argument, a designer can bound the maximum differential and linear probabilities for any number of rounds of a cipher built according to the LTS.To illustrate the effectiveness of the new strategy, we propose Sparx – a family of ARX-based block ciphers designed according to the LTS. Sparx has 32-bit ARX-based S-boxes and has provable bounds against differential and linear cryptanalysis. In addition, Sparx is very efficient on a number of embedded platforms. Its optimized software implementation ranks in the top 6 of the most software-efficient ciphers along with Simon, Speck, Chaskey, LEA and RECTANGLE.As a second contribution we propose another strategy for designing ARX ciphers with provable properties, that is completely independent of the LTS. It is motivated by a challenge proposed earlier by Wallén and uses the differential properties of modular addition to minimize the maximum differential probability across multiple rounds of a cipher. A new primitive, called LAX, is designed following those principles. LAX partly solves the Wallén challenge.

UR - https://www.cryptolux.org/mediawiki-esc2017/images/8/88/Sparx.pdf

U2 - 10.1007/978-3-662-53887-6_18

DO - 10.1007/978-3-662-53887-6_18

M3 - Conference contribution

SN - 978-3-662-53887-6

T3 - Lecture Notes in Computer Science

SP - 484

EP - 513

BT - Advances in Cryptology -- ASIACRYPT 2016

A2 - Cheon, Jung Hee

A2 - Takagi, Tsuyoshi

PB - Springer

CY - Berlin, Heidelberg

T2 - 22nd International Conference on the Theory and Application of Cryptology and Information Security

Y2 - 4 December 2016 through 8 December 2016

ER -

Dinu D, Perrin L, Udovenko A, Velichkov V, Großschädl J, Biryukov A. Design Strategies for ARX with Provable Bounds: Sparx and LAX. In Cheon JH, Takagi T, editors, Advances in Cryptology -- ASIACRYPT 2016. Berlin, Heidelberg: Springer. 2016. p. 484-513. (Lecture Notes in Computer Science). (Security and Cryptology). Epub 2016 Nov 9. doi: 10.1007/978-3-662-53887-6_18

Design Strategies for ARX with Provable Bounds: Sparx and LAX

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

SPARX: A Family of ARX-based Lightweight Block Ciphers Provably Secure Against Linear and Differential Attacks

Vesselin Velichkov

Cite this

Design Strategies for ARX with Provable Bounds: Sparx and LAX

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Research output

SPARX: A Family of ARX-based Lightweight Block Ciphers Provably Secure Against Linear and Differential Attacks

Profiles

Vesselin Velichkov

Cite this