UNAF: A Special Set of Additive Differences with Application to the Differential Analysis of ARX

Vesselin Velichkov, Nicky Mouha, Christophe De Cannière, Bart Preneel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Due to their fast performance in software, an increasing number of cryptographic primitives are constructed using the operations addition modulo 2n, bit rotation and XOR (ARX). However, the resistance of ARX-based ciphers against differential cryptanalysis is not well understood. In this paper, we propose a new tool for evaluating more accurately the probabilities of additive differentials over multiple rounds of a cryptographic primitive. First, we introduce a special set of additive differences, called UNAF (unsigned non-adjacent form) differences. Then, we show how to apply them to find good differential trails using an algorithm for the automatic search for differentials. Finally, we describe a key-recovery attack on stream cipher Salsa20 reduced to five rounds, based on UNAF differences.
Original languageEnglish
Title of host publicationFast Software Encryption
EditorsAnne Canteaut
Place of PublicationBerlin, Heidelberg
PublisherSpringer Berlin Heidelberg
Number of pages19
ISBN (Print)978-3-642-34047-5
Publication statusPublished - 2012
Event19th annual Fast Software Encryption workshop - Washington, United States
Duration: 19 Mar 201221 Mar 2012


Conference19th annual Fast Software Encryption workshop
Abbreviated titleFSE 2012
Country/TerritoryUnited States
Internet address


Dive into the research topics of 'UNAF: A Special Set of Additive Differences with Application to the Differential Analysis of ARX'. Together they form a unique fingerprint.

Cite this