
For FullText PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.

Bitwise PartialSum: A New Tool for Integral Analysis against ARX Designs
Yu SASAKI Lei WANG
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E98A
No.1
pp.4960 Publication Date: 2015/01/01
Online ISSN: 17451337 Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security) Category: Symmetric Key Based Cryptography Keyword: integral analysis, partialsum, bitwise partialsum, ARX, HIGHT,
Full Text: PDF(1.4MB) >>Buy this Article
Summary:
In this paper, we present a new cryptanalytic tool that can reduce the complexity of integral analysis against AdditionRotationXOR (ARX) based designs. Our technique is based on the partialsum technique proposed by Ferguson et al. at FSE 2000, which guesses subkeys byte to byte in turn, and the data to be analyzed is compressed for each key guess. In this paper, the technique is extended to ARX based designs. Subkeys are guessed bit by bit, and the data is compressed with respect to the value of the guessed bit position and carry values to the next bit position. We call the technique bitwise partialsum. We demonstrate this technique by applying it to reducedround versions of HIGHT, which is one of the ISO standard 64bit block ciphers. Another contribution of this paper is an independent improvement specific to HIGHT. By exploiting linear computations inside the round function, the number of guessed bits during the key recovery phase can be greatly reduced. Together with the bitwise partialsum, the integral analysis on HIGHT is extended from previous 22 rounds to 26 rounds, while full HIGHT consists of 32 rounds.

