西安电子科技大学学报 ›› 2024, Vol. 51 ›› Issue (2): 211-223.doi: 10.19665/j.issn1001-2400.20230404

• 计算机科学与技术&网络空间安全 • 上一篇    下一篇


张峰1,2(), 刘正斌1(), 张晶1(), 张文政1()   

  1. 1.保密通信重点实验室,四川 成都 610041
    2.中国电子科技集团公司电子科学研究院,北京 100041
  • 收稿日期:2023-01-12 出版日期:2024-04-20 发布日期:2023-10-19
  • 作者简介:张 峰(1997—),男,中国电子科技集团公司电子科学研究院硕士研究生,E-mail:sleepaloner@163.com;
    张 晶(1995—),女,工程师,E-mail:snnuzj@163.com;
  • 基金资助:

New method for calculating the differential-linear bias of the ARX cipher

ZHANG Feng1,2(), LIU Zhengbin1(), ZHANG Jing1(), ZHANG Wenzheng1()   

  1. 1. Science and Technology on Communication Security Laboratory,Chengdu 610041,China
    2. China Academy of Electronics and Information Technology,Beijing 100041,China
  • Received:2023-01-12 Online:2024-04-20 Published:2023-10-19



关键词: 差分—线性区分器, ARX密码, SAT/SMT, SPECK, SIMON


The ARX cipher consists of three basic operations,additions,rotations and XORs.Statistical analysis is currently used to calculate the bias of the ARX cipher differential-linear distinguishers.At CRYPTO 2022,NIU et al.gave a method for evaluating the correlation of the ARX cipher differential-linear distinguishers without using statistical analysis.They gave a 10-round differential-linear distinguisher for SPECK32/64.This paper gives the definition of differential-linear characteristics.It presents the first method for calculating the bias of differential-linear distinguishers using differential-linear characteristics based on the methods by BLONDEAU et al.and BAR-ON et al.Also,a method for searching for differential-linear characteristics based on Boolean Satisfiability Problem(SAT) automation techniques is proposed,which is a new method for calculating the bias of the ARX cipher differential-linear distinguisher without statistical analysis.As an application,the bias of the 10-round differential-linear distinguisher for SPECK32/64 given by NIU et al.is calculated with the theoretical value 2-15.00 obtained,which is very close to the experimental value 2-14.90 from the statistical analysis and better than the theoretical value 2-16.23 given by NIU et al.Also,the first theoretical value 2-8.41 for the bias of the 9-round differential-linear distinguisher for SIMON32/64 is given,which is close to the experimental value 2-7.12 obtained by statistical analysis.Experimental results fully demonstrate the effectiveness of this method.

Key words: differential-linear cryptanalysis, ARX, SAT/SMT, SPECK, SIMON


  • TN918.4