{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T11:43:27Z","timestamp":1779363807833,"version":"3.53.0"},"reference-count":48,"publisher":"Oxford University Press (OUP)","issue":"12","license":[{"start":{"date-parts":[[2021,9,24]],"date-time":"2021-09-24T00:00:00Z","timestamp":1632441600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/open_access\/funder_policies\/chorus\/standard_publication_model"}],"funder":[{"name":"National Research and Development Program of China","award":["2019YFB1005200"],"award-info":[{"award-number":["2019YFB1005200"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61771469"],"award-info":[{"award-number":["61771469"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,12,30]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Rotational-XOR cryptanalysis is a very recent technique for ARX ciphers. In this paper, the probability propagation formula of RX-cryptanalysis in modular addition is extended, and the calculation of RX-difference probability for any rotation parameter ($0&amp;lt;k&amp;lt;n$) can be realized. By proposing a concept of RX-offset and constructing the corresponding distribution table, the propagation of RX-difference in modular addition can be derived from the propagation of XOR-difference. Combined with the improvement of the automatic search tool for XOR-differential characteristics of ARX ciphers, we only need to add one more operation in each round, i.e. traverse the possible value of RX-offset and XOR it with the output XOR-difference of modular addition, thus it can achieve the search for RX-differential characteristics. With this method, the RX-differential distinguisher of ARX-C primitives without or with linear key schedule can be searched. For the applications, we have obtained the third-party RX-cryptanalysis results for Alzette and CHAM for the first time as far as we know.<\/jats:p>","DOI":"10.1093\/comjnl\/bxab126","type":"journal-article","created":{"date-parts":[[2021,9,22]],"date-time":"2021-09-22T19:11:13Z","timestamp":1632337873000},"page":"3062-3080","source":"Crossref","is-referenced-by-count":4,"title":["On the Probability and Automatic Search of Rotational-XOR Cryptanalysis on ARX Ciphers"],"prefix":"10.1093","volume":"65","author":[{"given":"Mingjiang","family":"Huang","sequence":"first","affiliation":[{"name":"Institute of Information Engineering , Chinese Academy of Sciences, Beijing, China"},{"name":"School of Cyber Security , University of Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhen","family":"Xu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering , Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Liming","family":"Wang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering , Chinese Academy of Sciences, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"286","published-online":{"date-parts":[[2021,9,24]]},"reference":[{"key":"2023010312515217900_ref1","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1007\/11894063_4","article-title":"HIGHT: A New Block Cipher Suitable for Low-resource Device","volume-title":"8th International Workshop of Cryptographic Hardware and Embedded Systems (CHES 2006)","author":"Hong","year":"2006"},{"key":"2023010312515217900_ref2","article-title":"The SIMON and Speck Families of Lightweight Block Ciphers. Cryptology ePrint Archive","author":"Beaulieu","year":"2013"},{"key":"2023010312515217900_ref3","doi-asserted-by":"crossref","first-page":"489","DOI":"10.1007\/978-3-642-34931-7_28","article-title":"SipHash: A Fast Short-input PRF","volume-title":"13th International Conference on Cryptology in India (INDOCRYPT 2012)","author":"Aumasson","year":"2012"},{"key":"2023010312515217900_ref4","doi-asserted-by":"crossref","first-page":"306","DOI":"10.1007\/978-3-319-13051-4_19","article-title":"Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers","volume-title":"Selected Areas in Cryptography - 21st International Conference (SAC 2014)","author":"Mouha","year":"2014"},{"key":"2023010312515217900_ref5","first-page":"484","article-title":"Design Strategies for ARX with Provable Bounds: SPARX and LAX","volume-title":"22nd International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2016)","author":"Dinu","year":"2016"},{"key":"2023010312515217900_ref6","first-page":"3","article-title":"CHAM: A Family of Lightweight Block Ciphers for Resource-Constrained Devices","volume-title":"20th International Conference of Information Security and Cryptology (ICISC 2017)","author":"Koo","year":"2017"},{"key":"2023010312515217900_ref7","doi-asserted-by":"crossref","first-page":"208","DOI":"10.46586\/tosc.v2020.iS1.208-261","article-title":"Lightweight AEAD and Hashing Using the SPARKLE Permutation Family","volume":"2020","author":"Beierle","year":"2020","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"2023010312515217900_ref8","article-title":"COMET: Counter Mode Encryption with Authentication Tag","volume-title":"NIST Lightweight Cryptography Project","author":"Gueron","year":"2019"},{"key":"2023010312515217900_ref9","volume-title":"Lightweight-Cryptography","author":"NIST","year":"2019"},{"key":"2023010312515217900_ref10","author":"Chinese National Cryptographic Algorithm Design Competition","year":"2019"},{"key":"2023010312515217900_ref11","volume-title":"Cryptanalysis of Hash Functions of the MD4-family","author":"Daum","year":"2005"},{"key":"2023010312515217900_ref12","first-page":"336","article-title":"Efficient Algorithms for Computing Differential Properties of Addition","volume-title":"Fast Software Encryption (FSE 2001)","author":"Lipmaa","year":"2001"},{"key":"2023010312515217900_ref13","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1007\/978-3-540-25937-4_20","article-title":"On the Additive Differential Probability of Exclusive-OR","volume-title":"Fast Software Encryption (FSE 2004)","author":"Lipmaa","year":"2004"},{"key":"2023010312515217900_ref14","doi-asserted-by":"crossref","first-page":"111","DOI":"10.1007\/s10623-012-9668-4","article-title":"On CCZ-equivalence of Addition mod 2$^n$","volume":"66","author":"Schulte-Geers","year":"2013","journal-title":"Des. Codes Cryptography"},{"key":"2023010312515217900_ref15","article-title":"On the Differential and Linear Properties of Addition","author":"Wall\u00e9n","year":"2003","journal-title":"Master\u2019s thesis, Helsinki University of Technology, Laboratory for Theoretical Computer Science"},{"key":"2023010312515217900_ref16","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/BF00630563","article-title":"Differential Cryptanalysis of DES-like Cryptosystems","volume":"4","author":"Biham","year":"1991","journal-title":"Journal of CRYPTOLOGY"},{"key":"2023010312515217900_ref17","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1007\/978-3-642-13858-4_19","article-title":"Rotational Cryptanalysis of ARX","volume-title":"Fast Software Encryption (FSE 2010)","author":"Khovratovich","year":"2010"},{"key":"2023010312515217900_ref18","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1007\/978-3-662-48116-5_25","article-title":"Rotational Cryptanalysis of ARX Revisited","volume-title":"Fast Software Encryption (FSE 2015)","author":"Khovratovich","year":"2015"},{"key":"2023010312515217900_ref19","doi-asserted-by":"crossref","first-page":"57","DOI":"10.46586\/tosc.v2016.i1.57-70","article-title":"Rotational Cryptanalysis in the Presence of Constants","volume":"2016","author":"Ashur","year":"2016","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"2023010312515217900_ref20","doi-asserted-by":"crossref","first-page":"24","DOI":"10.46586\/tosc.v2017.i3.24-36","article-title":"Rotational-XOR Cryptanalysis of Reduced-round SPECK","volume":"2017","author":"Liu","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"2023010312515217900_ref21","doi-asserted-by":"crossref","first-page":"366","DOI":"10.1007\/BFb0053451","article-title":"On Correlation Between the Order of S-boxes and the Strength of DES","volume-title":"Advances in Cryptology - EUROCRYPT\u201994. (EUROCRYPT 1994)","author":"Matsui","year":"1995"},{"key":"2023010312515217900_ref22","first-page":"17","article-title":"Markov Ciphers and Differential Cryptanalysis","volume-title":"Workshop on the Theory and Application of of Cryptographic Techniques (EUROCRYPT 1991)","author":"Lai","year":"1991"},{"key":"2023010312515217900_ref23","doi-asserted-by":"crossref","first-page":"212","DOI":"10.1007\/978-3-540-77360-3_14","article-title":"The Delicate Issues of Addition with Respect to XOR Differences","volume-title":"Selected Areas in Cryptography, 14th International Workshop (SAC 2007)","author":"Wang","year":"2007"},{"key":"2023010312515217900_ref24","first-page":"1","article-title":"Rotational Rebound Attacks on Reduced Skein","volume-title":"16th International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2010)","author":"Khovratovich","year":"2010"},{"key":"2023010312515217900_ref25","doi-asserted-by":"crossref","first-page":"452","DOI":"10.1007\/s00145-013-9150-0","article-title":"Rotational Rebound Attacks on Reduced Skein","volume":"27","author":"Khovratovich","year":"2014","journal-title":"J. Cryptology"},{"key":"2023010312515217900_ref26","article-title":"Cryptanalysis of the SIMON Family of Block Ciphers. Cryptology ePrint Archive, Report 2013\/543","author":"Alkhzaimi","year":"2013"},{"key":"2023010312515217900_ref27","first-page":"306","article-title":"Analysis of NORX: Investigating Differential and Rotational Properties","volume-title":"Third International Conference on Cryptology and Information Security in Latin America (LATINCRYPT 2014)","author":"Aumasson","year":"2014"},{"key":"2023010312515217900_ref28","article-title":"Rotational Analysis of Chacha Permutation. Cryptology ePrint Archive","author":"Barbero","year":"2020"},{"key":"2023010312515217900_ref29","first-page":"402","article-title":"Analysis of BLAKE2","volume-title":"The Cryptographer\u2019s Track at the RSA Conference 2014 (CT-RSA 2014)","author":"Guo","year":"2014"},{"key":"2023010312515217900_ref30","doi-asserted-by":"crossref","DOI":"10.1155\/2020\/5968584","article-title":"Rotational-XOR Rectangle Cryptanalysis on Round-reduced SIMON","volume":"2020","author":"Koo","year":"2020","journal-title":"Security Communication Networks"},{"key":"2023010312515217900_ref31","first-page":"241","article-title":"Rotational Cryptanalysis of Round-reduced Keccak","author":"Morawiecki","year":"2013"},{"key":"2023010312515217900_ref32","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1007\/978-3-030-57808-4_8","article-title":"Rotational Cryptanalysis on MAC Algorithm Chaskey","volume-title":"Applied Cryptography and Network Security (ACNS 2020)","author":"Kraleva","year":"2020"},{"key":"2023010312515217900_ref33","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1007\/978-3-030-55304-3_6","article-title":"Rotational-XOR Cryptanalysis of SIMON-like Block Ciphers","volume-title":"Information Security and Privacy - 25th Australasian Conference (ACISP 2020)","author":"Lu","year":"2020"},{"key":"2023010312515217900_ref34","article-title":"An Easy-to-use Tool for Rotational-XOR Cryptanalysis of ARX Block Ciphers. Cryptology ePrint Archive","author":"Ranea","year":"2020"},{"key":"2023010312515217900_ref35","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1007\/978-3-030-31578-8_4","article-title":"Improved Cryptanalysis on SipHash","volume-title":"Cryptology and Network Security - 18th International Conference (CANS 2019)","author":"Xin","year":"2019"},{"key":"2023010312515217900_ref36","article-title":"Proposing an MILP-based Method for the Experimental Verification of Difference Tails. Cryptology ePrint Archive, Report 2020\/632","author":"Sadeghi","year":"2020"},{"key":"2023010312515217900_ref37","doi-asserted-by":"crossref","first-page":"268","DOI":"10.1007\/978-3-662-52993-5_14","article-title":"MILP-based Automatic Search Algorithms for Differential and Linear Trails for Speck","volume-title":"Fast Software Encryption (FSE 2016)","author":"Fu","year":"2016"},{"key":"2023010312515217900_ref38","first-page":"379","article-title":"Automatic Differential Analysis of ARX Block Ciphers with Application to Speck and LEA","volume-title":"Information Security and Privacy - 21st Australasian Conference (ACISP 2016)","author":"Song","year":"2016"},{"key":"2023010312515217900_ref39","first-page":"227","article-title":"Automatic Search for Differential Trails in ARX Ciphers","volume-title":"The Cryptographer\u2019s Track at the RSA Conference 2014 (CT-RSA 2014)","author":"Biryukov","year":"2014"},{"key":"2023010312515217900_ref40","first-page":"546","article-title":"Differential Analysis of Block Ciphers SIMON and Speck","volume-title":"Fast Software Encryption (FSE 2014)","author":"Biryukov","year":"2014"},{"key":"2023010312515217900_ref41","doi-asserted-by":"crossref","first-page":"289","DOI":"10.1007\/978-3-662-52993-5_15","article-title":"Automatic Search for the Best Trails in ARX: Application to Block Cipher Speck","volume-title":"Fast Software Encryption (FSE 2016)","author":"Biryukov","year":"2016"},{"key":"2023010312515217900_ref42","doi-asserted-by":"crossref","first-page":"358","DOI":"10.46586\/tosc.v2017.i1.358-379","article-title":"Optimal Differential Tails in SIMON-like Ciphers","volume":"2017","author":"Liu","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"2023010312515217900_ref43","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1007\/978-3-030-35423-7_6","article-title":"Automatic Tool for Searching for Differential Characteristics in ARX Ciphers and Applications","volume-title":"20th International Conference on Cryptology in India (INDOCRYPT 2019)","author":"Huang","year":"2019"},{"key":"2023010312515217900_ref44","doi-asserted-by":"crossref","first-page":"1054","DOI":"10.1109\/TIT.2020.3040543","article-title":"A New Method for Searching Optimal Differential and Linear Trails in ARX Ciphers","volume":"67","author":"Liu","year":"2020","journal-title":"IEEE Trans. Inf. Theory"},{"key":"2023010312515217900_ref45","doi-asserted-by":"crossref","DOI":"10.1155\/2020\/4898612","article-title":"Automatic Search for the Linear (Hull) Characteristics of ARX Ciphers: Applied to Speck, SPARX, Chaskey, and CHAM-64","volume-title":"Secur. Commun. Networks","author":"Huang","year":"2020"},{"key":"2023010312515217900_ref46","first-page":"1","article-title":"Revised Version of Block Cipher CHAM","volume-title":"Information Security and Cryptology - 22nd International Conference (ICISC 2019)","author":"Roh","year":"2019"},{"key":"2023010312515217900_ref47","doi-asserted-by":"crossref","first-page":"419","DOI":"10.1007\/978-3-030-56877-1_15","article-title":"Alzette: A 64-bit ARX-Box (Feat. CRAX and TRAX)","volume-title":"Advances in Cryptology - 40th Annual International Cryptology Conference (CRYPTO 2020)","author":"Beierle","year":"2020"},{"key":"2023010312515217900_ref48","article-title":"An Update on the Sparkle Suite","volume-title":"NIST Lightweight Cryptography","author":"Beierle","year":"2020"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/65\/12\/3062\/48480829\/bxab126.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/65\/12\/3062\/48480829\/bxab126.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,3]],"date-time":"2023-01-03T12:52:35Z","timestamp":1672750355000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/65\/12\/3062\/6373560"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,24]]},"references-count":48,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2021,9,24]]},"published-print":{"date-parts":[[2022,12,30]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxab126","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2022,12]]},"published":{"date-parts":[[2021,9,24]]}}}