Design Strategies for ARX with Provable Bounds: SPARX and LAX

Similar documents
CS 7641 A (Machine Learning) Sethuraman K, Parameswaran Raman, Vijay Ramakrishnan

Classroom Tips and Techniques: The Partial-Fraction Decomposition. Robert J. Lopez Emeritus Professor of Mathematics and Maple Fellow Maplesoft

CSE 3401: Intro to AI & LP Uninformed Search II

Better Search Improved Uninformed Search CIS 32

Hierarchical ORAM Revisited, and Applications to Asymptotically Efficient ORAM and OPRAM. Hubert Chan, Yue Guo, Wei-Kai Lin, Elaine Shi 2017/12/5

A new Decomposition Algorithm for Multistage Stochastic Programs with Endogenous Uncertainties

COMP219: Artificial Intelligence. Lecture 8: Combining Search Strategies and Speeding Up

Overview. Depth Limited Search. Depth Limited Search. COMP219: Artificial Intelligence. Lecture 8: Combining Search Strategies and Speeding Up

CPE/EE 427, CPE 527 VLSI Design I L06: Complementary CMOS Logic Gates

Reducing Code Size with Run-time Decompression

Profile-driven Selective Code Compression

SUPPLEMENT MATERIALS

AN ISOLATED SMALL WIND TURBINE EMULATOR

Methods for the Anisotropic Wavelet Packet Transform

Aperitifs The Lexicon of Cryptography p. 1 Cryptographic Systems p. 4 Cryptanalysis p. 4 Side Information p. 6 Thomas Jefferson and the M-94 p.

Non-Interactive Secure Computation Based on Cut-and-Choose

An Efficient Code Compression Technique using Application-Aware Bitmask and Dictionary Selection Methods

CSE 3402: Intro to Artificial Intelligence Uninformed Search II

DESIGN AND ANALYSIS OF ALGORITHMS (DAA 2017)

Inlet Influence on the Pressure and Temperature Distortion Entering the Compressor of an Air Vehicle

A new take at Adaptive Fast Multipole Methods: application, implementation, and hybrid CPU/GPU parallelism

Prediction Market and Parimutuel Mechanism

Queue analysis for the toll station of the Öresund fixed link. Pontus Matstoms *

Provably Secure Camouflaging Strategy for IC Protection

2 When Some or All Labels are Missing: The EM Algorithm

Predicting NBA Shots

Energy Output. Outline. Characterizing Wind Variability. Characterizing Wind Variability 3/7/2015. for Wind Power Management

Dynamic Programming: The Matrix Chain Algorithm

CSC384: Introduction to Artificial Intelligence. Search

Smart-Walk: An Intelligent Physiological Monitoring System for Smart Families

CS 4649/7649 Robot Intelligence: Planning

Why does T7 underperform? Individual turbine performance relative to preconstruction estimates.

Failure is Also an Option

Business and housing market cycles in the euro area: a multivariate unobserved component approach

STATIONKEEPING DYNAMIC POSITIONING FOR YACHTS. Hans Cozijn

Gary Fredericks Purely Random Clojure/West / 81

EEC 686/785 Modeling & Performance Evaluation of Computer Systems. Lecture 6. Wenbing Zhao. Department of Electrical and Computer Engineering

AGEC 604 Natural Resource Economics

CT4510: Computer Graphics. Transformation BOCHANG MOON

Imperfectly Shared Randomness in Communication

Outline. Terminology. EEC 686/785 Modeling & Performance Evaluation of Computer Systems. Lecture 6. Steps in Capacity Planning and Management

BBS Fall Conference, 16 September Use of modeling & simulation to support the design and analysis of a new dose and regimen finding study

Existence of Nash Equilibria

Addressing DDR5 design challenges with IBIS-AMI modeling techniques

knn & Naïve Bayes Hongning Wang

Stealthy Attacks with Insider Information: A Game Theoretic Model with Asymmetric Feedback

Instruction Cache Compression for Embedded Systems by Yujia Jin and Rong Chen

Designing Mechanisms for Reliable Internet-based Computing

CFD ANALYSIS OF FLOW AROUND AEROFOIL FOR DIFFERENT ANGLE OF ATTACKS

Predicting Horse Racing Results with Machine Learning

Evaluating and Classifying NBA Free Agents

Transposition Table, History Heuristic, and other Search Enhancements

Inlet Influence on the Pressure and Temperature Distortion Entering the Compressor of an Air Vehicle

NEURAL NETWORKS BASED PREDICTION OF WIND ENERGY USING PITCH ANGLE CONTROL

Introduction to Parallelism in CASTEP

Determination of the Design Load for Structural Safety Assessment against Gas Explosion in Offshore Topside

Example: sequence data set wit two loci [simula

PREDICTING the outcomes of sporting events

PERCEPTIVE ROBOT MOVING IN 3D WORLD. D.E- Okhotsimsky, A.K. Platonov USSR

CS 4649/7649 Robot Intelligence: Planning

Incompressible Flow over Airfoils

Uninformed Search Strategies

Introduction. AI and Searching. Simple Example. Simple Example. Now a Bit Harder. From Hammersmith to King s Cross

A Performanced Based Angle of Attack Display

Aerodynamic Analysis of a Symmetric Aerofoil

Recovery of sea level fields of the last decades from altimetry and tide gauge data

More relatively-poor people in a less absolutely-poor world

Reliable Real-Time Recognition of Motion Related Human Activities using MEMS Inertial Sensors

Learning to Imitate a Fighter Pilot

SEARCH SEARCH TREE. Node: State in state tree. Root node: Top of state tree

Electromagnetic Attacks on Ring Oscillator-Based True Random Number Generator

Measuring Returns to Scale in Nineteenth-Century French Industry Technical Appendix

TRINITY COLLEGE DUBLIN

Machine Learning an American Pastime

A COURSE OUTLINE (September 2001)

Online Companion to Using Simulation to Help Manage the Pace of Play in Golf

Business Cycles. Chris Edmond NYU Stern. Spring 2007

STICTION: THE HIDDEN MENACE

SEARCH TREE. Generating the children of a node

Bayesian Methods: Naïve Bayes

1. A tendency to roll or heel when turning (a known and typically constant disturbance) 2. Motion induced by surface waves of certain frequencies.

MTH 112: Elementary Functions

Installation and Operation Manual

The M-Series Eletta Flow Meter High accuracy DP Flow Meter with multiple functions

GOLOMB Compression Technique For FPGA Configuration

Cleveland State University MCE441: Intr. Linear Control Systems. Lecture 6: The Transfer Function Poles and Zeros Partial Fraction Expansions

Search I. Tuomas Sandholm Carnegie Mellon University Computer Science Department. [Read Russell & Norvig Chapter 3]

TOWARDS A BIKE-FRIENDLY CANADA A National Cycling Strategy Overview

A definition of depth for functional observations

Phil Rosengren BetterPitching.com

iloq H10S3, H10S4 AND H10S5 PADLOCK

A Chiller Control Algorithm for Multiple Variablespeed Centrifugal Compressors

ECE 697B (667) Spring 2003

Surviving the End of the World: A Mathematical Model of the Zombie Apocalypse

Title: Modeling Crossing Behavior of Drivers and Pedestrians at Uncontrolled Intersections and Mid-block Crossings

An Impeller Blade Analysis of Centrifugal Gas Compressor Using CFD

UAID: Unconventional Arterial Intersection Design

Evacuation Time Minimization Model using Traffic Simulation and GIS Technology

CALIBRATION OF THE PLATOON DISPERSION MODEL BY CONSIDERING THE IMPACT OF THE PERCENTAGE OF BUSES AT SIGNALIZED INTERSECTIONS

Improving Cost Efficiency of DP Operations by Enhanced Thruster Allocation Strategy

Transcription:

Design Strategies for ARX with Provable Bounds: SPARX and LAX Daniel Dinu 1, Léo Perrin 1, Aleksei Udovenko 1, Vesselin Velichkov 1, Johann Großschädl 1, Alex Biryukov 1 1 SnT, University of Luxembourg https://www.cryptolux.org January 19, 2017 Early Symmetric Crypto (ESC) Canach, Luxembourg

Block Cipher Design ( Pdiff ΔS 2b ) # active S-Boxes Design of an S-Box based SPN (wide-trail strategy) Cryptolux Team SPARX and LAX 1 / 24

Block Cipher Design ( Pdiff ΔS 2b ) # active S-Boxes Design of an S-Box based SPN (wide-trail strategy) Design of an ARX-cipher (allegory) source: Wiki Commons Cryptolux Team SPARX and LAX 1 / 24

Block Cipher Design ( Pdiff ΔS 2b ) # active S-Boxes Design of an S-Box based SPN (wide-trail strategy) Design of an ARX-cipher (allegory) source: Wiki Commons Can we use ARX and have provable bounds? Cryptolux Team SPARX and LAX 1 / 24

Outline Talk Outline 1 The Long-Trail Strategy 2 The SPARX Family of LW-BC 3 The LAX Approach 4 Conclusion Cryptolux Team SPARX and LAX 2 / 24

Plan 1 The Long-Trail Strategy The Wide Trail Strategy ARX-Boxes The Long Trail Strategy 2 The SPARX Family of LW-BC 3 The LAX Approach 4 Conclusion Cryptolux Team SPARX and LAX 2 / 24

The Wide Trail Strategy (WTS) Wide Trail Argument MEDCP(F r ) p S a(r) MEDCP(F r ) = max (P[any trail covering r rounds of F ]) P[S(x c) S(x) = d] p S #{active S-Boxes on r rounds} a(r) Cryptolux Team SPARX and LAX 3 / 24

The Wide Trail Strategy (WTS) Wide Trail Argument MEDCP(F r ) p S a(r) MEDCP(F r ) = max (P[any trail covering r rounds of F ]) P[S(x c) S(x) = d] p S #{active S-Boxes on r rounds} a(r) Used to design the AES! Cryptolux Team SPARX and LAX 3 / 24

The Wide Trail Strategy (WTS) Wide Trail Argument MEDCP(F r ) p S a(r) MEDCP(F r ) = max (P[any trail covering r rounds of F ]) P[S(x c) S(x) = d] p S #{active S-Boxes on r rounds} a(r) Used to design the AES! Application to ARX Can we use this to build an ARX-based cipher? Cryptolux Team SPARX and LAX 3 / 24

ARX-Boxes (1/2) SPECKEY 1 Start from SPECK-32 2 XOR key in full state (Markov assumption) 3 Find best trails 7 2 SPECKEY. Cryptolux Team SPARX and LAX 4 / 24

ARX-Boxes (1/2) SPECKEY 1 Start from SPECK-32 2 XOR key in full state (Markov assumption) 3 Find best trails Parameter Search Rotations 7, 2 Second best crypto properties, lightest Indeed NSA design strategy (see DAC 15). 7 2 SPECKEY. Cryptolux Team SPARX and LAX 4 / 24

ARX-Boxes (2/2) Differential/Linear bounds r 1 2 3 4 5 6 7 8 9 10 MEDCP(A r ) 0 1 3 5 9 13 18 24 30 34 MELCC(A r ) 0 0 1 3 5 7 9 12 14 17 Maximum expected differential characteristic probabilities (MEDCP) and maximum expected absolute linear characteristic correlations (MELCC) of SPECKEY (log 2 scale); r is the number of rounds. Cryptolux Team SPARX and LAX 5 / 24

Notations k 0 L k 0 R 7 A 2 k r 1 L k r 1 R A A. A r k. Cryptolux Team SPARX and LAX 6 / 24

Naive Approach S-Box: A 4 ; Linear layer: 128-bit MixColumns. 1 step A 4 k A 4 k A 4 k A 4 k MixColumns A 4 k A 4 k A 4 k A 4 k MixColumns Cryptolux Team SPARX and LAX 7 / 24

Naive Approach S-Box: A 4 ; Linear layer: 128-bit MixColumns. 1 step A 4 k A 4 k A 4 k A 4 k MixColumns A 4 k A 4 k A 4 k A 4 k MixColumns Active ARX-Boxes: a(2s) 5s, log 2 ( MEDCP(A 4 ) ) = 5 Cryptolux Team SPARX and LAX 7 / 24

Naive Approach S-Box: A 4 ; Linear layer: 128-bit MixColumns. 1 step A 4 k A 4 k A 4 k A 4 k MixColumns A 4 k A 4 k A 4 k A 4 k MixColumns Active ARX-Boxes: a(2s) 5s, log 2 ( MEDCP(A 4 ) ) = 5 log 2 (P[diff. trail on 2s steps]) 5s MEDCP(A 4 ) log 2 (P[diff. trail on 2s steps]) 25s Cryptolux Team SPARX and LAX 7 / 24

Naive Approach S-Box: A 4 ; Linear layer: 128-bit MixColumns. 1 step A 4 k A 4 k A 4 k A 4 k MixColumns A 4 k A 4 k A 4 k A 4 k MixColumns Active ARX-Boxes: a(2s) 5s, log 2 ( MEDCP(A 4 ) ) = 5 log 2 (P[diff. trail on 2s steps]) 5s MEDCP(A 4 ) log 2 (P[diff. trail on 2s steps]) 25s Need 2 128/25 = 12 steps, i.e. 48 ARX rounds! Cryptolux Team SPARX and LAX 7 / 24

Drawbacks The Wide Trail Strategy fails here Two (bad) options: 1 design a very weak cipher, or 2 design a very slow cipher. Cryptolux Team SPARX and LAX 8 / 24

Drawbacks The Wide Trail Strategy fails here Two (bad) options: 1 design a very weak cipher, or 2 design a very slow cipher. A New Hope log 2 ( MEDCP(A 4 ) ) = 5 log 2 ( MEDCP(A 8 ) ) = 24 5 2 Cryptolux Team SPARX and LAX 8 / 24

Better Approach A 4 k A 4 k A 4 k A 4 k New linear layer chaining ARX-Boxes. l A 4 k A 4 k A 4 k A 4 k l A 4 k A 4 k A 4 k A 4 k Cryptolux Team SPARX and LAX 9 / 24

Better Approach A 4 k A 4 k A 4 k A 4 k New linear layer chaining ARX-Boxes. l A 4 k A 4 k A 4 k A 4 k l A 4 k A 4 k A 4 k A 4 k Cryptolux Team SPARX and LAX 9 / 24

Better Approach A 4 k A 4 k A 4 k A 4 k New linear layer chaining ARX-Boxes. We can use MEDCP(A 8 ) instead of ( MEDCP(A 4 ) ) 2. l A 4 k A 4 k A 4 k A 4 k l A 4 k A 4 k A 4 k A 4 k Cryptolux Team SPARX and LAX 9 / 24

Better Approach A 4 k A 4 k A 4 k A 4 k New linear layer chaining ARX-Boxes. We can use MEDCP(A 8 ) instead of ( MEDCP(A 4 ) ) 2. l A 4 k A 4 k A 4 k A 4 k If left half has zero differences, l A 4 k A 4 k A 4 k A 4 k Cryptolux Team SPARX and LAX 9 / 24

Better Approach A 4 k A 4 k A 4 k A 4 k New linear layer chaining ARX-Boxes. We can use MEDCP(A 8 ) instead of ( MEDCP(A 4 ) ) 2. l A 4 k A 4 k A 4 k A 4 k If left half has zero differences, we can use MEDCP(A 12 ) instead of ( MEDCP(A 4 ) ) 3. l A 4 k A 4 k A 4 k A 4 k Cryptolux Team SPARX and LAX 9 / 24

The Long Trail Argument (1/2) Definition (Long Trail) A Long Trail (LT) is a trail covering several ARX-Boxes without receiving any outside difference. Can be static (probability = 1) or dynamic (depends on the trail). Cryptolux Team SPARX and LAX 10 / 24

The Long Trail Argument (1/2) Definition (Long Trail) A Long Trail (LT) is a trail covering several ARX-Boxes without receiving any outside difference. Can be static (probability = 1) or dynamic (depends on the trail). Definition (Truncated Trail) A sequence of values in {0, 1} 4 : 1 if ARX-Box i is active, else 0. Cryptolux Team SPARX and LAX 10 / 24

The Long Trail Argument (2/2) Bounding Differential Probability For all truncated trails covering r rounds: 1 check if it is coherent with the linear layer, 2 decompose it into long trails (static and dynamic), 3 bound the probability of all trails following the truncated trail. Cryptolux Team SPARX and LAX 11 / 24

The Long Trail Argument (2/2) Bounding Differential Probability For all truncated trails covering r rounds: 1 check if it is coherent with the linear layer, 2 decompose it into long trails (static and dynamic), 3 bound the probability of all trails following the truncated trail. = Deduce a bound on the probability of all trails. Cryptolux Team SPARX and LAX 11 / 24

The Long Trail Argument (2/2) Bounding Differential Probability For all truncated trails covering r rounds: 1 check if it is coherent with the linear layer, 2 decompose it into long trails (static and dynamic), 3 bound the probability of all trails following the truncated trail. = Deduce a bound on the probability of all trails. Example of a LT bound After 5 steps, the best trail for four 4-round ARX-Boxes + Feistel linear layer is < 2 128. 5 12 steps Cryptolux Team SPARX and LAX 11 / 24

The Long Trail Strategy (LTS) Definition (Design Principle) When using large, weak S-Boxes, it is better to foster Long Trails than diffusion. Thus, the linear layer must be small. Cryptolux Team SPARX and LAX 12 / 24

The Long Trail Strategy (LTS) Definition (Design Principle) When using large, weak S-Boxes, it is better to foster Long Trails than diffusion. Thus, the linear layer must be small. Wide Trail Strategy Long Trail Strategy Cryptolux Team SPARX and LAX 12 / 24

The Long Trail Strategy (LTS) Definition (Design Principle) When using large, weak S-Boxes, it is better to foster Long Trails than diffusion. Thus, the linear layer must be small. Wide Trail Strategy S-Box Small, cheap. Lin. Layer Expensive, complex. Long Trail Strategy S-Box Large, expensive. Lin. Layer Cheap, simple. Cryptolux Team SPARX and LAX 12 / 24

Plan 1 The Long-Trail Strategy 2 The SPARX Family of LW-BC High Level View Security Analysis Implementation Methodology Results 3 The LAX Approach 4 Conclusion Cryptolux Team SPARX and LAX 12 / 24

High Level View SPARX family of block ciphers Designed using a long trail strategy. SPARX-n/k: n-bit block, k-bit key (k 128). Only need 16-bit operations: i,,. Cryptolux Team SPARX and LAX 13 / 24

High Level View SPARX family of block ciphers Designed using a long trail strategy. SPARX-n/k: n-bit block, k-bit key (k 128). Only need 16-bit operations: i,,. n/k 64/128 128/128 128/256 # Rounds/Step 3 4 4 # Steps 8 8 10 Best Attack (# rounds) 15/24 22/32 24/40 Cryptolux Team SPARX and LAX 13 / 24

Notations (reminder) k 0 L k 0 R 7 A 2 k r 1 L k r 1 R A A. A r k. Cryptolux Team SPARX and LAX 14 / 24

High level view x s 0 x s 1 round k sw 0 A k sw+w 1 0 A k r 0 k r 1... k r v 1 step k sw r a 1 A k sw+w 1 r a 1 A k v (r) Linear Layer k0 r+1 k1 r+1... k r+1 v 1 Round function of SPARX. Key schedule. Cryptolux Team SPARX and LAX 15 / 24

SPARX-64/128 x s 0 x s 1 k 2s A 3 k 2s+1 A 3 8 L Step Function. L. Cryptolux Team SPARX and LAX 16 / 24

SPARX-128/128 and SPARX-128/256 x s 0 x s 1 x s 2 x s 3 k 4s A 4 k 4s+1 A 4 k 4s+2 A 4 k 4s+3 A 4 L 8 Step Function. L. Cryptolux Team SPARX and LAX 17 / 24

Security Long Trail Argument P[any diff. trail covering at least 5 steps] < 2 n Cryptolux Team SPARX and LAX 18 / 24

Security Long Trail Argument P[any diff. trail covering at least 5 steps] < 2 n Integral Attacks Todo s division property: 4-5 steps for n =64-128, properties of modular addition: +1 round, best distinguishers cover 13-21 rounds for n =64-128. Cryptolux Team SPARX and LAX 18 / 24

Security Long Trail Argument P[any diff. trail covering at least 5 steps] < 2 n Integral Attacks Todo s division property: 4-5 steps for n =64-128, properties of modular addition: +1 round, best distinguishers cover 13-21 rounds for n =64-128. n/k 64/128 128/128 128/256 rounds attacked/total 15/24 22/32 24/40 security margin 38 % 31 % 40 % Cryptolux Team SPARX and LAX 18 / 24

Benchmarking https://www.cryptolux.org/index.php/felics Fair Evaluation of Lightweight Cryptographic Systems 8-bit ATMEL AVR ; 16-bit TI MSP ; 32-bit ARM Cortex-M3 Usage scenarios (e.g. CBC encryption of 128 bytes) Extracts RAM usage, ROM usage, # CPU cycles. Cryptolux Team SPARX and LAX 19 / 24

Benchmarking https://www.cryptolux.org/index.php/felics Fair Evaluation of Lightweight Cryptographic Systems 8-bit ATMEL AVR ; 16-bit TI MSP ; 32-bit ARM Cortex-M3 Usage scenarios (e.g. CBC encryption of 128 bytes) Extracts RAM usage, ROM usage, # CPU cycles. Figure Of Merit aggregates: all metrics accross all platforms for the best implementations of one algorithm. Cryptolux Team SPARX and LAX 19 / 24

Efficiency of the SPARX Ciphers Rank Cipher Block Key Scenario 1 Security size size FOM margin 1 Speck 64 128 5.0 27 % 2 Chaskey-LTS 128 128 5.0 56 % 3 Simon 64 128 6.9 32 % 4 RECTANGLE 64 128 7.8 28 % 5 LEA 128 128 8.0 33 % 6 Sparx 64 128 8.6 38 % 7 Sparx 128 128 12.9 31 % 8 HIGHT 64 128 14.1 19 % 9 AES 128 128 15.3 30 % 10 Fantomas 128 128 17.2?? % Cryptolux Team SPARX and LAX 20 / 24

Efficiency of the SPARX Ciphers Rank Cipher Block Key Scenario 1 Security size size FOM margin Speck 64 128 5.0 27 % Chaskey-LTS 128 128 5.0 56 % Simon 64 128 6.9 32 % 1 RECTANGLE 64 128 7.8 28 % LEA 128 128 8.0 33 % 2 Sparx 64 128 8.6 38 % 3 Sparx 128 128 12.9 31 % HIGHT 64 128 14.1 19 % 4 AES 128 128 15.3 30 % 5 Fantomas 128 128 17.2?? % Gray: designers did not provide differential/linear bounds. Cryptolux Team SPARX and LAX 20 / 24

Plan 1 The Long-Trail Strategy 2 The SPARX Family of LW-BC 3 The LAX Approach 4 Conclusion Cryptolux Team SPARX and LAX 20 / 24

An Alternative Strategy for Provable ARX The Wallén Challenge [...] design a simple and efficient cipher that uses only addition modulo 2 n and F 2 -affine functions, and that is provably resistant against basic DC and LC. Johan Wallén [Master Thesis, 2003] Rationale α β DP and LC drop exponentially with hw(α β) Affine part should maximize hw(α β)! γ DP = differential probability; LC = linear correlation Cryptolux Team SPARX and LAX 21 / 24

The LAX Construction LAX-2n (y L, y R ) = (Lx R, L(x L x R )) 2n-bit block, n {8, 16} L is n n binary matrix that 1 is invertible, 2 has branch number d > 2, [I L] is a [2n, n, d] lin. code: LAX-16: [16, 8, 5] LAX-32: [32, 16, 8] Linear transform, Addition, XOR = LAX Cryptolux Team SPARX and LAX 22 / 24

Differential Bound on 3 Rounds Theorem The maximum DP of any trail on 3 rounds of LAX-2n is 2 (d 2), where d is the branch number of L. 2n # Rounds 1 2 3 4 5 6 7 8 9 10 11 12 16 p best +0 2 4 7 8 11 13 16 18 20 23 25 p bound 3 6 9 12 32 p best +0 2 6 9 11 16 18 20 24 28 29 34 p bound 6 12 18 24 Cryptolux Team SPARX and LAX 23 / 24

Differential Bound on 3 Rounds Theorem The maximum DP of any trail on 3 rounds of LAX-2n is 2 (d 2), where d is the branch number of L. 2n # Rounds 1 2 3 4 5 6 7 8 9 10 11 12 16 p best +0 2 4 7 8 11 13 16 18 20 23 25 p bound 3 6 9 12 32 p best +0 2 6 9 11 16 18 20 24 28 29 34 p bound 6 12 18 24 Open Problem The bound does not hold for the linear case. Cryptolux Team SPARX and LAX 23 / 24

Plan 1 The Long-Trail Strategy 2 The SPARX Family of LW-BC 3 The LAX Approach 4 Conclusion Wrapping up! Cryptolux Team SPARX and LAX 23 / 24

The Long-Trail Strategy The SPARX Family of LW-BC The LAX Approach Conclusion source: Wiki Commons Cryptolux Team SPARX and LAX 24 / 24 Conclusion

Conclusion Long-Trail Strategy Dual of the Wide-trail strategy Differential and linear bounds https://www.cryptolux.org/ index.php/sparx source: Wiki Commons Cryptolux Team SPARX and LAX 24 / 24

Conclusion Long-Trail Strategy Dual of the Wide-trail strategy Differential and linear bounds https://www.cryptolux.org/ index.php/sparx source: Wiki Commons LAX Branching number = diff. bound Open problem: LAX for linear bound? Cryptolux Team SPARX and LAX 24 / 24

Conclusion Long-Trail Strategy Dual of the Wide-trail strategy Differential and linear bounds https://www.cryptolux.org/ index.php/sparx source: Wiki Commons LAX Branching number = diff. bound Open problem: LAX for linear bound? Thank you! Cryptolux Team SPARX and LAX 24 / 24

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback