Rotational-XOR Differential Cryptanalysis and an Automatic Framework for AND-RX Ciphers

In this paper, a security evaluation framework for AND-RX ciphers against rotational-XOR differential cryptanalysis is proposed. This framework first models the structure of all the possible rotational-XOR differential (abbreviated to "RXD") trails and introduces a method to calculate this structure round by round. Based on this approach, an automatic method is proposed for searching RXD trails. In this method, four strategies are proposed to derive better result and improve the efficiency. Unlike previous automations, the time complexity for this framework can be pre-computed, which is bounded by {\mathcal{ O}}\left ({{c\cdot n\cdot R^{2}\cdot C_{n}^{n_{1}}} }\right) (where n is the block size, n_{1} is the number of active bits for the starting point of automatic method, R is the length of the targeted rounds and c is a fixed constant). Under the given strategies and searching subspaces, the derived RXD trails are guaranteed to be optimal. To prove the correctness and efficiency, this framework is applied to all the ten variants for SIMON and three variants for Simeck. When compared with previous RXD trails, the best improvement is up to three rounds. To validate the correctness of the derived rotational-XOR differential trails, a concrete experiment on Simeck32 is conducted and the experimental result complies with the theoretical analysis. As far as we know, for all the variants of Simeck, current longest distinguishers over all the cryptanalytic methods are obtained in this paper.