Bitwise partial-sum on hight: A new tool for integral analysis against arx designs

Abstract

In this paper, we present a new cryptanalytic tool that can reduce the complexity of integral analysis against Addition-Rotation-XOR (ARX) based designs. Our technique is based on the partial-sum technique proposed by Ferguson et al. at FSE 2000, which guesses subkeys byte to byte in turn, and the data to be analyzed is compressed for each key guess. In this paper, the technique is extended to ARX based designs. Subkeys are guessed in bitwise, and the data is compressed with respect to the sum of the guessed bit position and carry values to the next bit position. We call the technique bitwise partial-sum. We demonstrate this technique by applying it to reduced-round HIGHT, which is one of the ISO standard ciphers. Another contribution is an independent improvement specific to HIGHT which exploits more linearity inside the round function. Together with the bitwise partial-sum, the integral analysis on HIGHT is extended from previous 22 rounds to 26 rounds.