This paper presents a thorough security analysis of the AEAD scheme NORX,
focussing on differential and rotational properties of the core permutation.
To examine its differential properties, we first introduce mathematical models
that describe differential propagation with respect to the non-linear operation
of NORX. Then we adapt the framework previously proposed for ARX designs,
which allows us to automatise the search for differentials and differential
characteristics. We give upper bounds on the differential probability of a
small number of steps of the NORX core permutation, and show how we found the
best characteristics for four rounds, which have probabilities of $2^{-584}$
($32$-bit) and $2^{-836}$ ($64$-bit), respectively. Finally, we discuss some
rotational properties of the core permutation which can be used as a basis for
future studies.
↧
