On additive differential probabilities of the composition of bitwise exclusive-or and a bit rotation. (arXiv:2303.04097v1 [cs.CR])

Properties of the additive differential probability
$\mathrm{adp}^{\mathrm{XR}}$ of the composition of bitwise XOR and a bit
rotation are investigated, where the differences are expressed using addition
modulo $2^n$. This composition is widely used in ARX constructions consisting
of additions modulo $2^n$, bit rotations and bitwise XORs. Differential
cryptanalysis of such primitives may involve maximums of
$\mathrm{adp}^{\mathrm{XR}}$, where some of its input or output differences are
fixed. Although there is an efficient way to calculate this probability, many
its properties are …

addition adp cryptanalysis exclusive input may rotation xor