Properties of the additive differential probability $\mathrm{adp}^{\mathrm{XR}}$ of the composition of bitwise XOR and a bit rotation are investigated, where the differences are expressed using addition modulo $2^n$. This composition is widely used in ARX constructions consisting of additions modulo $2^n$, bit rotations and bitwise XORs. Differential cryptanalysis of such primitives may involve maximums of $\mathrm{adp}^{\mathrm{XR}}$, where some of its input or output differences are fixed. Although there is an efficient way to calculate this probability (Velichkov et al, 2011), many of its properties are still unknown. In this work, we find maximums of $\mathrm{adp}^{\mathrm{XR}}$, where the rotation is one bit left/right and one of its input differences is fixed. Some symmetries of $\mathrm{adp}^{\mathrm{XR}}$ are obtained as well. We provide all its impossible differentials in terms of regular expression patterns and estimate the number of them. This number turns out to be maximal for the one bit left rotation and noticeably less than the number of impossible differentials of bitwise XOR.

翻译：研究了由按位异或（XOR）与循环移位组合构成的加法差分概率 $\mathrm{adp}^{\mathrm{XR}}$ 的性质，其中差分采用模 $2^n$ 加法表示。该组合广泛应用于由模 $2^n$ 加法、循环移位和按位异或构成的 ARX 结构中。针对此类密码原语的差分分析可能涉及 $\mathrm{adp}^{\mathrm{XR}}$ 的最大值，此时其部分输入或输出差分固定。尽管已有高效计算该概率的方法（Velichkov 等，2011），但其许多性质仍未知。本文中，我们找到了当循环移位为左/右一位且一个输入差分固定时 $\mathrm{adp}^{\mathrm{XR}}$ 的最大值，同时获得了 $\mathrm{adp}^{\mathrm{XR}}$ 的若干对称性。我们以正则表达式模式给出了其所有不可能差分的表示，并估算了其数量。结果表明，对于左一位循环移位，该数量达到最大值，且显著小于按位异或的不可能差分数量。