@risottobias @dalias @khm @ambiguous_yelp @sammi @joelanman We use a lot of analytic approaches (e.g., bit diffusion in reduced rounds to compare ARX constructions, which help quantify the statistical confusion between inputs and outputs in the full round of a scheme) which are derived from successful attacks against insecure designs. A cipher is a secure as the cost of the best attack (exhaustive key search a.k.a. brute force is the default attack to consider).