On the boomerang uniformity of some permutation polynomials
- PDF / 405,563 Bytes
- 18 Pages / 439.642 x 666.49 pts Page_size
- 18 Downloads / 181 Views
On the boomerang uniformity of some permutation polynomials Marco Calderini1 · Irene Villa1 Received: 31 July 2019 / Accepted: 6 May 2020 / © The Author(s) 2020
Abstract The boomerang attack, introduced by Wagner in 1999, is a cryptanalysis technique against block ciphers based on differential cryptanalysis. In particular it takes into consideration two differentials, one for the upper part of the cipher and one for the lower part, and it exploits the dependency of these two differentials. At Eurocrypt’18, Cid et al. introduced a new tool, called the Boomerang Connectivity Table (BCT), that permits to simplify this analysis. Next, Boura and Canteaut introduced an important parameter for cryptographic Sboxes called boomerang uniformity, that is the maximum value in the BCT. Very recently, the boomerang uniformity of some classes of permutations (in particular quadratic functions) have been studied by Li, Qu, Sun and Li, and by Mesnager, Tang and Xiong. In this paper we further study the boomerang uniformity of some non-quadratic differentially 4uniform functions. In particular, we consider the case of the Bracken-Leander cubic function and three classes of 4-uniform functions constructed by Li, Wang and Yu, obtained from modifying the inverse functions. Keywords Vectorial Boolean functions · Boomerang uniformity · Boomerang connectivity table · Boomerang attack Mathematics Subject Classification (2010) 94C10 · 94A60 · 06E30 · 14G50
1 Introduction A vectorial Boolean function, or (n, m)-function, is a function F from the vector space Fn2 to Fm 2 . When m = 1, F is simply called a Boolean function. Vectorial Boolean functions and Boolean functions have a crucial role in the design of secure cryptographic primitives,
Irene Villa
[email protected] Marco Calderini [email protected] 1
Department of Informatics, University of Bergen, PB 7803, 5020 Bergen, Norway
Cryptography and Communications
such as block ciphers. In this context, a vectorial Boolean function is also called an S-box. Most modern block ciphers, such as the AES, implement S-boxes which are (n, n)-functions permuting the space Fn2 . We refer the reader to [10] for an overview on vectorial Boolean functions. In the following, we shall identify the vector space Fn2 to the finite field F2n with 2n elements. Moreover, F2n will denote the multiplicative group of F2n . Among the most efficient attacks on block ciphers there is the differential attack, introduced by Biham and Shamir [2]. In [19], Nyberg introduced the notion of differential uniformity which measures the resistance of an S-box to this attack. In particular, a vectorial Boolean function F is called differentially δ-uniform if the equation F (x) + F (x + a) = b has at most δ solutions for any non-zero a and for all b. Since if x is a solution, then also x + a is a solution of the equation, the smallest possible value for δ is 2. Functions achieving such differential uniformity are called almost perfect nonlinear (APN). APN functions have optimal resistance to differential attacks. In
Data Loading...