New Results about the Boomerang Uniformity of Permutation Polynomials

In EUROCRYPT 2018, Cid et al. \cite{BCT2018} introduced a new concept on the cryptographic property of S-boxes: Boomerang Connectivity Table (BCT for short) for evaluating the subtleties of boomerang-style attacks. Very recently, BCT and the boomerang uniformity, the maximum value in BCT, were further studied by Boura and Canteaut \cite{BC2018}. Aiming at providing new insights, we show some new results about BCT and the boomerang uniformity of permutations in terms of theory and experiment in this paper. Firstly, we present an equivalent technique to compute BCT and the boomerang uniformity, which seems to be much simpler than the original definition from \cite{BCT2018}. Secondly, thanks to Carlet's idea \cite{Carlet2018}, we give a characterization of functions $f$ from $\mathbb{F}_{2}^n$ to itself with boomerang uniformity $\delta_{f}$ by means of the Walsh transform. Thirdly, by our method, we consider boomerang uniformities of some specific permutations, mainly the ones with low differential uniformity. Finally, we obtain another class of $4$-uniform BCT permutation polynomials over $\mathbb{F}_{2^n}$, which is the first binomial.Comment: 25 page

Characters, Weil sums and cc-differential uniformity with an application to the perturbed Gold function

Building upon the observation that the newly defined~\cite{EFRST20} concept of $c$-differential uniformity is not invariant under EA or CCZ-equivalence~\cite{SPRS20}, we showed in~\cite{SG20} that adding some appropriate linearized monomials increases the $c$-differential uniformity of the inverse function, significantly, for some~$c$. We continue that investigation here. First, by analyzing the involved equations, we find bounds for the uniformity of the Gold function perturbed by a single monomial, exhibiting the discrepancy we previously observed on the inverse function. Secondly, to treat the general case of perturbations via any linearized polynomial, we use characters in the finite field to express all entries in the $c$-Differential Distribution Table (DDT) of an $(n,n)$-function on the finite field \F_{p^n}, and further, we use that method to find explicit expressions for all entries of the $c$-DDT of the perturbed Gold function (via an arbitrary linearized polynomial).Comment: 22 page

Cryptographically strong permutations from the butterfly structure

Boomerang connectivity table is a new tool to characterize the vulnerability of cryptographic functions against boomerang attacks. Consequently, a cryptographic function is desired to have boomerang uniformity as low as its differential uniformity. Based on generalized butterfly structures recently introduced by Canteaut, Duval and Perrin, this paper presents infinite families of permutations of ${\mathbb {F}}_{2^{2n}}$ for a positive odd integer n, which have the best known nonlinearity and boomerang uniformity 4. Both open and closed butterfly structures are considered. The open butterflies, according to experimental results, appear not to produce permutations with boomerang uniformity 4. On the other hand, from the closed butterflies we derive a condition on coefficients $\alpha , \beta \in {\mathbb {F}}_{2^n}$ such that the functions $$\begin{aligned} V_i(x,y) := (R_i(x,y), R_i(y,x)), \end{aligned}$$ where $R_i(x,y)=(x+\alpha y)^{2^i+1}+\beta y^{2^i+1}$ and $\gcd (i,n)=1$, permute ${{\mathbb {F}}}_{2^n}^2$ and have boomerang uniformity 4. In addition, experimental results for $n=3, 5$ indicate that the proposed condition seems to cover all such permutations $V_i(x,y)$ with boomerang uniformity 4.acceptedVersio

Low cc-differential and cc-boomerang uniformity of the swapped inverse function

Modifying the binary inverse function in a variety of ways, like swapping two output points has been known to produce a $4$-differential uniform permutation function. Recently, in \cite{Li19} it was shown that this swapped version of the inverse function has boomerang uniformity exactly $10$, if $n\equiv 0\pmod 6$, $8$, if $n\equiv 3\pmod 6$, and 6, if $n\not\equiv 0\pmod 3$. Based upon the $c$-differential notion we defined in \cite{EFRST20} and $c$-boomerang uniformity from \cite{S20}, in this paper we characterize the $c$-differential and $c$-boomerang uniformity for the $(0,1)$-swapped inverse function in characteristic~$2$: we show that for all~$c\neq 1$, the $c$-differential uniformity is upper bounded by~$4$ and the $c$-boomerang uniformity by~$5$ with both bounds being attained for~$n\geq 4$.Comment: 25 page

Investigations on cc-Boomerang Uniformity and Perfect Nonlinearity

We defined in~\cite{EFRST20} a new multiplicative $c$-differential, and the corresponding $c$-differential uniformity and we characterized the known perfect nonlinear functions with respect to this new concept, as well as the inverse in any characteristic. The work was continued in~\cite{RS20}, investigating the $c$-differential uniformity for some further APN functions. Here, we extend the concept to the boomerang uniformity, introduced at Eurocrypt '18 by Cid et al.~\cite{Cid18}, to evaluate S-boxes of block ciphers, and investigate it in the context of perfect nonlinearity and related functions.Comment: 31 pages, 1 figur