Differentially low uniform permutations from known 4-uniform functions

Functions with low differential uniformity can be used in a block cipher as S-boxes since they have good resistance to differential attacks. In this paper we consider piecewise constructions for permutations with low differential uniformity. In particular, we give two constructions of differentially 6-uniform functions, modifying the Gold function and the Bracken–Leander function on a subfield.publishedVersio

New Results about the Boomerang Uniformity of Permutation Polynomials

In EUROCRYPT 2018, Cid et al. \cite{BCT2018} introduced a new concept on the cryptographic property of S-boxes: Boomerang Connectivity Table (BCT for short) for evaluating the subtleties of boomerang-style attacks. Very recently, BCT and the boomerang uniformity, the maximum value in BCT, were further studied by Boura and Canteaut \cite{BC2018}. Aiming at providing new insights, we show some new results about BCT and the boomerang uniformity of permutations in terms of theory and experiment in this paper. Firstly, we present an equivalent technique to compute BCT and the boomerang uniformity, which seems to be much simpler than the original definition from \cite{BCT2018}. Secondly, thanks to Carlet's idea \cite{Carlet2018}, we give a characterization of functions $f$ from $\mathbb{F}_{2}^n$ to itself with boomerang uniformity $\delta_{f}$ by means of the Walsh transform. Thirdly, by our method, we consider boomerang uniformities of some specific permutations, mainly the ones with low differential uniformity. Finally, we obtain another class of $4$-uniform BCT permutation polynomials over $\mathbb{F}_{2^n}$, which is the first binomial.Comment: 25 page

Involutory Differentially 4-Uniform Permutations from Known Constructions

Substitution box (S-box) is an important component of block ciphers for providing confusion into the cryptosystems. The functions used as S-boxes should have low differential uniformity, high nonlinearity and high algebraic degree. Due to the lack of knowledge on the existence of APN permutations over $\mathbb{F}_{2^{2k}}$, which have the lowest differential uniformity, when $k>3$, they are often constructed from differentially 4-uniform permutations. Up to now, many infinite families of such functions have been constructed. Besides, the less cost of hardware implementation of S-boxes is also an important criterion in the design of block ciphers. If the S-box is an involution, which means that the compositional inverse of the permutation is itself, then the implementation cost for its inverse is saved. The same hardware circuit can be used for both encryption and decryption, which is an advantage in hardware implementation. In this paper, we investigate all the differentially 4-uniform permutations that are known in the literature and determine whether they can be involutory. We found that some involutory differentially 4-uniform permutations with high nonlinearity and algebraic degree can be given from these known constructions

Low c-differential uniformity for functions modified on subfields

In this paper, we construct some piecewise defined functions, and study their c-differential uniformity. As a by-product, we improve upon several prior results. Further, we look at concatenations of functions with low differential uniformity and show several results. For example, we prove that given βi (a basis of Fqn over Fq), some functions fi of c-differential uniformities δi , and Li (specific linearized polynomials defined in terms of βi), 1 ≤ i ≤ n, then F(x) = Pn i=1 βifi(Li(x)) has c-differential uniformity equal to Qn i=1 δi

Low c-differential uniformity for functions modified on subfields

In this paper, we construct some piecewise defined functions, and study their c-differential uniformity. As a by-product, we improve upon several prior results. Further, we look at concatenations of functions with low differential uniformity and show several results. For example, we prove that given βi (a basis of Fqn over Fq), some functions fi of c-differential uniformities δi , and Li (specific linearized polynomials defined in terms of βi), 1 ≤ i ≤ n, then F(x) = Pn i=1 βifi(Li(x)) has c-differential uniformity equal to Qn i=1 δi

Low cc-differential and cc-boomerang uniformity of the swapped inverse function

Modifying the binary inverse function in a variety of ways, like swapping two output points has been known to produce a $4$-differential uniform permutation function. Recently, in \cite{Li19} it was shown that this swapped version of the inverse function has boomerang uniformity exactly $10$, if $n\equiv 0\pmod 6$, $8$, if $n\equiv 3\pmod 6$, and 6, if $n\not\equiv 0\pmod 3$. Based upon the $c$-differential notion we defined in \cite{EFRST20} and $c$-boomerang uniformity from \cite{S20}, in this paper we characterize the $c$-differential and $c$-boomerang uniformity for the $(0,1)$-swapped inverse function in characteristic~$2$: we show that for all~$c\neq 1$, the $c$-differential uniformity is upper bounded by~$4$ and the $c$-boomerang uniformity by~$5$ with both bounds being attained for~$n\geq 4$.Comment: 25 page

Differentially 4-Uniform Bijections by Permuting the Inverse Function

Block ciphers use Substitution boxes (S-boxes) to create confusion into the cryptosystems. Functions used as S-boxes should have low differential uniformity, high nonlinearity and algebraic degree larger than 3 (preferably strictly larger). They should be fastly computable; from this viewpoint, it is better when they are in even number of variables. In addition, the functions should be bijections in a Substitution-Permutation Network. Almost perfect nonlinear (APN) functions have the lowest differential uniformity 2 and the existence of APN bijections over \F_{2^n} for even $n\ge 8$ is a big open problem. In the present paper, we focus on constructing differentially 4-uniform bijections suitable for designing S-boxes for block ciphers. Based on the idea of permuting the inverse function, we design a construction providing a large number of differentially 4-uniform bijections with maximum algebraic degree and high nonlinearity. For every even $n\ge 12$, we mathematically prove that the functions in a subclass of the constructed class are CCZ-inequivalent to known differentially 4-uniform power functions and to quadratic functions. This is the first mathematical proof that an infinite class of differentially 4-uniform bijections is CCZ-inequivalent to known differentially 4-uniform power functions and to quadratic functions. We also get a general lower bound on the nonlinearity of our functions, which can be very high in some cases, and obtain three improved lower bounds on the nonlinearity for three special subcases of functions which are extremely large

Mathematical aspects of the design and security of block ciphers

Block ciphers constitute a major part of modern symmetric cryptography. A mathematical analysis is necessary to ensure the security of the cipher. In this thesis, I develop several new contributions for the analysis of block ciphers. I determine cryptographic properties of several special cryptographically interesting mappings like almost perfect nonlinear functions. I also give some new results both on the resistance of functions against differential-linear attacks as well as on the efficiency of implementation of certain block ciphers