A new criterion for avoiding the propagation of linear relations through an Sbox (Full version)

In several cryptographic primitives, Sboxes of small size are used to provide nonlinearity. After several iterations, all the output bits of the primitive are ideally supposed to depend in a nonlinear way on all of the input variables. However, in some cases, it is possible to find some output bits that depend in an affine way on a small number of input bits if the other input bits are fixed to a well-chosen value. Such situations are for example exploited in cube attacks or in attacks like the one presented by Fuhr against the hash function Hamsi. Here, we define a new property for nonlinear Sboxes, named $(v,w)$-linearity, which means that $2^w$ components of an Sbox are affine on all cosets of a $v$-dimensional subspace. This property is related to the generalization of the so-called Maiorana-McFarland construction for Boolean functions. We show that this concept quantifies the ability of an Sbox to propagate affine relations. As a proof of concept, we exploit this new notion for analyzing and slightly improving Fuhr\u27s attack against Hamsi and we show that its success strongly depends on the $(v,w)$-linearity of the involved Sbox

Further Cryptographic Properties of the Multiplicative Inverse Function

Differential analysis is an important cryptanalytic technique on block ciphers. In one form, this measures the probability of occurrence of the differences between certain inputs vectors and the corresponding outputs vectors. For this analysis, the constituent S-boxes of Block cipher need to be studied carefully. In this direction, we derive further cryptographic properties of inverse function, especially higher-order differential properties here. This improves certain results of Boukerrou et al [ToSC 2020(1)]. We prove that inverse function defined over $\mathbb F_{2^n}$ has an error (bias) in its second-oder differential spectrum with probability $\frac{1}{2^{n-2}}$, and that error occurs in more than one places. To the best of our knowledge, this result was not known earlier. Further, for the first time, we analyze the Gowers uniformity norm of S-boxes which is also a measure of resistance to higher order approximations. Finally, the bounds related to the nonlinearity profile of multiplicative inverse function are derived using both Gowers $U_3$ norm and Walsh--Hadamard spectrum. Some of our findings provide slightly improved bounds over the work of Carlet [IEEE-IT, 2008]. All our results might have implications towards non-randomness of a block cipher where the inverse function is used as a primitive

Bivariate functions with low cc-differential uniformity

Starting with the multiplication of elements in $\mathbb{F}_{q}^2$ which is consistent with that over $\mathbb{F}_{q^2}$, where $q$ is a prime power, via some identification of the two environments, we investigate the $c$-differential uniformity for bivariate functions $F(x,y)=(G(x,y),H(x,y))$. By carefully choosing the functions $G(x,y)$ and $H(x,y)$, we present several constructions of bivariate functions with low $c$-differential uniformity. Many P$c$N and AP$c$N functions can be produced from our constructions.Comment: Low $c$-differential uniformity, perfect and almost perfect $c$-nonlinearity, the bivariate functio

D.STVL.9 - Ongoing Research Areas in Symmetric Cryptography

This report gives a brief summary of some of the research trends in symmetric cryptography at the time of writing (2008). The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)

Vectorial Boolean Functions with Very Low Differential-Linear Uniformity Using Maiorana-McFarland Type Construction

International audienceThe differential-linear connectivity table (DLCT) of a vectorial Boolean function was recently introduced by Bar-On et al. at EUROCRYPT’ 19. In this paper we construct a new class of balanced vectorial Boolean functions with very low differential-linear uniformity and provide a combinatorial count of hardware gates which is required to implement such circuits. Here, all the coordinate functions are constructed by modifying the Maiorana-McFarland bent functions. Further, we derive some properties of DLCT and differential-linear uniformity of modified inverse functions