Abstract
The functions defined on finite fields with high nonlinearity are important primitives in cryptography. They are used as the substitution boxes in many block ciphers. To avoid the differential and linear attacks on the ciphers, the Sboxes must have low differential uniformity and high nonlinearity. In this paper, we generalize the notions of the differential uniformity and nonlinearity, which are called the t-th differential uniformity and the diversity of the nonlinearity, to measure the nonlinear property of the functions. We show that the Sboxes endorsed by ZUC, SNOW 3G and some lightweight block ciphers have poor performances under these new criteria. The properties and characterizations of these new notions are presented. Another contribution of this paper is to study the nonlinearity of the functions with the form F = f∘a, where f is from \({ \mathbb {F}_{2}^{k}}\) to \({ \mathbb {F}_{2}^{n}}\) and a is a linear surjection from \({ \mathbb {F}_{2}^{n}}\) to \({ \mathbb {F}_{2}^{m}}\). The motivation of this study is that such a substitution-permutation composition structure is widely used in the design of modern ciphers, which is to bring the confusion and diffusion to the ciphers. We determine the nonlinearity of F for the linear function a with certain property. Using this result, we compute the diversity of the nonlinearity for F and f. It is found that the former value is greatly amplified, which weakens the ciphers against the linear attack.
Similar content being viewed by others
References
Anderson, R., Biham, E., Knudsen, L.: Serpent: A proposal for the advanced encryption standard. http://www.cl.cam.ac.uk/rja14/Papers/serpent.pdf (1999)
Armknecht, F: Improving fast algebraic attacks. In: 11th International Workshop on Fast Software Encryption, FSE 2004, Lecture Notes in Computer Science, vol. 3017, pp. 65–82 (2004)
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007, LNCS 4727, pp. 450–466 (2007)
Boura, C., Canteaut, A., Cannire, C.: Higher-order differential properties of Keccak and Luffa. In: Joux, A. (eds.) FSE 2011, LNCS 6733, pp. 252–269 (2011)
Bulygin, S., Walter, M., Buchmann, J.: Full analysis of PRINTcipher with respect to invariant subspace attack: Efficient key recovery and countermeasures. Des. Codes Cryptogr 73(3), 997–1022 (2014)
Boura, C., Canteaut, A.: On the influence of the algebraic degree of F −1 on the algebraic degree of G∘F. IEEE Trans. Inf. Theory 59(1), 691–702 (2013)
De Cannire, C., Sato, H., Watanabe, D.: Hash Function Luffa - Specification Ver. 2.0.1, NIST SHA-3 Submission, Round 2 document (2009)
Carlet, C.: Boolean functions for cryptography and error correcting codes, chapter of a monograph. In: Crama, Y., Hammer, P. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press, Cambridge. Preliminary version available at http://www.math.univ-paris13.fr/carlet/ (2010)
Carlet, C.: Vectorial Boolean functions for cryptography, chapter of a monograph. In: Crama, Y., Hammer, P. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 398–472. Cambridge University Press, Cambridge. Preliminary version available at http://www.math.univ-paris13.fr/carlet/ (2010)
Charpin, P., Helleseth, T., Zinoviev, V.: Progagation characteristics of x ↦ x −1 and Kloosterman sums. Finite Fields Appl 13, 366–381 (2007)
Courtois, N.: Fast algebraic attacks on stream ciphers with linear feedback. In: Advances in Cryptology - CRYPTO 2003, volume 2729 of Lecture Notes in Computer Science, pp. 177–194. Springer-Verlag (2003)
Courois, N., Meier, W.: Algebraic attack on stream ciphers with linear feedback. In: Advances in Cryptology - EUROCRYPTO 2003 Lecture Notes in Computer Science, vol. 2656, pp. 345–359. Springer-Verlag (2003)
Daemen, J., Peeters, M., Van Assche, G., Rijmen, V: Nessie Proposal: NOEKEON: NESSIE Proposal (2000)
Duan, M., Lai, X.: Improved zero-sum distinguisher for full round Keccak-f permutation. IACR ePRINT Archive 2011, 23 (2011)
Dolmatov, V.: GOST 28147-89: Encryption, decryption, and message authentication code (MAC) algorithms, internet engineering task force RFC 5830 (2010)
Engels, D., Fan, X., Gong, G., Hu, H., Smith, E.M.: Hummingbird: Ultra-lightweight cryptography for resource-constrained devices. In: Sion, R. et al. (eds.) FC 2010 Work- shops, LNCS 6054, pp. 3–8. Springer (2010)
Engels, D., Saarinen, M.-J. O., Schweitzer, P., Smith, E.M.: The Hummingbird-2 lightweight authenticated encryption algorithm, RFIDSec 2011. In: The 7th Workshop on RFID Security and Privacy: 2628, June 2011. Amherst (2011)
Klapper, A., Chan, A. H., Goresky, M.: Cross-correlations of linearly and quadratically related geometric sequences and GMW sequences. Discret. Appl. Math. 46, 1–20 (1993)
Kucuk, O.: The hash function Hamsi, NIST SHA-3 Submission, Round 2 document 14 (2009)
Knudsen, L.: Truncated and Higher Order Differentials, FSE’94, pp. 196211 (1995)
Knudsen, L.R., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A block cipher for IC-PRINTing. In Mangard, S., Standaert, F.-X. (eds.) Proc. CHES 2010, vol. 6225 of LNCS, pp. 16–32 (2010)
Lai, X.: Higher order derivatives and differential cryptanalysis. In: Proc. Symp. Commun., Coding Cryptography, 227–233, in honor of J. L. Massey on the Occasion of His 60th Birthday. Kluwer Academic Publishers (1994)
Leander, G., Poschmann, A.: On the classification of 4 bit Sboxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007, LNCS 4547, pp. 159–176 (2007)
Leander, G., Abdelraheem, M. A., Alkhzaimi, H., Zenner, E.: A cryptanalysis of PRINTcipher: The invariant subspace attack. In: Proceedings of Cypto 2011, LNCS, vol. 6841, pp. 206–221 (2011)
Lidl, R., Niederreiter, H.: Finite Fields. Cambridge University Press (1997)
Matsui, M.: Linear cryptanalysis method for DES cipher, Advances in Cryptology - EUROCRYPT (1993)
Nyberg, K.: Perfect Nonlinear Sboxes. EUROCRYPT, 378–386 (1991)
Nyberg, K.: Sboxes and round functions with controlled linearity and differential uniformity. In: FSE 94, LNCS 1008, pp. 111–130 (1995)
NIST, Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification. http://www.dacas.cn/thread.aspx/ID=2304
NIST, Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. Document 2: SNOW 3G Specification. www.gsma.com/technicalprojects/wp-content/uea2uia2
NIST: Data Encryption Standard, FIPS PUB 46. National Bureau of Standards, U.S. Department of Commerce, Washington D.C. (1977)
NIST, The Advanced Encryption Standard, FIPS 197. csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Passman, D.S.: The Algebraic Structure of Group Rings. Wiley-Interscience, New York (1977)
Pott, A.: Nonlinear functions in abelian groups and relative difference sets. Discret. Appl. Math. 138(1-2), 177–193 (2004)
Saarinen, M. O.: Cryptographic analysis of all 4×4 Sboxes. In: Miri, A., Vaudenay, S. (eds.) SAC 2011, LNCS 7118, pp. 118–133 (2011)
Schmidt, B.: On (p a, p b, p a, p a−b)-relative difference set. J. Algebraic Combin. 6, 279–297 (1997)
Sorkin, A.: Lucifer: A cryptographic algorithm. Cryptologia 8(1), 22–32 (1984)
Standaert, F.-X., Piret, G., Rouvroy, G., Quisquater, J.-J., Legat, J.-D.: ICEBERG: An involutional cipher efficient for block encryption in reconfigurable hardware. In: Roy, B., Meier, W. (eds.) FSE 2004, LNCS 3017, pp. 279–299. Springer (2004)
Tezcan, C.: Improbable differential attacks on Present using undisturbed bits. J. Comput. Appl. Math. 259(B), 503–511 (2014)
Wu, H.: The Hash Function JH, NIST SHA-3 Submission, Round 3 document 16 (2011)
Acknowledgments
We thank the anonymous reviewers for the valuable comments, which significantly improve the quality and presentation of this paper. We thank Cihangir Tezcan for sending us his paper [40].
Author information
Authors and Affiliations
Corresponding author
Appendix: The t-th differential uniformity of the 4-bit Sboxes used in previous ciphers
Appendix: The t-th differential uniformity of the 4-bit Sboxes used in previous ciphers
Rights and permissions
About this article
Cite this article
Tan, Y., Gong, G. & Zhu, B. Enhanced criteria on differential uniformity and nonlinearity of cryptographically significant functions. Cryptogr. Commun. 8, 291–311 (2016). https://doi.org/10.1007/s12095-015-0141-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-015-0141-x
Keywords
- Substitution box
- Almost perfect nonlinear function
- Perfect nonlinear function
- Truncated differential attack