Cryptography and Communications

, Volume 8, Issue 2, pp 291–311 | Cite as

Enhanced criteria on differential uniformity and nonlinearity of cryptographically significant functions

  • Yin TanEmail author
  • Guang Gong
  • Bo Zhu


The functions defined on finite fields with high nonlinearity are important primitives in cryptography. They are used as the substitution boxes in many block ciphers. To avoid the differential and linear attacks on the ciphers, the Sboxes must have low differential uniformity and high nonlinearity. In this paper, we generalize the notions of the differential uniformity and nonlinearity, which are called the t-th differential uniformity and the diversity of the nonlinearity, to measure the nonlinear property of the functions. We show that the Sboxes endorsed by ZUC, SNOW 3G and some lightweight block ciphers have poor performances under these new criteria. The properties and characterizations of these new notions are presented. Another contribution of this paper is to study the nonlinearity of the functions with the form F = fa, where f is from \({ \mathbb {F}_{2}^{k}}\) to \({ \mathbb {F}_{2}^{n}}\) and a is a linear surjection from \({ \mathbb {F}_{2}^{n}}\) to \({ \mathbb {F}_{2}^{m}}\). The motivation of this study is that such a substitution-permutation composition structure is widely used in the design of modern ciphers, which is to bring the confusion and diffusion to the ciphers. We determine the nonlinearity of F for the linear function a with certain property. Using this result, we compute the diversity of the nonlinearity for F and f. It is found that the former value is greatly amplified, which weakens the ciphers against the linear attack.


Substitution box Almost perfect nonlinear function Perfect nonlinear function Truncated differential attack 

Mathematics Subject Classifications (2010)

06E30 94A60 



We thank the anonymous reviewers for the valuable comments, which significantly improve the quality and presentation of this paper. We thank Cihangir Tezcan for sending us his paper [40].


  1. 1.
    Anderson, R., Biham, E., Knudsen, L.: Serpent: A proposal for the advanced encryption standard. (1999)
  2. 2.
    Armknecht, F: Improving fast algebraic attacks. In: 11th International Workshop on Fast Software Encryption, FSE 2004, Lecture Notes in Computer Science, vol. 3017, pp. 65–82 (2004)Google Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007, LNCS 4727, pp. 450–466 (2007)Google Scholar
  5. 5.
    Boura, C., Canteaut, A., Cannire, C.: Higher-order differential properties of Keccak and Luffa. In: Joux, A. (eds.) FSE 2011, LNCS 6733, pp. 252–269 (2011)Google Scholar
  6. 6.
    Bulygin, S., Walter, M., Buchmann, J.: Full analysis of PRINTcipher with respect to invariant subspace attack: Efficient key recovery and countermeasures. Des. Codes Cryptogr 73(3), 997–1022 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Boura, C., Canteaut, A.: On the influence of the algebraic degree of F −1 on the algebraic degree of GF. IEEE Trans. Inf. Theory 59(1), 691–702 (2013)MathSciNetCrossRefGoogle Scholar
  8. 8.
    De Cannire, C., Sato, H., Watanabe, D.: Hash Function Luffa - Specification Ver. 2.0.1, NIST SHA-3 Submission, Round 2 document (2009)Google Scholar
  9. 9.
    Carlet, C.: Boolean functions for cryptography and error correcting codes, chapter of a monograph. In: Crama, Y., Hammer, P. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press, Cambridge. Preliminary version available at (2010)
  10. 10.
    Carlet, C.: Vectorial Boolean functions for cryptography, chapter of a monograph. In: Crama, Y., Hammer, P. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 398–472. Cambridge University Press, Cambridge. Preliminary version available at (2010)
  11. 11.
    Charpin, P., Helleseth, T., Zinoviev, V.: Progagation characteristics of xx −1 and Kloosterman sums. Finite Fields Appl 13, 366–381 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Courtois, N.: Fast algebraic attacks on stream ciphers with linear feedback. In: Advances in Cryptology - CRYPTO 2003, volume 2729 of Lecture Notes in Computer Science, pp. 177–194. Springer-Verlag (2003)Google Scholar
  13. 13.
    Courois, N., Meier, W.: Algebraic attack on stream ciphers with linear feedback. In: Advances in Cryptology - EUROCRYPTO 2003 Lecture Notes in Computer Science, vol. 2656, pp. 345–359. Springer-Verlag (2003)Google Scholar
  14. 14.
    Daemen, J., Peeters, M., Van Assche, G., Rijmen, V: Nessie Proposal: NOEKEON: NESSIE Proposal (2000)Google Scholar
  15. 15.
    Duan, M., Lai, X.: Improved zero-sum distinguisher for full round Keccak-f permutation. IACR ePRINT Archive 2011, 23 (2011)Google Scholar
  16. 16.
    Dolmatov, V.: GOST 28147-89: Encryption, decryption, and message authentication code (MAC) algorithms, internet engineering task force RFC 5830 (2010)Google Scholar
  17. 17.
    Engels, D., Fan, X., Gong, G., Hu, H., Smith, E.M.: Hummingbird: Ultra-lightweight cryptography for resource-constrained devices. In: Sion, R. et al. (eds.) FC 2010 Work- shops, LNCS 6054, pp. 3–8. Springer (2010)Google Scholar
  18. 18.
    Engels, D., Saarinen, M.-J. O., Schweitzer, P., Smith, E.M.: The Hummingbird-2 lightweight authenticated encryption algorithm, RFIDSec 2011. In: The 7th Workshop on RFID Security and Privacy: 2628, June 2011. Amherst (2011)Google Scholar
  19. 19.
    Klapper, A., Chan, A. H., Goresky, M.: Cross-correlations of linearly and quadratically related geometric sequences and GMW sequences. Discret. Appl. Math. 46, 1–20 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Kucuk, O.: The hash function Hamsi, NIST SHA-3 Submission, Round 2 document 14 (2009)Google Scholar
  21. 21.
    Knudsen, L.: Truncated and Higher Order Differentials, FSE’94, pp. 196211 (1995)Google Scholar
  22. 22.
    Knudsen, L.R., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: A block cipher for IC-PRINTing. In Mangard, S., Standaert, F.-X. (eds.) Proc. CHES 2010, vol. 6225 of LNCS, pp. 16–32 (2010)Google Scholar
  23. 23.
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Proc. Symp. Commun., Coding Cryptography, 227–233, in honor of J. L. Massey on the Occasion of His 60th Birthday. Kluwer Academic Publishers (1994)Google Scholar
  24. 24.
    Leander, G., Poschmann, A.: On the classification of 4 bit Sboxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007, LNCS 4547, pp. 159–176 (2007)Google Scholar
  25. 25.
    Leander, G., Abdelraheem, M. A., Alkhzaimi, H., Zenner, E.: A cryptanalysis of PRINTcipher: The invariant subspace attack. In: Proceedings of Cypto 2011, LNCS, vol. 6841, pp. 206–221 (2011)Google Scholar
  26. 26.
    Lidl, R., Niederreiter, H.: Finite Fields. Cambridge University Press (1997)Google Scholar
  27. 27.
    Matsui, M.: Linear cryptanalysis method for DES cipher, Advances in Cryptology - EUROCRYPT (1993)Google Scholar
  28. 28.
    Nyberg, K.: Perfect Nonlinear Sboxes. EUROCRYPT, 378–386 (1991)Google Scholar
  29. 29.
    Nyberg, K.: Sboxes and round functions with controlled linearity and differential uniformity. In: FSE 94, LNCS 1008, pp. 111–130 (1995)Google Scholar
  30. 30.
    NIST, Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification.
  31. 31.
    NIST, Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2. Document 2: SNOW 3G Specification.
  32. 32.
    NIST: Data Encryption Standard, FIPS PUB 46. National Bureau of Standards, U.S. Department of Commerce, Washington D.C. (1977)Google Scholar
  33. 33.
    NIST, The Advanced Encryption Standard, FIPS 197.
  34. 34.
    Passman, D.S.: The Algebraic Structure of Group Rings. Wiley-Interscience, New York (1977)zbMATHGoogle Scholar
  35. 35.
    Pott, A.: Nonlinear functions in abelian groups and relative difference sets. Discret. Appl. Math. 138(1-2), 177–193 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  36. 36.
    Saarinen, M. O.: Cryptographic analysis of all 4×4 Sboxes. In: Miri, A., Vaudenay, S. (eds.) SAC 2011, LNCS 7118, pp. 118–133 (2011)Google Scholar
  37. 37.
    Schmidt, B.: On (p a, p b, p a, p ab)-relative difference set. J. Algebraic Combin. 6, 279–297 (1997)MathSciNetCrossRefGoogle Scholar
  38. 38.
    Sorkin, A.: Lucifer: A cryptographic algorithm. Cryptologia 8(1), 22–32 (1984)CrossRefGoogle Scholar
  39. 39.
    Standaert, F.-X., Piret, G., Rouvroy, G., Quisquater, J.-J., Legat, J.-D.: ICEBERG: An involutional cipher efficient for block encryption in reconfigurable hardware. In: Roy, B., Meier, W. (eds.) FSE 2004, LNCS 3017, pp. 279–299. Springer (2004)Google Scholar
  40. 40.
    Tezcan, C.: Improbable differential attacks on Present using undisturbed bits. J. Comput. Appl. Math. 259(B), 503–511 (2014)CrossRefzbMATHGoogle Scholar
  41. 41.
    Wu, H.: The Hash Function JH, NIST SHA-3 Submission, Round 3 document 16 (2011)Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringUniversity of WaterlooWaterlooCanada

Personalised recommendations