A New Class of Invertible Mappings

  • Alexander Klimov
  • Adi Shamir
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2523)


Invertible transformations over n-bit words are essential ingredients in many cryptographic constructions. When n is small (e.g., n = 8) we can compactly represent any such transformation as a lookup table, but when n is large (e.g., n = 64) we usually have to represent it as a composition of simpler operations such as linear mappings, S-P networks, Feistel structures, etc. Since these cryptographic constructions are often implemented in software on standard microprocessors, we are particularly interested in invertible univariate or multivariate transformations which can be implemented as small compositions of basic machine instructions on 32 or 64 bit words. In this paper we introduce a new class of provably invertible mappings which can mix arithmetic operations (negation, addition, subtraction, multiplication) and boolean operations (not, xor, and, or), are highly efficient, and have desirable cryptographic properties. In particular, we show that for any n the mapping xx + (x 2 V C) (mod 2n) is a permutation with a single cycle of length 2n iff both the least significant bit and the third least significant bit in the constant C are 1.


Boolean Operation Block Cipher Pseudo Random Number Generator Machine Instruction Primitive Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    V. S. Anashin, “Uniformly distributed sequences over p-adic integers”, Proceedings of the Int’l Conference on Number Theoretic and Algebraic Methods in Computer Science (A. J. van der Poorten, I. Shparlinsky and H. G. Zimmer, eds.), World Scientific, 1995.Google Scholar
  2. 2.
    E. Biham, “A Fast New DES Implementation in Software”, Fast Software Encryption Workshop, 1997Google Scholar
  3. 3.
    H. Feistel, “Cryptography and Computer Privacy,” Scientific American, v. 228, n. 5, May 1973, pp. 15–23.Google Scholar
  4. 4.
    V. Furman, “Differential Cryptanalysis of Nimbus”, Fast Software Encryption Workshop, 2001Google Scholar
  5. 5.
    H. Lipmaa, S. Moriai, “Efficient Algorithms for Computing Differential Properties of Addition”, 2001. Available from
  6. 6.
    A. W. Machado, “The nimbus cipher: A proposal for NESSIE”, NESSIE Proposal, 2000.Google Scholar
  7. 7.
    National Bureau of Standards, NBS FIPS PUB 46, “Data Encryption Standard,” National Bureau of Standards, U.S. Department of Commerce, Jan 1977.Google Scholar
  8. 9.
    J. Daemen, V. Rijmen, “AES Proposal: Rijndael”, version 2, 1999Google Scholar
  9. 11.
    R. Rivest, M. Robshaw, R. Sidney, and Y. L. Yin, “The RC6 block cipher”. Available from
  10. 12.
    R. Rivest, “Permutation Polynomials Modulo 2ω”, 1999.Google Scholar
  11. 13.
    B. Schneier and J. Kelsey, “Unbalanced Feistel Networks and Block Cipher Design”, in Proceedings of the Third International Workshop on Fast Software Encryption, Cambridge, UK, February 1996, Springer, LNCS 1039, pp.121–144.Google Scholar
  12. 14.
    A. Shamir, “Efficient Signature Schemes Based on Birational Permutations”, in Proceedings of CRYPTO 93, LNCS 773, 1–12.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Alexander Klimov
    • 1
  • Adi Shamir
    • 1
  1. 1.Computer Science departmentThe Weizmann Institute of ScienceRehovotIsrael

Personalised recommendations