Jie Peng,Chik How Tan,Qichun Wang,Jianhua Gao,Haibin Kan

DOI: https://doi.org/10.1587/transfun.E101.A.945

2018-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Research on permutation polynomials over the finite field F-22k with significant cryptographical properties such as possibly low differential uniformity, possibly high nonlinearity and algebraic degree has attracted a lot of attention and made considerable progress in recent years. Once used as the substitution boxes (S-boxes) in the block ciphers with Substitution Permutation Network (SPN) structure, this kind of polynomials can have a good performance against the classical cryptographic analysis such as linear attacks, differential attacks and the higher order differential attacks. In this paper we put forward a new construction of differentially 4-uniformity permutations over F-22k by modifying the inverse function on some specific subsets of the finite field. Compared with the previous similar works, there are several advantages of our new construction. One is that it can provide a very large number of Carlet-Charpin-Zinoviev equivalent classes of functions (increasing exponentially). Another advantage is that all the functions are explicitly constructed, and the polynomial forms are obtained for three subclasses. The third advantage is that the chosen subsets are very large, hence all the new functions are not close to the inverse function. Therefore, our construction may provide more choices for designing of S-boxes. Moreover, it has been checked by a software programm for k = 3 that except for one special function, all the other functions in our construction are Carlet-Charpin-Zinoviev equivalent to the existing ones.

Jingxue Ma,Tao Zhang,Tao Feng,Gennian Ge

DOI: https://doi.org/10.1007/s10623-016-0236-1

2016-01-01

Abstract:Permutation polynomials over finite fields constitute an active research area and have applications in many areas of science and engineering. In this paper, four classes of monomial complete permutation polynomials and one class of trinomial complete permutation polynomials are presented, one of which confirms a conjecture proposed by Wu et al. (Sci China Math 58:2081–2094, 2015 ). Furthermore, we give two classes of permutation trinomial, and make some progress on a conjecture about the differential uniformity of power permutation polynomials proposed by Blondeau et al. (Int J Inf Coding Theory 1:149–170, 2010 ).

Jaeseong Jeong,Namhun Koo,Soonhak Kwon

DOI: https://doi.org/10.48550/arXiv.2009.08612

2020-09-18

Abstract:Finding permutation polynomials with low differential and boomerang uniformityis an important topic in S-box designs of many block ciphers. For example, AES chooses the inverse function as its S-box, which is differentially 4-uniform and boomerang 6-uniform. Also there has been considerable research on many non-quadratic permutations which are obtained by modifying certain set of points from the inverse function. In this paper, we give a novel approach that shows that plenty of existing modifications of the inverse function are in fact affine equivalent to permutations of low Carlitz rank and those modifications cannot be APN (almost perfect nonlinear) unless the Carlitz rank is very large. Using nice properties of the permutations of Carlitz form, we present the complete list of permutations of Carlitz rank 3 having the boomerang uniformity six, and also give the complete classification of the differential uniformity of permutations of Carlitz rank 3. We also provide, up to affine equivalence, all the involutory permutations of Carlitz rank 3 having the boomerang uniformity six.

Information Theory,Combinatorics

Chenmiao Shi,Jie Peng,Haibin Kan,Lijing Zheng

DOI: https://doi.org/10.1016/j.ffa.2023.102340

IF: 1.655

2024-01-01

Finite Fields and Their Applications

Abstract:Permutations with differential and boomerang uniformity 4 over F22k offer good resistance to block ciphers against differential and boomerang attacks. There are five primarily constructed infinite classes of differentially 4-uniform permutations with the best known nonlinearity over F22k, namely the Gold functions, the Kasami functions, the Inverse functions, the Bracken-Leander functions and the Bracken-Tan-Tan functions. It has been shown by Boura et al. and by Mesnager et al. respectively, that the Gold functions and the Bracken-Tan-Tan functions also have boomerang uniformity 4. It is known that the Bracken-Tan-Tan functions are CCZ-inequivalent to the Inverse functions and the Bracken-Leander functions. In this paper, it is proved that the Bracken-Tan-Tan functions are also CCZ-inequivalent to the Gold functions and the Kasami functions. In particular, the Gold functions and the Bracken-Tan-Tan functions are two different classes of boomerang uniformity 4 permutations up to EA-equivalence.

Tao Feng

DOI: https://doi.org/10.1016/j.jcta.2009.11.004

2011-01-01

Abstract:Let p be a prime larger than 3 and congruent to 3 modulo 4, and let G be the non-abelian group of order p^3 and exponent p. We study the structure of a putative difference set with parameters (p^3,p^3-12,p^3-34) in G which is fixed by a certain element of order p in Aut(G). We then give a construction of skew Hadamard difference set in the group G for each prime p3 that is congruent to 3 modulo 4. This is the first infinite family of non-abelian skew Hadamard difference sets. Finally, we show that the symmetric designs derived from these new difference sets are not isomorphic to the Paley designs.

Tao Feng,Koji Momihara

DOI: https://doi.org/10.1007/s10801-014-0523-8

2014-01-01

Journal of Algebraic Combinatorics

Abstract:It is well-known that translation schemes of prime order are exactly the cyclotomic schemes. In this paper, we show that there do not exist any two-, three-, or four-class nonsymmetric primitive translation schemes of prime square order. On the other hand, we find new nonsymmetric four- and five-class association schemes from cyclotomy as fission schemes of certain symmetric three-class association schemes. Moreover, we provide an affirmative answer to the following question raised by Song (J Algebr Comb 5:47–55, 1996): are there any other two-class primitive association schemes that admit symmetrizable fission schemes besides the cyclotomic scheme of index 2 for \(q \equiv 5 \hbox { (mod 8)}\)? To be more specific, we show that a certain two-class primitive association scheme in the finite field \({\mathbb F}_{37^3}\) constructed by Feng and Xiang (J Comb Theory Ser A 119:245–256, 2012) admits a four-class fission scheme. This fission scheme is realized as a fusion scheme of the cyclotomic scheme of index 28.

Qichun Wang,Haibin Kan

DOI: https://doi.org/10.1587/transfun.e95.a.2080

2012-01-01

Abstract:Constructing APN or 4-differentially uniform permutations achieving all the necessary criteria is an open problem, and the research on it progresses slowly. In ACISP 2011, Car let put forth an idea for constructing differentially uniform permutations using extension fields, which was illustrated with a construction of a 4-differentially uniform (n, n)-permutation. The permutation has optimum algebraic degree and very good nonlinearity. However, it was proved to be a permutation only for n odd. In this note, we investigate further the construction of differentially uniform permutations using extension fields, and construct a 4-differentially uniform (n, n)-permutation for any n. These permutations also have optimum algebraic degree and very good nonlinearity. Moreover, we consider a more general type of construction, and illustrate it with an example of a 4-differentially uniform (n, n)-permutation with good cryptographic properties.

Arnab Roy,Matthias Johann Steiner

DOI: https://doi.org/10.48550/arXiv.2204.01802

2023-05-28

Abstract:In recent years a new class of symmetric-key primitives over $\mathbb{F}_p$ that are essential to Multi-Party Computation and Zero-Knowledge Proofs based protocols have emerged. Towards improving the efficiency of such primitives, a number of new block ciphers and hash functions over $\mathbb{F}_p$ were proposed. These new primitives also showed that following alternative design strategies to the classical Substitution-Permutation Network (SPN) and Feistel Networks leads to more efficient cipher and hash function designs over $\mathbb{F}_p$ specifically for large odd primes $p$. In view of these efforts, in this work we build an \emph{algebraic framework} that allows the systematic exploration of viable and efficient design strategies for constructing symmetric-key (iterative) permutations over $\mathbb{F}_p$. We first identify iterative polynomial dynamical systems over finite fields as the central building block of almost all block cipher design strategies. We propose a generalized triangular polynomial dynamical system (GTDS), and based on the GTDS we provide a generic definition of an iterative (keyed) permutation over $\mathbb{F}_p^n$. Our GTDS-based generic definition is able to describe the three most well-known design strategies, namely SPNs, Feistel networks and Lai--Massey. Consequently, the block ciphers that are constructed following these design strategies can also be instantiated from our generic definition. Moreover, we find that the recently proposed \texttt{Griffin} design, which neither follows the Feistel nor the SPN design, can be described using the generic GTDS-based definition. We also show that a new generalized Lai--Massey construction can be instantiated from the GTDS-based definition. We further provide generic analysis of the GTDS including an upper bound on the differential uniformity and the correlation.

Cryptography and Security

Shuang Xiang,Yingqi Tang,Yan Tong,Jinzhou Huang

DOI: https://doi.org/10.1504/ijahuc.2024.136833

2024-02-23

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:This paper proposes a novel recursive approach for constructing generalised complete permutations over finite fields and analyses their cryptographic properties. The method can generate complete, strong complete, K -strong complete, and S -complete permutations by recursively combining component permutations and arbitrary mappings. Compared to prior recursive techniques, the approach provides larger classes of permutations with superior cryptographic strengths like higher algebraic degree, etc. Algebraic degree, nonlinearity, differential/boomerang uniformity, and other properties are investigated. For instance, constructed complete permutations can achieve optimal algebraic degrees to resist structural attacks. The analysis also derives tight lower and upper bounds on ( c -)differential uniformity, ( c -)boomerang uniformity and nonlinearity. Results demonstrate improved algebraic degree, differential and boomerang uniformities over previous recursive methods. Overall, this work makes significant contributions around complete permutation generation and analysis in cryptography.

computer science, information systems,telecommunications

Kwang Ho Kim,Sihem Mesnager,Jong Hyok Choe,Dok Nam Lee,Sengsan Lee,Myong Chol Jo

DOI: https://doi.org/10.1007/s10623-022-01047-x

2022-05-09

Abstract:Motivated by recent works on the butterfly structure, particularly by its generalization introduced by Canteaut et al. (IEEE Trans Inf Theory 63(11):7575–7591, 2017), we first push further the study of permutation polynomials over binary finite fields by completely characterizing those permutations defined over the finite field (of order ) having the following shape: where , , m is odd, , and . We shall provide an approach to handle the bijectivity of for any . Notably, we show that the problem of finding conditions for bijectivity of the quadrinomial is closely related to the study of the famous equation (*). We then reduce the initial problem into the problem of finding conditions for which an equation of the form (*) has a unique solution in for every . In addition, as a crucial direct consequence our result, we prove the validity of the conjecture (Conjecture 19) proposed by Li et al. (Des Codes Cryptogr 89:737–761, 2021). We emphasize that our positive answer completely characterizes permutations with boomerang uniformity 4 from the butterfly structure, which leads to the view of the quadrinomial as excellent candidates to design block ciphers in symmetric cryptography. Despite a lot of attention regarding the considered conjecture, it remains unsolved on its whole when the coefficients lie in . However, this article is the first which propose an approach that solves the enter conjecture by handling both sides of it involving equivalence simultaneously. We believe that our novel approach and its strength could benefit from proving the bijectivity of other families of polynomials over finite fields.

Yuying Man,Sihem Mesnager,Nian Li,Xiangyong Zeng,Xiaohu Tang

2023-09-05

Abstract:Substitution boxes (S-boxes) play a significant role in ensuring the resistance of block ciphers against various attacks. The Difference Distribution Table (DDT), the Feistel Boomerang Connectivity Table (FBCT), the Feistel Boomerang Difference Table (FBDT) and the Feistel Boomerang Extended Table (FBET) of a given S-box are crucial tools to analyze its security concerning specific attacks. However, the results on them are rare. In this paper, we investigate the properties of the power function $F(x):=x^{2^{m+1}-1}$ over the finite field $\gf_{2^n}$ of order $2^n$ where $n=2m$ or $n=2m+1$ ($m$ stands for a positive integer). As a consequence, by carrying out certain finer manipulations of solving specific equations over $\gf_{2^n}$, we give explicit values of all entries of the DDT, the FBCT, the FBDT and the FBET of the investigated power functions. From the theoretical point of view, our study pushes further former investigations on differential and Feistel boomerang differential uniformities for a novel power function $F$. From a cryptographic point of view, when considering Feistel block cipher involving $F$, our in-depth analysis helps select $F$ resistant to differential attacks, Feistel differential attacks and Feistel boomerang attacks, respectively.

Information Theory

Sihem Mesnager,Chunming Tang,Maosheng Xiong

DOI: https://doi.org/10.48550/arXiv.1903.00501

2019-03-02

Abstract:At Eurocrypt'18, Cid, Huang, Peyrin, Sasaki, and Song introduced a new tool called Boomerang Connectivity Table (BCT) for measuring the resistance of a block cipher against the boomerang attack (which is an important cryptanalysis technique introduced by Wagner in 1999 against block ciphers). Next, Boura and Canteaut introduced an important parameter (related to the BCT) for cryptographic Sboxes called boomerang uniformity. In this context, we present a brief state-of-the-art on the notion of boomerang uniformity of vectorial functions (or Sboxes) and provide new results. More specifically, we present a slightly different (and more convenient) formulation of the boomerang uniformity and show that the row sum and the column sum of the boomerang connectivity table can be expressed in terms of the zeros of the second-order derivative of the permutation or its inverse. Most importantly, we specialize our study of boomerang uniformity to quadratic permutations in even dimension and generalize the previous results on quadratic permutation with optimal BCT (optimal means that the maximal value in the Boomerang Connectivity Table equals the lowest known differential uniformity). As a consequence of our general result, we prove that the boomerang uniformity of the binomial differentially $4$-uniform permutations presented by Bracken, Tan, and Tan equals $4$. This result gives rise to a new family of optimal Sboxes.

Cryptography and Security

Kirpa Garg,Sartaj Ul Hasan,Pantelimon Stanica

2023-07-21

Abstract:The notion of $c$-differential uniformity has recently received a lot of attention since its proposal~\cite{Ellingsen}, and recently a characterization of perfect $c$-nonlinear functions in terms of difference sets in some quasigroups was obtained in~\cite{AMS22}. Independent of their applications as a measure for certain statistical biases, the construction of functions, especially permutations, with low $c$-differential uniformity is an interesting mathematical problem in this area, and recent work has focused heavily in this direction. We provide a few classes of permutation polynomials with low $c$-differential uniformity. The used technique involves handling various Weil sums, as well as analyzing some equations in finite fields, and we believe these can be of independent interest.

Information Theory,Number Theory

Guanghui Li,Xiwang Cao

DOI: https://doi.org/10.1142/s0219498825502913

2024-06-25

Journal of Algebra and Its Applications

Abstract:Journal of Algebra and Its Applications, Ahead of Print. Multiplicative differential (and the corresponding [math]-differential uniformity) was introduced by Ellingsen et al. in [[math]-differentials, multiplicative uniformity and (almost) perfect [math]-nonlinearity, IEEE Trans. Inf. Theory 66(9) (2020) 5781–5789], which has attracted lots of attention. Functions with low [math]-differential uniformity over finite fields, especially the P[math]N and AP[math]N functions, have been widely investigated due to their applications in cryptography. In this paper, we first compute the [math]-differential uniformity of two classes of permutation polynomials. For one of these, we explicitly determine the [math]-DDT entries. For the second type of function, we give bounds for its [math]-differential uniformity. Besides, several classes of P[math]N or AP[math]N functions are presented by employing some known functions and the (generalized) AGW criterion.

mathematics, applied

Guanghui Li,Xiwang Cao

DOI: https://doi.org/10.1007/s40314-024-02956-4

2024-10-11

Computational and Applied Mathematics

Abstract:Permutation polynomials over finite fields have been extensively studied not only for their applications in cryptography, but have also been applied to coding theory and combinatorial design theory. Recently, a new theoretical tool, the Boomerang Connectivity Table (BCT) and the corresponding boomerang uniformity were introduced to evaluate the resistance of a block cipher against boomerang attacks. Inspired by a multiplier differential, Stănică [Investigations on c -boomerang uniformity and perfect nonlinearity, Discret. Appl. Math., 2021] extended the concept of boomerang uniformity to c -boomerang uniformity. In this paper, we investigate two classes of permutation polynomials over with respect to this new concept. We show that these permutations are 1-uniform c -BCT functions.

mathematics, applied

Changhui Chen,Haibin Kan,Jie Peng,Li Wang

DOI: https://doi.org/10.1587/transfun.2023eap1113

2024-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Permutation polynomials have been studied for a long time and have important applications in cryptography, coding theory and combinatorial designs. In this paper, by means of the multivariate method and the resultant, we propose four new classes of permutation quadrinomials over F q 3 , where q is a prime power. We also show that they are not quasi-multiplicative equivalent to known ones. Moreover, we compare their differential uniformity with that of some known classes of permutation trinomials for some small q.

Kwang Ho Kim,Sihem Mesnager,Ye Bong Kim

2023-05-22

Abstract:A substitution box (S-box) in a symmetric primitive is a mapping $F$ that takes $k$ binary inputs and whose image is a binary $m$-tuple for some positive integers $k$ and $m$, which is usually the only nonlinear element of the most modern block ciphers. Therefore, employing S-boxes with good cryptographic properties to resist various attacks is significant. For power permutation $F$ over finite field $\GF{2^k}$, the multiset of values $\beta_F(1,b)=\#\{x\in \GF{2^k}\mid F^{-1}(F(x)+b)+F^{-1}(F(x+1)+b)=1\}$ for $b\in \GF{2^k}$ is called the boomerang spectrum of $F$. The maximum value in the boomerang spectrum is called boomerang uniformity. This paper determines the boomerang spectrum of the power permutation $X^{2^{3n}+2^{2n}+2^{n}-1}$ over $\GF{2^{4n}}$. The boomerang uniformity of that power permutation is $3(2^{2n}-2^n)$. However, on a large subset $\{b\in \GF{2^{4n}}\mid \mathbf{Tr}_n^{4n}(b)\neq 0\}$ of $\GF{2^{4n}}$ of cardinality $2^{4n}-2^{3n}$ (where $ \mathbf{Tr}_n^{4n}$ is the (relative) trace function from $\GF{2^{4n}}$ to $\GF{2^{n}}$), we prove that the studied function $F$ achieves the optimal boomerang uniformity $2$. It is known that obtaining such functions is a challenging problem. More importantly, the set of $b$'s giving this value is explicitly determined for any value in the boomerang spectrum.

Information Theory,Number Theory

Huan Zhou,Xiaoni Du,Xingbin Qiao,Wenping Yuan

2024-09-19

Abstract:Feistel Boomerang Connectivity Table (FBCT) is an important cryptanalytic technique on analysing the resistance of the Feistel network-based ciphers to power attacks such as differential and boomerang attacks. Moreover, the coefficients of FBCT are closely related to the second-order zero differential spectra of the function $F(x)$ over the finite fields with even characteristic and the Feistel boomerang uniformity is the second-order zero differential uniformity of $F(x)$. In this paper, by computing the number of solutions of specific equations over finite fields, we determine explicitly the second-order zero differential spectra of power functions $x^{2^m+3}$ and $x^{2^m+5}$ with $m>2$ being a positive integer over finite field with even characteristic, and $x^{p^k+1}$ with integer $k\geq1$ over finite field with odd characteristic $p$. It is worth noting that $x^{2^m+3}$ is a permutation over $\mathbb{F}_{2^n}$ and only when $m$ is odd, $x^{2^m+5}$ is a permutation over $\mathbb{F}_{2^n}$, where integer $n=2m$. As a byproduct, we find $F(x)=x^4$ is a PN and second-order zero differentially $0$-uniform function over $\mathbb{F}_{3^n}$ with odd $n$. The computation of these entries and the cardinalities in each table aimed to facilitate the analysis of differential and boomerang cryptanalysis of S-boxes when studying distinguishers and trails.

Cryptography and Security,Information Theory

Kangquan Li,Longjiang Qu,Bing Sun,Chao Li

DOI: https://doi.org/10.48550/arXiv.1901.10999

2019-01-17

Abstract:In EUROCRYPT 2018, Cid et al. \cite{BCT2018} introduced a new concept on the cryptographic property of S-boxes: Boomerang Connectivity Table (BCT for short) for evaluating the subtleties of boomerang-style attacks. Very recently, BCT and the boomerang uniformity, the maximum value in BCT, were further studied by Boura and Canteaut \cite{BC2018}. Aiming at providing new insights, we show some new results about BCT and the boomerang uniformity of permutations in terms of theory and experiment in this paper. Firstly, we present an equivalent technique to compute BCT and the boomerang uniformity, which seems to be much simpler than the original definition from \cite{BCT2018}. Secondly, thanks to Carlet's idea \cite{Carlet2018}, we give a characterization of functions $f$ from $\mathbb{F}_{2}^n$ to itself with boomerang uniformity $\delta_{f}$ by means of the Walsh transform. Thirdly, by our method, we consider boomerang uniformities of some specific permutations, mainly the ones with low differential uniformity. Finally, we obtain another class of $4$-uniform BCT permutation polynomials over $\mathbb{F}_{2^n}$, which is the first binomial.

Cryptography and Security

SHEN Zhongyan,CAI Tianxin

DOI: https://doi.org/10.11845/sxjz.2017040b

2018-01-01

Abstract:Let A2(n) ={(i j) |1 ≤ i ＜ j ≤ n,(ij,n) =1},A3(n) ={(i j l),(i l j) | 1 ≤ i ＜ j ＜ 1 ≤ n,(ijl,n) =1},where cycle (x1 x2...xk) denotes a permutation,which maps xi to xi+1 for i ＜ k,and xk to x1,while mapping all other elements to themselves.We show the congruences of Σσ∈A2(n)n Σk=1(k,n)=1 σ(k)/km and Σσ∈A3(n) nΣk=1(k,n)=1 σ(k)/km,=Σi=1where σ denotes the permutation.Meanwhile,letting p ≥ 5 be a prime and H(k) =Σk i=1 1/i,we also show that Σσ∈A2(p) p-1 Σk=1σm(k)H(k) =2Bm (mod p),Σσ∈A3(p) p-1Σ k=1σm(k)H(k) =≡ 5Bm (mod p).