WO2014092533A1 - A method to construct bijective substitution box from non-permutation power functions - Google Patents

A method to construct bijective substitution box from non-permutation power functions Download PDF

Info

Publication number
WO2014092533A1
WO2014092533A1 PCT/MY2013/000229 MY2013000229W WO2014092533A1 WO 2014092533 A1 WO2014092533 A1 WO 2014092533A1 MY 2013000229 W MY2013000229 W MY 2013000229W WO 2014092533 A1 WO2014092533 A1 WO 2014092533A1
Authority
WO
WIPO (PCT)
Prior art keywords
bijective
power functions
function
boolean
map
Prior art date
Application number
PCT/MY2013/000229
Other languages
French (fr)
Other versions
WO2014092533A8 (en
Inventor
Herman ISA
Abdurashid MAMADILOV
Muhammad REZA Z'ABA
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2014092533A1 publication Critical patent/WO2014092533A1/en
Publication of WO2014092533A8 publication Critical patent/WO2014092533A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation

Abstract

A method to construct bijective substitution box by utilizing non-bijective power functions in the finite field by selecting a Boolean map from a plurality of non-bijective power functions (102); extending an image of said Boolean map to generate an extended map by adding another power function in finite field (104); obtaining a bijective function from said extended image by utilizing Balanced Boolean Function Maker algorithm (106); performing analysis on cryptographic properties of substitution box (110); and iterating said steps until said cryptographic properties meet predetermined condition of a bijective substitution box. Analysis is performed on cryptographic properties of substitution box to obtain substitution box with highest nonlinearity value of 104 and low differential uniformity value of 6. Further, a set of non-permutation linearly equivalent power functions are utilized (i.e. x3, x9 and x39) and binomial combination with selected candidates from set of all power functions in F2 8.

Description

A METHOD TO CONSTRUCT BIJECTIVE SUBSTITUTION BOX FROM NON- PERMUTATION POWER FUNCTIONS
FIELD OF INVENTION
The present invention relates to a method fo constructing bijective substitution box from non-permutation power functions. In particular, the present invention construct substitution box which holds the highest nonlinearity and low differential uniformity wherein a set of non-permutation linearly equivalent power functions are utilized (i.e. x3, x9 and x39) and binomial combination with selected candidates from a set of all power functions in F2 8.
BACKGROUND ART Substitution box (s-box) is a nonlinear component in block cipher which performs substitution and plays a crucial role against cryptanalysis especially towards linear and differential attacks. A cryptographically strong s-box was defined from several criteria such as high nonlinearity, low differential uniformity and high algebraic degree. Block cipher which utilizes Substitution-Permutation networks use bijective s-boxes which practically are 8 x 8 s-boxes, i.e., bijective function from F2 8 to F2 8 where F2 is a finite field with two elements. There also exist cryptographically strong s-boxes but are non- bijective.
The present invention provides an improved methodology of constructing new cryptographically strong s-boxes in which the bijective s-boxes are obtained by utilizing non-bijective power functions in the finite field. Existing methodology in the Applicant's earlier invention is described in Malaysia Patent No. MY-144134-A (hereinafter denoted as MY-134-A Patent). It relates to a method for generating a bijective substitution box by selecting a Boolean map from a plurality of non-bijective power functions in which an algorithm is provided to generate a bijective Boolean function. The said methodology as described in the MY-134-A Patent utilizes only x3 wherein in the present invention a set of non-permutation linearly equivalent power function are utilized, x3: {x3, x6, x12, x24, x48, x96, x129, x192}, x9: {x9, x18, x33, x36, x66, x72, x132, x144} and x39: {x39, x57, x78, x114, x147, x156, χ2οι x228j wnere χ6 χΐ2 χ24 χ48 χ9β χΐ29 and χΐ92 power functjons are linearly equivalent to x3; x18, x33, x36, x66, x72, x132 and x144 power functions are linearly equivalent to x9; and x57, x78, x 14, x147, x156, x201 and x228 power functions are linearly equivalent to x39. Further in the MY-134-A Patent, binomial combinations with only selected linear power functions in F2 8 are utilized as compared to the present invention wherein binomial combination with selected candidates from a set of all power functions in F2 . In MY-134-A Patent, highest nonlinearity, NL is 102 when n is 8 whereas in the present invention the highest nonlinearity value, NL is 104 when n is 8.
Another method for designing functions which can possibly be APN (Almost Perfect Nonlinear) and bijective are proposed in a published paper entitled "On Known and New Differential Uniform Functions" by Claude Carlet; published by Springer-Verlag Berlin Heidelberg 20 (hereinafter denoted as Carlet's paper). As described in Carlet's paper, only x3 is utilized wherein a set of non-permutation linearly equivalent power functions are utilized (i.e. x3, x9, and x39) in the present invention. Base functions are extended over a second order of finite field, F2 9 whereas the present invention provides for binomial combinations with selected candidates from set of all power functions in F2 8. The highest nonlinearity, NL is not known when n is 8 whereas in the present invention, s-box hold a highest nonlinearity value, NL of 04 when n is 8. An evolutionary strategy for the design of s-boxes with genetic algorithm is proposed in a published paper entitled "An Effective Evolutionary Strategy for Bijective S-boxes" by Hua Chen and Deng-guo Feng; published by IEEE 2004 (hereinafter denoted as Chen and Feng's paper). It provide genetic algorithm to construct the s-boxes that can breed a new s-boxes which can fully inherit the characteristics of the parent of s-boxes through Hill Climbing Approach that enables the cryptographic property of Boolean functions to reach a local maximum by swapping two of the outputs. However, Chen and Feng's paper does not utilize a set of non-permutation power functions to construct s-boxes as proposed in the present invention. Further, it does not utilize binomial combination with selected candidates from set of all power functions in F2 as provided in the present invention.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practiced.
SUMMARY OF INVENTION
The present invention relates to a method for constructing bijective substitution box from non-permutation power functions. In particular, the present invention construct substitution box which holds the highest nonlinearity and low differential uniformity wherein a set of non-permutation linearly equivalent power functions are utilized (i.e. x3, x9 and x39) and binomial combination with selected candidates from a set of all power functions in F2 8.
One aspect of the present invention provides for a method (100) to construct bijective substitution box by utilizing non-bijective power functions in the finite field. The method comprising steps of:
i. selecting a Boolean map from a plurality of non-bijective power functions (102);
ii. extending an image of said Boolean map to generate an extended map by adding another power function in finite field (104);
iii. obtaining a bijective function from said extended image by utilizing Balanced Boolean Function Maker algorithm (106);
iv. performing analysis on cryptographic properties of substitution box (110); and
v. iterating steps (i), (ii) and (iii) until said cryptographic properties meet predetermined condition of a bijective substitution box.
The step for performing analysis on cryptographic properties of substitution box further comprises steps of obtaining substitution box with highest nonlinearity and low differential uniformity wherein a set of non-permutation power functions are utilized and binomial combination with selected candidates from a set of all power functions.
Another aspect the invention provides for the step of extending an image of said Boolean map to generate an extended map by adding another power function in finite field. The said step further comprising steps of:
i. identifying a first power function from a plurality of power functions (202); ii. generating a plurality of non-bijective power functions by utilizing a linear combination between a plurality of linear combination of said power functions (204); and
iii. iterating steps (i) and (ii) for all power functions from said plurality of power functions.
In yet another aspect of the invention is the step for obtaining a bijective function from said extended image by utilizing Balanced Boolean Function Maker algorithm. The said step further comprises steps of:
i. receiving Boolean function from extended Boolean map (302); ii. identifying elements which are not outputs of extended Boolean map (304);
iii. identifying duplicate elements in extended Boolean map (306); iv. computing distance matrix of all elements in step (ii) and (iii) by comparing bit error rate between said elements (308);
v. arranging the distance matrix in step (iv) by utilizing column rank (CR) by ascending order (310);
vi. arranging the updated distance matrix in step (v) by utilizing row rank (RR) by ascending order (312);
vii. identifying first header element from distance matrix (3 4);
viii. identifying first data element from distance matrix (314);
ix. replacing first duplicate element from step (vii) to step (viii) in the extended Boolean map (316);
x. updating said distance matrix by deleting first column of header and first row of data (318); and
xi. iterating steps (v), (vi), (vii), (viii), (ix), and (x) until said distance matrix is free from plurality of header and data.
In still another aspect of the invention there is provided with that a set of non- permutation power functions are utilized, said set of non-permutation power functions comprises of linearly equivalent power function of x3, x9 and x39. In a further aspect of the invention there is provided that the highest nonlinearity value is 104; the lowest differential uniformity value is 6 and binomial combination with selected candidates from a set of all power functions utilizes bijective function of F2 8 The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1.0 is a flowchart illustrating the general methodology of the present invention to construct bijective substitution box by utilizing non-bijective power functions in the finite field.
FIG. 2.0 is a flowchart illustrating the further steps for the step of extending an image of said Boolean map to generate an extended map by adding another power function in finite field.
FIG. 3.0 is a flowchart illustrating the further steps of the step of obtaining a bijective function from said extended image by utilizing Balanced Boolean Function Maker algorithm.
FIG. 4.0 illustrates a diagram of construction algorithm which has high nonlinearity and low differential uniformity of the present invention. Table .0 is a classification of power functions, xd based on maximum nonlinearity for
F2 8.
Table 2.0 provide for S-Box Result and its inverse. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention provides a method for constructing bijective substitution box from non-permutation power functions. In particular, the present invention construct substitution box which holds the highest nonlinearity and low differential uniformity wherein a set of non-permutation linearly equivalent power functions are utilized x3: {x3, x6, x12, x24, x48, x96, x129, x192}, x9: {x9, x18, x33, x36, x66, x72, x132, x144} and x39: {x39, x57, x78, x 14, x147, x156, x201, x228} where x6, x12, x24, x48, x96, x129 and x192 power functions are linearly equivalent to x3; x 8, x33, x36, x66, x72, x132 and x144 power functions are linearly equivalent to x9; and x57, x78, x114, x 47, x156, x201 and x228 power functions are linearly equivalent to x39, and binomial combination with selected candidates from a set of all power functions in F2 8.
Hereinafter, this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims.
Referring first to FIGs. 1.0, 2.0 and 3.0 respectively, the method to construct bijective substitution box by utilizing non-bijective power functions in the finite field according to an embodiment of the invention is illustrated. The property of confusion and diffusion are identified by Claude Shannon whereby substitution (s)-boxes are the most important operation in a block cipher. As the only nonlinear operation, s-box plays a crucial role against various cryptanalysis. S-boxes are Boolean mapping from G : F2 m→F2". The present invention focuses on Boolean mapping when m=n=8, i.e. G : F2→F2 . In general, a Boolean function on n-inputs can be represented in a minimal sum ( XOR,+) of products ( AND,*) form:
/(*» · · . , *„) = ao + tf i · ι + . . . + aK - 1 X2 + . . .
' Χ,ι + · · · + "1.2,..../; · · ] · Χ2 . . . Χ„
Figure imgf000010_0001
* If the AND terms have all zero co-efficient, an affine function will be obtained. Else, if the constant term is further 0, a linear function will be produced.
For example, let / : "→ {o,l} be a Boolean function. The binary sequence ( *0)' (αι )>·> /(α2--ι )) is tne Trutn Tab,e of/ - A Boolean function is said to be balanced if its truth table has equal number of zeros and ones. In general, the balanced function is known as bijective mappings or a permutation.
The present invention only focus on the finite field F , wherein the said function was extended using power functions, xJ where x e F2 8 and d = 1, 2,..., 254 . The said functions are classified into linearly non-equivalent functions using squaring methods as shown in Table 1.0 whereby Table 1.0 is a classification of power functions, xd based on maximum nonlinearity for F2 8. To design a cryptographically strong s-box, some criteria must be met. Aside from a balanced component functions, a strong s-box must consist of high nonlinearity, low differential uniformity and high algebraic degree. It is an advantage if the s-box can avoid any fixed point(s) or opposite fixed point(s) and consists of moderate linear approximation which satisfy strict avalanche criterion.
Nonlinearity
In short, nonlinearity is defined to be the minimum Hamming distance of Boolean function to its set of affine function. Nonlinearity is used to measure capability of a block cipher against cryptanalysis. The higher the value, the better the performance is. It is shown that the optimal value for nonlinearity is 120, and the best known current value is 112; hold by AES S-Box.
Differential Uniformity
To find differential characteristic, the differential distribution table need to be generated. Differential characteristic is a sequence of input and output differences to the rounds such that the output difference from one round corresponds to the input difference for the next round. The differential uniformity can be determined by selecting the maximum value from non-trivial elements in differential distribution table. In contrast to nonlinearity, the differential uniformity of an s-box must hold a small value. The optimal value for a balanced Boolean function is 2, and the best known is 4, also hold by AES S-Box. If the differential uniformity is large, then the security of the cipher against differential cryptanalysis is low.
Algebraic Degree
The algebraic degree of an s-box can be obtained from its algebraic normal form (ANF). Hence, it was obtained by taking the minimum number of highest degree for each component functions of an s-box. Often, the optimal algebraic degree of an s-box is equal to n-1. This algebraic degree is important for resistant against Algebraic Cryptanalysis.
Linear Approximation
A complete enumeration of all linear approximations of a cipher will gives Linear Approximation Table (LAT). Each element in the table represents the number of matches between the linear equation and the sum of the output bits minus 2"~1. Linear Approximation then is determined by selecting the maximum value from non-trivial elements in LAT. This value must be kept as low as possible to be used against linear cryptanalysis. For some cases in balanced Boolean function, the following equations can be obtained:
Figure imgf000012_0001
Fixed and Opposite Fixed Points
Too many fixed points and opposite fixed points may reveal some information of the cipher to the attacker. This information can become one of the weapons for attacker to exploit the rest of data. So, the fixed and opposite fixed points of an s-box must be avoided or be kept as low as possible. In general, fixed point is the point where the output bits are totally same as the input bits. If the output bits are totally different from the input bits, now it become opposite fixed point. The method (100) of the present invention to construct bijective substitution box by utilizing non-bijective power functions in the finite field comprises of first selecting a Boolean map from a plurality of non-bijective power functions (102). Thereafter, the image of said Boolean map is extended to generate an extended map by adding another power function in finite field ( 04). To extend said Boolean map, a first power function is identified from a plurality of power functions (202) and thereafter a plurality of non- bijective power functions is generated by utilizing a linear combination between a pluralities of linear combination of said power functions (204). The said steps for extending Boolean map are iterated for all power functions from said plurality of power functions.
A bijective function is obtained from said extended image by utilizing Balanced Boolean Function Maker algorithm (106). Upon receiving Boolean function from extended Boolean map (302), elements which are not outputs of extended Boolean map, Nel are identified (304). Thereafter, duplicate elements in extended Boolean map, Rel are identified (306). A distance matrix, D is created wherein D is a square matrix and the distance matrix of all elements between Rel and Nel are computed by comparing the bit error rate between said elements (308). The distance matrix is further arranged by utilizing column rank (CR) by ascending order (310). The updated distance matrix is then further arranged by utilizing row rank (RR) by ascending order (312). Thereafter, first header element from distance matrix and first data element from distance matrix are identified (314). Upon identification of said header element and data element, first duplicate element of first header element is replaced with first data element in the extended Boolean map (316). Distance matrix is updated by deleting first column of header and first row of data (318). All steps of Balanced Boolean Function Maker algorithm is repeated until said distance matrix is free from plurality of header and data.
Subsequently, upon obtaining bijective function from said extended image, analysis is performed on cryptographic properties of substitution box (110) wherein all steps to construct bijective s-box is iterated until said cryptographic properties meet predetermined condition of a bijective s-box. Cryptographic properties of substitution box is analyzed by obtaining s-box with highest nonlinearity and low differential uniformity wherein a set of non-permutation power functions are utilized and binomial combination with selected candidates from a set of all power functions.
Turning to FIG. 4.0 which illustrates a diagram for constructing algorithm with high nonlinearity and low differential uniformity, the search of highly nonlinearity of s-box was expanded using the extended family of non-linearly equivalent of non-permutation power function which is the set of linearly equivalent power functions for x3, x9, and x39 as shown in Table 1.0. First, select xd, a function from the set of nonlinearly equivalent non- permutation power function with high nonlinearity value and low differential uniformity from Table 1.0. Thereafter, a binomial function, F is generated by adding / with another power function, x' , = 1,...,254 i.e. F = f + x' . Subsequently, F is multiplied with a and β for each component functions, i.e. F = f + fix' , a, ? e {1,2,...,255} and the number of inputs elements that did not occur in F is determined (if any). F is forwarded to Balanced Boolean Function Maker algorithm wherein F is executed for s- box analysis (i.e. nonlinearity, low differential uniformity, algebraic degree, fixed points). Thereafter, F is saved if nonlinearity value is more than 102 and low differential uniformity value is less than 8. A constant, c is added to F if required where c e {1,2,...,255} to eliminate fixed points and opposite fixed points. Table 2 provides the result of the construction of bijective substitution box by utilizing non-bijective power functions in the finite field. The best S-Box Analysis obtained is as follows:
Analysis of generated s-box
Nonlinearity = 104
Differential Uniformity = 6
Linear Approximation = 24
Algebraic Degree = 5
Fixed Point = 0
Opposite Fixed Point = 0
Lagrange Polynomial = x39 H ln short, the present invention provides construction of s-box which holds strong cryptographic properties wherein the highest nonlinearity value is 104 and low differential uniformity value of 6. Further, a set of non-permutation linearly equivalent power functions are utilized (i.e. x3, x9 and x39) and binomial combination with selected candidates from set of all power functions in F2 8.
Throughout this specification, unless the context requires otherwise, the word "comprise", or variations such as "comprises" or "comprising", will be understood to imply the inclusion of a stated step or element or integer or group of steps or elements or integers, but not the exclusion of any other step or element or integer or group of steps, elements or integers. Thus, in the context of this specification, the term "comprising" is used in an inclusive sense and thus should be understood as meaning "including principally, but not necessarily solely". It will be appreciated that the foregoing description has been given by way of illustrative example of the invention and that all such modifications and variations thereto as would be apparent to persons of skill in the art are deemed to fall within the broad scope and ambit of the invention as herein set forth.

Claims

A method (100) to construct bijective substitution box by utilizing non-bijective power functions in the finite field, the method comprising steps of:
i. selecting a Boolean map from a plurality of non-bijective power functions (102);
ii. extending an image of said Boolean map to generate an extended map by adding another power function in finite field (104);
iii. obtaining a bijective function from said extended image by utilizing Balanced Boolean Function Maker algorithm (106); iv. performing analysis on cryptographic properties of substitution box (110); and
v. iterating steps (i), (ii) and (iii) until said cryptographic properties meet predetermined condition of a bijective substitution box characterized in that
performing analysis on cryptographic properties of substitution box further comprises steps of obtaining substitution box with highest nonlinearity and low differential uniformity wherein a set of non- permutation power functions are utilized and binomial combination with selected candidates from a set of all power functions.
A method (200) according to Claim 1 , wherein extending an image of said Boolean map to generate an extended map by adding another power function in finite field further comprising steps of:
i. identifying a first power function from a plurality of power functions (202);
ii. generating a plurality of non-bijective power functions by utilizing a linear combination between a plurality of linear combination of said power functions (204); and
iii. iterating steps (i) and (ii) for all power functions from said plurality of power functions.
3. A method (300) according to Claim 1 , wherein obtaining a bijective function from said extended image by utilizing Balanced Boolean Function Maker algorithm further comprises steps of:
i. receiving Boolean function from extended Boolean map (302); ii. identifying elements which are not outputs of extended Boolean map (304);
iii. identifying duplicate elements in extended Boolean map (306); iv. computing distance matrix of all elements in step (ii) and (iii) by comparing bit error rate between said elements (308);
v. arranging the distance matrix in step (iv) by utilizing column rank (CR) by ascending order (310);
vi. arranging the updated distance matrix in step (v) by utilizing row rank (RR) by ascending order (312);
vii. identifying first header element from distance matrix (314);
viii. identifying first data element from distance matrix (314); ix. replacing first duplicate element from step (vii) to step (viii) in the extended Boolean map (3 6);
x. updating said distance matrix by deleting first column of header and first row of data (318); and
xi. iterating steps (v), (vi), (vii), (viii), (ix) and (x) until said distance matrix is free from plurality of header and data.
4. A method according to Claim 1 , wherein a set of non-permutation power functions are utilized, said set of non-permutation power functions comprises of linearly equivalent power functions of x3 x9, and x39.
5. A method according to Claim 1 , wherein highest nonlinearity value is 04.
6. A method according to Claim 1 , wherein binomial combination with selected candidates from a set of all power functions utilizes bijective function of F2 8.
7. A method according to Claim 1 , wherein lowest differential uniformity value is 6.
PCT/MY2013/000229 2012-12-12 2013-12-05 A method to construct bijective substitution box from non-permutation power functions WO2014092533A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2012005375A MY163949A (en) 2012-12-12 2012-12-12 A method to construct bijective substitution box from non-permutation power functions
MYPI2012005375 2012-12-12

Publications (2)

Publication Number Publication Date
WO2014092533A1 true WO2014092533A1 (en) 2014-06-19
WO2014092533A8 WO2014092533A8 (en) 2016-09-01

Family

ID=50023818

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2013/000229 WO2014092533A1 (en) 2012-12-12 2013-12-05 A method to construct bijective substitution box from non-permutation power functions

Country Status (2)

Country Link
MY (1) MY163949A (en)
WO (1) WO2014092533A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10050776B2 (en) 2015-07-31 2018-08-14 Stmicroelectronics S.R.L. Method for performing a sensitive data encryption with masking, and corresponding encryption apparatus and computer program product
CN109905231A (en) * 2019-02-26 2019-06-18 清华大学 A kind of S box building method of novel password dedicated 4 × 4
CN110417732A (en) * 2019-06-20 2019-11-05 中国人民解放军战略支援部队信息工程大学 Boolean function algebraic degree acquisition methods and device for symmetric cryptography design
CN113783684A (en) * 2021-09-15 2021-12-10 桂林电子科技大学 16-bit S box construction method based on NFSR and Feistel structures

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010151103A1 (en) * 2009-06-22 2010-12-29 Mimos Berhad Bijective substitution box
WO2011014054A1 (en) * 2009-07-28 2011-02-03 Mimos Berhad Nonlinear boolean permutation

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010151103A1 (en) * 2009-06-22 2010-12-29 Mimos Berhad Bijective substitution box
WO2011014054A1 (en) * 2009-07-28 2011-02-03 Mimos Berhad Nonlinear boolean permutation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
HERMAN ISA ET AL: "S-box construction from non-permutation power functions", SECURITY OF INFORMATION AND NETWORKS, ACM, 2 PENN PLAZA, SUITE 701 NEW YORK NY 10121-0701 USA, 26 November 2013 (2013-11-26), pages 46 - 53, XP058035918, ISBN: 978-1-4503-2498-4, DOI: 10.1145/2523514.2523525 *
MAMADOLIMOV ET AL.: "Practical Bijective S-Box Design", PROCEEDINGS OF THE 5TH ASIAN MATHEMATICAL CONFERENCE, 22 June 2009 (2009-06-22), Kuala Lumpur, pages 584 - 588, XP007922592, Retrieved from the Internet <URL:http://arxiv.org/ftp/arxiv/papers/1301/1301.4723.pdf> [retrieved on 20140319] *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10050776B2 (en) 2015-07-31 2018-08-14 Stmicroelectronics S.R.L. Method for performing a sensitive data encryption with masking, and corresponding encryption apparatus and computer program product
CN109905231A (en) * 2019-02-26 2019-06-18 清华大学 A kind of S box building method of novel password dedicated 4 × 4
CN110417732A (en) * 2019-06-20 2019-11-05 中国人民解放军战略支援部队信息工程大学 Boolean function algebraic degree acquisition methods and device for symmetric cryptography design
CN110417732B (en) * 2019-06-20 2021-07-06 中国人民解放军战略支援部队信息工程大学 Boolean function algebraic number obtaining method and device for symmetric password design
CN113783684A (en) * 2021-09-15 2021-12-10 桂林电子科技大学 16-bit S box construction method based on NFSR and Feistel structures
CN113783684B (en) * 2021-09-15 2023-07-18 桂林电子科技大学 Construction method of 16-bit S box based on NFSR and Feistel structures

Also Published As

Publication number Publication date
WO2014092533A8 (en) 2016-09-01
MY163949A (en) 2017-11-15

Similar Documents

Publication Publication Date Title
Cid et al. Boomerang connectivity table: a new cryptanalysis tool
Guo et al. Invariant subspace attack against Midori64 and the resistance criteria for S-box designs
Wu et al. Recursive diffusion layers for (lightweight) block ciphers and hash functions
Zong et al. Collision attacks on round-reduced Gimli-hash/ascon-xof/ascon-hash
WO2014092533A1 (en) A method to construct bijective substitution box from non-permutation power functions
Mohamed et al. Improved algebraic side-channel attack on AES
Oggier et al. On the existence of generalized rank weights
CN109905231B (en) Novel 4 x 4S box construction method special for password
Bagheri et al. Cryptanalysis of reduced NORX
Fu et al. New integral attacks on SIMON
Sun et al. Linear cryptanalyses of three AEADs with GIFT-128 as underlying primitives
Hao The boomerang attacks on BLAKE and BLAKE2
Tang et al. A meet-in-the-middle attack on reduced-round ARIA
Aumasson et al. Distinguishers for the compression function and output transformation of Hamsi-256
Deepthi et al. Cryptanalysis for reduced round Salsa and ChaCha: revisited
US20030053622A1 (en) Method for the construction of hash functions based on sylvester matrices, balanced incomplete block designs and error-correcting codes
Mavanai et al. Message transmission using DNA crypto-system
WO2018193507A1 (en) Authentication tag generation device, authentication tag verification device, method and program
Shiraya et al. MILP‐based security evaluation for AEGIS/Tiaoxin‐346/Rocca
Chan et al. On the resistance of new lightweight block ciphers against differential cryptanalysis
Todo et al. Designing s-boxes providing stronger security against differential cryptanalysis for ciphers using byte-wise XOR
Zajac et al. Cryptographic properties of small bijective S-boxes with respect to modular addition
Campbell et al. Linear cryptanalysis of simplified AES under change of S-Box
Parker Generalised S-box nonlinearity
Valeriy et al. Evaluation of the Probability of Breaking the Electronic Digital Signature Elements

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13824530

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13824530

Country of ref document: EP

Kind code of ref document: A1