Nonlinear diffusion layers

Liu, Yunwen; Rijmen, Vincent; Leander, Gregor

doi:10.1007/s10623-018-0458-5

Cited by 11 publications

(6 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The bound becomes more meaningful with such parameters. [LRL18] that the use of non-linear permutation layers may indeed increase security against differential/linear attacks.…”

Section: Our Resultsmentioning

confidence: 99%

“…These public permutations are then extended to a keyed permutation on wn-bit inputs for some integer w by iterating the following steps: S-boxes are typically highly non-linear, and, in fact, serve as the only source of nonlinearity in many blockciphers. There is no a priori restriction on the (non-)linearity of the Permutation step, and the use and advantages of non-linear permutations was recently explored [LRL18]. Though, modern blockciphers still tend to use linear or affine mappings for the Permutation step [Bir11], which involves a simple key-mixing step followed by an invertible linear or affine transformation.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Beyond-Birthday-Bound Security for 4-round Linear Substitution-Permutation Networks

Gao

Guo

Wang

et al. 2020

ToSC

View full text Add to dashboard Cite

Recent works of Cogliati et al. (CRYPTO 2018) have initiated provable treatments of Substitution-Permutation Networks (SPNs), one of the most popular approach to construct modern blockciphers. Such theoretical SPN models may employ non-linear diffusion layers, which enables beyond-birthday-bound provable security. Though, for the model of real world blockciphers, i.e., SPN models with linear diffusion layers, existing provable results are capped at birthday security up to 2n/2 adversarial queries, where n is the size of the idealized S-boxes.In this paper, we overcome this birthday barrier and prove that a 4-round SPN with linear diffusion layers and independent round keys is secure up to 22n/3 queries. For this, we identify conditions on the linear layers that are sufficient for such security, which, unsurprisingly, turns out to be slightly stronger than Cogliati et al.’s conditions for birthday security. These provides additional theoretic supports for real world SPN blockciphers.

show abstract

“…The bound becomes more meaningful with such parameters. [LRL18] that the use of non-linear permutation layers may indeed increase security against differential/linear attacks.…”

Section: Our Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Beyond-Birthday-Bound Security for 4-round Linear Substitution-Permutation Networks

Gao

Guo

Wang

et al. 2020

ToSC

View full text Add to dashboard Cite

show abstract

“…Moreover, diffusion layers are usually implemented with linear mappings, such as the MDS matrix in Rijndael [8] or other similar transformations [18]. However, there has been a recent interest also in nonlinear diffusion layers [19], which integrate confusion and diffusion. Thus, superposition S-boxes might be interesting for this specific application.…”

Section: S-boxes Generated By Ocamentioning

confidence: 99%

“…Therefore, we can confirm the conclusion of our conference paper [26]: nonlinear OCA cannot be used to design S-boxes in the substitution layer of SPN ciphers. Still, we remark that these S-boxes might be useful in the design of nonlinear diffusion layers [19], since it is not required to reach a nonlinearity close to the theoretical upper bounds in that use case. Indeed, the goal of a nonlinear diffusion layer is to provide extra confusion in addition to that already given by a classic substitution layer.…”

Section: Exhaustive Search Experimentsmentioning

confidence: 99%

A classification of S-boxes generated by Orthogonal Cellular Automata

Mariot

Manzoni

2023

Preprint

View full text Add to dashboard Cite

Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter \(4 \le d \le 6\), and measure their nonlinearity. Interestingly, we observe that for \(d=4\) and \(d=5\) all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for \(d=6\), but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space (LCS) is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials. MSC Classification: 05B15 · 68Q80 · 37B15 · 11T06

show abstract

“…In addition, special matrices were also used as permutation functions in the diffusion layer such as AES cipher [46]. Recently, Yunwen et al [47] proposed two types of nonlinear functions as alternative diffusing components. The first type relies on a nonlinear code, which is known as a Kerdock code and the second type relies on the T-functions.…”

Section: Early Work On Permutation For Ciphering Stagesmentioning

confidence: 99%

Low-Complexity Nonlinear Self-Inverse Permutation for Creating Physically Clone-Resistant Identities

2020

View full text Add to dashboard Cite

New large classes of permutations over ℤ 2 n based on T-Functions as Self-Inverting Permutation Functions (SIPFs) are presented. The presented classes exhibit negligible or low complexity when implemented in emerging FPGA technologies. The target use of such functions is in creating the so called Secret Unknown Ciphers (SUC) to serve as resilient Clone-Resistant structures in smart non-volatile Field Programmable Gate Arrays (FPGA) devices. SUCs concepts were proposed a decade ago as digital consistent alternatives to the conventional analog inconsistent Physical Unclonable Functions PUFs. The proposed permutation classes are designed and optimized particularly to use non-consumed Mathblock cores in programmable System-on-Chip (SoC) FPGA devices. Hardware and software complexities for realizing such structures are optimized and evaluated for a sample expected target FPGA technology. The attained security levels of the resulting SUCs are evaluated and shown to be scalable and usable even for post-quantum crypto systems.

show abstract

Nonlinear diffusion layers

Cited by 11 publications

References 13 publications

Beyond-Birthday-Bound Security for 4-round Linear Substitution-Permutation Networks

Beyond-Birthday-Bound Security for 4-round Linear Substitution-Permutation Networks

A classification of S-boxes generated by Orthogonal Cellular Automata

Low-Complexity Nonlinear Self-Inverse Permutation for Creating Physically Clone-Resistant Identities

Contact Info

Product

Resources

About