On the Influence of the Algebraic Degree of $F^{-1}$ on the Algebraic Degree of $G \circ F$

Boura, Christina; Canteaut, Anne

doi:10.1109/tit.2012.2214203

Cited by 41 publications

(42 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The degree of such a permutation F is the algebraic degree of the (n, n) vectorial Boolean function [5] or also called n-bit S-box. Any such function F (x) can be considered as an n-tuple of Boolean functions (f 1 (x), .…”

Section: Preliminariesmentioning

confidence: 99%

Threshold Implementations of All 3 ×3 and 4 ×4 S-Boxes

Bilgin

Nikova

Nikov

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn't describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible 3×3, 4×4 S-boxes and the 6 × 4 DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. 8 × 8) S-boxes. Finally, we investigate the cost of such protection.

show abstract

Section: Preliminariesmentioning

confidence: 99%

Threshold Implementations of All 3 ×3 and 4 ×4 S-Boxes

Bilgin

Nikova

Nikov

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Research by Boura and Canteaut on the algebraic degree of iterated permutations seen as multivariate polynomials shows that the degree depends on the algebraic degree of the inverse of the permutation which is iterated [5]. This indicates exceptional algebraic security for our proposal.…”

Section: Observationmentioning

confidence: 92%

“…This is a desirable quality in a Sponge-based cryptoprimitive as computation of inverse is not required in normal operation. Boura and Canteaut have showed that complex inverse makes the resulting iteration strong even if it is not explicitly computed [5]. We have discovered new functions of φ type which exhibit much more radical asymmetry than the χ function of KECCAK.…”

Section: Introductionmentioning

confidence: 90%

“…However, one should examine the reference 16-bit, 64-bit, and 256-bit implementations for architecture-specific optimizations. [2] rw [3] rw [4] rw [5] rw [6] rw [7] rw [8] rw [15] rw [14] rw [13] rw [12] rw [11] rw [10] rw [9] 16 × 16 = 256 -bit state r Step 1: Vertical linear transform λ. This step is easiest to implement by viewing the state as 64-bit words ("quadwords")…”

Section: Implementing Cbeam In Software Without Matrix Transposementioning

confidence: 99%

“…This indicates high algebraic resistance for our construct [5] and shows that φ functions are in some ways superior to conventional designs based on S-Box lookups.…”

Section: Introductionmentioning

confidence: 96%

See 2 more Smart Citations

CBEAM: Efficient Authenticated Encryption from Feebly One-Way ϕ Functions

Saarinen

2014

Topics in Cryptology – CT-RSA 2014

View full text Add to dashboard Cite

Abstract. We show how efficient and secure cryptographic mixing functions can be constructed from low-degree rotation-invariant φ functions rather than conventional S-Boxes. These novel functions have surprising properties; many exhibit inherent feeble (Boolean circuit) one-wayness and offer speed/area tradeoffs unobtainable with traditional constructs. Recent theoretical results indicate that even if the inverse is not explicitly computed in an implementation, its degree plays a fundamental role to the security of the iterated composition. To illustrate these properties, we present CBEAM, a Cryptographic Sponge Permutation based on a single 5 × 1-bit Boolean function. This simple nonlinear function is used to construct a 16-bit rotation-invariant φ function of Degree 4 (but with a very complex Degree 11 inverse), which in turn is expanded into an efficient 256-bit mixing function. In addition to flexible tradeoffs in hardware we show that efficient implementation strategies exist for software platforms ranging from low-end microcontrollers to the very latest x86-64 AVX2 instruction set. A rotational bit-sliced software implementation offers not only comparable speeds to AES but also increased security against cache side channel attacks. Our construction supports Sponge-based Authenticated Encryption, Hashing, and PRF/PRNG modes and is highly useful as a compact "all-in-one" primitive for pervasive security.

show abstract

Higher Order Differentials, Integral Attacks and Variants

CANTEAUT

2023

Symmetric Cryptography 2

View full text Add to dashboard Cite

On the Influence of the Algebraic Degree of $F^{-1}$ on the Algebraic Degree of $G \circ F$

Cited by 41 publications

References 37 publications

Threshold Implementations of All 3 ×3 and 4 ×4 S-Boxes

Threshold Implementations of All 3 ×3 and 4 ×4 S-Boxes

CBEAM: Efficient Authenticated Encryption from Feebly One-Way ϕ Functions

Higher Order Differentials, Integral Attacks and Variants

Contact Info

Product

Resources

About