Abstract
We construct two classes of balanced S-boxes with high nonlinearity 2n-1−2(n-1)/2 for n odd. From known results, it can be deduced that for any S-box which has nonlinearity 2n-1−2(n-1)/2, the unrestricted nonlinearity is lower bounded by 2n-1−2(m+n-1)/2 while the generalized nonlinearity is lower bounded by 2n-1−(2m−1)2(n-1)/2. We prove that the lower bound on the unrestricted nonlinearity of both our S-box constructions can be increased to 2n-1−2(m+n)/2-1. For the first class of S-box, the lower bound on generalized nonlinearity can be increased to 2n-1−2(n-1)/2+m-1. For the second class, the generalized nonlinearity is proven to be exactly 2n-1−2(m+n)/2-1, which is much higher than the lower bound for our first construction. The first class of S-boxes have low maximum differential while the second class corresponds to GMW sequences, whose algebraic structure allows us to construct a larger family of S-boxes. Moreover, both classes of S-boxes can attain high algebraic degree. We also compare our constructions with some known functions with high unrestricted and/or generalized nonlinearity.
Similar content being viewed by others
References
Beth, T., Ding, C.: On almost perfect nonlinear permutations. LNCS 765, Eurocrypt 1993, pp. 65–76, Springer, Heidelberg (1994)
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4 1991
Canteaut A., Charpin P. and Dobbertin H. (2000). Binary m-sequences with three-valued cross correlation: a proof of Welch’s conjecture. IEEE Trans. Inform. Theory 46(1): 4–8
Canteaut A., Charpin P. and Dobbertin H. (2000). Weight divisibility of cyclic codes, highly nonlinear functions on GF(2m) and cross-correlation of maximum-length sequences. SIAM J. Discrete Math. 13(1): 105–138
Carlet C., Khoo K., Lim C.W. and Loe C.W. (2007). Generalized correlation analysis of vectorial Boolean functions. LNCS 4593. Fast Software Encryption. Springer, Heidelberg, 382–398
Carlet, C., Khoo, K., Lim, C.W., Loe, C.W.: On an improved correlation analysis of stream ciphers using muti-output Boolean functions and the related generalized notion of nonlinearity. Cryptology ePrint Archive, Report 2007/207 (Extended version of [5]) (2007)
Carlet C. and Prouff E. (2004). On a new notion of nonlinearity relevant to multi-output pseudorandom generators LNCS 3006, Selected Areas in Cryptography 2003. Springer, Heidelberg, 291–305
Chabaud F. and Vaudenay S. (1995). Links between differential and linear cryptanalysis. LNCS 950, Eurocrypt’94. Springer, Heidelberg, 356–365
Dillon J.F. (1999). Multiplicative difference sets via additive characters. Des. Codes Cryptogr. 17: 225–235
Gold R. (1968). Maximal recursive sequences with 3-valued cross correlation functions. IEEE Trans. Inform. Theory 14: 154–156
Golomb S.W. and Gong G. (2005). Signal Design with Good Correlation: for Wireless Communications, Cryptography and Radar Applications. Cambridge University Press, Cambridge
Gong, G.: CO739x Course Notes: Sequence Analysis. available at http://calliope.uwaterloo.ca/~ggong/
Gong G. (1996). Q-ary cascaded GMW sequences. IEEE Trans. Inform. Theory 42(1): 263–267
Hollmann H.D.L. and Xiang Q. (2001). A proof of welch and niho conjectures on cross-correlations of binary m-sequence. Finite Fields Appl. 7: 253–286
Jacobsen, T., Knudsen, L.: The Interpolation Attack on Block Ciphers. LNCS 1267, Fast Software Encryption, pp. 28–40 (1997)
Kasami T. (1971). The weight enumerators for several classes of subcodes of second order binary reed muller codes. Inf. Control 18: 369–394
Khoo, K., Gong, G.: Highly nonlinear S-boxes with reduced bound on maximum correlation. In: Proceedings of IEEE International Symposium on Information Theory 2003, p. 254 (2003)
Khoo K. and Gong G. (2003). New Constructions for Resilient and Highly Nonlinear Boolean Functions. LNCS 2727, Information Security and Privacy (ACISP 2003). Springer, Heidelberg, 498–509
Klapper A., Chan A.H. and Goresky M. (1993). Cascaded GMW sequence. IEEE Trans. Inf. Theory 39(1): 177–183
Matsui M. (1994). Linear Cryptanalysis Method for DES Cipher. LNCS 765, Eurocrypt’93. Springer, Heidelberg, 386–397
Nyberg K. (1991). Perfect Nonlinear Sboxes. LNCS 547, Eurocrypt’91. Springer, Heidelberg, 378–385
Nyberg, K.: Differentially Uniform Mappings for Cryptography. LNCS 765, Eurocrypt’93, pp. 55–64, Springer, Heidelberg (1994)
Patterson N.J. and Wiedemann D.H. (1983). The covering radius of the (215,16) reed-muller code is at least 16276. IEEE Trans. Inform. Theory 29(3): 354–356
Patterson N.J. and Wiedemann D.H. (1990). Correction to—the covering radius of the (215,16) reed-muller code is at least 16276. IEEE Trans. Inform. Theory 36(2): 443
Sarkar P. and Maitra S. (2000). Construction of Nonlinear Boolean Functions with Important Cryptographic Properties LNCS 1807, Eurocrypt’2000. Springer, Heidelberg, 485–506
Seberry J., Zhang X.M. and Zheng Y. (1993). Nonlinearly Balanced Boolean Functions and their Propagation Characteristics. LNCS 773, Crypto’93. Springer, Heidelberg, 49–60
Siegenthaler T. (1985). Decrypting a class of stream ciphers using ciphertexts only. IEEE Trans. Comput. C34(1): 81–85
Zhang M. and Chan A. (2000). Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers. LNCS 1880, Crypto’2000. Springer, Heidelberg, 501–514
Author information
Authors and Affiliations
Corresponding author
Additional information
Parts of this paper was presented at the 2003 IEEE International Symposium on Information Theory [17].
Rights and permissions
About this article
Cite this article
Khoo, K., Lim, CW. & Gong, G. Highly nonlinear balanced S-boxes with improved bound on unrestricted and generalized nonlinearity. AAECC 19, 323–338 (2008). https://doi.org/10.1007/s00200-008-0067-z
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00200-008-0067-z