Abstract
In the practice of block cipher design, there seems to have grown a consensus about the diffusion function that designers choose linear functions with large branch numbers to achieve provable bounds against differential and linear cryptanalysis. In this paper, we propose two types of nonlinear functions as alternative diffusing components. One is based on a nonlinear code with parameters (16,256,6) which is known as a Kerdock code. The other is a general construction of nonlinear functions based on the T-functions, in particular, two automatons with modular addition operations. We show that the nonlinear functions possess good diffusion properties; specifically, the nonlinear function based on a Kerdock code has a better branch number than any linear counterparts, while the automatons achieve the same branch number as a linear near-MDS matrix. The advantage of adopting nonlinear diffusion layers in block ciphers is that, those functions provide extra confusion effect while a comparable performance in the diffusion effect is maintained. As an illustration, we show the application of the nonlinear diffusion functions in two example ciphers, where a 4-round differential characteristic with the optimal number of active Sboxes has a probability significantly lower (\(2^{16}\) and \(2^{10}\) times, respectively) than that of a similar cipher with a linear diffusion layer. As a result, it sheds light upon an alternative strategy of designing lightweight building blocks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Banik, S., Bogdanov, A., Isobe, T., Shibutani, K., Hiwatari, H., Akishita, T., Regazzoni, F.: Midori: a block cipher for low energy. In: International Conference on the Theory and Application of Cryptology and Information Security-ASIACRYPT 2015, pp. 411–436. Springer, New York (2015).
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques-EUROCRYPT 2013, pp. 313–314. Springer, New York (2013).
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: International Workshop on Cryptographic Hardware and Embedded Systems-CHES 2007, pp. 450–466. Springer, New York (2007).
Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., et al.: PRINCE—a low-latency block cipher for pervasive computing applications. In: International Conference on the Theory and Application of Cryptology and Information Security-ASIACRYPT 2012, pp. 208–225. Springer, New York (2012).
Daemen, J., Rijmen, V.: The wide trail design strategy. In: IMA International Conference on Cryptography and Coding, pp. 222–238. Springer, New York (2001).
Daemen J., Rijmen V.: The Design of Rijndael: AES-the Advanced Encryption Standard. Springer, New York (2013).
Grosso, V., Leurent, G., Standaert, F.X., Varıcı, K.: LS-designs: Bitslice encryption for efficient masked software implementations. In: International Workshop on Fast Software Encryption-FSE 2014, pp. 18–37. Springer, New York (2014).
Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: International Workshop on Cryptographic Hardware and Embedded Systems-CHES 2011, vol. 6917, p. 326. Springer, New York (2011).
Kerdock A.: A class of low-rate non-linear binary codes. Inf. Control 20, 182–187 (1972).
Klimov A., Shamir A.: A new class of invertible mappings. CHES 2, 470–483 (2002).
Kölbl, S., Leander, G., Tiessen, T.: Observations on the SIMON block cipher family. In: Annual Cryptology Conference-CRYPTO 2015, pp. 161–185. Springer, New York (2015).
Liu, Y., Wang, Q., Rijmen, V.: Automatic search of linear trails in ARX with applications to SPECK and Chaskey. In: International Conference on Applied Cryptography and Network Security-ACNS 2016, pp. 485–499. Springer, New York (2016).
Nakahara Jr, J.: 3D: A three-dimensional block cipher. In: International Conference on Cryptology and Network Security, pp. 252–267. Springer, New York (2008).
Nordstrom A., Robinson J.: An optimum nonlinear code. Inf. Control 11, 613–616 (1967).
Rijmen, V.: Cryptanalysis and design of iterated block ciphers. Ph.D. thesis, Doctoral Dissertation, October 1997, KU Leuven (1997).
Sun S., Hu L., Wang P., Qiao K., Ma X., Song L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: International Conference on the Theory and Application of Cryptology and Information Security-ASIACRYPT 2014, pp. 158–178 (2014).
van Lint J.: Kerdock codes and preparata codes. Congr. Numerantium 39, 25–51 (1983).
Van Lint J.H.: Introduction to Coding Theory, vol. 86. Springer, New York (2012).
Wolfram S.: Theory and Applications of Cellular Automata, vol. 1. World Scientific Press, Singapore (1986).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by M. Albrecht.
This work was supported in part by the Research Council KU Leuven OT/13/071, by the Flemish Government through FWO Thresholds G0842.13, by European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. H2020-MSCA-ITN-2014-643161 ECRYPT-NET and partially funded by the DFG. Yunwen Liu is partially supported by China Scholarship Council (CSC 201403170380) and National Natural Science Foundation (No. 61672530).
Appendix: The nonlinear function \(\zeta \)
Appendix: The nonlinear function \(\zeta \)
See Table 2.
Rights and permissions
About this article
Cite this article
Liu, Y., Rijmen, V. & Leander, G. Nonlinear diffusion layers. Des. Codes Cryptogr. 86, 2469–2484 (2018). https://doi.org/10.1007/s10623-018-0458-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-018-0458-5