zbMATH — the first resource for mathematics

New construction of differentially 4-uniform bijections. (English) Zbl 1347.94024
Lin, Dongdai (ed.) et al., Information security and cryptology. 9th international conference, Inscrypt 2013, Guangzhou, China, November 27–30, 2013. Revised selected papers. Cham: Springer (ISBN 978-3-319-12086-7/pbk; 978-3-319-12087-4/ebook). Lecture Notes in Computer Science 8567, 22-38 (2014).
Summary: Block ciphers use substitution boxes (S-boxes) to create confusion into the cryptosystems. For resisting the known attacks on these cryptosystems, the following criteria for functions are mandatory: low differential uniformity, high nonlinearity and not low algebraic degree. Bijectivity is also necessary if the cipher is a substitution-permutation network, and balancedness makes a Feistel cipher lighter. It is well-known that almost perfect nonlinear (APN) functions have the lowest differential uniformity 2 (the values of differential uniformity being always even) and the existence of APN bijections over \(\mathbb {F}_{2^n}\) for even \(n\geq 8\) is a big open problem. In real practical applications, differentially 4-uniform bijections can be used as S-boxes when the dimension is even. For example, the AES uses a differentially 4-uniform bijection over \(\mathbb {F}_{2^8}\). In this paper, we first propose a method for constructing a large family of differentially 4-uniform bijections in even dimensions. This method can generate at least \(\big (2^{n-3}-\lfloor 2^{(n-1)/2-1}\rfloor -1\big)\cdot 2^{2^{n-1}}\) such bijections having maximum algebraic degree \(n-1\). Furthermore, we exhibit a subclass of functions having high nonlinearity and being CCZ-inequivalent to all known differentially 4-uniform power bijections and to quadratic functions.
For the entire collection see [Zbl 1319.94005].

94A60 Cryptography
Full Text: DOI