Differential uniformity and second order derivatives for generic polynomials.

*(English)*Zbl 1388.14077Immunity against differential cryptanalysis techniques represents an important criterion when analysing the security of symmetric ciphers. In the light of Lai’s results regarding higher order derivatives and their applications to differential cryptanalysis, the current paper can be seen as a natural and technically valuable follow-up of [J. F. Voloch, in: Algebraic geometry and its applications. Dedicated to Gilles Lachaud on his 60th birthday. Proceedings of the first SAGA conference, Papeete, France, May 7–11, 2007. Hackensack, NJ: World Scientific. 135–141 (2008; Zbl 1151.14319)]. Thus, a density theorem which may be considered an extension of Voloch’s main result is stated and proved. More precisely, instead of analysing the differential uniformity of a polynomial \(f \in \mathbb{F}_q[x]\), where \(q=2^n\), the authors explore the “second order differential uniformity”.

The paper is structured in eight sections. The first section discusses introductory aspects, a very short presentation of the article’s structure and establishes notations. Sections 2 to 6 cover all the technical details necessary to construct the main theorem of the paper and prove it in section 7. Section 8 provides information about an inversion mapping which is of great importance in the study of (good) S-boxes. A specific instantiation of the previously mentioned inversion mapping is used precisely in the case of AES, a block cipher which is widely adopted nowadays.

The mathematical concepts and properties discussed in each section are generally presented in a clear and accessible manner for (graduate) students and more experienced readers (especially if interested in differential cryptanalysis). The lemmas, the propositions and the theorems stated in the paper are accompanied by well written proofs.

As a side note regarding the structure of the paper (more like personal opinions rather than shortcomings), a number of things which could have added readability or completion (especially for cryptography enthusiasts) are described next:

1. The \(Introduction\) lacks a reference to section 8 (only for uniformity, as the other sections are briefly tackled).

2. Usually, papers submitted to cryptography conferences of journals include a liaison with real world applications. Nonetheless, the current article was published in the Journal of Pure and Applied Algebra and, thus, it is all right for the writing style to be rather arid (and lacking motivation). The importance of the results is not clearly underlined in real world scenarios (e.g., concepts like S-boxes and block ciphers like AES are vaguely mentioned in section 8).

3. A section including future work would have been interesting.

Given the above, we recommend the readers interested in differential cryptanalysis to attentively read this paper and, maybe, extend its results as they are of clear importance to symmetric cryptography.

In conclusion, the current article is a valuable research work for both mathematicians and cryptographers.

The paper is structured in eight sections. The first section discusses introductory aspects, a very short presentation of the article’s structure and establishes notations. Sections 2 to 6 cover all the technical details necessary to construct the main theorem of the paper and prove it in section 7. Section 8 provides information about an inversion mapping which is of great importance in the study of (good) S-boxes. A specific instantiation of the previously mentioned inversion mapping is used precisely in the case of AES, a block cipher which is widely adopted nowadays.

The mathematical concepts and properties discussed in each section are generally presented in a clear and accessible manner for (graduate) students and more experienced readers (especially if interested in differential cryptanalysis). The lemmas, the propositions and the theorems stated in the paper are accompanied by well written proofs.

As a side note regarding the structure of the paper (more like personal opinions rather than shortcomings), a number of things which could have added readability or completion (especially for cryptography enthusiasts) are described next:

1. The \(Introduction\) lacks a reference to section 8 (only for uniformity, as the other sections are briefly tackled).

2. Usually, papers submitted to cryptography conferences of journals include a liaison with real world applications. Nonetheless, the current article was published in the Journal of Pure and Applied Algebra and, thus, it is all right for the writing style to be rather arid (and lacking motivation). The importance of the results is not clearly underlined in real world scenarios (e.g., concepts like S-boxes and block ciphers like AES are vaguely mentioned in section 8).

3. A section including future work would have been interesting.

Given the above, we recommend the readers interested in differential cryptanalysis to attentively read this paper and, maybe, extend its results as they are of clear importance to symmetric cryptography.

In conclusion, the current article is a valuable research work for both mathematicians and cryptographers.

Reviewer: Diana Maimut (Bucharest)

##### MSC:

14G50 | Applications to coding theory and cryptography of arithmetic geometry |

11T71 | Algebraic coding theory; cryptography (number-theoretic aspects) |

94A60 | Cryptography |

##### Keywords:

second order derivative; differential uniformity; generic polynomials; density theorem; differential cryptanalysis; second order differential uniformity; inversion mapping
PDF
BibTeX
XML
Cite

\textit{Y. Aubry} and \textit{F. Herbaut}, J. Pure Appl. Algebra 222, No. 5, 1095--1110 (2018; Zbl 1388.14077)

Full Text:
DOI

##### References:

[1] | Borevich, A. I.; Shafarevich, I. R., Number theory, Pure Appl. Math., vol. 20, (1966), Academic Press New York-London, translated from the Russian by Newcomb Greenleaf · Zbl 0145.04902 |

[2] | Fouque, Pierre-Alain; Tibouchi, Mehdi, Estimating the size of the image of deterministic hash functions to elliptic curves, (Progress in Cryptology, Latincrypt 2010, Lecture Notes in Computer Science, vol. 6212, (2010)), 81-91 · Zbl 1285.94060 |

[3] | Fried, Michael D.; Jarden, Moshe, Field arithmetic, Ergebnisse der Mathematik und ihrer Grenzgebiete, 3. Folge: A Series of Modern Surveys in Mathematics, vol. 11, (2005), Springer-Verlag Berlin · Zbl 1055.12003 |

[4] | Jarden, Moshe; Razon, Aharon, Skolem density problems over large Galois extensions of global fields, (Hilbert’s tenth problem: relations with arithmetic and algebraic geometry, Ghent, 1999, Contemp. Math., vol. 270, (2000), Amer. Math. Soc. Providence, RI), 213-235, with an appendix by Wulf-Dieter Geyer · Zbl 1021.12002 |

[5] | Lai, Xuejia, Higher order derivatives and differential cryptanalysis, (Communications and Cryptography, (1994), Springer), 227-233 · Zbl 0840.94017 |

[6] | Nyberg, Kaisa, Differentially uniform mappings for cryptography, (Advances in Cryptology—Eurocrypt ’93, Lecture Notes in Computer Science, vol. 765, (1994), Springer Berlin), 55-64 · Zbl 0951.94510 |

[7] | Rosen, Michael, Number theory in function fields, Graduate Texts in Mathematics, vol. 210, (2002), Springer-Verlag New York · Zbl 1043.11079 |

[8] | Serre, Jean-Pierre, Sur le nombre des points rationnels d’une courbe algébrique sur un corps fini, C. R. Acad. Sci. Paris Sér. I Math., 296, 9, 397-402, (1983) · Zbl 0538.14015 |

[9] | Serre, Jean-Pierre, Topics in Galois theory, Research Notes in Mathematics, vol. 1, (2008), A.K. Peters, Ltd. Wellesley, MA, with notes by Henri Darmon |

[10] | Stichtenoth, Henning, Algebraic function fields and codes, Graduate Texts in Mathematics, vol. 254, (2009), Springer-Verlag Berlin · Zbl 1155.14022 |

[11] | Voloch, José Felipe, Symmetric cryptography and algebraic curves, (Algebraic Geometry and Its Applications, Ser. Number Theory Appl., vol. 5, (2008), World Sci. Publ. Hackensack, NJ), 135-141 · Zbl 1151.14319 |

This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.