zbMATH — the first resource for mathematics

Extremal generalized S-boxes. (English) Zbl 1082.06502
Summary: It is well known that there does not exist a Boolean function \( f\:\mathbb Z^m_2\to \mathbb Z^n_2\) satisfying both basic cryptologic criteria, balancedness and perfect nonlinearity. Previously, O. Grošek, L.  Satko and K. Nemoga [“Ideal difference tables from an algebraic point of view”, in: P. Caballero-Gil et al. (eds.), Proceedings of VI RECSI, Tenerife, Spain, September 2000, 43–53 (2000)] have shown that, if we use as domain a quasigroup \(G\) instead of the group \(\mathbb Z^n_2\), one can find functions which are at the same time balanced and perfectly nonlinear. Such functions have completely flat difference table. Further, the attention is turned towards the worst case when all lines of the Cayley table of \(G\) define the so-called linear structure of \(f\) [S. Dubuc, “Characterization of linear structures”, Des. Codes Cryptography 22, 33–45 (2001; Zbl 0963.94021)]. This problem is solved in both directions: We describe all such bijections \(f\: G\to \mathbb Z^n_2\), for a given quasigroup \(| G| = 2^n\), and describe such quasigroups for a given function \(f\).
06E30 Boolean functions
94A60 Cryptography
11T71 Algebraic coding theory; cryptography (number-theoretic aspects)