Invertible transformations over n-bit words are essential ingredients in many cryptographic constructions. When n is small (e.g., n = 8) we can compactly represent any such transformation as a lookup table, but when n is large (e.g., n = 64) we usually have to represent it as a composition of simpler operations such as linear mappings, S-P networks, Feistel structures, etc. Since these cryptographic constructions are often implemented in software on standard microprocessors, we are particularly interested in invertible univariate or multivariate transformations which can be implemented as small compositions of basic machine instructions on 32 or 64 bit words. In this paper we introduce a new class of provably invertible mappings which can mix arithmetic operations (negation, addition, subtraction, multiplication) and boolean operations (not, xor, and, or), are highly efficient, and have desirable cryptographic properties. In particular, we show that for any n the mapping x ? x + (x2 ? C) (mod 2n) is a permutation with a single cycle of length 2n iff both the least significant bit and the third least significant bit in the constant C are 1.
[1]
R. Rivest.
Permutation Polynomials Modulo 2w
,
2001
.
[2]
Vladimir Furman.
Differential Cryptanalysis of Nimbus
,
2001,
FSE.
[3]
Adi Shamir,et al.
Efficient Signature Schemes Based on Birational Permutations
,
1993,
CRYPTO.
[4]
Ralph Howard,et al.
Data encryption standard
,
1987
.
[5]
Eli Biham,et al.
A Fast New DES Implementation in Software
,
1997,
FSE.
[6]
Markus Schneider,et al.
Spatial Data Types for Database Systems
,
1997,
Lecture Notes in Computer Science.
[7]
H. Feistel.
Cryptography and Computer Privacy
,
1973
.
[8]
Shiho Moriai,et al.
Efficient Algorithms for Computing Differential Properties of Addition
,
2001,
FSE.
[9]
Juan Soto,et al.
Randomness Testing of the AES Candidate Algorithms
,
1999
.
[10]
Bruce Schneier,et al.
Unbalanced Feistel Networks and Block Cipher Design
,
1996,
FSE.