Highly nonlinear balanced S-boxes with improved bound on unrestricted and generalized nonlinearity

We construct two classes of balanced S-boxes with high nonlinearity 2n-1−2(n-1)/2 for n odd. From known results, it can be deduced that for any S-box which has nonlinearity 2n-1−2(n-1)/2, the unrestricted nonlinearity is lower bounded by 2n-1−2(m+n-1)/2 while the generalized nonlinearity is lower bounded by 2n-1−(2m−1)2(n-1)/2. We prove that the lower bound on the unrestricted nonlinearity of both our S-box constructions can be increased to 2n-1−2(m+n)/2-1. For the first class of S-box, the lower bound on generalized nonlinearity can be increased to 2n-1−2(n-1)/2+m-1. For the second class, the generalized nonlinearity is proven to be exactly 2n-1−2(m+n)/2-1, which is much higher than the lower bound for our first construction. The first class of S-boxes have low maximum differential while the second class corresponds to GMW sequences, whose algebraic structure allows us to construct a larger family of S-boxes. Moreover, both classes of S-boxes can attain high algebraic degree. We also compare our constructions with some known functions with high unrestricted and/or generalized nonlinearity.

[1]  Robert Gold,et al.  Maximal recursive sequences with 3-valued recursive cross-correlation functions (Corresp.) , 1968, IEEE Trans. Inf. Theory.

[2]  Thomas Siegenthaler,et al.  Decrypting a Class of Stream Ciphers Using Ciphertext Only , 1985, IEEE Transactions on Computers.

[3]  F. MacWilliams,et al.  The Theory of Error-Correcting Codes , 1977 .

[4]  Claude Carlet,et al.  On an improved correlation analysis of stream ciphers using multi-output Boolean functions and the related generalized notion of nonlinearity , 2007, Adv. Math. Commun..

[5]  Claude Carlet,et al.  On a New Notion of Nonlinearity Relevant to Multi-output Pseudo-random Generators , 2003, Selected Areas in Cryptography.

[6]  Anne Canteaut,et al.  Weight Divisibility of Cyclic Codes, Highly Nonlinear Functions on F2m, and Crosscorrelation of Maximum-Length Sequences , 2000, SIAM J. Discret. Math..

[7]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[8]  Jennifer Seberry,et al.  Nonlinearly Balanced Boolean Functions and Their Propagation Characteristics (Extended Abstract) , 1993, CRYPTO.

[9]  Anne Canteaut,et al.  Binary m-sequences with three-valued crosscorrelation: A proof of Welch's conjecture , 2000, IEEE Trans. Inf. Theory.

[10]  Tadao Kasami,et al.  The Weight Enumerators for Several Clauses of Subcodes of the 2nd Order Binary Reed-Muller Codes , 1971, Inf. Control..

[11]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[12]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[13]  Kaisa Nyberg,et al.  Perfect Nonlinear S-Boxes , 1991, EUROCRYPT.

[14]  Agnes Hui Chan,et al.  Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers , 2000, CRYPTO.

[15]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[16]  Mark Goresky,et al.  Cascaded GMW sequences , 1993, IEEE Trans. Inf. Theory.

[17]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[18]  Guang Gong,et al.  Q-ary cascaded GMW sequences , 1996, IEEE Trans. Inf. Theory.

[19]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[20]  Nicholas J. Patterson,et al.  Correction to 'The covering radius of the (215, 16) Reed-Muller code is at least 16276' (May 83 354-356) , 1990, IEEE Trans. Inf. Theory.

[21]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[22]  H. Hollmann,et al.  A Proof of the Welch and Niho Conjectures on Cross-Correlations of Binary m-Sequences , 2001 .

[23]  Guang Gong,et al.  Signal Design for Good Correlation: For Wireless Communication, Cryptography, and Radar , 2005 .

[24]  John F. Dillon,et al.  Multiplicative Difference Sets via Additive Characters , 1999, Des. Codes Cryptogr..

[25]  Guang Gong,et al.  New Constructions for Resilient and Highly Nonlinear Boolean Functions , 2003, ACISP.

[26]  Guang Gong,et al.  Highly nonlinear s-boxes with reduced bound on maximum correlation (extended abstract) , 2003, IEEE International Symposium on Information Theory, 2003. Proceedings..

[27]  Palash Sarkar,et al.  Construction of Nonlinear Boolean Functions with Important Cryptographic Properties , 2000, EUROCRYPT.

[28]  Mark Goresky,et al.  Cascaded GMW Sequences , 1991, Proceedings. 1991 IEEE International Symposium on Information Theory.

[29]  Claude Carlet,et al.  Generalized Correlation Analysis of Vectorial Boolean Functions , 2007, FSE.

[30]  Cunsheng Ding,et al.  On Almost Perfect Nonlinear Permutations , 1994, EUROCRYPT.

[31]  Nicholas J. Patterson,et al.  The covering radius of the (215, 16) Reed-Muller code is at least 16276 , 1983, IEEE Trans. Inf. Theory.

[32]  Serge Vaudenay,et al.  Links Between Differential and Linear Cryptanalysis , 1994, EUROCRYPT.