Highly nonlinear s-boxes with reduced bound on maximum correlation (extended abstract)
暂无分享,去创建一个
In this paper, we consider S-boxes with n (odd) input bits and m 2 output bits as combiners in stream cipher systems. We construct two classes of balanced S-boxes with nonlinearity 2 n 1 2 (n 1)/2 for protection against correlation and linear approximation attacks. However, having a high nonlinearity may not be sucient for security. Zhang and Chan [3] considered a more general correlation attack by using a nonlinear function of output bits. In this case, we will require the maximum correlation coecients to be low in order to protect against their attack. They proved an upper bound for maximum correlation that is low for functions with high nonlinearity. We improve their result for our S-boxes by reducing their upper bound by a factor of p 2. Thus, our S-boxes are more secure against general correlation attacks. Besides having high nonlinearity and reduced upper bound on maximum correlation, our S-boxes can also achieve high algebraic degree and low maximal dierential. The Hadamard transform of a function f : GF(2 n ) ! GF(2) is ˆ f( ) = P x2GF(2n) ( 1) Tr n 1 (x )+f(x) . Let n be odd. We say the function f(x) = Tr n(x r ) is maximally nonlinear [1] if its Hadamard Transform ˆ f( ) only takes the values 0,±2 (n+1)/2 for all .
[1] Hans Dobbertin,et al. Almost Perfect Nonlinear Power Functions on GF(2n): The Welch Case , 1999, IEEE Trans. Inf. Theory.
[2] Mark Goresky,et al. Cascaded GMW Sequences , 1991, Proceedings. 1991 IEEE International Symposium on Information Theory.
[3] Agnes Hui Chan,et al. Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers , 2000, CRYPTO.
[4] Mark Goresky,et al. Cascaded GMW sequences , 1993, IEEE Trans. Inf. Theory.