Skip to Main content Skip to Navigation
New interface
Conference papers

A new criterion for avoiding the propagation of linear relations through an Sbox

Abstract : In several cryptographic primitives, Sboxes of small size are used to provide nonlinearity. After several iterations, all the output bits of the primitive are ideally supposed to depend in a nonlinear way on all of the input variables. However, in some cases, it is possible to find some output bits that depend in an affine way on a small number of input bits if the other input bits are fixed to a well-chosen value. Such situations are for example exploited in cube attacks or in attacks like the one presented by Fuhr against the hash function Hamsi. Here, we define a new property for nonlinear Sboxes, named $(v,w)$-linearity, which means that $2^w$ components of an Sbox are affine on all cosets of a $v$-dimensional subspace. This property is related to the generalization of the so-called Maiorana-McFarland construction for Boolean functions. We show that this concept quantifies the ability of an Sbox to propagate affine relations. As a proof of concept, we exploit this new notion for analyzing and slightly improving Fuhr's attack against Hamsi and we show that its success strongly depends on the $(v,w)$-linearity of the involved Sbox.
Document type :
Conference papers
Complete list of metadata

Cited literature [22 references]  Display  Hide  Download
Contributor : Anne Canteaut Connect in order to contact the contributor
Submitted on : Wednesday, January 15, 2014 - 2:17:18 PM
Last modification on : Friday, January 21, 2022 - 3:14:48 AM
Long-term archiving on: : Tuesday, April 15, 2014 - 10:46:44 PM


Files produced by the author(s)




Christina Boura, Anne Canteaut. A new criterion for avoiding the propagation of linear relations through an Sbox. Fast Software Encryption - FSE 2013, Mar 2013, Singapore, Singapore. pp.585--604, ⟨10.1007/978-3-662-43933-3_30⟩. ⟨hal-00931535⟩



Record views


Files downloads