# A new criterion for avoiding the propagation of linear relations through an Sbox

Abstract : In several cryptographic primitives, Sboxes of small size are used to provide nonlinearity. After several iterations, all the output bits of the primitive are ideally supposed to depend in a nonlinear way on all of the input variables. However, in some cases, it is possible to find some output bits that depend in an affine way on a small number of input bits if the other input bits are fixed to a well-chosen value. Such situations are for example exploited in cube attacks or in attacks like the one presented by Fuhr against the hash function Hamsi. Here, we define a new property for nonlinear Sboxes, named $(v,w)$-linearity, which means that $2^w$ components of an Sbox are affine on all cosets of a $v$-dimensional subspace. This property is related to the generalization of the so-called Maiorana-McFarland construction for Boolean functions. We show that this concept quantifies the ability of an Sbox to propagate affine relations. As a proof of concept, we exploit this new notion for analyzing and slightly improving Fuhr's attack against Hamsi and we show that its success strongly depends on the $(v,w)$-linearity of the involved Sbox.
Keywords :
Document type :
Conference papers

Cited literature [22 references]

https://hal.inria.fr/hal-00931535
Contributor : Anne Canteaut <>
Submitted on : Wednesday, January 15, 2014 - 2:17:18 PM
Last modification on : Tuesday, July 16, 2019 - 1:12:54 PM
Long-term archiving on: Tuesday, April 15, 2014 - 10:46:44 PM

### File

iacr.pdf
Files produced by the author(s)

### Citation

Christina Boura, Anne Canteaut. A new criterion for avoiding the propagation of linear relations through an Sbox. Fast Software Encryption - FSE 2013, Mar 2013, Singapore, Singapore. pp.585--604, ⟨10.1007/978-3-662-43933-3_30⟩. ⟨hal-00931535⟩

Record views