The Experts below are selected from a list of 7959 Experts worldwide ranked by ideXlab platform
Sumanta Sarkar - One of the best experts on this subject based on the ideXlab platform.
-
on the relationship between resilient boolean functions and linear branch number of s boxes
International Conference on Cryptology in India, 2019Co-Authors: Sumanta Sarkar, Kalikinkar Mandal, Dhiman SahaAbstract:Differential branch number and linear branch number are critical for the security of symmetric ciphers. The recent trend in the designs like PRESENT block cipher, ASCON authenticated encryption shows that applying S-boxes that have nontrivial differential and linear branch number can significantly reduce the number of rounds. As we see in the literature that the class of \(4\times 4\) S-boxes have been well-analysed, however, a little is known about the \(n \times n\) S-boxes for \(n \ge 5\). For instance, the complete classification of \(5 \times 5\) Affine Equivalent S-boxes is still unknown. Therefore, it is challenging to obtain “the best” S-boxes with dimension \(\ge \)5 that can be used in symmetric cipher designs. In this article, we present a novel approach to construct S-boxes that identifies classes of \(n \times n\) S-boxes (\(n = 5, 6\)) with differential branch number 3 and linear branch number 3, and ensures other cryptographic properties. To the best of our knowledge, we are the first to report \(6\times 6\) S-boxes with linear branch number 3, differential branch number 3, and with other good cryptographic properties such as nonlinearity 24 and differential uniformity 4.
-
differential power analysis in hamming weight model how to choose among extended Affine Equivalent s boxes
International Conference on Cryptology in India, 2014Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.
-
INDOCRYPT - Differential Power Analysis in Hamming Weight Model: How to Choose among (Extended) Affine Equivalent S-boxes
Progress in Cryptology -- INDOCRYPT 2014, 2014Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.
-
On Affine (non)equivalence of Boolean functions
Computing, 2009Co-Authors: Sugata Gangopadhyay, Sumanta Sarkar, Deepmala Sharma, Subhamoy MaitraAbstract:In this paper we construct a multiset S ( f ) of a Boolean function f consisting of the weights of the second derivatives of the function f with respect to all distinct two-dimensional subspaces of the domain. We refer to S ( f ) as the second derivative spectrum of f . The frequency distribution of the weights of these second derivatives is referred to as the weight distribution of the second derivative spectrum. It is demonstrated in this paper that this weight distribution can be used to distinguish Affine nonEquivalent Boolean functions. Given a Boolean function f on n variables we present an efficient algorithm having O ( n 2^2 n ) time complexity to compute S ( f ). Using this weight distribution we show that all the 6-variable Affine nonEquivalent bents can be distinguished. We study the subclass of partial-spreads type bent functions known as PS _ ap type bents. Six different weight distributions are obtained from the set of PS _ ap bents on 8-variables. Using the second derivative spectrum we show that there exist 6 and 8 variable bent functions which are not Affine Equivalent to rotation symmetric bent functions. Lastly we prove that no non-quadratic Kasami bent function is Affine Equivalent to Maiorana–MacFarland type bent functions.
Kaushik Chakraborty - One of the best experts on this subject based on the ideXlab platform.
-
differential power analysis in hamming weight model how to choose among extended Affine Equivalent s boxes
International Conference on Cryptology in India, 2014Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.
-
INDOCRYPT - Differential Power Analysis in Hamming Weight Model: How to Choose among (Extended) Affine Equivalent S-boxes
Progress in Cryptology -- INDOCRYPT 2014, 2014Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.
Subhamoy Maitra - One of the best experts on this subject based on the ideXlab platform.
-
differential power analysis in hamming weight model how to choose among extended Affine Equivalent s boxes
International Conference on Cryptology in India, 2014Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.
-
INDOCRYPT - Differential Power Analysis in Hamming Weight Model: How to Choose among (Extended) Affine Equivalent S-boxes
Progress in Cryptology -- INDOCRYPT 2014, 2014Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.
-
On Affine (non)equivalence of Boolean functions
Computing, 2009Co-Authors: Sugata Gangopadhyay, Sumanta Sarkar, Deepmala Sharma, Subhamoy MaitraAbstract:In this paper we construct a multiset S ( f ) of a Boolean function f consisting of the weights of the second derivatives of the function f with respect to all distinct two-dimensional subspaces of the domain. We refer to S ( f ) as the second derivative spectrum of f . The frequency distribution of the weights of these second derivatives is referred to as the weight distribution of the second derivative spectrum. It is demonstrated in this paper that this weight distribution can be used to distinguish Affine nonEquivalent Boolean functions. Given a Boolean function f on n variables we present an efficient algorithm having O ( n 2^2 n ) time complexity to compute S ( f ). Using this weight distribution we show that all the 6-variable Affine nonEquivalent bents can be distinguished. We study the subclass of partial-spreads type bent functions known as PS _ ap type bents. Six different weight distributions are obtained from the set of PS _ ap bents on 8-variables. Using the second derivative spectrum we show that there exist 6 and 8 variable bent functions which are not Affine Equivalent to rotation symmetric bent functions. Lastly we prove that no non-quadratic Kasami bent function is Affine Equivalent to Maiorana–MacFarland type bent functions.
J. P. Ward - One of the best experts on this subject based on the ideXlab platform.
-
In search for a perfect shape of polyhedra: Buffon transformation
L’Enseignement Mathématique, 2015Co-Authors: Veronika Schreiber, Alexander P. Veselov, J. P. WardAbstract:For an arbitrary polygon generate a new one by joining the centres of consecutive edges. Iteration of this procedure leads to a shape which is Affine Equivalent to a regular polygon. This regularisation effect is usually ascribed to Count Buff on (1707–1788). We discuss a natural analogue of this procedure for 3-dimensional polyhedra, which leads to a new notion of Affine B -regular polyhedra. The main result is the proof of existence of star-shaped Affine $$-regular polyhedra with prescribed combinatorial structure, under partial symmetry and simpliciality assumptions. The proof is based on deep results from spectral graph theory due to Colin de Verdiere and Lovasz.
-
In search for a perfect shape of polyhedra: Buffon transformation
arXiv: Spectral Theory, 2014Co-Authors: Veronika Schreiber, Alexander P. Veselov, J. P. WardAbstract:For an arbitrary polygon consider a new one by joining the centres of consecutive edges. Iteration of this procedure leads to a shape which is Affine Equivalent to a regular polygon. This regularisation effect is usually ascribed to Count Buffon (1707-1788). We discuss a natural analogue of this procedure for 3-dimensional polyhedra, which leads to a new notion of Affine $B$-regular polyhedra. The main result is the proof of existence of star-shaped Affine $B$-regular polyhedra with prescribed combinatorial structure, under partial symmetry and simpliciality assumptions. The proof is based on deep results from spectral graph theory due to Colin de Verdiere and Lovasz.
Mustafa Unel - One of the best experts on this subject based on the ideXlab platform.
-
3D object recognition using invariants of 2D projection curves
Pattern Analysis and Applications, 2010Co-Authors: Mustafa Unel, Erol Ozgur, Octavian Soldea, Alp BassaAbstract:This paper presents a new method for recognizing 3D objects based on the comparison of invariants of their 2D projection curves. We show that Euclidean Equivalent 3D surfaces imply Affine Equivalent 2D projection curves that are obtained from the projection of cross-section curves of the surfaces onto the coordinate planes. Planes used to extract cross-section curves are chosen to be orthogonal to the principal axes of the defining surfaces. Projection curves are represented using implicit polynomial equations. Affine algebraic and geometric invariants of projection curves are constructed and compared under a variety of distance measures. Results are verified by several experiments with objects from different classes and within the same class.
-
3D object recognition using invariants of 2D projection curves
Pattern Analysis and Applications, 2010Co-Authors: Mustafa Unel, Erol Ozgur, Octavian Soldea, Alp BassaAbstract:This paper presents a new method for recognizing 3D objects based on the comparison of invariants of their 2D projection curves. We show that Euclidean Equivalent 3D surfaces imply Affine Equivalent 2D projection curves that are obtained from the projection of cross-section curves of the surfaces onto the coordinate planes. Planes used to extract cross-section curves are chosen to be orthogonal to the principal axes of the defining surfaces. Projection curves are represented using implicit polynomial equations. Affine algebraic and geometric invariants of projection curves are constructed and compared under a variety of distance measures. Results are verified by several experiments with objects from different classes and within the same class.
-
Identifying and comparing 3D surfaces using 2D projection curves
2008Co-Authors: Mustafa Unel, Alp Bassa, Erol OzgurAbstract:A new method is presented for identifying and comparing 3D objects represented by closed-bounded algebraic surfaces. It is shown that Euclidean Equivalent 3D surfaces imply Affine Equivalent 2D projection curves that are obtained from the projection of cross section curves of the surfaces onto the coordinate planes. Planes used to extract cross section curves are chosen to be orthogonal to the principal axes of the defining surfaces. Affine invariants of projection curves are constructed and compared under a similarity measure. Results are verified by several experiments.
-
The determination of implicit polynomial canonical curves
IEEE Transactions on Pattern Analysis and Machine Intelligence, 1998Co-Authors: William A. Wolovich, Mustafa UnelAbstract:A new method is presented for identifying and comparing closed, bounded, free-form curves that are defined by even implicit polynomial (IP) equations in the X-Y Cartesian coordinates. The method provides a new expression for an IP involving a product of conic factors with unique conic factor centers. The critical points for an IP curve are also defined. The conic factor centers and the critical points are shown to be useful related points that directly map to one another under Affine transformations. In particular, the explicit determination of such points implies both a canonical form for the curves and the transformation matrix which relates Affine Equivalent curves.