Scan Science and Technology
Contact Leading Edge Experts & Companies
Affine Equivalent
The Experts below are selected from a list of 7959 Experts worldwide ranked by ideXlab platform
Sumanta Sarkar – One of the best experts on this subject based on the ideXlab platform.

on the relationship between resilient boolean functions and linear branch number of s boxes
International Conference on Cryptology in India, 2019CoAuthors: Sumanta Sarkar, Kalikinkar Mandal, Dhiman SahaAbstract:Differential branch number and linear branch number are critical for the security of symmetric ciphers. The recent trend in the designs like PRESENT block cipher, ASCON authenticated encryption shows that applying Sboxes that have nontrivial differential and linear branch number can significantly reduce the number of rounds. As we see in the literature that the class of \(4\times 4\) Sboxes have been wellanalysed, however, a little is known about the \(n \times n\) Sboxes for \(n \ge 5\). For instance, the complete classification of \(5 \times 5\) Affine Equivalent Sboxes is still unknown. Therefore, it is challenging to obtain “the best” Sboxes with dimension \(\ge \)5 that can be used in symmetric cipher designs. In this article, we present a novel approach to construct Sboxes that identifies classes of \(n \times n\) Sboxes (\(n = 5, 6\)) with differential branch number 3 and linear branch number 3, and ensures other cryptographic properties. To the best of our knowledge, we are the first to report \(6\times 6\) Sboxes with linear branch number 3, differential branch number 3, and with other good cryptographic properties such as nonlinearity 24 and differential uniformity 4.

differential power analysis in hamming weight model how to choose among extended Affine Equivalent s boxes
International Conference on Cryptology in India, 2014CoAuthors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation Sbox, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to singlebit DPA, and taking them together we provide relevant results in the domain of multibit DPA. For two Affine Equivalent \((n,n)\) permutation Sboxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noisefree and noisy scenarios. Our results guide the designer to choose one Sbox among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of Sboxes that should replace the \((4, 4)\) Sboxes proposed in relation to the PRINCE block cipher.

INDOCRYPT – Differential Power Analysis in Hamming Weight Model: How to Choose among (Extended) Affine Equivalent Sboxes
Progress in Cryptology — INDOCRYPT 2014, 2014CoAuthors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation Sbox, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to singlebit DPA, and taking them together we provide relevant results in the domain of multibit DPA. For two Affine Equivalent \((n,n)\) permutation Sboxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noisefree and noisy scenarios. Our results guide the designer to choose one Sbox among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of Sboxes that should replace the \((4, 4)\) Sboxes proposed in relation to the PRINCE block cipher.
Kaushik Chakraborty – One of the best experts on this subject based on the ideXlab platform.

differential power analysis in hamming weight model how to choose among extended Affine Equivalent s boxes
International Conference on Cryptology in India, 2014CoAuthors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation Sbox, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to singlebit DPA, and taking them together we provide relevant results in the domain of multibit DPA. For two Affine Equivalent \((n,n)\) permutation Sboxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noisefree and noisy scenarios. Our results guide the designer to choose one Sbox among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of Sboxes that should replace the \((4, 4)\) Sboxes proposed in relation to the PRINCE block cipher.

INDOCRYPT – Differential Power Analysis in Hamming Weight Model: How to Choose among (Extended) Affine Equivalent Sboxes
Progress in Cryptology — INDOCRYPT 2014, 2014CoAuthors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation Sbox, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to singlebit DPA, and taking them together we provide relevant results in the domain of multibit DPA. For two Affine Equivalent \((n,n)\) permutation Sboxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noisefree and noisy scenarios. Our results guide the designer to choose one Sbox among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of Sboxes that should replace the \((4, 4)\) Sboxes proposed in relation to the PRINCE block cipher.
Subhamoy Maitra – One of the best experts on this subject based on the ideXlab platform.

differential power analysis in hamming weight model how to choose among extended Affine Equivalent s boxes
International Conference on Cryptology in India, 2014CoAuthors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation Sbox, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to singlebit DPA, and taking them together we provide relevant results in the domain of multibit DPA. For two Affine Equivalent \((n,n)\) permutation Sboxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noisefree and noisy scenarios. Our results guide the designer to choose one Sbox among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of Sboxes that should replace the \((4, 4)\) Sboxes proposed in relation to the PRINCE block cipher.

INDOCRYPT – Differential Power Analysis in Hamming Weight Model: How to Choose among (Extended) Affine Equivalent Sboxes
Progress in Cryptology — INDOCRYPT 2014, 2014CoAuthors: Sumanta Sarkar, Subhamoy Maitra, Kaushik ChakrabortyAbstract:From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation Sbox, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to singlebit DPA, and taking them together we provide relevant results in the domain of multibit DPA. For two Affine Equivalent \((n,n)\) permutation Sboxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noisefree and noisy scenarios. Our results guide the designer to choose one Sbox among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of Sboxes that should replace the \((4, 4)\) Sboxes proposed in relation to the PRINCE block cipher.

On Affine (non)equivalence of Boolean functions
Computing, 2009CoAuthors: Sugata Gangopadhyay, Sumanta Sarkar, Deepmala Sharma, Subhamoy MaitraAbstract:In this paper we construct a multiset S ( f ) of a Boolean function f consisting of the weights of the second derivatives of the function f with respect to all distinct twodimensional subspaces of the domain. We refer to S ( f ) as the second derivative spectrum of f . The frequency distribution of the weights of these second derivatives is referred to as the weight distribution of the second derivative spectrum. It is demonstrated in this paper that this weight distribution can be used to distinguish Affine nonEquivalent Boolean functions. Given a Boolean function f on n variables we present an efficient algorithm having O ( n 2^2 n ) time complexity to compute S ( f ). Using this weight distribution we show that all the 6variable Affine nonEquivalent bents can be distinguished. We study the subclass of partialspreads type bent functions known as PS _ ap type bents. Six different weight distributions are obtained from the set of PS _ ap bents on 8variables. Using the second derivative spectrum we show that there exist 6 and 8 variable bent functions which are not Affine Equivalent to rotation symmetric bent functions. Lastly we prove that no nonquadratic Kasami bent function is Affine Equivalent to Maiorana–MacFarland type bent functions.