Affine Equivalent - Explore the Science & Experts | ideXlab


Scan Science and Technology

Contact Leading Edge Experts & Companies

Affine Equivalent

The Experts below are selected from a list of 7959 Experts worldwide ranked by ideXlab platform

Affine Equivalent – Free Register to Access Experts & Abstracts

Sumanta Sarkar – One of the best experts on this subject based on the ideXlab platform.

  • on the relationship between resilient boolean functions and linear branch number of s boxes
    International Conference on Cryptology in India, 2019
    Co-Authors: Sumanta Sarkar, Kalikinkar Mandal, Dhiman Saha

    Abstract:

    Differential branch number and linear branch number are critical for the security of symmetric ciphers. The recent trend in the designs like PRESENT block cipher, ASCON authenticated encryption shows that applying S-boxes that have nontrivial differential and linear branch number can significantly reduce the number of rounds. As we see in the literature that the class of \(4\times 4\) S-boxes have been well-analysed, however, a little is known about the \(n \times n\) S-boxes for \(n \ge 5\). For instance, the complete classification of \(5 \times 5\) Affine Equivalent S-boxes is still unknown. Therefore, it is challenging to obtain “the best” S-boxes with dimension \(\ge \)5 that can be used in symmetric cipher designs. In this article, we present a novel approach to construct S-boxes that identifies classes of \(n \times n\) S-boxes (\(n = 5, 6\)) with differential branch number 3 and linear branch number 3, and ensures other cryptographic properties. To the best of our knowledge, we are the first to report \(6\times 6\) S-boxes with linear branch number 3, differential branch number 3, and with other good cryptographic properties such as nonlinearity 24 and differential uniformity 4.

    Free Register to Access Article

  • differential power analysis in hamming weight model how to choose among extended Affine Equivalent s boxes
    International Conference on Cryptology in India, 2014
    Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik Chakraborty

    Abstract:

    From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.

    Free Register to Access Article

  • INDOCRYPT – Differential Power Analysis in Hamming Weight Model: How to Choose among (Extended) Affine Equivalent S-boxes
    Progress in Cryptology — INDOCRYPT 2014, 2014
    Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik Chakraborty

    Abstract:

    From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.

    Free Register to Access Article

Kaushik Chakraborty – One of the best experts on this subject based on the ideXlab platform.

  • differential power analysis in hamming weight model how to choose among extended Affine Equivalent s boxes
    International Conference on Cryptology in India, 2014
    Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik Chakraborty

    Abstract:

    From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.

    Free Register to Access Article

  • INDOCRYPT – Differential Power Analysis in Hamming Weight Model: How to Choose among (Extended) Affine Equivalent S-boxes
    Progress in Cryptology — INDOCRYPT 2014, 2014
    Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik Chakraborty

    Abstract:

    From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.

    Free Register to Access Article

Subhamoy Maitra – One of the best experts on this subject based on the ideXlab platform.

  • differential power analysis in hamming weight model how to choose among extended Affine Equivalent s boxes
    International Conference on Cryptology in India, 2014
    Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik Chakraborty

    Abstract:

    From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.

    Free Register to Access Article

  • INDOCRYPT – Differential Power Analysis in Hamming Weight Model: How to Choose among (Extended) Affine Equivalent S-boxes
    Progress in Cryptology — INDOCRYPT 2014, 2014
    Co-Authors: Sumanta Sarkar, Subhamoy Maitra, Kaushik Chakraborty

    Abstract:

    From the first principle, we concentrate on the Differential Power Analysis (DPA) in the Hamming weight model. Based on the power related data of an \((n, n)\) permutation S-box, we propose a spectrum (we call it Relative Power Spectrum, RPS in short) at \(2^n\) points each providing a vector containing \(n\) coordinates. Each coordinate contains the data related to single-bit DPA, and taking them together we provide relevant results in the domain of multi-bit DPA. For two Affine Equivalent \((n,n)\) permutation S-boxes \(F\) and \(G\), such that \(G(x) = F(Ax \oplus b)\), where \(A\) is a linear permutation (nonsingular binary matrix) and \(b\) is an \(n\)-bit vector, the RPSs of \(F\) and \(G\) are permutations of each other. However, this is not true in general when \(F\) and \(G\) are Affine or extended Affine Equivalent, i.e., \(G(x) = B(F(Ax \oplus b)) \oplus L(x) \oplus c\), where \(B\) is a linear permutation, \(L\) is a linear mapping, and \(c\) is an \(n\)-bit vector. In such a case, the RPSs of \(F\) and \(G\) may not be related by permutation and may contain completely different vectors. We provide the effect of this in terms of DPA both in noise-free and noisy scenarios. Our results guide the designer to choose one S-box among all those in the same (extended) Affine equivalence class when DPA in the Hamming weight model is considered. This is an instance where cryptographic advantage is attained by applying (extended) Affine equivalence. For example, we provide a family of S-boxes that should replace the \((4, 4)\) S-boxes proposed in relation to the PRINCE block cipher.

    Free Register to Access Article

  • On Affine (non)equivalence of Boolean functions
    Computing, 2009
    Co-Authors: Sugata Gangopadhyay, Sumanta Sarkar, Deepmala Sharma, Subhamoy Maitra

    Abstract:

    In this paper we construct a multiset S ( f ) of a Boolean function f consisting of the weights of the second derivatives of the function f with respect to all distinct two-dimensional subspaces of the domain. We refer to S ( f ) as the second derivative spectrum of f . The frequency distribution of the weights of these second derivatives is referred to as the weight distribution of the second derivative spectrum. It is demonstrated in this paper that this weight distribution can be used to distinguish Affine nonEquivalent Boolean functions. Given a Boolean function f on n variables we present an efficient algorithm having O ( n 2^2 n ) time complexity to compute S ( f ). Using this weight distribution we show that all the 6-variable Affine nonEquivalent bents can be distinguished. We study the subclass of partial-spreads type bent functions known as PS _ ap type bents. Six different weight distributions are obtained from the set of PS _ ap bents on 8-variables. Using the second derivative spectrum we show that there exist 6 and 8 variable bent functions which are not Affine Equivalent to rotation symmetric bent functions. Lastly we prove that no non-quadratic Kasami bent function is Affine Equivalent to Maiorana–MacFarland type bent functions.

    Free Register to Access Article