Home Mathematics On cryptographic properties of (n + 1)-bit S-boxes constructed by known n-bit S-boxes
Article Open Access

On cryptographic properties of (n + 1)-bit S-boxes constructed by known n-bit S-boxes

  • Yu Zhou EMAIL logo , Daoguang Mu and Xinfeng Dong
Published/Copyright: December 8, 2020
Download Article (PDF)
Journal of Mathematical Cryptology
From the journal Journal of Mathematical Cryptology Volume 15 Issue 1

Abstract

S-box is the basic component of symmetric cryptographic algorithms, and its cryptographic properties play a key role in security of the algorithms. In this paper we give the distributions of Walsh spectrum and the distributions of autocorrelation functions for (n + 1)-bit S-boxes in [12]. We obtain the nonlinearity of (n + 1)-bit S-boxes, and one necessary and sufficient conditions of (n + 1)-bit S-boxes satisfying m-order resilient. Meanwhile, we also give one characterization of (n + 1)-bit S-boxes satisfying t-order propagation criterion. Finally, we give one relationship of the sum-of-squares indicators between an n-bit S-box S0 and the (n + 1)-bit S-box S (which is constructed by S0).

Keywords: S-boxes; Walsh spectrum; Autocorrelation distribution
MSC 2010: 94C10; 94A60; 06E30

1 Introduction

S-boxes are the most key components of encryption algorithms, diffusion and confusion [11] are two important properties of a block cipher (such as DES, AES, etc). It is very important to construct an S-box that satisfies the linear and differential properties [2, 9]. There are well studied criteria that a good S-box make the cipher resistant against differential and linear cryptanalyses.

So far, there are two main ways to produce S-boxes.

  1. Test a random S-box.

    First, it is necessary to generate many random S-boxes, and then select S-boxes that meet certain encryption characteristics from the random S-boxes.

  2. Construct an S-box that satisfies certain cryptographic properties through mathematical methods.

In the second way, some results have been obtained.

  1. Based on the disjoint linear codes, Zhang, et al. [14] proposed put up a construction of unknown resilient S-Boxes with strictly almost optimal nonlinearity. These functions reached the Siegenthaler’s bound, and can be of optimal algebraic immunity or suboptimal algebraic immunity. In 2016, a construction of resilient S-boxes with higher-dimensional vectorial outputs and strictly almost optimal non-linearity was presented in [15]. A construction of highly nonlinear (n, m, t, d) resilient S-boxes with given algebraic degree was gave in [6].

  2. In 2014, Li, et al. [8] gave the construction of S-boxes for lightweight ciphers with the feistel structure. Later, the linear and differential cryptanalysis of small-sized random (n, m)-S-boxes were analyzed in [1].

  3. In 2019, Varici, et al. [12] constructed the (n + 1)-bit S-boxes from n-bit S-boxes with known sharings, and investigated the self-equivalency of S-boxes. Meanwhile, the classification of all 3-bit S-boxes and 4-bit S-boxes according to affine equivalency were given for the first time in [4, 7], respectively.

In this paper, we focus on (n + 1)-bit S-boxes constructed by n-bit S-boxes in [12]. From [12], some results on the presence of self-equivalent S-boxes and involutions in affine equivalence classes were presented. But they did not give cryptographic properties of (n + 1)-bit S-boxes, such as resilient, the propagation criterion, the distribution of the Walsh spectrums and the autocorrelation functions, etc. Therefore, we give these cryptographic properties in this paper. These results, which are obtained in this paper, can help us to further understand the cryptographic properties of such construction method.

The organization of this paper is as follows. In Section 2, the basic concepts and notions are presented. In Section 3, we give some cryptographic properties of this construction. Section 4 concludes this paper.

2 Preliminaries

Let 𝔹n be the set of n-variable Boolean functions, and ⊕ be additions in 𝔽2, in F2n and in 𝔹n. Every Boolean function f ∈ 𝔹n admits a unique representation (called its algebraic normal form (ANF)) as a polynomial over 𝔽2:

f(x1,,xn)=a01inaixi1i<jnai,jxixja1,,nx1x2xn

where the coefficients a0, ai, ai,j, ⋯, a1,⋯,n ∈ 𝔽2. The algebraic degree, deg(f), is the number of variables in the highest order term with non-zero coefficient.

The support of a Boolean function f ∈ 𝔹n is defined as Supp(f) = {(x1, ⋯, xn) | f(x1, ⋯, xn) = 1}. We say that a Boolean function f is balanced if its truth table contains an equal numbers of ones and zeros, i.e., if | Supp(f)| = 2n–1. A Boolean function is affine if there exists no term of degree > 1 in the ANF and the set of all affine functions is denoted by 𝔸n. An affine function with its constant term equal to zero is called a linear function.

Definition 2.1

Let f ∈ 𝔹n. The Walsh spectrum of f is defined as

F(fφα)=xF2n(1)f(x)φα(x),αF2n,

where φα(x) = αx = α1x1α2x2 ⊕ ⋯ ⊕ αnxn.

Furthermore, then the nonlinearity of f is defined as

Nf=2n112maxαF2nF(fφα).

f ∈ 𝔹n is m-resilient if and only if 𝓕(fφα) = 0 for all α F2n and wt(α) ≤ m in [13].

Definition 2.2

Let f, g ∈ 𝔹n. The cross-correlation function between f and g is defined as

f,g(α)=xF2n(1)f(x)g(xα),αF2n.

Thus, if f = g, then the auto-correlation function of f ∈ 𝔹n is

f(α)=xF2n(1)f(x)f(xα),αF2n.

Let f, g ∈ 𝔹n, then f and g are perfectly uncorrelated, if △f,g(α) = 0 for any α F2n .

In order to study cross-correlation distributions between any two Boolean functions, we need the following definition:

Definition 2.3

The two indicators (σf and △f) are called the global avalanche characteristics of Boolean functions f, g ∈ 𝔹n (GAC [16]).

σf=αF2n[f(α)]2,f=maxαF2n,wt(α)0nf(α),

where 0n is the zero vector of F2n .

The research of this paper is based on the following construction methods.

Definition 2.4

([12]) Let S1(x) = (t1, t2, ⋯, tn) and S2(x) = (u1, u2, ⋯, un) be two n × n S-boxes (bijections), where x = (x1, x2, ⋯, xn). An (n + 1) × (n + 1) S-box (not always a bijection) 𝔖(x1, x2, ⋯, xn, xn+1) = (y1, y2, ⋯, yn+1):

yi=xn+1ti(1xn+1)ui,i=1,2,,n;yn+1=xn+1F(x)(1xn+1)G(x),

where G, F ∈ 𝔹n.

From Definition 2.4, if xn+1 = 0, then 𝔖(x, xn+1) = (S2(x), G(x)), if xn+1 = 1, then 𝔖(x, xn+1) = (S1(x), F(x)).

Lemma 2.5

([12]) 𝔖 is a bijection if and only if G(x) = F( S11 (S2(x))) ⊕ 1, x F2n .

In this paper, we suppose that S1(x) = S2(x) = S(x) (S1(x), S2(x) are n × n bijections in F2n ) and F(x) = G(x) ⊕ 1 for any x F2n in Lemma 2.5. Then an (n + 1) × (n + 1) S-box (a bijection) 𝔖(x1, x2, ⋯, xn, xn+1) = (y1, y2, ⋯, yn+1) in Definition 2.4 is:

yi=Si,i=1,2,,n;yn+1=xn+1G(x).

3 Main result

In this section, we give the distributions of Walsh spectrum and the autocorrelation functions, respectively.

3.1 The distributions of Walsh spectrum of 𝔖

We give the Walsh spectrum of 𝔖, and obtain some properties in this subsection.

Lemma 3.1

([5]) Let f, g ∈ 𝔹n. For any wt(ω) ≠ 0 and ω F2n , then

F((fg)φω)=F(fφω)+F(gφω)2F(fgφω).

Based on Lemma 3.1 and Definition 2.1, we have Theorem 3.2.

Theorem 3.2

Let 𝔖 be an (n + 1) × (n + 1) bijection. Then the Walsh spectrum 𝓕((v, vn+1) ⋅ 𝔖φ(ω,ωn+1)) (denoted by 𝓕𝔖) of (v, vn+1) ⋅ 𝔖 (v F2n , vn+1 ∈ 𝔽2) satisfies:

FS=2F(vSφω),ωn+1=0,wt(ω)0,vn+1=0;0,ωn+1=0,wt(ω)0,vn+1=1;0,ωn+1=1,wt(ω)0,vn+1=0;2F(vSφω)4F((vS)Gφω)+2F(Gφω),ωn+1=1,wt(ω)0,vn+1=1;2xF2n(1)vS,ωn+1=0,wt(ω)=0,vn+1=0;0,ωn+1=0,wt(ω)=0,vn+1=1;0,ωn+1=1,wt(ω)=0,vn+1=0;2xF2n(1)vSG,ωn+1=1,wt(ω)=0,vn+1=1.

Proof

According to the definition of Walsh spectrum, we have

F((v,vn+1)Sφ(ω,ωn+1))=xF2n,xn+1F2(1)(v,vn+1)Sωxωn+1xn+1=xF2n,xn+1=0(1)(v,vn+1)(S,G)ωx+xF2n,xn+1=1(1)(v,vn+1)(S,G1)ωxωn+1=xF2n(1)(v,vn+1)(S,G)ωx+(1)ωn+1xF2n(1)(v,vn+1)(S,G1)ωx=(1+(1)vn+1ωn+1)xF2n(1)vS(x)vn+1G(x)ωx

We prove it for two cases.

  1. When wt(ω) = 0, that is, ω = 0n. Then 𝓕((v, vn+1) ⋅ 𝔖φ(0n,ωn+1))

    =xF2n(1)(v,vn+1)(S,G)+(1)ωn+1xF2n(1)(v,vn+1)(S,G1)=1+(1)vn+1ωn+1xF2n(1)vS,vn+1G=2xF2n(1)vS,ωn+1=0,wt(ω)=0,vn+1=0;0,ωn+1=0,wt(ω)=0,vn+1=1;0,ωn+1=1,wt(ω)=0,vn+1=0;2xF2n(1)vSG,ωn+1=1,wt(ω)=0,vn+1=1.

  2. When wt(ω) ≠ 0, that is, ω0n. By Lemma 3.1 we have 𝓕((v, vn+1) ⋅ 𝔖φ(ω,ωn+1))

    =xF2n(1)(v,vn+1)(S,G)ωx+(1)ωn+1xF2n(1)(v,vn+1)(S,G1)ωx=(1+(1)vn+1ωn+1F((vSvn+1G)φ(ω,ωn+1))=1+(1)vn+1ωn+1{F((vS)φ(ω))+F((vn+1G)φ(ω))2F((vS)(vn+1G))φ(ω))}=2F((vS)φω),ωn+1=0,wt(ω)0,vn+1=0;0,ωn+1=0,wt(ω)0,vn+1=1;0,ωn+1=1,wt(ω)0,vn+1=0;2[F((vS)φω)+F((G)φω)2F(((vS)G)φω)],ωn+1=1,wt(ω)0,vn+1=1.

Particularly, we obtain Corollary 3.3.

Corollary 3.3

Let 𝔖 be an (n + 1) × (n + 1) bijection. Then the Walsh spectrum 𝓕((v, vn+1) ⋅ 𝔖φ(ω,ωn+1)) (denoted by 𝓕𝔖) of (v, vn+1) ⋅ 𝔖 (v F2n , vn+1 ∈ 𝔽2) satisfies:

  1. When v0n.

    FS=2F(vSφω),ωn+1=0,wt(ω)0,vn+1=0;0,ωn+1=0,wt(ω)0,vn+1=1;0,ωn+1=1,wt(ω)0,vn+1=0;2F(vSφω)4F((vS)Gφω)+2F(Gφω),ωn+1=1,wt(ω)0,vn+1=1;0,ωn+1=0,wt(ω)=0,vn+1=0;0,ωn+1=0,wt(ω)=0,vn+1=1;0,ωn+1=1,wt(ω)=0,vn+1=0;2xF2n(1)vSG,ωn+1=1,wt(ω)=0,vn+1=1.

  2. When v = 0n.

    FS=0,ωn+1=0,wt(ω)0,vn+1=1;2F(Gφω),ωn+1=1,wt(ω)0,vn+1=1;0,ωn+1=0,wt(ω)=0,vn+1=1;2(2n2wt(G)),ωn+1=1,wt(ω)=0,vn+1=1.

Proof

  1. When v0n.

    Because 𝔖 is a bijection, (v, vn+1) ⋅ 𝔖 is a balanced function for any wt(v, vn+1) ≠ 0n+1. Thus, vn+1 = 1 or vn+1 = 0. Note that S is a balanced bijection, thus vS is a balanced function for any wt(v) ≠ 0, that is, xF2n(1)vS=0.

  2. When v = 0n.

    Because 𝔖 is a bijection, vn+1 = 1. Then

    F(vSφω)=F((vS)Gφω)=F(φω)=xF2n(1)ωx=0,ω0n.

Form the distributions of Walsh Spectrum in Theorem 3.2 and Corollary 3.3, we deduce Corollary 3.4.

Corollary 3.4

Let 𝔖 be an (n + 1) × (n + 1) bijection. If G is a balanced function, then the nonlinearity 𝓝(v,vn+1)⋅𝔖 satisfies:

N(v,vn+1)S=2n112Nmax,

where Nmax=max{maxωF2nF(Gφω),maxωF2nF((vS)φω),maxωF2nF((vS)Gφω)}.

Combining the resilient functions and the distributions of Walsh Spectrum, we obtain Corollary 3.5.

Corollary 3.5

Let 𝔖 be an (n + 1) × (n + 1) bijection. If G is a balanced function, then

  1. When v = 0n. (v, vn+1) ⋅ 𝔖 is a t-th resilient function for vn+1 = 1 if and only if G is a t-th resilient function.

  2. When v0n. (v, vn+1) ⋅ 𝔖 is a t-th resilient function for any vn+1 ∈ 𝔽2 and given v if and only if G, vS and (vS) ⋅ G all are t-th resilient functions.

3.2 The distributions of the autocorrelation function of 𝔖

Based on Definition 2.2 and Definition 2.4, we give the distributions of the autocorrelation function of this S-box.

Theorem 3.6

Let 𝔖 be an (n + 1) × (n + 1) bijection. Then the autocorrelation function of (v, vn+1) ⋅ 𝔖 (v F2n , vn+1 ∈ 𝔽2) satisfies:

((v,vn+1)S)(α,αn+1)=2(vS)(α),αn+1=0,vn+1=0;2(vS)G(α),αn+1=0,vn+1=1;2(vS)(α),αn+1=1,vn+1=0;2(vS)G(α),αn+1=1,vn+1=1;αF2n.

Proof

According to the autocorrelation function, we have △((v,vn+1)⋅𝔖)(α, αn+1) (denoted by △𝔖).

S=xF2n,xn+1F2(1)(v,vn+1)S(x,xn+1)(v,vn+1)S(xα,xn+1αn+1)=xF2n,xn+1=0(1)(v,vn+1)S(x,0)(v,vn+1)S(xα,αn+1)denotedbyI1+xF2n,xn+1=1(1)(v,vn+1)S(x,1)(v,vn+1)S(xα,1αn+1)denotedbyI2=I1+I2.

According to the expression of 𝔖 in Definition 2.4, we have

I1=xF2n{(1)(vS(x))αn+1(vS(xα))(1αn+1)(vS(xα))vn+1G(x)(1)vn+1αn+1(G(xα)1)vn+1(1αn+1)G(xα)}=(1)αn+1vn+1xF2n(1)(v(SS(xα)))vn+1(G(x)G(xα))=(vS)(α),αn+1=0,vn+1=0;(vS)G(α),αn+1=0,vn+1=1;(vS)(α),αn+1=1,vn+1=0;(vS)G(α),αn+1=1,vn+1=1.

and

I2=xF2n{(1)(vS(x))(1αn+1)(vS(x))αn+1(vS(xα))vn+1G(x)(1)vn+1(1αn+1)vn+1G(xα)vn+1(1αn+1)vn+1αn+1G(xα)}=(1)vn+1αn+1xF2n(1)v(S(x)S(xα))vn+1(G(x)G(xα))=(vS)(α),αn+1=0,vn+1=0;(vS)G(α),αn+1=0,vn+1=1;(vS)(α),αn+1=1,vn+1=0;(vS)G(α),αn+1=1,vn+1=1.

Thus, we prove this result.□

Based on the distribution of autocorrelation functions in Theorem 3.6, we have this Corollary 3.7.

Corollary 3.7

Let 𝔖 be an (n + 1) × (n + 1) bijection. The propagation criterion of σ(v,vn+1)⋅𝔖 satisfies:

  1. When vn+1 = 0. σ(v,vn+1)⋅𝔖 satisfies the propagation criterion PC(t) for given v F2n and wt(v) ≠ 0 if and only if (vS) satisfies the propagation criterion PC(t).

  2. When vn+1 = 1. σ(v,vn+1)⋅𝔖 satisfies the propagation criterion PC(t) for given v F2n if and only if (vS) ⊕ G satisfies the propagation criterion PC(t).

Thus, for any wt(v, vn+1) ≠ 0, σ(v,vn+1)⋅𝔖 satisfies the propagation criterion PC(t) if and only if (vS) ⊕ G satisfies the propagation criterion PC(t).

Finally, we give one relationship between σ𝔖 and σS.

Corollary 3.8

Let 𝔖 be an (n + 1) × (n + 1) bijection. The the sum-of-squares indicator (σ(v,vn+1)⋅𝔖) satisfies

σ(v,vn+1)S=2σvS,vn+1=0;2σvSG,vn+1=1;forgivenvF2n.

4 Conclusions

In this paper, we give the distributions of Walsh spectrum and the distributions of the autocorrelation functions for (n + 1)-bit S-boxes in [12], and obtain the correlation immunity, propagation criterion, etc. Our results are a supplement to the result in [12]. Meanwhile, these results of this paper are given for any n-bit S-box and any G ∈ 𝔹n, if G is replaced with the rotation symmetric Boolean function [3], then more specific results can be obtained. These properties can help us to evaluate whether the S-boxes can be used in Block cipher or Stream cipher or not.

In the next step, it will be an important issue to study the difference properties, the algebraic immunity [10], and the global avalanche characteristics of cross-correlation function [18] of the S-box in this paper. It is also interesting to extend the method [12] for constructing new S-boxes.

Article note

This work was supported in part by the National Key R&D Program of China (No. 2017YFB0802000), and by the Sichuan Science and Technology Program (No. 2020JDJQ0076).

Acknowledgement

The authors also are grateful to Dr. Wang Lin for some valuable suggestions. The authors wish to thank the anonymous referees for their valuable comments to improve the presentation of this paper.

References

[1] Y. Alsalami, C. Y. Yeun, T. Martin, M. Khonji, Linear and differential cryptanalysis of small-sized random (n, m) S-boxes, 2016 11-th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 447–454, 2016.10.1109/ICITST.2016.7856751Search in Google Scholar

[2] E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems, In International Cryptology Conference on Advances in Cryptology, CRYPTO 1990, Springer-Verlag, London, pp. 2–21, 1991.10.1007/3-540-38424-3_1Search in Google Scholar

[3] T. W. Cusick, K. V. Lakshmy, M. Sethumadhavan, Affine equivalence of monomial rotation symmetric Boolean functions: A Pólya’s theorem approach, Journal of Mathematical Cryptology, 10 (3-4) (2016), 145–156.10.1515/jmc-2016-0042Search in Google Scholar

[4] C. De Canniere, Analysis and Design of Symmtric Encryption Algoithms, PhD thesis, KU Leuven, 2007.Search in Google Scholar

[5] C. Ding, G. Xiao, W. Shan, The stability Theory of Strream Ciphers, Lectrure Notes in Computer Science, Spring-Verlag, Berlin, Heidelberg, New York, 561, 1991.10.1007/3-540-54973-0Search in Google Scholar

[6] S. Fu, K. Matsuura, C. Li, L. Qu, Construction of highly nonlinear resilient S-boxes with given degree, Designs, Codes and Cryptography, 64 (3) (2012), 241–253.10.1007/s10623-011-9568-zSearch in Google Scholar

[7] G. Leander, A. Poschmann, On the classicication of 4 bit S-boxes, WAIFI 2007 (2007), 159–176.10.1007/978-3-540-73074-3_13Search in Google Scholar

[8] Y. Li, M. Wang, Constructing S-boxes for lightweight cryptography with feistel structure, In International Workshop on Cryptographic Hardware and Embedded Systems, Springer, pp. 127–146, 201410.1007/978-3-662-44709-3_8Search in Google Scholar

[9] M. Matsui, A. Yamagishi, A new method for known plaintext attack of FEAL cipher, In Advances in Cryptology - EUROCRYPT 1992, Berlin, Heidelberg, Springer Berlin Heidelberg, pp. 81–91, 199310.1007/3-540-47555-9_7Search in Google Scholar

[10] W. Meier, E. Pasalic, C. Carlet, Algebraic attacks and decomposition of Boolean functions. In Advances in Cryptology-Eurocrypt, 2004, Berlin: Springer-Verlag, LNCS 3027 (2004), 474–491.10.1007/978-3-540-24676-3_28Search in Google Scholar

[11] C. E. Shannon, Communication theory of secrecy systems, Bell System Technical Journal, 28 (4) (1949), 656–715.10.1002/j.1538-7305.1949.tb00928.xSearch in Google Scholar

[12] K. Varici, S. Nikova, V. Nikov, V.Rijmen, Constructions of S-boxes with uniform sharing, Cryptography and Communications, 11(3) (2019), 385–398.10.1007/s12095-018-0345-ySearch in Google Scholar

[13] G. Xiao, J. L. Massey, A spectral characterization of correlation-immune combining function, IEEE Trans. Information Theory, 34 (3) (1988), 569–571.10.1109/18.6037Search in Google Scholar

[14] W. Zhang, E. Pasalic, Highly nonlinear balanced S-boxes with good differential properties, IEEE Transactions on Information Theory, 60 (12) (2014), 7970–7979.10.1109/TIT.2014.2360880Search in Google Scholar

[15] W. Zhang, L. Li, E. Pasalic, Construction of resilient S-boxes with higher-dimensional vectorial outputs and strictly almost optimal non-linearity, IET Information Security, 11 (4) (2016), 199–203.10.1049/iet-ifs.2016.0168Search in Google Scholar

[16] X. M. Zhang, Y. L. Zheng, GAC- the criterion for global avalanche characteristics of cryptographic functions, Journal for Universal Computer Science, 1 (5)(1995), 316–333.10.1007/978-3-642-80350-5_30Search in Google Scholar

[17] Y. Zhou, M. Xie, G. Xiao, On the global avalanche characteristics of two Boolean functions and the higher order nonlinearity, Information Sciences, 180 (2010), 256–265.10.1016/j.ins.2009.09.012Search in Google Scholar

[18] Y. Zhou, W. Zhang, J. Li, X. Dong, G. Xiao, The autocorrelation distribution of balanced Boolean function, Frontier of Computer Science, 7 (2) (2013), 272–278.10.1007/s11704-013-2013-xSearch in Google Scholar
Received: 2020-01-31
Accepted: 2020-10-12
Published Online: 2020-12-08

© 2020 Y. Zhou et al., published by De Gruyter

This work is licensed under the Creative Commons Attribution 4.0 International License.

Articles in the same Issue

  1. Regular Articles
  2. Secret sharing and duality
  3. On the condition number of the Vandermonde matrix of the nth cyclotomic polynomial
  4. On the equivalence of authentication codes and robust (2, 2)-threshold schemes
  5. Pseudo-free families of computational universal algebras
  6. Lattice Sieving in Three Dimensions for Discrete Log in Medium Characteristic
  7. Attack on Kayawood protocol: uncloaking private keys
  8. The circulant hash revisited
  9. On cryptographic properties of (n + 1)-bit S-boxes constructed by known n-bit S-boxes
  10. Improved cryptanalysis of a ElGamal Cryptosystem Based on Matrices Over Group Rings
  11. Remarks on a Tropical Key Exchange System
  12. A note on secure multiparty computation via higher residue symbols
  13. Using Inclusion / Exclusion to find Bent and Balanced Monomial Rotation Symmetric Functions
  14. The Oribatida v1.3 Family of Lightweight Authenticated Encryption Schemes
  15. Isogenies on twisted Hessian curves
  16. Quantum algorithms for computing general discrete logarithms and orders with tradeoffs
  17. Stochastic methods defeat regular RSA exponentiation algorithms with combined blinding methods
  18. Sensitivities and block sensitivities of elementary symmetric Boolean functions
  19. Constructing Cycles in Isogeny Graphs of Supersingular Elliptic Curves
  20. Revocable attribute-based proxy re-encryption
  21. MathCrypt 2019
  22. Editor’s Preface for the Second Annual MathCrypt Proceedings Volume
  23. A trade-off between classical and quantum circuit size for an attack against CSIDH
  24. Towards Isogeny-Based Password-Authenticated Key Establishment
  25. Algebraic approaches for solving isogeny problems of prime power degrees
  26. Discretisation and Product Distributions in Ring-LWE
  27. Approximate Voronoi cells for lattices, revisited
  28. (In)Security of Ring-LWE Under Partial Key Exposure
  29. Towards a Ring Analogue of the Leftover Hash Lemma
  30. The Eleventh Power Residue Symbol
  31. Factoring with Hints
  32. One Bit is All It Takes: A Devastating Timing Attack on BLISS’s Non-Constant Time Sign Flips
  33. A framework for reducing the overhead of the quantum oracle for use with Grover’s algorithm with applications to cryptanalysis of SIKE
https://doi.org/10.1515/jmc-2020-0004
Keywords for this article
S-boxes; Walsh spectrum; Autocorrelation distribution
Creative Commons
BY 4.0

Articles in the same Issue

  1. Regular Articles
  2. Secret sharing and duality
  3. On the condition number of the Vandermonde matrix of the nth cyclotomic polynomial
  4. On the equivalence of authentication codes and robust (2, 2)-threshold schemes
  5. Pseudo-free families of computational universal algebras
  6. Lattice Sieving in Three Dimensions for Discrete Log in Medium Characteristic
  7. Attack on Kayawood protocol: uncloaking private keys
  8. The circulant hash revisited
  9. On cryptographic properties of (n + 1)-bit S-boxes constructed by known n-bit S-boxes
  10. Improved cryptanalysis of a ElGamal Cryptosystem Based on Matrices Over Group Rings
  11. Remarks on a Tropical Key Exchange System
  12. A note on secure multiparty computation via higher residue symbols
  13. Using Inclusion / Exclusion to find Bent and Balanced Monomial Rotation Symmetric Functions
  14. The Oribatida v1.3 Family of Lightweight Authenticated Encryption Schemes
  15. Isogenies on twisted Hessian curves
  16. Quantum algorithms for computing general discrete logarithms and orders with tradeoffs
  17. Stochastic methods defeat regular RSA exponentiation algorithms with combined blinding methods
  18. Sensitivities and block sensitivities of elementary symmetric Boolean functions
  19. Constructing Cycles in Isogeny Graphs of Supersingular Elliptic Curves
  20. Revocable attribute-based proxy re-encryption
  21. MathCrypt 2019
  22. Editor’s Preface for the Second Annual MathCrypt Proceedings Volume
  23. A trade-off between classical and quantum circuit size for an attack against CSIDH
  24. Towards Isogeny-Based Password-Authenticated Key Establishment
  25. Algebraic approaches for solving isogeny problems of prime power degrees
  26. Discretisation and Product Distributions in Ring-LWE
  27. Approximate Voronoi cells for lattices, revisited
  28. (In)Security of Ring-LWE Under Partial Key Exposure
  29. Towards a Ring Analogue of the Leftover Hash Lemma
  30. The Eleventh Power Residue Symbol
  31. Factoring with Hints
  32. One Bit is All It Takes: A Devastating Timing Attack on BLISS’s Non-Constant Time Sign Flips
  33. A framework for reducing the overhead of the quantum oracle for use with Grover’s algorithm with applications to cryptanalysis of SIKE
Sign up now to receive a 20% welcome discount
Institutional Access
How does access work?
Have an idea on how to improve our website?
Please write us.
© 2025 De Gruyter Brill
Downloaded on 27.12.2025 from https://www.degruyterbrill.com/document/doi/10.1515/jmc-2020-0004/html
Scroll to top button