{"title":"A classification of S-boxes generated by orthogonal cellular automata","authors":"Luca Mariot, Luca Manzoni","doi":"10.1007/s11047-023-09956-z","DOIUrl":null,"url":null,"abstract":"Abstract Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter $$4 \\le d \\le 6$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mrow> <mml:mn>4</mml:mn> <mml:mo>≤</mml:mo> <mml:mi>d</mml:mi> <mml:mo>≤</mml:mo> <mml:mn>6</mml:mn> </mml:mrow> </mml:math> , and measure their nonlinearity. Interestingly, we observe that for $$d=4$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mrow> <mml:mi>d</mml:mi> <mml:mo>=</mml:mo> <mml:mn>4</mml:mn> </mml:mrow> </mml:math> and $$d=5$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mrow> <mml:mi>d</mml:mi> <mml:mo>=</mml:mo> <mml:mn>5</mml:mn> </mml:mrow> </mml:math> all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for $$d=6$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mrow> <mml:mi>d</mml:mi> <mml:mo>=</mml:mo> <mml:mn>6</mml:mn> </mml:mrow> </mml:math> , but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials.","PeriodicalId":49783,"journal":{"name":"Natural Computing","volume":"105 1","pages":"0"},"PeriodicalIF":1.7000,"publicationDate":"2023-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Natural Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s11047-023-09956-z","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Abstract Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter $$4 \le d \le 6$$ 4≤d≤6 , and measure their nonlinearity. Interestingly, we observe that for $$d=4$$ d=4 and $$d=5$$ d=5 all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for $$d=6$$ d=6 , but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials.
文献中发表的大多数通过元胞自动机(CA)构建s -box的方法要么是在几个时间步上迭代有限的CA,要么是通过一次应用全局规则来实现。将这些作品结合在一起的主要特征是它们使用单个CA规则来定义s盒的向量布尔函数。在这项工作中,我们探索了利用正交CA (OCA)设计s盒的不同方向,即产生正交拉丁方的CA规则对。其动机是基于OCA对已经定义了一个双射变换,而且所得到的拉丁平方的正交性保证了最小的扩散量。我们穷极枚举由直径为$$4 \le d \le 6$$ 4≤d≤6的OCA对产生的所有s -box,并测量其非线性。有趣的是,我们观察到,对于$$d=4$$ d = 4和$$d=5$$ d = 5,尽管底层CA局部规则是非线性的,但所有s盒都是线性的。最小的非线性s盒出现在$$d=6$$ d = 6,但其非线性仍然太低,无法在实际中使用。尽管如此,我们还是发现了一个有趣的线性OCA s -box结构,证明了它们的线性分量空间本身就是线性CA的图像,或者等价地说是多项式编码。最后,我们根据它们的生成器多项式对所有线性OCA s盒进行分类。
期刊介绍:
The journal is soliciting papers on all aspects of natural computing. Because of the interdisciplinary character of the journal a special effort will be made to solicit survey, review, and tutorial papers which would make research trends in a given subarea more accessible to the broad audience of the journal.