Joan Daemen, Daniël Kuijsters, Silvia Mella, Denise Verbakel
{"title":"Propagation properties of a non-linear mapping based on squaring in odd characteristic","authors":"Joan Daemen, Daniël Kuijsters, Silvia Mella, Denise Verbakel","doi":"10.1007/s12095-024-00711-4","DOIUrl":null,"url":null,"abstract":"<p>Many modern cryptographic primitives for hashing and (authenticated) encryption make use of constructions that are instantiated with an iterated cryptographic permutation that operates on a fixed-width state consisting of an array of bits. Often, such permutations are the repeated application of a relatively simple round function consisting of a linear layer and a non-linear layer. These constructions do not require that the underlying function is a permutation and they can plausibly be based on a non-invertible transformation. Recently, Grassi proposed the use of non-invertible mappings operating on arrays of digits that are elements of a finite field of odd characteristic for so-called MPC-/FHE-/ZK-friendly symmetric cryptographic primitives. In this work, we consider a mapping that we call <span>\\(\\gamma \\)</span> that has a simple expression and is based on squaring. We discuss, for the first time, the differential and linear propagation properties of <span>\\(\\gamma \\)</span> and observe that these follow the same rules up to a relabeling of the digits. This is an intriguing property that, as far as we know, only exists for <span>\\(\\gamma \\)</span> and the binary mapping <span>\\(\\chi _{_{3}}\\)</span> that is used in the cryptographic permutation <span>Xoodoo</span>. Moreover, we study the implications of its non-invertibility on differentials with zero output difference and on biases at the output of the <span>\\(\\gamma \\)</span> mapping and show that they are as small as they can possibly be.</p>","PeriodicalId":10788,"journal":{"name":"Cryptography and Communications","volume":"51 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cryptography and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s12095-024-00711-4","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Many modern cryptographic primitives for hashing and (authenticated) encryption make use of constructions that are instantiated with an iterated cryptographic permutation that operates on a fixed-width state consisting of an array of bits. Often, such permutations are the repeated application of a relatively simple round function consisting of a linear layer and a non-linear layer. These constructions do not require that the underlying function is a permutation and they can plausibly be based on a non-invertible transformation. Recently, Grassi proposed the use of non-invertible mappings operating on arrays of digits that are elements of a finite field of odd characteristic for so-called MPC-/FHE-/ZK-friendly symmetric cryptographic primitives. In this work, we consider a mapping that we call \(\gamma \) that has a simple expression and is based on squaring. We discuss, for the first time, the differential and linear propagation properties of \(\gamma \) and observe that these follow the same rules up to a relabeling of the digits. This is an intriguing property that, as far as we know, only exists for \(\gamma \) and the binary mapping \(\chi _{_{3}}\) that is used in the cryptographic permutation Xoodoo. Moreover, we study the implications of its non-invertibility on differentials with zero output difference and on biases at the output of the \(\gamma \) mapping and show that they are as small as they can possibly be.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
