Research on nonlinear invariants of a power function over a binary field

Cryptography and Communications Pub Date : 2024-08-12 DOI:10.1007/s12095-024-00734-x

Zebin Wang, Chenhui Jin, Ting Cui

{"title":"Research on nonlinear invariants of a power function over a binary field","authors":"Zebin Wang, Chenhui Jin, Ting Cui","doi":"10.1007/s12095-024-00734-x","DOIUrl":null,"url":null,"abstract":"The nonlinear invariant attack is a new and powerful cryptanalytic method for lightweight block ciphers. The core step of such cryptanalytic method is to find the nonlinear invariant(s) of its cascade round. Generally, for an \\(\\varvec{n}\\)-bit width function, the time complexity \\(\\varvec{O}(\\textbf{2}^{\\varvec{3n}})\\) is needed to find its all nonlinear invariants. In this paper, for the positive integer \\(\\varvec{m}\\), we consider the power function \\(\\varvec{x}^{\\varvec{m}}\\) over the finite field \\(\\varvec{GF}(\\varvec{2}^{\\varvec{n}})\\), which is one of the most important cryptographic functions in recent decades. First, the nonlinear invariants of \\(\\varvec{x}^{\\varvec{m}}\\) is studied and we provide two mathematical toolboxes named \\(\\varvec{\\sim }_{\\varvec{m}}\\) periodical point and \\(\\varvec{\\sim }_{\\varvec{m}}\\) equivalence class. Second, we present an algorithm to get all the nonlinear invariants of \\(\\varvec{x}^{\\varvec{m}}\\) over \\(\\varvec{GF}(\\varvec{2}^{\\varvec{n}})\\) at the cost of time complexity \\(\\varvec{O}(\\frac{{\\varvec{2}}^{\\varvec{n}}\\varvec{-1}}{\\varvec{\\gcd (2}^{\\varvec{n}}\\varvec{-1,m)}})\\). If the growth of n exceeds our tolerance above, another method is provided to get parts of the nonlinear invariants of \\(\\varvec{x}^{\\varvec{m}}\\). Finally, we consider the nonlinear invariants of \\(\\varvec{x}^\\textbf{3}\\) over \\(\\varvec{GF(2}^{\\varvec{129}})\\) as an application, which is used in the block cipher MiMC. It seems impractical by existing methods. The results allow us to find several (but not all) nontrivial nonlinear invariants of such a function for the first time.","PeriodicalId":10788,"journal":{"name":"Cryptography and Communications","volume":"30 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cryptography and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s12095-024-00734-x","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The nonlinear invariant attack is a new and powerful cryptanalytic method for lightweight block ciphers. The core step of such cryptanalytic method is to find the nonlinear invariant(s) of its cascade round. Generally, for an \(\varvec{n}\)-bit width function, the time complexity \(\varvec{O}(\textbf{2}^{\varvec{3n}})\) is needed to find its all nonlinear invariants. In this paper, for the positive integer \(\varvec{m}\), we consider the power function \(\varvec{x}^{\varvec{m}}\) over the finite field \(\varvec{GF}(\varvec{2}^{\varvec{n}})\), which is one of the most important cryptographic functions in recent decades. First, the nonlinear invariants of \(\varvec{x}^{\varvec{m}}\) is studied and we provide two mathematical toolboxes named \(\varvec{\sim }_{\varvec{m}}\) periodical point and \(\varvec{\sim }_{\varvec{m}}\) equivalence class. Second, we present an algorithm to get all the nonlinear invariants of \(\varvec{x}^{\varvec{m}}\) over \(\varvec{GF}(\varvec{2}^{\varvec{n}})\) at the cost of time complexity \(\varvec{O}(\frac{{\varvec{2}}^{\varvec{n}}\varvec{-1}}{\varvec{\gcd (2}^{\varvec{n}}\varvec{-1,m)}})\). If the growth of n exceeds our tolerance above, another method is provided to get parts of the nonlinear invariants of \(\varvec{x}^{\varvec{m}}\). Finally, we consider the nonlinear invariants of \(\varvec{x}^\textbf{3}\) over \(\varvec{GF(2}^{\varvec{129}})\) as an application, which is used in the block cipher MiMC. It seems impractical by existing methods. The results allow us to find several (but not all) nontrivial nonlinear invariants of such a function for the first time.

Abstract Image

查看原文本刊更多论文

二进制域上幂函数的非线性不变式研究

非线性不变量攻击是一种针对轻量级块密码的新型、强大的密码分析方法。这种密码分析方法的核心步骤是找到其级联轮的非线性不变量。一般来说，对于一个宽度为 \(\varvec{n}\)bit 的函数，要找到它的所有非线性不变量，需要的时间复杂度为 \(\varvec{O}(\textbf{2}^{\varvec{3n}})\) 。在本文中，对于正整数 \(\varvec{m}\)，我们考虑有限域 \(\varvec{GF}(\varvec{2}^{varvec{n}})\上的幂函数 \(\varvec{x}^{\varvec{m}\})，它是近几十年来最重要的加密函数之一。首先，我们研究了 \(\varvec{x}^{varvec{m}}\) 的非线性不变量，并提供了两个数学工具箱，分别命名为 \(\varvec{sim }_{\varvec{m}}\) 周期点和 \(\varvec{sim }_{\varvec{m}}\) 等价类。其次、我们提出了一种算法来获取 \(\varvec{x}^{varvec{m}} 上 \(\varvec{GF}(\varvec{2}^{\varvec{n}})\) 的所有非线性不变式，代价是时间复杂度 \(\varvec{O}(\frac{\varvec{2}}^{\varvec{n}}\varvec{-1}}{\varvec{\gcd (2}^{\varvec{n}}\varvec{-1,m)}})\).如果 n 的增长超过了我们上面的容许范围，我们会提供另一种方法来得到 \(\varvec{x}^{\varvec{m}}\) 的部分非线性不变式。最后，我们考虑了 \(\varvec{GF(2}^{\varvec{129}}\) 上 \(\varvec{x}^\textbf{3}\) 的非线性不变式的应用，它被用于块密码 MiMC。根据现有方法，这似乎是不切实际的。这些结果让我们第一次找到了这种函数的几个（但不是全部）非难非线性不变式。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Cryptography and Communications

自引率

0.00%

发文量