{"title":"基于正交元胞自动机的s -box分类","authors":"Luca Mariot, Luca Manzoni","doi":"10.1007/s11047-023-09956-z","DOIUrl":null,"url":null,"abstract":"Abstract Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter $$4 \\le d \\le 6$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mrow> <mml:mn>4</mml:mn> <mml:mo>≤</mml:mo> <mml:mi>d</mml:mi> <mml:mo>≤</mml:mo> <mml:mn>6</mml:mn> </mml:mrow> </mml:math> , and measure their nonlinearity. Interestingly, we observe that for $$d=4$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mrow> <mml:mi>d</mml:mi> <mml:mo>=</mml:mo> <mml:mn>4</mml:mn> </mml:mrow> </mml:math> and $$d=5$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mrow> <mml:mi>d</mml:mi> <mml:mo>=</mml:mo> <mml:mn>5</mml:mn> </mml:mrow> </mml:math> all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for $$d=6$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:mrow> <mml:mi>d</mml:mi> <mml:mo>=</mml:mo> <mml:mn>6</mml:mn> </mml:mrow> </mml:math> , but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials.","PeriodicalId":49783,"journal":{"name":"Natural Computing","volume":"105 1","pages":"0"},"PeriodicalIF":1.7000,"publicationDate":"2023-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A classification of S-boxes generated by orthogonal cellular automata\",\"authors\":\"Luca Mariot, Luca Manzoni\",\"doi\":\"10.1007/s11047-023-09956-z\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter $$4 \\\\le d \\\\le 6$$ <mml:math xmlns:mml=\\\"http://www.w3.org/1998/Math/MathML\\\"> <mml:mrow> <mml:mn>4</mml:mn> <mml:mo>≤</mml:mo> <mml:mi>d</mml:mi> <mml:mo>≤</mml:mo> <mml:mn>6</mml:mn> </mml:mrow> </mml:math> , and measure their nonlinearity. Interestingly, we observe that for $$d=4$$ <mml:math xmlns:mml=\\\"http://www.w3.org/1998/Math/MathML\\\"> <mml:mrow> <mml:mi>d</mml:mi> <mml:mo>=</mml:mo> <mml:mn>4</mml:mn> </mml:mrow> </mml:math> and $$d=5$$ <mml:math xmlns:mml=\\\"http://www.w3.org/1998/Math/MathML\\\"> <mml:mrow> <mml:mi>d</mml:mi> <mml:mo>=</mml:mo> <mml:mn>5</mml:mn> </mml:mrow> </mml:math> all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for $$d=6$$ <mml:math xmlns:mml=\\\"http://www.w3.org/1998/Math/MathML\\\"> <mml:mrow> <mml:mi>d</mml:mi> <mml:mo>=</mml:mo> <mml:mn>6</mml:mn> </mml:mrow> </mml:math> , but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials.\",\"PeriodicalId\":49783,\"journal\":{\"name\":\"Natural Computing\",\"volume\":\"105 1\",\"pages\":\"0\"},\"PeriodicalIF\":1.7000,\"publicationDate\":\"2023-08-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Natural Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1007/s11047-023-09956-z\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Natural Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s11047-023-09956-z","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
摘要
文献中发表的大多数通过元胞自动机(CA)构建s -box的方法要么是在几个时间步上迭代有限的CA,要么是通过一次应用全局规则来实现。将这些作品结合在一起的主要特征是它们使用单个CA规则来定义s盒的向量布尔函数。在这项工作中,我们探索了利用正交CA (OCA)设计s盒的不同方向,即产生正交拉丁方的CA规则对。其动机是基于OCA对已经定义了一个双射变换,而且所得到的拉丁平方的正交性保证了最小的扩散量。我们穷极枚举由直径为$$4 \le d \le 6$$ 4≤d≤6的OCA对产生的所有s -box,并测量其非线性。有趣的是,我们观察到,对于$$d=4$$ d = 4和$$d=5$$ d = 5,尽管底层CA局部规则是非线性的,但所有s盒都是线性的。最小的非线性s盒出现在$$d=6$$ d = 6,但其非线性仍然太低,无法在实际中使用。尽管如此,我们还是发现了一个有趣的线性OCA s -box结构,证明了它们的线性分量空间本身就是线性CA的图像,或者等价地说是多项式编码。最后,我们根据它们的生成器多项式对所有线性OCA s盒进行分类。
A classification of S-boxes generated by orthogonal cellular automata
Abstract Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter $$4 \le d \le 6$$ 4≤d≤6 , and measure their nonlinearity. Interestingly, we observe that for $$d=4$$ d=4 and $$d=5$$ d=5 all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for $$d=6$$ d=6 , but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials.
期刊介绍:
The journal is soliciting papers on all aspects of natural computing. Because of the interdisciplinary character of the journal a special effort will be made to solicit survey, review, and tutorial papers which would make research trends in a given subarea more accessible to the broad audience of the journal.