Vectorial Boolean Functions: Difference between revisions
No edit summary |
|||
| Line 1: | Line 1: | ||
= Introduction = | = Introduction = | ||
Let <math>\mathbb{F}_2^n</math> be the vector space of dimension <math>n</math> over the finite field <math>\mathbb{F}_2</math> with two elements. Functions from <math>\mathbb{F}_2^m</math> to <math>\mathbb{F}_2^n</math> are called <span class="definition"><math>(m,n)</math>-functions</span> or simply <span class="definition">vectorial Boolean functions</span> when the dimensions of the vector spaces are implicit or irrelevant. | |||
Any <math>(m,n)</math>-function <math>F</math> can be written as a vector <math>F = (f_1, f_2, \ldots f_m)</math> of <math>n</math>-dimensional [[Boolean functions]] <math>f_1, f_2, \ldots f_m</math> which are called the <span class="definition">coordinate functions</span> of <math>F</math>. | |||
== Cryptanalytic attacks == | == Cryptanalytic attacks == | ||
Vectorial Boolean functions, also referred to as "S-boxes", or "Substitution boxes", in the context of cryptography, are a fundamental building block of block ciphers and are crucial to their security: more precisely, the resistance of the block cipher to cryptanalytic attacks directly depends on the properties of the S-boxes used in its construction. | |||
The main types of cryptanalytic attacks that result in the definition of design criteria for S-boxes are the following: | |||
* the differential attack introduced by Biham and Shamir; to resist it, an S-box must have low [[differential uniformity]]; | |||
* the linear attack introduced by Matsui; to resist it, an S-box must have high [[nonlinearity]]; | |||
* the higher order differential attack; to resist it, an S-box must have high [[algebraic degree]]; | |||
* the interpolation attack; to resist it, the univariate representation of an S-box must have high degree, and its distance to the set of low univariate degree functions must be large; | |||
* algebraic attacks. | |||
= Generalities on Boolean functions = | = Generalities on Boolean functions = | ||
Revision as of 20:26, 30 December 2018
Introduction
Let [math]\displaystyle{ \mathbb{F}_2^n }[/math] be the vector space of dimension [math]\displaystyle{ n }[/math] over the finite field [math]\displaystyle{ \mathbb{F}_2 }[/math] with two elements. Functions from [math]\displaystyle{ \mathbb{F}_2^m }[/math] to [math]\displaystyle{ \mathbb{F}_2^n }[/math] are called [math]\displaystyle{ (m,n) }[/math]-functions or simply vectorial Boolean functions when the dimensions of the vector spaces are implicit or irrelevant.
Any [math]\displaystyle{ (m,n) }[/math]-function [math]\displaystyle{ F }[/math] can be written as a vector [math]\displaystyle{ F = (f_1, f_2, \ldots f_m) }[/math] of [math]\displaystyle{ n }[/math]-dimensional Boolean functions [math]\displaystyle{ f_1, f_2, \ldots f_m }[/math] which are called the coordinate functions of [math]\displaystyle{ F }[/math].
Cryptanalytic attacks
Vectorial Boolean functions, also referred to as "S-boxes", or "Substitution boxes", in the context of cryptography, are a fundamental building block of block ciphers and are crucial to their security: more precisely, the resistance of the block cipher to cryptanalytic attacks directly depends on the properties of the S-boxes used in its construction.
The main types of cryptanalytic attacks that result in the definition of design criteria for S-boxes are the following:
- the differential attack introduced by Biham and Shamir; to resist it, an S-box must have low differential uniformity;
- the linear attack introduced by Matsui; to resist it, an S-box must have high nonlinearity;
- the higher order differential attack; to resist it, an S-box must have high algebraic degree;
- the interpolation attack; to resist it, the univariate representation of an S-box must have high degree, and its distance to the set of low univariate degree functions must be large;
- algebraic attacks.