Nonlinear diffusion layers. (English) Zbl 1401.94164

Summary: In the practice of block cipher design, there seems to have grown a consensus about the diffusion function that designers choose linear functions with large branch numbers to achieve provable bounds against differential and linear cryptanalysis. In this paper, we propose two types of nonlinear functions as alternative diffusing components. One is based on a nonlinear code with parameters (16,256,6) which is known as a Kerdock code. The other is a general construction of nonlinear functions based on the T-functions, in particular, two automatons with modular addition operations. We show that the nonlinear functions possess good diffusion properties; specifically, the nonlinear function based on a Kerdock code has a better branch number than any linear counterparts, while the automatons achieve the same branch number as a linear near-MDS matrix. The advantage of adopting nonlinear diffusion layers in block ciphers is that, those functions provide extra confusion effect while a comparable performance in the diffusion effect is maintained. As an illustration, we show the application of the nonlinear diffusion functions in two example ciphers, where a 4-round differential characteristic with the optimal number of active Sboxes has a probability significantly lower (\(2^{16}\) and \(2^{10}\) times, respectively) than that of a similar cipher with a linear diffusion layer. As a result, it sheds light upon an alternative strategy of designing lightweight building blocks.


94A60 Cryptography
Full Text: DOI Link


[1] Banik, Subhadeep; Bogdanov, Andrey; Isobe, Takanori; Shibutani, Kyoji; Hiwatari, Harunaga; Akishita, Toru; Regazzoni, Francesco, Midori: A Block Cipher for Low Energy, 411-436, (2015), Berlin, Heidelberg · Zbl 1382.94057
[2] Bertoni, Guido; Daemen, Joan; Peeters, Michaël; Van Assche, Gilles, Keccak, 313-314, (2013), Berlin, Heidelberg · Zbl 1306.94028
[3] Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: International Workshop on Cryptographic Hardware and Embedded Systems-CHES 2007, pp. 450-466. Springer, New York (2007). · Zbl 1142.94334
[4] Borghoff, Julia; Canteaut, Anne; Güneysu, Tim; Kavun, Elif Bilge; Knezevic, Miroslav; Knudsen, Lars R.; Leander, Gregor; Nikov, Ventzislav; Paar, Christof; Rechberger, Christian; Rombouts, Peter; Thomsen, Søren S.; Yalçın, Tolga, PRINCE - A Low-Latency Block Cipher for Pervasive Computing Applications, 208-225, (2012), Berlin, Heidelberg · Zbl 1292.94035
[5] Daemen, Joan; Rijmen, Vincent, The Wide Trail Design Strategy, 222-238, (2001), Berlin, Heidelberg · Zbl 0998.94541
[6] Daemen J., Rijmen V.: The Design of Rijndael: AES-the Advanced Encryption Standard. Springer, New York (2013). · Zbl 1065.94005
[7] Grosso, Vincent; Leurent, Gaëtan; Standaert, François-Xavier; Varıcı, Kerem, LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations, 18-37, (2015), Berlin, Heidelberg · Zbl 1382.94111
[8] Guo, Jian; Peyrin, Thomas; Poschmann, Axel; Robshaw, Matt, The LED Block Cipher, 326-341, (2011), Berlin, Heidelberg · Zbl 1291.94092
[9] Kerdock, A., A class of low-rate non-linear binary codes, Inf. Control, 20, 182-187, (1972) · Zbl 0271.94016
[10] Klimov, A.; Shamir, A., A new class of invertible mappings, CHES, 2, 470-483, (2002) · Zbl 1020.94522
[11] Kölbl, Stefan; Leander, Gregor; Tiessen, Tyge, Observations on the SIMON Block Cipher Family, 161-185, (2015), Berlin, Heidelberg · Zbl 1369.94546
[12] Liu, Yunwen; Wang, Qingju; Rijmen, Vincent, Automatic Search of Linear Trails in ARX with Applications to SPECK and Chaskey, 485-499, (2016), Cham · Zbl 1346.94112
[13] Nakahara, Jorge, 3D: A Three-Dimensional Block Cipher, 252-267, (2008), Berlin, Heidelberg · Zbl 1362.94043
[14] Nordstrom, A.; Robinson, J., An optimum nonlinear code, Inf. Control, 11, 613-616, (1967) · Zbl 0157.26003
[15] Rijmen, V.: Cryptanalysis and design of iterated block ciphers. Ph.D. thesis, Doctoral Dissertation, October 1997, KU Leuven (1997).
[16] Sun, Siwei; Hu, Lei; Wang, Peng; Qiao, Kexin; Ma, Xiaoshuang; Song, Ling, Automatic Security Evaluation and (Related-key) Differential Characteristic Search: Application to SIMON, PRESENT, LBlock, DES(L) and Other Bit-Oriented Block Ciphers, 158-178, (2014), Berlin, Heidelberg · Zbl 1306.94093
[17] Lint, J., Kerdock codes and preparata codes, Congr. Numerantium, 39, 25-51, (1983) · Zbl 0549.94027
[18] Van Lint J.H.: Introduction to Coding Theory, vol. 86. Springer, New York (2012). · Zbl 0936.94014
[19] Wolfram S.: Theory and Applications of Cellular Automata, vol. 1. World Scientific Press, Singapore (1986). · Zbl 0609.68043
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.