Results 1  10
of
79
Propagation Characteristics of Boolean Functions
, 1990
"... The relation between the WalshHadamard transform and the autocorrelation function of Boolean functions is used to study propagation characteristics of these functions. The Strict Avalanche Criterion and the Perfect Nonlinearity Criterion are generalized in a Propagation Criterion of degree k. New p ..."
Abstract

Cited by 67 (2 self)
 Add to MetaCart
The relation between the WalshHadamard transform and the autocorrelation function of Boolean functions is used to study propagation characteristics of these functions. The Strict Avalanche Criterion and the Perfect Nonlinearity Criterion are generalized in a Propagation Criterion of degree k. New properties and constructions for Boolean bent functions are given and also the extension of the definition to odd values of n is discussed. New properties of functions satisfying higher order SAC are derived. Finally a general framework is established to classify functions according to their propagation characteristics if a number of bits is kept constant.
GAC  the Criterion for Global Avalanche Characteristics of Cryptographic Functions
 Journal of Universal Computer Science
, 1995
"... Abstract: We show that some widely accepted criteria for cryptographic functions, including the strict avalanche criterion (SAC) and the propagation criterion, have various limitations in capturing properties of vital importance to cryptographic algorithms, and propose a new criterion called GAC tom ..."
Abstract

Cited by 34 (3 self)
 Add to MetaCart
Abstract: We show that some widely accepted criteria for cryptographic functions, including the strict avalanche criterion (SAC) and the propagation criterion, have various limitations in capturing properties of vital importance to cryptographic algorithms, and propose a new criterion called GAC tomeasure the global avalanche characteristics of cryptographic functions. We also introduce two indicators related to the new criterion, one forecasts the sumofsquares while the other the absolute avalanche characteristics of a function. Lower and upper bounds on the two indicators are derived, and two methods are presented to construct cryptographic functions that achieve nearly optimal global avalanche characteristics. Category: E.3 1 Why the GAC In 1985, Webster and Tavares introduced the concept of the strict avalanche criterion (SAC) when searching for principles for designing DESlike data encryption algorithms [Web85, WT86]. A function is said to satisfy the SACif complementing asingle bit results inthe output ofthe function being complemented
SubstitutionPermutation Networks Resistant to Differential and Linear Cryptanalysis
 JOURNAL OF CRYPTOLOGY
, 1996
"... In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differenti ..."
Abstract

Cited by 29 (10 self)
 Add to MetaCart
In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differential characteristic probability and on the probability of a linear approximation as a function of the number of rounds of substitutions. Further, it is shown that using large Sboxes with good diffusion characteristics and replacing the permutation between rounds by an appropriate linear transformation is effective in improving the cipher security in relation to these two attacks.
Designing SBoxes For Ciphers Resistant To Differential Cryptanalysis
 PROCEEDINGS OF THE 3RD SYMPOSIUM ON STATE AND PROGRESS OF RESEARCH IN CRYPTOGRAPHY
, 1993
"... This paper examines recent work in the area of bentfunctionbased substitution boxes in order to refine the relationship between sbox construction and immunity to the differential cryptanalysis attack described by Biham and Shamir. It is concluded that mxn sboxes, m
Abstract

Cited by 24 (1 self)
 Add to MetaCart
This paper examines recent work in the area of bentfunctionbased substitution boxes in order to refine the relationship between sbox construction and immunity to the differential cryptanalysis attack described by Biham and Shamir. It is concluded that mxn sboxes, m<n, which are partially bentfunctionbased are the most appropriate choice for privatekey cryptosystems constructed as substitutionpermutation networks (SPNs). Since sboxes of this dimension and with this property have received little attention in the open literature, this paper provides a description of their construction and shows how they can be incorporated in a design procedure for a family of SPN cryptosystems with desirable cryptographic properties.
Propagation Characteristics and CorrelationImmunity of Highly Nonlinear Boolean Functions
 EUROCRYPT 2000, Lecture Notes in Comp. Sci
, 2000
"... Abstract. We investigate the link between the nonlinearity of a Boolean function and its propagation characteristics. We prove that highly nonlinear functions usually have good propagation properties regarding different criteria. Conversely, any Boolean function satisfying the propagation criterion ..."
Abstract

Cited by 22 (7 self)
 Add to MetaCart
Abstract. We investigate the link between the nonlinearity of a Boolean function and its propagation characteristics. We prove that highly nonlinear functions usually have good propagation properties regarding different criteria. Conversely, any Boolean function satisfying the propagation criterion with respect to a linear subspace of codimension 1 or 2 has a high nonlinearity. We also point out that most highly nonlinear functions with a threevalued Walsh spectrum can be transformed into 1resilient functions. 1
Practical SBox Design
 SELECTED AREAS IN CRYPTOGRAPHY, 1996
, 1996
"... Much of the security of a block cipher based on the Feistel network depends on the properties of the substitution boxes (sboxes) used in the round function. Although many desirable properties have been studied, relatively little work has been done to determine to what degree these properties are a ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
Much of the security of a block cipher based on the Feistel network depends on the properties of the substitution boxes (sboxes) used in the round function. Although many desirable properties have been studied, relatively little work has been done to determine to what degree these properties are achievable in practice. This paper presents one effort to construct large, cryptographically secure sboxes, contrasting theoretical and practical limitations, and highlighting areas for future research.
The Use of Bent Sequences to Achieve HigherOrder Strict Avalanche Criterion in SBox Design
, 1990
"... : Recently, Pieprzyk and Finkelstein described a construction procedure for the substitution boxes (sboxes) of SubstitutionPermutation Network cryptosystems which yielded sboxes of high nonlinearity. Shortly afterward, in seemingly unrelated work, Yarlagadda and Hershey discussed the analysis and ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
: Recently, Pieprzyk and Finkelstein described a construction procedure for the substitution boxes (sboxes) of SubstitutionPermutation Network cryptosystems which yielded sboxes of high nonlinearity. Shortly afterward, in seemingly unrelated work, Yarlagadda and Hershey discussed the analysis and synthesis of binary bent sequences of length 4 k , for k a positive integer. In this paper, we report on work which not only extends the results of both of these papers, but also combines them through the concept of "higher orders" of the Strict Avalanche Criterion for Boolean functions. We discuss the implications for sbox design and the use of such sboxes in the construction of DESlike cryptosystems. 1 The authors are with the Department of Electrical Engineering, Queen's University at Kingston, Ontario, K7L 3N6 2 The Use of Bent Sequences to Achieve HigherOrder Strict Avalanche Criterion in SBox Design 1 Introduction Substitution boxes (sboxes) are a critical component of ...
Weakly secret bit commitment: Applications to lotteries and fair exchange
 Proceedings of the 1998 IEEE Computer Security Foundations Workshop (CSFW11
, 1998
"... This paper presents applications for the weak protection of secrets in which weakness is not just acceptable but desirable. For one application, two versions of a lottery scheme are presented in which the result of the lottery is determined by the ticket numbers purchased, but no one can control the ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
This paper presents applications for the weak protection of secrets in which weakness is not just acceptable but desirable. For one application, two versions of a lottery scheme are presented in which the result of the lottery is determined by the ticket numbers purchased, but no one can control the outcome or determine what it is until after the lottery closes. This is because the outcome is kept secret in a way that is breakable after a predictable amount of time and/or computation. Another presented application is a variant on fair exchange protocols that requires no trusted third party at all. 1.
Transform Domain Analysis of DES
, 1998
"... DES can be regarded as a nonlinear feedback shift register (NLFSR) with input. From this point of view, the tools for pseudorandom sequence analysis are applied to the Sboxes in DES. The properties of the Sboxes of DES under Fourier transform, Hadamard transform, extended Hadamard transform and A ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
DES can be regarded as a nonlinear feedback shift register (NLFSR) with input. From this point of view, the tools for pseudorandom sequence analysis are applied to the Sboxes in DES. The properties of the Sboxes of DES under Fourier transform, Hadamard transform, extended Hadamard transform and Avalanche transform are investigated. Two important results about the Sboxes of DES are found. The first result is that nearly twothirds of the total 32 functions from GF(2 6 ) to GF (2) which are associated with the 8 Sboxes of DES have the maximal linear span 63, and the other onethird have linear span greater than or equal to 57. The second result is that for all Sboxes, the distances of the Sboxes approximated by monomial functions has the same distribution as for the Sboxes approximated by linear functions. Some new criteria for the design of permutation functions for use in block cipher algorithms are discussed. Index Terms DES, nonlinear feedback shift register, transform do...