Paper Info
Title
Nonlinear diffusion layers.
Abstract
In the practice of block cipher design, there seems to have grown a consensus about the diffusion function that designers choose linear functions with large branch numbers to achieve provable bounds against differential and linear cryptanalysis. In this paper, we propose two types of nonlinear functions as alternative diffusing components. One is based on a nonlinear code with parameters (16,256,6) which is known as a Kerdock code. The other is a general construction of nonlinear functions based on the T-functions, in particular, two automatons with modular addition operations. We show that the nonlinear functions possess good diffusion properties; specifically, the nonlinear function based on a Kerdock code has a better branch number than any linear counterparts, while the automatons achieve the same branch number as a linear near-MDS matrix. The advantage of adopting nonlinear diffusion layers in block ciphers is that, those functions provide extra confusion effect while a comparable performance in the diffusion effect is maintained. As an illustration, we show the application of the nonlinear diffusion functions in two example ciphers, where a 4-round differential characteristic with the optimal number of active Sboxes has a probability significantly lower (\(2^{16}\) and \(2^{10}\) times, respectively) than that of a similar cipher with a linear diffusion layer. As a result, it sheds light upon an alternative strategy of designing lightweight building blocks.
Year
DOI
Venue
2018
10.1007/s10623-018-0458-5
Des. Codes Cryptography
Keywords
DocType
Volume
Lightweight block ciphers, Nonlinear diffusion function, Branch number, Kerdock codes, T-functions, 94A60
Journal
86
Issue
ISSN
Citations 
11
0925-1022
0
PageRank 
References 
Authors
0.34
0
3
Name
Order
Citations
PageRank
Yunwen Liu154.26
Lars R. Knudsen2908.42
Gregor Leander3128777.03