On the Boomerang Spectrum of Power Permutation X^2^3n+2^2n+2^n-1 over 2^4n and Extraction of Optimal Uniformity Boomerang Functions
share
A substitution box (S-box) in a symmetric primitive is a mapping F that takes k binary inputs and whose image is a binary m-tuple for some positive integers k and m, which is usually the only nonlinear element of the most modern block ciphers. Therefore, employing S-boxes with good cryptographic properties to resist various attacks is significant. For power permutation F over finite field 2^k, the multiset of values β_F(1,b)=#{x∈2^k| F^-1(F(x)+b)+F^-1(F(x+1)+b)=1} for b∈2^k is called the boomerang spectrum of F. The maximum value in the boomerang spectrum is called boomerang uniformity. This paper determines the boomerang spectrum of the power permutation X^2^3n+2^2n+2^n-1 over 2^4n. The boomerang uniformity of that power permutation is 3(2^2n-2^n). However, on a large subset {b∈2^4n|𝐓𝐫_n^4n(b)≠ 0} of 2^4n of cardinality 2^4n-2^3n (where 𝐓𝐫_n^4n is the (relative) trace function from 2^4n to 2^n), we prove that the studied function F achieves the optimal boomerang uniformity 2. It is known that obtaining such functions is a challenging problem. More importantly, the set of b's giving this value is explicitly determined for any value in the boomerang spectrum.
READ FULL TEXT