A highly nonlinear differentially 4 uniform power mapping that permutes fields of even degree

Carl Bracken, Gregor Leander

Finite Fields and Their Applications Volume 16, Issue 4, July 2010, Pages 231–242


Abstract

Functions with low differential uniformity can be used as the s-boxes of symmetric cryptosystems as they have good resistance to differential attacks. The AES (Advanced Encryption Standard) uses a differentially 4 uniform function called the inverse function. Any function used in a symmetric cryptosystem should be a permutation. Also, it is required that the function is highly nonlinear so that it is resistant to Matsui's linear attack. In this article we demonstrate that the highly nonlinear permutation f(x)=x^2*2k+k^2+1 on the field F^2 4k, discovered by Hans Dobbertin (1998) [1], has differential uniformity of four and hence, with respect to differential and linear cryptanalysis, is just as suitable for use in a symmetric cryptosystem as the inverse function. Its suitability with respect to other attacks remains to be seen.

[DOI] [bib]

Tags: