Differentially uniform mappings for cryptography
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Finite fields
Linear Complexity of the Discrete Logarithm
Designs, Codes and Cryptography
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Maximal values of generalized algebraic immunity
Designs, Codes and Cryptography
IWCC '09 Proceedings of the 2nd International Workshop on Coding and Cryptology
WCC'05 Proceedings of the 2005 international conference on Coding and Cryptography
"Provable" security against differential and linear cryptanalysis
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
| Hi-index | 0.00 |
In this paper, we derive a lower bound to the nonlinearity of the discrete logarithm function in F2n extended to a bijection in F2n. This function is closely related to a family of S-boxes from F2n to F2m proposed recently by Feng, Liao, and Yang, for which a lower bound on the nonlinearity was given by Carlet and Feng. This bound decreases exponentially with m and is therefore meaningful and proves good nonlinearity only for S-boxes with output dimension m logarithmic to n. By extending the methods of Brandstätter, Lange, and Winterhof we derive a bound that is of the same magnitude. We computed the true nonlinearities of the discrete logarithm function up to dimension n = 11 to see that, in reality, the reduction seems to be essentially smaller. We suggest that the closing of this gap is an important problem and discuss prospects for its solution.