International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

On the Relationships between Different Methods for Degree Evaluation

Authors:
Siwei Chen , Faculty of Mathematics and Statistics, Hubei Key Laboratory of Applied Mathematics, Hubei University, Wuhan, China
Zejun Xiang , Faculty of Mathematics and Statistics, Hubei Key Laboratory of Applied Mathematics, Hubei University, Wuhan, China
Xiangyong Zeng , Faculty of Mathematics and Statistics, Hubei Key Laboratory of Applied Mathematics, Hubei University, Wuhan, China
Shasha Zhang , Faculty of Mathematics and Statistics, Hubei Key Laboratory of Applied Mathematics, Hubei University, Wuhan, China
Download:
DOI: 10.46586/tosc.v2021.i1.411-442
URL: https://tosc.iacr.org/index.php/ToSC/article/view/8844
Search ePrint
Search Google
Abstract: In this paper, we compare several non-tight degree evaluation methods i.e., Boura and Canteaut’s formula, Carlet’s formula as well as Liu’s numeric mapping and division property proposed by Todo, and hope to find the best one from these methodsfor practical applications. Specifically, for the substitution-permutation-network (SPN) ciphers, we first deeply explore the relationships between division property of an Sbox and its algebraic properties (e.g., the algebraic degree of its inverse). Based on these findings, we can prove theoretically that division property is never worse than Boura and Canteaut’s and Carlet’s formulas, and we also experimentally verified that the division property can indeed give a better bound than the latter two methods. In addition, for the nonlinear feedback shift registers (NFSR) based ciphers, according to the propagation of division property and the core idea of numeric mapping, we give a strict proof that the estimated degree using division property is never greater than that of numeric mapping. Moreover, our experimental results on Trivium and Kreyvium indicate the division property actually derives a much better bound than the numeric mapping. To the best of our knowledge, this is the first time to give a formal discussion on the relationships between division property and other degree evaluation methods, and we present the first theoretical proof and give the experimental verification to illustrate that division property is the optimal one among these methods in terms of the accuracy of the upper bounds on algebraic degree.
Video from TOSC 2021
BibTeX
@article{tosc-2021-30956,
  title={On the Relationships between Different Methods for Degree Evaluation},
  journal={IACR Transactions on Symmetric Cryptology},
  publisher={Ruhr-Universität Bochum},
  volume={2021, Issue 1},
  pages={411-442},
  url={https://tosc.iacr.org/index.php/ToSC/article/view/8844},
  doi={10.46586/tosc.v2021.i1.411-442},
  author={Siwei Chen and Zejun Xiang and Xiangyong Zeng and Shasha Zhang},
  year=2021
}