On properties of the largest probability for difference transition under a random bijec-tive group mapping

We consider two finite groups (G₁, ®), (G₂, ©) with binary operations ®, ©. In practice, G₁ and G₂ are usually equal to the additive group (V_m, ®) of the m-dimensional vector space V_m over GF(2) or the additive group (Z₂m, Ш) of the residues ring Z₂m. Nonabelian group of order 2^m having a cyclic subgroup of index 2 can be considered as the nearest one to the additive group (Z₂m, El). These groups are the dihedral group (D₂(_m-i), o) and the generalized quaternion group (Q₂m, I). In differential technique and its generalizations, each bijective mapping is associated with the differences table. In this paper, for all ®, © G {©, Ш, IE, o}, we experimentally study a random value q⁽⁰>⁰⁾ that is equal to |G₁|p⁽®'⁰⁾, where p⁽⁰>⁰⁾ is the largest element of the differences table corresponding to a random mapping s : G₁ M G₂. We consider randomly chosen bijective mappings as well as real S-boxes. As for all ®, © G {©, Ш, I, o}, we compute q⁽⁰>⁰⁾ for S-boxes of ciphers Aes, Anubis, Belt, Crypton, Fantomas, iScream, Kalyna, Khazad, Kuznyechik, Picaro, Safer, Scream, Zorro, Gift, Panda, Pride, Prince, Prost, Klein, Noekeon, Piccolo.

Keywords

Authors

References