Article

Invertible Quadratic Non-linear Functions over $F_{p}^{n}$ via Multiple Local Maps

Authors:

Ginevra Giordani,

Lorenzo Grassi,

Marco PediciniAuthors Info & Claims

Progress in Cryptology - AFRICACRYPT 2023: 14th International Conference on Cryptology in Africa, Sousse, Tunisia, July 19–21, 2023, Proceedings

Pages 151 - 176

https://doi.org/10.1007/978-3-031-37679-5_7

Published: 19 July 2023 Publication History

Abstract

The construction of invertible non-linear layers over

F_{p}^{n}

that minimize the multiplicative cost is crucial for the design of symmetric primitives targeting Multi Party Computation (MPC), Zero-Knowledge proofs (ZK), and Fully Homomorphic Encryption (FHE). At the current state of the art, only few non-linear functions are known to be invertible over

F_{p}

, as the power maps

x \mapsto x^{d}

for

gcd (d, p - 1) = 1

. When working over

F_{p}^{n}

for

n \geq 2

, a possible way to construct invertible non-linear layers

S

over

F_{p}^{n}

is by making use of a local map

F : F_{p}^{m} \to F_{p}

for

m \leq n

, that is,

S_{F} (x_{0}, x_{1}, \dots, x_{n - 1}) = y_{0} ‖ y_{1} ‖ \dots ‖ y_{n - 1}

where

y_{i} = F (x_{i}, x_{i + 1}, \dots, x_{i + m - 1})

. This possibility has been recently studied by Grassi, Onofri, Pedicini and Sozzi at FSE/ToSC 2022. Given a quadratic local map

F : F_{p}^{m} \to F_{p}

for

m \in {1, 2, 3}

, they proved that the shift-invariant non-linear function

S_{F}

over

F_{p}^{n}

defined as before is never invertible for any

n \geq 2 \cdot m - 1

.

In this paper, we face the problem by generalizing such construction. Instead of a single local map, we admit multiple local maps, and we study the creation of nonlinear layers that can be efficiently verified and implemented by a similar shift-invariant lifting. After formally defining the construction, we focus our analysis on the case

S_{F_{0}, F_{1}} (x_{0}, x_{1}, \dots, x_{n - 1}) = y_{0} ‖ y_{1} ‖ \dots ‖ y_{n - 1}

for

F_{0}, F_{1} : F_{p}^{2} \to F_{p}

of degree at most 2. This is a generalization of the previous construction using two alternating functions

F_{0}, F_{1}

instead of a single F. As main result, we prove that (i) if

n \geq 3

, then

S_{F_{0}, F_{1}}

is never invertible if both

F_{0}

and

F_{1}

are quadratic, and that (ii) if

n \geq 4

, then

S_{F_{0}, F_{1}}

is invertible if and only if it is a Type-II Feistel scheme.

References

[1]

Albrecht MR et al. Sako K, Schneider S, Ryan PYA, et al. Feistel structures for MPC, and more Computer Security – ESORICS 2019 2019 Cham Springer 151-171

[2]

Albrecht M, Grassi L, Rechberger C, Roy A, and Tiessen T Cheon JH and Takagi T MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity Advances in Cryptology – ASIACRYPT 2016 2016 Heidelberg Springer 191-219

[3]

Aly A, Ashur T, Ben-Sasson E, Dhooghe S, and Szepieniec A Design of symmetric-key primitives for advanced cryptographic protocols IACR Trans. Symmetric Cryptol. 2020 2020 3 1-45

[4]

Beierle, C., Carlet, C., Leander, G., Perrin, L.: A further study of quadratic APN permutations in dimension nine. Finite Fields Their Appl. 81, 102049 (2022)

[5]

Beth T and Ding C Helleseth T On almost perfect nonlinear permutations Advances in Cryptology — EUROCRYPT ’93 1994 Heidelberg Springer 65-76

[6]

Biham E and Shamir A Menezes AJ and Vanstone SA Differential cryptanalysis of DES-like cryptosystems Advances in Cryptology-CRYPT0’ 90 1991 Heidelberg Springer 2-21

[7]

Bouvier, C., et al.: New design techniques for efficient arithmetization-oriented hash functions: anemoi permutations and jive compression mode. Cryptology ePrint Archive, Paper 2022/840 (2022). https://eprint.iacr.org/2022/840

[8]

Budaghyan L, Calderini M, Carlet C, Davidova D, and Kaleyski NS On two fundamental problems on APN power functions IEEE Trans. Inf. Theory 2022 68 5 3389-3403

[9]

Budaghyan L, Carlet C, and Leander G Constructing new APN functions from known ones Finite Fields Their Appl. 2009 15 2 150-159

[10]

Carlet C Relating three nonlinearity parameters of vectorial functions and building APN functions from bent functions Des. Codes Cryptogr. 2011 59 1–3 89-109

[11]

Carlet, C.: Boolean functions. In: Handbook of Finite Fields. Discrete Mathematics and Its Applications, pp. 241–252. CRC Press (2013)

[12]

Carlet C On APN exponents, characterizations of differentially uniform functions by the Walsh transform, and related cyclic-difference-set-like structures Des. Codes Cryptogr. 2019 87 2–3 203-224

[13]

Daemen, J.: Cipher and hash function design, strategies based on linear and differential cryptanalysis, Ph.D. thesis. K.U. Leuven (1995). http://jda.noekeon.org/

[14]

Daemen J and Rijmen V Honary B The wide trail design strategy Cryptography and Coding 2001 Heidelberg Springer 222-238

[15]

Dobraunig C, Grassi L, Guinet A, and Kuijsters D Canteaut A and Standaert F-X Ciminion: symmetric encryption based on Toffoli-gates over large finite fields Advances in Cryptology – EUROCRYPT 2021 2021 Cham Springer 3-34

[16]

Dobraunig, C., Grassi, L., Helminger, L., Rechberger, C., Schofnegger, M., Walch, R.: Pasta: a case for hybrid homomorphic encryption. Cryptology ePrint Archive, Report 2021/731 (2021), https://ia.cr/2021/731. Accepted at TCHES 2023

[17]

Gold R Maximal recursive sequences with 3-valued recursive crosscorrelation functions IEEE Trans. Inform. Theory 1968 14 154-156

[18]

Grassi, L.: Bounded surjective quadratic functions over

{F_{p}}^{n}

for MPC-/ZK-/HE-friendly symmetric primitives. Cryptology ePrint Archive, Paper 2022/1313 (2022). https://eprint.iacr.org/2022/1313

[19]

Grassi, L.: On generalizations of the lai-massey scheme: the blooming of amaryllises. Cryptology ePrint Archive, Paper 2022/1245 (2022). https://eprint.iacr.org/2022/1245

[20]

Grassi, L., Hao, Y., Rechberger, C., Schofnegger, M., Walch, R., Wang, Q.: Horst meets fluid-SPN: griffin for zero-knowledge applications. Cryptology ePrint Archive, Report 2022/403 (2022). https://ia.cr/2022/403

[21]

Grassi, L., Khovratovich, D., Lüftenegger, R., Rechberger, C., Schofnegger, M., Walch, R.: Reinforced concrete: a fast hash function for verifiable computation. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, pp. 1323–1335. ACM (2022)

[22]

Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., Schofnegger, M.: POSEIDON: a new hash function for zero-knowledge proof systems. In: USENIX Security 2021. USENIX Association (2021)

[23]

Grassi L, Khovratovich D, Rønjom S, and Schofnegger M The legendre symbol and the modulo-2 operator in symmetric schemes over

{(F_{p})}^{n}

IACR Trans. Symmetric Cryptol. 2022 2022 1 5-37

[24]

Grassi L, Onofri S, Pedicini M, and Sozzi L Invertible quadratic non-linear layers for MPC-/FHE-/ZK-friendly schemes over

{F_{p}}^{n}

- application to POSEIDON IACR Trans. Symmetric Cryptol. 2022 2022 3 20-72

[25]

Grassi L, Øygarden M, Schofnegger M, and Walch R Hazay C and Stam M From farfalle to Megafono via Ciminion: the PRF hydra for MPC applications Advances in Cryptology - EUROCRYPT 2023 2023 Cham Springer 255-286

[26]

Lai X and Massey JL Damgård IB A proposal for a new block encryption standard Advances in Cryptology — EUROCRYPT ’90 1991 Heidelberg Springer 389-404

[27]

Meier W, Pasalic E, and Carlet C Cachin C and Camenisch JL Algebraic attacks and decomposition of boolean functions Advances in Cryptology - EUROCRYPT 2004 2004 Heidelberg Springer 474-491

[28]

Meier W and Staffelbach O Quisquater J-J and Vandewalle J Nonlinearity criteria for cryptographic functions Advances in Cryptology — EUROCRYPT ’89 1990 Heidelberg Springer 549-562

[29]

Nyberg K Preneel B S-boxes and round functions with controllable linearity and differential uniformity Fast Software Encryption 1995 Heidelberg Springer 111-130

[30]

Nyberg K Kim K and Matsumoto T Generalized feistel networks Advances in Cryptology — ASIACRYPT ’96 1996 Heidelberg Springer 91-104

[31]

Szepieniec, A.: On the use of the legendre symbol in symmetric cipher design. Cryptology ePrint Archive, Report 2021/984 (2021). https://ia.cr/2021/984

[32]

Vaudenay S Lam K-Y, Okamoto E, and Xing C On the Lai-Massey scheme Advances in Cryptology - ASIACRYPT’99 1999 Heidelberg Springer 8-19

[33]

Wolfram S Williams HC Cryptography with cellular automata Advances in Cryptology — CRYPTO ’85 Proceedings 1986 Heidelberg Springer 429-432

[34]

Zheng Y, Matsumoto T, and Imai H Brassard G On the construction of block ciphers provably secure and not relying on any unproved hypotheses Advances in Cryptology — CRYPTO’ 89 Proceedings 1990 New York Springer 461-480

Cited By

Recommendations

Large-Scale SLAM Building Conditionally Independent Local Maps: Application to Monocular Vision

Simultaneous localization and mapping (SLAM) algorithms based on local maps have been demonstrated to be well suited for mapping large environments as they reduce the computational cost and improve the consistency of the final estimation. The main ...
Linear relations for p-harmonic functions

We discuss the p-harmonicity of the linear combination of p-harmonic functions in the Euclidean space and on a tree. If p<>2, the p-harmonicity is non-linear, i.e., the linear combination of p-harmonic functions need not be p-harmonic. In spite of this ...
Local Maps: New Insights into Mobile Agent Algorithms
DISC '08: Proceedings of the 22nd international symposium on Distributed Computing

We address the problem of computing with mobile agents having small local maps. Several trade-offs concerning the radius of the local maps, the number of agents, the time complexity and the number of agent moves are proven. Our results are based on a ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Progress in Cryptology - AFRICACRYPT 2023: 14th International Conference on Cryptology in Africa, Sousse, Tunisia, July 19–21, 2023, Proceedings

Jul 2023

517 pages

ISBN:978-3-031-37678-8

DOI:10.1007/978-3-031-37679-5

Editors:
Nadia El Mrabet
EMSE, Saint-Étienne, France
,
Luca De Feo
IBM Research Europe, Rüschlikon, Switzerland
,
Sylvain Duquesne
Université de Rennes 1, Rennes Cedex, France

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2023.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 19 July 2023

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents