Affine Equivalence and Saddle Connection Graphs of Half-Translation Surfaces

To every half-translation surface, we associate a saddle connection graph, which is a subgraph of the arc graph. We prove that every isomorphism between two saddle connection graphs is induced by an affine homeomorphism between the underlying half-translation surfaces. We also investigate the automorphism group of the saddle connection graph and the corresponding quotient graph.

The Notion of Transparency Order, Revisited

We revisit the definition of transparency order (TO) and that of modified transparency order (MTO) as well, which were proposed to measure the resistance of substitution boxes (S-boxes) against differential power analysis (DPA). We spot a definitional flaw in original TO, which is proved to significantly affect the soundness of TO. Regretfully, MTO overlooks this flaw, yet it happens to incur no bad effects on the correctness of MTO, even though the start point of this formulation is highly questionable. It is also this neglect that made MTO consider a variant of multi-bit DPA attack, which was mistakenly thought to appropriately serve as an alternative powerful attack. This implies the soundness of MTO is also more or less arguable. Therefore, we fix this definitional flaw and provide a revised definition named reVisited TO (VTO). For demonstrating validity and soundness of VTO, we present simulated and practical DPA attacks on implementations of $4\times 4$ and $8\times 8$ S-boxes. In addition, we also illustrate the soundness of VTO in masked S-boxes. Furthermore, as a concrete application of VTO, we present the distribution of VTO values of optimal affine equivalence classes of $4\times 4$ S-boxes and give some recommended guidelines on how to select $4\times 4$ S-boxes with higher DPA resistance at the identical level of implementation cost.

On affine classification of permutations on the space GF(2)3

We give an elementary proof that by multiplication on left and right by affine permutations A, B ∈ AGL(3, 2) each permutation π : GF(2)3 → GF(2)3 may be reduced to one of the 4 permutations for which the 3 × 3-matrices consisting of the coefficients of quadratic terms of coordinate functions have as an invariant the rank, which is either 3, or 2, or 1, or 0, respectively. For comparison, we evaluate the number of classes of affine equivalence by the Pólya enumerative theory.

Classification of Balanced Quadratic Functions

S-boxes, typically the only nonlinear part of a block cipher, are the heart of symmetric cryptographic primitives. They significantly impact the cryptographic strength and the implementation characteristics of an algorithm. Due to their simplicity, quadratic vectorial Boolean functions are preferred when efficient implementations for a variety of applications are of concern. Many characteristics of a function stay invariant under affine equivalence. So far, all 6-bit Boolean functions, 3- and 4-bit permutations have been classified up to affine equivalence. At FSE 2017, Bozoliv et al. presented the first classification of 5-bit quadratic permutations. In this work, we propose an adaptation of their work resulting in a highly efficient algorithm to classify n x m functions for n ≥ m. Our algorithm enables for the first time a complete classification of 6-bit quadratic permutations as well as all balanced quadratic functions for n ≤ 6. These functions can be valuable for new cryptographic algorithm designs with efficient multi-party computation or side-channel analysis resistance as goal. In addition, we provide a second tool for finding decompositions of length two. We demonstrate its use by decomposing existing higher degree S-boxes and constructing new S-boxes with good cryptographic and implementation properties.