Differential biases, c-differential uniformity, and their relation to differential attacks

Abstract

Differential cryptanalysis famously uses statistical biases in the propagation of differences in a block cipher to attack the cipher. In this paper, we investigate the existence of more general statistical biases in the differences. To this end, we discuss the c-differential uniformity of S-boxes, which is a concept that was recently introduced in Ellingsen et. al. to measure certain statistical biases that could potentially be used in attacks similar to differential attacks. Firstly, we prove that a large class of potential candidates for S-boxes necessarily has large c-differential uniformity for all but at most B choices of c, where B is a constant independent of the size of the finite field q. This result implies that for a large class of functions, certain statistical differential biases are inevitable. In a second part, we discuss the practical possibility of designing a differential attack based on weaknesses of S-boxes related to their c-differential uniformity.