On the Boomerang Spectrum of Power Permutation X23n+22n+2n-1 over 24n and Extraction of Optimal Uniformity Boomerang Functions

Abstract

A substitution box (S-box) in a symmetric primitive is a mapping F that takes k binary inputs and whose image is a binary m-tuple for some positive integers k and m, which is usually the only nonlinear element of the most modern block ciphers. Therefore, employing S-boxes with good cryptographic properties to resist various attacks is significant. For power permutation F over finite field 2k, the multiset of values βF(1,b)=\#\x∈ 2k F-1(F(x)+b)+F-1(F(x+1)+b)=1\ for b∈ 2k is called the boomerang spectrum of F. The maximum value in the boomerang spectrum is called boomerang uniformity. This paper determines the boomerang spectrum of the power permutation X23n+22n+2n-1 over 24n. The boomerang uniformity of that power permutation is 3(22n-2n). However, on a large subset \b∈ 24n Trn4n(b)≠ 0\ of 24n of cardinality 24n-23n (where Trn4n is the (relative) trace function from 24n to 2n), we prove that the studied function F achieves the optimal boomerang uniformity 2. It is known that obtaining such functions is a challenging problem. More importantly, the set of b's giving this value is explicitly determined for any value in the boomerang spectrum.