Cryptographically strong permutations from the butterfly structure

Abstract

Boomerang connectivity table is a new tool to characterize the vulnerability of cryptographic functions against boomerang attacks. Consequently, a cryptographic function is desired to have boomerang uniformity as low as its differential uniformity. Based on generalized butterfly structures recently introduced by Canteaut, Duval and Perrin, this paper presents infinite families of permutations of \({\mathbb {F}}_{2^{2n}}\) for a positive odd integer n, which have the best known nonlinearity and boomerang uniformity 4. Both open and closed butterfly structures are considered. The open butterflies, according to experimental results, appear not to produce permutations with boomerang uniformity 4. On the other hand, from the closed butterflies we derive a condition on coefficients \(\alpha , \beta \in {\mathbb {F}}_{2^n}\) such that the functions

$$\begin{aligned} V_i(x,y) := (R_i(x,y), R_i(y,x)), \end{aligned}$$ where \(R_i(x,y)=(x+\alpha y)^{2^i+1}+\beta y^{2^i+1}\) and \(\gcd (i,n)=1\), permute \({{\mathbb {F}}}_{2^n}^2\) and have boomerang uniformity 4. In addition, experimental results for \(n=3, 5\) indicate that the proposed condition seems to cover all such permutations \(V_i(x,y)\) with boomerang uniformity 4.