Professional Documents
Culture Documents
II.
l Ln
I.
INTRODUCTION
lLn ,0 uF2
Step 2. The set of n vectors (X1, X2, ..., Xn) is formed such
that X and Xj differ only in bit j. The ciphertext vectors (Y1,
Y2, ..., Yn) are then found where Yj = f(Xj), and they are used
to obtain the set of m-bit binary avalanche vectors (V1, V2, ...,
Vn) such that Vj = YYj.
Step 3. The value of bit i in Vj (either a 1 or 0) is added to
element ai,j in the mn dependence matrix.
Step 4. Randomly generate plaintext vectors X and repeat
Step 1 ~3 for a large number r. Finally, each element in
matrix is divided by r.
If each element and the mean value of the matrix are both
close to the ideal value 0.5, the S-box approximately fulfills
the SAC.
2n
2
where x and y are input and output masks, respectively; X
is the set of all possible inputs; and 2n is the number of its
elements.
LP = max
x , y 0
n
wt ai fi = 2n 1
i =1
{A, B} =
cov{A, B}
{A}{B}
(8)
where ai {0,1} , (a1, a2, ..., an) (0, 0, . . . ,0) and wt() is the
Hamming weight, this allows us to say that every fi is
basically required to be 0/1 balanced and the S-box is
bijective.
III.
(5)
m
where X is the set of all possible input values, and 2 is the
number of its elements.
126
C. Simulation Test
The S-box presented in AES is used as the test example.
The performance indexes of this S-box are calculated by
using our software. The results are shown in Figure 3 ~ 8. By
comparing with the corresponding data presented in Ref.
[10], we may conclude that the results given by our software
are correct.
Figure 1.
127
IV.
CONCLUSION
ACKNOWLEDGEMENTS
REFERENCES
[1]
128