Boomerang Spectra of Two Classes of Power Functions via Their Differential Spectra
This work addresses cryptographic security analysis for S-boxes in symmetric-key cryptography, representing an incremental advancement in understanding boomerang-style attacks.
The paper tackles the problem of determining the boomerang spectra of two classes of power functions in cryptography, specifically for the power function x^(2^(m+1)-1) over F_(2^(2m)) and the Gold function x^(2^t+1) over F_(2^n), showing that the Gold function has a two-valued boomerang spectrum.
In EUROCRYPT 2018, Cid $et\;al.$ introduced a new concept on the cryptographic property of S-boxes to evaluate the subtleties of boomerang-style attacks. This concept was named as boomerang connectivity table (BCT for short) . For a power function, the distribution of BCT can be directly determined by its boomerang spectrum. In this paper, we investigate the boomerang spectra of two classes power functions over even characteristic finite fields via their differential spectra. The boomerang spectrum of the power function $ {x^{2^{m+1} - 1}} $ over $ {\mathbb{F}_{2^{2m}}} $ is determined, where $2^{m+1}-1$ is a kind of Niho exponent. The boomerang spectrum of the Gold function $G(x)=x^{2^t+1}$ over $ {\mathbb{F}_{2^n}} $ is also determined. It is shown that the Gold function has two-valued boomerang spectrum.