Finding Biaffine and Quadratic Equations for S-Boxes Based on Power Mappings

Abstract

S-boxes having large number of linearly independent multivariate biaffine or quadratic equations may be susceptible to certain kinds of algebraic attacks. In a 2009 IEEE-IT paper, Nawaz et al. provided a polynomial time algorithm to compute the number of such equations for finding S-boxes based on power mapping. Finding actual equations in polynomial time was still open. In this paper, techniques for finding a maximal set of linearly independent biaffine and quadratic equations are developed for S-boxes based on power mappings. Two algorithms to calculate the biaffine and quadratic equations for any $(n,n)$ S-box based on power mapping are presented. The time complexity of both the algorithms is $O(n^{6})$ .