A new class of S-boxes with optimal Feistel boomerang uniformity
Yuxuan Lu, Sihem Mesnager, Nian Li, Lisha Wang, Xiangyong Zeng
TL;DR
This work determines the FBCT for the power function $F(x)=x^{2^{n-2}-1}$ over ${\mathbb F}_{2^n}$ ($n>6$), deriving explicit FBCT entries via refined finite-field equation solving and binary Kloosterman sums. It establishes that ${\rm FBCT}_F(a,b)$ takes values in $\{2^n,0,4\}$ when $3\nmid n$ and in $\{2^n,0,4,8\}$ when $3|n$, and provides the complete Feistel boomerang spectrum expressed through the Kloosterman sum $K_n(1)$, showing the uniformity is $4$ (or $8$ if $3|n$). The results identify a fifth known class of functions with explicit FBCT values and demonstrate minimal Feistel boomerang uniformity among non-APN functions for $3\nmid n$. The findings have practical implications for designing Feistel-based S-boxes with tight resistance to boomerang-type attacks by exploiting this function’s provable FBCT structure.
Abstract
The Feistel Boomerang Connectivity Table ($\rm{FBCT}$), which is the Feistel version of the Boomerang Connectivity Table ($\rm{BCT}$), plays a vital role in analyzing block ciphers' ability to withstand strong attacks, such as boomerang attacks. However, as of now, only four classes of power functions are known to have explicit values for all entries in their $\rm{FBCT}$. In this paper, we focus on studying the FBCT of the power function $F(x)=x^{2^{n-2}-1}$ over $\mathbb{F}_{2^n}$, where $n$ is a positive integer. Through certain refined manipulations to solve specific equations over $\mathbb{F}_{2^n}$ and employing binary Kloosterman sums, we determine explicit values for all entries in the $\rm{FBCT}$ of $F(x)$ and further analyze its Feistel boomerang spectrum. Finally, we demonstrate that this power function exhibits the lowest Feistel boomerang uniformity.