Differential biases, $c$-differential uniformity, and their relation to differential attacks

TL;DR

This paper explores the concept of $c$-differential uniformity in S-boxes, revealing that many functions inherently possess large biases that could be exploited in differential cryptanalysis, and discusses potential attack strategies.

Contribution

It proves that a broad class of S-boxes have large $c$-differential uniformity for most values of $c$, highlighting inevitable statistical biases in these functions.

Findings

Large class of S-boxes have high $c$-differential uniformity for most $c$

Statistical biases in differences are unavoidable in many functions

Potential for new differential attacks based on $c$-differential uniformity

Abstract

Differential cryptanalysis famously uses statistical biases in the propagation of differences in a block cipher to attack the cipher. In this paper, we investigate the existence of more general statistical biases in the differences. To this end, we discuss the $c$-differential uniformity of S-boxes, which is a concept that was recently introduced in Ellingsen et. al. to measure certain statistical biases that could potentially be used in attacks similar to differential attacks. Firstly, we prove that a large class of potential candidates for S-boxes necessarily has large $c$-differential uniformity for all but at most $B$ choices of $c$, where $B$ is a constant independent of the size of the finite field $q$. This result implies that for a large class of functions, certain statistical differential biases are inevitable. In a second part, we discuss the practical possibility of designing a differential attack based on weaknesses of S-boxes related to their $c$-differential uniformity.