A Note on the Walsh Spectrum of Power Residue S-Boxes

TL;DR

This paper analyzes the Walsh spectrum of certain power residue S-Boxes used in cryptographic hash functions, providing bounds and confirming a conjecture related to the Polocolo S-Box's correlation.

Contribution

It establishes bounds on the Walsh spectrum of specific power residue S-Boxes and proves the conjectured correlation of the Polocolo S-Box.

Findings

Bounded the Walsh spectrum of the S-Boxes.

Proved the conjectured correlation of the Polocolo S-Box.

Applicable to cryptographic hash functions like Grendel and Polocolo.

Abstract

Let $\mathbb{F}_q$ be a prime field with $q \geq 3$, and let $d, m \geq 1$ be integers such that $\gcd \left( d, q \right) = 1$ and $m \mid (q - 1)$. In this paper we bound the absolute values of the Walsh spectrum of S-Boxes $S (x) = x^d \cdot T \left( x^\frac{q - 1}{m} \right)$, where $T$ is a function with $T (x) \neq 0$ if $x \neq 0$. Such S-Boxes have been proposed for the Zero-Knowledge-friendly hash functions Grendel and Polocolo. In particular, we prove the conjectured correlation of the Polocolo S-Box.