A new criterion for nonlinearity of block ciphers

Orr Dunkelman, Nathan Keller

Research output: Contribution to journalConference articlepeer-review


For years, the cryptographic community has searched for good nonlinear functions. Bent functions, almost perfect nonlinear functions, and similar constructions have been suggested as a good base for cryptographic applications due to their highly nonlinear nature. In the first part of this paper we study these functions as block ciphers, and present several distinguishers between almost perfect nonlinear permutations and random permutations. The data complexity of the best distinguisher is O(2n/3) and its time complexity is O(22n/3) for an n-bit block size, independent of the key size. In the second part of the paper we suggest a criterion to measure the effective linearity of a given block cipher. We devise a distinguisher for general block ciphers based on their effective linearity. Finally, we show that for several constructions, our distinguishing attack is better than previously known techniques.

Original languageEnglish
Pages (from-to)295-312
Number of pages18
JournalLecture Notes in Computer Science
Volume3960 LNCS
StatePublished - 2006
Externally publishedYes
EventTopics in Cryptology - CT-RSA 2006: The Cryptographers' Track at the RSA Conference 2006, Proceedings - San Jose, CA, United States
Duration: 13 Feb 200517 Feb 2005


  • Almost perfect nonlinear permutations
  • Differential cryptanalysis
  • Effective linearity
  • Highly nonlinear functions

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)


Dive into the research topics of 'A new criterion for nonlinearity of block ciphers'. Together they form a unique fingerprint.

Cite this