A new criterion for nonlinearity of block ciphers

Orr Dunkelman, Nathan Keller

Research output: Contribution to journalArticlepeer-review


For years, the cryptographic community has searched for good nonlinear functions. Bent functions, almost perfect nonlinear functions, and similar constructions have been suggested as a good base for cryptographic applications due to their highly nonlinear nature. In the first part of this paper, we examine using these functions as block ciphers, and present several distinguishers between almost perfect nonlinear permutations and random permutations. In the second part of the paper, we suggest a criterion to measure the effective linearity of a given block cipher. We devise a general distinguisher for block ciphers based on their effective linearity. Finally, we show that for several constructions, our distinguishing attack is better than previously known techniques.

Original languageEnglish
Pages (from-to)3944-3957
Number of pages14
JournalIEEE Transactions on Information Theory
Issue number11
StatePublished - Nov 2007
Externally publishedYes

Bibliographical note

Funding Information:
Manuscript received August 8, 2006; revised May 9, 2007. The work of O. Dunkelman was supported in part by the Clore scholarship program. The work of N. Keller was supported in part by the Adams Fellowship. The material in this paper was presented in part at Cryptographer’s Track, RSA Conference, San Jose, CA, February 2006. Some of the work described in this paper was performed while O. Dunkelman was in the Computer Science Department at the Technion–Israel Institute of Technology, Haifa, Israel.


  • Almost perfect nonlinear permutations
  • Differential cryptanalysis
  • Effective linearity
  • Highly nonlinear functions

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications
  • Library and Information Sciences

Cite this