Branch Number
   HOME

TheInfoList



Click Here for Items Related To - Branch Number
OR:
Branch Number on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, the branch number is a numerical value that characterizes the amount of
diffusion Diffusion is the net movement of anything (for example, atoms, ions, molecules, energy) generally from a region of higher concentration to a region of lower concentration. Diffusion is driven by a gradient in Gibbs free energy or chemical p ...
introduced by a vectorial Boolean function that maps an input vector to output vector F(a). For the (usual) case of a
linear In mathematics, the term ''linear'' is used in two distinct senses for two different properties: * linearity of a '' function'' (or '' mapping''); * linearity of a '' polynomial''. An example of a linear function is the function defined by f(x) ...
the value of the ''differential branch number'' is produced by: # applying nonzero values of (i.e., values that have at least one non-zero component of the vector) to the input of ; # calculating for each input value the
Hamming weight The Hamming weight of a string (computer science), string is the number of symbols that are different from the zero-symbol of the alphabet used. It is thus equivalent to the Hamming distance from the all-zero string of the same length. For the mo ...
W (number of nonzero components), and adding weights W(a) and W(F(a)) together; # selecting the smallest combined weight across for all nonzero input values: B_d(F) = \underset (W(a) + W(F(a))). If both and F(a) have components, the result is obviously limited on the high side by the value s+1 (this "perfect" result is achieved when any single nonzero component in makes all components of F(a) to be non-zero). A high branch number suggests higher resistance to the
differential cryptanalysis Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can a ...
: the small variations of input will produce large changes on the output and in order to obtain small variations of the output, large changes of the input value will be required. The term was introduced by Daemen and Rijmen in early 2000s and quickly became a typical tool to assess the diffusion properties of the transformations.


Mathematics

The branch number concept is not limited to the linear transformations, Daemen and Rijmen provided two general metrics: * differential branch number, where the minimum is obtained over inputs of that are constructed by independently sweeping all the values of two nonzero and unequal vectors , (\oplus is a component-by-component exclusive-or): B_d(F) = \underset (W(a \oplus b) + W(F(a) \oplus F(b)); * for linear branch number, the independent candidates \alpha and \beta are independently swept; they should be nonzero and correlated with respect to (the LAT(\alpha,\beta) coefficient of the linear approximation table of should be nonzero): B_l(F) = \underset (W(\alpha) + W(\beta)).


References


Sources

* * * Cryptography {{cryptography-stub