Results on symmetric S-boxes constructed by concatenation of RSSBs

In this paper, we first present an efficient exhaustive search algorithm to enumerate 6 × 6 bijective S-boxes with the best-known nonlinearity 24 in a class of S-boxes that are symmetric under the permutation τ(x) = (x0, x2, x3, x4, x5, x1), where x = (x0, x1,…,x5)∈𝔽26\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$x_{1}, \ldots , x_{5}) \in \mathbb {F}_{2}^{6}$\end{document}. Since any S-box S:𝔽26→𝔽26\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$S: \mathbb {F}_{2}^{6}\rightarrow \mathbb {F}_{2}^{6}$\end{document} in this class has the property that S(τ(x)) = τ(S(x)) for every x, it can be considered as a construction obtained by the concatenation of 5 × 5 rotation-symmetric S-boxes (RSSBs). The size of the search space, i.e., the number of S-boxes belonging to the class, is 261.28. By performing our algorithm, we find that there exist 237.56 S-boxes with nonlinearity 24 and among them the number of those that are differentially 4-uniform is 233.99, which indicates that the concatenation method provides a rich class in terms of high nonlinearity and low differential uniformity. We then classify the S-boxes achieving the best possible trade-off between nonlinearity and differential uniformity in the class with respect to absolute indicator, algebraic degree, and transparency order. Secondly, we extend our construction method to the case of 8 × 8 bijective S-boxes and perform a steepest-descent-like iterative search algorithm in the respective class (of size 2243.74), which yields differentially 6-uniform permutations with high nonlinearity and algebraic degree.