Block ciphers, such as the AES, correspond to a very important family of secret-key cryptosystems. The security of such systems partly relies on what is called the S-box. This is a vectorial Boolean function f : F n 2 ֒→ F n 2 , where n is the size of the blocks. It is often the only non linear opera-tion in the algorithm. The most well-known attacks against block ciphers algorithms are the known-plaintext attacks called differential cryptanal-ysis [4, 10] and linear cryptanalysis [11]. To protect such cryptosystems against linear and differential attacks, S-boxes are designed to fulfill some cryptographic criteria (balancedness, high nonlinearity, high algebraic de-gree, avalanche, or transparency [2, 12]) and are usually defined on finite fields, like F2n [7, 3]. Unfortunately, it seems difficult to find good S-Boxes, at least for bijective ones: random generation does not work [8, 9] and the one used in the AES or Camellia are actually variations around a single function, the inverse function in F2n . Would the latter function have an unforeseen weakness (for instance if more practical algebraic attacks are developped), it would be desirable to have some replacement candidates. For that matter, we propose to weaken a little bit the algebraic part of the design of S-Boxes and use finite semi-fields instead of finite fields to build such S-Boxes. Finite semi-fields relax the associativity and com-mutativity of the multiplication law. While semi-fields of a given order are unique up to isomorphism, on the contrary semi-fields of a given order can be numerous: nowadays, on the one hand, it is for instance easy to generate all the 36 semi-fields of order 2 4 , but, on the other hand, it is not even known how many semi-fields are there of order 2 8 . Therefore, we propose to build S-Boxes via semi-fields pseudo extensions of the form S 2 2 4 , where S 2 4 is any semi-field of order 2 4 , and mimic in this structure the use of the inverse function in a finite field. We report here the construction of 10827 S-Boxes, 7052 non CCZ-equivalent, with maximal nonlinearity, differential invariants, degrees and bit interdependency. Among the latter 2963 had fix points, and among the ones without fix points, 3846 had the avalanche level of AES and 243 1 the better avalanche level of Camellia. Among the latter 232 have a better transparency level than the inverse function on a finite field.

EXPLOR_STEP=$WICRI_ROOT/Wicri/Musique/explor/OperaV1/Data/Main/Exploration

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000273 | SxmlIndent | more

HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 000273 | SxmlIndent | more

{{Explor lien
   |wiki=    Wicri/Musique
   |area=    OperaV1
   |flux=    Main
   |étape=   Exploration
   |type=    RBID
   |clé=     Hal:hal-01075148
   |texte=   Generating S-Boxes from Semi-fields Pseudo-extensions
}}