Probabilistic Evaluation of the Exploration?Exploitation Balance during the Search, Using the Swap Operator, for Nonlinear Bijective S-Boxes, Resistant to Power Attacks

Resumen

During the search for S-boxes resistant to Power Attacks, the S-box space has recently been divided into Hamming Weight classes, according to its theoretical resistance to these attacks using the metric variance of the confusion coefficient. This partition allows for reducing the size of the search space. The swap operator is frequently used when searching with a random selection of items to be exchanged. In this work, the theoretical probability of changing Hamming Weight class of the S-box is calculated when the swap operator is applied randomly in a permutation. The precision of these probabilities is confirmed experimentally. Its limit and a recursive formula are theoretically proved. It is shown that this operator changes classes with high probability, which favors the exploration of the Hamming Weight class of S-boxes space but dramatically reduces the exploitation within classes. These results are generalized, showing that the probability of moving within the same class is substantially reduced by applying two swaps. Based on these results, it is proposed to modify/improve the use of the swap operator, replacing its random application with the appropriate selection of the elements to be exchanged, which allows taking control of the balance between exploration and exploitation. The calculated probabilities show that the random application of the swap operator is inappropriate during the search for nonlinear S-boxes resistant to Power Attacks since the exploration may be inappropriate when the class is resistant to Differential Power Attack. It would be more convenient to search for nonlinear S-boxes within the class. This result provides new knowledge about the influence of this operator in the balance exploration?exploitation. It constitutes a valuable tool to improve the design of future algorithms for searching S-boxes with good cryptography properties. In a probabilistic way, our main theoretical result characterizes the influence of the swap operator in the exploration?exploitation balance during the search for S-boxes resistant to Power Attacks in the Hamming Weight class space. The main practical contribution consists of proposing modifications to the swap operator to control this balance better.