Prerequisites for Developing a Methodology for Estimating and Increasing Cryptographic Strength based on Many-Valued Logic Functions Artem Sokolova, Nadiia Kazakovab, Lydia Kuzmenkoc, and Mariia Mahomedovac a Odessa National Polytechnic University, 1 Shevchenko ave., Odessa, 65044, Ukraine b Odessa State Environmental University, 15 Lvovskaya str., Odessa, 65016, Ukraine c Borys Grinchenko Kyiv University, 18/2 Bulvarno-Kudriavska str., Kyiv, 04053, Ukraine Abstract Symmetric cryptographic algorithms are one of the most important components of information security systems, which determines the relevance of the task of estimation and further increasing of their efficiency. The rapid development of cryptanalysis methods, in particular, using the representation of structures of cryptographic algorithms based on many- valued logic functions, and the development of quantum cryptanalysis methods, as well as the actual absence of a comprehensive theoretical apparatus for the estimation of cryptographic quality of many-valued logic component functions and synthesis methods for cryptographic constructs, which are high quality in terms of many-valued logic functions, create an objective contradiction in modern cryptography. In this paper, we represent the prerequisites for the development of a methodology for estimation of cryptographic strength based on many-valued logic functions, which is in turn based on the criteria and indicators of the cryptographic quality of many-valued logic functions, as well as methods for their calculation. We also present the results of applying the developed methodology to common block symmetric ciphers made it possible to identify a cryptographic quality reserve that can be obtained by improving their structure, considering the representation of their constructs using functions of many-valued logic. Keywords 1 Cryptography, cryptographic quality, many-valued logic function. 1. Introduction One of the most important components of modern information security systems is the cryptographic subsystem, which solves the problem of ensuring the integrity, confidentiality, and authentication of transmitted and stored information. In this case, the main component of the cryptographic subsystem is the block symmetric cipher (BSC) used for cryptographic transformation of large amounts of data. These components are so often used in information processing and transmission systems that the blocks corresponding to them are now implemented in processors in the form of separate hardware modules [1]. We also note the fact that in many countries the described cryptographic constructions are standardized and are used to protect the information in the specialized information systems which are critical for national security. In particular, in Ukraine, the Kalyna crypto algorithm which is described by the DSTU 7624:2014 standard [2], is used to protect the information in military and civilian systems for processing and storing information. These circumstances make the task of estimation and improving the cryptographic quality of these algorithms especially urgent. The fundamental principles on which any modern cryptographic algorithm is built are the principles of diffusion and confusion proposed by C. Shannon [3]. However, like Shannon's theorem, Cybersecurity Providing in Information and Telecommunication Systems, January 28, 2021, Kyiv, Ukraine EMAIL: sokolov.a.v@opu.ua (A.1); kaz2003@ukr.net (B.2); lido4ok@gmail.com (C.3); m.mahomedova.asp@kubg.edu.ua (C.4) ORCID: 0000-0003-0283-7229 (A.1); 0000-0003-3968-4094 (B.2); 0000-0001-7392-0324 (C.3); 0000-0001-9395-840X (C.4) ©️ 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) 107 the principles of diffusion and confusion give only the idea of the quality of cryptographic constructions and the cryptographic algorithms built on their basis. Nonetheless, they provide neither specific methods for estimation of the quality of cryptographic primitives and cryptographic algorithms, nor methods for constructing cryptographic primitives and algorithms that would best implement the principles of diffusion and confusion. Since the formulation of the principles of diffusion and confusion by C. Shannon, many attempts have been made to create a comprehensive theory for estimating the quality of cryptographic algorithms and primitives based on them, which would be focused on the estimation of the ability of cryptographic algorithms components and their superpositions to resist possible attacks using modern cryptanalysis methods. Nevertheless, the further development of cryptanalysis methods, in particular, the emergence of cryptanalytic attacks based on many-valued logic functions [4], as well as the active development of quantum cryptanalysis methods [5], determines the need for further improvement of methods for estimation of the cryptographic quality of existing structures, and the development of new cryptographic constructions, and cryptographic algorithms that meet the developed cryptographic quality criteria. The purpose of this paper is to research the prerequisites for creating a methodology for estimation and increasing the cryptographic strength based on the mathematical apparatus of many-valued logic functions. 2. Modern Methods for Cryptographic Quality Estimation Currently, many approaches have been created to estimate the cryptographic quality, in particular, based on the analysis of stochastic properties of the output sequences of cryptographic algorithms [6], in which, for example, stochastic quality tests can be used [7]. There is also an approach for research of the degree of implementation of the principles of diffusion and confusion in the cryptographic algorithm, based on the research of its reduced copies [8], which was applied to the cryptographic algorithms Kalyna [9], Rijndael [10] and others [11]. There is also a method for estimation of the quality of implementation of the principles of diffusion and confusion by the cryptographic algorithm based on the research of the number of iterations required to reach steady-state inherent to the random substitution [12], as well as other approaches applicable for specific cryptographic algorithms. At the same time, there is no doubt that the main cryptographic construction that determines the quality of a cryptographic algorithm is the S-box [13]. Definition 1 [13]. A k1  k2 bit substitution block or S-box is a mapping 0,1 1  0,1 2 , that is, k k a mapping that uniquely maps any input k1 bit vector to an output k2 bit vector. The structure of the S-box and, therefore, its cryptographic properties can be completely determined by the Q-sequence of length N  q k . If a given Q-sequence contains all elements of a monotonically increasing sequence 0,1,..., N  1 , then such an S-box is called a bijective and can be used in practical schemes of modern cryptographic algorithms. It is clear that the total cardinality of the class of bijective S-boxes of length N is N ! . The choice of specific S-boxes for practical use is based on their research in accordance with the generally accepted approach, which involves the use of the mathematical apparatus of Boolean functions. For this, the coding Q-sequence is decomposed into a set of component Boolean functions, which can be represented using their truth tables. Further, for each of the component Boolean functions, a set of cryptographic quality criteria is applied. In summary, we represent in Fig. 1 a classification of the main approaches to the research of the cryptographic quality of cryptographic algorithms. 108 Figure 1: Classification of the main approaches to estimate the cryptographic quality of cryptographic algorithms Let us consider in detail the generally accepted approach involving the research of the cryptographic quality of component Boolean functions. So, after representing a cryptographic construct using Boolean functions, a set of cryptographic quality criteria is applied to them. Today, these criteria for cryptographic quality include the following: 1. Algebraic degree of nonlinearity, which characterizes the degree of algebraic complexity of the output of a Boolean function with respect to its input variables [14]. The algebraic degree of nonlinearity shows how nonlinear are Boolean functions that are part of a cryptographic construction from an algebraic point of view. When designing constructions for cryptographic algorithms, researchers try to increase the algebraic degree of nonlinearity of their component Boolean functions. 2. Nonlinearity distance, which characterizes the degree of distancing of a Boolean function from the set of Boolean functions that are considered linear [15]. As such a set, a set of affine functions (codewords of the first-order Reed-Muller code) is usually used. However, to estimate the level of nonlinearity, other constructions can also be used, which are considered linear. For example, quadratic Boolean functions can be used as such constructions [16]. At the same time, there are two approaches to estimate the nonlinearity of a given Boolean function: in the time domain and the domain of Walsh-Hadamard transform coefficients. 3. Correlation relationship between the output and the input of the S-box, which is determined by the statistical dependence of the output of the S-box on its input. For a quantitative estimation of the level of statistical dependence, the mathematical apparatus of the matrix of correlation coefficients [17] between the vectors of the output and the input is used. The following cryptographic quality indicators can be applied to the correlation coefficients matrix: a. The maximum absolute value of the elements of the matrix of correlation coefficients between the output and input vectors. b. The number of zero elements in the matrix of correlation coefficients. Good quality of the cipher is the case when each of the elements of the matrix of correlation coefficients is equal to zero, which is possible when each of the component Boolean functions of the S-box is correlation immune [18], at least of the first order. 4. Error propagation criterion, which characterizes the ability of a cryptographic construction to propagate minor changes in the input text or key element to the entire ciphertext [19]. There is an error propagation criterion in the direction of a certain vector, which is fed to the input of a 109 cryptographic structure as an additional influence, as well as an error propagation criterion of a given order. The numerical determination of the correspondence of the cryptographic construction to the error propagation criterion is carried out on the basis of the mathematical apparatus of the derivatives of Boolean functions [14]. The error propagation criterion of the first-order is called as strict avalanche criterion (SAC). Note, that the strict avalanche criterion is a quite strict requirement for cryptographic constructions, therefore, in practice, the criterion of the maximum avalanche effect is often used, which is satisfied if all weights of all derivatives of component Boolean functions in all directions of weight 1 have a value equal to at least half the length of the cryptographic construction [20]. The error propagation criterion, the strict avalanche criterion, and the criterion for the maximum avalanche effect play a special role not only in the theory of analysis and synthesis of symmetric block ciphers but also in the synthesis of cryptographically strong hash functions [21]. 5. Linear redundancy of component Boolean functions. The research of component Boolean functions [22] of some cryptographic primitives, for example, the Nyberg construction [23], shows that they have a certain mathematical relationship with each other. This relationship weakens the level of confusion that the researched cryptographic primitive can provide, and, accordingly, strengthens the cryptanalyst's capabilities to describe the crypto algorithm as a whole. In [24], a new method for determining the equivalence of component Boolean functions was proposed, which greatly simplifies the practical task of determining the affine equivalence of component Boolean functions of cryptographic constructions. This approach is based on a basic elementary structure definition. Thus, to reduce the level of linear redundancy, the design of cryptographic constructions should be performed in such a way that their component Boolean functions have a different elementary structure. 3. Representation of Cryptographic Constructions by the Many-Valued Logic Functions Nevertheless, the cryptanalyst is not constrained in the chosen mathematical apparatus, with the help of which the representation of the constructions of the cryptographic algorithm is carried out with the subsequent attack. In addition to the mathematical apparatus of Boolean functions used in the construction of cryptographic algorithms, the representation using 4-functions, as well as using 16- functions, can be used for almost all modern ciphers. At the same time, the developers of cryptographic algorithms usually do not consider these possible representations and do not research their cryptographic quality. This circumstance determines the need to build, develop and generalize the criteria of cryptographic quality and the practical aspects of their use for the functions of many- valued logic. On the other hand, quantum computers are developing dynamically, which already today allows us to speak about the formation of post-quantum cryptographic methods that will be relevant when quantum computers will develop and quantum attacks will be carried out with their help [5]. Note that the key of the modern symmetric cryptographic algorithm is a pseudo-random sequence. Thus, with a sufficiently large key length, it is required to use a brute force attack or use of any structural vulnerability to attack the cryptographic algorithm, in contrast to the use of algorithmic attacks, for example, using Shor's algorithm [25], which can be used to break asymmetric cryptographic algorithms. This fact makes it especially urgent, in the conditions of post-quantum cryptography, to research in detail and improve the structure of cryptographic algorithms, for any of their representations, especially with the help of functions of many-valued logic. Let us introduce the definition of a many-valued logic function we need. Definition 1 [26]. A function of the q-valued logic of k variables is a mapping 0,1,2,..., q  1  0,1,2,..., q  1 . k Many-valued logic functions are more general mathematical objects than Boolean functions. So, for value q  2 , Definition 1 is the definition of Boolean functions. Many-valued logic is one of the experiences of expanding the boundaries of awareness and formal description of the logical connections of the real world. With the generally accepted meaning of binary logic, J. Łukasiewicz [27] drew attention to many-valued logic which is the way of displaying 110 different shades of information in sentences. Thus, a direction of many-valued logic arose, in which many famous mathematicians, economists, philosophers worked, interested in improving the quality of information transfer. Let us consider (see Table 1) how the S-box of length N  16 practically used in modern cryptographic algorithms can be represented not only with the help of component Boolean functions but also with the help of many-valued logic functions. Table 1. S-box representation using Boolean and many-valued logic functions Q 4 7 2 14 1 13 8 11 15 12 6 10 5 9 3 0 f 20 0 1 0 0 1 1 0 1 1 0 0 0 1 1 1 0 f 21 0 1 1 1 0 0 0 1 1 0 1 1 0 0 1 0 f 22 1 1 0 1 0 1 0 0 1 1 1 0 1 0 0 0 f 23 0 0 0 1 0 1 1 1 1 1 0 1 0 1 0 0 f 40 0 3 2 2 1 1 0 3 3 0 2 2 1 1 3 0 f 41 1 1 0 3 0 3 2 2 3 3 1 2 1 2 0 0 At the same time, the constructions of such cryptographic algorithms as AES, Kalyna, Kuznechik, and BelT, etc. which have an S-boxes length N  256 , can be represented using Boolean functions, 4- functions, and 16-functions, i.e. they have 3 possible representations by many-valued logic functions. Each of the component q-functions determines the cryptographic quality of the cryptographic construction as a whole and, accordingly, each of them should be carefully tested. Thus, today there is an objective contradiction between the developed methods of attacks on cryptographic algorithms with the possible representation of their structures by functions of many- valued logic, while simultaneously developing promising methods of attacks using quantum computers and the actual absence of a comprehensive mathematical apparatus designed to estimate the cryptographic quality of component functions of many-valued logic and methods for synthesis of cryptographic structures that are high quality in terms of many-valued logic functions. The solution to this contradiction can be obtained by developing a methodology for estimation and increasing the cryptographic strength based on functions of many-valued logic. The presented methodology for estimation of the cryptographic quality is based on the following criteria for the cryptographic quality of many-valued logic functions in conjunction with the corresponding indicators of cryptographic quality: 1. The criterion for the algebraic degree of nonlinearity of many-valued logic functions, which is determined based on the algebraic normal form synthesized using the method [28] over a simple or extended Galois field. At the same time, to compare the algebraic degrees of nonlinearity, the indicator of the relative algebraic degree of nonlinearity was introduced as a percentage of a given degree of nonlinearity of the maximum value, which allows comparing the algebraic degrees of nonlinearity of q-functions of different lengths and for different bases q. Larger values of the relative algebraic degree of nonlinearity indicate a higher quality of the cryptographic construction. 2. The criterion for the nonlinearity of many-valued logic functions, which is determined in accordance with the spectral or time method [29] based on the degree of content of Vilenkin- Chrestenson functions in the researched component function of the many-valued logic. In view of the existence of many-valued logic bent-functions for an arbitrary given number of variables k , to compare the nonlinearity of q-functions of different lengths and for different bases q, an indicator of the relative nonlinearity of the q-function was introduced as a percentage of the nonlinearity of a given q-function of the nonlinearity of bent-functions of a given length. At the same time, larger values of the relative nonlinearity indicate a higher quality of the cryptographic structure. 3. The propagation criterion of the many-valued logic functions and the strict avalanche criterion of the many-valued logic functions, which are determined by the research the derivatives of many-valued logic functions in accordance with the method [30]. To assess the degree of correspondence and comparison of q-functions of different lengths and for different bases q, 111 indicators of integral and maximum deviations from the many-valued logic functions SAC requirements were introduced. Smaller values of the maximum and integral deviations from the SAC requirements indicate a higher quality of the cryptographic construction. 4. The criterion for the correlation independence of the output and input vectors of cryptographic structures [31], as well as the criterion for the independence of the output values of many-valued logic functions from their input variables [32]. On the basis of the proposed criterion for the independence of the output of many-valued logic functions from their input variables, indicators of the maximum and integral deviation from the criterion for the independence of the output of many- valued logic functions from their input are introduced, which are convenient for numerical estimation and comparison of q-functions of different lengths and for different bases q. Smaller values of the maximum and integral deviations from the criterion of independence of the output of many-valued logic functions from their input indicate a higher quality of the cipher. The described criteria and the indicators of the cryptographic quality of the many-valued logic functions based on them provide an opportunity to estimate and compare the cryptographic structures of various cryptographic algorithms. At the same time, there are many practical examples when a cryptographic construction is secure in the terms of Boolean functions and has low quality in the terms of functions of many-valued logic. For example, the S-box S  {12,7,14,9,1,4,8,3,2,6,5,11,15,10,13,0} has a nonlinearity distance value of 4 (66.7%, which is the maximum value for S-boxes of this length) of component Boolean functions, while the nonlinearity of 4-functions is only 3.35 (27.92%). Or the S-box S  {4,7,2,14,1,13,8,11,15,12,6,10,5,9,3,0} [30], which, being optimal from the point of view of the strict avalanche criterion in the terms of Boolean functions, is not optimal from the point of view of the strict avalanche criterion for component 4-functions. Thus, the task of design of new cryptographic constructions that are cryptographically qualitative not only from the point of view of their representation with help of Boolean functions but also from the point of view of their representation by functions of many-valued logic seems to be urgent. 4. Evaluation of the Component Many-Valued Logic Functions Cryptographic Quality for the Known Cryptographic Algorithms The developed methodology for estimation and increasing cryptographic strength can be applied both to estimate and compare the cryptographic quality of existing cryptographic algorithms and to develop new cryptographic primitives and cryptographic algorithms. Next, we use the criteria and indicators of cryptographic quality to estimate and compare the cryptographic properties of such well- known cryptographic algorithms as AES [33], Kalyna [2], BelT [34], and Kuznechik [35] when represented with help of component functions of many-valued logic. In view of the fact that the length of the researched substitution structures of the considered cryptographic algorithms is N  256 , they can be represented in the form of component Boolean functions, 4-functions, as well as 16-functions. We also note that, as in the case of applying the generally accepted approach to the estimation of the cryptographic quality based on Boolean functions, the overall cryptographic quality of a structure is determined by its worst component q-function as the weakest component [36]. In Fig. 2 we show the results of calculating the indicators of the cryptographic quality of the many- valued logic functions of the considered cryptographic algorithms. The general trend is the growth of the algebraic degree of nonlinearity of existing cryptographic algorithms when they are represented by component q-functions with larger bases q. The largest growth is shown by BelT and Kuznechik (from 87.5% for Boolean functions to 96.67% for 16- functions), the least growth is shown by BSC AES and Kalyna (from 87.5% for Boolean functions to 93.33% for 16-functions). 112 Figure 2: The results of calculation of the cryptographic quality indicators of the considered cryptographic algorithms many-valued logic component functions The behavior of the nonlinearity of component functions for different bases q depends on the quality of the S-box used in cryptographic algorithms. At the same time, the Belarusian BSC BelT and the Russian Kuznechik demonstrate an increase in nonlinearity when represented by many-valued logic functions (BelT: from 86.67% for Boolean functions to 93.09% for 16-functions, Kuznechik: from 85% for Boolean functions to 86.89% for 16-functions), while the Ukrainian BSC Kalyna demonstrates the greatest decrease in nonlinearity when represented by many-valued logic functions (from 86.67% for Boolean functions to 83.82% for 16-functions), which indicates less confusion that this BSC provides in terms of many-valued logic functions. For AES-like cryptographic algorithms, there is a general tendency towards a decrease in the maximum deviation from the SAC with an increase in the base q of the representation of component functions. In this case, the largest decrease in the maximum deviation from the SAC is demonstrated by the BSC BelT (from 15.63% for Boolean functions to 4.17% for 16-functions), and the smallest decrease is demonstrated by the BSC Kalyna (from 21.88% for Boolean functions to 6.25% for 16- functions). There is also a general tendency for the integral deviation from the SAC to increase with an increase in the base of the representation q. In this case, the smallest increase in the deviation from the SAC is demonstrated by the BSC BelT (from 5.86% for Boolean functions to 14.56% for 16- functions), and the largest increase is demonstrated by the BSC Kalyna (from 6.25% for Boolean functions to 22.81% for 16-functions). For AES-like cryptographic algorithms, there is also a general tendency for the maximum deviation from the criterion of the independence of the output of component functions from the input variables to grow with the growth of the base q of the representation of component functions. At the same time, the lowest increase in deviation is demonstrated by the BSC BelT (from 12.5% for 113 Boolean functions to 44.9% for 16-functions), and the highest increase is demonstrated by the BSC Kalyna (from 17.19% for Boolean functions to 57.82% for 16-functions). The integral deviation from the criterion of independence of the output of component functions from input variables also grows. The smallest increase in deviation is demonstrated by the BSC BelT (from 5.27% for Boolean functions to 88.8% for 16-functions), the highest increase is demonstrated by the BSC Kalyna (from 5.88% for Boolean functions to 94.21% for 16-functions). 5. Conclusion The research performed in this paper made it possible to draw the following conclusions: 1. At the moment, there is an objective contradiction between the developed methods of attacks on cryptographic algorithms with the possible representation of their structures by functions of many- valued logic, while simultaneously developing promising methods of attacks using quantum computers and the actual absence of a comprehensive mathematical apparatus designed to research the cryptographic quality of component functions of many-valued logic and methods for synthesizing cryptographic structures that are high quality in terms of many-valued logic functions. The solution of this contradiction is a prerequisite for creating a methodology for estimation and increasing cryptographic strength based on the functions of many-valued logic. 2. A methodology for estimation and increasing cryptographic strength based on many-valued logic functions is presented, consisting of the cryptographic quality criteria, indicators, and methods for their calculation. The developed methodology makes it possible to estimate and compare the cryptographic quality of existing cryptographic algorithms, as well as to develop new ones that would be of high quality both in terms of Boolean functions and in terms of functions of many-valued logic. 3. The performed research of the common block symmetric cryptographic algorithms showed that the representation of structures of cryptographic algorithms by functions of many-valued logic leads to the possibility of using the proposed criteria for the cryptographic quality of functions of many-valued logic and, accordingly, a comprehensive estimation of the cryptographic quality of these structures. This fact leads to the need to consider the properties of many-valued logic functions when designing cryptographic algorithms. The results of calculations of cryptographic quality indicators for existing BSC presented in this paper confirm the possibility of further improvement of the cryptographic algorithms considering the properties of many-valued logic functions. 6. References [1] R. Manley, D. Gregg, A program generator for intel AES-NI instructions, in: International Conference on Cryptology in India, Springer, Berlin, Heidelberg, 2010, pp. 311–327. doi:10.1007/978-3-642-17401-8_22 [2] Sovereign standard of Ukraine DSTU 7624:2014, Information technologies, Cryptographic information protection, Algorithm for symmetric block symmetric transformation, Ministry of Economic Development of Ukraine, 2016. [3] C. E. Shannon, A Mathematical Theory of Cryptography, Bell System Technical Memo, 1945, MM 45-110-02. [4] T. Baigneres, J. Stern, S. Vaudenay, Linear Cryptanalysis of Non Binary Ciphers, in: Lecture Notes in Computer Science, 2007, pp. 184–211. Heidelberg. doi:10.1007/978-3-540-77360-3_13 [5] M. Grassl, B. Langenberg, M. Roetteler, R. Steinwandt, Applying Grover’s algorithm to AES: quantum resource estimates, Post-Quantum Cryptography, Springer, Cham, 2 (2016) 29–43. [6] W. Schindler, W. Killmann, Evaluation criteria for true (physical) random number generators used in cryptographic applications, International Workshop on Cryptographic Hardware and Embedded Systems, Springer, Berlin, Heidelberg (2002) 431–449. doi:10.1007/3-540-36400- 5_31 [7] A. Rukhin, J. Soto, J. Nechvatal, A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications, National Institute of Standards and Technology Special Publication, 2010, doi:10.6028/nist.sp.800-22 114 [8] S. P. Evseev, S. E. Ostapov, R. V. Korolev, The use of mini-versions for evaluating the stability of block-symmetric ciphers, Ukrainian Scientific Journal of Information Security 23 (2017) 100– 108. doi:10.18372/2225-5036.23.11796 [9] V. I. Ruzhentsev, S. V. Chichmar, D. I. Savin, Combinatorial properties of the reduced version of the Kalyna cipher, Applied Radioelectronics 9 (2010) 346–348. [10] V. I. Dolgov, I. V. Lisitskaya, D. E. Khryapin, Attack on the full differential of the reduced version of theblock symmetric cipher Rijndael, Applied radioelectronics: scientific and technical journal 9 (2010) 355–360. [11] V. I. Dolgov, Research of the cryptographic properties of nonlinear replacing nodes of reduced versions of some ciphers, Applied radioelectronics: scientific and technical journal 8 (2009) 268– 277. [12] I. V. Lisitskaya, K. E. Lisitskiy, On the arrival of iterative ciphers to a stationary state inherent to random substitution, Applied Radioelectronics 12 (2013) 230–235. [13] O. N. Zhdanov, Methodology for selecting key information for a block cipher algorithm, Moscow, INFRA-M, 2013. [14] O. A. Logachev, A. A. Sal'nikov, V. V. Jashhenko, Boolean functions in coding theory and cryptology, MCNMO, Moscow, 2004. [15] W. Maier, O. Staffelbach, Nonlinearity criteria for cryptographic functions, in: Quisquater, J.-J. and Vandewalle, J. (Eds.) Advances in Cryptology — EUROCRYPT ’89, 1990, pp. 549–562. doi:10.1007/3-540-46885-4_53 [16] H. Yan, D. Tang, Improving lower bounds on the second-order nonlinearity of three classes of Boolean functions, Discrete Mathematics 343 (2020) 111698. doi:10.1016/j.disc.2019.111698 [17] M. I. Mazurkov, Synthesis method of optimal substitution constructions based on the criterion of zero correlation between the output and input data vectors, Radioelectronics and Communications Systems 55 (2012) 533–543. doi:10.3103/s0735272712120023 [18] T. Siegenthaler, Correlation-immunity of nonlinear combining functions for cryptographic applications (Corresp.), IEEE Transactions on Information theory 30 (1984) 776–780. doi:10.1109/tit.1984.1056949 [19] R. Forrié, The strict avalanche criterion: spectral properties of Boolean functions and an extended definition, in: Advances in Cryptology — CRYPTO’ 88, 1990, pp. 450–468. doi: 10.1007/0-387-34799-2_31 [20] T. G. S, Chandrasekharappa, K. V. Prema, Kumara Shama, S-boxes generated using Affine Transformation giving Maximum Avalanche Effect, International Journal of Computer Science and Engineering, Manipal Institute of Technology, India 3 (2011) 3185–3193. [21] Y. M. Motara, B. Irwin, Sha-1 and the strict avalanche criterion, in: Information Security for South Africa (ISSA), 2016, pp. 35–40. doi:10.1109/ISSA.2016.7802926. [22] J. Fuller, W. Millan, Linear Redundancy in S-Boxes, Fast Software Encryption, 10th International Workshop, Sweden, Lund 2887 (2003) 74–86. doi:10.1007/978-3-540-39887-5_7 [23] K. Nyberg, Differentially uniform mappings for cryptography, in: Advances in Cryptology — EUROCRYPT ’93, 1994, pp. 55–64. doi:10.1007/3-540-48285-7_6 [24] A. V. Sokolov, N. A. Barabanov, Algorithm for removing the spectral equivalence of component Boolean functions of Nyberg-design S-boxes, Radioelectronics and Communications Systems 58 (2015) 220–227. doi:10.3103/s0735272715050040 [25] P. Shor, Algorithms for quantum computation: discrete logarithms and factoring. In: Proceedings 35th Annual Symposium on Foundations of Computer Science, 1994, pp. 124–134. doi:10.1109/SFCS.1994.365700. [26] R. S. Stanković, J. T. Astola, C. Moraga, Representation of Multiple-Valued Logic Functions, Synthesis lectures on digital circuits and systems 7 (2012) 168. [27] J. Łukasiewicz, Aristotelian syllogistics from the point of view of modern formal logic, Moscow, Foreign literature, 1959. [28] A. V. Sokolov, O. N. Zhdanov, A. O. Ayvazyan, Synthesis methods of algebraic normal form of many-valued logic functions, System analysis and applied information science 1 (2016) 69–76. [29] A. V. Sokolov, O. N. Zhdanov, Regular synthesis method of a complete class of ternary bent- sequences and their nonlinear properties, Journal of Telecommunication, Electronic and Computer Engineering 8 (2016) 39–43. 115 [30] A. V. Sokolov, O. N. Zhdanov, Strict avalanche criterion of four-valued functions as the quality characteristic of cryptographic algorithms strength, Siberian Journal of Science and Technology 20 (2019) 183––190. doi:10.31772/2587-6066-2019-20-2-183-190 [31] O. N. Zhdanov, A. V. Sokolov, Algorithm of construction of optimal according to criterion of zero correlation nonbinary S-boxes, Problems of physics, mathematics and technics 3 (2015) 94– 97. [32] A. V. Sokolov, O. N. Zhdanov, Correlation immunity of three-valued logic functions, Journal of Discrete Mathematical Sciences and Cryptography (2020) 1–17. doi:10.1080/09720529.2020.1781882 [33] FIPS 197. [Electronic resource] Advanced encryption standard, 2001. http://csrc.nist.gov/publications/ [34] STB P 34.101.31-2007. Information technologies, Information protection, Cryptographic algorithms for encryption and integrity control, Minsk, Gosstandart, 2007. [35] GOST 34.12-2018. Information technology, Cryptographic protection of information, Block cipher, Moscow, Standartinform, 2018. [36] A. Bessalov, et al., Analysis of 2-isogeny properties of generalized form Edwards curves, in: Workshop on Cybersecurity Providing in Information and Telecommunication Systems, July 7, 2020, vol. 2746, pp. 1–13. 116