A NOTE ON THE SIGNAL-TO-NOISE RATIO OF (n, m)-FUNCTIONS

The concept of the signal-to-noise ratio (SNR) as a useful measure indicator of the robustness of (n, m)-functions F = (f(1), . . . , f(m)) (cryptographic S-boxes) against differential power analysis (DPA), has received extensive at-tention during the previous decade. In this paper, we give an upper bound on the SNR of balanced (n, m)-functions, and a clear upper bound regarding unbalanced (n, m)-functions. Moreover, we derive some deep relationships be-tween the SNR of (n, m)-functions and three other cryptographic parameters (the maximum value of the absolute value of the Walsh transform, the sum-of-squares indicator, and the nonlinearity of its coordinates), respectively. In particular, we give a trade-off between the SNR and the refined transparency order of (n, m)-functions. Finally, we prove that the SNR of (n, m)-functions is not affine invariant, and data experiments verify this result.