https://en.formulasearchengine.com/index.php?action=history&feed=atom&title=Dupuit_assumptionDupuit assumption - Revision history2026-05-05T16:30:29ZRevision history for this page on the wikiMediaWiki 1.43.0-wmf.28https://en.formulasearchengine.com/index.php?title=Dupuit_assumption&diff=15906&oldid=preven>Look2See1: Category:Aquifers2010-09-30T18:40:05Z<p>Category:Aquifers</p>
<p><b>New page</b></p><div>[[Image:VEST Core4 LowLevel.png|thumbnail|320px|right|VEST-4 T-function followed by a transposition layer]]<br />
<br />
In [[cryptography]], a '''T-function''' is a [[bijection|bijective]] mapping that updates every bit of the [[state (computer science)|state]] in a way that can be described as <math>x_i' = x_i + f(x_0, \cdots, x_{i-1})</math>, or in simple words an update function in which each bit of the state is updated by a linear combination of the same bit and a function of a subset of its less significant bits. If every single less significant bit is included in the update of every bit in the state, such a T-function is called '''triangular'''. Thanks to their bijectivity (no collisions, therefore no entropy loss) regardless of the used [[Boolean function]]s and regardless of the selection of inputs (as long as they all come from one side of the output bit), T-functions are now widely used in cryptography to construct [[block cipher]]s, [[stream cipher]]s, [[PRNG]]s and [[cryptographic hash function|hash functions]]. T-functions were first proposed in 2002 by [[Alexander Klimov|A. Klimov]] and [[Adi Shamir|A. Shamir]] in their paper "A New Class of Invertible Mappings". Ciphers such as [[TSC-1]], [[TSC-3]], [[TSC-4]], [[ABC (stream cipher)|ABC]], [[Mir-1]] and [[VEST]] are built with different types of T-functions.<br />
<br />
Because [[arithmetic operation]]s such as [[addition]], [[subtraction]] and [[multiplication]] are also T-functions (triangular T-functions), software-efficient word-based T-functions can be constructed by combining [[bitwise logic]] with arithmetic operations. Another important property of T-functions based on arithmetic operations is predictability of their [[period (mathematics)|period]], which is highly attractive to cryptographers. Although triangular T-functions are naturally vulnerable to guess-and-determine attacks, well chosen bitwise [[transposition (mathematics)|transposition]]s between rounds can neutralize that imbalance. In software-efficient [[cipher]]s, it can be done by interleaving arithmetic operations with byte-swapping operations and to a small degree with [[bitwise rotation]] operations. However, triangular T-functions remain highly inefficient in hardware.<br />
<br />
T-functions do not have any restrictions on the types and the widths of the update functions used for each bit. Subsequent transposition of the output bits and [[iteration]] of the T-function also do not affect bijectivity. This freedom allows the designer to choose the update functions or [[S-box]]es that satisfy all other cryptographic criteria and even choose arbitrary or key-dependent update functions (see [[family keying]]).<br />
<br />
Hardware-efficient lightweight T-functions with identical widths of all the update functions for each bit of the state can thus be easily constructed. The core accumulators of VEST ciphers are a good example of such reasonably light-weight T-functions that are balanced out after 2 rounds by the transposition layer making all the 2-round feedback functions of roughly the same width and losing the "T-function" bias of depending only on the less significant bits of the state.<br />
<br />
== References ==<br />
<br />
* {{cite paper<br />
| author = A. Klimov, A. Shamir<br />
| title = A New Class of Invertible Mappings<br />
| year = 2002<br />
| url = http://citeseer.ist.psu.edu/klimov02new.html <br />
| format = [[PDF]]/[[PostScript]] }}<br />
* {{cite conference<br />
| author = A. Klimov, A. Shamir<br />
| title = Cryptographic Applications of T-functions<br />
| booktitle = [[Selected Areas in Cryptography]], SAC 2003, LNCS 3006<br />
| pages = 248–261<br />
| publisher = [[Springer-Verlag]]<br />
| date = 2003 <br />
| url = http://citeseer.ist.psu.edu/klimov03cryptographic.html<br />
| format = PDF/PostScript }}<br />
* {{cite conference<br />
| author = A. Klimov, A. Shamir<br />
| title = New Cryptographic Primitives Based on Multiword T-functions<br />
| booktitle = [[Fast Software Encryption]], FSE 2004, LNCS 3017<br />
| pages = 1–15<br />
| publisher = Springer-Verlag<br />
| date = 2004<br />
| format = PDF/PostScript }}<br />
* {{cite paper<br />
| author = Magnus Daum<br />
| title = Narrow T-functions<br />
| year = 2005<br />
| url = http://citeseer.ist.psu.edu/daum05narrow.html<br />
| format = PDF/PostScript }}<br />
* {{cite conference<br />
| author = J. Hong, D. Lee, Y. Yeom, and D. Han<br />
| title = A New Class of Single Cycle T-functions<br />
| booktitle = Fast Software Encryption, FSE 2005, LNCS 3557<br />
| pages = 68–82<br />
| publisher = Springer-Verlag<br />
| date = 2005 }}<br />
* {{cite conference<br />
| author = A. Klimov and A. Shamir<br />
| title = New Applications of T-functions in Block Ciphers and Hash Functions<br />
| booktitle = Fast Software Encryption, FSE 2005, LNCS 3557<br />
| pages = 18–31<br />
| publisher = Springer-Verlag<br />
| date = 2005<br />
| url = http://www.wisdom.weizmann.ac.il/~ask/t3.ps.gz<br />
| format = [[gzip]]ped PostScript }}<br />
<br />
{{Cryptography navbox | block | hash | stream}}<br />
<br />
[[Category:Symmetric-key cryptography]]<br />
[[Category:Cryptographic primitives]]</div>en>Look2See1