Algebraic Degree of Strong-Aligned SP-Networks with Low-Degree and Large S-Boxes

Higher-order di erential cryptanalysis and its variants are among the most powerful methods for analyzing iterated cryptographic permutations and hash functions with low algebraic degree over binary extension elds. Predicting the evolution of the algebraic degree (as a function of the number of iterations) is the main obstacle for applying these methods. In this paper, we present a new upper bound on the growth of the algebraic degree in strong-aligned SP-Networks with low-degree and large S-Boxes. Our ndings generalize a recent result presented at Asiacrypt 2020, which applies to permutations based on an iterated Even-Mansour construction with low-degree round functions. As a main result, we prove that an initial exponential growth of the algebraic degree is followed by a linear growth until the maximum algebraic degree is reached. Our analysis is particularly relevant for assessing the security of cryptographic permutations designed to be competitive in applications like MPC, FHE, SNARKs, and STARKs, including permutations based on the Hades design strategy. We have veri ed our ndings on small-scale instances and we have compared them against the current best results, showing a substantial improvement for strong-aligned SPN schemes with low-degree and large S-Boxes.