Differential and Linear properties of vectorial boolean functions based on chi

To evaluate the security of a cryptographic primitive, investigating its resistance against differential and linear cryptanalysis is required. Many modern cryptographic primitives repeatedly apply similar round functions alternated with the addition of round keys or constants. A round function usually consists of a non-linear mapping and a number of linear mappings. The non-linear mapping [Formula: see text] is used in different cryptographic primitives such as Keccak and Subterranean. An alternative version of [Formula: see text] is used in Ascon and the non-linear layer of Simon has the same differential and linear properties of [Formula: see text] . The mapping [Formula: see text] can be applied to strings with different lengths. For instance, it can be parallelly applied to small-length strings as in Keccak, where it works on 5-bit strings, or it can be applied to big-length strings as in Subterranean, where it works on a string of length 257. Investigating the differential and linear properties of [Formula: see text] working on alternative lengths of strings, provides useful information to designers to make a better choice for the non-linear layer. Some differential properties of [Formula: see text] have been analyzed in [8] and in this work we provide a revised presentation of them. We then extend this study and we analyze linear propagation properties of [Formula: see text] . Thanks to these additional results, we extend the comparison between the application of parallel instances of [Formula: see text] on small-length strings and the application of a single instance of [Formula: see text] on a big-length string. We show how we can apply the results of this study also to the non-linear layers of Ascon and Simon thanks to their affine-equivalence with [Formula: see text] .