Release Manager · Release Manager · commit e83e419efef2 · 2023-06-03T12:58:24.000+02:00
gh-35695: Fix incorrect linear branch number for non-invertible SBox    ### 📚 Description Fixes #29769    ### 📝 Checklist  - [x] The title is concise, informative, and self-explanatory. - [x] The description explains in detail what this PR is about. - [x] I have linked a relevant issue or discussion. - [x] I have created tests covering the changes. - [ ] I have updated the documentation accordingly. ### ⌛ Dependencies   URL: #35695 Reported by: Rusydi H. Makarim Reviewer(s): Frédéric Chapoton
diff --git a/src/sage/crypto/sbox.pyx b/src/sage/crypto/sbox.pyx
@@ -1409,15 +1409,21 @@ cdef class SBox(SageObject):
             sage: S = SBox([12,5,6,11,9,0,10,13,3,14,15,8,4,7,1,2])
             sage: S.linear_branch_number()
             2
+
+        TESTS::
+
+            sage: f = SBox([0, 2, 0, 6, 2, 2, 3, 7])
+            sage: f.linear_branch_number()
+            1
         """
         cdef Py_ssize_t m = self.m
         cdef Py_ssize_t n = self.n
         cdef Matrix lat = <Matrix> self.linear_approximation_table()
         cdef Py_ssize_t ret = (1 << m) + (1 << n)
 
         cdef Py_ssize_t a, b, w
-        for a in range(1, 1 << m):
-            for b in range(1 << n):
+        for a in range(1 << m):
+            for b in range(1, 1 << n):
                 if lat.get_unsafe(a, b) != 0:
                     w = hamming_weight(a) + hamming_weight(b)
                     if w < ret:
