classification of balanced quadratic functions
play

CLASSIFICATION OF BALANCED QUADRATIC FUNCTIONS Lauren De Meyer - PowerPoint PPT Presentation

Apr 02, 2024 •433 likes •727 views

CLASSIFICATION OF BALANCED QUADRATIC FUNCTIONS Lauren De Meyer & Begl Bilgin BFA, Loen Norway, June 20 th 2018 COSIC (V ECTORIAL ) B OOLEAN F UNCTIONS ? 0123457689+,-./0 Lookup Table (LUT): 1 2 3 = 3 2 3 6 3 7 Algebraic Normal Form

  1. CLASSIFICATION OF BALANCED QUADRATIC FUNCTIONS Lauren De Meyer & Begül Bilgin BFA, Loen Norway, June 20 th 2018 COSIC

  2. ¿(V ECTORIAL ) B OOLEAN F UNCTIONS ? 0123457689+,-./0 Lookup Table (LUT): 1 2 3 = 3 2 ⊕ 3 6 3 7 Algebraic Normal Form 1 6 3 = 3 6 ⊕ 3 6 3 8 ⊕ 3 7 3 8 (ANF): 1 7 3 = 3 7 ⊕ 3 6 3 8 1 8 3 = 3 8 Algebraic Degree: 2 D : 1 3 ⊕ F = 1 3 ⊕ G} = 16 Differential Uniformity (Diff): = max <,>?2 # {3 ∈ C 7 D : F ⋅ 3 = G ⋅ 1 3 } − 2 DL6 | = 16 = max <,>?2 |#{3 ∈ C 7 Linearity (Lin): 2

  3. A FFINE E QUIVALENCE ! " ∼ ! ! " = & ∘ ! $ ∘ ( $ with (, & affine permutations • Algebraic Degree Invariants: • Differential Uniformity • Linearity • Multiplicative Complexity 3

  4. T IMELINE OF A FFINE E QUIVALENCE C LASSIFICATION % → # $ Boolean Functions !: # $ Golomb: invariants and representatives Berlekamp-Welch: Fuller: 6 variables ≤ 5 variables 1972 2017 1959 2003 2007 De Cannière: *×* with * ≤ 4 Bozilov et al.: all quadratic 5 ×5 % → # $ % Vectorial Boolean Functions: ': # $ 4

  5. F IND R EPRESENTATIVE • Algorithm by Biryukov et al. [1] • To find Representative ! = # $% ∘ ' ∘ ( • for permutations only, i.e. )×) Boolean Functions ' • Representative is lexicographically smallest of equivalence class ( ' # . + ((+) #(.) ! + = . [1] A. Biryukov, C. De Canniere, A. Braeken, and B. Preneel. A toolbox for cryptanalysis: Linear and affine equivalence algorithms. In International Conference on the Theory and Applications of Cryptographic Techniques, pages 33–50. Springer, 2003. 5

  6. ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 2(!) 1 - 9 . / 6 1 3 0 8 7 4 , 2 5 0 6 ! → ,(!) - 7 ← 7 → 0 → → ← 0 ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 0 9(!) 6

  7. ! " 1 2 3 4 5 6 7 8 9 , - . / 0 1 2(!) 5 - 9 . / 6 1 3 0 8 7 4 , 2 5 0 8 ! → ,(!) - 9 ← 9 → 0 → 0 → 1 ← 0 Guess ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 0 ;(!) 7

  8. ! 0 # 2 3 4 5 6 7 8 9 , - . / 0 1 2(!) 1 6 9 . / 6 1 3 0 8 7 4 , 2 5 0 8 ! → ,(!) - 9 ← 9 → 0 → 0 → 1 ← 0 Guess 1 → 1 → - ← 1 Guess ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 0 1 ;(!) 8

  9. ! 0 1 $ 3 4 5 6 7 8 9 , - . / 0 1 2(!) 1 - 5 . / 6 1 3 0 8 7 4 , 2 5 0 8 ! → ,(!) - 9 ← 9 → 0 → 0 → 1 ← 0 Guess 1 → 1 → - ← 1 Guess 2 → 2 → 9 ← 2 Guess ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 0 1 2 ;(!) 9

  10. ! 0 1 2 % 4 5 6 7 8 9 , - . / 0 1 2(!) 1 - 9 5 / 6 1 3 0 8 7 4 , 2 5 0 8 ! → ,(!) - 9 ← 9 → 0 → 0 → 1 ← 0 Guess 1 → 1 → - ← 1 Guess 2 → 2 → 9 ← 2 Guess 3 → 3 → . ← 4 Forward = smallest available power of 2 ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 0 1 2 4 ;(!) 10

  11. ! 0 1 2 3 4 5 6 ) 8 9 , - . / 0 1 2(!) 1 - 9 . / 6 1 5 0 8 7 4 , 2 5 0 8 ! → ,(!) - 9 ← 9 → 0 → 0 → 1 ← 0 Guess 1 → 1 → - ← 1 Guess 2 → 2 → 9 ← 2 Guess 3 → 3 → . ← 4 Forward 4 → 7 ← 3 ← 3 Bckward = smallest 9 for which - 9 defined ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 0 1 2 4 3 ;(!) 11

  12. ! 0 1 2 3 4 5 ( 7 8 9 , - . / 0 1 2(!) 1 - 9 . / 6 6 3 0 8 7 4 , 2 5 0 8 ! → ,(!) - 9 ← 9 → 0 → 0 → 1 ← 0 Guess 1 → 1 → - ← 1 Guess 2 → 2 → 9 ← 2 Guess 3 → 3 → . ← 4 Forward 4 → 7 ← 3 ← 3 Bckward 5 → 6 → 1 ← 8 Forward = smallest available power of 2 ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 0 1 2 4 3 8 ;(!) 12

  13. ! 0 1 2 3 4 ' 6 7 8 9 , - . / 0 1 2(!) 1 - 9 . / 5 1 3 0 8 7 4 , 2 5 0 8 ! → ,(!) - 9 ← 9 → 0 → 0 → 1 ← 0 Guess 1 → 1 → - ← 1 Guess 2 → 2 → 9 ← 2 Guess 3 → 3 → . ← 4 Forward 4 → 7 ← 3 ← 3 Bckward 5 → 6 → 1 ← 8 Forward 6 → 5 → 6 ← 5 Forward … ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 0 1 2 4 3 8 5 … ;(!) 13

  14. ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 2(!) 1 - 9 . / 6 1 3 0 8 7 4 , 2 5 0 6 ! → ,(!) - 7 ← 7 → 0 → 0 → 1 ← 0 Guess 1 → 5 → 6 ← 1 Guess 2 → , → 7 ← 2 Guess 3 → 1 → 0 ← 3 Forward 4 → 4 ← D ← 4 Guess 5 → 1 → - ← 6 Forward 6 → 0 → 5 ← 8 Forward … ! 0 1 2 3 4 5 6 7 8 9 , - . / 0 1 0 1 2 3 4 6 8 … :(!) 14

  15. C LASSIFYING 5 × 5 Q UADRATIC S- BOXES • Previously by Bozilov et al. [2] ) * • Create list of all ANFs with algebraic degree ≤ 2 • Use AE [1] to get representatives ( ≈ 2 $% times) ) * • Eliminate Doubles … … • Result = 76 classes • 16 threads, ≈ 3 hours runtime ) * 15 [2] D. Bozilov, B. Bilgin, and H. A. Sahin. A Note on 5-bit Quadratic Permutations’ Classification. IACR Transactions on Symmetric Cryptology, 2(1):398–404, 2017.

  16. F IND R EPRESENTATIVE F OR NON - BIJECTIVE % → # $ ' with ( ≤ * (but still balanced) • When !: # $ • Not invertible • Backward: 2 %,' candidates for ! ,- . / 1 ! . 0 1(0) .(/) / 4 16

  17. C OMPLEXITY For Finding 1 Representative with this algorithm: Asymptotically estimated in [1]: Our Average Experimental Runtime (s): 5 10 -2 ! = 5 4 3 Av. Runtime (s) 10 -3 2 1 0 10 -4 1 2 3 4 5 1 2 3 4 5 - - % ! " ⋅ 2 % ⋅ 2 %&' ! ) *+, 18

  18. ! " 1 $ 3 & 5 6 7 8 9 , - . / 0 1 2(!) 5 3 5 0 5 2 3 3 2 0 3 0 2 2 5 0 9 ! → ,(!) - : ← : → 0 → 0 → 1 ← 0 Guess 1 → 2 → 1 ← 0 Bckward 2 → 4 → 1 ← 0 Bckward 3 → 6 → 3 ← 1 Forward 4 → = ← 1 ← 0 Bckward 5 → / → 2 ← 2 Forward 6 → 8 → 0 ← 3 Forward … ! 0 1 2 3 4 5 6 7 8 9 , - . / = 1 0 0 0 1 0 2 3 … >(!) 19

  19. C LASSIFYING +×, B ALANCED Q UADRATIC F UNCTIONS Iterative procedure to find all ! × # representatives ℛ % • Given all balanced quadratic ! -bit Boolean functions ℱ • Given all !× # − 1 representatives ℛ %)* ℛ % ← . 1 ∀ 0 ∈ ℛ %)* , ∀ 2 ∈ ℱ : 2 Create !×# function 3 4 = (0 4 ≪ 1) | 2(4) 3 Find affine eq. representative : 4 ℛ % ← ℛ % ∪ : 5 Sort and eliminate doubles from ℛ % 6 20

  20. FIND REPRESENTATIVE ! × 1 !×($ − 1) ! × $ ℛ )*+ ℛ ) … … … … REDUCE COMBINE 21

  21. 5 × # B ALANCED Q UADRATIC F UNCTIONS 5 ×1 5×2 5×3 5×4 5×5 3 12 80 166 76 Naïve search: On 4 threads in 50 minutes runtime With Optimizations: On 4 threads in 6 minutes runtime # QUADRATIC S-BOX CLASSES 76 ? 6 3 22 , = 3 , = 4 , = 5 , = 6

  22. 6 ×# B ALANCED Q UADRATIC F UNCTIONS 6×1 6×2 6×3 6×4 6×5 6×6 3 24 670 11 891 12 647 2 263 Never been classified before # QUADRATIC S-BOX CLASSES 2263 76 3 6 23 - = 3 - = 4 - = 5 - = 6

  23. 6 ×6 Q UADRATIC S- BOXES • 2258 even vs. 5 odd • 70 have quadratic inverses, 2193 have cubic inverses Lin = 8 Lin = 16 Lin = 32 Diff = 4 8 0 0 Diff = 8 0 0 12 Diff = 16 0 49 100 Diff = 32 0 49 1067 Diff = 64 0 200 779 24

  24. Differentially 6-uniform !×! − 2 functions? • Open questions of C. Carlet [3] • 3.10: unkown if for ! ≥ 5 , ∃ differentially 6-uniform !×! − 2 function? • 6×4 with algebraic degree 2: no Lin = 8 Lin = 16 Lin = 32 Diff = 8 10 1 0 Diff = 16 1935 845 64 Diff = 32 618 5013 740 Diff = 64 42 2016 607 [3] C. Carlet. Open ques2ons on nonlinearity and on APN func2ons. In C ̧. K. Koç, S. Mesnager, and E. Savas, editors, Arithme2c of Finite Fields - 5th Interna2onal Workshop, WAIFI 2014, Gebze, Turkey, September 27-28, 2014. Revised Selected Papers, volume 9061 of 25 Lecture Notes in Computer Science, pages 83–107. Springer, 2014.

  25. • Full listings of all 5 × # and 6 × # classes available on http://homes.esat.kuleuven.be/~ldemeyer/ • More details on ePrint Report 2018/113 26

  26. S- BOX D ECOMPOSITION • Useful for side-channel protected implementations, MPC, … • A higher-degree S-box ! ! ∼ # $ ∘ & ∘ # ' • Goal: Find ( = # $ ∘ & and # ' 27

  27. S- BOX D ECOMPOSITION • Guess ! " and find # such that # ∘ ! " ∼ & • Iteratively (same algorithm!) • ℱ = all quadratic Boolean functions ( such that ( ∘ ! " can be a component of & • ℛ * = all + ×- representatives . such that . ∘ ! " can be a subfunction of & ℛ * ← 0 1 ∀ . ∈ ℛ *34 , ∀ ( ∈ ℱ : 2 Create +×- function 5 6 = (. 6 ≪ 1) | ((6) 3 Find left affine eq. representative ! 4 ℛ * ← ℛ * ∪ ! 5 Sort and eliminate doubles from ℛ * 6 31

  28. S- BO X D EC O M PO SITIO N • Result = compositions with same properties as ! (if exists) • Decompositions: • 5-bit cubic AB permutations • Inverse of Keccak (SHA-3) nonlinear map " • Compositions: “Golden” 5-bit S-boxes: • Algebraic Degree 4 • Diff = 2(APN), 4 • Lin = 6 • Quadratic Decomposition length 2 32

  29. T HANK Y OU ! 33

Recommend

Classification James H. Steiger Department of Psychology and Human Development Vanderbilt

Classification James H. Steiger Department of Psychology and Human Development Vanderbilt

Introduction The Linear Classification Function Quadratic Classification Functions Estimating Misclassification Rates Bias in Error Rate Estimation Error Rates in Variable Selection Classification via the k Nearest Neighbor Rule Classification

417 views • 31 slides
3.2 Graphing Quadratic Functions The equation of a quadratic relation may be written in several

3.2 Graphing Quadratic Functions The equation of a quadratic relation may be written in several

MPM2D1 U3L2 Graphing Quadratic Functions 3.2 Graphing Quadratic Functions The equation of a quadratic relation may be written in several forms: Factored Form: Standard Form: Vertex Form: Last class, we looked at graphing equations in

195 views • 7 slides
Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations

Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations

Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations Multivariate quadratic equations Olivier Billet, Thomas Peyrin, and Matt Robshaw Hash functions and multivariate quadratic equations Orange Labs

299 views • 3 slides
Reciprocals of Quadratic Functions MHF4U: Advanced Functions A quadratic function has the form f (

Reciprocals of Quadratic Functions MHF4U: Advanced Functions A quadratic function has the form f (

r a t i o n a l f u n c t i o n s r a t i o n a l f u n c t i o n s Reciprocals of Quadratic Functions MHF4U: Advanced Functions A quadratic function has the form f ( x ) = ax 2 + bx + c in standard form, where a , b and c are real coefficients.

402 views • 3 slides
Key Terms Solve Quadratic Equations by Factoring Application of Zero Product Property Solve

Key Terms Solve Quadratic Equations by Factoring Application of Zero Product Property Solve

Slide 1 / 222 Slide 2 / 222 Algebra II Quadratic Functions 2014-10-14 www.njctl.org Slide 3 / 222 Slide 4 / 222 Table of Contents Key Terms click on the topic to go to that section Explain Characteristics of Quadratic Functions

645 views • 37 slides
d i E Quadratic functions a l l u d Dr. Abdulla Eid b A College of Science . r D

d i E Quadratic functions a l l u d Dr. Abdulla Eid b A College of Science . r D

Section 3.3 d i E Quadratic functions a l l u d Dr. Abdulla Eid b A College of Science . r D MATHS 103: Mathematics for Business I Dr. Abdulla Eid (University of Bahrain) Quadratics 1 / 10 Introduction Recall: A quadratic

349 views • 10 slides
2 or 2 , are called quadratic functions. 6 y e y x How can you use this pattern to

2 or 2 , are called quadratic functions. 6 y e y x How can you use this pattern to

D AY 121 U NDERSTANDING THE PARTS OF A Q UADRATIC WITH R EAL W ORLD D ATA AND WRITE THE E QUATION The relationship involves the square of the length of an edge. Functions that involve squaring, such as 2 or 2 , are called quadratic

552 views • 13 slides
Solving Quadratic Equations MCR3U: Functions Recall that to solve a quadratic equation means to

Solving Quadratic Equations MCR3U: Functions Recall that to solve a quadratic equation means to

f u n c t i o n s f u n c t i o n s Solving Quadratic Equations MCR3U: Functions Recall that to solve a quadratic equation means to find all values of the independent variable to satisfy a given equation. For example, the quadratic equation x 2

209 views • 3 slides
A Note on 5-bit Quadratic Permutations Classification Duan Boilov Begl Bilgin Hac

A Note on 5-bit Quadratic Permutations Classification Duan Boilov Begl Bilgin Hac

A Note on 5-bit Quadratic Permutations Classification Duan Boilov Begl Bilgin Hac Ali ahin March 6, 2017 Motivation 2/14 Permutations are main nonlinear part of symmetric primitives Quadratic permutations can be used to

381 views • 22 slides
Quadratic functions Elementary Functions In the last lecture we studied polynomials of simple form

Quadratic functions Elementary Functions In the last lecture we studied polynomials of simple form

Quadratic functions Elementary Functions In the last lecture we studied polynomials of simple form f ( x ) = mx + b. Now we move on to a more interesting case, polynomials of degree 2, the Part 2, Polynomials quadratic polynomials. Lecture

488 views • 9 slides
Algebra II Quadratic Functions 2014-10-14 www.njctl.org Slide 3 / 222 Table of Contents click

Algebra II Quadratic Functions 2014-10-14 www.njctl.org Slide 3 / 222 Table of Contents click

Slide 1 / 222 Slide 2 / 222 Algebra II Quadratic Functions 2014-10-14 www.njctl.org Slide 3 / 222 Table of Contents click on the topic to go Key Terms to that section Explain Characteristics of Quadratic Functions Combining

1.62k views • 122 slides
4.1 Quadratic Functions and Parabolas 1 4.1 Continued 2 Use the graph of f ( x ) to estimate

4.1 Quadratic Functions and Parabolas 1 4.1 Continued 2 Use the graph of f ( x ) to estimate

4.1 Quadratic Functions and Parabolas 1 4.1 Continued 2 Use the graph of f ( x ) to estimate the following: a. For what x values is this curve increasing? Decreasing? Write your answer using inequalities. b. Vertex c. x -intercept(s) Back

358 views • 16 slides
Quadratic differential systems possessing invariant ellipses: a complete classification in the

Quadratic differential systems possessing invariant ellipses: a complete classification in the

Quadratic differential systems possessing invariant ellipses: a complete classification in the space R 12 Nicolae Vulpe Institute of Mathematics and Computer Science (Moldova) a work in common with R. D. S. Oliveira, A. C. Rezende Instituto de

970 views • 50 slides
Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun

Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun

Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun Joint work

659 views • 54 slides
Learning a classification of Mixed-Integer Quadratic Programming problems 22 nd Combinatorial

Learning a classification of Mixed-Integer Quadratic Programming problems 22 nd Combinatorial

Learning a classification of Mixed-Integer Quadratic Programming problems 22 nd Combinatorial Optimization Workshop Aussois January 12, 2018 Pierre Bonami 1 , Andrea Lodi 2 , Giulia Zarpellon 2 1 CPLEX Optimization, IBM Spain 2 Polytechnique

207 views • 20 slides
Section 7.2 Quadratic Forms Motivation: Non-linear functions The following functions are not

Section 7.2 Quadratic Forms Motivation: Non-linear functions The following functions are not

Section 7.2 Quadratic Forms Motivation: Non-linear functions The following functions are not linear f ( x 1 , x 2 ) = x 2 1 + 2 x 2 x 3 g ( x 1 , x 2 ) = x 2 1 + x 2 2 but they have dot-product expressions: g ( x ) = x T x = x T Ix

342 views • 13 slides
Section3.2 Quadratic Equations, Functions, Zeros, and Models QuadraticEquations Definition A

Section3.2 Quadratic Equations, Functions, Zeros, and Models QuadraticEquations Definition A

Section3.2 Quadratic Equations, Functions, Zeros, and Models QuadraticEquations Definition A quadratic equation is one that can be simplified to the form ax 2 + bx + c = 0. Definition A quadratic equation is one that can be simplified to the

671 views • 43 slides
Function Transformations In this course we learn to identify a variety of functions: linear

Function Transformations In this course we learn to identify a variety of functions: linear

Function Transformations In this course we learn to identify a variety of functions: linear functions, Elementary Functions quadratic and cubic functions, general polynomial Part 1, Functions Lecture 1.3a, Transformations of Functions: Shifts

774 views • 9 slides
Necessary Conditions on Balanced Boolean Functions with Maximum Nonlinearity glu 1 and Melek D.

Necessary Conditions on Balanced Boolean Functions with Maximum Nonlinearity glu 1 and Melek D.

Necessary Conditions on Balanced Boolean Functions with Maximum Nonlinearity glu 1 and Melek D. Ycel 2 Faruk Glo 1 Dept. of Computer Technology and Information Systems, Bilkent University also Institute of Applied Mathematics, Middle East

347 views • 15 slides
Constructions of n -variable balanced Boolean functions with maximum absolute n value in

Constructions of n -variable balanced Boolean functions with maximum absolute n value in

Constructions of n -variable balanced Boolean functions with maximum absolute n value in autocorrelation spectra &lt; 2 2 Deng Tang Southwest Jiaotong University, Chengdu, China ( Joint work with Subhamoy Maitra, Selc uk Kavut, and Bimal

546 views • 35 slides
Section3.3 Analyzing Graphs of Quadratic Functions Introduction Definitions A quadratic function

Section3.3 Analyzing Graphs of Quadratic Functions Introduction Definitions A quadratic function

Section3.3 Analyzing Graphs of Quadratic Functions Introduction Definitions A quadratic function is a function with the form f ( x ) = ax 2 + bx + c , where a = 0. Definitions A quadratic function is a function with the form f ( x ) = ax 2 +

646 views • 29 slides
Gaussian Cheap Talk Game with Quadratic Cost Functions: When Herding between Strategic Senders Is

Gaussian Cheap Talk Game with Quadratic Cost Functions: When Herding between Strategic Senders Is

Gaussian Cheap Talk Game with Quadratic Cost Functions: When Herding between Strategic Senders Is a Virtue Farhad Farokhi , Andr e Teixeira , and C edric Langbort KTH Royal Institute of Technology, Sweden University of

275 views • 25 slides
Classification K-nearest neighbor classification D istance functions Choice of k Choice of k

Classification K-nearest neighbor classification D istance functions Choice of k Choice of k

Classification K-nearest neighbor classification D istance functions Choice of k Choice of k Leave-one-out cross validation K-fold cross validation Classification Error = Average classification error on K folds Linear Classification Linear

395 views • 22 slides
Math 233 - October 6, 2009 Understand the nature of critical points for quadratic functions.

Math 233 - October 6, 2009 Understand the nature of critical points for quadratic functions.

Math 233 - October 6, 2009 Understand the nature of critical points for quadratic functions. Understand the second derivative test for functions of two variables. 1. Let f ( x , y ) = 3 x 3 + y 2 9 x + 4 y . (a) Find all critical

359 views • 14 slides

More recommend