constructions of n variable balanced boolean functions
play

Constructions of n -variable balanced Boolean functions with maximum - PowerPoint PPT Presentation

Constructions of n -variable balanced Boolean functions with maximum absolute n value in autocorrelation spectra < 2 2 Deng Tang Southwest Jiaotong University, Chengdu, China ( Joint work with Subhamoy Maitra, Selc uk Kavut, and Bimal


  1. Constructions of n -variable balanced Boolean functions with maximum absolute n value in autocorrelation spectra < 2 2 Deng Tang Southwest Jiaotong University, Chengdu, China ( Joint work with Subhamoy Maitra, Selc ¸uk Kavut, and Bimal Mandal ) June 19, 2018, Norway 1 / 35

  2. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Outline Preliminaries 1 Balanced functions with low absolute indicator derived 2 from PS ap bent functions Balanced functions with low absolute indicator derived 3 from M-M bent functions 2 / 35

  3. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Outline Preliminaries 1 Balanced functions with low absolute indicator derived 2 from PS ap bent functions Balanced functions with low absolute indicator derived 3 from M-M bent functions 3 / 35

  4. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Notations Let F n 2 be the n -dimensional vector space over F 2 = { 0 , 1 } . Let F 2 n be the finite field of order 2 n . The support supp ( a ) of a vector a = ( a 1 , · · · , a n ) ∈ F n 2 is defined as the set { 1 ≤ i ≤ n | a i � = 0 } . The Hamming weight of a ∈ F n 2 is wt ( a ) = | supp ( a ) | . The Hamming distance between two vectors a , b ∈ F n 2 is defined as d H ( a , b ) = |{ 1 ≤ i ≤ n | a i � = b i }| . 4 / 35

  5. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Boolean function over F n 2 Definition Any mapping from F n 2 into F 2 is call a Boolean function in n variables. B n denotes the set of all the n -variable Boolean functions. |B n | = 2 2 n (2 2 7 ≈ 10 38 ; constructions are necessary!) Any f ∈ B n can be represented by its truth table � � f = f ( 0 , . . . , 0 , 0 ) , f ( 0 , . . . , 0 , 1 ) , . . . , f ( 1 , . . . , 1 , 1 ) . f ∈ B n is said to be balanced if wt ( f ) = 2 n − 1 . 5 / 35

  6. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Boolean function over F n 2 (continued) Definition Any f ∈ B n can be represented by its algebraic normal form � a u x u , f ( x 1 , · · · , x n ) = u ∈ F n 2 u j where a u ∈ F 2 and the term x u = � n j = 1 x is called a monomial. j The algebraic degree deg ( f ) is the maximal value of w H ( u ) such that a u � = 0, and f is called an affine function if deg ( f ) ≤ 1. For any balanced function f ∈ B n , we have deg ( f ) ≤ n − 1. 6 / 35

  7. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Boolean function over F 2 n Definition Any Boolean function in n variables can be defined over F 2 n and uniquely expressed by an univariate polynomial over F 2 n [ x ] / ( x 2 n − x ) 2 n − 1 � f i x i , f ( x ) = i = 0 where f 2 ( x ) ≡ f ( x ) ( mod x 2 n − x ) . The algebraic degree under univariate polynomial representation is equal to max { w H ( i ) | f i � = 0 , 0 ≤ i < 2 n } , where i is the binary expansion of i . 7 / 35

  8. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Boolean function over F 2 2 k Definition Any Boolean function of 2 k variables can be viewed over F 2 2 k and uniquely expressed by a bivariate polynomial 2 k − 1 � f i , j x i y j , f ( x , y ) = i , j = 0 where f is such that f ( x , y ) 2 ≡ f ( x , y ) ( mod x 2 k − x , y 2 k − y ) . The algebraic degree in this case is equal to max { w H ( i ) + w H ( j ) | f i , j � = 0 } . 8 / 35

  9. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Nonlinearity Definition The r th-order nonlinearity of f ∈ B n is defined as its minimum Hamming distance from f to all the n -variable Boolean functions of degree at most r nl r ( f ) = g ∈B n , deg ( g ) ≤ r d H ( f , g ) . min ◮ The first-order nonlinearity of f is simply called the nonlinearity of f and is denoted by nl ( f ) . ◮ The nonlinearity nl ( f ) is the minimum Hamming distance between f and all the affine functions. ◮ The sequence [ nl ( f ) , nl 2 ( f ) , nl 3 ( f ) , . . . , nl n − 1 ( f )] is called the nonlinearity profile of f . 9 / 35

  10. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Walsh transform Definition The Walsh transform of an n -variable Boolean function f at point a ∈ F n 2 is defined as � ( − 1 ) f ( x )+ a · x . W f ( a ) = x ∈ F n 2 • Over F 2 n , the Walsh transform of the Boolean function f at α ∈ F 2 n can be defined by ( − 1 ) f ( x )+ Tr n � 1 ( α x ) , W f ( α ) = x ∈ F 2 n i = 0 x 2 i is the trace function from F 2 n to F 2 . 1 ( x ) = � n − 1 where Tr n • Over F 2 2 k , the Walsh transform at ( α, β ) ∈ F 2 k × F 2 k can be defined by ( − 1 ) f ( x , y )+ Tr k � 1 ( α x + β y ) . W f ( α, β ) = ( x , y ) ∈ F 2 k × F 2 k 10 / 35

  11. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Compute the nonlinearity The nonlinearity of a Boolean function f ∈ B n can be computed as 2 n − 1 − 1 nl ( f ) = 2 max | W f ( a ) | a ∈ F n 2 2 n − 1 − 1 = 2 max ω ∈ F 2 n | W f ( ω ) | 2 n − 1 − 1 = max | W f ( α, β ) | if n is even . 2 ( α,β ) ∈ F 2 n / 2 × F 2 n / 2 11 / 35

  12. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Parseval’s equality Parseval’s equality For any Boolean function f on F n 2 , � W 2 f ( u ) = 2 2 n . u ∈ F n 2 n 2 and so We can deduce that max u ∈ F n 2 | W f ( u ) | ≥ 2 nl ( f ) ≤ 2 n − 1 − 2 n 2 − 1 . If W f ( u ) ∈ { 2 n / 2 , − 2 n / 2 } for all u ∈ F n 2 , then f is called bent. For odd n , if W f ( u ) ∈ { 0 , ± 2 ( n + 1 ) / 2 } for all u ∈ F n 2 , then f is a semi-bent function. 12 / 35

  13. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Autocorrelation properties Definition The derivative function of any f ∈ B n at a point α ∈ F n 2 is defined by D α f = f ( x ) + f ( x + α ) . And its autocorrelation function at a point β ∈ F n 2 is defined by � ( − 1 ) f ( x )+ f ( x + β ) . C f ( β ) = x ∈ F n 2 SAC [Webster-Tavares, CRYPTO 1985] A Boolean function f ∈ B n is said to satisfy strict avalanche criterion (SAC) if C f ( α ) = 0 for all w H ( α ) = 1 . 13 / 35

  14. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Autocorrelation properties (continued) GAC [Zhang-Zheng, J.UCS 1996] The global avalanche characteristics (GAC) includes two indicators: the absolute indicator and the sum-of-squares indicator. For any f ∈ B n , the absolute indicator is defined as follows ∆ f = max a � = 0 | C f ( a ) | and the sum-of-squares indicator is defined as follows � C 2 σ f = f ( a ) . a ∈ F n 2 Bent functions have the best absolute indicator 0. 14 / 35

  15. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Open problems on nonlinearity profile The nonlinearity profile of Boolean functions relates to the confusion in cryptography, the covering radius of RM ( r , n ) and Kerdock codes in coding theory, and Gowers norm. ◮ The maximal higher-order nonlinearities are open for large variables. ◮ When n ≥ 8 is even, bent functions have the largest nonlinearity and the maximal nonlinearity for balanced functions is open. ◮ When n ≥ 9 is odd, the maximal nonlinearity is open. 15 / 35

  16. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Zhang-Zheng Conjecture on ∆ f Zhang-Zheng Conjecture [J.UCS 1996] The absolute indicator of any balanced Boolean function f of algebraic degree no less than 3 is lower-bounded by 2 ⌊ n + 1 2 ⌋ . 16 / 35

  17. Preliminaries Balanced functions with low absolute indicator derived from PS ap bent functions Balanced functions with lo Some counterexamples on Zhang-Zheng Conjecture ◮ In [Maitra-Sarkar, IEEE TIT 2002], they computed that the Patterson-Wiedemann has ∆ f = 160 < 2 ( 15 + 1 ) / 2 and obtained a balanced function with ∆ f = 216 < 2 ( 15 + 1 ) / 2 . ◮ In [Burnett et. al., AJC 2006], three 14-variable balanced functions with ∆ f = 104 < 2 14 / 2 or ∆ f = 112 < 2 14 / 2 have been found. ◮ In [ Gangopadhyay-Keskar-Maitra, DM 2006], a 21-variable function with ∆ f < 2 11 has been found (corrected in [Kavut, 2016 DAM]). ◮ In [Maitra-Sarkar, IEEE TIT 2007], a 9-variable function with ∆ f = 24, a 10-variable function with ∆ f = 24, and two 11-variable functions with ∆ f = 56 < 2 ( 11 + 1 ) / 2 have been found. ◮ In [Kavut, 2016 DAM], twenty 21-variable functions with ∆ f < 2 11 has been found. 17 / 35

Recommend


More recommend