on the fast algebraic immunity of majority functions
play

On the Fast Algebraic Immunity of Majority Functions Pierrick M AUX - PowerPoint PPT Presentation

Oct 06, 2022 •215 likes •670 views

On the Fast Algebraic Immunity of Majority Functions Pierrick M AUX ICTEAM/ELEN/Crypto Group, Universit catholique de Louvain, Belgium Latincrypt 2019 Santiago de Chile Wednesday October 2 1 / 15 Table of Contents Introduction Results

  1. On the Fast Algebraic Immunity of Majority Functions Pierrick M ÉAUX ICTEAM/ELEN/Crypto Group, Université catholique de Louvain, Belgium Latincrypt 2019— Santiago de Chile Wednesday October 2 1 / 15

  2. Table of Contents Introduction Results from Threshold Functions FAI of Majority Functions Conclusion 2 / 15

  3. Summary Introduction Results from Threshold Functions FAI of Majority Functions Conclusion 3 / 15

  4. Motivation: Why FAI and Majority Functions? A conceptually simple design: x 1 x 2 x 3 x N · · · P i , S i F F ( P i ( S i ( x ))) 4 / 15

  5. Motivation: Why FAI and Majority Functions? A conceptually simple design: x 1 x 2 x 3 x N · · · P i , S i F F ( P i ( S i ( x ))) ◮ Goldreich’s PRG [Gol01]: Pseudorandom generators with polynomial stretch and small locality. Local functions. ◮ FLIP cipher [MJSC16]: stream cipher adapted to frameworks using fully homomorphic encryption. 4 / 15

  6. Motivation: Why FAI and Majority Functions? A conceptually simple design: x 1 x 2 x 3 x N · · · P i , S i F F ( P i ( S i ( x ))) ◮ Goldreich’s PRG [Gol01]: Pseudorandom generators with polynomial stretch and small locality. Local functions. ◮ FLIP cipher [MJSC16]: stream cipher adapted to frameworks using fully homomorphic encryption. Fast Algebraic Immunity? Majority functions? 4 / 15

  7. Motivation: Why FAI and Majority Functions? A conceptually simple design: x 1 x 2 x 3 x N · · · P i , S i F F ( P i ( S i ( x ))) ◮ Goldreich’s PRG [Gol01]: Pseudorandom generators with polynomial stretch and small locality. Local functions. ◮ FLIP cipher [MJSC16]: stream cipher adapted to frameworks using fully homomorphic encryption. Fast Algebraic Immunity? Cryptographic criterion on Boolean functions. → bound on complexity best knowns attacks. Majority functions? Easy to compute, good algebraic properties. → XOR-MAJ predicates of [AL18], filtering function in FiLIP [MCJS19]. 4 / 15

  8. Algebraic System and Attacks b 1 = F ( P 1 ( S 1 ( x )))    b 2 = F ( P 2 ( S 2 ( x )))    b 3 = F ( P 3 ( S 3 ( x )))  .  .   .  Resolution: ◮ SAT solvers , Grobner bases approaches. ◮ Linearization techniques. Example: all equations have the degree of F . 5 / 15

  9. Algebraic System and Attacks b 1 = F ( P 1 ( S 1 ( x )))    b 2 = F ( P 2 ( S 2 ( x )))    b 3 = F ( P 3 ( S 3 ( x )))  .  .   .  Resolution: ◮ SAT solvers , Grobner bases approaches. ◮ Linearization techniques. Example: all equations have the degree of F . Algebraic Attacks [CM03] Let F be the filtering function 1. find g a low algebraic degree function s.t. g and gF has low degree, 2. create T equations with monomials of degree ≤ deg ( g ), 3. linearize the system of T equations in D = � deg ( g ) � N variables, � i =0 i 4. solve the system in O ( D ω ). 5 / 15

  10. Algebraic System and Attacks Algebraic Attacks [CM03] Let F be the filtering function 1. find g a low algebraic degree function s.t. g and gF has low degree, 2. create T equations with monomials of degree ≤ deg ( g ), 3. linearize the system of T equations in D = � deg ( g ) � N variables, � i =0 i 4. solve the system in O ( D ω ). Algebraic Immunity Let F : F N 2 → F 2 , we define: AI( F ) = min { max(deg( g ) , deg( gF ) , g � = 0) } = min { deg( g ) , g � = 0 | gF = 0 or g ( F + 1) = 0 } 5 / 15

  11. Algebraic System and Attacks Algebraic Attacks [CM03] Let F be the filtering function 1. find g a low algebraic degree function s.t. g and gF has low degree, 2. create T equations with monomials of degree ≤ deg ( g ), 3. linearize the system of T equations in D = � deg ( g ) � N variables, � i =0 i 4. solve the system in O ( D ω ). Fast Algebraic Attacks [Cou03] Let F be the filtering function: 1. find g and h of low degree such that gF = h , deg( g ) ≤ AI( F ) < deg( h ). 2. search linear relations in the system to cancel the monomials of degree more that deg( g ), 3. linearize and solve the system of degree deg( g ) ≤ AI( F ). 5 / 15

  12. Algebraic System and Attacks Fast Algebraic Attacks [Cou03] Let F be the filtering function: 1. find g and h of low degree such that gF = h , deg( g ) ≤ AI( F ) < deg( h ). 2. search linear relations in the system to cancel the monomials of degree more that deg( g ), 3. linearize and solve the system of degree deg( g ) ≤ AI( F ). Fast Algebraic Immunity Let F : F N 2 → F 2 , we define: � � FAI( F ) = min 2AI( F ) , 1 ≤ deg( g ) < AI( F ) [deg( g ) + deg( Fg )] min . 5 / 15

  13. Majority Functions Majority function � 0 if w H ( x ) ≤ n 2 , x = ( x 1 , · · · , x n ) ∈ F n MAJ n ( x ) = 2 , 1 otherwise. 6 / 15

  14. Majority Functions Majority function � 0 if w H ( x ) ≤ n 2 , x = ( x 1 , · · · , x n ) ∈ F n MAJ n ( x ) = 2 , 1 otherwise. ◮ Symmetric function, easy to compute. → homomorphic evaluation with multiplexers, quasi additive noise [MCJS19]. ◮ Optimal algebraic immunity [BP05,DMS06], AI(MAJ n ) = ⌊ ( n + 1) / 2 ⌋ . → direct sum F = g + MAJ n provides AI( F ) ≥ AI(MAJ n ) and FAI( F ) ≥ FAI(MAJ n ). 6 / 15

  15. Majority Functions Majority function � 0 if w H ( x ) ≤ n 2 , x = ( x 1 , · · · , x n ) ∈ F n MAJ n ( x ) = 2 , 1 otherwise. ◮ Symmetric function, easy to compute. → homomorphic evaluation with multiplexers, quasi additive noise [MCJS19]. ◮ Optimal algebraic immunity [BP05,DMS06], AI(MAJ n ) = ⌊ ( n + 1) / 2 ⌋ . → direct sum F = g + MAJ n provides AI( F ) ≥ AI(MAJ n ) and FAI( F ) ≥ FAI(MAJ n ). Algebraic properties of MAJ n : ◮ deg, known for all n . ◮ AI, known for all n . ◮ FAI, only bounds. 6 / 15

  16. Related Works and Main Result Notation: n = 2 m + 2 k + ε, m ∈ N ∗ , k ∈ N , k < 2 m − 1 , ε ∈ { 0 , 1 } . 7 / 15

  17. Related Works and Main Result Notation: n = 2 m + 2 k + ε, m ∈ N ∗ , k ∈ N , k < 2 m − 1 , ε ∈ { 0 , 1 } . ◮ [ACGKMR06] Theorem 2, for n ≥ 2: FAI(MAJ n ) ≤ 2 m − 1 + 2 k + 2 . ◮ [TLD16], exact FAI when n = 2 m and n = 2 m + 1. ◮ [CGZ19], exact FAI when n = 2 m + 2 and n = 2 m + 3, since m ≥ 2. 7 / 15

  18. Related Works and Main Result Notation: n = 2 m + 2 k + ε, m ∈ N ∗ , k ∈ N , k < 2 m − 1 , ε ∈ { 0 , 1 } . ◮ [ACGKMR06] Theorem 2, for n ≥ 2: FAI(MAJ n ) ≤ 2 m − 1 + 2 k + 2 . ◮ [TLD16], exact FAI when n = 2 m and n = 2 m + 1. ◮ [CGZ19], exact FAI when n = 2 m + 2 and n = 2 m + 3, since m ≥ 2. This work: Let m ≥ 2, 0 ≤ k < 2 m − 2 , ε ∈ { 0 , 1 } , FAI(MAJ n ) = 2 m − 1 + 2 k + 2 . 7 / 15

  19. Summary Introduction Results from Threshold Functions FAI of Majority Functions Conclusion 8 / 15

  20. Bounding the FAI Threshold Function 0 if w H ( x ) < d , � x = ( x 1 , · · · , x n ) ∈ F n 2 , d ∈ { 0 , · · · , n } , T d ( x ) = 1 otherwise. n even: MAJ n = T n 2 +1 , for n odd MAJ n = T n +1 2 . 9 / 15

  21. Bounding the FAI Threshold Function 0 if w H ( x ) < d , � x = ( x 1 , · · · , x n ) ∈ F n 2 , d ∈ { 0 , · · · , n } , T d ( x ) = 1 otherwise. n even: MAJ n = T n 2 +1 , for n odd MAJ n = T n +1 2 . Threshold and Annihilators Annihilators: AN( f ) = min g � =0 [deg( g ) | fg = 0]. AN(T d ) = n − d + 1 , and AN(1 + T d ) = d . Multiplicative property: 0 < deg( g ) < AN( f ) ⇒ deg( fg ) ≥ AN( f + 1). 9 / 15

  22. Bounding the FAI Threshold and Annihilators Annihilators: AN( f ) = min g � =0 [deg( g ) | fg = 0]. AN(T d ) = n − d + 1 , and AN(1 + T d ) = d . Multiplicative property: 0 < deg( g ) < AN( f ) ⇒ deg( fg ) ≥ AN( f + 1). Lower Bound Let n = 2 m + 2 k + ε , m ≥ 1, 0 ≤ k < 2 m − 1 , and ε ∈ { 0 , 1 } , then: FAI(MAJ n ) ≥ 2 m − 1 + k + 2 . 9 / 15

  23. Bounding the FAI Threshold and Annihilators Annihilators: AN( f ) = min g � =0 [deg( g ) | fg = 0]. AN(T d ) = n − d + 1 , and AN(1 + T d ) = d . Multiplicative property: 0 < deg( g ) < AN( f ) ⇒ deg( fg ) ≥ AN( f + 1). Lower Bound Let n = 2 m + 2 k + ε , m ≥ 1, 0 ≤ k < 2 m − 1 , and ε ∈ { 0 , 1 } , then: FAI(MAJ n ) ≥ 2 m − 1 + k + 2 . 2 m − 1 + k + 2 ≤ FAI(MAJ n ) ≤ 2 m − 1 + 2 k + 2 . Corollary: for n = 2 m + ε, FAI(MAJ n ) = 2 m − 1 + 2. 9 / 15

  24. Algebraic Normal Form of Threshold Functions Algebraic Normal Form n -variable polynomial representation over F 2 i.e. belonging to F 2 [ x 1 , . . . , x n ] / ( x 2 1 + x 1 , . . . , x 2 n + x n ): �� � F ( x ) = � = � a I x I , where a I ∈ F 2 . a I x i I ⊆ [ n ] I ⊆ [ n ] i ∈ I Simplified Algebraic Normal Form for T d : · · · λ 0 λ 1 λ 2 λ n F symmetric: all, or none, monomials of the same degree in the ANF. 10 / 15

  25. Algebraic Normal Form of Threshold Functions Algebraic Normal Form n -variable polynomial representation over F 2 i.e. belonging to F 2 [ x 1 , . . . , x n ] / ( x 2 1 + x 1 , . . . , x 2 n + x n ): �� � F ( x ) = � = � a I x I , where a I ∈ F 2 . a I x i I ⊆ [ n ] I ⊆ [ n ] i ∈ I Simplified Algebraic Normal Form for T d : · · · · · · · · · λ 0 λ 1 λ d λ D 1 2 D · · · d D ℓ D Periodicity, D = 2 ⌈ log d ⌉ 10 / 15

Recommend

A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of

A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of

A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of Defense Technology Deshuai Dong 2009-8-26 Outline Preliminaries on Boolean functions Algebraic attacks and Algebraic immunity The

465 views • 46 slides
Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer

Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer

Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer and W. Meier AI of Sbox and AF 1 / 23 Outline 1 Algebraic Properties of S-boxes 2 Augmented Functions 3 Application 1: Filter Generators 4

2.24k views • 24 slides
Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA,

Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA,

Computing the algebraic immunity efficiently Fr ed eric Didier, Jean-Pierre Tillich INRIA, projet CODES Outline 1 Introduction 2 A first algorithm 3 A more efficient version 4 Benchmarks Part 1 Introduction Boolean functions and

579 views • 24 slides
Parliamentary immunity in Poland Contents Introduction immunity in the context of

Parliamentary immunity in Poland Contents Introduction immunity in the context of

Parliamentary immunity in Poland Contents Introduction immunity in the context of constitutional principles Material immunity (irresponsibility) Types of inviolability privileges Immunity procedures Parliamentary practice

733 views • 10 slides
Noncommutative functions: Algebraic and analytic results Dmitry Kaliuzhnyi-Verbovetskyi 1

Noncommutative functions: Algebraic and analytic results Dmitry Kaliuzhnyi-Verbovetskyi 1

The definition and examples of nc functions NC difference-differential calculus Algebraic and analytic results Noncommutative functions: Algebraic and analytic results Dmitry Kaliuzhnyi-Verbovetskyi 1 Department of Mathematics Drexel

463 views • 23 slides
Algebraic attacks and decomposition of Boolean functions Willi Meier 1 and Enes Pasalic 2 and

Algebraic attacks and decomposition of Boolean functions Willi Meier 1 and Enes Pasalic 2 and

Algebraic attacks and decomposition of Boolean functions Willi Meier 1 and Enes Pasalic 2 and Claude Carlet 2 1 FH Aargau, Switzerland 2 INRIA, Rocquencourt, France Overview Algebraic attacks in general ... and on LFSR-based stream

316 views • 27 slides
A Formulation of Fast Carry Chains Suitable for Efficient Implementation with Majority Elements

A Formulation of Fast Carry Chains Suitable for Efficient Implementation with Majority Elements

A Formulation of Fast Carry Chains Suitable for Efficient Implementation with Majority Elements Behrooz Parhami (2nd author) Dept. Electrical &amp; Computer Eng. Univ. of California, Santa Barbara Dariush Abedi Ghassem Jaberipur Shahid

361 views • 25 slides
An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel

An Algebraic Framework for Pseudorandom Functions and Applications to Related-Key Security Michel Abdalla, Fabrice Benhamouda, Alain Passelgue Pseudorandom functions [GGM86] - efficiently computable function : -

1.01k views • 56 slides
Asymptotics of the Coefficients of Bivariate Analytic Functions with Algebraic Singularities

Asymptotics of the Coefficients of Bivariate Analytic Functions with Algebraic Singularities

Asymptotics of the Coefficients of Bivariate Analytic Functions with Algebraic Singularities Torin Greenwood June 9, 2015 AofA15 1 / 33 Overview Goal: Starting with the closed form for a generating function F ( z ), approximate [ z r ]

1.12k views • 78 slides
Physician Peer Review: Ensuring Immunity, Confidentiality and Compliance Preserving Immunity or

Physician Peer Review: Ensuring Immunity, Confidentiality and Compliance Preserving Immunity or

Presenting a live 90-minute webinar with interactive Q&amp;A Physician Peer Review: Ensuring Immunity, Confidentiality and Compliance Preserving Immunity or Leveraging Exceptions, Shielding Documentation, Complying With Statutory and JHACO

1.14k views • 50 slides
Fast computation of the N th term of an algebraic series in positive characteristic Philippe

Fast computation of the N th term of an algebraic series in positive characteristic Philippe

Fast computation of the N th term of an algebraic series in positive characteristic Philippe Dumas JNCF 2015, Cluny Joint work with Alin Bostan and Gilles Christol Introduction Special case of rational series Algorithms with low complexity

890 views • 65 slides
Information Operations Immunity Style www.immunityinc.com Agenda Scenario Problems of

Information Operations Immunity Style www.immunityinc.com Agenda Scenario Problems of

Information Operations Immunity Style www.immunityinc.com Agenda Scenario Problems of scale when hacking Client-sides Immunity's PINK Framework Trojaning hard targets Immunity Debugger Parasitic Infection Scenario

1.71k views • 36 slides
1 Herd Immunity Herd Immunity Herd immunity protects not only yourself, but those who are

1 Herd Immunity Herd Immunity Herd immunity protects not only yourself, but those who are

Background Influenza Vaccination Influenza is also known as the flu Contagious respiratory illness which can cause severe illness can result in hospitalization or death Spreads by droplets (e.g. infected person coughs, sneezes,

430 views • 4 slides
Obvious and hidden tree structures in 2d-triangulations from algebraic generating functions to

Obvious and hidden tree structures in 2d-triangulations from algebraic generating functions to

Obvious and hidden tree structures in 2d-triangulations from algebraic generating functions to random surfaces CNRS &amp; Gilles Schaeffer Ecole Polytechnique Supported by ERC RStG 208471 ExploreMaps Quantum gravity in Orsay, march

1.61k views • 138 slides
About Q algebraic types and type MidiMsg = const note_on K N V, ; functions defined by

About Q algebraic types and type MidiMsg = const note_on K N V, ; functions defined by

Q, Faust et al About Q algebraic types and type MidiMsg = const note_on K N V, ; functions defined by transpose M (note_on K N V) equations = note_on K (N+M) V; currying and octave_up = map (transpose 12); higher-order functions

1.17k views • 11 slides
Information Operations Immunity Style www.immunityinc.com Agenda A Real Life Scenario

Information Operations Immunity Style www.immunityinc.com Agenda A Real Life Scenario

Information Operations Immunity Style www.immunityinc.com Agenda A Real Life Scenario Problems of scale when hacking Client-sides Immunity's PINK Framework Trojaning hard targets Immunity Debugger Parasitic Infection Real

750 views • 45 slides
Switched Differential Algebraic Equations: Solution Theory, Lyapunov Functions, and Stability

Switched Differential Algebraic Equations: Solution Theory, Lyapunov Functions, and Stability

Switched Differential Algebraic Equations: Solution Theory, Lyapunov Functions, and Stability Stephan Trenn (joint work with Daniel Liberzon) Institute for Mathematics, University of W urzburg, Germany Workshop on Hybrid Dynamic Systems,

202 views • 19 slides
Fast reduction in the algebraic de Rham cohomology of projective hypersurfaces Sebastian Pancratz

Fast reduction in the algebraic de Rham cohomology of projective hypersurfaces Sebastian Pancratz

Fast reduction in the algebraic de Rham cohomology of projective hypersurfaces Sebastian Pancratz University of Oxford Effective methods in p -adic cohomology, 19 March 2010 Outline Introduction Reduction of poles Co-ordinates in the

226 views • 22 slides
Algebraic Fourier bases and probability Alexei Borodin Rational Schur symmetric functions Two

Algebraic Fourier bases and probability Alexei Borodin Rational Schur symmetric functions Two

Algebraic Fourier bases and probability Alexei Borodin Rational Schur symmetric functions Two orthogonality relations : The Schur functions are characters of the (complex) irreducible representations of (or ). Rational Schur

588 views • 24 slides
Telescopers for Rational and Algebraic Functions via Residues Shaoshi Chen Department of

Telescopers for Rational and Algebraic Functions via Residues Shaoshi Chen Department of

1 / 22 Telescopers for Rational and Algebraic Functions via Residues Shaoshi Chen Department of Mathematics North Carolina State University, Raleigh July 19, 2012 Joint with Manuel Kauers and Michael F. Singer Shaoshi Chen Telescopers and

516 views • 22 slides
Evolving Algebraic Constructions for Designing Bent Boolean Functions Stjepan Picek and Domagoj

Evolving Algebraic Constructions for Designing Bent Boolean Functions Stjepan Picek and Domagoj

Introduction Our Approach Results Conclusion Evolving Algebraic Constructions for Designing Bent Boolean Functions Stjepan Picek and Domagoj Jakobovic KU Leuven, ESAT/COSIC and iMinds, Belgium Faculty of Electrical Engineering and Computing,

313 views • 16 slides
P-recursive moment sequences of piecewise D-finite functions and Prony-type algebraic systems

P-recursive moment sequences of piecewise D-finite functions and Prony-type algebraic systems

P-recursive moment sequences of piecewise D-finite functions and Prony-type algebraic systems Dmitry Batenkov Gal Binyamini Yosef Yomdin Weizmann Institute of Science, Israel 18th International Conference on Difference Equations and

867 views • 63 slides
Majority)Gate)with)Temporary) Signals The$following$version$of$the$majority$gate$uses$some$

Majority)Gate)with)Temporary) Signals The$following$version$of$the$majority$gate$uses$some$

Majority)Gate)with)Temporary) Signals The$following$version$of$the$majority$gate$uses$some$ temporary$wires // Majority Logic Circuit module maj_circ(Y, A, B, C); input A, B, C; output Y; wire x1, x2, x3; //Optional assign x1 =

362 views • 24 slides
Fast nGram-Based String Search Over Data Encoded Using Algebraic Signatures W. Litwin

Fast nGram-Based String Search Over Data Encoded Using Algebraic Signatures W. Litwin

Fast nGram-Based String Search Over Data Encoded Using Algebraic Signatures W. Litwin (Dauphine), R. Mokadem (Dauphine), Ph. Rigaux (Dauphine) T. Schwarz (U. Santa Clara) Plan Problem Statement Our Proposal Key Idea

786 views • 44 slides

More recommend