vectorial boolean functions with very low differential
play

Vectorial Boolean Functions with very Low Differential-linear - PowerPoint PPT Presentation

Dec 10, 2022 •308 likes •599 views

Vectorial Boolean Functions with very Low Differential-linear Uniformity using MaioranaMcFarland type Construction Deng Tang 1 , 2 , Bimal Mandal 3 , Subhamoy Maitra 4 1 School of Mathematics, Southwest Jiaotong University, Chengdu, China 2

  1. Vectorial Boolean Functions with very Low Differential-linear Uniformity using Maiorana–McFarland type Construction Deng Tang 1 , 2 , Bimal Mandal 3 , Subhamoy Maitra 4 1 School of Mathematics, Southwest Jiaotong University, Chengdu, China 2 State Key Laboratory of Cryptology, Beijing, 100878, China 3 CARAMBA, INRIA, Nancy–Grand Est., France 4 Indian Statistical Institute, Kolkata, India Indocrypt 2019

  2. Outlines ◮ Introduction • DLCT • Existing results ◮ New properties of the DLCT ◮ Differential-linear uniformity of known balanced ( n, m ) -function • Modified inverse functions • Modified Maiorana–McFarland bent functions ◮ Construction of a new class of balanced ( n, m ) -function ◮ Balanced (4 t, t − 1) -function with very low differential-linear uniformity ◮ Implementation ◮ Conclusions 1 / 24

  3. Introduction: DLCT and Existing results I 2 = { x = ( x 1 , x 2 , . . . , x n ) : x i ∈ F 2 , 1 ≤ i ≤ n } ∼ ◮ F n = F 2 n 2 : wt( x ) = � n ◮ Hamming weight of x ∈ F n i=1 x i ◮ Vectorial Boolean function or ( n, m ) -function: S : F n → F m 2 − 2 ◮ Boolean function in n variables: s : F n 2 − → F 2 ◮ Support of s : supp(s) = { x ∈ F n 2 : s( x ) = 1 } ◮ S ( x ) = ( s 1 ( x ) , s 2 ( x ) , . . . , s m ( x )) . • s i , 1 ≤ i ≤ m : Coordinate function of S • λ · S, λ ∈ F m ∗ 2 : Component function of S ◮ Autocorrelation of a component function λ · S of S at α ∈ F n 2 : � ( − 1) λ · ( S ( x ) ⊕ S ( x ⊕ α )) . C λ · S ( α ) = x ∈ F n 2 2 / 24

  4. Introduction: DLCT and Existing results II ◮ Walsh–Hadamard transform of an ( n, m ) -function S at ( α, λ ) : � ( − 1) λ · S ( x ) ⊕ α · x . W λ · S ( α ) = x ∈ F n 2 ◮ Nonlinearity of an ( n, m ) -function S : 2 n − 1 − 1 nl ( S ) = max | W λ · S ( α ) | . 2 ( α,λ ) ∈ F n 2 × F m ∗ 2 ◮ Differential uniformity of an ( n, m ) -function S : # { x ∈ F n δ ( S ) = max 2 : S ( x ) ⊕ S ( x ⊕ α ) = β } . α ∈ F n ∗ 2 , β ∈ F m 2 ◮ Differential distribution table (DDT) of ( n, m ) -function S : DDT S ( α, β ) = # { x ∈ F n 2 : S( x ) ⊕ S( x ⊕ α ) = β } . 3 / 24

  5. Introduction: DLCT and Existing results III ◮ Langford and Hellman at CRYPTO’94 first introduced the differential-linear cryptanalysis. ◮ Bar-On et al. at EUROCRYPT’19 proposed the differential linear connectivity table (DLCT). ◮ DLCT of an ( n, m ) -function S : DLCT S ( α, λ ) = # { x ∈ F n 2 : λ · S( x ) = λ · S( x ⊕ α ) } − 2 n − 1 . • DLCT S ( α, λ ) = 2 n − 1 , if α = 0 or λ = 0 . • DLCT S ( α, λ ) = 1 2 ( − 1) v · λ DDT S ( α, v ) . � v ∈ F m 2 ◮ Differential-linear uniformity of S : DL(S) = max | DLCT S ( α, λ ) | . ( α,λ ) ∈ F n ∗ 2 × F m ∗ 2 4 / 24

  6. Introduction: DLCT and Existing results IV ◮ Li et al. [arXiv:1907.05986, 2019] investigated the properties of DLCT and differential-linear uniformity of some class of ( n, m ) -function. ◮ Canteaut et al. [ia.cr/2019/848, 2019] derived similar results on DLCT independently. ◮ They proved that DLCT S ( α, λ ) = 1 2 C λ · S ( α ) , and so, � � 1 � � DL(S) = max � C λ · S ( α ) � . � � 2 ( α,λ ) ∈ F n ∗ 2 × F m ∗ 2 ◮ Maiorana-McFarland bent functions in 2 k variables (JCTA 1973): h ( x , y ) = φ ( x ) · y ⊕ p ( x ) 5 / 24

  7. Introduction: DLCT and Existing results V ◮ h can be written as h = h 0 || h 1 || . . . || h 2 k − 1 , where h i ( y ) = h ( x i , y ) , for all y ∈ F k 2 . ◮ In FSE’94, Dobbertin first constructed a balanced Boolean function with high nonlinearity. � φ ( x ) · y , if x � = 0 s ( x , y ) = g ( y ) , if x = 0 ◮ Tang et al. (IEEE-TIT 2018), Kavut et al. (DCC 2019) and Tang et al. (SIDMA 2019) also constructed the balanced Boolean functions. ◮ Let n = 2 k be an even integer greater than 4 .  if ( x , y ) ∈ { 0 } × F k u ( y ) , 2  if ( x , y ) ∈ F k ∗ 2 × F k ∗ f ( x , y ) = φ ( x ) · y , 2 if ( x , y ) ∈ F k ∗ v ( x ) , 2 × { 0 }  6 / 24

  8. New properties of the DLCT I ◮ E 0 a = { x ∈ F n 2 : a · x = 0 } , a ∈ F n 2 . ◮ Im ( D α S ) = { y ∈ F m 2 : y = S ( x ) ⊕ S ( x ⊕ α ) , x ∈ F n 2 } . ◮ DLCT S ( α, λ ) = # { x ∈ F n 2 : λ · S( x ) = λ · S( x ⊕ α ) } − 2 n − 1 . Proposition 1 For any ( n, m ) -function S , α ∈ F n 2 and λ ∈ F m 2 , � DDT S ( α, δ ) − 2 n − 1 . DLCT S ( α, λ ) = δ ∈ E 0 λ Corollary 1 Let S be an ( n, m ) -function. For any α ∈ F n ∗ and λ ∈ F m ∗ 2 , 2 DLCT S ( α, λ ) = 2 n − 1 if and only if Im ( D α S ) ⊂ E 0 λ . Moreover, DLCT S ( α, λ ) = − 2 n − 1 if and only if Im ( D α S ) ⊂ F m 2 \ E 0 λ . 7 / 24

  9. New properties of the DLCT II Corollary 2 Let S be an APN permutation over F n 2 . For any α, λ ∈ F n ∗ 2 , DLCT S ( α, λ ) ≤ 2 n − 1 − 2 . Moreover, DLCT S ( α, λ ) + 2 n − 1 = 0 if and only if Im ( D α S ) = F n 2 \ E 0 λ . Open problem 1 (Li et al., arXiv:1907.05986) For an odd integer n , are there ( n, n ) -function S other than the n − 1 2 ? Kasami–Welch APN functions that have DL(S) = 2 8 / 24

  10. New properties of the DLCT III Theorem 1 Let n be an odd integer. For an APN ( n, n ) -function S , n − 1 if and only if for any α, λ ∈ F n ∗ DL(S) = 2 2 2 2 n − 2 − 2 n − 1 2 − 1 ≤ # E 0 λ ∩ Im ( D α S ) ≤ 2 n − 2 + 2 n − 1 2 − 1 . 9 / 24

  11. Differential-linear uniformity of known balanced ( n, m ) -function I ◮ Qu et al. (IEEE-TIT 2013): I 1 ( x ) = x 2 n − 2 ⊕ f ( x ) , where f are well-choose Boolean functions such that f ( x 2 n − 2 ) ⊕ f ( x 2 n − 2 ⊕ 1) = 0 . ◮ Tang et al. (DCC 2015): I 2 ( x ) = ( x ⊕ g ( x )) 2 n − 2 , where g are well-choose Boolean functions such that g ( x ) ⊕ g ( x ⊕ 1) = 0 . Theorem 2 For any I 1 and I 2 , we have • DL( I 1 ) ≥ 2 n/ 2 − 2 and � 2 t � 1 − � ⌊ n/ 2 ⌋ • DL( I 2 ) ≥ 1 t =0 ( − 1) n − t n � n − t � . 2 n − t t 10 / 24

  12. Differential-linear uniformity of known balanced ( n, m ) -function II ◮ Let n = 2 k and � φ ( x ) · y , if x � = 0 s ( x , y ) = g ( y ) , if x = 0 Lemma 1 Let s be an n = 2 k -variable Boolean function defined as above, then for any ( a , b ) ∈ F k 2 × F k 2 we have 2 n  if a = b = 0  − 2 k + C g ( b ) , if a = 0 , b ∈ F k ∗ C s ( a , b ) = . 2 2( − 1) φ ( a ) · b W g ( φ ( a )) , if a ∈ F k ∗ 2 , b ∈ F k  2 11 / 24

  13. Differential-linear uniformity of known balanced ( n, m ) -function III Theorem 3 Let s be an n = 2 k -variable Boolean function defined as above and there exists b ∈ F k ∗ such that C g ( b ) = 0 . If s is a component 2 function of an ( n, m ) -function S , then we have DL(S) ≥ 2 k − 1 . 12 / 24

  14. Construction of a new class of balanced ( n, m ) -function I Construction 1 Let n = 2 k ≥ 4 be an even integer. We construct an ( n, m ) -func- tion S whose coordinate functions s i ’s (1 ≤ i ≤ m ) are defined as follows:  if ( x , y ) ∈ { 0 } × F k u i ( y ) , 2  if ( x , y ) ∈ F k ∗ 2 × F k ∗ s i ( x , y ) = φ i ( x ) · y , , 2 if ( x , y ) ∈ F k ∗ v i ( x ) , 2 × { 0 }  where x , y ∈ F k 2 , and 1. φ i ’s are mappings over F k 2 such that l 1 φ 1 ⊕ l 2 φ 2 ⊕ · · · ⊕ l m φ m is a permutation and l 1 φ 1 ( 0 ) ⊕ l 2 φ 2 ( 0 ) ⊕ · · · ⊕ l m φ m ( 0 ) = 0 , 2. u i ’s and v i ’s are Boolean functions over F k 2 such that i =1 l i v i ) = 2 k − 1 and ⊕ m wt( ⊕ m i =1 l i u i ) ⊕ wt( ⊕ m i =1 l i u i ( 0 ) = ⊕ m i =1 l i v i ( 0 ) = 0 . 13 / 24

  15. Construction of a new class of balanced ( n, m ) -function II Theorem 4 For any n = 2 k ≥ 4 , every ( n, m ) -function S generated by Construction 1 is balanced. Theorem 5 Let n = 2 k ≥ 4 and S be an ( n, m ) -function generated by Construction 1. For any l = ( l 1 , l 2 , · · · , l m ) ∈ F m ∗ 2 , we have  0 , if ( a , b ) = ( 0 , 0 )  if ( a , b ) ∈ { 0 } × F k ∗  W l · U ( b ) + W l · V ( 0 ) ,  2 W l · S ( a , b ) = , if ( a , b ) ∈ F k ∗ W l · U ( 0 ) + W l · V ( a ) , 2 × { 0 }   ( − 1) ( l · Φ) − 1 ( b ) · a 2 k + W l · U ( b ) + W l · V ( a ) , if ( a , b ) ∈ F k ∗ 2 × F k ∗  2 where U = ( u 1 , . . . , u m ) , V = ( v 1 , . . . , v m ) and Φ = ( φ 1 , . . . , φ m ) . 14 / 24

  16. Construction of a new class of balanced ( n, m ) -function III Theorem 6 Let the notation be the same as in Theorem 5. Let n = 2 k ≥ 4 and S be an ( n, m ) -function generated by Construction 1. For any l = ( l 1 , l 2 , · · · , l m ) ∈ F m ∗ 2 , we have  2 n , if ( a , b ) = ( 0 , 0 )  C l · U ( b ) + 2W (l · V) ′ ( b ) − 2 k , if ( a , b ) ∈ { 0 } × F k ∗   2 C l · S ( a , b ) = , C l · V ( a ) + 2W l · U ((l · Φ)( a )) − 2 k , if ( a , b ) ∈ F k ∗ 2 × { 0 }   2( − 1) ( l · Φ)( a ) · b W l · U � � if ( a , b ) ∈ F k ∗ 2 × F k ∗  ( l · Φ)( a ) + W ( l · V ) ′′ ( b ) + 8 t, 2 ( l · Φ) − 1 ( x ) where ( l · V ) ′ ( x ) = ( l · V ) � � , ( l · V ) ′′ ( x ) = ( l · Φ) − 1 ( x ) ⊕ a � � ( l · V ) , and t equals 1 if l · V ( a ) = l · U ( b ) = 1 and equals 0 otherwise. 15 / 24

Recommend

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo, Chu-Wee Lim and Chuan-Wen Loe Introduction Correlation Attack of Vectorial Stream Ciphers In this talk, we shall improve correlation attacks on

547 views • 41 slides
Cryptographic Sboxes Anne Canteaut Anne.Canteaut@inria.fr

Cryptographic Sboxes Anne Canteaut Anne.Canteaut@inria.fr

Cryptographic Sboxes Anne Canteaut Anne.Canteaut@inria.fr http://www-rocq.inria.fr/secret/Anne.Canteaut/ Summer School, Sardegna, October 2015 Vectorial Boolean functions A vectorial Boolean function with n inputs and m outputs is a function

820 views • 31 slides
Boolean Functions and their Applications, Selmer Center, University of Bergen, Norway; July 38,

Boolean Functions and their Applications, Selmer Center, University of Bergen, Norway; July 38,

Boolean Functions and their Applications, Selmer Center, University of Bergen, Norway; July 38, 2017 (Generalized) Boolean functions: invariance under some groups of transformations and differential properties Pantelimon (Pante) St anic

1.78k views • 37 slides
Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 , . . . , x n be boolean variables. Boolean Function of Arity n Semantics and Verification 2005 Abstract Syntax for Boolean Expressions ( x ranges

382 views • 4 slides
Boolean Functions and their Applications Loen, Norway, June 1722, 2018 Journey into

Boolean Functions and their Applications Loen, Norway, June 1722, 2018 Journey into

Boolean Functions and their Applications Loen, Norway, June 1722, 2018 Journey into differential and graph theoretical properties of (generalized) Boolean function Pante St anic a ( includes joint work with T. Martinsen, W. Meidl, A.

925 views • 20 slides
Vectorial bent functions Alexander Pott March 18, 2015 No. 1 Motivation: p = 2, n even Let f :

Vectorial bent functions Alexander Pott March 18, 2015 No. 1 Motivation: p = 2, n even Let f :

Vectorial bent functions Alexander Pott March 18, 2015 No. 1 Motivation: p = 2, n even Let f : F n 2 = F 2 n F 2 be bent! Highly nonlinear: Cryptography. Interesting constructions (spreads). Finite Fields. Covering radius of

802 views • 33 slides
Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

+ + Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean Functions Josef Pieprzyk and Xian-Mo Zhang Department of Computing Macquarie University, Australia + 1 + + Outline The M o bius

415 views • 26 slides
Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 }

Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 }

Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 } is associative if define associative Boolean functions (and classify them). Chapter 3: Trees f ( f ( 1 , 2 ) , 3 ) = f ( 1 , f ( 2 ,

61 views • 5 slides
Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1 Vladimir V. Podolskii 2 1 Aarhus University 2 Steklov Mathematical Institute MFCS 2013 1 / 27 Boolean Threshold Functions Boolean function f : { a , b } n

927 views • 44 slides
Vectorial AdS/CFT and quantum higher spins Arkady Tseytlin Partition functions and Casimir

Vectorial AdS/CFT and quantum higher spins Arkady Tseytlin Partition functions and Casimir

Vectorial AdS/CFT and quantum higher spins Arkady Tseytlin Partition functions and Casimir energies in higher spin AdS d +1 /CFT d arXiv:1402.5396 with S. Giombi and I. Klebanov Higher spins in AdS 5 at one loop: vacuum energy, boundary

937 views • 57 slides
Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US Navy Assistant Professor Naval Postgraduate School 3rd International Workshop on Boolean Functions and their Applications June 19, 2018 Loen,

789 views • 31 slides
Rank Metric Codes and related Structures Yue Zhou July 5, 2017 The 2nd International Workshop on

Rank Metric Codes and related Structures Yue Zhou July 5, 2017 The 2nd International Workshop on

Rank Metric Codes and related Structures Yue Zhou July 5, 2017 The 2nd International Workshop on Boolean Functions and their Applications (BFA) Outline Introduction Maximum rank distance codes Quadratic bent-Negabent functions Vectorial

2.09k views • 179 slides
A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of

A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of

A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of Defense Technology Deshuai Dong 2009-8-26 Outline Preliminaries on Boolean functions Algebraic attacks and Algebraic immunity The

465 views • 46 slides
Orthogonal group and Boolean functions Patrick Sol e with M. Shi, L. Sok CNRS/LAGA, University

Orthogonal group and Boolean functions Patrick Sol e with M. Shi, L. Sok CNRS/LAGA, University

Orthogonal group Self-dual codes Linear complementary dual codes Z 2 m generalized Boolean functions Orthogonal group and Boolean functions Patrick Sol e with M. Shi, L. Sok CNRS/LAGA, University of Paris 8, 93 526 Saint-Denis, France ,

693 views • 52 slides
1 Mux Representation of Boolean Functions MUX circuit to implement logic 1 0 x1 x2 x3

1 Mux Representation of Boolean Functions MUX circuit to implement logic 1 0 x1 x2 x3

ECE 474A/57A Computer-Aided Logic Design Lecture 11 Binary Decision Diagrams (BDDs) ECE 474a/575a 1 of 31 Susan Lysecky Boolean Logic Functions Representations Function can be represented in different ways Truth table, equation, K-map,

457 views • 12 slides
Functions on Finite Fields, Boolean Functions, and S-Boxes Gary McGuire Claude Shannon Institute

Functions on Finite Fields, Boolean Functions, and S-Boxes Gary McGuire Claude Shannon Institute

Functions on Finite Fields, Boolean Functions, and S-Boxes Gary McGuire Claude Shannon Institute www.shannoninstitute.ie and School of Mathematical Sciences University College Dublin Ireland 1 July, 2013 Gary McGuire Functions on Finite

566 views • 24 slides
Asymptotic probability of Boolean functions over implication ele Gardy , Univ. Versailles Dani`

Asymptotic probability of Boolean functions over implication ele Gardy , Univ. Versailles Dani`

Asymptotic probability of Boolean functions over implication ele Gardy , Univ. Versailles Dani` with e Fournier and Antoine Genitrini , Univ. Versailles Herv Bernhard Gittenberger , T.U. Wien April 2008 Outline Boolean expressions and

562 views • 37 slides
On the Multiplicative Complexity of 6-variable Boolean Functions C a gda s C alk,

On the Multiplicative Complexity of 6-variable Boolean Functions C a gda s C alk,

On the Multiplicative Complexity of 6-variable Boolean Functions C a gda s C alk, Meltem S onmez Turan , Ren e Peralta National Institute of Standards and Technology, Gaithersburg, MD, USA July 5, 2017 BFA 2017 Os, Norway What

428 views • 21 slides
On the Multiplicative Complexity of Symmetric Boolean Functions Lus Brando, ada

On the Multiplicative Complexity of Symmetric Boolean Functions Lus Brando, ada

On the Multiplicative Complexity of Symmetric Boolean Functions Lus Brando, ada alk, Meltem Snmez Turan, Ren Peralta National Institute of Standards and Technology (Gaithersburg, MD, USA) The 3 rd International Workshop on

925 views • 64 slides
Boolean Functions for stream ciphers Anne Canteaut INRIA-Rocquencourt projet CODES

Boolean Functions for stream ciphers Anne Canteaut INRIA-Rocquencourt projet CODES

Boolean Functions for stream ciphers Anne Canteaut INRIA-Rocquencourt projet CODES Anne.Canteaut@inria.fr http://www-rocq.inria.fr/codes/Anne.Canteaut/ ECRYPT summer school - May 2007 Outline Basic properties of Boolean functions for

878 views • 48 slides
Necessary Conditions on Balanced Boolean Functions with Maximum Nonlinearity glu 1 and Melek D.

Necessary Conditions on Balanced Boolean Functions with Maximum Nonlinearity glu 1 and Melek D.

Necessary Conditions on Balanced Boolean Functions with Maximum Nonlinearity glu 1 and Melek D. Ycel 2 Faruk Glo 1 Dept. of Computer Technology and Information Systems, Bilkent University also Institute of Applied Mathematics, Middle East

347 views • 15 slides
Constructions of n -variable balanced Boolean functions with maximum absolute n value in

Constructions of n -variable balanced Boolean functions with maximum absolute n value in

Constructions of n -variable balanced Boolean functions with maximum absolute n value in autocorrelation spectra < 2 2 Deng Tang Southwest Jiaotong University, Chengdu, China ( Joint work with Subhamoy Maitra, Selc uk Kavut, and Bimal

546 views • 35 slides
Figure 1: List of all Boolean clones with bases ( h n = i =1 x 1 x i 1 x i +1

Figure 1: List of all Boolean clones with bases ( h n = i =1 x 1 x i 1 x i +1

Class Definition Base(s) BF all Boolean functions { and , not } R 0 { f BF | f is 0-reproducing } { and , xor } R 1 { f BF | f is 1-reproducing } { or , x y 1 } R 2 R 1 R 0 { or , x ( y z 1) } M { f BF | f is

351 views • 5 slides
Vectorial Quasi-flat Zones for Color Image Simplification Erhan Aptoula, Jonathan Weber,

Vectorial Quasi-flat Zones for Color Image Simplification Erhan Aptoula, Jonathan Weber,

Context State-of-the-art Vectorial QFZ Experiments Conclusion Vectorial Quasi-flat Zones for Color Image Simplification Erhan Aptoula, Jonathan Weber, Sbastien Lefvre ISMM 2013 11th International Symposium on Mathematical Morphology

834 views • 59 slides

More recommend