Some results concerning global avalanche characteristics of two q-ary functions

Transcription

1 Some results concerning global avalanche characteristics of two -ary functions Brajesh Kumar Singh Department of Mathematics, School of Allied Sciences, Graphic Era Hill University, Dehradun-4800 (Uttarakhand) INDIA Abstract. The global avalanche characteristics criteria was first introduced by Zhou et al. (Inform. Sci. 180() (010) 56-65). This article is concerned with some new bounds on global avalanche characteristics of two -ary functions. Based on the above result we obtain a bound on σ f of f B n, in terms of σ f l s of the restricted functions on Z n 1, and construct a class of -ary bent functions from 1-plateaued functions having dijoint Walsh spectra. Keywords: -ary functions; Walsh-Hadamard spectrum (WHT); autocorrelation; -ary bent functions; GAC 1 Introduction Boolean have wide applications in several areas including coding theory, communication systems and cryptography, particularly in stream ciphers and block ciphers. The design of conventional cryptographic systems relies on two fundamental principles: confusion and diffusion, introduced by Shannon [1]. The strict avalanche criteria (SAC) [1, 1] and propagation characteristics (PC) [7] have been studied to measure the local properties of Boolean functions. These properties are closely related to diffusion. In order to study the global properties of a Boolean function, an another criterion: global avalanche characteristics (GAC) has been introduced by Zhang and Zheng [16]. Further, the lower/upper bounds on the two indicators: the sum-of-suares indicator σ f ( n σ f 3n ) and the absolute indicator f (0 f n ) also derived in the same article [16]. The lower bounds on these two indicators for balanced Boolean functions are studied in [14] by Son et al. In order to measure the global avalanche characteristics between any two Boolean functions, a new criterion: the global avalanche characteristics of two Boolean functions (including the sum-of-suares indicator σ f,g and the absolute indicator f,g ) has been proposed by Zhou et al. [18]. The tight lower and the tight upper bounds on the two indicators: 0 f,g n, ( C f,g (0) σ f,g 3n ) also derived in the same article. A subclass of -ary bent functions with optimal values of σ f,g and f,g is identified in Maiorana-McFarland class by Singh et al. [13, Thm. 4.4]. It is also demonstrated in the same article that σ f,g = n if f is -ary bent, the general bounds for SSMI and MI are presented. The SSMI of a -ary s-plateaued function f B n, is n+s [?]. Even the study on the relationship among σ g, σ f and σ f,g relationships of the sum-of-suares indicator between a -ary function and the decomposition -ary functions, etc is still open problem. Thus, based on the above discussion, the following uestions raised: a) What relationship exists among σ f, σ g and σ f,g for any two -ary functions f, g? b) What is a bound on σ f, and what is the link between σ f and σ fl (l Z ), where f = f 0 f 1... f 1? c) What is a construction method of balanced -ary functions with good cryptographic properties? This article present some new bounds on the two indicators: σ f,g and f,g. The relationship among σ f,g, σ f and σ g is also presented.based on the above result we obtain a bound on σ f of f B n, in terms of σ f l s of the restricted functions on Z n 1, and construct a class of -ary bent functions from 1-plateaued functions having dijoint Walsh spectra.

2 Basic definitions and notations Let Z denote the ring of integers modulo. A -ary function is a function from Z n to Z and B n, denotes the set of all such functions. Particularly, B n, = B n (for = ) denotes the set of classical Boolean functions on n variables. The Walsh Hadamard transform (WHT) of f B n, is a complex-valued function H f : Z n C defined as H f (u) = 1 ξ f(x)+ x,u, (.1) n/ x Z n where x, u denotes the usual inner product in Z n. It can be deduced that max{ H f (u) : u Z n } 1 for all f B n,. The set of values {H f (u) : u Z n } is referred to as the Walsh Hadamard spectrum (WHS) of the function f, which satisfies the Parseval s identity [6]: H f (u) = n. (.) u Z n The -ary functions with low absolute values of Walsh-Hadamard coefficients are of special interest in cryptography and coding theory and have many applications in different type of cryptosystems [6, 8, 11]. Kumar et al. [6] introduced the generalization of the notion classical bent Boolean function [8] and referred it as -ary bent function. The -ary function having flat WHS, in absolute, is said to be -ary bent function. A function f B n, is -ary bent if H f (u) = 1 for every u Z n [6, 15]. Alternatively, f is -ary bent if and only if C f (u) = 0 for all u Z n \ {0} [6, 13]. A function f B n, is said to be -ary m-plateaued if and and only if H f (u) = {0, m } for all u Z n. The -ary bent functions can be constructed using -ary m-plateaued functions [, 3]. The sum C f,g (u) = ζ f(x) g(x+u) (.3) x Z n is said to be cross-correlation between f, g B n, at u. In particular, for f = g the sum C f,f (u) = C f (u) is said to be autocorrelation of f at u. Recently, two indicators: the sum-of-suares-modulus indicator (SSMI) σ f,g and the modulus indicator(mi) f,g between two -ary functions f, g B n, [13] are defined by σ f,g = u Z n In particular, the SSMI σ f and MI f of a function f B n, is defined by σ f = u Z n C f,g (u), and f,g = max C f,g (u). (.4) u Z n C f (u), and f = max u Z n \{0} C f (u). (.5) Further analysis their properties are also discussed in the same article. In the following corollary, we summarise the properties discussed in [13,?] which we use to deduce our results. Corollary 1. [13] If f, g B n,, then (a) e Z n C f,g(e) ξ < e, y> = n H f (y)h g (y); and C f,g (e) = y Z n H f (y)h g (y) ξ <e, y>. (b) C f (e) = y Z H n f (y) ξ <e,y> ; and e Z C n f (e) ξ < e, y> = n H f (y). Corollary. [?] If f, g B n, and v Z n, then (a) a Z C n f (a)c g (a)ξ a,v = n u Z H n f (u) H g (u + v). (b) σ f,g = n u Z H n f (u) H g (u) ; and σ f = n u Z H n f (u) 4.

3 3 The new Bounds on σ f,g and δ f,g The proof of [0, Theorem 3.] is obtained for = is very complicated. We provide an alternative proof of the generalization of [0, Theorem 3.] for -ary functions in the following Theorem 1. Let f, g B n,, then σ f,g σ f σ g. (3.1) Proof. Let f, g B n,. Since the Cauchy-Schwarz ineuality for any two vectors x = (x 1, x,..., x n ), y = (y 1, y,..., y n ) R n states that ( n n ) 1 ( ) n 1 x i y i (3.) Therefore, i=1 i=1 x i σ f,g = H f (u) H g (u) i=1 x i u Z n 1 H f (u) 4 H g (u) 4 1 = σ f σ g. (3.3) u Z n u Z n Further, the ineuality ab a+b holds for any two positive real number a, b. Hence we have Corollary 3 below, is the generalization of Theorem 1 of [19] (obtained for = ). Corollary 3. Let f, g B n,, then 0 σ f,g σ f + σ g. (3.4) Let us define f v (x n r,..., x 1 ) = f(x n = v r,..., x n r+1 = v 1, x n r,..., x 1 ) for any v = (v r,..., v 1 ). The following results is obtained by Singh et al [13] Lemma 1. [13, Lemma 3.1] If u Z r, w Z n r and f B n,, then autocorrelation of f at uv is given by C f (uw) = v Z r C fv,f v u (w), where uw is the vector concatenation of u = (u r,..., u 1 ) Z r uw = (u, w) = (u r,..., u 1, w n r,..., w 1 ). and w = (w n r,..., w 1 ) Z n r defined by In the following theorem, we provide a relationship among σ f of f B n, and their restrictions (decomposition -ary functions) f l B n 1,, l {0, 1,..., 1}. Theorem. Let f l B n 1, (l = 0, 1,..., 1), and if a -ary function f : Z Z n 1 Z is expressed by f = f 0 f 1... f 1, i.e., f(x, x n ) = f xn (x), for all x Z n, x n Z. (3.5) Then whenever σ f = σ f0 + σ f σ f =i<j<, C fi,f j (w)c fk,f l (w) = 0 for all i, j, k, l Z such that i k and j l. (3.6)

4 Proof. It is evident that σ f,g = u Z n C f,g(u) = v Z n C f (v)c g (v) for all f, g B n,, see [13, Cor. 4.6]. Let f l B n 1, (l = 0, 1,..., 1) such that and j l, then C fi,f j (w)c fk,f l (w) = 0 for all i, j, k, l Z such that i k σ f = C f (uw) = C fl,f l+u C fz,f z+u u Z u Z l Z z Z = C fl (w)c fz (w) + C fl,f l+u (w)c fz,f z+u l Z z Z u 0 = σ fl,f z + C fl,f l+u (w)c fz,f z+u l Z z Z 1 = σ fi + i=0 1 = σ fi + i=0 1 = σ fi + 4 i=0 which completes the proof. u 0 l Z z Z 0=i<j< + u 0 0=i<j< + u 0 0=i<j<, l Z + u 0 l z,z Z l Z σ fl,f l+u C fl,f l+u (w) C fl,f l+u (w)c fz,f z+u It is to be noted that the smaller value of σ f (i.e., for better GAC) of f correspond to low values of the autocorrelation spectrum of f [16]. From Theorem it is evident that the decomposition of -ary function is important to construct -ary functions with good GAC. Two functions f, g B n, are said to be perfectly uncorrelated if C f,g (u) = 0 for all u Z n. Further, if H f (u)h g (u) = 0 for all u Z n for all u Z n, then f, g are said to be -ary functions with disjoint WHS. It can be seen that two functions with disjoint WHS are always perfectly uncorrelated. These properties are widely used in binary case to construct highly nonlinear balance Boolean functions with good GAC, see [10] and the references therein. The following results are conseuence of Theorem Corollary 4. Let f be a -ary function as defined in (3.5), then 1. σ f = σ f0 + σ f σ f 1 if and only if f i, f j are perfectly uncorrelated for all i j, i, j {0, 1,..., 1}.. 1 i=0 σ f i σ f 1 i=0 σ f i + 4 0=i<j< σ f i,f j. Thus, the concatenated function have minimum SSMI if their decomposition -ary functions are pairwise perfectly uncorrelated. The following are some constructions of -ary functions smaller values for σ f and f. Lemma. Let l be a non negative integer and z l Z m be any fixed vector. Define a -ary function f l : Z n m Z m Z by f l (x, y) = g l (x) + z l, y for all x Z n m, y Z m, (3.8) where g zl B n m,. Then (a) H fl (u, v) = m H gl (u)δ 0 (z + v), where δ 0 (u) = 0 if u 0 and δ 0 (0) = 1. (3.7)

5 (b) H f1 (u, v)h f (u, v) = 0 for all (u, v) Z n m Z m, whenever z 1 z, (c) σ fl = 3m σ gl, (d) If g zl is a -ary bent, then σ fl = n+m and H fl (u, v) = m δ 0 (z + v), that is, f l is m-plateaued -ary function. Proof. Let (u, v) Z n m Z m. Then, H fl (u, v) = 1 n = 1 n (x,y) Z n m Z m x Z n m ζ g l(x)+ u,x ζ f l(x,y)+ u,x + v,y y Z m ζ z l+v,y = m Hgl (u)δ 0 (v + z l ) (3.9) Part (b) follows from the property δ 0 (x)δ 0 (y) = 0 if x y and part (a). Now, using (3.9), we have σ fl = n = n (u,v) Z n m Z m u Z n m v Z m ( m H fl (u, v) 4 ) 4 Hgl (u) 4 δ 0 (v + z l ) = n+m u Z n m H gl (u) 4 = 3m σ gl. Further, if g l -ary is bent, then σ gl = (n m) and H gl (u) = 1 for all u. Hence part (d) follows from part (a) and (c). The following is the construction of (m 1)-plateaued -ary function in n + 1 variables by m-plateaued -ary function in n variables. Construction 1. Let t = n + 1, z l Z m for l {0, 1,..., 1} such that z i z j for all i j. Define a -ary function f : Z n m Z m Z Z by f(x, y, x t ) = f xt (x, y), (3.10) where f l are -ary m-plateaued functions as constructed in (3.8). Then f is (m 1)-plateaued. Theorem 3. Let f B t, as defined in Construction 1, then σ f = t (m 1), that is f is (m 1)-plateaued -ary function. Proof. Since H fi (u, v)h fj (u, v) = 0 for (u, v) Z n m Z m whenever i j and i, j {0, 1,..., 1}. This implies that C fi,f j (u, v) = 0 for all (u, v) Z n m Z m, that is f i, f j are perfectly uncorrelated for all i j. Hence by using Corollary 4 which completes the proof. σ f = n+m+1 = t+(m 1), (3.11) 4 Conclusion The article presents an upper bound on the two indicators: σ f,g and f,g of two -ary functions f and g. A relationship among σ f,g, σ f and σ g is also presented. Based on the above result we obtain a bound on σ f of f B n, in terms of σ f l s of the restricted functions on Z n 1, and construct a class of -ary bent functions from 1-plateaued functions having dijoint Walsh spectra.

6 References 1. C. M. Adams and S. E. Tavers, Generating and counting binary bent seuences, IEEE Trans. Inform. Theory 36 (5) (1990) A. Çeşmelioğlu and W. Meidl, Bent functions of maximal degree, IEEE Trans. Inform. Theory, 58 () (01), pp A. Çeşmelioğlu and W. Meidl, A construction of bent functions from plateaued functions, Des. Codes Cryptogr., 66 (013), pp T. Helleseth, P. V. Kumar, Seuences with Low Correlation, In Handbook of Coding Theory, North-Holland, Amsterdam, (1998), pp X. Hou, -ary bent functions constructed from chain rings, Finite Fields and Applications, 4 (1998), pp P. V. Kumar, R. A. Scholtz, L. R. Welch, Generalized bent functions and their properties, Journal of Combinatoirial Theory, Ser. A 1(40) (1985), pp B. Preneel, W. Van Leekwijck, L. Van Linden, R. Govaerts and J. Vandewalle, Propagation characteristics of Boolean functions, in Advances in Cryptology-Eurocrypt 90, LNCS 437 Springer (1991) O. S. Rothaus, On bent functions, J. Combin. Theory, Ser. A 0 (1976) P. Sarkar and S. Maitra, Constructions of nonlinear Boolean functions with important cryptographic properties, In Advances in Cryptology-Eurocrypt 000, LNCS 1807, Springer (008) P. Sarkar and S. Maitra, Cross-correlation analysis of cryptographically useful Boolean functions, Theory of Computing Systems 35 (00) K-U. Schmidt, Quaternary constant-amplitude codes for multicode CDMA, IEEE Trans. on Inform. Theory, 55 (4)(009) C. Shannon, Communication theory of secrecy systems, Bell System Technical Journal 8 (1949) D. Singh, M. Bhaintwal, B. K. Singh, Some results on -ary bent functions, Int. J. Comput. Math. DOI: / J.J. Son, J. I. Lim, S. Chee and S. H. Sung, Global avalanche characteristics and nonlinearity of balanced Boolean functions, Inform. Proc. Lett. 65 (1998) N. Tokareva, Generalizations of bent functions: A survey, J. Appl. Indust. Math. 5(1) (011) X. M. Zhang and Y. Zheng, GAC-The criterion for global acalanche criteria of cryptographic functions, J. Uni. Comput. Sci. 1(5) (1995) Y. Zheng and X. M. Zhang, Relationship between bent functions and complementary plateaued functions, LNCS 1787 (1999) Y. Zhou, M. Xie and G. Xiao, On the global avalanche characteristics between two Boolean functions and the higher order nonlinearity, Inform. Sci. 180 (010) Y. Zhou, X. Dong, W. Zhang and B. Zeng, New bounds on the sum-of-suares indicator, 7th International Conference on Communications and Networking, CHINACOM-01 China, Y. Zhou, W. Zhang, S. Zhu and G. Xiao, The global avalanche characteristics of two Boolean functions and algebraic immunity, Int. J. Comput. Math. 89(16) (01) A. F. Webster, Plaintext/ciphertext bit dependencies in cryptographic systems, Master s Thesis, Department of Electrical Engineering, Queen s University, Ontario, Canada, 1985.