On a generalized combinatorial conjecture involving addition mod 2 k 1

Similar documents
1-Resilient Boolean Function with Optimal Algebraic Immunity

Decomposing Bent Functions

CCZ-equivalence and Boolean functions

#A48 INTEGERS 12 (2012) ON A COMBINATORIAL CONJECTURE OF TU AND DENG

Hadamard Matrices, d-linearly Independent Sets and Correlation-Immune Boolean Functions with Minimum Hamming Weights

The degree sequence of Fibonacci and Lucas cubes

A Conjecture on Binary String and Its Applications on Constructing Boolean Functions of Optimal Algebraic Immunity

Statistical and Linear Independence of Binary Random Variables

Dickson Polynomials that are Involutions

On Cryptographic Properties of the Cosets of R(1;m)

Constructing hyper-bent functions from Boolean functions with the Walsh spectrum taking the same value twice

Fast Algebraic Immunity of 2 m + 2 & 2 m + 3 variables Majority Function

arxiv: v1 [math.gm] 1 Oct 2015

Balanced Boolean Functions with (Almost) Optimal Algebraic Immunity and Very High Nonlinearity

Bivariate Uniqueness in the Logistic Recursive Distributional Equation

Céline Blondeau, Anne Canteaut and Pascale Charpin*

ON THE AVERAGE RESULTS BY P. J. STEPHENS, S. LI, AND C. POMERANCE

EXPLICIT CONSTANTS IN AVERAGES INVOLVING THE MULTIPLICATIVE ORDER

Differential properties of power functions

DIFFERENTIAL cryptanalysis is the first statistical attack

Construction of 1-Resilient Boolean Functions with Optimal Algebraic Immunity and Good Nonlinearity

Analysis of Some Quasigroup Transformations as Boolean Functions

A relative of the Thue-Morse Sequence

Endogeny for the Logistic Recursive Distributional Equation

Constructing differential 4-uniform permutations from know ones

Hyperbent functions, Kloosterman sums and Dickson polynomials

Math 249B. Geometric Bruhat decomposition

How Long Does it Take to Catch a Wild Kangaroo?

A conjecture about Gauss sums and bentness of binomial Boolean functions. 1 Introduction. Jean-Pierre Flori

Average Coset Weight Distributions of Gallager s LDPC Code Ensemble

On the Arithmetic Walsh Coefficients of Boolean Functions

Characterizations of the differential uniformity of vectorial functions by the Walsh transform

Quadratic Almost Perfect Nonlinear Functions With Many Terms

Third-order nonlinearities of some biquadratic monomial Boolean functions

There are no Barker arrays having more than two dimensions

Homework Set 2 Solutions

A shortening of C on the coordinate i is the [n 1, k 1, d] linear code obtained by leaving only such codewords and deleting the ith coordinate.

arxiv: v1 [math.co] 13 Jul 2017

A note on hyper-bent functions via Dillon-like exponents

A LOWER BOUND FOR THE SIZE OF A MINKOWSKI SUM OF DILATES. 1. Introduction

Visual cryptography schemes with optimal pixel expansion

A proof of topological completeness for S4 in (0,1)

Combinatorial Interpretations of a Generalization of the Genocchi Numbers

Bloom Filters and Locality-Sensitive Hashing

Perfect Algebraic Immune Functions

On Polynomial Pairs of Integers

be a deterministic function that satisfies x( t) dt. Then its Fourier

Constructions of Quadratic Bent Functions in Polynomial Forms

Complete characterization of generalized bent and 2 k -bent Boolean functions

On Newton-Raphson iteration for multiplicative inverses modulo prime powers

Generalized hyper-bent functions over GF(p)

Introduction To Resonant. Circuits. Resonance in series & parallel RLC circuits

On values of vectorial Boolean functions and related problems in APN functions

Chapter 3. Systems of Linear Equations: Geometry

Modular Multiplication in GF (p k ) using Lagrange Representation

Some properties of q-ary functions based on spectral analysis

REPRESENTATIONS FOR A SPECIAL SEQUENCE

On non-hamiltonian circulant digraphs of outdegree three

THE LINEAR BOUND FOR THE NATURAL WEIGHTED RESOLUTION OF THE HAAR SHIFT

N-bit Parity Neural Networks with minimum number of threshold neurons

New Construction of Single Cycle T-function Families

Harvard CS 121 and CSCI E-207 Lecture 6: Regular Languages and Countability

Benes and Butterfly schemes revisited

Two Notions of Differential Equivalence on Sboxes

arithmetic properties of weighted catalan numbers

Some Classes of Invertible Matrices in GF(2)

Constructing Vectorial Boolean Functions with High Algebraic Immunity Based on Group Decomposition

A New Approach to Permutation Polynomials over Finite Fields

3 - Vector Spaces Definition vector space linear space u, v,

arxiv: v2 [cs.dm] 29 Mar 2013

A Generalization of a result of Catlin: 2-factors in line graphs

The Indistinguishability of the XOR of k permutations

Minimax strategy for prediction with expert advice under stochastic assumptions

Announcements Wednesday, September 06

ON THE CONTINUED FRACTION EXPANSION OF THE UNIQUE ROOT IN F(p) OF THE EQUATION x 4 + x 2 T x 1/12 = 0 AND OTHER RELATED HYPERQUADRATIC EXPANSIONS

Comments on "Generating and Counting Binary Bent Sequences"

Semi-simple Splicing Systems

On the Existence and Constructions of Vectorial Boolean Bent Functions

Monomial transformations of the projective space

Some results on the existence of t-all-or-nothing transforms over arbitrary alphabets

On Counting the Number of Tilings of a Rectangle with Squares of Size 1 and 2

Extended 1-perfect additive codes

CS1800 Discrete Structures Final Version A

MATH 802: ENUMERATIVE COMBINATORICS ASSIGNMENT 2

Finding Low Degree Annihilators for a Boolean Function Using Polynomial Algorithms

QUADRANT MARKED MESH PATTERNS IN 132-AVOIDING PERMUTATIONS III

On the exponents of APN power functions and Sidon sets, sum-free sets, and Dickson polynomials

GAPS IN BINARY EXPANSIONS OF SOME ARITHMETIC FUNCTIONS, AND THE IRRATIONALITY OF THE EULER CONSTANT

Fourier Spectra of Binomial APN Functions

A New Class of Bent Negabent Boolean Functions

Characterizations on Algebraic Immunity for Multi-Output Boolean Functions

New Constructions for Resilient and Highly Nonlinear Boolean Functions

Well known bent functions satisfy both SAC and PC(l) for all l n, b not necessarily SAC(k) nor PC(l) of order k for k 1. On the other hand, balancedne

Haar Spectrum of Bent Boolean Functions

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Fixed point theorems for Boolean networks expressed in terms of forbidden subnetworks

Randomized Smoothing Networks

Unit equations in characteristic p. Peter Koymans

reader is comfortable with the meaning of expressions such as # g, f (g) >, and their

On the Weight Distribution of N-th Root Codes

Transcription:

On a generalized combinatorial conjecture involving addition mod k 1 Gérard Cohen Jean-Pierre Flori Tuesday 14 th February, 01 Abstract In this note, e give a simple proof of the combinatorial conjecture proposed by Tang, Carlet and Tang, based on hich they constructed to classes of Boolean functions ith many good cryptographic properties. We also give more general properties about the generalization of the conjecture they propose. 1 Introduction In a very recent paper inspired by the previous ork of Tu and Deng [6], Tang, Carlet and Tang [5] constructed an infinite family of Boolean functions ith many good cryptographic interesting properties depending on the validity of the folloing combinatorial property: Conjecture 1. k, max # (a, b ( Z/( k 1Z } a b = t; (a + (b k 1 k 1. t (Z/( k 1Z They verified it experimentally for k 9, as ell as the folloing generalized property for k 15 here u Z/( k 1Z is such that gcd(u, k 1 = 1: Conjecture. k, max # (a, b ( Z/( k 1Z } ua ± b = t; (a + (b k 1 k 1. t (Z/( k 1Z This generalized conjecture includes the original conjecture proposed by Tu and Deng [6]. From no on, let us denote by S k,t,±,u the quantity of interest: S k,t,±,u = # (a, b ( Z/( k 1Z } ua ± b = t; (a + (b k 1. In Section, e give some general properties about such sets and their cardinalities. In Section 3, e give the proof of Conjecture 1. In Section 4, e conjecture a recursive formula for k 1 S k,t,,1. Institut Télécom, Télécom ParisTech, UMR 7539, CNRS LTCI, 46 rue Barrault, F-75634 Paris Cedex 13, France, flori,cohen}@enst.fr 1

General properties Here e follo the approach of the previous attempts to prove the original conjecture of Tu and Deng [, 1]. We recall the elementary results: Lemma 1. For k 1, a Z/( k 1Z, (a = (a; a ( Z/( k 1Z, ( a = k (a. We first remark that for a given a Z/( k 1Z, b must be equal to ±(t ua, hence the folloing lemma. Lemma. For k, S k,t,±,u = # a Z/( k 1Z (a + (±(t ua k 1 }. We no sho that is enough to study the conjecture for one t, but also one u, in each cyclotomic class. Lemma 3. For k, S k,t,±,u = S k,t,±,u. Proof. Indeed a a is a permutation of Z/( k 1Z so that S k,t,±,u = # a Z/( k 1Z (a + (±(t ua k 1 } = # a Z/( k 1Z (a + (±(t ua k 1 } = # a Z/( k 1Z (a + (±(t ua k 1 } = S k,t,±,u. Lemma 4. For k, S k,t,±,u = S k,t,±,u. Proof. Using the previous lemma: S k,t,±,u = S k,t,±,u = # a Z/( k 1Z (a + (±(t ua k 1 } = # a Z/( k 1Z (a + (±(t ua k 1 } = S k,t,±,u. We no sho a more elaborate relation. Lemma 5. For k and gcd(u, k 1 = 1, S k,t,±,u = S k,±u 1 t,±,u 1.

Proof. We use the fact that a u 1 ( a + t is a permutation of Z/( k 1Z. S k,t,±,u = # a Z/( k 1Z (a + (±(t ua k 1 } = # a Z/( k 1Z (u 1 ( a + t + (a k 1 } = # a Z/( k 1Z (±(±u 1 t u 1 a + (a k 1 } = S k,±u 1 t,±,u 1. 3 Proof of the conjecture We no prove Conjecture 1, and so its extension for u equal to any poer of, that is Conjecture for u = i and the sign, according to Lemma 4. First, e note that for u = 1 and the sign, Lemma 5 becomes S k,t,,1 = S k, t,,1. Second, for the specific values of a = 0, t, e have that (0 + ( t = ( t k 1, and (t + (0 = (t k 1, so that e alays have 0, t} a Z/( k 1Z (a + ( (t a k 1 }. Finally, for a 0, t, e have that (a + ( (t a = k ( a + k (t a = k (( a + (t a. Then using the fact that a a is a permutation of Z/( k 1Z: Hence S k,t,,1 = + # a Z/( k 1Z \ 0, t} (a + ( (t a k 1 } = + # a Z/( k 1Z \ 0, t} ( a + (t a k + 1 } = + # a Z/( k 1Z ( a + (t a k + 1 } = + # a Z/( k 1Z (a + (t + a k + 1 } = + ( k 1 # a Z/( k 1Z (a + (t + a k } + ( k 1 # a Z/( k 1Z (a + (t + a k 1 } k + 1 S k, t,,1 k + 1 S k,t,,1. S k,t,,1 k + 1, but e kno that S k,t,,1 is an integer, hich concludes the proof of Conjecture 1. 3

We also note that for t = 0, S k,0,,1 = # a Z/( k 1Z (a k 1 } = = k 1 =0 k 1 =0 # a Z/( k 1Z (a = } ( k, hich is equal to k 1 ( k (k+1/ if k is odd, and k 1 ( ( k k/ 1 k/ k / if k is even. Therefore the conjecture can be naturally extended to include the case t = 0. 4 Computing the exact gap If e rerite the above reasoning more carefully, e find that S k,t,,1 = k 1 + (1 # a Z/( k 1Z (a + (t + a = k } /. It is an interesting problem to find a closed-form formula for the value of M k,t = # a ( Z/( k 1Z } (a + (t + a = k, M k = min M k,t. t Z/( k 1Z We denote by k the folloing value k = M k 1 so that S k,t,,1 = k 1 k. The experimental results of Tang, Carlet and Tang suggest that the folloing recursive formula is verified: k + 1 if k even, k+1 = k + 1 Γ (k 1/ if k odd, here n 1 Γ n = 1 + and C = ( /( + 1 is the -th Catalan number. Γn is the sequence A155587 in OEIS [3]. Further experimental investigations made ith Sage [4] sho that the minimal value M k seems to be attained for t = 1 if k is even and t = 3 if k is odd. In fact, the next proposition gives explicit formulae for M k,1 and M k,3. We recall that r(a, t = (a + t (a (t can be interpreted as the number of carries occurring hile adding a and t. Then e can describe M k,t as M k,t = # a ( Z/( k 1Z } (a + (t + a = k = # a ( Z/( k 1Z } (a + (t r(a, t = k = # a ( Z/( k 1Z } r(a, t = k + (t + (a. =0, C 4

Proposition 1. For k, M k,1 = (k+1/ ( 1 Proof. We kno that M k,1 = M k, 1, so e enumerate the set of a s verifying r(a, 1 = (a 1 according to (a or equivalently r(a, 1. The binary expansion of 1 is 1---10. First, for any number t Z/( k 1Z, 0 r(a, t k, so e deduce that a must verify 1 (a (k + 1/. Second, for a given number of carries r, a number a verifying r(a, 1 = r must be of the folloing form 1 = 1---1---10, a =????10---0. r Such a description is valid even if r(a, 1 = k. So, for a given eight, a number a verifying (a = and r(a, 1 = 1 must be of the folloing form 1 = 1---1---10, a =????10---0, 1 ith the other 1 bits equal to 1 anyhere among the first bits. Hence there are ( 1 differents a s of eight verifying r(a, 1 = 1. Finally, summing up on 1 (k + 1/, e get that M k,1 = (k+1/ ( 1. Proposition. For k 3, M k,3 = 1 + k/ ( 1 Proof. We proceed as in the proof of Proposition 1. The arguments are only slightly more technical. We kno that M k,3 = M k, 3, so e enumerate the set of a s verifying r(a, 3 = (a according to (a or equivalently r(a, 3. The binary expansion of 3 is 1---100. First, from r(a, 3 = (a, e deduce that 1 k/ + 1. Second, for a given number of carries r, there are no different possibilities... ( k (t For any t Z/( k 1Z, there are exactly k (t 1 =0 different a s producing no carries. Indeed, such a s are characterized by the facts that they have no bits equal to 1 in front of any bit of t equal to 1 and that they can not have only 1 s in front of the bits of t equal to 0. For t = 3, the such a s are exactly 0, 1 and and both 1 and have eight 1. Then, for a given number of carries 1 r < k/, a number a verifying r(a, 3 = r cannot have its to last bits (in front of the to bits of 3 equal to 0 equal to 1. Otherise it ould produce k carries. So it must be of one of the folloing forms 3 = 1---1---100, a =????10--0?0, r a =???10----01. r 1 5

So for a given eight, a number a verifying (a = and r(a, 3 = must be of one of the folloing forms 3 = 1---1---100, a =????10--0?0, a =???10----01, 3 ith the other 1 bits set to 1 anyhere among the remaining bits in the first case, and the other bits set to 1 anyhere among the 4 first bits in the second one. Hence there are ( ( 1 + 4 differents a s of eight. Finally, if k is odd and (a = k/ + 1, then r(a, t = k 1 and a must be of the folloing form 3 = 1---100, a =????101. There are ( 4 different such a s. And, if k is even and (a = k/ + 1, then r(a, t = k and a must be of the folloing form There are also ( 4 different such a s. Therefore, e find that M k,3 = + = 1 + k/ = 3 = 1---100, k/ a =?????11. ( + 1 ( 1 k/ +1. = ( 4 We no prove recurrence relations for M k,1 and M k,3. Corollary 1. If k is even, then If k is odd, then M k,1 + 1 = M k+1,3. M k,3 Γ (k 1/ = (M k+1,1 1/. Proof. The first equality is a simple consequence of the fact k/ = (k + 1/ hen k is even. For the second one, e rite M k,3 Γ (k 1/ = 1 + = k/ (k 1/ ( 1 1 ( 1 (k 3/ =0 (k 3/ =0 ( (k 3/ ( = 1 + ( 1/( + 1, ( /( + 1 /( + 1 6

and (M k+1,1 1/ = = k/ +1 = (k 1/ ( / 1 ( /, so that e can equivalently sho that ( (k 3/ k 1 ( = (3 /( + 1 (k 1/, hich follos from a simple induction. For k = 3, this reduces to 0 = 0 hich is indeed true; for k > 3 odd, e have ( ( k + 1 k 1 = 4k/(k + 1 (k + 1/ (k 1/ ( k 1 = (4 1/(k + 1, (k 1/ and (k 1/ ( (3 /( + 1 = (k 3/ ( ( (3 /( + 1 k 1 + (3 1/(k + 1 (k 1/. To conclude this section, let us note that M k,1 M k,3 if k is even and M k,3 M k,1 if k is odd. So, if e assume that these are indeed the minimal values M k according to the parity of k, then k is given by (Mk,1 1/ if k even, k = (M k,3 1/ if k odd, and the recursive formulae are proved. References [1] Jean-Pierre Flori and Hugues Randriam. On the number of carries occuring in an addition mod k 1. Cryptology eprint Archive, Report 011/45, 011. http://eprint.iacr.org/. [] Jean-Pierre Flori, Hugues Randriam, Gérard D. Cohen, and Sihem Mesnager. On a conjecture about binary strings distribution. In Claude Carlet and Alexander Pott, editors, SETA, volume 6338 of Lecture Notes in Computer Science, pages 346 358. Springer, 010. [3] The OEIS Foundation Inc. The On-Line Encyclopedia of Integer Sequences. http://oeis.org. [4] William Stein. Sage: Open Source Mathematical Softare (Version 4.7.0. The Sage Group, 011. http://.sagemath.org. 7

[5] Deng Tang, Claude Carlet, and Xiaohu Tang. Highly nonlinear boolean functions ith optimal algebraic immunity and good behavior against fast algebraic attacks. Cryptology eprint Archive, Report 011/366, 011. http://eprint.iacr.org/. [6] Ziran Tu and Yingpu Deng. A conjecture about binary strings and its applications on constructing boolean functions ith optimal algebraic immunity. Des. Codes Cryptography, 60(1:1 14, 011. 8

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback