arxiv: v1 [cs.it] 31 May 2013

Similar documents
Optimal Ternary Cyclic Codes From Monomials

Hyperbent functions, Kloosterman sums and Dickson polynomials

Constructing hyper-bent functions from Boolean functions with the Walsh spectrum taking the same value twice

c 2013 Society for Industrial and Applied Mathematics

The Dimension and Minimum Distance of Two Classes of Primitive BCH Codes

Third-order nonlinearities of some biquadratic monomial Boolean functions

Constructions of Quadratic Bent Functions in Polynomial Forms

Decomposing Bent Functions

The BCH Bound. Background. Parity Check Matrix for BCH Code. Minimum Distance of Cyclic Codes

Fourier Spectra of Binomial APN Functions

New Families of Triple Error Correcting Codes with BCH Parameters

Constructing differential 4-uniform permutations from know ones

arxiv: v1 [cs.it] 12 Jun 2016

Hyperbent functions, Kloosterman sums and Dickson polynomials

Complete characterization of generalized bent and 2 k -bent Boolean functions

7.1 Definitions and Generator Polynomials

Cyclic Codes from the Two-Prime Sequences

Céline Blondeau, Anne Canteaut and Pascale Charpin*

On a Conjectured Ideal Autocorrelation Sequence and a Related Triple-Error Correcting Cyclic Code

Trace Representation of Legendre Sequences

Quadratic Almost Perfect Nonlinear Functions With Many Terms

1-Resilient Boolean Function with Optimal Algebraic Immunity

A New Characterization of Semi-bent and Bent Functions on Finite Fields

Repeated-Root Self-Dual Negacyclic Codes over Finite Fields

Stream Ciphers and Number Theory

ELG 5372 Error Control Coding. Lecture 12: Ideals in Rings and Algebraic Description of Cyclic Codes

New algebraic decoding method for the (41, 21,9) quadratic residue code

A class of quadratic APN binomials inequivalent to power functions

Generalized hyper-bent functions over GF(p)

Low Correlation Sequences for CDMA

Irreducible Polynomials. Finite Fields of Order p m (1) Primitive Polynomials. Finite Fields of Order p m (2)

On Binary Cyclic Codes with Codewords of Weight Three and Binary Sequences with the Trinomial Property

Open problems on cyclic codes

New Constructions for Resilient and Highly Nonlinear Boolean Functions

Singer and GMW constructions (or generalized GMW constructions), little else is known about p-ary two-level autocorrelation sequences. Recently, a few

DIFFERENTIAL cryptanalysis is the first statistical attack

A New Class of Bent Negabent Boolean Functions

Four classes of permutation polynomials of F 2 m

Differential properties of power functions

Affine equivalence in the AES round function

On Welch-Gong Transformation Sequence Generators

Hyper-bent Functions

: Coding Theory. Notes by Assoc. Prof. Dr. Patanee Udomkavanich October 30, upattane

Information Theory. Lecture 7

50 Years of Crosscorrelation of m-sequences

Design of Pseudo-Random Spreading Sequences for CDMA Systems

Outline. MSRI-UP 2009 Coding Theory Seminar, Week 2. The definition. Link to polynomials

Binary Sequences with Optimal Autocorrelation

Quadratic Equations from APN Power Functions

CCZ-equivalence and Boolean functions

Binary Sequences with Optimal Autocorrelation

Constructing Vectorial Boolean Functions with High Algebraic Immunity Based on Group Decomposition

Self-Dual Cyclic Codes

Almost Difference Sets and Their Sequences With Optimal Autocorrelation

Self-dual Repeated Root Cyclic and Negacyclic Codes over Finite Fields

Sequences, DFT and Resistance against Fast Algebraic Attacks

Nonlinear Functions A topic in Designs, Codes and Cryptography

6054 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 58, NO. 9, SEPTEMBER 2012

Fast Algebraic Immunity of 2 m + 2 & 2 m + 3 variables Majority Function

hold or a eistel cipher. We nevertheless prove that the bound given by Nyberg and Knudsen still holds or any round keys. This stronger result implies

Division of Trinomials by Pentanomials and Orthogonal Arrays

The simplest method for constructing APN polynomials EA-inequivalent to power functions

Narrow-Sense BCH Codes over GF(q) with Length n= qm 1

Galois fields/1. (M3) There is an element 1 (not equal to 0) such that a 1 = a for all a.

Design of Signal Sets with Low Intraference for CDMA Applications in Networking Environment

Some Results on the Known Classes of Quadratic APN Functions

On cyclic codes of composite length and the minimal distance

Incidence Structures Related to Difference Sets and Their Applications

Constructing new APN functions from known ones

On complete permutation polynomials 1

Good Integers and Applications in Coding Theory. Silpakorn University

Cyclic codes: overview

arxiv: v1 [math.nt] 11 May 2016

arxiv: v1 [cs.dm] 20 Jul 2009

5.0 BCH and Reed-Solomon Codes 5.1 Introduction

Pencils of Quadratic Forms over Finite Fields

APN Power Functions Over GF(2 n ) for Infinitely Many n

The average dimension of the hull of cyclic codes

Correlation of Binary Sequence Families Derived from Multiplicative Character of Finite Fields

arxiv: v1 [cs.it] 27 May 2017

On the Correlation Distribution of Delsarte Goethals Sequences

The Array Structure of Modified Jacobi Sequences

THROUGHOUT this paper, let q be a power of a prime p.

On the Linear Complexity of Legendre-Sidelnikov Sequences

A New Algorithm to Compute Terms in Special Types of Characteristic Sequences

x n k m(x) ) Codewords can be characterized by (and errors detected by): c(x) mod g(x) = 0 c(x)h(x) = 0 mod (x n 1)

Vectorial Boolean Functions for Cryptography

: Error Correcting Codes. November 2017 Lecture 2

On Cryptographic Properties of the Cosets of R(1;m)

A New Approach to Permutation Polynomials over Finite Fields

Coding Theory and Applications. Solved Exercises and Problems of Cyclic Codes. Enes Pasalic University of Primorska Koper, 2013

Nonlinear Cyclic Codes over Z 4 whose Nechaev-Gray Images are Binary Linear Cyclic Codes

17 Galois Fields Introduction Primitive Elements Roots of Polynomials... 8

On the normality of p-ary bent functions

Binary Additive Counter Stream Ciphers

Design of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek

Mathematics for Cryptography

Secret-sharing with a class of ternary codes

QUADRATIC RESIDUE CODES OVER Z 9

On the exponents of APN power functions and Sidon sets, sum-free sets, and Dickson polynomials

Transcription:

Noname manuscript No. (will be inserted by the editor) A Note on Cyclic Codes from APN Functions Chunming Tang Yanfeng Qi Maozhi Xu arxiv:1305.7294v1 [cs.it] 31 May 2013 Received: date / Accepted: date Abstract Cyclic codes, as linear block error-correcting codes in coding theory, play a vital role and have wide applications. Ding in [9] constructed a number of classes of cyclic codes from almost perfect nonlinear (APN) functions and planar functions over finite fields and presented ten open problems on cyclic codes from highly nonlinear functions. In this paper, we consider two open problems involving the inverse APN functions f(x) = x qm 2 and the Dobbertin APN function f(x) = x 24i +2 3i +2 2i +2 i 1. From the calculation of linear spans and the minimal polynomials of two sequences generated by these two classes of APN functions, the dimensions of the corresponding cyclic codes are determined and lower bounds on the minimum weight of these cyclic codes are presented. Actually, we present a framework for the minimal polynomial and linear span of the sequence s defined by s t = Tr((1+α t ) e ), where α is a primitive element in GF(q). These techniques can also be applied into other open problems in [9]. Keywords Cyclic codes sequences linear span minimal polynomials APN functions Chunming Tang School of Mathematics and Information, China West Normal University, Sichuan Nanchong, 637002, China Yanfeng Qi LMAM, School of Mathematical Sciences, Peking University, Beijing, 100871, and Aisino Corporation Inc., Beijing, 100195, China Maozhi Xu LMAM, School of Mathematical Sciences, Peking University, Beijing, 100871, China

2 Chunming Tang et al. 1 Introduction As a subclass of linear codes, cyclic codes with efficient encoding and decoding algorithms [8, 12, 19], have been widely applied into data storage systems and communication systems. Hence, cyclic codes attract much attention and have been widely studied. Many research results have been made [3, 7, 14, 17]. Throughout this paper, let p be a prime and q be a power of p. Let r = q m, wheremisapositiveinteger.alinear[n,k,d]codec overfinitefieldgf(q) isa k dimensionsubspaceofgf(q) n withminimumdistanced.thelinearcodec is called a cyclic code if (c 0,c 1,,c n 1 ) C implies that (c n 1,c 0,,c n 2 ) C. Let gcd(n, q) = 1. Then there exists the following correspondece: π : GF(q) n GF(q)[x]/(x n 1) (c 0,c 1,...,c n 1 ) c 0 +c 1 x+...+c n 1 x n 1. Then a codeword (c 0,c 1,,c n 1 ) C can be identified with the polynomial c 0 +c 1 x+ +c n 1 x n 1 GF(p)[x]/(x n 1). Further, C is a cyclic code if and only if π(c) is an ideal of GF(p)[x]/(x n 1). Since GF(p)[x]/(x n 1) is a principal ideal ring, there exists a unique monic polynomial g(x) (x n 1) satisfying π(c) = g(x). We also write C = g(x). Then g(x) is called the generator polynomial of C and h(x) = (x n 1)/g(x) is called the parity-check polynomial of C. Sequences over finite field GF(q) can be utilized to construct cyclic codes [9], that is, the minimal polynomial of a periodic sequence can be used as the generator polynomial of a cyclic code. Let s = (s t ) t=0 be a sequence over GF(q) with period q m 1. Then there exists the smallest positive integer l, satisfying c 0 s i = c 1 s i 1 +c 2 s i 2 + +c l s i l, (i l), (1) where c 0 = 1,c 1,,c l GF(q) and c i (0 i l) are uniquely determined. The unique polynomial M s (x) = c 0 +c 1 x+ +c l x l GF(q)[x] (2) is called the minimal polynomial of the sequence s and l is the linear span (also called linear complexity) of s, which is denoted as L s. Generally, any polynomial as a constant multiple of M s (x) is also a minimal polynomial of s. Further, M s (x) and L s are given by [16] M s (x) = x qm 1 1 gcd(x qm 1 1,S qm 1 (x)), (3) L s = q m 1 deg(gcd(x qm 1 1,S qm 1 (x))), (4) where S qm 1 (x) = s 0 +s 1 x+ +s qm 2x qm 2 GF(q)[x].

A Note on Cyclic Codes from APN Functions 3 Hence, the cyclic code with the generator polynomial M s (x) is C s = M s (x). (5) Then, C s is an [q m 1,q m 1 L s,d] cyclic code. Consequently, the determination of M s (x) and d is essential for studying these cyclic code, which is the main problem in [9] and this paper. Generally, it is difficult to determine M s (x) for a sequence s. Ding[9] considered a special class of sequences with the form s t = Tr((1+α t ) e ), (6) where α is a primitive element of GF(r), T r( ) is the trace function from GF(r) to GF(q) and e is an exponent making the monomial f(x) = x e an almost perfect nonlinear function or a planar function. In some special cases, Ding determined M s (x), which induced a number of classes of cyclic codes. Further, ten open problems for the determination of M s (x) were proposed. In this paper, some results on M s (x) are given first. Then we solve the following two open problems presented by Ding. Two classes of APN functions used to induce cyclic codes are (1) The inverse APN function over finite field GF(r)[10]: f(x) = x qm 2 ; (2) The Dobbertin APN function over finite field GF(2 5i ) [11]: f(x) = x 24i +2 3i +2 2i +2 i 1. Theminimal polynomialoftheinverseapnfunction with p = 2wassolved in [9,20]. We generalize the result for a general odd prime p, which gives the corresponding cyclic code. In fact, this technique can be useful for other open problems presented by Ding. 2 Preliminary In this section, some notations and results are introduced. Let Z N = {0,1,, N 1} with the integer addition modulo N and integer multiplication modulo N operation for a positive integer N. Let the q cyclotomic coset containing j modulo N with the action x qx mod N be defined by C j = {j,qj,q 2 j,...,q lj 1 } Z N, where l j is the smallest positive integer such that q lj j j mod N and l j is called the size of C j. For a sequence over finite field GF(q) with period q m 1, we have the following result on the linear span and minimal polynomial [1]. Lemma 1 Let s be a sequence with period q m 1 over finite field GF(q), which has a unique expansion of the form s t = q m 2 i=0 c i α it, t 0,

4 Chunming Tang et al. where α is a generator of GF(q m ), and c i GF(q m ). Let I = {i : c i 0}, then the minimal polynomial of s is M s (x) = i I(1 α i x), and the linear span L s of s is I. From this lemma, in order to determine the minimal polynomial and linear span, we just need to compute the expansion of s t. The Lucas s theorem [15] can be a useful tool in the computation. Theorem 1 Let N = n t q t + n t 1 q t 1 + + n 1 q + n 0 and M = m t q t + m t 1 q t 1 + +m 1 q +m 0, then ( ) N M ( )( nt nt 1 m t m t 1 ) ( n0 m 0 ) mod p. Two most important classes of nonlinear functions in cryptography are almost perfect nonlinear (APN) functions and perfect nonlinear (or planar) functions [2,18], which can be used to construct cyclic codes [4,5,6,9]. A function f : GF(r) GF(r) is called a planar function if max #({x GF(r) : f(x+a) f(x) = b}) = 1. a GF(r),b GF(r) And a function f : GF(r) GF(r) is called an almost perfect nonlinear (APN) function if max #({x GF(r) : f(x+a) f(x) = b}) = 2. a GF(r),b GF(r) The APN functions considered in this paper are The inverse APN function [10]: f(x) = x qm 2 ; The Dobbertin APN function [11]: f(x) = x 24i +2 3i +2 2i +2 i 1,m = 5i. 3 The minimal polynomial of sequence from binomial functions In this section, we analyze the determination of the minimal polynomial of the sequence s with s t = Tr((1+α t ) e ), where 0 e q m 2. Further, Let

A Note on Cyclic Codes from APN Functions 5 n = q m 1 for the rest of the paper. s t = Tr((1+α t ) e ) q m 2( e = Tr( i = = = q m 2 i=0 ) α it ) i=0 ) m 1 α qj it ( e i q m 2 m 1 j=0 ( ( i=0 q m 2 i=0 where C e,q,m (i) = m 1 j=0 Define j=0 e q j i mod n ) mod p)α it C e,q,m (i)α it (7) ( e q j i mod n) mod p. Supp(C e,q,m ) = {i : 0 i < n,c e,q,m (i) 0}. (8) From the definition of C e,q,m (i), we have C e,q,m (q j i) = C e,q,m (i). Then there exists a subset Supp(C e,q,m ) of Supp(C e,q,m ) satisfying Supp(C e,q,m ) = {q j i mod n : j = 0,1,,m 1}. (9) i Supp(C e,q,m) Further,wecanchoose Supp(C e,q,m )withtheconditionthatifi,i Supp(C e,q,m ) and j = 1,,m 1, n (i q j i). Then s t = Tr((1+α t ) e ) = C e,q,m (i)α it = i Supp(C e,q,m) i Supp(C e,q,m) i C i C e,q,m (i )α i t (10) where C i is the q-cyclotomic coset containing i modulo n = q m 1, that is, C i = {q j i mod n : j = 0,1,,m 1}. From the above discussion, we have the following theorem. Theorem 2 Let s be a sequence over GF(q) defined by s t = Tr((1+α t ) e ). Then the linear span L s of s is #(Supp(C e,q,m )), and the minimal polynomial of s is M s (x) = (x γ 1 ) = m γ 1(x), γ Supp(C e,q,m) γ Supp(C e,q,m) where m γ 1(x) is the minimal polynomial of γ 1 over GF(q).

6 Chunming Tang et al. Proof From Identity (10) and Lemma 1, this theorem follows. 4 Cyclic codes from APN function: x qm 2 Note that ( N 1 M ) = N M N ( N ) M, then ( ) e C e,q,m (i) i i q j i mod n,j Z m ( ) e+1 i e+1 e+1 i i q j i mod n,j Z m ( ) e+1 (1+i ) i mod p (11) i q j i mod n,j Z m Let i = m 1 j=0 i jq j, then qi mod n = i m 1 + i 0 q + + i m 2 q m 1. From e+1 = m 1 j=0 (q 1)qj and Lucas s theorem, we have ( ) ( ) ( )( ) e+1 q 1 q 1 q 1 qi mod n i m 2 i 0 i m 1 ( ) ( )( ) q 1 q 1 q 1 i m 1 i 1 i 0 ( ) e+1 mod p i For i = q j i mod n(j Z m ), ( ) ( e+1 i e+1 ) i mod p. Then we get ( ) e+1 C e,q,m (i) (1+i ) i i q j i mod n,j Z m ( ) m 1 e+1 ( i j +m) mod p (12) i j=0 where i j q j i mod n. Let s q (i) = m 1 j=0 i j, then Further, we have Supp(C e,q,m ) = {i Z n : s q (i)+m 0 mod p}. (13) #(Supp(C e,q,m )) = q m (1 1 ). (14) p

A Note on Cyclic Codes from APN Functions 7 Theorem 3 Let s be a sequence defined by s t = Tr((1 + α t ) qm 2 ). Then the linear span L s of s is q m (1 1 p ), and the minimal polynomial of s is where s q (i) = m 1 j=0 i j. M s (x) = i Zn sq(i) + m 0 mod p (x α i ), (15) Proof From Identities (13), (14) and Theorem 2, this theorem follows. Theorem 4 The cyclic code C s, induced by the sequence in Theorem 3 is an [n, qm p 1,d] code, whose generator polynomial is given by Identity (15). Further, d max{2p 1, q(p 1) p +1}. Proof The dimension of C s can be obtained by Theorem 3. Then we consider the lowerbound ofminimum weight d. Note that the weight distribution ofthe cyclic code generatedby M s (x) is the same as that of the cyclic code generated by the reciprocal polynomial of M s (x). The reciprocal polynomial of M s (x) has zero points α j, where j {q p+1,q p+2,,q+p 2}. From the BCH bound, we have d 2p 1. Further, the reciprocal polynomial of M s (x) has zero points α pj+1, where j {0,1,, q(p 1) p bound [13], we have d q(p 1) p 1}. From the Hartmann-Tzeng +1. Hence, d max{2p 1, q(p 1) p +1}. Example 1 Let q = 3 and m = 2. Let α be a primitive element of GF(3 2 ) satisfying α 2 +2α+2 = 0. The the corresponding cyclic code C s is an [8,2,6] code, whose generator polynomial is And its dual is an [8,6,2] cyclic code. M s (x) = x 6 +2x 5 +2x 4 +2x 2 +x+1. Example 2 Let q = 3 and m = 3. Let α be a primitive element of satisfying α 3 +2α+1 = 0. The corresponding cyclic code C s is an [26,8,10] code, whose generator polynomial is M s (x) =x 18 +2x 16 +2x 15 +x 14 +x 12 +x 11 +x 10 + And its dual is an [26,18,4] cyclic code. x 9 +x 8 +x 7 +x 6 +x 4 +2x 3 +2x 2 +1. 5 Cyclic codes from the APN function: x 24i +2 3i +2 2i +2 i 1 Let m = 5i and e = 2 4i +2 3i +2 2i +2 i 1. The binary sequence of e is e = 00 1 00 1 00 1 00 0 } 11 1 {{}, (16) i i i i i

8 Chunming Tang et al. which has m bits. Foranintegerx {0,1,,n 1},thebinaryexpansionofxis m 1 j=0 x j2 j, and the corresponding binary sequence is x = x m 1 x m 1 x 0 with m bits. Then x i and x i are the same. Let St be the set of all the binary sequences with m length except 1 m = } 11 1 {{}. Let G be the group with elements of cyclically m shift transformations on St. Then G is a cyclic code with order m. Let τ G and τ(b m 1 b m 2 b 0 ) = b 0 b m 1 b 1, then G = τ. Note that there is a bijection map between Z n and St. Then τ is corresponding to an action x q m 1 x over Z n, that is, a q cyclotomic action on Z n is corresponding to a cyclic action on St. Definition 1 Let x,y St. It is said that x is covered by y or y is a cover of x, if for x i = 1, then y i = 1. It is denoted by that x y. Definition 2 Let x St. It is said that x is cyclically covered by e, if there exists an element σ G satisfying σ(x) e. If such σ does not exist, then x is not cyclically covered by e. Definition 3 Let x St. the sequence x is called an even sequence if #{σ G σ(x) e} is even. Otherwise, x is an odd sequence. Lemma 2 Let m = 5i and e = 2 4i +2 3i +2 2i +2 i 1. Let p = q = 2, r = 2 m and x Z n. Then x Supp(C e,q,m ) if and only if x is an odd sequence. Proof From Lucas s theorem, we have C e,q,m (x) = = x =q j x,j Z m ( ) e x m 1 x =σ(x),σ G k=0 ( ek x k = #({σ G : σ(x) e}) mod 2. Hence, C e,q,m 0 if and only if x is an odd sequence. Lemma 3 Let l 2 and y = } 00 0 {{} 00 0 00 0 00 0 } 1 1 {{} 0 0, i i i i l i l where is any element in {0,1}. Then #{σ(y) σ G} = m. Proof We just need to prove that if σ id, then σ(y) y. Let σ = τ j, where 0 < j < m. (1) If 0 < j i l, then Further, 0 i l j < i l. Then ) (σ(y)) i l j = y i l = 1. y i l j = 0.

A Note on Cyclic Codes from APN Functions 9 Hence, (2) If i l < j m l, then (σ(y)) i l j y i l j. (σ(y)) m+i l j = y i l = 1. Further, i m+i l j m 1. Then Hence, (3) If m l < j < m, then y m+i l j = 0. (σ(y)) m+i l j y m+i l j. (σ(y)) m+i 1 j = y i 1 = 1. Further, i 1 < m+i 1 j < i+l 1. Then Hence, y m+i 1 j = 0. (σ(y)) m+i 1 j y m+i 1 j. Consequently, when 0 < j < m, σ(y) = τ j (y) y. This lemma follows. If l 2, denote the set of all the elements like y in Lemma 3 by R 1 l, that is, R 1 l = {y St : y = } 00 0 {{}} 1 1 {{}} 00 0 {{} }. (17) 4i l i l Lemma 4 Let y R 1 l. Let σ = τj, where 0 j i 1. Then σ(y) e if and only if 0 j i l. Further, y is an odd sequence if and only if i l+1 is odd. Proof From 0 j i l, σ(y) e. Further, we have From σ(y) e, (σ(y)) i 1 j = y i 1 = 1, (σ(y)) i l j = y i l = 1. e i 1 j = e i l j = 1. Hence, the (i 1 j)-th element of y is 1. Further, from the (i 1 j)-th element, the (l 1)-th element is also 1. Then Hence, This lemma follows. i 1 j( mod m ) {i 1,i 2,,l 1}, j {0,1,,i l}.

10 Chunming Tang et al. Lemma 5 The set of all the odd sequences in 2 l i R1 l is R 1 = R 1 l. 2 l i,l i mod 2 Further, #(R 1 ) = { 2 i 1 3 2 i 2 3, i is even,, i is odd. Proof From Lemma 4, the set of all the odd sequence in 2 l i R1 l is R 1 = 2 l i,l i mod 2 R 1 l. Further, #(R 1 l ) = 2l 2. When l l, R 1 l R1 l =. If i is even, If i is odd, #(R 1 ) = 2 0 +2 2 +2 4 + +2 i 2 = 2i 1. 3 #(R 1 ) = 2 1 +2 3 +2 5 + +2 i 2 = 2i 2. 3 This lemma follows. Lemma 6 Let R 2 be the set of all the elements y in St satisfying the following conditions: (1) If j i and j / {2i,3i,4i}, y j = 0; (2) There exists j {2i,3i,4i} satisfying y j = 1; (3) #({j : 0 j i 1,y j = 1}) 2. For any y R 2, let σ G satisfying σ(y) e. Then σ = 1. Proof From Condition (3), choose j 1 and j 2 satisfying Let σ = τ j and σ(y) e, then 0 j 1 < j 2 i 1,y j1 = y j2 = 1. τ j (y) j1 j = y j1 = 1 = e j1 j, τ j (y) j2 j = y j2 = 1 = e j2 j. Further, From the sequence e, 1 (j 2 j) (j 1 j) i 1, j 2 j( mod m ) {1,2,,i 2,i 1},

A Note on Cyclic Codes from APN Functions 11 that is, Further, j = j 2 (i 1),j 2 (i 2),,j 2 1. (i 2) j i 2. From Condition (2), just choose j 0 {2i,3i,4i} sastisfying y j0 = 1. Note that τ j (y) j0 j = y j0 = 1. Hence, e j0 j = 1. We can have j = 0, that is, σ = 1. Lemma 7 Let R 2 be defined above. Then #(R 2 ) = 7(2 i i 1). Proof This lemma can be obtained by the definition of R 2. Lemma 8 Let R 4 = {y St : y e,wt(y) = 4,y / R 1 R 2 }. Then #(R 4 ) = i. Further, let σ G satisfying σ(y) e for any y R 4, then σ = 1. Proof From the definition of R 4, y R 4 if and only if {j : i j 5i 1,y j = 1} = {2i,3i,4i},#({j : 0 j i 1,y j = 1}) = 1. Hence, #(R 4 ) = i. Let y R 4 and σ(y) e. Then σ(y) R 4. Let σ = τ j. Then #({(2i j) mod 5i,(3i j) mod 5i,(4i j) mod 5i} {2i,3i,4i}) 2. Hence, j {0,i, i,2i, 2i}. When j = ±i,±2i, τ j (y) e. Hence, j = 0,that is, σ = 1. Lemma 9 Let R 3 = {y St : y e,wt(y) = 3,y is odd,y / R 1 R 2 }. Then #(R 3 ) = 3(i 1). Further, let σ G satisfying σ(y) e for any y R 3. Then σ = 1.

12 Chunming Tang et al. Proof From the definition of R 3, an element y in R 3 satisfies one of the following three conditions: (1) y 2i = y 3i = y 4i = 1; (2) #({j : y j = 1,j {2i,3i,4i}})= 2,y 0 = 1; (3)#({j : y j = 1,j {2i,3i,4i}})= 2,#({j : y j = 1,1 j i 1}) = 1. We will prove that y satisfying one of Condition (1) and (2) is even, and y in Condition (3) is odd. y in Condition (1) or (2) can fall into the following four cases: (a) y 2i = y 3i = y 4i = 1. It is denoted by y (1) ; (b) y 3i = y 4i = y 0 = 1. It is denoted by y (2) ; (c)y 2i = y 3i = y 0 = 1. It is denoted by y (3) ; (d) y 4i = y 2i = y 0 = 1. It is denoted by y (4). y (1) satisfies that {σ G : σ(y (1) ) e} = {τ 0,τ 4i }. Hence, y (1) is even. Since τ 4i (y (1) ) = y (2), y (2) is also even. y (3) satisfies {σ G : σ(y (3) ) e} = {τ 0,τ 3i }. Hence, y (3) is even. Since τ 3i (y (3) ) = y (4), y (4) is also even. Consequently, y in Condition (1) or (2) is an even sequence. y in Condition (3) satisfies {σ G : σ(y) e} = {τ 0 }. Hence, y in Condition (3) is odd. Further, all the sequences in R 3 fall into sequences in Condition (3). Then, #(R 3 ) = 3(i 1). The proof of σ = 1 is similar to that in Lemma 8. Lemma 10 Let R 2 = {y (1),y (2) }, where y (1) = 00 01 00 01 } 00 00 {{} 00 00 00 00, i i i i i y (2) = } 00 01 {{} 00 00 00 01 00 00 00 00. i i i i i Let R 2 = {y St : y e,wt(y) = 2,y is odd,y / R1 R 2 }. Then y (1) is not cyclically equivalent toy (2).Further, R 2 = {y (1),τ i (y (1) ),τ 4i (y (1) ),y (2),τ 2i (y (2) ),τ 4i (y (2) )}. Proof It is obvious that y (1) and y (2) are not cyclically equivalent. Note that {σ G : σ(y (1) ) e} = {τ 0,τ i,τ 4i }, {σ G : σ(y (2) ) e} = {τ 0,τ 2i,τ 4i }. Then y (1),y (2) R 2. From the definition of R 2, τi (y (1) )4, τ 4i (y (1) ), τ 2i (y (2) ), τ 4i (y (2) ) R 2. To complete the proof, we just show that y in the following three conditions does not lie in R 2. (1) wt(y) = 2,y 4j = y j = 1,0 < j i 1. It is denoted by y (3) ;

A Note on Cyclic Codes from APN Functions 13 (2) wt(y) = 2,y 2j = y j = 1,0 < j i 1. It is denoted by y (4) ; (3) wt(y) = 2,y 3j = y j = 1,0 < j i 1. It is denoted by y (5). Note that {σ G : σ(y (3) ) e} = {τ 0,τ 3i+j }, {σ G : σ(y (4) ) e} = {τ 0,τ i+j }, {σ G : σ(y (5) ) e} = {τ 0,τ 2i+j }, Hence, y (3), y (4) and y (5) are even. Consequently, this lemma follows. If i is an odd integer, any sequence with weight 1 is an even sequence. If i is even, any sequence with weight 1 is an odd sequence. However, the zero sequence is odd if i is odd and it is even if i is even. For convenience, some notations are given below. {00 0 1}, i is even, R 1 = m 1, i is odd. (18), i is even, R 0 = {00 0 }, i is odd. (19) m R = R 1 R 2 R 4 R3 R2 R1 R0. (20) Then we have the following lemma. Lemma 11 Let { R be defined above. Then 22 (1) #(R) = 3 (2i 1) 3i, i is even 22 3 (2i 2) 3i+7, i is odd ; (2) Let σ G satisfy σ(x) R for some x R. Then σ = τ 0 ; (3) Let x R and x 0 m. Then #({σ(x) : σ G}) = m; (4) If x Supp(C e,q,m ), there exists σ G satisfying σ(x) R. Further, Supp(C e,q,m ) = {x Z n : x R}, and #(Supp(C e,q,m )) = { m[ 22 3 (2i 1) 3i], i is even m[ 22 3 (2i 2) 3i+6]+1, i is odd.

14 Chunming Tang et al. Proof Result (1) can be obtained by Lemma 5, Lemma 7, Lemma 8, Lemma 9 and definitions of R 2, R 1, R 0. Result (2) can be obtained by definitions of R 1, R 2, R 4, R 3, R 2, R 1 and R 0. Result (3) can be obtained by Lemma 5, Lemma 6, Lemma 8, Lemma 9 and definitions of R 2, R 1, R 0. Result (4) can be obtained by the definition of R. Finally, the result on Supp(C e,q,m ) can be obtained by Result (2) and (4). The result on #(Supp(C e,q,m )) can be obtained by Result (1) and (3). Theorem 5 Let s be a sequence defined by s t = Tr((1+α t ) 24i +2 3i +2 2i +2 i 1 ). Then the linear span L s of s is { m[ 22 L s = 3 (2i 1) 3i], i is even, m[ 22 (21) 3 (2i 2) 3i+6]+1, i is odd. And the minimal polynomial of s is { i R M s (x) = m α i(x), i is even, (x 1) i R,i 0 m m α i(x), i is odd. (22) where m α i(x) is the minimal polynomial of α i. Proof This theorem follows from Lemma 11 and Theorem 2. Theorem 6 The binary cyclic code C s induced by the sequence s in Theorem 5 is an [2 m 1,2 m 1 L s,d] code, whose generator polynomial is M s (x) in Identity (22). L s is given by Identity (21). Further, { 2 i +1, i 0 mod 2 d 2 i. +2, i 1 mod 2 Proof The dimension of C s can be obtained by Theorem 5 and the definition of C s. Then we will give the lower bound of minimum weight. Note that the weight distribution of the cyclic code generated by M s (x) is the same as that of the cyclic code generated by the reciprocal polynomial of M s (x). From Lemma 11, the reciprocal polynomial of M s (x) has zero points α 24i +2 3i +2 2i +j, where j {0,1,2,...2 i 1}. From the BCH bound, we have d 2 i +1. If m is odd, then C s is an even-weight code and d 2 i +2. Example 3 Let q = 2 and m = 5. Let α be a primitive element of GF(2 5 ) satisfyingα 5 +α 2 +1 = 0.ThenthecorrespondingcycliccodeC s isan[31,15,8] code, whose generator polynomial is M s (x) = x 16 +x 14 +x 13 +x 10 +x 9 +x 8 +x 7 +x 6 +x 5 +x 2 +x+1. And its dual is an [31,16,7] cyclic code. Example 4 Let q = 2 and m = 10. Let α be a primitive element of GF(2 10 ) satisfying α 10 +α 6 +α 5 +α 3 +α 2 +α+1 = 0. Then the corresponding cyclic code C s is an [1023,863] code. And its dual is an [1023,160] cyclic code.

A Note on Cyclic Codes from APN Functions 15 6 Conclusion In this paper, we solve two open problems presented by Ding, which are on cyclic codes induced by the inverse APN functions and the Dobbertin APN functions. Further, we determine the dimensions and generator polynomials of these cyclic codes, which is from the determination of linear spans and minimal polynomials of sequences. The techniques we used in this paper are general and can be utilized in other open problems presented by Ding in [9]. Actually, we present a framework for determining the minimal polynomial of the sequence s defined by s t = Tr((1+α t ) e ). Acknowledgements This work was supported by the National Natural Science Foundation of China (Grant Nos. 61272499, 10990011). Yanfeng Qi acknowledges support from Aisino Corporation Inc. References 1. M. Antweiler, L. Bomer, complex sequences over GF(p M ) with a two-level autocorrelation function and a large linear span, IEEE Trans. Inform. Theory, vol. 38, pp. 120-130, 1992. 2. T. Beth, C. Ding, On almost perfect nonlinear permutations, in:advances in Cryptology-EUROCRYPT 93,Lecture Notes in Comput. Sci. 765, Springer-Verlag, New York, 1993, pp. 6576. 3. I. Blake, R. C. Mullen, The Mathematical Theory of Coding,Academic Press, New York, 1975. 4. A. Canteaut, P. Charpin, H. Dobbertin, Weight divisibility of cyclic codes, highly nonlinear functions onf 2 m, and crosscorrelation of maximum-length sequences, SIAM. J. Discrete Math., vol. 13, no. 1, pp. 105-138, 2000. 5. C. Carlet, P. Charpin, V. Zinoviev, Codes, bent functions and permutations suitable for DES-like cryptosys-tems, Des. Codes Cryptogr.,vol. 15, pp. 125-156, 1998. 6. C. Carlet, C. Ding, J. Yuan, Linear codes from highly nonlinear functions and their secret sharing schemes, IEEE Trans. Inform. Theory,vol. 51, no. 6, pp. 2089-2102, 2005. 7. P. Charpin, Open problems on cyclic codes, in: Handbook of Coding Theory, Part 1: Algebraic Coding, V.S. Pless, W. C. Huffman, and R. A. Brualdi, Eds. Amsterdam, The Netherlands: Elsevier, 1998, ch. 11. 8. R. T. Chien, Cyclic decoding procedure for the Bose-Chaudhuri-Hocquenghem codes, IEEE Trans. In-form. Theory, vol. 10, pp. 357-363, 1964. 9. C. Ding, Cyclic codes from APN and planar functions, CoRR abs/1206.4687,2012. 10. T. Helleseth, C. Rong, D. Sandberg, New families of almost perfect nonlinear power mappings, IEEE Trans. Inform. Theory,vol. 45, no. 2, pp. 475-485, 1999. 11. H. Dobbertin, Almost perfect nonlinear power functions on GF(2 n ): The Niho case, Inform. and Comput., vol. 151, pp. 57-72, 1999. 12. G. D. Forney, On decoding BCH codes, IEEE Trans. Inform. Theory, vol. 11, no. 4, pp. 549-557, 1995. 13. C. R. P. Hartmann, K. K. Tzeng, Generalizations of the BCH bound, Information and Control, vol. 20,pp. 489-498, 1972. 14. W. C. Huffman, V. Pless, Fundamentals of Error-Correcting Codes,Cambridge University Press, Cam-bridge, 2003. 15. E. Lucas, Théorie des fonctions numériques simplement périodiques, Am. J. Math. 1, 229-231,1878. 16. L. Lidl, H. Niederreiter, Finite Fields,Cambridge University Press, Cambridge, 1997. 17. J. H. van Lint, R. M. Wilson, On the minimum distance of cyclic codes, IEEE Trans. Inform. Theory, vol. 32, no. 1, pp. 23-40, 1986.

16 Chunming Tang et al. 18. K. Nyberg, Differentially uniform mappings for cryptography, in:advances in Cryptology-EUROCRYPT 93,Lecture Notes in Comput. Sci. 765, Springer-Verlag, New York, 1993, pp. 55-64. 19. E. Prange, Some cyclic error-correcting codes with simple decoding algorithms, Air Force Cambridge Research Center-TN-58-156, Cambridge, Mass., April 1958. 20. W. Si, C. Ding, A simple stream cipher with proven properties, Cryptography and Communications,to appear.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback