Construction and Analysis of Boolean Functions of 2t + 1 Variables with Maximum Algebraic Immunity

Similar documents
New problems in universal algebraic geometry illustrated by boolean equations

arxiv: v1 [math.co] 1 Apr 2011

Construction and Count of Boolean Functions of an Odd Number of Variables with Maximum Algebraic Immunity

On the Quasi-inverse of a Non-square Matrix: An Infinite Solution

ONE-POINT CODES USING PLACES OF HIGHER DEGREE

Multiple Criteria Secretary Problem: A New Approach

A STUDY OF HAMMING CODES AS ERROR CORRECTING CODES

SOME GENERAL NUMERICAL RADIUS INEQUALITIES FOR THE OFF-DIAGONAL PARTS OF 2 2 OPERATOR MATRICES

arxiv: v1 [math.co] 4 May 2017

SOME SOLVABILITY THEOREMS FOR NONLINEAR EQUATIONS

ON THE INVERSE SIGNED TOTAL DOMINATION NUMBER IN GRAPHS. D.A. Mojdeh and B. Samadi

On a quantity that is analogous to potential and a theorem that relates to it

PROBLEM SET #1 SOLUTIONS by Robert A. DiStasio Jr.

The Congestion of n-cube Layout on a Rectangular Grid S.L. Bezrukov J.D. Chavez y L.H. Harper z M. Rottger U.-P. Schroeder Abstract We consider the pr

THE JEU DE TAQUIN ON THE SHIFTED RIM HOOK TABLEAUX. Jaejin Lee

10/04/18. P [P(x)] 1 negl(n).

Chapter 5 Linear Equations: Basic Theory and Practice

A Bijective Approach to the Permutational Power of a Priority Queue

New Finding on Factoring Prime Power RSA Modulus N = p r q

Secret Exponent Attacks on RSA-type Schemes with Moduli N = p r q

NOTE. Some New Bounds for Cover-Free Families

Gradient-based Neural Network for Online Solution of Lyapunov Matrix Equation with Li Activation Function

Probablistically Checkable Proofs

Chapter 3: Theory of Modular Arithmetic 38

On the Poisson Approximation to the Negative Hypergeometric Distribution

Syntactical content of nite approximations of partial algebras 1 Wiktor Bartol Inst. Matematyki, Uniw. Warszawski, Warszawa (Poland)

Research Article On Alzer and Qiu s Conjecture for Complete Elliptic Integral and Inverse Hyperbolic Tangent Function

arxiv: v1 [math.co] 6 Mar 2008

Journal of Inequalities in Pure and Applied Mathematics

Lifting Private Information Retrieval from Two to any Number of Messages

Stanford University CS259Q: Quantum Computing Handout 8 Luca Trevisan October 18, 2012

Weighted least-squares estimators of parametric functions of the regression coefficients under a general linear model

On decompositions of complete multipartite graphs into the union of two even cycles

On the ratio of maximum and minimum degree in maximal intersecting families

CONSTRUCTION OF EQUIENERGETIC GRAPHS

Hua Xu 3 and Hiroaki Mukaidani 33. The University of Tsukuba, Otsuka. Hiroshima City University, 3-4-1, Ozuka-Higashi

Relating Branching Program Size and. Formula Size over the Full Binary Basis. FB Informatik, LS II, Univ. Dortmund, Dortmund, Germany

Enumerating permutation polynomials

QUANTUM ALGORITHMS IN ALGEBRAIC NUMBER THEORY

KOEBE DOMAINS FOR THE CLASSES OF FUNCTIONS WITH RANGES INCLUDED IN GIVEN SETS

Available online through ISSN

In statistical computations it is desirable to have a simplified system of notation to avoid complicated formulas describing mathematical operations.

Pearson s Chi-Square Test Modifications for Comparison of Unweighted and Weighted Histograms and Two Weighted Histograms

ON INDEPENDENT SETS IN PURELY ATOMIC PROBABILITY SPACES WITH GEOMETRIC DISTRIBUTION. 1. Introduction. 1 r r. r k for every set E A, E \ {0},

A pathway to matrix-variate gamma and normal densities

arxiv: v1 [math.ca] 12 Mar 2015

CERFACS 42 av. Gaspard Coriolis, Toulouse, Cedex 1, France. Available at Date: April 2, 2008.

arxiv: v2 [math.ag] 4 Jul 2012

Duality between Statical and Kinematical Engineering Systems

Channel matrix, measurement matrix and collapsed matrix. in teleportation

Using Laplace Transform to Evaluate Improper Integrals Chii-Huei Yu

Analytical Solutions for Confined Aquifers with non constant Pumping using Computer Algebra

Bounds for Codimensions of Fitting Ideals

Vanishing lines in generalized Adams spectral sequences are generic

A NEW VARIABLE STIFFNESS SPRING USING A PRESTRESSED MECHANISM

A Multivariate Normal Law for Turing s Formulae

On the ratio of maximum and minimum degree in maximal intersecting families

HOW TO TEACH THE FUNDAMENTALS OF INFORMATION SCIENCE, CODING, DECODING AND NUMBER SYSTEMS?

Matrix Colorings of P 4 -sparse Graphs

STUDY OF SOLUTIONS OF LOGARITHMIC ORDER TO HIGHER ORDER LINEAR DIFFERENTIAL-DIFFERENCE EQUATIONS WITH COEFFICIENTS HAVING THE SAME LOGARITHMIC ORDER

DonnishJournals

Mean Curvature and Shape Operator of Slant Immersions in a Sasakian Space Form

Lecture 25: Pairing Based Cryptography

Tight Upper Bounds for the Expected Loss of Lexicographic Heuristics in Binary Multi-attribute Choice

15.081J/6.251J Introduction to Mathematical Programming. Lecture 6: The Simplex Method II

Method for Approximating Irrational Numbers

A Crash Course in (2 2) Matrices

6 PROBABILITY GENERATING FUNCTIONS

MATH 220: SECOND ORDER CONSTANT COEFFICIENT PDE. We consider second order constant coefficient scalar linear PDEs on R n. These have the form

Semicanonical basis generators of the cluster algebra of type A (1)

Quasi-Randomness and the Distribution of Copies of a Fixed Graph

An Exact Solution of Navier Stokes Equation

Moment-free numerical approximation of highly oscillatory integrals with stationary points

THE MAXIMUM SIZE OF A PARTIAL SPREAD II: UPPER BOUNDS

Measure Estimates of Nodal Sets of Polyharmonic Functions

CALCULATING THE NUMBER OF TWIN PRIMES WITH SPECIFIED DISTANCE BETWEEN THEM BASED ON THE SIMPLEST PROBABILISTIC MODEL

On Polynomials Construction

EQUI-PARTITIONING OF HIGHER-DIMENSIONAL HYPER-RECTANGULAR GRID GRAPHS

Unobserved Correlation in Ascending Auctions: Example And Extensions

On Computing Optimal (Q, r) Replenishment Policies under Quantity Discounts

Localization of Eigenvalues in Small Specified Regions of Complex Plane by State Feedback Matrix

Perturbation to Symmetries and Adiabatic Invariants of Nonholonomic Dynamical System of Relative Motion

Model and Controller Order Reduction for Infinite Dimensional Systems

q i i=1 p i ln p i Another measure, which proves a useful benchmark in our analysis, is the chi squared divergence of p, q, which is defined by

Failure Probability of 2-within-Consecutive-(2, 2)-out-of-(n, m): F System for Special Values of m

THE CONE THEOREM JOEL A. TROPP. Abstract. We prove a fixed point theorem for functions which are positive with respect to a cone in a Banach space.

Boundedness for Marcinkiewicz integrals associated with Schrödinger operators

A scaling-up methodology for co-rotating twin-screw extruders

Web-based Supplementary Materials for. Controlling False Discoveries in Multidimensional Directional Decisions, with

DEMONSTRATING THE INVARIANCE PROPERTY OF HOTELLING T 2 STATISTIC

Lecture 16 Root Systems and Root Lattices

6 Matrix Concentration Bounds

On the Number of Rim Hook Tableaux. Sergey Fomin* and. Nathan Lulov. Department of Mathematics. Harvard University

Physics 2A Chapter 10 - Moment of Inertia Fall 2018

9.1 The multiplicative group of a finite field. Theorem 9.1. The multiplicative group F of a finite field is cyclic.

Solving Some Definite Integrals Using Parseval s Theorem

EM Boundary Value Problems

Alternative Tests for the Poisson Distribution

arxiv: v1 [math.nt] 12 May 2017

This is a very simple sampling mode, and this article propose an algorithm about how to recover x from y in this condition.

Transcription:

Constuction and Analysis of Boolean Functions of 2t + 1 Vaiables with Maximum Algebaic Immunity Na Li and Wen-Feng Qi Depatment of Applied Mathematics, Zhengzhou Infomation Engineeing Univesity, Zhengzhou, 450002, China mylina 1980@yahoo.com.cn, wenfeng.qi@263.net Abstact. In this pape, we study the constuction of (2t + 1-vaiable Boolean functions with maximum algebaic immunity, and we also analyze some othe cyptogaphic popeties of this kind of functions, such as nonlineaity, esilience. We fist identify seveal classes of this kind of functions. Futhe, some necessay conditions of this kind of functions which also have highe nonlineaity ae obtained. In this way, a modified constuction method is poposed to possibly obtain (2t + 1-vaiable Boolean functions which have maximum algebaic immunity and highe nonlineaity, and a class of such functions is also obtained. Finally, we pesent a sufficient and necessay condition of (2t + 1-vaiable Boolean functions with maximum algebaic immunity which ae also 1-esilient. Keywods: Algebaic attack, algebaic immunity, Boolean functions, balancedness, nonlineaity, esilience. 1 Intoduction The ecent pogess in eseach elated to algebaic attacks [1,2,5,6] seems to theaten all LFSR-based steam ciphes. It is known that Boolean functions used in steam ciphes should have high algebaic degee [11]. Howeve, a Boolean function may have low degee multiples even if its algebaic degee is high. By this fact it is possible to obtain an ove-defined system of multivaiate equations of low degee whose unknowns ae the bits of the initialization of the LFSR(s. Then the secet key can be discoveed by solving the system. To measue the esistance to algebaic attacks, a new cyptogaphic popety of Boolean functions called algebaic immunity (AI has been poposed by W. Meie et al. [16]. When used in a cyptosystem, a Boolean function should have high AI. Now, it is known that the AI of an n-vaiable Boolean function is uppe bounded by n 2 [6,16]. Balancedness, nonlineaity and coelation-immunity ae thee othe impotant cyptogaphic citeia. In some sense, algebaic immunity is compatible with the fome two citeia: a Boolean functions with low nonlineaity will have low AI [7,14], a Boolean function of an odd numbe of vaiables with maximum AI must be balanced [7]. The existence of links between algebaic immunity and coelation-immunity emains open. Constuctions of Boolean functions with maximum AI ae obviously impotant. Futhe, it is moe impotant to constuct these functions which also satisfy This wok was suppoted by National Natue Science Foundation of China unde Gant numbe 60373092.

2 Na Li and Wen-Feng Qi some othe citeia (such as balancedness, a high nonlineaity, a high coelationimmunity ode,.... Some classes of symmetic Boolean functions with maximum AI wee obtained in [3] and [9], and it was shown in [12] that thee is only one such symmetic function (besides its complement when the numbe of input vaiables is odd. A constuction keeping in mind the basic theoy of algebaic immunity was pesented in [9], which also povided some functions with maximum AI. In [4], Calet intoduced a geneal method (fo any numbe of vaiables and an algoithm (fo an even numbe of vaiables fo constucting balanced functions with maximum AI. In [13], a method was poposed fo constucting functions of an odd numbe of vaiables with maximum AI, which convet the poblem of constucting such a function to the poblem of finding an invetible submatix of a 2 n 1 2 n 1 matix. And it was stated that any such function can be obtained by this method. In this pape, we study the constuction of (2t +1-vaiable Boolean functions with maximum AI, and we also analyze some othe cyptogaphic popeties of this kind of functions. Fom the chaacteistic of the matix used in the constuction poposed in [13], we obtain some necessay o sufficient conditions of (2t + 1-vaiable Boolean functions with maximum AI. Futhe, by studying the Walsh specta of this kind of functions, we obtain some necessay conditions of this kind of functions which also have highe nonlineaity and thus we popose a modified constuction to obtain such functions. We finally pesent a sufficient and necessay condition of (2t + 1-vaiable Boolean functions with maximum AI which ae also 1-esilient. 2 Peliminaies Let F n 2 be the set of all n-tuples of elements in the finite field F 2. To avoid confusion with the usual sum, we denote the sum ove F 2 by. A Boolean function of n vaiables is a function fom F n 2 into F 2. Any n-vaiable Boolean function f can be uniquely expessed by a polynomial in F 2 [x 1,..., x n ]/(x 2 1 x 1,..., x 2 n x n, which is called its algebaic nomal fom (ANF. The algebaic degee of f, denoted by deg(f, is the degee of this polynomial. Boolean function f can also be identified by a binay sting of length 2 n, called its tuth table, which is defined as (f(0, 0,..., 0, f(1, 0,..., 0, f(0, 1,..., 0,..., f(1, 1,..., 1. Let 1 f = X F n 2 f(x = 1}, 0 f = X F n 2 f(x = 0}. The set 1 f (esp. 0 f is called the on set (esp. off set. The cadinality of 1 f, denoted by wt(f, is called the Hamming wight of f. We say that an n-vaiable Boolean function f is balanced if wt(f = 2 n 1. The Hamming distance between two functions f and g, denoted by d(f, g, is the Hamming weight of f g. Let S = (s 1, s 2,..., s n F n 2, the Hamming weight of S, denoted by wt(s, is the numbe of 1 s in s 1, s 2,..., s n }.

Constuction and Analysis of Boolean Functions 3 Walsh specta is an impotant tool fo studying Boolean functions. Let X = (x 1,..., x n and S = (s 1,..., s n both belonging to F n 2 and thei inne poduct X S = x 1 s 1... x n s n. Let f be a Boolean function of n vaiables. Then the Walsh tansfom of f is an intege valued function ove F n 2 which is defined as W f (S = X F n 2 ( 1 f(x X S. Affine functions ae those Boolean functions of degee at most 1. The nonlineaity of an n-vaiable Boolean function f is its Hamming distance fom the set of all n-vaiable affine functions, i.e., nl(f = mind(f, g g is an affine function}. The nonlineaity of f can be descibed by its Walsh specta as nl(f = 2 n 1 1 2 max S F n 2 W f (S. Coelation immune functions and esilient functions ae two impotant classes of Boolean functions. A function is mth ode coelation immune (esp. m-esilient if and only if its Walsh specta satisfies W f (S = 0, fo 1 wt(s m (esp. 0 wt(s m. Definition 1. [16] Fo a given n-vaiable Boolean function f, a nonzeo n- vaiable Boolean function g is called an annihilato of f if f g = 0, and the algebaic immunity of f, denoted by AI(f, is the minimum value of d such that f o f 1 admits an annihilating function of degee d. Fo convenience, two odeings on vectos and monomials ae defined as follows. Definition 2. A vecto odeing < v on F n 2 is defined as: let (a 1,..., a n, (b 1,..., b n F n 2, then (a 1,..., a n < v (b 1,..., b n if and only if n i=1 a i < n i=1 b i, o n i=1 a i = n i=1 b i and thee exists 1 i < n such that a i > b i, a j = b j fo 1 j < i. Example 1. If n = 3, then (0, 0, 0 < v (1, 0, 0 < v (0, 1, 0 < v (0, 0, 1 < v (1, 1, 0 < v (1, 0, 1 < v (0, 1, 1 < v (1, 1, 1. Definition 3. A monomial odeing < m on F 2 [x 1,..., x n ]/(x 2 1 x 1,..., x 2 n x n is defined as: let x a 1 1... xan n, x b 1 1... x bn n F 2 [x 1,..., x n ]/(x 2 1 x 1,..., x 2 n x n, then x a 1 1... xan n < m x b 1 1... x bn n if and only if (a 1,..., a n < v (b 1,..., b n. It is clea that < v and < m ae both total odeings. Let A be an l l matix, and integes 1 i 1, i 2..., i k l, 1 j 1, j 2..., j k l. Denoted by A (i1,...,i k the k l matix with the th (1 k ow vecto equal to the i th ow vecto of A, and A (i1,...,i k ;j 1,...,j k the k k matix with the th (1 k column vecto equal to the j th column vecto of A (i1,...,i k.

4 Na Li and Wen-Feng Qi 3 Constuction of Boolean functions with maximum AI In this section, we biefly eview the method to constuct Boolean functions with maximum AI poposed in [13]. Let n be a positive intege, X = (x 1,..., x n F n 2. Let v(x =(1, x 1,..., x n, x 1 x 2,..., x n 1 x n,......, P n x 1 x n 2 1,..., x n 2 +2 x 2 1 i=0 ( n F n i 2, whee the monomials ae odeed accoding to the odeing < m. It is clea that n 2 1 ( n i=0 i = 2 n 1 when n is odd. Let f be an n-vaiable Boolean function, ( n i matix with the set of ow vectos let V (1 f denote the wt(f n 2 1 i=0 v(x X 1 f }, and V (0 f denote the (2 n wt(f n 2 1 the set of ow vectos v(x X 0 f }. i=0 ( n i matix with Lemma 1. [3,9] Let odd n = 2t + 1 and f be an n-vaiable Boolean function which satisfies a fo wt(x t f(x = a 1 fo wt(x > t, whee a F 2, then AI(f = t + 1. When a = 1, the function descibed in Lemma 1 is called the majoity function, and we denote it by F n. It is clea that F n is balanced. We aange the vectos in 1 Fn (esp. 0 Fn accoding to the ode < v, and denote them by X 1,..., X 2 n 1 (esp. Y 1,..., Y 2 n 1, i.e. X 1 < v... < v X 2 n 1 (esp. Y 1 < v... < v Y 2 n 1. Let X j = (x j,1,..., x j,n (esp. Y i = (y i,1,..., y i,n. The ith ow vecto of V (1 Fn (esp. V (0 Fn is v(x i (esp. v(y i. The idea of the constuction poposed in [13] is to obtain a new function by changing the values of the majoity function at some vectos. The poblem of finding out the appopiate vectos is conveted to the poblem of finding out a k k invetible submatix of the 2 n 1 2 n 1 invetible matix W = V (0 Fn V (1 Fn 1. Theoem 1. [13] Let n = 2t + 1, and f an n-vaiable Boolean function. Then, AI(f= t + 1 if and only if thee exist integes 1 i 1 <... < i k 2 n 1, 1 j 1 <... < j k 2 n 1, such that f = f (i1,...,i k ;j 1,...,j k and W (i1,...,i k ;j 1,...,j k is invetible, whee f (i1,...,i k ;j 1,...,j k is defined as Fn (X 1 if X X f (i1,...,i k ;j 1,...,j k (X = j1,..., X jk, Y i1,..., Y ik } F n (X else. (1 Constuction 1 [13] Let n = 2t + 1. The following method can geneate a Boolean function of n vaiables with maximum AI. Step1: Select andomly an intege 1 k 2 n 2 and k integes 1 i 1 <... < i k 2 n 1.

Constuction and Analysis of Boolean Functions 5 Step2: Find out k integes 1 j 1 <... < j k 2 n 1, such that the j 1 th,..., j k th column vectos of W (i1,...,i k ae linealy independent. Then, the Boolean function f (i1,...,i k ;j 1,...,j k defined by (1 has AI t + 1. Remak 1. 1 Fo any fixed 1 k 2 n 2 and any k integes 1 i 1 <... < i k 2 n 1, thee always exist k integes 1 j 1 <... < j k 2 n 1 such that W (i1,...,i k ;j 1,...,j k is invetible. 2 Any Boolean function of 2t + 1 vaiables with maximum AI can be constucted by this method. Fo the est of this pape, we always suppose n = 2t + 1. 4 Popeties of W and seveal classes of n-vaiable Boolean functions with maximum AI In this section, we fist show some impotant popeties of the matix W = V (0 Fn V (1 Fn 1, then use these conclusions to obtain some necessay o sufficient conditions of n-vaiable Boolean function achieving maximum AI. Let A be a 2 n 1 2 n 1 matix, and divide A into (t+1 2 submatixes, denoted by A i,j, 1 i t + 1, 1 j t + 1, defined as whee l = A i,j = A (i 1 +1, i 1 +2..., i ;s j 1 +1,s j 1 +2...,s j, 0 if l = 0, s if l > 0 l = l k=1 ( n t+k 0 if l = 0. if l > 0 l 1 k=0 ( n k It is clea that the ow (esp. column vectos of W i,j coespond to the vectos in F n 2 with Hamming weight i + t (esp. j 1. Poposition 1. [10] V (1 Fn 1 =V (1 Fn. Poposition 2. Let W = V (0 Fn V (1 Fn 1, then 0 if W i,j = V (0 Fn i,j t j+1 ( t+i j+1 = 0 else whee 0 denotes the matix with all enties 0., fo 1 i, j t + 1, Poof. By Poposition 1, W = V (0 Fn V (1 Fn 1 = V (0 Fn V (1 Fn. Let Y = (y 1,..., y n 0 Fn and wt(y = i > t, x 1 x j be a monomial of degee j(0 j t. Denote the tanspose of the column vecto of V (1 Fn coesponding to x 1 x j by u(x 1 x j. That is, u(x 1 x j is the evaluation of x 1 x j at the vectos belonging to 1 Fn. We can epesent u(x 1 x j as (g(1, g(x 1,..., g(x n, g(x 1 x 2, g(x 1 x 3,..., g(x n 1 x n,..., g(x 1 x t,..., g(x t+2 x n, (2

6 Na Li and Wen-Feng Qi whee g is a function on the monomials of degee at most t, which satisfies g(x a 1 1 if 1 x1 x xan n = j x a 1 1 xan n 0 else On the othe hand, we can also epesent v(y as. (3 (h(1, h(x 1,..., h(x n, h(x 1 x 2, h(x 1 x 3,..., h(x n 1 x n,..., h(x 1 x t,..., h(x t+2 x n, (4 whee h is a function on the monomials of degee at most t, which satisfies h(x a 1 1 if x a 1 1 xan n = 1 xan n x y 1 1 xyn n. (5 0 else Denote the inne poduct of v(y and u(x 1 x j by c. If y 1,..., y j ae not all 1, by (2, (3, (4 and (5, we have c = 0 = h(x 1 x j. If y 1,..., y j ae all 1, we have h(x 1 x j = 1 and c = x 1 x j x a 1 1 xan n, x a 1 1 xan n x y 1 1 xyn n wt(a 1,...,a n t t j ( i j 1 = It is clea that the ow (esp. column vectos of W i,j coespond to the vectos in F n 2 with Hamming weight i + t (esp. j 1. Theefoe, we complete the poof. Coollay 1. 1 Fo any 2 i t + 1, W i,t+2 i = 0. 2 Fo any 1 j t + 1, W 1,j = V (0 Fn 1,j. 3 Fo any 1 i t + 1, W i,t+1 = V (0 Fn i,t+1. Poof. 1 If 2 i t + 1 and j = t + 2 i, then t j+1 2 If i = 1, then t j+1. ( t + i j + 1 i 1 ( 2i 1 = = 2 2i 2 mod 2 = 0. ( t + i j + 1 = t j+1 ( t j + 2 = 2 t j+2 1 mod 2 = 1. 3 If j = t + 1, then t j+1 ( t + i j + 1 = 1. We can obtain some necessay conditions of n-vaiable Boolean functions with maximum AI.

Constuction and Analysis of Boolean Functions 7 Theoem 2. Let 1 k 2 n 1, 1 i 1 <... < i k 2 n 1, 1 j 1 <... < j k 2 n 1 t j. If thee exist 0 j t, t + 1 i n such that = 0, and #X X j1,..., X jk } wt(x = j} + #Y Y i1,..., Y ik } wt(y = i} > k, then, AI(f (i1,...,i k ;j 1,...,j k < t + 1. Poof. By Theoem 1, it is sufficient to show that W (i1,...,i k ;j 1,...,j k is not invetible. By Poposition 2 and the fist condition, we have that W i t,j+1 = 0. Then the second condition implies that W (i1,...,i k ;j 1,...,j k has a submatix with the numbe of ows and columns geate than k whose enties ae all 0. Theefoe, W (i1,...,i k ;j 1,...,j k is not invetible. Coollay 2. Let 1 k 2 n 1, 1 i 1 <... < i k 2 n 1, 1 j 1 <... < j k 2 n 1. If thee exists 0 t 1 such that #X X j1,..., X jk } wt(x = } + #Y Y i1,..., Y ik } wt(y = n } > k, then, AI(f (i1,...,i k ;j 1,...,j k < t + 1. In the following of this section, seveal classes of n-vaiable Boolean functions with maximum AI ae povided. Theoem 3. Let 1 k 2 n 1, 1 i 1 <... < i k 2 n 1, 1 j 1 <... < j k 2 n 1. If the following conditions ae both satisfied, then AI(f (i1,...,i k ;j 1,...,j k = t + 1. 1 Thee exist 1 a 1 <... < a s n, such that x j,a 1 =... = x j,a s = 0 fo 1 k. 2 Fo any X j (1 k, thee exists coespondingly Y i Y i1,..., Y ik }, such that y i,a = x j,a fo a / a 1,..., a s }, and t wt(x j l=0 ( wt(yi wt(x j = 1. l Poof. If X j1,..., X jk and Y i1,..., Y ik satisfy the two conditions, then by Poposition 2, W (i1,...,i k ;j 1,...,j k is in the fom of lowe tiangula with all enties on the diagonal equal to 1. Theefoe W (i1,...,i k ;j 1,...,j k is invetible, which implies that W (i1,...,i k ;j 1,...,j k is invetible, and the esult holds by Theoem 1. Example 2. Let n = 7, L 1 = (1, 0, 0, 0, 0, 0, 0, (0, 1, 1, 0, 0, 0, 0, (0, 0, 1, 1, 0, 0, 0, (1, 1, 1, 0, 0, 0, 0, } 1 Fn, L 2 = (1, 0, 0, 0, 1, 1, 1, (0, 1, 1, 0, 1, 1, 0, (0, 0, 1, 1, 0, 1, 1, (1, 1, 1, 0, 1, 1, 1, } 0 Fn. Then the function ( i j has AI 4. Fn (X 1 if X L f(x = 1 L 2 F n (X else

8 Na Li and Wen-Feng Qi Theoem 4. Let 1 2k 2 n 1, 1 i 1 <... < i 2k 2 n 1, 1 j 1 <... < j 2k 2 n 1. wt(x j = w 1, wt(y i = w 1 fo 1 k, and wt(x j = w 2, wt(y i = w 2 fo k + 1 2k. If one of the following two conditions is satisfied, then AI(f (i1,...,i 2k ;j 1,...,j 2k = t + 1. t w 2 and ae not both 1, and 1 t w 1 2 t w 1 ( w 2 w 1 ( w 1 w 2 AI(f (i1,...,i k ;j 1,...,j k = AI(f (ik+1,...,i 2k ;j k+1,...,j 2k = t + 1. ( w 1 w 1 t w 2 and ( w 2 w 2 ae not both 1, and AI(f (i1,...,i k ;j k+1,...,j 2k = AI(f (ik+1,...,i 2k ;j 1,...,j k = t + 1. Poof. Let M denote the 2k 2k matix W (i1,...,i 2k ;j 1,...,j 2k. The fist condition implies that M (1,...,k;1,...,k and M (k+1,...,2k;k+1,...,2k ae both invetible, and at least one of M (1,...,k;k+1,...,2k and M (k+1,...,2k;1,...,k is 0. Then, M is invetible, and the esult holds by Theoem 1. If the second condition is satisfied, the esult can be poved in the same way. Example 3. Let n = 7, L 1 =(0, 0, 0, 0, 1, 1, 0, (0, 0, 0, 0, 1, 0, 1, (0, 0, 0, 0, 0, 1, 1, (1, 1, 0, 0, 1, 0, 0, (1, 1, 0, 0, 0, 1, 0, (1, 1, 0, 0, 0, 0, 1}, L 2 =(1, 1, 0, 0, 1, 1, 0, (1, 1, 0, 0, 1, 0, 1, (1, 1, 0, 0, 0, 1, 1, (1, 1, 1, 1, 1, 0, 0, (1, 1, 1, 1, 0, 1, 0, (1, 1, 1, 1, 0, 0, 1}. Then the function Fn (X 1 if X L f(x = 1 L 2 F n (X else has AI 4. Theoem 5. Let 1 k n, Y i1,..., Y ik belong to 0 Fn and thei Hamming weight ae w 1,..., w k, espectively. If = 1 fo 1 i k, and 1 t 1 ( wi 1 2 thee exist 1 j 1 <... < j k n, such that the j 1 th,..., j k th column of Y i1 the matix... ae linealy independent, Y ik then, AI(f (i1,...,i k ;j 1 +1,...,j k +1 = t + 1. Poof. By Poposition 2, W (i1,...,i k ;j 1 is invetible if the two conditions ae +1,...,j k +1 both satisfied, then, and the esult holds by Theoem 1. Example 4. Let n = 7, L 1 =(1, 0, 0, 0, 0, 0, 0, (0, 1, 0, 0, 0, 0, 0, (0, 0, 1, 0, 0, 0, 0}, L 2 =(1, 0, 1, 0, 1, 1, 1, (0, 1, 1, 0, 1, 0, 1, (1, 1, 1, 1, 0, 1, 0}. Then the function Fn (X 1 if X L f(x = 1 L 2 F n (X else has AI 4.

Constuction and Analysis of Boolean Functions 9 5 Nonlineaity and esilience of Boolean functions with maximum AI At fist, we give the Walsh specta of majoity functions. Note that although the fist item and the case of wt(s = 1 in the second item in the following lemma have been given in [9], we still give the poof fo completeness. Lemma 2. Let S F n 2. 1 If wt(s is even, then W Fn (S = 0. 2 If wt(s is odd, then Poof. Since ( n 1 W Fn (S = ( 1 (wt(s+1/2 2 t wt(x=i (wt(s 1/2 ( 1 S X = K i (wt(s, n, we have W Fn (S = n i=t+1 K i (wt(s, n i=1 2i 1 n 2i. t K i (wt(s, n, (6 whee K i (k, n is the so-called Kawtchouk polynomial [15, Page 151, Pat I] defined by i ( ( k n k K i (k, n = ( 1 j, i = 0, 1,..., n. j i j j=0 Kawtchouk polynomials also have popeties [15, Page 153, Pat I] as follows. P1. K i (k, n = ( 1 k K n i (k, n. P2. e i=0 K i(k, n = K e (k 1, n 1. P3. (n kk i (k + 1, n = (n 2iK i (k, n kk i (k 1, n fo nonnegative integes i and k. If wt(s is even, then by (6 and P1, we have W Fn (S = 0. If wt(s is odd, then by (6, P1 and P2, we have W Fn (S = 2 i=0 t K i (wt(s, n = 2K t (wt(s 1, n 1. i=0 By the definition of Kawtchouk polynomials, we have K t (k, n 1 = 0 if k is odd. Thus by P3, we have (wt(s 1/2 W Fn (S = ( 1 (wt(s 1/2+1 2i 1 2K t (0, n 1 n 2i ( n 1 = ( 1 (wt(s+1/2 2 t i=1 (wt(s 1/2 i=1 2i 1 n 2i.

10 Na Li and Wen-Feng Qi Lemma 3. Let S, T F n 2. 1 If wt(s + wt(t = n + 1, then W Fn (S = ( 1 t W Fn (T. 2 If both wt(s and wt(t ae odd, and 0 < wt(s < wt(t t + 1, then W Fn (S > W Fn (T. Poof. 1 Since Kawtchouk polynomials have the following popety, we have that K i (k, n = ( 1 i K i (n k, n, W Fn (S = 2K t (wt(s 1, n 1 = 2( 1 t K t (n 1 (wt(s 1, n 1 = 2( 1 t K t (wt(t 1, n 1 = ( 1 t W Fn (T. 2 It is obvious fom the second item of Lemma 2. Remak 2. By Lemma 3, we have max W T F n Fn (T = W Fn (S 1 = W Fn (S n = 2 2 ( n 1 whee wt(s 1 = 1, wt(s n = n. Theefoe, nl(f n = 2 n 1 ( n 1 t [9]. And ( n 1 max T F n 2,wt(T 1,n W F n (T = W Fn (S 3 = W Fn (S n 2 = 2 n 2 whee wt(s 3 = 3, wt(s n 2 = n 2. We note that the diffeence between the maximal and the secondaily maximal absolute value of Walsh specta is quite geat, which is 2 n 3 ( n 1. n 2 t Algebaic immunity has the following elationship with nonlineaity. Lemma 4. [14] Let f be an n-vaiable Boolean function, AI(f = k, then and this bound is tight. nl(f 2 n 1 n k i=k 1 ( n 1 Remak 3. Lemma 4 togethe with Remak 2 implies that F n has the wost nonlineaity among all n-vaiable Boolean functions with maximum AI. Theoem 6. The Walsh specta of f = f (i1,...,i k ;j 1,...,j k is given by W f (S = W Fn (S 4( i S X j, t S Y i., t,

Constuction and Analysis of Boolean Functions 11 Poof. W f (S = = 2 n 1 2 n 1 ( 1 f(x+s X + 1,...,2 n 1 }\j 1,...,j k } 1,...,2 n 1 }\i 1,...,i k } = W Fn (S 2( = W Fn (S 2( = W Fn (S 2( = W Fn (S 4( ( 1 f(y+s Y ( 1 Fn(X+S X + ( 1 Fn(Y+S Y + ( 1 Fn(X j +S X j + ( 1 1+S X j + ( 1 Fn(X j +1+S X j + ( 1 Fn(Y i +1+S Y i ( 1 Fn(Y i +S Y i ( 1 S Y i (2S X j 1 + S X j (1 2S Y i S Y i. Fom the above analysis in this section, some necessay conditions of Boolean functions with maximum AI and these functions which also have highe nonlineaity than that of F n can be obtained. Theoem 7. Let 1 k 2 n 1, 1 i 1 <... < i k 2 n 1, 1 j 1 <... < j k 2 n 1. If one of the following conditions is satisfied, then AI(f (i1,...,i k ;j 1,...,j k < t + 1. 1 Thee exists 1 n, such that x j1, +... + x jk, > y i1, +... + y ik,. 2If n 1 mod 4, #X X j1,..., X jk } wt(x is odd} > #Y Y i1,..., Y ik } wt(y is odd}; if n 3 mod 4, #X X j1,..., X jk } wt(x is odd} < #Y Y i1,..., Y ik } wt(y is odd}. Poof. By Theoem 6, the fist condition means that W (S > f(i1,...,i k ;j 1,...,j k W Fn (S fo S = (0,..., 0, 1, 0,..., 0. Thus, we have nl(f }} (i1,...,i k ;j 1,...,j k < nl(f n 1 by Remak 2. Theefoe, by Remak 3, we have AI(f (i1,...,i k ;j 1,...,j k < t + 1. If the second condition is satisfied, then W (S > W f(i1,...,i k ;j 1,...,j k F n (S fo S = (1, 1,..., 1. In the same way, the esult can be poved. Theoem 8. Let f = f (i1,...,i k ;j 1,...,j k be an n-vaiable Boolean function with AI t + 1. If one of the following conditions is satisfied, then f has the wost nonlineaity among all n-vaiable Boolean functions with maximum AI.

12 Na Li and Wen-Feng Qi 1 Thee exists 1 n, such that x j1, +... + x jk, = y i1, +... + y ik,. 2 #X X j1,..., X jk } wt(x is odd} = #Y Y i1,..., Y ik } wt(y is odd}. Poof. By Theoem 6, the fist condition means that W (S = f(i1,...,i k ;j 1,...,j k W Fn (S fo S = (0,..., 0, 1, 0,..., 0. Thus, we have nl(f }} (i1,...,i k ;j 1,...,j k nl(f n 1 by Remak 2. Theefoe, by Remak 3, we have nl(f (i1,...,i k ;j 1,...,j k = nl(f n, and the esult is poved. If the second condition is satisfied, then W (S = W f(i1,...,i k ;j 1,...,j k F n (S fo S = (1, 1,..., 1. In the same way, the esult can be poved. Coollay 3. Fo any 1 i, j 2 n 1, if AI(f (i;j = t + 1 then f (i;j has the wost nonlineaity among all n-vaiable Boolean functions with maximum AI. Poof. Fom Theoem 8, it is sufficient to conside the case of i = 2 n 1, j = 1, i.e. X = (0, 0,..., 0, Y = (1, 1,..., 1. In this case, fom the fist item of Coollay 1 we have AI(f (i;j < t + 1 which contadicts the assumption. Theoem 9. If 1 k n 3 4(n 2 ( n 1 2 n 1 + 2min min t ( y i,s 1 s n ( n 1 t, then nl(f(i1,...,i k ;j 1,...,j k is given by x j,s, ( 1 t (N 1 N 2 }, whee N 1 = #Y Y i1,..., Y ik } wt(y is odd }, N 2 = #X X j1,..., X jk } wt(x is odd }. Poof. Denote f (i1,...,i k ;j 1,...,j k ; by f. Fom Theoem 6 we have, W Fn (S 4k W f (S W Fn (S + 4k. Let S, T F n 2, and wt(s = 1 o n, wt(t / 1, n}. If 1 k n 3 by Remak 2, 4(n 2 W f (S W Fn (S 4k W Fn (T + 4k W f (T. ( n 1 t, then Theefoe, we have max T F n 2 W f (T = max wt(s=1,n W f (S. Case 1. wt(s = 1 and S = (0,..., 0, 1, 0,..., 0. By Theoem 6 we have }} s 1 ( n 1 W f (S = 2 4( t y i,s x j,s. Case 2. wt(s = n. By Theoem 6 we have ( n 1 W f (S = 2 4(( 1 t (N 1 N 2. t Hence the esult follows fom nl(f = 2 n 1 1 2 max S F n 2 W f (S.

Constuction and Analysis of Boolean Functions 13 Now, we modify Constuction 1 to constuct n-vaiable Boolean functions with maximum AI and possibly having highe nonlineaity. Constuction 2 Step1: Select andomly an intege 1 k 2 n 2 and k integes 1 i 1 <... < i k 2 n 1, which satisfy i min y i,s is as lage as possible; 1 s n ii if n 1 mod 4, #Y Y i1,..., Y ik } wt(y is odd } is as lage as possible; if n 3 mod 4, #Y Y i1,..., Y ik } wt(y is even } is as lage as possible. Step2: Find out k integes 1 j 1 <... < j k 2 n 1, which satisfies i the j 1 th,..., j k th column vectos of W (i1,...,i k ae linealy independent; ii a = min ( k y i,s k x j,s is as lage as possible; 1 s n iii if n 1 mod 4, b = #Y Y i1,..., Y ik } wt(y is odd } #X X j1,..., X jk } wt(x is odd } is as lage as possible; if n 3 mod 4, c = #X X j1,..., X jk } wt(x is odd } #Y Y i1,..., Y ik } wt(y is odd } is as lage as possible. Then, the Boolean function f (i1,...,i k ;j 1,...,j k defined by (1 has AI t + 1 and has possibly a highe nonlineaity. Remak 4. Fom Theoem 9, the function obtained by Constuction 2 will has a highe nonlineaity than that of F n if 1 k n 3 ( n 1 4(n 2 t and a > 0, b > 0 (if n 1 mod 4 o c > 0 (if n 3 mod 4, and it possibly has a nonlineaity equal to that of F n if k > n 3 4(n 2. Futhe, the following theoem povides a class of n-vaiable Boolean functions with maximum AI which also have highe nonlineaity than that of F n. ( n 3 Theoem 10. Let n 3 mod 4, 1 k minn, n 1 4(n 2 t }, Yi1,..., Y ik belong to 0 Fn and thei Hamming weights ae w 1,..., w k, espectively. If 1 t 1 = 1, i = 1,..., k; and ( wi 1 2 w 1,..., w k ae not all odd; and 3 thee exist 1 j 1 <... < j k n, such that the j 1 th,..., j k th columns of Y i1 the matix... ae linealy independent; and Y ik 4 fo any s / j 1,..., j k }, y i1,s +... + y ik,s 1; and fo any s j 1,..., j k }, y i1,s +... + y ik,s 2. then, AI(f (i1,...,i k ;j 1 +1,...,j k +1 = t+1 and nl(f (i1,...,i k ;j 1 +1,...,j k +1 nl(f n +2. Example 5. The Boolean function defined in Example 4 has AI 4. And nl(f = nl(f n + 2.

14 Na Li and Wen-Feng Qi Finally, we obtain the following sufficient and necessay condition of Boolean functions with maximum AI which ae also esilient functions. Theoem 11. Let f = f (i1,...,i k ;j 1,...,j k be an n-vaiable Boolean function. Then, f is 1-esilient function if and only if fo s = 1,..., n. y i,s x j,s = 1 ( n 1, 2 t Coollay 4. Let f = f (i1,...,i k ;j 1,...,j k be an n-vaiable Boolean function. Then, f is 1-esilient function and has AI t + 1 if and only if y i,s x j,s = 1 ( n 1, 2 t fo s = 1,..., n, and W (i1,...,i k ;j 1,...,j k is invetible. 6 Conclusion Possessing a high algebaic immunity is a necessay condition fo Boolean functions used in steam ciphes against algebaic attacks. In this pape, some classes of (2t + 1-vaiable Boolean functions with maximum AI ae obtained. Futhe, some necessay conditions of this kind of functions which also have highe nonlineaity ae pesented and thus a modified constuction method is poposed to obtain such functions. Finally, a sufficient and necessay condition of (2t + 1- vaiable Boolean functions with maximum AI which ae also 1-esilient is pesented. Howeve, it is still open that what is the highest nonlineaity of Boolean functions with maximum AI and how to constuct Boolean functions which have maximum AI and the highest nonlineaity. Refeences 1. F. Amknecht. Impoving fast algebaic attacks. In FSE 2004, volume 3017 of Lectue Notes in Compute Science, pages 65-82. Spinge-Velag, 2004. 2. F. Amknecht and M. Kause. Algebaic attacks on combines with memoy. In Advances in Cyptology CRYPTO 2003, volume 2729 of Lectue Notes in Compute Science, pages 162-175. Spinge-Velag, 2003. 3. A. Baeken and B. Peneel. On the algebaic immunity of symmetic Boolean functions. In INDOCRYPT 2005, volume 3797 of Lectue Notes in Compute Science, pages 35-48. Spinge-Velag, 2005. 4. C. Calet. A method of constuction of balanced functions with optimum algebaic immunity. Available at http://epint.iac.og/2006/149. 5. N. Coutois. Fast algebaic attacks on steam ciphes with linea feedback. In Advances in Cyptology CRYPTO 2003, volume 2729 of Lectue Notes in Compute Science, pages 176-194. Spinge-Velag, 2003. 6. N. Coutois and W. Meie. Algebaic attacks on steam ciphes with linea feedback. In Advances in Cyptology EUROCRYPT 2003, volume 2656 of Lectue Notes in Compute Science, pages 345-359. Spinge-Velag, 2003.

Constuction and Analysis of Boolean Functions 15 7. D. K. Dalai, K. C. Gupta and S. Maita. Results on algebaic immunity fo cyptogaphically significant Boolean functions. In INDOCRYPT 2004, volume 3348 of Lectue Notes in Compute Science, pages 92-106. Spinge-Velag, 2004. 8. D. K. Dalai, K. C. Gupta and S. Maita. Cyptogaphically significant Boolean functions: constuction and analysis in tems of algebaic immunity. In FSE 2005, volume 3557 of Lectue Notes in Compute Science, pages 98-111. Spinge-Velag, 2005. 9. D. K. Dalai, S. Maita and S. Saka. Basic theoy in constuction of Boolean functions with maximum possible annihilato immunity. Designs, Codes and Cyptogaphy, 40:41-58, 2006. 10. D. K. Dalai and S. Maita. Reducing the Numbe of Homogeneous Linea Equations in Finding Annihilatos. Available at http://epint.iac.og/2006/032. 11. C. Ding, G. Xiao and W. Shan. The stability theoy of steam ciphes. Spinge-Velag, 1991. 12. N. Li and W. F. Qi. Symmetic Boolean functions depending on an odd numbe of vaiables with maximum algebaic immunity. IEEE Tansaction on Infomation Theoy, 52(5:2271-2273, May 2006. 13. N. Li and W. F. Qi. Constuction and count of Boolean functions of an odd numbe of vaiables with maximum algebaic immunity. Available at http://axiv.og/abs/cs.cr/0605139. 14. M. Lobanov. Tight bound between nonlineaity and algebaic immunity. Available at http://epint.iac.og/2005/441. 15. F. J. MacWilliams and N. J. A. Sloane. The theoy of eo-coecting codes. Elsevie, Noth-Holland, 1977. 16. W. Meie, E. Pasalic and C. Calet. Algebaic attacks and decomposition of Boolean functions. In Advances in Cyptology EUROCRYPT 2004, volume 3027 of Lectue Notes in Compute Science, pages 474-491. Spinge-Velag, 2004.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback