vectorial boolean functions with very low differential
play

Vectorial Boolean Functions with very Low Differential-linear - PowerPoint PPT Presentation

Dec 10, 2022 •308 likes •599 views

Vectorial Boolean Functions with very Low Differential-linear Uniformity using MaioranaMcFarland type Construction Deng Tang 1 , 2 , Bimal Mandal 3 , Subhamoy Maitra 4 1 School of Mathematics, Southwest Jiaotong University, Chengdu, China 2

  1. Vectorial Boolean Functions with very Low Differential-linear Uniformity using Maiorana–McFarland type Construction Deng Tang 1 , 2 , Bimal Mandal 3 , Subhamoy Maitra 4 1 School of Mathematics, Southwest Jiaotong University, Chengdu, China 2 State Key Laboratory of Cryptology, Beijing, 100878, China 3 CARAMBA, INRIA, Nancy–Grand Est., France 4 Indian Statistical Institute, Kolkata, India Indocrypt 2019

  2. Outlines ◮ Introduction • DLCT • Existing results ◮ New properties of the DLCT ◮ Differential-linear uniformity of known balanced ( n, m ) -function • Modified inverse functions • Modified Maiorana–McFarland bent functions ◮ Construction of a new class of balanced ( n, m ) -function ◮ Balanced (4 t, t − 1) -function with very low differential-linear uniformity ◮ Implementation ◮ Conclusions 1 / 24

  3. Introduction: DLCT and Existing results I 2 = { x = ( x 1 , x 2 , . . . , x n ) : x i ∈ F 2 , 1 ≤ i ≤ n } ∼ ◮ F n = F 2 n 2 : wt( x ) = � n ◮ Hamming weight of x ∈ F n i=1 x i ◮ Vectorial Boolean function or ( n, m ) -function: S : F n → F m 2 − 2 ◮ Boolean function in n variables: s : F n 2 − → F 2 ◮ Support of s : supp(s) = { x ∈ F n 2 : s( x ) = 1 } ◮ S ( x ) = ( s 1 ( x ) , s 2 ( x ) , . . . , s m ( x )) . • s i , 1 ≤ i ≤ m : Coordinate function of S • λ · S, λ ∈ F m ∗ 2 : Component function of S ◮ Autocorrelation of a component function λ · S of S at α ∈ F n 2 : � ( − 1) λ · ( S ( x ) ⊕ S ( x ⊕ α )) . C λ · S ( α ) = x ∈ F n 2 2 / 24

  4. Introduction: DLCT and Existing results II ◮ Walsh–Hadamard transform of an ( n, m ) -function S at ( α, λ ) : � ( − 1) λ · S ( x ) ⊕ α · x . W λ · S ( α ) = x ∈ F n 2 ◮ Nonlinearity of an ( n, m ) -function S : 2 n − 1 − 1 nl ( S ) = max | W λ · S ( α ) | . 2 ( α,λ ) ∈ F n 2 × F m ∗ 2 ◮ Differential uniformity of an ( n, m ) -function S : # { x ∈ F n δ ( S ) = max 2 : S ( x ) ⊕ S ( x ⊕ α ) = β } . α ∈ F n ∗ 2 , β ∈ F m 2 ◮ Differential distribution table (DDT) of ( n, m ) -function S : DDT S ( α, β ) = # { x ∈ F n 2 : S( x ) ⊕ S( x ⊕ α ) = β } . 3 / 24

  5. Introduction: DLCT and Existing results III ◮ Langford and Hellman at CRYPTO’94 first introduced the differential-linear cryptanalysis. ◮ Bar-On et al. at EUROCRYPT’19 proposed the differential linear connectivity table (DLCT). ◮ DLCT of an ( n, m ) -function S : DLCT S ( α, λ ) = # { x ∈ F n 2 : λ · S( x ) = λ · S( x ⊕ α ) } − 2 n − 1 . • DLCT S ( α, λ ) = 2 n − 1 , if α = 0 or λ = 0 . • DLCT S ( α, λ ) = 1 2 ( − 1) v · λ DDT S ( α, v ) . � v ∈ F m 2 ◮ Differential-linear uniformity of S : DL(S) = max | DLCT S ( α, λ ) | . ( α,λ ) ∈ F n ∗ 2 × F m ∗ 2 4 / 24

  6. Introduction: DLCT and Existing results IV ◮ Li et al. [arXiv:1907.05986, 2019] investigated the properties of DLCT and differential-linear uniformity of some class of ( n, m ) -function. ◮ Canteaut et al. [ia.cr/2019/848, 2019] derived similar results on DLCT independently. ◮ They proved that DLCT S ( α, λ ) = 1 2 C λ · S ( α ) , and so, � � 1 � � DL(S) = max � C λ · S ( α ) � . � � 2 ( α,λ ) ∈ F n ∗ 2 × F m ∗ 2 ◮ Maiorana-McFarland bent functions in 2 k variables (JCTA 1973): h ( x , y ) = φ ( x ) · y ⊕ p ( x ) 5 / 24

  7. Introduction: DLCT and Existing results V ◮ h can be written as h = h 0 || h 1 || . . . || h 2 k − 1 , where h i ( y ) = h ( x i , y ) , for all y ∈ F k 2 . ◮ In FSE’94, Dobbertin first constructed a balanced Boolean function with high nonlinearity. � φ ( x ) · y , if x � = 0 s ( x , y ) = g ( y ) , if x = 0 ◮ Tang et al. (IEEE-TIT 2018), Kavut et al. (DCC 2019) and Tang et al. (SIDMA 2019) also constructed the balanced Boolean functions. ◮ Let n = 2 k be an even integer greater than 4 .  if ( x , y ) ∈ { 0 } × F k u ( y ) , 2  if ( x , y ) ∈ F k ∗ 2 × F k ∗ f ( x , y ) = φ ( x ) · y , 2 if ( x , y ) ∈ F k ∗ v ( x ) , 2 × { 0 }  6 / 24

  8. New properties of the DLCT I ◮ E 0 a = { x ∈ F n 2 : a · x = 0 } , a ∈ F n 2 . ◮ Im ( D α S ) = { y ∈ F m 2 : y = S ( x ) ⊕ S ( x ⊕ α ) , x ∈ F n 2 } . ◮ DLCT S ( α, λ ) = # { x ∈ F n 2 : λ · S( x ) = λ · S( x ⊕ α ) } − 2 n − 1 . Proposition 1 For any ( n, m ) -function S , α ∈ F n 2 and λ ∈ F m 2 , � DDT S ( α, δ ) − 2 n − 1 . DLCT S ( α, λ ) = δ ∈ E 0 λ Corollary 1 Let S be an ( n, m ) -function. For any α ∈ F n ∗ and λ ∈ F m ∗ 2 , 2 DLCT S ( α, λ ) = 2 n − 1 if and only if Im ( D α S ) ⊂ E 0 λ . Moreover, DLCT S ( α, λ ) = − 2 n − 1 if and only if Im ( D α S ) ⊂ F m 2 \ E 0 λ . 7 / 24

  9. New properties of the DLCT II Corollary 2 Let S be an APN permutation over F n 2 . For any α, λ ∈ F n ∗ 2 , DLCT S ( α, λ ) ≤ 2 n − 1 − 2 . Moreover, DLCT S ( α, λ ) + 2 n − 1 = 0 if and only if Im ( D α S ) = F n 2 \ E 0 λ . Open problem 1 (Li et al., arXiv:1907.05986) For an odd integer n , are there ( n, n ) -function S other than the n − 1 2 ? Kasami–Welch APN functions that have DL(S) = 2 8 / 24

  10. New properties of the DLCT III Theorem 1 Let n be an odd integer. For an APN ( n, n ) -function S , n − 1 if and only if for any α, λ ∈ F n ∗ DL(S) = 2 2 2 2 n − 2 − 2 n − 1 2 − 1 ≤ # E 0 λ ∩ Im ( D α S ) ≤ 2 n − 2 + 2 n − 1 2 − 1 . 9 / 24

  11. Differential-linear uniformity of known balanced ( n, m ) -function I ◮ Qu et al. (IEEE-TIT 2013): I 1 ( x ) = x 2 n − 2 ⊕ f ( x ) , where f are well-choose Boolean functions such that f ( x 2 n − 2 ) ⊕ f ( x 2 n − 2 ⊕ 1) = 0 . ◮ Tang et al. (DCC 2015): I 2 ( x ) = ( x ⊕ g ( x )) 2 n − 2 , where g are well-choose Boolean functions such that g ( x ) ⊕ g ( x ⊕ 1) = 0 . Theorem 2 For any I 1 and I 2 , we have • DL( I 1 ) ≥ 2 n/ 2 − 2 and � 2 t � 1 − � ⌊ n/ 2 ⌋ • DL( I 2 ) ≥ 1 t =0 ( − 1) n − t n � n − t � . 2 n − t t 10 / 24

  12. Differential-linear uniformity of known balanced ( n, m ) -function II ◮ Let n = 2 k and � φ ( x ) · y , if x � = 0 s ( x , y ) = g ( y ) , if x = 0 Lemma 1 Let s be an n = 2 k -variable Boolean function defined as above, then for any ( a , b ) ∈ F k 2 × F k 2 we have 2 n  if a = b = 0  − 2 k + C g ( b ) , if a = 0 , b ∈ F k ∗ C s ( a , b ) = . 2 2( − 1) φ ( a ) · b W g ( φ ( a )) , if a ∈ F k ∗ 2 , b ∈ F k  2 11 / 24

  13. Differential-linear uniformity of known balanced ( n, m ) -function III Theorem 3 Let s be an n = 2 k -variable Boolean function defined as above and there exists b ∈ F k ∗ such that C g ( b ) = 0 . If s is a component 2 function of an ( n, m ) -function S , then we have DL(S) ≥ 2 k − 1 . 12 / 24

  14. Construction of a new class of balanced ( n, m ) -function I Construction 1 Let n = 2 k ≥ 4 be an even integer. We construct an ( n, m ) -func- tion S whose coordinate functions s i ’s (1 ≤ i ≤ m ) are defined as follows:  if ( x , y ) ∈ { 0 } × F k u i ( y ) , 2  if ( x , y ) ∈ F k ∗ 2 × F k ∗ s i ( x , y ) = φ i ( x ) · y , , 2 if ( x , y ) ∈ F k ∗ v i ( x ) , 2 × { 0 }  where x , y ∈ F k 2 , and 1. φ i ’s are mappings over F k 2 such that l 1 φ 1 ⊕ l 2 φ 2 ⊕ · · · ⊕ l m φ m is a permutation and l 1 φ 1 ( 0 ) ⊕ l 2 φ 2 ( 0 ) ⊕ · · · ⊕ l m φ m ( 0 ) = 0 , 2. u i ’s and v i ’s are Boolean functions over F k 2 such that i =1 l i v i ) = 2 k − 1 and ⊕ m wt( ⊕ m i =1 l i u i ) ⊕ wt( ⊕ m i =1 l i u i ( 0 ) = ⊕ m i =1 l i v i ( 0 ) = 0 . 13 / 24

  15. Construction of a new class of balanced ( n, m ) -function II Theorem 4 For any n = 2 k ≥ 4 , every ( n, m ) -function S generated by Construction 1 is balanced. Theorem 5 Let n = 2 k ≥ 4 and S be an ( n, m ) -function generated by Construction 1. For any l = ( l 1 , l 2 , · · · , l m ) ∈ F m ∗ 2 , we have  0 , if ( a , b ) = ( 0 , 0 )  if ( a , b ) ∈ { 0 } × F k ∗  W l · U ( b ) + W l · V ( 0 ) ,  2 W l · S ( a , b ) = , if ( a , b ) ∈ F k ∗ W l · U ( 0 ) + W l · V ( a ) , 2 × { 0 }   ( − 1) ( l · Φ) − 1 ( b ) · a 2 k + W l · U ( b ) + W l · V ( a ) , if ( a , b ) ∈ F k ∗ 2 × F k ∗  2 where U = ( u 1 , . . . , u m ) , V = ( v 1 , . . . , v m ) and Φ = ( φ 1 , . . . , φ m ) . 14 / 24

  16. Construction of a new class of balanced ( n, m ) -function III Theorem 6 Let the notation be the same as in Theorem 5. Let n = 2 k ≥ 4 and S be an ( n, m ) -function generated by Construction 1. For any l = ( l 1 , l 2 , · · · , l m ) ∈ F m ∗ 2 , we have  2 n , if ( a , b ) = ( 0 , 0 )  C l · U ( b ) + 2W (l · V) ′ ( b ) − 2 k , if ( a , b ) ∈ { 0 } × F k ∗   2 C l · S ( a , b ) = , C l · V ( a ) + 2W l · U ((l · Φ)( a )) − 2 k , if ( a , b ) ∈ F k ∗ 2 × { 0 }   2( − 1) ( l · Φ)( a ) · b W l · U � � if ( a , b ) ∈ F k ∗ 2 × F k ∗  ( l · Φ)( a ) + W ( l · V ) ′′ ( b ) + 8 t, 2 ( l · Φ) − 1 ( x ) where ( l · V ) ′ ( x ) = ( l · V ) � � , ( l · V ) ′′ ( x ) = ( l · Φ) − 1 ( x ) ⊕ a � � ( l · V ) , and t equals 1 if l · V ( a ) = l · U ( b ) = 1 and equals 0 otherwise. 15 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo, Chu-Wee Lim and Chuan-Wen Loe Introduction Correlation Attack of Vectorial Stream Ciphers In this talk, we shall improve correlation attacks on

547 views • 41 slides
Cryptographic Sboxes Anne Canteaut Anne.Canteaut@inria.fr

Cryptographic Sboxes Anne Canteaut Anne.Canteaut@inria.fr

Cryptographic Sboxes Anne Canteaut Anne.Canteaut@inria.fr http://www-rocq.inria.fr/secret/Anne.Canteaut/ Summer School, Sardegna, October 2015 Vectorial Boolean functions A vectorial Boolean function with n inputs and m outputs is a function

820 views • 31 slides
Boolean Functions and their Applications, Selmer Center, University of Bergen, Norway; July 38,

Boolean Functions and their Applications, Selmer Center, University of Bergen, Norway; July 38,

Boolean Functions and their Applications, Selmer Center, University of Bergen, Norway; July 38, 2017 (Generalized) Boolean functions: invariance under some groups of transformations and differential properties Pantelimon (Pante) St anic

1.78k views • 37 slides
Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 , . . . , x n be boolean variables. Boolean Function of Arity n Semantics and Verification 2005 Abstract Syntax for Boolean Expressions ( x ranges

382 views • 4 slides
Boolean Functions and their Applications Loen, Norway, June 1722, 2018 Journey into

Boolean Functions and their Applications Loen, Norway, June 1722, 2018 Journey into

Boolean Functions and their Applications Loen, Norway, June 1722, 2018 Journey into differential and graph theoretical properties of (generalized) Boolean function Pante St anic a ( includes joint work with T. Martinsen, W. Meidl, A.

925 views • 20 slides
Vectorial bent functions Alexander Pott March 18, 2015 No. 1 Motivation: p = 2, n even Let f :

Vectorial bent functions Alexander Pott March 18, 2015 No. 1 Motivation: p = 2, n even Let f :

Vectorial bent functions Alexander Pott March 18, 2015 No. 1 Motivation: p = 2, n even Let f : F n 2 = F 2 n F 2 be bent! Highly nonlinear: Cryptography. Interesting constructions (spreads). Finite Fields. Covering radius of

802 views • 33 slides
Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

+ + Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean Functions Josef Pieprzyk and Xian-Mo Zhang Department of Computing Macquarie University, Australia + 1 + + Outline The M o bius

415 views • 26 slides
Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 }

Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 }

Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 } is associative if define associative Boolean functions (and classify them). Chapter 3: Trees f ( f ( 1 , 2 ) , 3 ) = f ( 1 , f ( 2 ,

61 views • 5 slides
Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1 Vladimir V. Podolskii 2 1 Aarhus University 2 Steklov Mathematical Institute MFCS 2013 1 / 27 Boolean Threshold Functions Boolean function f : { a , b } n

927 views • 44 slides
Vectorial AdS/CFT and quantum higher spins Arkady Tseytlin Partition functions and Casimir

Vectorial AdS/CFT and quantum higher spins Arkady Tseytlin Partition functions and Casimir

Vectorial AdS/CFT and quantum higher spins Arkady Tseytlin Partition functions and Casimir energies in higher spin AdS d +1 /CFT d arXiv:1402.5396 with S. Giombi and I. Klebanov Higher spins in AdS 5 at one loop: vacuum energy, boundary

937 views • 57 slides
Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US Navy Assistant Professor Naval Postgraduate School 3rd International Workshop on Boolean Functions and their Applications June 19, 2018 Loen,

789 views • 31 slides
Rank Metric Codes and related Structures Yue Zhou July 5, 2017 The 2nd International Workshop on

Rank Metric Codes and related Structures Yue Zhou July 5, 2017 The 2nd International Workshop on

Rank Metric Codes and related Structures Yue Zhou July 5, 2017 The 2nd International Workshop on Boolean Functions and their Applications (BFA) Outline Introduction Maximum rank distance codes Quadratic bent-Negabent functions Vectorial

2.09k views • 179 slides
A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of

A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of

A New Construction of Boolean Functions with Maximum Algebraic Immunity National University of Defense Technology Deshuai Dong 2009-8-26 Outline Preliminaries on Boolean functions Algebraic attacks and Algebraic immunity The

465 views • 46 slides
Orthogonal group and Boolean functions Patrick Sol e with M. Shi, L. Sok CNRS/LAGA, University

Orthogonal group and Boolean functions Patrick Sol e with M. Shi, L. Sok CNRS/LAGA, University

Orthogonal group Self-dual codes Linear complementary dual codes Z 2 m generalized Boolean functions Orthogonal group and Boolean functions Patrick Sol e with M. Shi, L. Sok CNRS/LAGA, University of Paris 8, 93 526 Saint-Denis, France ,

693 views • 52 slides
1 Mux Representation of Boolean Functions MUX circuit to implement logic 1 0 x1 x2 x3

1 Mux Representation of Boolean Functions MUX circuit to implement logic 1 0 x1 x2 x3

ECE 474A/57A Computer-Aided Logic Design Lecture 11 Binary Decision Diagrams (BDDs) ECE 474a/575a 1 of 31 Susan Lysecky Boolean Logic Functions Representations Function can be represented in different ways Truth table, equation, K-map,

457 views • 12 slides
Functions on Finite Fields, Boolean Functions, and S-Boxes Gary McGuire Claude Shannon Institute

Functions on Finite Fields, Boolean Functions, and S-Boxes Gary McGuire Claude Shannon Institute

Functions on Finite Fields, Boolean Functions, and S-Boxes Gary McGuire Claude Shannon Institute www.shannoninstitute.ie and School of Mathematical Sciences University College Dublin Ireland 1 July, 2013 Gary McGuire Functions on Finite

566 views • 24 slides
A covariant approach to the partial wave analysis of the hadron reactions A. Sarantsev

A covariant approach to the partial wave analysis of the hadron reactions A. Sarantsev

A covariant approach to the partial wave analysis of the hadron reactions GSI 2016, December 14 A covariant approach to the partial wave analysis of the hadron reactions A. Sarantsev Petersburg Nuclear HISKP (Bonn, Germany), PNPI (Gatchina,

1k views • 65 slides
Annual holiday planning for the crew of a public transport company Knut Haase Technische

Annual holiday planning for the crew of a public transport company Knut Haase Technische

Background of the Project Problem Solution Approach Future Work Annual holiday planning for the crew of a public transport company Knut Haase Technische Universitt Dresden, Fakultt Verkehrswissenschaften Friedrich List, Lehrstuhl

432 views • 32 slides
A charming trap for soft pions ( Bingwei Long ) ( Sichuan

A charming trap for soft pions ( Bingwei Long ) ( Sichuan

A charming trap for soft pions ( Bingwei Long ) ( Sichuan U., Chengdu, China ) YITP, Kyoto, 11/2016 c (2595) + as an S-wave resonance in c channel 3/2 ~1 MeV above threshold extremely

1.22k views • 25 slides
L EHRSTUHL FR G ELD , W HRUNG UND I NTERNATIONALE F INANZMRKTE

L EHRSTUHL FR G ELD , W HRUNG UND I NTERNATIONALE F INANZMRKTE

L EHRSTUHL FR G ELD , W HRUNG UND I NTERNATIONALE F INANZMRKTE CHRISTIAN-ALBRECHTS-UNIVERSITT ZU KIEL C HAIR OF M ONETARY E CONOMICS AND I NTERNATIONAL F INANCE UNIVERSITY OF KIEL, GERMANY E FFICIENT M ARKET H YPOTHESIS T HROUGH THE E YES OF

570 views • 30 slides
Open-Source ERP-Solutions Open-Source ERP-Solutions - a new way for SMEs M.Sc. Falk Neubert,

Open-Source ERP-Solutions Open-Source ERP-Solutions - a new way for SMEs M.Sc. Falk Neubert,

Open-Source ERP-Solutions Open-Source ERP-Solutions - a new way for SMEs M.Sc. Falk Neubert, University of Osnabrck 1 Open-Source ERP-Solutions 30.10.2009, Dresden M.Sc. Falk Neubert Scientific Assistant in the Department

1.09k views • 56 slides
Sistemi Intelligenti Supervised learning Supervised learning Alberto Borghese Universit degli

Sistemi Intelligenti Supervised learning Supervised learning Alberto Borghese Universit degli

Sistemi Intelligenti Supervised learning Supervised learning Alberto Borghese Universit degli Studi di Milano Laboratorio di Sistemi Intelligenti Applicati (AIS-Lab) Dipartimento di Scienze dellInformazione Alb t b

864 views • 29 slides
(Fundamental) Physics of Elementary Particles Asymmetry of weak interactions; T e GIM mechanism

(Fundamental) Physics of Elementary Particles Asymmetry of weak interactions; T e GIM mechanism

(Fundamental) Physics of Elementary Particles Asymmetry of weak interactions; T e GIM mechanism & anomaly; Weak angle; Feynman rules Tristan Hbsch Department of Physics and Astronomy Howard University, Washington DC Prirodno-Matemati

346 views • 33 slides
Defending humans against killers Attack: We kill people based on metadata. April 2014,

Defending humans against killers Attack: We kill people based on metadata. April 2014,

Defending humans against killers Attack: We kill people based on metadata. April 2014, Michael Hayden (DIRNSA 19992005; DIRCIA 20062009) Daniel J. Bernstein (UIC, TU/e) and Tanja Lange (TU/e) Defending humans against killers

128 views • 9 slides

More recommend