A First Order Recursive Construction of Boolean Function with Optimum Algebraic Immunity

This paper proposed a first order recursive construction of Boolean function with optimum algebraic immunity. We also show that the Boolean functions are balanced and have good algebraic degrees

Constructions of Even-variable Boolean Function with Optimum Algebraic Immunity

This paper proposed an improved construction of even-variable Boolean function with optimum algebraic immunity. Compared with those in~\cite{Carl06}, our Boolean functions are more balance. Specially, for $k{=}2t{+}1$ $(t{>}1)$, the $2k$-variables Boolean function is balanced. Furthermore, we generalized it to a class of constructions, meaning there would be much more constructions

On the Boolean functions With Maximum Possible Algebraic Immunity : Construction and A Lower Bound of the Count

This paper gives a construction method which can get a large class of Boolean functions with maximum algebraic immunity(AI) from one such giving function. Our constructions get more functions than any previous construction. The cryptographic properties, such as balance, algebraic degree etc, of those functions are studied. It shows that we can construct Boolean functions with better cryptographic properties, which gives the guidance for the design of Boolean functions to resist algebraic attack, and helps to design good cryptographic primitives of cryptosystems. From these constructions, we show that the count of the Boolean functions with maximum AI is bigger than ${2^{2^{n-1}}}$ for $n$ odd, bigger than ${2^{2^{n-1}+\frac{1}{2}\binom{n}{\frac{n}{2}} }}$ for $n$ even, which confirms the computer simulation result that such boolean functions are numerous. As far as we know, this is the first bound about this count

Reducing the Number of Homogeneous Linear Equations in Finding Annihilators

Given a Boolean function $f$ on $n$-variables, we find a reduced set of homogeneous linear equations by solving which one can decide whether there exist annihilators at degree $d$ or not. Using our method the size of the associated matrix becomes $\nu_f \times (\sum_{i=0}^{d} \binom{n}{i} - \mu_f)$, where, $\nu_f = |\{x | wt(x) > d, f(x) = 1\}|$ and $\mu_f = |\{x | wt(x) \leq d, f(x) = 1\}|$ and the time required to construct the matrix is same as the size of the matrix. This is a preprocessing step before the exact solution strategy (to decide on the existence of the annihilators) that requires to solve the set of homogeneous linear equations (basically to calculate the rank) and this can be improved when the number of variables and the number of equations are minimized. As the linear transformation on the input variables of the Boolean function keeps the degree of the annihilators invariant, our preprocessing step can be more efficiently applied if one can find an affine transformation over $f(x)$ to get $h(x) = f(Bx+b)$ such that $\mu_h = |\{x | h(x) = 1, wt(x) \leq d\}|$ is maximized (and in turn $\nu_h$ is minimized too). We present an efficient heuristic towards this. Our study also shows for what kind of Boolean functions the asymptotic reduction in the size of the matrix is possible and when the reduction is not asymptotic but constant

Algebraic attacks over GF(q)

Recent algebraic attacks on LFSR-based stream ciphers and S-boxes have generated much interest as they appear to be extremely powerful. Theoretical work has been developed focusing around the Boo- lean function case. In this paper, we generalize this theory to arbitrary finite fields and extend the theory of annihilators and ideals introduced at Eurocrypt 2004 by Meier, Pasalic and Carlet. In particular, we prove that for any function f in the multivariate polynomial ring over GF(q), f has a low degree multiple precisely when two low degree functions appear in the same coset of the annihilator of f q &ndash; 1 &ndash; 1. In this case, many such low degree multiples exist.<br /