Design and analysis of bent functions using M\mathcal{M}-subspaces

In this article, we provide the first systematic analysis of bent functions $f$ on $\mathbb{F}_2^{n}$ in the Maiorana-McFarland class $\mathcal{MM}$ regarding the origin and cardinality of their $\mathcal{M}$-subspaces, i.e., vector subspaces on which the second-order derivatives of $f$ vanish. By imposing restrictions on permutations $\pi$ of $\mathbb{F}_2^{n/2}$, we specify the conditions, such that Maiorana-McFarland bent functions $f(x,y)=x\cdot \pi(y) + h(y)$ admit a unique $\mathcal{M}$-subspace of dimension $n/2$. On the other hand, we show that permutations $\pi$ with linear structures give rise to Maiorana-McFarland bent functions that do not have this property. In this way, we contribute to the classification of Maiorana-McFarland bent functions, since the number of $\mathcal{M}$-subspaces is invariant under equivalence. Additionally, we give several generic methods of specifying permutations $\pi$ so that $f\in\mathcal{MM}$ admits a unique $\mathcal{M}$-subspace. Most notably, using the knowledge about $\mathcal{M}$-subspaces, we show that using the bent 4-concatenation of four suitably chosen Maiorana-McFarland bent functions, one can in a generic manner generate bent functions on $\mathbb{F}_2^{n}$ outside the completed Maiorana-McFarland class $\mathcal{MM}^\#$ for any even $n\geq 8$. Remarkably, with our construction methods it is possible to obtain inequivalent bent functions on $\mathbb{F}_2^8$ not stemming from two primary classes, the partial spread class $\mathcal{PS}$ and $\mathcal{MM}$. In this way, we contribute to a better understanding of the origin of bent functions in eight variables, since only a small fraction, of which size is about $2^{76}$, stems from $\mathcal{PS}$ and $\mathcal{MM}$, whereas the total number of bent functions on $\mathbb{F}_2^8$ is approximately $2^{106}$

On the supports of the Walsh transforms of Boolean functions

In this paper, we study, in relationship with covering sequences, the structure of those subsets of \V {n} which can be the Walsh supports of Boolean functions

Some Remarks on the TKIP Key Mixing Function of IEEE 802.11i

Temporal Key Integrity Protocol (TKIP) is a sub-protocol of IEEE 802.11i. TKIP remedies some security flaws in Wired Equivalent Privacy (WEP) Protocol. TKIP adds four new algorithms to WEP: a Message Integrity Code (MIC) called Michael, an Initialization Vector (IV) sequencing discipline, a key mixing function and a re-keying mechanism. The key mixing function, also called temporal key hash, de-correlates the IVs from weak keys. Some cryptographic properties of the S-box used in the key mixing function are investigated in this paper, such as regularity, avalanche effect, differ uniform and linear structure. V.Moen, H.Raddum and K.J.Hole point out that there exists a temporal key recovery attack in TKIP key mixing function. In this paper a method is proposed to defend against the attack, and the resulting effect on performance is also discussed

The crooked property

International audienceCrooked permutations were introduced twenty years ago to cons- truct interesting objects in graph theory. These functions, over F2n with odd $n$, are such that their derivatives have as image set a com- plement of a hyperplane. The field of applications was extended later, in particular to cryptography. However binary crooked functions are rare. It is still unknown if non quadratic crooked functions do ex- ist. We extend the concept and propose to study the crooked property for any characteristic. A function $F$, from Fpn to itself, satisfies this property if all its derivatives have as image set an a ne subspace. We show that the partially-bent vectorial functions and the functions satisfying the crooked property are strongly related. We later focus on the components of these functions, establishing that the existence of linear structures is here decisive. We then propose a symbolic ap- proach to identify the linear structures. We claim that this problem consists in solving a system of linear equations, and can often be seen as a combinatorial problem