О некоторых свойствах конструкции бент-функций с помощью подпространств произвольной размерности

Рассматриваются свойства конструкции f ® Indi, где f — бент-функция от 2k переменных,а L — аффинное подпространство, при определённых условиях порождающей бент-функции. Предложены необходимые и достаточные условия увеличения и уменьшения на 1 размерности подпространства L, при которых порождаемая функция тоже будет бент-функцией. Доказано, что если функция f (xi , ... ,X2k) ® £2fc+iX2fc+2 ® Indu является бент-функцией для некоторого аффинного подпространства U, то и f ® Indi является бент-функцией для некоторого L размерности dim U — 1 или dim U — 2. Приведён пример бент-функции от 10 переменных, по которой конструкция порождает бент-функции только при dimL е {9,10}

О нижней оценке числа бент-функций на минимальном расстоянии от бент-функций из класса Мэйорана — МакФарланда

Исследуется построение бент-функций на некотором расстоянии от заданной бент-функции. Для функции f из класса Мэйорана — МакФарланда M2n доказан критерий того, что функция, полученная из f прибавлением индикатора аффинного подпространства размерности n, является бент-функцией. Показано, что для простых n 5 достигается нижняя оценка 22n+i — 2n числа бент-функций на минимальном расстоянии от бент-функций из класса M2n. Найдены бент-функции, для которых оценка точна. Показано, что эта нижняя оценка не достигается для бент-функций из класса M2n, где перестановка, по которой построена бент-функция, не является APN-функцией. Для некоторых расстояний, в частности 22n-i, получены нижние оценки числа бент-функций из класса M2n на этих расстояниях от бент-функций из класса C

Metrical properties of the set of bent functions in view of duality

In the paper, we give a review of metrical properties of the entire set of bent functions and its significant subclasses of self-dual and anti-self-dual bent functions. We present results for iterative construction of bent functions in n + 2 variables based on the concatenation of four bent functions and consider related open problem proposed by one of the authors. Criterion of self-duality of such functions is discussed. It is explored that the pair of sets of bent functions and affine functions as well as a pair of sets of self-dual and anti-self-dual bent functions in n > 4 variables is a pair of mutually maximally distant sets that implies metrical duality. Groups of automorphisms of the sets of bent functions and (anti-)self-dual bent functions are discussed. The solution to the problem of preserving bentness and the Hamming distance between bent function and its dual within automorphisms of the set of all Boolean functions in n variables is considered

A Construction of Bent Functions of n + 2 Variables from a Bent Function of n Variables and Its Cyclic Shifts

We present a method to iteratively construct new bent functions of n + 2 variables from a bent function of n variables and its cyclic shift permutations using minterms of n variables and minterms of 2 variables. In addition, we provide the number of bent functions of n + 2 variables that we can obtain by applying the method here presented, and finally we compare this method with a previous one introduced by us in 2008 and with the Rothaus and Maiorana-McFarland constructions.The work of the first author was partially supported by Spanish Grant MTM2011-24858 of the Ministerio de Economía y Competitividad of the Gobierno de España

On the number of bent functions from iterative constructions: lower bounds and hypotheses

In the paper we study lower bounds on the number of bent functions that can be obtained by iterative constructions, namely by the construction proposed by A.Canteaut and P.Charpin in 2003. The number of bent iterative functions is expressed in terms of sizes of finite sets and it is shown that evaluation of this number is closely connected to the problem of decomposing Boolean function into sum of two bent functions. A new lower bound for the number of bent iterative functions that is supposed to be asymptotically tight is given. Applying Monte-Carlo methods the number of bent iterative functions in 8 variables is counted. Based on the performed calculations several hypotheses on the asymptotic value of the number of all bent functions are formulated

The graph of minimal distances of bent functions and its properties

A notion of the graph of minimal distances of bent functions is introduced. It is an undirected graph ($V$, $E$) where $V$ is the set of all bent functions in $2k$ variables and $(f, g) \in E$ if the Hamming distance between $f$ and $g$ is equal to $2^k$ (it is the minimal possible distance between two different bent functions). The maximum degree of the graph is obtained and it is shown that all its vertices of maximum degree are quadratic. It is proven that a subgraph of the graph induced by all functions affinely equivalent to Maiorana---McFarland bent functions is connected

A new criterion for avoiding the propagation of linear relations through an Sbox (Full version)

In several cryptographic primitives, Sboxes of small size are used to provide nonlinearity. After several iterations, all the output bits of the primitive are ideally supposed to depend in a nonlinear way on all of the input variables. However, in some cases, it is possible to find some output bits that depend in an affine way on a small number of input bits if the other input bits are fixed to a well-chosen value. Such situations are for example exploited in cube attacks or in attacks like the one presented by Fuhr against the hash function Hamsi. Here, we define a new property for nonlinear Sboxes, named $(v,w)$-linearity, which means that $2^w$ components of an Sbox are affine on all cosets of a $v$-dimensional subspace. This property is related to the generalization of the so-called Maiorana-McFarland construction for Boolean functions. We show that this concept quantifies the ability of an Sbox to propagate affine relations. As a proof of concept, we exploit this new notion for analyzing and slightly improving Fuhr\u27s attack against Hamsi and we show that its success strongly depends on the $(v,w)$-linearity of the involved Sbox