The complexity of Boolean functions from cryptographic viewpoint

Cryptographic Boolean functions must be complex to satisfy Shannon\u27s principle of confusion. But the cryptographic viewpoint on complexity is not the same as in circuit complexity. The two main criteria evaluating the cryptographic complexity of Boolean functions on $F_2^n$ are the nonlinearity (and more generally the $r$-th order nonlinearity, for every positive $r< n$) and the algebraic degree. Two other criteria have also been considered: the algebraic thickness and the non-normality. After recalling the definitions of these criteria and why, asymptotically, almost all Boolean functions are deeply non-normal and have high algebraic degrees, high ($r$-th order) nonlinearities and high algebraic thicknesses, we study the relationship between the $r$-th order nonlinearity and a recent cryptographic criterion called the algebraic immunity. This relationship strengthens the reasons why the algebraic immunity can be considered as a further cryptographic complexity criterion

Improved upper bound on root number of linearized polynomials and its application to nonlinearity estimation of Boolean functions

To determine the dimension of null space of any given linearized polynomial is one of vital problems in finite field theory, with concern to design of modern symmetric cryptosystems. But, the known general theory for this task is much far from giving the exact dimension when applied to a specific linearized polynomial. The first contribution of this paper is to give a better general method to get more precise upper bound on the root number of any given linearized polynomial. We anticipate this result would be applied as a useful tool in many research branches of finite field and cryptography. Really we apply this result to get tighter estimations of the lower bounds on the second order nonlinearities of general cubic Boolean functions, which has been being an active research problem during the past decade, with many examples showing great improvements. Furthermore, this paper shows that by studying the distribution of radicals of derivatives of a given Boolean functions one can get a better lower bound of the second-order nonlinearity, through an example of the monomial Boolean function $g_{\mu}=Tr(\mu x^{2^{2r}+2^r+1})$ over any finite field \GF{n}

A Novel Application of Boolean Functions with High Algebraic Immunity in Minimal Codes

Boolean functions with high algebraic immunity are important cryptographic primitives in some stream ciphers. In this paper, two methodologies for constructing binary minimal codes from sets, Boolean functions and vectorial Boolean functions with high algebraic immunity are proposed. More precisely, a general construction of new minimal codes using minimal codes contained in Reed-Muller codes and sets without nonzero low degree annihilators is presented. The other construction allows us to yield minimal codes from certain subcodes of Reed-Muller codes and vectorial Boolean functions with high algebraic immunity. Via these general constructions, infinite families of minimal binary linear codes of dimension $m$ and length less than or equal to $m(m+1)/2$ are obtained. In addition, a lower bound on the minimum distance of the proposed minimal linear codes is established. Conjectures and open problems are also presented. The results of this paper show that Boolean functions with high algebraic immunity have nice applications in several fields such as symmetric cryptography, coding theory and secret sharing schemes

A lower bound on the higher order nonlinearity of algebraic immune functions

We extend the lower bound, obtained by M. Lobanov, on the first order nonlinearity of functions with given algebraic immunity, into a bound on the higher order nonlinearities

On the algebraic immunity of direct sum constructions

In this paper, we study sufficient conditions to improve the lower bound on the algebraic immunity of a direct sum of Boolean functions. We exhibit three properties on the component functions such that satisfying one of them is sufficient to ensure that the algebraic immunity of their direct sum exceeds the maximum of their algebraic immunities. These properties can be checked while computing the algebraic immunity and they allow to determine better the security provided by functions central in different cryptographic constructions such as stream ciphers, pseudorandom generators, and weak pseudorandom functions. We provide examples for each property and determine the exact algebraic immunity of candidate constructions

Maiorana-McFarland Functions with High Second-Order Nonlinearity

The second-order nonlinearity, and the best quadratic approximations, of Boolean functions are studied in this paper. We prove that cubic functions within the Maiorana-McFarland class achieve very high second order nonlinearity, which is close to an upper bound that was recently proved by Carlet et al., and much higher than the second order nonlinearity obtained by other known constructions. The structure of the cubic Boolean functions considered allows the efficient computation of (a subset of) their best quadratic approximations

Булевы функции, имеющие аффинные аннигиляторы

In the article we study boolean functions with affine annihilators. We have obtained results in both, estimating the number of functions under study and defining the relationship between Walsh-Hadamard coefficients of an arbitrary boolean function and its affine annihilator available. The second section of this article focuses on estimating the number of boolean functions with affine annihilators. The value has top and bottom bound. Besides, we have obtained the asymptotic estimate of the number of boolean functions with affine annihilators. The third section studies the Walsh-Hadamard coefficients of boolean functions with affine annihilators. First, we have derived the dependence of the Walsh-Hadamard coefficient on the distance between an arbitrary boolean function and a vector space of the affine function’s annihilators. Based on this result, we have obtained the dependence of distance between an arbitrary boolean function and a set of functions with affine annihilators on the spectrum of given function. Also we have defined the necessary and sufficient condition for the arbitrary boolean function to be with an affine annihilator available. Using the results obtained we bounded an absolute value of Walsh-Hadamard coefficients.Also we suggested a method for boolean equations analysis, which is based on two known methods. Namely, we used an analysis using annihilators and an analysis using linear analogs. We have obtained an estimate of the success probability of the suggested method for an arbitrary boolean function. Also we proved that bent functions are the most resistant to this analysis.The results obtained can be used in analysis of boolean equations. Also obtained dependences can be used, for instance, to study bent functions and algebraic immunity of boolean functions.Настоящая работа посвящена исследованию булевых функций, имеющих аффинные аннигиляторы. Были получены результаты в двух следующих направлениях: оценке количества исследуемых функций и связи коэффициентов Уолша-Адамара произвольной булевой функции с наличием у нее аффинного аннигилятора. Исследованию количества булевых функций с аффинными аннигиляторами посвящен второй раздел настоящей работы. Данная величина была ограничена сверху и снизу. Помимо этого была получена асимптотическая оценка числа булевых функций, имеющих аффинные аннигиляторы. В третьем разделе проводится исследование коэффициентов Уолша-Адамара булевых функций, имеющих аффинные аннигиляторы. Вначале раздела представлен результат, связывающий спектр произвольной булевой функции с ее расстоянием до пространства аннигиляторов произвольной аффинной функцией. Из этого результата была получена зависимость расстояния между произвольной булевой функцией и множеством функций с аффинными аннигиляторами от спектра данной булевой функции. Было получено необходимое и достаточное условие наличия у произвольной булевой функции аффинного аннигилятора. Благодаря полученным зависимостям удалось вывести ограничение на абсолютные значения коэффициентов Уолша-Адамара произвольной булевой функции.Также был предложен метод анализа булевых уравнений, основанный на сочетании двух известных ранее методах. А именно, на методах анализа булевых уравнений с применением аннигиляторов и с применением линейных статаналогов. Была получена оценка вероятности успешности предложенного метода для анализа булева уравнения с произвольной булевой функцией. Было установлено, что бент-функции являются наиболее устойчивыми к данному методу анализа.Полученные результаты могут быть использованы для анализа булевых уравнений. Зависимости, полученные в настоящей работе, могут быть использованы, например, для исследований бент-функций и свойства алгебраической иммунности булевой функций

D.STVL.7 - Algebraic cryptanalysis of symmetric primitives

The recent development of algebraic attacks can be considered an important breakthrough in the analysis of symmetric primitives; these are powerful techniques that apply to both block and stream ciphers (and potentially hash functions). The basic principle of these techniques goes back to Shannon's work: they consist in expressing the whole cryptographic algorithm as a large system of multivariate algebraic equations (typically over F2), which can be solved to recover the secret key. Efficient algorithms for solving such algebraic systems are therefore the essential ingredients of algebraic attacks. Algebraic cryptanalysis against symmetric primitives has recently received much attention from the cryptographic community, particularly after it was proposed against some LFSR- based stream ciphers and against the AES and Serpent block ciphers. This is currently a very active area of research. In this report we discuss the basic principles of algebraic cryptanalysis of stream ciphers and block ciphers, and review the latest developments in the field. We give an overview of the construction of such attacks against both types of primitives, and recall the main algorithms for solving algebraic systems. Finally we discuss future research directions

D.STVL.9 - Ongoing Research Areas in Symmetric Cryptography

This report gives a brief summary of some of the research trends in symmetric cryptography at the time of writing (2008). The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)