Building Correlation Immune Functions from Sets of Mutually Orthogonal Cellular Automata

Correlation immune Boolean functions play an important role in the implementation of efficient masking countermeasures for side-channel attacks in cryptography. In this paper, we investigate a method to construct correlation immune functions through families of mutually orthogonal cellular automata (MOCA). First, we show that the orthogonal array (OA) associated to a family of MOCA can be expanded to a binary OA of strength at least 2. To prove this result, we exploit the characterization of MOCA in terms of orthogonal labelings on de Bruijn graphs. Then, we use the resulting binary OA to define the support of a second-order correlation immune function. Next, we perform some computational experiments to construct all such functions up to $n=12$ variables, and observe that their correlation immunity order is actually greater, always at least 3. We conclude by discussing how these results open up interesting perspectives for future research, with respect to the search of new correlation-immune functions and binary orthogonal arrays

Building Correlation Immune Functions from Sets of Mutually Orthogonal Cellular Automata

Correlation immune Boolean functions play an important role in the implementation of efficient masking countermeasures for side-channel attacks in cryptography. In this paper, we investigate a method to construct correlation immune functions through families of mutually orthogonal cellular automata (MOCA). First, we show that the orthogonal array (OA) associated to a family of MOCA can be expanded to a binary OA of strength at least 2. To prove this result, we exploit the characterization of MOCA in terms of orthogonal labelings on de Bruijn graphs. Then, we use the resulting binary OA to define the support of a second-order correlation immune function. Next, we perform some computational experiments to construct all such functions up to n= 12 variables, and observe that their correlation immunity order is actually greater, always at least 3. We conclude by discussing how these results open up interesting perspectives for future research, with respect to the search of new correlation-immune functions and binary orthogonal arrays.</p

Exhaustive Generation of Linear Orthogonal Cellular Automata

We consider the problem of exhaustively visiting all pairs of linear cellular automata which give rise to orthogonal Latin squares, i.e., linear Orthogonal Cellular Automata (OCA). The problem is equivalent to enumerating all pairs of coprime polynomials over a finite field having the same degree and a nonzero constant term. While previous research showed how to count all such pairs for a given degree and order of the finite field, no practical enumeration algorithms have been proposed so far. Here, we start closing this gap by addressing the case of polynomials defined over the field \F_2, which corresponds to binary CA. In particular, we exploit Benjamin and Bennett's bijection between coprime and non-coprime pairs of polynomials, which enables us to organize our study along three subproblems, namely the enumeration and count of: (1) sequences of constant terms, (2) sequences of degrees, and (3) sequences of intermediate terms. In the course of this investigation, we unveil interesting connections with algebraic language theory and combinatorics, obtaining an enumeration algorithm and an alternative derivation of the counting formula for this problem

Exhaustive Generation of Linear Orthogonal Cellular Automata

We consider the problem of exhaustively visiting all pairs of linear cellular automata which give rise to orthogonal Latin squares, i.e., linear Orthogonal Cellular Automata (OCA). The problem is equivalent to enumerating all pairs of coprime polynomials over a finite field having the same degree and a nonzero constant term. While previous research showed how to count all such pairs for a given degree and order of the finite field, no practical enumeration algorithms have been proposed so far. Here, we start closing this gap by addressing the case of polynomials defined over the field \F_2, which corresponds to binary CA. In particular, we exploit Benjamin and Bennett's bijection between coprime and non-coprime pairs of polynomials, which enables us to organize our study along three subproblems, namely the enumeration and count of: (1) sequences of constant terms, (2) sequences of degrees, and (3) sequences of intermediate terms. In the course of this investigation, we unveil interesting connections with algebraic language theory and combinatorics, obtaining an enumeration algorithm and an alternative derivation of the counting formula for this problem.Comment: 9 pages, 1 figure. Submitted to the exploratory track of AUTOMATA 2023. arXiv admin note: text overlap with arXiv:2207.0040

A classification of S-boxes generated by orthogonal cellular automata

Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter 4≤d≤6, and measure their nonlinearity. Interestingly, we observe that for d=4 and d=5 all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for d=6, but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials.</p

A classification of S-boxes generated by Orthogonal Cellular Automata

Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter $4 \le d \le 6$, and measure their nonlinearity. Interestingly, we observe that for $d=4$ and $d=5$ all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for $d=6$, but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space (LCS) is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials

An Enumeration Algorithm for Binary Coprime Polynomials with Nonzero Constant Term

We address the enumeration of coprime polynomial pairs over \F_2 where both polynomials have a nonzero constant term, motivated by the construction of orthogonal Latin squares via cellular automata. To this end, we leverage on Benjamin and Bennett's bijection between coprime and non-coprime pairs, which is based on the sequences of quotients visited by dilcuE's algorithm (i.e. Euclid's algorithm ran backward). This allows us to break our analysis of the quotients in three parts, namely the enumeration and count of: (1) sequences of constant terms, (2) sequences of degrees, and (3) sequences of intermediate terms. For (1), we show that the sequences of constant terms form a regular language, and use classic results from algebraic language theory to count them. Concerning (2), we remark that the sequences of degrees correspond to compositions of natural numbers, which have a simple combinatorial description. Finally, we show that for (3) the intermediate terms can be freely chosen. Putting these three obeservations together, we devise a combinatorial algorithm to enumerate all such coprime pairs of a given degree, and present an alternative derivation of their counting formula

On the Minimum Distance of Subspace Codes Generated by Linear Cellular Automata

Motivated by applications to noncoherent network coding, we study subspace codes defined by sets of linear cellular automata (CA). As a first remark, we show that a family of linear CA where the local rules have the same diameter -- and thus the associated polynomials have the same degree -- induces a Grassmannian code. Then, we prove that the minimum distance of such a code is determined by the maximum degree occurring among the pairwise greatest common divisors (GCD) of the polynomials in the family. Finally, we consider the setting where all such polynomials have the same GCD, and determine the cardinality of the corresponding Grassmannian code. As a particular case, we show that if all polynomials in the family are pairwise coprime, the resulting Grassmannian code has the highest minimum distance possible

Computing random rr-orthogonal Latin squares

Two Latin squares of order $n$ are $r$-orthogonal if, when superimposed, there are exactly $r$ distinct ordered pairs. The spectrum of all values of $r$ for Latin squares of order $n$ is known. A Latin square $A$ of order $n$ is $r$-self-orthogonal if $A$ and its transpose are $r$-orthogonal. The spectrum of all values of $r$ is known for all orders $n\ne 14$. We develop randomized algorithms for computing pairs of $r$-orthogonal Latin squares of order $n$ and algorithms for computing $r$-self-orthogonal Latin squares of order $n$

Bent Functions from Cellular Automata

In this work, we present a primary construction of bent functions based on cellular automata (CA). We consider the well-known characterization of bent functions in terms of Hadamard matrices and employ some recent results about mutually orthogonal Latin squares (MOLS) based on linear bipermutive CA (LBCA) to design families of Hadamard matrices of the form required for bent functions. In particular, the main question to address in this construction can be reduced to finding a large enough set of coprime polynomials over $\mathbb{F}_q$, which are used to define a set of MOLS via LBCA. This set of MOLS is, in turn, used to define a Hadamard matrix of the specific structure characterizing a bent function. We settle the existence question of such bent functions by proving that the required coprime sets exist if and only if the degree of the involved polynomials is either $1$ or $2$, and we count the resulting sets. Next, we check if the functions of $8$ variables arising from our construction are EA-equivalent to Maiorana-McFarland functions, observing that most of them are not. Finally, we show how to represent the support of these bent functions as a union of the kernels of the underlying linear CA. This allows us, in turn, to prove that the functions generated by our construction belong to the partial spread class $\mathcal{PS}^-$. In particular, we remark that for degree $1$ our construction is a particular case of the Desarguesian spread construction