Algorithm 959: VBF: A Library of C plus plus Classes for Vector Boolean Functions in Cryptography

VBF is a collection of C++ classes designed for analyzing vector Boolean functions (functions that map a Boolean vector to another Boolean vector) from a cryptographic perspective. This implementation uses the NTL library from Victor Shoup, adding new modules that call NTL functions and complement the existing ones, making it better suited to cryptography. The class representing a vector Boolean function can be initialized by several alternative types of data structures such as Truth Table, Trace Representation, and Algebraic Normal Form (ANF), among others. The most relevant cryptographic criteria for both block and stream ciphers as well as for hash functions can be evaluated with VBF: it obtains the nonlinearity, linearity distance, algebraic degree, linear structures, and frequency distribution of the absolute values of the Walsh Spectrum or the Autocorrelation Spectrum, among others. In addition, operations such as equality testing, composition, inversion, sum, direct sum, bricklayering (parallel application of vector Boolean functions as employed in Rijndael cipher), and adding coordinate functions of two vector Boolean functions are presented. Finally, three real applications of the library are described: the first one analyzes the KASUMI block cipher, the second one analyzes the Mini-AES cipher, and the third one finds Boolean functions with very high nonlinearity, a key property for robustness against linear attacks

Strong noise sensitivity and random graphs

The noise sensitivity of a Boolean function describes its likelihood to flip under small perturbations of its input. Introduced in the seminal work of Benjamini, Kalai and Schramm [Inst. Hautes \'{E}tudes Sci. Publ. Math. 90 (1999) 5-43], it was there shown to be governed by the first level of Fourier coefficients in the central case of monotone functions at a constant critical probability $p_c$. Here we study noise sensitivity and a natural stronger version of it, addressing the effect of noise given a specific witness in the original input. Our main context is the Erd\H{o}s-R\'{e}nyi random graph, where already the property of containing a given graph is sufficiently rich to separate these notions. In particular, our analysis implies (strong) noise sensitivity in settings where the BKS criterion involving the first Fourier level does not apply, for example, when $p_c\to0$ polynomially fast in the number of variables.Comment: Published at http://dx.doi.org/10.1214/14-AOP959 in the Annals of Probability (http://www.imstat.org/aop/) by the Institute of Mathematical Statistics (http://www.imstat.org

C-DIFFERENTIALS AND GENERALIZED CRYPTOGRAPHIC PROPERTIES OF VECTORIAL BOOLEAN AND P-ARY FUNCTIONS

This dissertation investigates a newly defined cryptographic differential, called a c-differential, and its relevance to the nonlinear substitution boxes of modern symmetric block ciphers. We generalize the notions of perfect nonlinearity, bentness, and avalanche characteristics of vectorial Boolean and p-ary functions using the c-derivative and a new autocorrelation function, while capturing the original definitions as special cases (i.e., when c=1). We investigate the c-differential uniformity property of the inverse function over finite fields under several extended affine transformations. We demonstrate that c-differential properties do not hold in general across equivalence classes typically used in Boolean function analysis, and in some cases change significantly under slight perturbations. Thus, choosing certain affine equivalent functions that are easy to implement in hardware or software without checking their c-differential properties could potentially expose an encryption scheme to risk if a c-differential attack method is ever realized. We also extend the c-derivative and c-differential uniformity into higher order, investigate some of their properties, and analyze the behavior of the inverse function's second order c-differential uniformity. Finally, we analyze the substitution boxes of some recognizable ciphers along with certain extended affine equivalent variations and document their performance under c-differential uniformity.Commander, United States NavyApproved for public release. Distribution is unlimited

The power of sum-of-squares for detecting hidden structures

We study planted problems---finding hidden structures in random noisy inputs---through the lens of the sum-of-squares semidefinite programming hierarchy (SoS). This family of powerful semidefinite programs has recently yielded many new algorithms for planted problems, often achieving the best known polynomial-time guarantees in terms of accuracy of recovered solutions and robustness to noise. One theme in recent work is the design of spectral algorithms which match the guarantees of SoS algorithms for planted problems. Classical spectral algorithms are often unable to accomplish this: the twist in these new spectral algorithms is the use of spectral structure of matrices whose entries are low-degree polynomials of the input variables. We prove that for a wide class of planted problems, including refuting random constraint satisfaction problems, tensor and sparse PCA, densest-k-subgraph, community detection in stochastic block models, planted clique, and others, eigenvalues of degree-d matrix polynomials are as powerful as SoS semidefinite programs of roughly degree d. For such problems it is therefore always possible to match the guarantees of SoS without solving a large semidefinite program. Using related ideas on SoS algorithms and low-degree matrix polynomials (and inspired by recent work on SoS and the planted clique problem by Barak et al.), we prove new nearly-tight SoS lower bounds for the tensor and sparse principal component analysis problems. Our lower bounds for sparse principal component analysis are the first to suggest that going beyond existing algorithms for this problem may require sub-exponential time

Distribution of the absolute indicator of random Boolean functions

The absolute indicator is one of the measures used to determine the resistance offered by a Boolean function when used in the design of a symmetric cryptosystem. It was proposed along with the sum of square indicator to evaluate the quality of the diffusion property of block ciphers and hash functions. While the behaviour of the sum of square of random Boolean functions was already known, what remained was the study of the comportment of the absolute indicator of random Boolean functions. As an application, we show that the absolute indicator can distinguish a nonrandom binary sequence from a random one

ICLabel: An automated electroencephalographic independent component classifier, dataset, and website

The electroencephalogram (EEG) provides a non-invasive, minimally restrictive, and relatively low cost measure of mesoscale brain dynamics with high temporal resolution. Although signals recorded in parallel by multiple, near-adjacent EEG scalp electrode channels are highly-correlated and combine signals from many different sources, biological and non-biological, independent component analysis (ICA) has been shown to isolate the various source generator processes underlying those recordings. Independent components (IC) found by ICA decomposition can be manually inspected, selected, and interpreted, but doing so requires both time and practice as ICs have no particular order or intrinsic interpretations and therefore require further study of their properties. Alternatively, sufficiently-accurate automated IC classifiers can be used to classify ICs into broad source categories, speeding the analysis of EEG studies with many subjects and enabling the use of ICA decomposition in near-real-time applications. While many such classifiers have been proposed recently, this work presents the ICLabel project comprised of (1) an IC dataset containing spatiotemporal measures for over 200,000 ICs from more than 6,000 EEG recordings, (2) a website for collecting crowdsourced IC labels and educating EEG researchers and practitioners about IC interpretation, and (3) the automated ICLabel classifier. The classifier improves upon existing methods in two ways: by improving the accuracy of the computed label estimates and by enhancing its computational efficiency. The ICLabel classifier outperforms or performs comparably to the previous best publicly available method for all measured IC categories while computing those labels ten times faster than that classifier as shown in a rigorous comparison against all other publicly available EEG IC classifiers.Comment: Intended for NeuroImage. Updated from version one with minor editorial and figure change