Constructive Relationships Between Algebraic Thickness and Normality

We study the relationship between two measures of Boolean functions; \emph{algebraic thickness} and \emph{normality}. For a function $f$, the algebraic thickness is a variant of the \emph{sparsity}, the number of nonzero coefficients in the unique GF(2) polynomial representing $f$, and the normality is the largest dimension of an affine subspace on which $f$ is constant. We show that for $0 < \epsilon<2$, any function with algebraic thickness $n^{3-\epsilon}$ is constant on some affine subspace of dimension $\Omega\left(n^{\frac{\epsilon}{2}}\right)$. Furthermore, we give an algorithm for finding such a subspace. We show that this is at most a factor of $\Theta(\sqrt{n})$ from the best guaranteed, and when restricted to the technique used, is at most a factor of $\Theta(\sqrt{\log n})$ from the best guaranteed. We also show that a concrete function, majority, has algebraic thickness $\Omega\left(2^{n^{1/6}}\right)$.Comment: Final version published in FCT'201

A lower bound on the higher order nonlinearity of algebraic immune functions

We extend the lower bound, obtained by M. Lobanov, on the first order nonlinearity of functions with given algebraic immunity, into a bound on the higher order nonlinearities

More PS and H-like bent functions

Two general classes (constructions) of bent functions are derived from the notion of spread. The first class, ${\cal PS}$, gives a useful framework for designing bent functions which are constant (except maybe at 0) on each of the $m$-dimensional subspaces of ${\Bbb F}_{2^{2m}}$ belonging to a partial spread. Explicit expressions (which may be used for applications) of bent functions by means of the trace can be derived for subclasses corresponding to some partial spreads, for instance the ${\cal PS}_{ap}$ class. Many more can be. The second general class, $H$, later slightly modified into a class called ${\cal H}$ so as to relate it to the so-called Niho bent functions, is (up to addition of affine functions) the set of bent functions whose restrictions to the subspaces of the Desarguesian spread (the spread of all multiplicative cosets of ${\Bbb F}_{2^m}^*$, added with 0, in ${\Bbb F}_{2^{2m}}^*$) are linear. It has been observed that the functions in ${\cal H}$ are related to o-polynomials, and this has led to several classes of bent functions in bivariate trace form. In this paper, after briefly looking at the ${\cal PS}$ functions related to the André spreads, and giving the trace representation of the ${\cal PS}$ corresponding bent functions and of their duals, we show that it is easy to characterize those bent functions whose restrictions to the subspaces of a spread are linear, but that it leads to a notion extending that of o-polynomial, for which it seems a hard task to find examples. We illustrate this with the André spreads and also study three other cases of ${\cal H}$-like functions (related to other spreads)

A method of construction of balanced functions with optimum algebraic immunity

Because of the recent algebraic attacks, a high algebraic immunity is now an absolutely necessary (but not sufficient) property for Boolean functions used in stream ciphers. A difference of only 1 between the algebraic immunities of two functions can make a crucial difference with respect to algebraic attacks. Very few examples of (balanced) functions with high algebraic immunity have been found so far. These examples seem to be isolated and no method for obtaining such functions is known. In this paper, we introduce a general method for proving that a given function, in any number of variables, has a prescribed algebraic immunity. We deduce an algorithm for generating balanced functions in any odd number of variables, with optimum algebraic immunity. We also give an algorithm, valid for any even number of variables, for constructing (possibly) balanced functions with optimum (or, if this can be useful, with high but not optimal) algebraic immunity. We also give a new example of an infinite class of such functions. We study their Walsh transforms. To this aim, we completely characterize the Walsh transform of the majority function

On highly nonlinear S-boxes and their inability to thwart DPA attacks (completed version)

Prouff has introduced recently, at FSE 2005, the notion of transparency order of S-boxes. This new characteristic is related to the ability of an S-box, used in a cryptosystem in which the round keys are introduced by addition, to thwart single-bit or multi-bit DPA attacks on the system. If this parameter has sufficiently small value, then the S-box is able to withstand DPA attacks without that ad-hoc modifications in the implementation be necessary (these modifications make the encryption about twice slower). We prove lower bounds on the transparency order of highly nonlinear S-boxes. We show that some highly nonlinear functions (in odd or even numbers of variables) have very bad transparency orders: the inverse functions (used as S-box in the AES), the Gold functions and the Kasami functions (at least under some assumption)

A construction of bent functions from plateaued functions

In this presentation, a technique for constructing bent functions from plateaued functions is introduced and analysed. This generalizes earlier techniques for constructing bent from near-bent functions. Using this construction, we obtain a big variety of inequivalent bent functions, some weakly regular and some non-weakly regular. Classes of bent function with some additional properties that enable the construction of strongly regular graphs are constructed, and explicit expressions for bent functions with maximal degree are presented

Doubly Perfect Nonlinear Boolean Permutations

Due to implementation constraints the XOR operation is widely used in order to combine plaintext and key bit-strings in secret-key block ciphers. This choice directly induces the classical version of the differential attack by the use of XOR-kind differences. While very natural, there are many alternatives to the XOR. Each of them inducing a new form for its corresponding differential attack (using the appropriate notion of difference) and therefore block-ciphers need to use S-boxes that are resistant against these nonstandard differential cryptanalysis. In this contribution we study the functions that offer the best resistance against a differential attack based on a finite field multiplication. We also show that in some particular cases, there are robust permutations which offers the best resistant against both multiplication and exponentiation base differential attacks. We call them doubly perfect nonlinear permutations

On the Complexity of Computing Two Nonlinearity Measures

We study the computational complexity of two Boolean nonlinearity measures: the nonlinearity and the multiplicative complexity. We show that if one-way functions exist, no algorithm can compute the multiplicative complexity in time $2^{O(n)}$ given the truth table of length $2^n$, in fact under the same assumption it is impossible to approximate the multiplicative complexity within a factor of $(2-\epsilon)^{n/2}$. When given a circuit, the problem of determining the multiplicative complexity is in the second level of the polynomial hierarchy. For nonlinearity, we show that it is #P hard to compute given a function represented by a circuit