Building Correlation Immune Functions from Sets of Mutually Orthogonal Cellular Automata

Correlation immune Boolean functions play an important role in the implementation of efficient masking countermeasures for side-channel attacks in cryptography. In this paper, we investigate a method to construct correlation immune functions through families of mutually orthogonal cellular automata (MOCA). First, we show that the orthogonal array (OA) associated to a family of MOCA can be expanded to a binary OA of strength at least 2. To prove this result, we exploit the characterization of MOCA in terms of orthogonal labelings on de Bruijn graphs. Then, we use the resulting binary OA to define the support of a second-order correlation immune function. Next, we perform some computational experiments to construct all such functions up to $n=12$ variables, and observe that their correlation immunity order is actually greater, always at least 3. We conclude by discussing how these results open up interesting perspectives for future research, with respect to the search of new correlation-immune functions and binary orthogonal arrays

A classification of S-boxes generated by Orthogonal Cellular Automata

Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter $4 \le d \le 6$, and measure their nonlinearity. Interestingly, we observe that for $d=4$ and $d=5$ all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for $d=6$, but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space (LCS) is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials

Building Correlation Immune Functions from Sets of Mutually Orthogonal Cellular Automata

Correlation immune Boolean functions play an important role in the implementation of efficient masking countermeasures for side-channel attacks in cryptography. In this paper, we investigate a method to construct correlation immune functions through families of mutually orthogonal cellular automata (MOCA). First, we show that the orthogonal array (OA) associated to a family of MOCA can be expanded to a binary OA of strength at least 2. To prove this result, we exploit the characterization of MOCA in terms of orthogonal labelings on de Bruijn graphs. Then, we use the resulting binary OA to define the support of a second-order correlation immune function. Next, we perform some computational experiments to construct all such functions up to n= 12 variables, and observe that their correlation immunity order is actually greater, always at least 3. We conclude by discussing how these results open up interesting perspectives for future research, with respect to the search of new correlation-immune functions and binary orthogonal arrays.</p

A classification of S-boxes generated by orthogonal cellular automata

Most of the approaches published in the literature to construct S-boxes via Cellular Automata (CA) work by either iterating a finite CA for several time steps, or by a one-shot application of the global rule. The main characteristic that brings together these works is that they employ a single CA rule to define the vectorial Boolean function of the S-box. In this work, we explore a different direction for the design of S-boxes that leverages on Orthogonal CA (OCA), i.e. pairs of CA rules giving rise to orthogonal Latin squares. The motivation stands on the facts that an OCA pair already defines a bijective transformation, and moreover the orthogonality property of the resulting Latin squares ensures a minimum amount of diffusion. We exhaustively enumerate all S-boxes generated by OCA pairs of diameter 4≤d≤6, and measure their nonlinearity. Interestingly, we observe that for d=4 and d=5 all S-boxes are linear, despite the underlying CA local rules being nonlinear. The smallest nonlinear S-boxes emerges for d=6, but their nonlinearity is still too low to be used in practice. Nonetheless, we unearth an interesting structure of linear OCA S-boxes, proving that their Linear Components Space is itself the image of a linear CA, or equivalently a polynomial code. We finally classify all linear OCA S-boxes in terms of their generator polynomials.</p

Exhaustive Generation of Linear Orthogonal Cellular Automata

We consider the problem of exhaustively visiting all pairs of linear cellular automata which give rise to orthogonal Latin squares, i.e., linear Orthogonal Cellular Automata (OCA). The problem is equivalent to enumerating all pairs of coprime polynomials over a finite field having the same degree and a nonzero constant term. While previous research showed how to count all such pairs for a given degree and order of the finite field, no practical enumeration algorithms have been proposed so far. Here, we start closing this gap by addressing the case of polynomials defined over the field \F_2, which corresponds to binary CA. In particular, we exploit Benjamin and Bennett's bijection between coprime and non-coprime pairs of polynomials, which enables us to organize our study along three subproblems, namely the enumeration and count of: (1) sequences of constant terms, (2) sequences of degrees, and (3) sequences of intermediate terms. In the course of this investigation, we unveil interesting connections with algebraic language theory and combinatorics, obtaining an enumeration algorithm and an alternative derivation of the counting formula for this problem.Comment: 9 pages, 1 figure. Submitted to the exploratory track of AUTOMATA 2023. arXiv admin note: text overlap with arXiv:2207.0040

Balanced crossover operators in Genetic Algorithms

In several combinatorial optimization problems arising in cryptography and design theory, the admissible solutions must often satisfy a balancedness constraint, such as being represented by bitstrings with a fixed number of ones. For this reason, several works in the literature tackling these optimization problems with Genetic Algorithms (GA) introduced new balanced crossover operators which ensure that the offspring has the same balancedness characteristics of the parents. However, the use of such operators has never been thoroughly motivated, except for some generic considerations about search space reduction. In this paper, we undertake a rigorous statistical investigation on the effect of balanced and unbalanced crossover operators against three optimization problems from the area of cryptography and coding theory: nonlinear balanced Boolean functions, binary Orthogonal Arrays (OA) and bent functions. In particular, we consider three different balanced crossover operators (each with two variants: \u201cleft-to-right\u201d and \u201cshuffled\u201d), two of which have never been published before, and compare their performances with classic one-point crossover. We are able to confirm that the balanced crossover operators perform better than one-point crossover. Furthermore, in two out of three crossovers, the \u201cleft-to-right\u201d version performs better than the \u201cshuffled\u201d version

Exhaustive Generation of Linear Orthogonal Cellular Automata

We consider the problem of exhaustively visiting all pairs of linear cellular automata which give rise to orthogonal Latin squares, i.e., linear Orthogonal Cellular Automata (OCA). The problem is equivalent to enumerating all pairs of coprime polynomials over a finite field having the same degree and a nonzero constant term. While previous research showed how to count all such pairs for a given degree and order of the finite field, no practical enumeration algorithms have been proposed so far. Here, we start closing this gap by addressing the case of polynomials defined over the field \F_2, which corresponds to binary CA. In particular, we exploit Benjamin and Bennett's bijection between coprime and non-coprime pairs of polynomials, which enables us to organize our study along three subproblems, namely the enumeration and count of: (1) sequences of constant terms, (2) sequences of degrees, and (3) sequences of intermediate terms. In the course of this investigation, we unveil interesting connections with algebraic language theory and combinatorics, obtaining an enumeration algorithm and an alternative derivation of the counting formula for this problem

A Discrete Particle Swarm Optimizer for the Design of Cryptographic Boolean Functions

A Particle Swarm Optimizer for the search of balanced Boolean functions with good cryptographic properties is proposed in this paper. The algorithm is a modified version of the permutation PSO by Hu, Eberhart and Shi which preserves the Hamming weight of the particles positions, coupled with the Hill Climbing method devised by Millan, Clark and Dawson to improve the nonlinearity and deviation from correlation immunity of Boolean functions. The parameters for the PSO velocity equation are tuned by means of two meta-optimization techniques, namely Local Unimodal Sampling (LUS) and Continuous Genetic Algorithms (CGA), finding that CGA produces better results. Using the CGA-evolved parameters, the PSO algorithm is then run on the spaces of Boolean functions from $n=7$ to $n=12$ variables. The results of the experiments are reported, observing that this new PSO algorithm generates Boolean functions featuring similar or better combinations of nonlinearity, correlation immunity and propagation criterion with respect to the ones obtained by other optimization methods