Global Avalanche Characteristics of Boolean Functions by Concatenation
Zepeng Zhuo, Jinfeng Chong, Ruirui Yu, Mingsheng Ren
(School of Mathematical Science, Huaibei Normal University, Huaibei 235000, China)
Abstract:
In order to measure the correlation propeties of two Boolean functions, the global avalanche characteristics of Boolean functions constructed by concatenation are discussed, i.e.,f1‖f2 and f1‖f2‖f3‖f4.Firstly, for the function f=f1‖f2,the cross-correlation function off1, f2in the special condition are studied. In this case,f, f1, f2must be in desired form. By computing their sum-of-squares indicators, the cross-correlation function betweenf1, f2is obtained. Secondly, for the function g=f1‖f2‖f3‖f4,by analyzing the relation among their auto-correlation functions, their sum-of-squares indicators are investigated. Based on them, the sum-of-squares indicators of functions obtained by Canteaut et al. are investigated. The results show that the correlation property of g is good when the correlation properties of Boolean functionsf1, f2, f3, f4are good.
Key words: Boolean function cross-correlation function global avalanche characteristics sum-of-squares indicator
DOI:10.11916/j.issn.1005-9113.2016.03.011
Clc Number:TP918.1
Fund:
Zhuo Zepeng, Chong Jinfeng, Yu Ruirui, Ren Mingsheng. Global Avalanche Characteristics of Boolean Functions by Concatenation[J]. Journal of Harbin Institute of Technology, 2016, 23(3): 91-96. DOI: 10.11916/j.issn.1005-9113.2016.03.011.
Fund Sponsored by the National Natural Science Foundations of Anhui Higher Education Institutions of China(Grant No.KJ2014A220, KJ2014A231), and the Anhui Provincial Natural Science Foundation (Grant No. 1608085MF143), and the Key Program in the Youth Elite Support Plan in Universities of Anhui Province(Grant No.gxyqZD2016112). Corresponding author E-mail: zzp781021@sohu.com. Article history Received: 2015-06-28
Contents Abstract Full text Figures/Tables PDF
Global Avalanche Characteristics of Boolean Functions by Concatenation
Zhuo Zepeng, Chong Jinfeng, Yu Ruirui, Ren Mingsheng
School of Mathematical Science, Huaibei Normal University, Huaibei 235000, China
Received: 2015-06-28
Fund: Sponsored by the National Natural Science Foundations of Anhui Higher Education Institutions of China(Grant No.KJ2014A220, KJ2014A231), and the Anhui Provincial Natural Science Foundation (Grant No. 1608085MF143), and the Key Program in the Youth Elite Support Plan in Universities of Anhui Province(Grant No.gxyqZD2016112).
Corresponding author: E-mail: zzp781021@sohu.com.
Abstract: In order to measure the correlation propeties of two Boolean functions, the global avalanche characteristics of Boolean functions constructed by concatenation are discussed, i.e., f1‖f2 and f1‖f2‖f3‖f4. Firstly, for the function f=f1‖f2, the cross-correlation function of f1, f2 in the special condition are studied. In this case, f, f1, f2 must be in desired form. By computing their sum-of-squares indicators, the cross-correlation function between f1, f2 is obtained. Secondly, for the function g=f1‖f2‖f3‖f4, by analyzing the relation among their auto-correlation functions, their sum-of-squares indicators are investigated. Based on them, the sum-of-squares indicators of functions obtained by Canteaut et al. are investigated. The results show that the correlation property of g is good when the correlation properties of Boolean functions f1, f2, f3, f4 are good.
Key words: Boolean function cross-correlation function global avalanche characteristics sum-of-squares indicator
1 Introduction Boolean functions are central objects for the design and the security of symmetric cryptographic systems (stream ciphers and block ciphers). Boolean functions used in ciphers must satisfy some specific properties to resist different attacks. One of the most important properties of Boolean functions in Linear Feedback Shift Registers (LFSR) based stream ciphers is correlation immunity introduced by Siegenthaler[1]. For Boolean functions used in block ciphers, the most important properties are nonlinearity and differential characteristics (propagation degree, global avalanche characteristics (GAC) and so on) based on the auto-correlation or cross-correlation functions of Boolean functions. Construction of correlation immune and resilient (balanced correlation immune) functions has been an interesting research area from mid 1980s[2-6]. Zhang et al.[7-8] constructed an almost optimal resilient function on a large even number of variables by using several sets of disjoint spectra functions on a small number of variables. Along all paper, we apply actively auto-correlation or cross-correlation functions for the investigation of Boolean functions.
The strict avalanche criterion (SAC) and the propagation criterion (PC) are employed as a measure of the propagation characteristics of Boolean functions. They are very important concepts in designing cryptographic functions employed by data encryption algorithms and one-way hashing functions. However, SAC and PC capture only the local properties of Boolean functions. In order to measure the global properties of Boolean functions, Zhang and Zheng[9] introduced GAC and gave a lower bound and an upper bound on the two indicators, respectively. But the GAC is used to measure only one Boolean function, so as to measure the cross-correlation of two different Boolean functions from the confusion and the diffusion aspects. Zhou et al.[10-11] proposed the GAC of two Boolean functions, and deduced the tight lower and the tight upper bounds on the two indicators. Tang et al.[12] gave a method to construct balanced Boolean functions and the constructed functions possessed the best GAC property. Zhou et al.[13-14] studied the lower bound on the sum-of-squares indicator of balanced functions obtained by Son et al.[15], and introduced a new general class of balanced Boolean functions with optimal auto-correlation distribution.
It is always an important problem to construct Boolean functions with good cryptographic properties. Concatenation is an important method by which we can construct Boolean functions with good cryptographic properties.
2 Preliminaries In this section we introduce some basic concepts and notations. Let F2 denote the finite field with two elements. We denote by Bn the set of all Boolean functions n variables, i.e., of all the functions from F2n into F2. To avoid confusion with the additions of integers in R, denoted by + and Σi, we denote by ⊕ the additions in F2,F2n and Bn.
The Hamming weight wt(x) of an element x=(x1,x2,…,xn)∈F2n is the number of ones in x. We say that a Boolean function is balanced if its truth table contains an equal number of 0's and 1's, that is, if its Hamming weight equals wt(f)=2n-1. The Hamming distance between two functions f(x) and g(x), denoted by d(f, g), is the Hamming weight of f⊕g, i.e.,d(f, g)=wt(f⊕g).
Any Boolean function f(x)∈Bn, where x=(x1,x2,…,xn)∈F2n is generally represented by its algebraic normal form(ANF):
$f({x_1},{x_2}, \cdots ,{x_n}) = \mathop \oplus \limits_{u \in F_2^n} {\lambda _u}\left( {\prod\limits_{i = 1}^n {x_i^{{u_i}}} } \right)$
where λu∈F2 and u=(u1,u2,…,un)∈F2n. The algebraic degree of f(x), denoted by deg(f), is the maximal value of wt(u) such that λu≠0. A Boolean function is affine if there does not exist term of degree strictly greater than 1 in the ANF and the set of all affine functions is denoted by An. An affine function with constant term equal to zero is called a linear function. Any liner function on F2n is denoted by
$x \cdot w = {x_1}{w_1} \oplus {x_2}{w_2} \oplus \cdots \oplus {x_n}{w_n}$
where x, w∈F2n. The nonlinearity of an n-variable function f(x) is nl(f)= $\mathop {\min }\limits_{g \in {A_n}} \left( {d\left( {f, g} \right)} \right)$ , i.e., the minimal Hamming distance from the set of all n-variable affine functions. The Walsh transform of f(x)∈Bn is a real valued function over F2n which is defined as
${W_f}\left( w \right) = \sum\limits_{x \in F_2^n} {{{\left( { - 1} \right)}^{f\left( x \right) \oplus w \cdot x}}} $ (1)
The value of Walsh transform is also called the spectral distribution or simply the spectrum of a Boolean function. It is an important tool for the analysis of Boolean functions. It is well known that
$nl\left( f \right) = {2^{n - 1}} - \frac{1}{2}L\left( f \right)$
where $L\left( f \right) = \mathop {\max }\limits_{w \in F_2^n} \left| {{W_f}\left( w \right)} \right|$ . For n even, a function of n variables is called bent[16] if Wf(w)=±2n/2 for all w∈F2n. These functions are important in both cryptography and coding theory since they achieve the maximum nonlinearity among all n-variable functions.
Correlation immune functions were introduced by Siegethaler[1], to withstand a class of divide-and-conquer attacks on combine model of stream ciphers. Xiao and Massey[17] proved a spectral characterization of correlation immune functions. Here, we state this characterization as the definition of correlation immunity.
Definition 1[17] An n-variable Boolean function f(x)∈Bn is mth-order correlation immune if and only if its Walsh transform satisfies Wf(w)=0, for 0 <wt(w)≤m, w∈F2n.
Note that f(x) is balanced if and only if Wf(0)=0. Balanced mth-order correlation immune functions are called m-resilient functions. Thus, a function f(x) is m-resilient if and only if its Walsh transform satisfies
${W_f}\left( w \right) = 0, for0 \le wt\left( w \right) \le m$
In this paper, by an (n, m, d, x) function we denote an n-variable, m-resilient function with degree d and nonlinearity x. In the above notation, a component is replaced by a “-” if it is not specified, e.g.,(n, m, d,-) if the nonlinearity is not specified.
Definition 2 The cross-correlation function between two Boolean functions f(x), g(x)∈Bn,x∈F2n is an integer-valued function Δf, g(α): F2n→[-2n,2n] defined by
${\Delta _{f, g}}\left( \alpha \right) = \sum\limits_{x \in F_2^n} {{{\left( { - 1} \right)}^{{D_{f, g}}\left( \alpha \right)}}} $
where α∈F2n,Df, g(α)=f(x)⊕g(x⊕α) is called the derivative of f(x) and g(x) in the direction of α∈F2n.
In case f(x)=g(x) in Definition 2, the cross-correlation function Δf, f(α) is called the auto-correlation function of f(x) at α and denoted by Δf(α).
A Boolean function f(x) satisfies the propagation criterion PC(p) of degree p,1≤p≤n if Δf(α)=0, for 1≤wt(α)≤p. If f(x) is a bent function, then Δf(α)=0 for all non-zero α∈F2n. Hence bent functions satisfy PC(n).
Definition 3[10] Let f(x), g(x)∈Bn. The sum-of-squares indicator of the cross-correlation between f(x) and g(x) is defined by
${\sigma _{f, g}} = \sum\limits_{a \in F_2^n} {\Delta _{f, g}^2\left( a \right)} $
the absolute indicator of the cross-correlation between f(x) and g(x) is defined by
${\Delta _{f, g}} = \mathop {\max }\limits_{a \in F_2^n} \left| {{\Delta _{f, g}}\left( a \right)} \right|$
The above indicators are called the GAC between two Boolean functions. Zhou et al.[10] got
$0 \le {\Delta _{f, g}} \le {2^n},{({\Delta _{f, g}}\left( 0 \right))^2} \le {\sigma _{f, g}} \le {2^{3n}}$
If f(x)=g(x), then
${\sigma _f} = \sum\limits_{a \in F_2^n} {\Delta _f^2\left( a \right)} ,{\Delta _f} = \mathop {\max }\limits_{a \in F_2^n, a \ne 0} \left| {{\Delta _f}\left( a \right)} \right|$
The smaller σf and Δf are, the better the GAC of a Boolean function is. Zhang and Zheng[9] also derived bounds on two indicators:
$0 \le {\Delta _f} \le {2^n},{2^{2n}} \le {\sigma _f} \le {2^{3n}}$
and also showed that two lower bounds are achieved by bent functions. Definition 3 implies that the smaller Δf, g and σf, g are, the better the uncorrelation between f(x) and g(x) is.
By using the previous definitions, we give some simple results. These results state some of the basic properties of the auto-correlation function, cross-correlation function and the sum-of-squares indicator. The proof is just routine verification from the definition.
Proposition 1 Let f, g∈Bn for the complement function of f we use the notation f, i.e.,f=1⊕f.
Then
$\begin{array}{*{20}{c}}{{\Delta _f}\left( \alpha \right) = {\Delta _{\bar f}}\left( \alpha \right),{\Delta _{f, g}}\left( \alpha \right) = {\Delta _{g, f}}\left( \alpha \right) = {\Delta _{\bar f,\bar g}}\left( \alpha \right)}\\{{\Delta _{f,\bar g}}\left( \alpha \right) = - {\Delta _{f, g}}\left( \alpha \right),{\Delta _{f,\bar f}}\left( \alpha \right) = - {\Delta _f}\left( \alpha \right)}\\{{\Delta _{\bar f,\bar f}}\left( \alpha \right) = {\Delta _f}\left( \alpha \right),{\sigma _f} = {\sigma _{\bar f}},{\sigma _{f,\bar g}} = {\sigma _{f, g}}}\\{{\sigma _{f,\bar f}} = {\sigma _{\bar f,\bar f}} = {\sigma _f}}\end{array}$
3 GAC of f1‖f2 In this section, we will use concatenation of Boolean functions. Let f1,f2∈Bn-1 and f(x)∈Bn. Then by concatenation of f1 and f2, we mean that the output columns of the truth tables of f1,f2 are concatenated to provide the output column of the truth table of an n-variable function.
We denote the concatenation of f1,f2 by f1‖f2. So,f=f1‖f2 has the in algebraic normal form
$\begin{array}{*{20}{c}}{f({x_1},{x_2}, \cdots ,{x_n}) = {f_1}({x_1},{x_2}, \cdots ,{x_{n - 1}}) \oplus {x_n}\left( {{f_1}\left( {{x_1},} \right.} \right.}\\{{x_2}, \cdots ,{x_{n - 1}}) \oplus {f_2}\left. {({x_1},{x_2}, \cdots ,{x_{n - 1}})} \right).}\end{array}$
In Ref.[11], the relationship among σf and σf1,σf2 was given by using the definition of auto-correlation function.
Lemma 1[11] Let f(x, xn)=f1‖f2∈Bn,x∈F2n-1,xn∈F2,f1,f2∈Bn-1, then
${\sigma _f} = {\sigma _{{f_1}}} + {\sigma _{{f_2}}} + 6{\sigma _{{f_1},{f_2}}}$ (2)
According to Lemma 1, a function f(x)∈Bn is constructed with a lower bound on σf by choosing the proper component functions f1,f2 in Ref.[11]. For the function f, we have
Theorem 1 Let f be a (n, m, n-m-1,2n-1-2m+1) function with f=f1‖f2, where f1,f2 are (n-1,m, n-m-2,-) functions,m > n/2-2.Then Δf1,f2(α)=0 for all α∈F2n-1.
Proof From Ref.[18], we know that the Walsh transforms of f,f1,f2 are three-valued 0,±2m+2. We shall compute the σf and σf1,σf2, respectively.
Let k be the number of elements α such that Wf(α)=0. By Parseval's equation $\sum\limits_{a \in F_2^n} {W_f^2\left( \alpha \right)} = {2^{2n}}$ , we have
$({2^n} - k){2^{2m + 4}} = {2^{2n}}$
thus,k=2n-22n-2m-4. According to the formula ${\sigma _f} = {2^{ - n}}\sum\limits_{\alpha \in F_2^n} {W_f^4\left( \alpha \right)} $ [19], we obtain
$\begin{array}{*{20}{c}}{{\sigma _f} = {2^{ - n}}\sum\limits_{\alpha \in F_2^n} {W_f^4\left( \alpha \right)} = {2^{ - n}}\left( {{2^n} - k} \right){2^{4m + 8}} = }\\{{2^{ - n}}{2^{2n - 2m - 4}}{2^{4m + 8}} = {2^{n + 2m + 4}}}\end{array}$
Similarly, we get σf1=σf2=2n+2m+3. Thanks to Lemma 1, we have
${2^{n + 2m + 4}} = {2^{n + 2m + 3}} + {2^{n + 2m + 3}} + 6{\sigma _{{f_1},{f_2}}}$
therefore,σf1,f2=0. As,σf1,f2=∑α∈F2n-1Δf1,f22(α),
thus
${\Delta _{{f_1},{f_2}}}\left( \alpha \right) = 0$
for all α∈F2n-1.
Remark
1-1 We know that if f1 and f2 are (n-1,m,-,-), then f=f1‖f2 is (n, m,-,-). This was proved by Camion et al. in Ref.[2]. In the above theorem, the f,f1 and f2 have to be in desired form, i.e., a (n, m, d,-) function f is in desired form if it is of the form f=f1‖f2, where f1 and f2 are (n-1,m, d-1,-) functions[4].
1-2 In Ref.[20], if Δf1,f2(α)=0 for all α∈F2n-1, we say that two functions f1 and f2 above are perfectly uncorrelated. From the Corollary 3.4 in Ref.[20], we know that f1 and f2 are perfectly uncorrelated if and only if f1 and f2 have non-intersecting spectra, i.e.,Wf1(α)Wf2(α)=0 for all α. So, the result in Theorem 1 is equivalent to [4, Proposition 3].
4 GAC of f1(x)‖f2(x)‖f3(x)‖f4(x) In this section, we mainly discuss Boolean function
$g(x,{x_{n + 1}},{x_{n + 2}}) = {f_1}\left( x \right)\left\| {{f_2}\left( x \right)} \right\|\left. {{f_3}\left( x \right)} \right\|{f_4}\left( x \right) \in {{\rm B}_{n + 2}}$ (3)
i.e., the algebraic normal form of g(x, xn+1,xn+2) is
$\begin{array}{*{20}{l}}{g\left( {x,{x_{n + 1}},{x_{n + 2}}} \right) = {f_1} \oplus {x_{n + 1}}\left( {{f_1} \oplus {f_2}} \right) \oplus {x_{n + 2}}({f_1} \oplus }\\{{f_3}) \oplus {x_{n + 1}}{x_{n + 2}}\left( {{f_1} \oplus {f_2} \oplus {f_3} \oplus {f_4}} \right)}\end{array}$
where x∈F2n,(xn+1,xn+2)∈F22. We shall first present the following result.
Lemma 2 Let g be defined as formula (3). Then
${\Delta _g}\left( {\alpha ,0,0} \right) = {\Delta _{{f_1}}}\left( \alpha \right) + {\Delta _{{f_2}}}\left( \alpha \right) + {\Delta _{{f_3}}}\left( \alpha \right) + {\Delta _{{f_4}}}\left( \alpha \right)$ (4)
${\Delta _g}\left( {\alpha ,0,1} \right) = 2\left[ {{\Delta _{{f_1},{f_3}}}\left( \alpha \right) + {\Delta _{{f_2},{f_4}}}\left( \alpha \right)} \right]$ (5)
${\Delta _g}\left( {\alpha ,1,0} \right) = 2\left[ {{\Delta _{{f_1},{f_2}}}\left( \alpha \right) + {\Delta _{{f_3},{f_4}}}\left( \alpha \right)} \right]$ (6)
${\Delta _g}\left( {\alpha ,1,1} \right) = 2\left[ {{\Delta _{{f_1},{f_4}}}\left( \alpha \right) + {\Delta _{{f_2},{f_3}}}\left( \alpha \right)} \right]$ (7)
where α∈F2n.
Proof We only prove the Eqs.(4) and (5). According to Definition 2, set α∈F2n,xn+1,xn+2∈F2, we deduce that
$\begin{align} & {{\Delta }_{g}}\left( \alpha ,0,0 \right)=\sum\limits_{(x,{{x}_{n+1}},{{x}_{n+2}})\in F_{2}^{n+2}}{{{\left( -1 \right)}^{g(x,{{x}_{n+1}},{{x}_{n+2}})\oplus g(x\oplus \alpha ,{{x}_{n+1}},{{x}_{n+2}})}}}= \\ & \sum\limits_{x\in F_{2}^{n}}{{{\left( -1 \right)}^{{{f}_{1}}\left( x \right)\oplus {{f}_{1}}(x\oplus \alpha )}}}+\sum\limits_{x\in F_{2}^{n}}{{{\left( -1 \right)}^{{{f}_{2}}\left( x \right)\oplus {{f}_{2}}(x\oplus \alpha )}}}+ \\ & \sum\limits_{x\in F_{2}^{n}}{{{\left( -1 \right)}^{{{f}_{3}}\left( x \right)\oplus {{f}_{3}}(x\oplus \alpha )}}}+\sum\limits_{x\in F_{2}^{n}}{{{\left( -1 \right)}^{{{f}_{4}}\left( x \right)\oplus {{f}_{4}}(x\oplus \alpha )}}}= \\ & {{\Delta }_{{{f}_{1}}}}\left( \alpha \right)+{{\Delta }_{{{f}_{2}}}}\left( \alpha \right)+{{\Delta }_{{{f}_{3}}}}\left( \alpha \right)+{{\Delta }_{{{f}_{4}}}}\left( \alpha \right) \\ \end{align}$
Now we prove equality (5).
$\begin{align} & {{\Delta }_{g}}\left( \alpha ,0,1 \right)=\sum\limits_{(x,{{x}_{n+1}},{{x}_{n+2}})\in F_{2}^{n+2}}{{{\left( -1 \right)}^{g(x,{{x}_{n+1}},{{x}_{n+2}})\oplus g(x\oplus \alpha ,{{x}_{n+1}},{{x}_{n+2}}\oplus 1)}}}= \\ & \sum\limits_{x\in F_{2}^{n}}{{{\left( -1 \right)}^{{{f}_{1}}\left( x \right)\oplus {{f}_{3}}(x\oplus \alpha )}}}+ \\ & \sum\limits_{x\in F_{2}^{n}}{{{\left( -1 \right)}^{{{f}_{3}}\left( x \right)\oplus {{f}_{1}}(x\oplus \alpha )}}}+ \\ & \sum\limits_{x\in F_{2}^{n}}{{{\left( -1 \right)}^{{{f}_{2}}\left( x \right)\oplus {{f}_{4}}(x\oplus \alpha )}}}+\sum\limits_{x\in F_{2}^{n}}{{{\left( -1 \right)}^{{{f}_{4}}\left( x \right)\oplus {{f}_{2}}(x\oplus \alpha )}}}= \\ & 2\left( {{\Delta }_{{{f}_{1}},{{f}_{3}}}}\left( \alpha \right)+{{\Delta }_{{{f}_{2}},{{f}_{4}}}}\left( \alpha \right) \right). \\ \end{align}$
The proof is completed.
According to Lemma 2, when f2=f3, we can get the result in Lemma 3 of Ref.[21]. By using the result, the sufficient and necessary condition is obtained for constructing a bent function with f1‖f2‖f3‖f4 in Ref.[21]. In the following, we study the sum-of-squares indicator of g. We need the following lemma[22].
Lemma 3[22] Let f1(x),f2(x),f3(x),f4(x)∈Bn. Then
$\sum\limits_{\alpha \in F_2^n} {{\Delta _{{f_1},{f_2}}}\left( \alpha \right)} {\Delta _{{f_3},{f_4}}}\left( {\alpha \oplus e} \right) = \sum\limits_{\alpha \in F_2^n} {{\Delta _{{f_1},{f_3}}}\left( a \right)} {\Delta _{{f_2},{f_4}}}\left( {a \oplus e} \right)$
In Lemma 3, if e=0, we have
$\sum\limits_{\alpha \in F_2^n} {{\Delta _{{f_1},{f_2}}}\left( \alpha \right)} {\Delta _{{f_3},{f_4}}}\left( \alpha \right) = \sum\limits_{\alpha \in F_2^n} {{\Delta _{{f_1},{f_3}}}\left( a \right)} {\Delta _{{f_2},{f_4}}}\left( a \right)$ (8)
Theorem 2 Let g be defined as formula (3), then
$\begin{array}{*{20}{c}}{{\sigma _g} = {\sigma _{{f_1}}} + {\sigma _{{f_2}}} + {\sigma _{f3}} + {\sigma _{{f_4}}} + 6({\sigma _{{f_1},{f_2}}} + {\sigma _{{f_1},{f_3}}} + {\sigma _{{f_1},{f_4}}} + }\\{{\sigma _{{f_2},{f_3}}} + {\sigma _{{f_2},{f_4}}} + {\sigma _{{f_3},{f_4}}}) + 24\lambda }\end{array}$ (9)
where $\lambda = \sum\limits_{\alpha \in F_2^n} {{\Delta _{{f_1},{f_2}}}\left( \alpha \right)} {\Delta _{{f_3},{f_4}}}\left( \alpha \right)$ .
Proof According to the definition of auto-correlation function and Lemmas 2,3, we get
$\begin{array}{*{20}{l}}{{\sigma _g} = \sum\limits_{(a,{a_{n + 1}},{a_{n + 2}}) \in F_2^n \times {F_2} \times {F_2}} {\Delta _g^2(a,{a_{n + 1}},{a_{n + 2}})} = }\\{\sum\limits_{a \in F_2^n,{a_{n + 1}} = 0,{a_{n + 2}} = 0} {\Delta _g^2\left( {a,0,0} \right)} + \sum\limits_{a \in F_2^n,{a_{n + 1}} = 0,{a_{n + 2}} = 1} {\Delta _g^2\left( {a,0,1} \right) + } }\\{\sum\limits_{a \in F_2^n,{a_{n + 1}} = 1,{a_{n + 2}} = 0} {\Delta _g^2\left( {a,1,0} \right)} + \sum\limits_{a \in F_2^n,{a_{n + 1}} = 1,{a_{n + 2}} = 1} {\Delta _g^2\left( {a,1,1} \right)} = }\\{\sum\limits_{a \in F_2^n} {{{\left( {{\Delta _{{f_1}}}\left( a \right) + {\Delta _{{f_2}}}\left( a \right) + {\Delta _{{f_3}}}\left( a \right) + {\Delta _{{f_4}}}\left( a \right)} \right)}^2}} + }\\{4\sum\limits_{a \in F_2^n} {{{\left( {{\Delta _{{f_1},{f_3}}}\left( a \right) + {\Delta _{{f_2},{f_4}}}\left( a \right)} \right)}^2}} + 4\sum\limits_{a \in F_2^n} {\left( {{\Delta _{{f_1},{f_2}}}\left( a \right)} \right. + } }\\{{{\left. {{\Delta _{{f_3},{f_4}}}\left( a \right)} \right)}^2} + 4\sum\limits_{a \in F_2^n} {{{\left( {{\Delta _{{f_1},{f_4}}}\left( a \right) + {\Delta _{{f_2},{f_3}}}\left( a \right)} \right)}^2}} = }\\{\sum\limits_{a \in F_2^n} {\left( {\Delta _{{f_1}}^2\left( a \right) + \Delta _{{f_2}}^2\left( a \right) + \Delta _{{f_3}}^2\left( a \right) + \Delta _{{f_4}}^2\left( a \right)} \right)} + }\\{2\sum\limits_{a \in F_2^n} {\left( {{\Delta _{{f_1}}}\left( a \right){\Delta _{{f_2}}}\left( a \right) + {\Delta _{{f_1}}}\left( a \right){\Delta _{{f_3}}}\left( a \right) + {\Delta _{{f_1}}}\left( a \right){\Delta _{{f_4}}}\left( a \right)} \right)} + }\\{2\sum\limits_{a \in F_2^n} {\left( {{\Delta _{{f_2}}}\left( a \right){\Delta _{{f_3}}}\left( a \right) + {\Delta _{{f_2}}}\left( a \right){\Delta _{{f_3}}}\left( a \right) + {\Delta _{{f_3}}}\left( a \right){\Delta _{{f_4}}}\left( a \right)} \right)} + }\\{4\sum\limits_{a \in F_2^n} {\left( {\Delta _{{f_1},{f_3}}^2\left( a \right) + \Delta _{{f_2},{f_4}}^2\left( a \right)} \right)} + 8\sum\limits_{a \in F_2^n} {{\Delta _{{f_1},{f_3}}}\left( a \right){\Delta _{{f_2},{f_4}}}\left( a \right)} + }\\{4\sum\limits_{a \in F_2^n} {\left( {\Delta _{{f_1},{f_2}}^2\left( a \right) + \Delta _{{f_3},{f_4}}^2\left( a \right)} \right)} + 8\sum\limits_{a \in F_2^n} {{\Delta _{{f_1},{f_2}}}\left( a \right){\Delta _{{f_3},{f_4}}}\left( a \right)} + }\\{4\sum\limits_{a \in F_2^n} {\left( {\Delta _{{f_1},{f_4}}^2\left( a \right) + \Delta _{{f_2},{f_3}}^2\left( a \right)} \right)} + 8\sum\limits_{a \in F_2^n} {{\Delta _{{f_1},{f_4}}}\left( a \right){\Delta _{{f_2},{f_3}}}\left( a \right)} + }\end{array}$
$\begin{array}{*{20}{c}}{{\sigma _g} = {\sigma _{{f_1}}} + {\sigma _{{f_2}}} + {\sigma _{f3}} + {\sigma _{{f_4}}} + 6({\sigma _{{f_1},{f_2}}} + {\sigma _{{f_1},{f_3}}} + {\sigma _{{f_1},{f_4}}}}\\{ + {\sigma _{{f_2},{f_3}}} + {\sigma _{{f_2},{f_4}}} + {\sigma _{{f_3},{f_4}}}) + 24\lambda }\end{array}$
where $\lambda = \sum\limits_{\alpha \in F_2^n} {{\Delta _{{f_1},{f_2}}}\left( \alpha \right)} {\Delta _{{f_3},{f_4}}}\left( \alpha \right)$ .
The iterative construction of bent functions for constructing n+2-variable bent functions from n-variable bent functions was proposed in the Corollary 1 of Ref.[19]. According to Theorem 2, we can easily get this result.
Corollary 1 Let n be even and f(x), g(x)∈Bn be two bent functions, then
$F = f\left( x \right)\left\| {f\left( {x \oplus a} \right)} \right\|\left. {g\left( x \right)} \right\|\left( {g\left( {x + a} \right) \oplus 1} \right)$
is a bent function, where a∈F2n.
Proof Thanks to Proposition 1, we deduce from Theorem 2 that
$\begin{array}{*{20}{c}}{{\sigma _{{f_1}}} = {\sigma _{{f_2}}} = {\sigma _f},{\sigma _{{f_3}}} = {\sigma _{{f_4}}} = {\sigma _g},{\sigma _{{f_1},{f_2} = }}{\sigma _f}}\\{{\sigma _{{f_1},{f_3}}} = {\sigma _{{f_1},{f_4}}} = {\sigma _{{f_2},{f_3}}} = {\sigma _{{f_2},{f_4}}} = {\sigma _{f, g}},{\sigma _{{f_3},{f_4}}} = {\sigma _g}}\\{{\Delta _{{f_1},{f_2}}}\left( a \right) = {\Delta _f}\left( a \right),{\Delta _{{f_3},{f_4}}}\left( a \right) = - {\Delta _g}\left( a \right),\lambda = - {\sigma _{f, g}}}\end{array}$
Thus,
${\sigma _F} = 2{\sigma _f} + 2{\sigma _g} + 6{\sigma _f} + 24{\sigma _{f, g}} + 6{\sigma _g} - 24{\sigma _{f, g}} = 8{\sigma _f} + 8{\sigma _g}$
as σf=σg=22n, so
${\sigma _F} = 8{\sigma _f} + 8{\sigma _g} = {2^{2n + 4}} = {2^{2(n + 2)}}$
Therefore,F is bent.
Corollary 2 Let f∈Bn, considering the function g∈Bn+2 with
$g = f\left\| f \right\|\left. f \right\|\bar f$
then σg=16σf.
Proof Using formula (9) and Proposition 1, we have
${\sigma _g} = 4{\sigma _f} + 36{\sigma _f} - 24{\sigma _f} = 16{\sigma _f}$
Remark 2 The function g above was studied in Ref.[4]. From Ref.[4], we know that if f is a (n,1, d, x) function, where d≥2, then g is a (n+2,1,d,2n+2x) function. Moreover, from Corollary 2, we obtain that if f is a bent function, and then σf=22n, where n is even, and σg=16σf=16·22n=22(n+2). Thus,g is also a bent function.
In the end of this section, we investigate an existing construction method[4, 18] for generating resilient functions on a certain number of variables from functions on a lower number of a variables.
Construction[18] Let f be a (n, m, d, x) function with f=f1‖f2, where f1,f2 are both (n-1,m, d-1,-) functions. Let
$F = f\left\| {\bar f} \right\|\left. {\bar f} \right\|f, G = g\left\| h \right\|\left. {\bar h} \right\|\bar g$
where g=f1‖f1and h=f2‖f-2. Then, the function H=F‖G is a (n+3,m+2,d+1,2n+1+4x) function.
For the functions F, G[18] has been shown that the set of nonzero Walsh transforms of the constituent functions of H are disjoint. Thus, according to Ref.[20], we obtain that ΔF, G(β)=0 or all β∈F2n+2 and σF, G=0. However, it is not very clear what is the relationship among σH,σF and σG. Next we will study this problem as follows.
Theorem 3 With the same notation as above, we have σH=2σF=2σG.
Proof By using formula (2), we have σH=σF+σG+6σF, G. Since ΔF, G(β)=0 for all β∈F2n+2 and σF, G=0. Hence,σH=σF+σG. In the following, we shall compute σF,σG, respectively.
Step 1 According to formula (9) and Proposition 1, we have
${\sigma _F} = 4{\sigma _f} + 36{\sigma _f} + 24{\sigma _f} = 64{\sigma _f}$
As,σf=σf1+σf1+6σf1,f2. Hence,
${\sigma _F} = 64{\sigma _{{f_1}}} + 64{\sigma _{{f_1}}} + 384{\sigma _{{f_1},{f_2}}}$ (10)
Step 2 From formula (9), Proposition 1 and the definition of sum-of-squares indicator, we have
$\begin{array}{l}{\sigma _G} = 2{\sigma _g} + 2{\sigma _h} + 6(4{\sigma _{g, h}} + {\sigma _g} + {\sigma _h}) + 24{\sigma _{g, h}} = \\8{\sigma _g} + 8{\sigma _h} + 48{\sigma _{g, h}}\end{array}$
Moreover, fromformula (2) and Proposition 1, we get
${\sigma _g} = 8{\sigma _{{f_1}}},{\sigma _h} = 8{\sigma _{{f_2}}}$
Now we compute σg, h, by using the definition of auto-correlation function. For any w∈F2n-1,wn∈F2, we have
${\Delta _g}\left( {w,{w_n}} \right) = \left\{ {\begin{array}{*{20}{l}}{2{\Delta _{{f_1}}}\left( \omega \right),}&{{\rm{if}}{\omega _n} = 0}\\{ - 2{\Delta _{{f_1}}}\left( \omega \right),}&{{\rm{if}}{\omega _n} = 1}\end{array}} \right.$
and
${\Delta _h}\left( {w,{w_n}} \right) = \left\{ {\begin{array}{*{20}{l}}{2{\Delta _{{f_2}}}\left( \omega \right),}&{{\rm{if}}{\omega _n} = 0}\\{ - 2{\Delta _{{f_2}}}\left( \omega \right),}&{{\rm{if}}{\omega _n} = 1}\end{array}} \right.$
Then
$\begin{align} & {{\sigma }_{g, h}}=\sum\limits_{\alpha \in F_{2}^{n}}{\Delta _{g, h}^{2}}\left( \alpha \right)=\sum\limits_{\omega \in F_{2}^{n-1},{{\omega }_{n}}\in {{F}_{2}}}{{{\Delta }_{g}}(\omega ,{{\omega }_{n}}){{\Delta }_{h}}(\omega ,{{\omega }_{n}})}= \\ & \sum\limits_{\omega \in F_{2}^{n-1}}{{{\Delta }_{g}}\left( \omega ,0 \right){{\Delta }_{h}}\left( \omega ,0 \right)}+\sum\limits_{\omega \in F_{2}^{n-1}}{{{\Delta }_{g}}\left( \omega ,1 \right){{\Delta }_{h}}\left( \omega ,1 \right)}= \\ & 4\sum\limits_{\omega \in F_{2}^{n-1}}{{{\Delta }_{{{f}_{1}}}}\left( \omega \right){{\Delta }_{{{f}_{2}}}}\left( \omega \right)}+4\sum\limits_{\omega \in F_{2}^{n-1}}{{{\Delta }_{{{f}_{1}}}}\left( \omega \right){{\Delta }_{{{f}_{2}}}}\left( \omega \right)}= \\ & 8\sum\limits_{\omega \in F_{2}^{n-1}}{{{\Delta }_{{{f}_{1}}}}\left( \omega \right){{\Delta }_{{{f}_{2}}}}\left( \omega \right)}=8{{\sigma }_{{{f}_{1}},{{f}_{2}}}} \\ \end{align}$
Therefore,
${\sigma _G} = 64{\sigma _{{f_1}}} + 64{\sigma _{{f_1}}} + 384{\sigma _{{f_1},{f_2}}}$ (11)
Combining formulas (10) and (11), we have
${\sigma _F} = {\sigma _G}$
Thus,σH=2σF=2σG. This completes the proof.
Remark 3 In Ref.[11], Zhou et al. claimed that if f=f1‖f2, where f1,f2∈βn-1,
Then
${\sigma _{{f_1}}} + {\sigma _{{f_2}}} \le {\sigma _f} \le {\sigma _{{f_1}}} + {\sigma _{{f_2}}}6\sqrt {{\sigma _{{f_1}}}{\sigma _{{f_2}}}} $
where σf1+σf2=σf if and only if Δf1,f2(α)=0 for all α∈F2n-1. According to Theorem 3, we know that this construction can get a Boolean function with the lower bound on sum-of-squares indicator by choosing the proper initial functions.
5 Conclusions In this paper, we mainly discuss the GAC of Boolean function by concatenation, i.e.,f1‖f2 and f1‖f2‖f3‖f4. For the function f=f1‖f2, we study the cross-correlation function of f1,f2 in the special condition. Finally, for the function g=f1‖f2‖f3‖f4, by analyzing the relation among their auto-correlation functions, we investigate its sum-of-squares indicator. Also, we obtain some interesting results on this function. The future work will focus on how to construct the Boolean functions with good GAC using these results. Furthermore we hope that these results will be considered helpful in further study of Boolean functions.
References
[1] Siegenthaler T. Correlation-immunity of nonlinear combining functions for cryptographic applications. IEEE Transactions on Information Theory, 1984, 30(5): 776-780. (0)
[2] Camion P, Carlet C, Charpin P, et al. On correlation-immune functions. Advances in Cryptology-CRYPTO' 91, Lecture Notes in Computer Science, Springer-Verlag, 1992, 576: 85-100. (0)
[3] Carlet C. More correlation-immune and resilient functions over Galois fields and Galois rings. Advances in Cryptology-Eurocrypto' 92, Lecture Notes in Computer Science, Springer-Verlag, 1997, 1223: 422-433. (0)
[4] Maitra S, Pasalic E. Further constructions of resilient Boolean functions with very high nonlinearity. IEEE Transactions on Information Theory, 2002, 48(7): 1825-1834. (0)
[5] Wang Qichun, Peng Jie. Constructions of cryptographically significant Boolean functions using primitive polynomials. IEEE Transactions on Information Theory, 2010, 56(6): 3048-3053. (0)
[6] Zhang Weiguo, Pasalic E. Constructions of resilient S-boxes with strictly almost optimal nonlinearity through disjoint linear codes. IEEE Transactions on Information Theory, 2014, 60(3): 1638-1651. (0)
[7] Zhang Weiguo, Xiao Guozhen. Constructions of almost optimal resilient Boolean functions on large even number of variable. IEEE Transactions on Information Theory, 2009, 55(12): 5822-5831. (0)
[8] Zhang WeiGuo, Jiang Fuqiang, Tang Deng. Construction of highlynonlinear resilient Boolean functions satisfying strict avalanche criterion. Science China Information Sciences, 2014, 57(4): 049101. (0)
[9] Zhang Xianmo, Zheng Yuliang. GAC-the criterion for global avalanche characteristics of cryptographic functions. Journal Universal Computer Sciences, 1995, 1(5): 316-333. (0)
[10] Zhou Yu, Xie Min, Xiao Guozhen. On the global avalanche characteristics between two Boolean functions and the higher order nonlinearity. Information Science, 2010, 180(2): 256-265. (0)
[11] Zhou Yu, Zhang Wenzheng, Zhu Shixiong, et al. The global avalanche characteristics of two Boolean functions and algebraic immunity. International Journal of Computer Mathematics, 2012, 89(16): 2165-2179. (0)
[12] Tang Deng, Zhang Weiguo, Tang Xiaohu. Construction of balanced Boolean functions with high nonlinearity and good autocorrelation properties. Designs, Codes and Cryptography, 2013, 67: 77-91. (0)
[13] Zhou Yu. On the distribution of auto-correlation value of balanced Boolean functions. Advanced in Mathematics of Communication, 2013, 7(3): 335-347. (0)
[14] Zhou Yu, Zhang Weiguo, Li Juan, et al. The autocorrelation distribution of balanced Boolean functions. Frontiers of Computer Science, 2013, 7(2): 272-278. (0)
[15] Son J J, Lim J I, Chee S, et al. Global avalanche characteristics and nonlinearity of balanced Boolean functions. Information Processing Letters, 1998, 65: 139-144. (0)
[16] Rothaus O S. On bent functions. Journal of Combinatorial Theory, 1976, 20(A): 300-305. (0)
[17] Xiao Guozhen, Massey J. A spectral characterization of correlation immune combining functions. IEEE Transactions on Information Theory, 1988, 34(3): 569-571. (0)
[18] Pasalic E, Maitra S, Johanson T, et al. New constructions of resilient and correlation immune Boolean functions achieving upper bound on nonlinearity. Workshop on Coding and Cryptography, Electronic Notes in Discrete Mathematics, Elsevier, 2001, 6: 8-12. (0)
[19] Zeng Xiangyong, Hu Lie. An iterative construction of bent functions. Acta Electronica Sinica, 2010, 38(12): 2724-2728. (0)
[20] Sarkar P, Maitra S. Cross-correlation analysis of cryptographically useful Boolean functions and S-boxes. Theory Computer systems, 2002, 35: 39-57. (0)
[21] Sun Guanghong, Wu Chuankun. Some cryptographic properties of Boolean functions by concatenation. Acta Electronica Sinica, 2009, 37(4): 884-888. (0)
[22] Zhuo Zepeng. On cross-correlation properties of Boolean functions. International Journal of Computer Mathematics, 2011, 88(10): 2035-2041. (0)
删除或更新信息,请邮件至freekaoyan#163.com(#换成@)
Global Avalanche Characteristics of Boolean Functions by Concatenation
本站小编 哈尔滨工业大学/2019-10-23
相关话题/Global Avalanche Characteristics Boolean Functions
Aging Behavior and Creep Characteristics of CACB
Aging Behavior and Creep Characteristics of CACB Author NameAffiliationYunliang LiSchool of Transportation Science and Engineering, Harbin Institute of Technology, Harbin 150090, ChinaYuze LiuSchool of Transportation Science and Engineering, Harbin Institute of Technology, H ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2020-12-05Experimental Study on Combustion Characteristics of Pulverized Coal under Enriched-oxygen Condition
Experimental Study on Combustion Characteristics of Pulverized Coal under Enriched-oxygen Condition by Entrained Flow Reactor Guo-Wei Liu, Dao-Zhi Qu, Peng Dong, Ru-Shan Bie School of Energy Science and Engineering, Harbin Insti ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2019-10-24A Kind of Edge Detection Algorithm with Edge-Preserving Characteristics
A Kind of Edge Detection Algorithm with Edge-Preserving Characteristics Zheng Dou1, Peng-Yu Shi1,2, Yun Lin1 (1. Institute of Information and Communications Engineering, Harbin Engineering University, Harbin 150001, China; 2 ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2019-10-24Study of Kinetic Characteristics for Drying Rice Husk
Study of Kinetic Characteristics for Drying Rice Husk Xu-Dong Chen, Huai-Bin Wang, Ming Xie (School of Energy Science and Engineering, Harbin Institute of Technology, Harbin 150001, China) ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2019-10-24Mechanical and Microstructural Characteristics of Superplastic Al-4.42Mg Aluminum Alloy
Mechanical and Microstructural Characteristics of Superplastic Al-4.42Mg Aluminum Alloy Sha-Sha Zhao1, Rehan Qayyume1, Hao-Yan Diao1, Chao-Li Ma1, Xiao-Wei Wu2, Yong Wang2 (1.Key Laboratory of Aerospace Advanced Materials and P ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2019-10-24Pyrolysis Characteristics and Kinetics of the Preparation Process of Sludge-Based Activated Carbon b
Pyrolysis Characteristics and Kinetics of the Preparation Process of Sludge-Based Activated Carbon by ZnCl2 Activation Method Xin Li1, Guang-Zhi Wang1, Wei-Guang Li1,2, Ping Wang1 (1.School of Municipal and Environmental Enginee ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2019-10-24Labyrinth seal leakage and dynamics characteristics analysis based on Black Model
Labyrinth seal leakage and dynamics characteristics analysis based on Black Model MA Wen-sheng1,2, CHEN Zhao-bo1, JIAO Ying-hou1, SHEN Na-wei1 1.School of Mechatronics Engineering,Harbin Institute of Technology,Harbin 150001,Chi ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2019-10-24Start-up and contaminants removal characteristics of aerobic granules-membrane bioreactor at low tem
Start-up and contaminants removal characteristics of aerobic granules-membrane bioreactor at low temperature WANG Shuo1, YU Shui-li1,2, SHI Wen-xin1, WANG Yu-lan1, YI Xue-song1 1.State Key Laboratory of Urban Water Resource and ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2019-10-24Heat Transfer and Flow Characteristics Predictions with a Refined k-ε-fu Turbulent Model in Impingin
Heat Transfer and Flow Characteristics Predictions with a Refined k-ε-fu Turbulent Model in Impinging Jet Qinglin Niu1, Biao Chen1,Zhihong He1, Jianfei Tong1,2,Shikui Dong1 (1. Key Laboratory of Aerospace Thermophysics, Ministry ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2019-10-23Submarine Pipeline Lateral Global Buckling and Buckling Failure Critical State Discussion
Submarine Pipeline Lateral Global Buckling and Buckling Failure Critical State Discussion Zhaohui Hong,Run Liu (State Key Laboratory of Hydraulic Engineering Simulation and Safety, Tianjin University, Tianjin 300072, China) ...哈尔滨工业大学科研学术 本站小编 哈尔滨工业大学 2019-10-23