bfc a 2006
TRANSCRIPT
-
8/2/2019 Bfc a 2006
1/22
AUTOCORRELATION SPECTRA OF
BALANCED BOOLEAN FUNCTIONS ON AN
ODD NUMBER OF INPUT VARIABLES WITH
MAXIMUM ABSOLUTE VALUE < 2(n+1)
2
Seluk Kavut
1, Subhamoy Maitra2 and Melek D. Ycel11Department of Electrical and Electronics Engineering
Middle East Technical University, Ankara, Trkiye
{kavut, melekdy}@metu.edu.tr
2Applied Statistics Unit, Indian Statistical Institute
203 B T Road, Kolkata 700 108, India
-
8/2/2019 Bfc a 2006
2/22
Outline
Introduction Preliminary Definitions and Rotation
Symmetric Boolean Functions (RSBFs)
Basic Search Algorithm, Cost Function
and Time Consumption of the Algorithm
Best Achieved Results
Conclusions
-
8/2/2019 Bfc a 2006
3/22
Introduction-1
In the National Cryptology Conference of Trkiye (2005),
we introduced a stepest-descent like search algorithm
for the design of cryptographically strong Boolean functions.
In this study, we modify our search algorithm and apply it toRotation Symmetric Boolean Functions (RSBFs).
We obtain some cryptographically strong functions for input
variable lengths 9 and 11, which have the minimum absolute
indicators in the literature (i.e., the maximum absolute value of
the autocorrelation spectrum).
-
8/2/2019 Bfc a 2006
4/22
Introduction-2
It has been conjectured (by Zhang & Zheng) that for any
balanced function on an odd number of input variables n,
absolute indicator 2
(n+1)
(32 forn = 9, and 64 forn = 11).2
The conjecture has been disproved forn = 15, and n = 21 (by
Maitra, Sarkar, Gangopadhyay & Keskar) modifying the
Patterson-Wiedemann type functions.
So far there is no evidence of such functions for odd n < 15,
which we present in this study.
-
8/2/2019 Bfc a 2006
5/22
Outline
Introduction Preliminary Definitions and Rotation
Symmetric Boolean Functions (RSBFs)
Basic Search Algorithm, Cost Function
and Time Consumption of the Algorithm
Best Achieved Results
Conclusions
-
8/2/2019 Bfc a 2006
6/22
Preliminary Definitions - 1
Algebraic Normal Form (ANF):
f(x) = a0a1x1 ... anxna12x1x2a13x1x3 ... a12...nx1x2 ... xn
Affine Boolean functions are of degree at most 1.
f(x) = w1x
1 w
2x
2 ... wnxn c = wxc (1)
Walsh Hadamard Transform:
F(w) = (1)f(x)(1)wx (2)xF2n
Nonlinearity:
NLf = ( 2n max |F(w)| ) / 2 (3)
wF2
n
-
8/2/2019 Bfc a 2006
7/22
Preliminary Definitions - 2
Autocorrelation andAbsolute Indicator:
rf(d) = (1)f(x)(1)f(xd) , f= max
| rf(d) | (4)xF
2n d0F
2n
Sum of Squares Indicator:
SSIf = rf(d)
2 (5)
dF2n
Sum of Squared Differences from Bent Spectra:d0 | rf(d) |
2 = 2nw | F(w)22n | 2 (6)
-
8/2/2019 Bfc a 2006
8/22
The above equation is obtained by using the Parsevals
relation on the autocorrelation difference from that of abent function,
e(d) = rf(d) rbent(d). Then the Walsh transform of e(d) is
E(w) = F(w)2
2n
Using the Parsevals relation
d0
e(d)2 = 2nwE(w)2 , one obtains
d0 | rf(d) |2 = 2nw | F(w)
22n | 2.
-
8/2/2019 Bfc a 2006
9/22
As well as the bias of the probability expression
P{f(x) = wx}= (1/2)+(F(w)/2n+1)
the bias term in the expression
P{f(x) =f(x d)}= (1/2)+(rf(d)/2n+1 )
also needs to be minimized.
So, the absolute indicator
f= max
| rf(d) |d0F
2n
is an important parameterfor Boolean functions,
which should be kept as small as possible.
-
8/2/2019 Bfc a 2006
10/22
-
8/2/2019 Bfc a 2006
11/22
Example: RSBF Orbits for n=5
All cyclically rotated input vectors are mapped to the same value
in the truth table. As an example, for a 5 variable functionf:
f(00001) =f(10000) =f(01000) =f(00100) =f(00010) orbit #1
f(10001) =f(11000) =f(01100) =f(00110) =f(00011) orbit #2
f(10011) =f(11001) =f(11100) =f(01110) =f(00111) orbit #3
f(10111) =f(11011) =f(11101) =f(11110) =f(01111) orbit #4
f(10010) =f(01001) =f(10100) =f(01010) =f(00101) orbit #5
f(10110) =f(01011) =f(10101) =f(11010) =f(01101) orbit #6f(00000) orbit #7
f(11111) orbit #8
Therefore, for n = 5, there are 28
RSBFs among 2
32
functions.
-
8/2/2019 Bfc a 2006
12/22
Outline
Introduction Preliminary Definitions and Rotation
Symmetric Boolean Functions (RSBFs)
Basic Search Algorithm, Cost Function
and Time Consumption of the Algorithm
Best Achieved Results
Conclusions
-
8/2/2019 Bfc a 2006
13/22
Search Strategy-1
The strategy uses a steepest-descent like iterativealgorithm.
At ach iteration step, the cost function
Cost = 2nw | F(w)22n | 2 = d0 | rf(d) |
2
is calculated within a pre-defined neighborhood.
In some rare cases, the cost value does not
decrease during the iteration; which provides the
ability of the algorithm to escape from local minima.
-
8/2/2019 Bfc a 2006
14/22
Search Strategy-2
The neighborhood is obtained by swapping truth table entries
corresponding to possible pairs of equal-size orbits havingdissimilar values.
For instance, 9 variable RSBFs contain
2 orbits of size 1 (all zero and all 1),2 orbits of size 3 [represented by (001001001) & (110110110)],
and 56 orbits of size 9.
Therefore, half of the truth table consists of 28 orbits of size 9,
one orbit of size 3, and one orbit of size 1 (256 bits = 28x9+3+1).
In order to constitute the neighborhood, two dissimilar-valued
orbits of either size 9, or size 3, or size 1 are swapped.
-
8/2/2019 Bfc a 2006
15/22
Swapped Orbit Sizes Neighborhood
1 1 2
3 3 6
1 and 3 1 and 3 8
9 9 18
1 and 9 1 and 9 20
3 and 9 3 and 9 24
1, 3 and 9 1, 3 and 9 26
Used Neighborhoods forn=9
-
8/2/2019 Bfc a 2006
16/22
Basic Algorithm
1.f=finitial
2.dok
= 1:N{
3. do i= 1:M{
4. Swap equal-size orbits off
5. SETf[ i] =fswapped6. COST[ i] = costswapped
7. }
8. Find costmin (= min. costswapped in COST) and respectivefmin in SET
9. while (fmin is already in STORE){
10. Remove costmin from COST andfmin from SET
11. Find costmin in COST and respectivefmin in SET12. }
13. STORE[ k] =fmin
14. f=fmin
15. }
To preserve
balancedness
-
8/2/2019 Bfc a 2006
17/22
Time Consumption of the Algorithm
N = 40,000 for n = 9, and N = 100,000 for n = 11.
Average search time for one run on a computer with
Pentium IV 2.8 GHz processor and 248 MB RAM is:
27 minutes for n = 9,
and 29.5 hours for n = 11.
For n = 9, there were 9 successes in 25 runs, and
for n = 11, there were 2 successes within 50 runs.
-
8/2/2019 Bfc a 2006
18/22
Outline
Introduction Preliminary Definitions and Rotation
Symmetric Boolean Functions (RSBFs)
Basic Search Algorithm, Cost Function
and Time Consumption of the Algorithm
Best Achieved Results
Conclusions
-
8/2/2019 Bfc a 2006
19/22
Comparison with Some References
(number of variables, resiliency, degree, nonlinearity, absolute indicator)
Johansson and
Pasalic(9, 1, 4, 240, ), (11, 1, 5, 992, )
Maximov et. al. (11, 1, 6, 992, 240)
Maitra (9, , , 240, 32), (11, , , 992, 64)
Clark et. al. (9, 1, 7, 236, 40), (11, 1, 9, 984, 96)
Ours(9, 1, 7, 240, 24), (11, 1, 8, 992, 64)
(9, 0, 7, 240, 24)*, (11, 0, 10, 988, 56)*
(*) Table elements marked by * have the additional propertyof PC(1).
-
8/2/2019 Bfc a 2006
20/22
Comparison of Some 1-Resilient Functions
Presented Yesterday & Today at BFCA06(number of variables, resiliency, degree, nonlinearity, absolute indicator)
Some
Known
Functions
(8, 1, 6, 116, 24) (9, 1, 7, 240, ) (10, 1, 8, 488, )
Open (8, , , 118, ) (9, , , 242, ) (10, 1, 8, 492, )
Yesterday
(Annas) (9, 1, , 240, ) (10, 1, , 480, )
Today
(Ours)(8, 1, 6, 116,16) (9, 1, 7, 240,24) (10, 1, 8, 488,32)
-
8/2/2019 Bfc a 2006
21/22
Conclusions
We have exploited a properly modified steepest-descent
based iterative heuristic search in RSBFs.
For the first time, we could attain balanced Booleanfunctions on 9, 11 variables with absolute indicator
< 2
(n+1)
.2
We expect to come up with still more interesting
results for n = 13.
-
8/2/2019 Bfc a 2006
22/22