2016 International Conference on Information Engineering and Communications Technology (IECT 2016) ISBN: 978-1-60595-375-5
On Higher-order Correlation Immunity and Higher Nonlinearity for a Class of Boolean Functions
Jinglian Huanga,*, Zhuo Wangb, Chunling Zhangc School of Electrical Engineering, Northwest University for Nationalities, Lanzhou, China [email protected], [email protected], [email protected]
Keywords: Boolean functions, propagation, higher-order correlation immunity, higher nonlinearity, algebraic immunity, annihilator.
Abstract. In this paper, we study the higher-order correlation immunity and the higher nonlinearity of Boolean functions, which is constructed by dividing the set of n-variable independent into two parts. With the propagation of a Boolean function, we construct a class of Boolean functions with 1-order algebraic immunity and higher-order correlation immunity, and reveal the relationship between the correlation immunity and 1-degree annihilator of Boolean functions. Meanwhile, with the lowest algebraic degree annihilator of Boolean functions, we also derive the invariance of the nonlinearity of Boolean functions with higher correlation immunity, and prove the existence of a class of a Boolean function with higher nonlinearity.
1. Introduction The properties of Boolean functions, such as the nature linear complexity, the nonlinearity, the proliferation, correlation immunity, algebraic immunity and so on, are necessary properties to resist a variety of cryptography password attacks [1~6]. Looking for Boolean functions with a variety of high index cryptographic properties of Boolean functions are cryptographic properties of the important research work task. The high nonlinearity of Boolean functions is important properties of affine cryptosystem resist attack. High nonlinearity of Boolean functions of existence and other issues are also important work [7~9]. The correlation immunity of Boolean functions is a necessary property of cryptographic system to resist related attacks. The higher the order of Boolean functions’ correlation immunity is, the stronger the ability of cryptosystems to resist the attacks. But except against the related attacks, the password system also needs to resist the linear attack, differential attack, algebraic attack and other attacks [1]. Except correlation immunity, Boolean functions also have a variety of other good cryptographic properties such as nonlinearity, diffusion, linear complexity, algebraic immunity [2~5] and so on. There tend to have mutual conditionality between these cryptographic properties, for example, between correlation immunity and algebraic there is a mutual restriction relation. Correlation immune order increased, linear complexity will be reduced. Therefore, the study of the relevant immunity is complex, we can not only consider improving the correlation immunity order, and a wide range of in-depth study should be done [1~5]. Regulative relationship exists among some of the various cryptographic properties of Boolean functions. For example, the relationship between the order of correlation immunity and the algebraic is a relationship of mutual restricting, and the sum of both is no more than element number. Some cryptographic properties, such as diffusion and nonlinearity, both belong to the nonlinear properties functions should have to against linear attack. Thus, some properties of Boolean functions must be intrinsically linked with each other. In this paper, we will use the Boolean functions, which are constructed by dividing the set of n-variable independent into two parts, to study the relationship between correlation immunity order and diffusion of Boolean functions, and the relationship between
correlation immunity order and annihilator of the lowest algebraic degree. And Boolean functions with higher-order correlation immunity are also tried to be found on the base of the relationship. Using 1-degree annihilator of Boolean functions to solve the nonlinearity of functions, and studying the relationship between correlation immunity order and nonlinearity of Boolean functions are our purposes, too.
2. Preliminaries
Definition 1: For any arbitrary i (0,0, ,0,1,0, ,0) (1in ) , If GF (2)n fx() fxx (12 , , , xn ) GF (2) holds: n1 wfxti(( ) fx ())2 . (1)
In (1), i stands for n-dimensional Boolean vectors, which the i-th component is 1 and other components are 0. Then f ()x was called an H Boolean function. An H Boolean function is a Boolean function with propagation of degree 1. n Definition 2: For any arbitrary ((,,,)12 ntGF (2),1()) w m , GF (2)n fx() fxx (12 , , , xn ) GF (2) holds: n1 wfxt (() x ) 2 . (2)
In (2), x 11xx 2 2 nn xis a linear function. In this situation, Boolean functions f ()x was called a m-order correlation immune function. m Or for any arbitrary 1 ii12 im nand (,aa12 , , am ) GF (2) , there exists wfxx(() ax , a , , x a ) 2m wfx (()).Then f ()x is a Boolean function with correlation tii1212 imtm immunity order m. m was called order and CI is short for the correlation immunity. Besides, the correlation immunity of order m and the order of correlation immunity are both written as CI() m . Definition 3: The derivative (partial derivative) of n-dimensional Boolean functions GF (2)n fx() fxx (12 , , , xn ) GF (2) for r variables xii12,,,xx ir is defined as
fx()/( xii12 , x , , x ir )
f (,xx12 , , xii 1 , x 2 , , x irn , , x ) fxx (, 12 , ,1 x i 1 ,1 x i 2 , ,1 x irn , , x ). (3)
(1in ,1 i12 i ir n ,1 rn )
If r 1, (3) turns into the derivative of f ()xfxxx (12 , , ,n ) for a single variable, which is denoted by df()/ x dxi (1,2,,)in . As a result, the simplified form below can be easily derived.
dfx()/ dxiiiniin fxx (,,,12 x 1 ,1,,,) x 1 x fxx (,,, 12 x 1 ,0,,,) x 1 x (1,2,,)in . n n1 Definition 4: Let Boolean vectors α satisfying GF(2) and 0 . If wfxt (() fx ( ))2 , it denotes f ()x satisfies propagation criterion, which denoted by pc , for α. f ()x were called pc functions.
Moreover, for any arbitrary (1wkt ( ) ) , f ()x satisfies propagation criterion, it shows f ()x satisfies k -degree propagation criterion,which denoted by pc() k . f ()x were called pc() k functions. In addition, 1st-degree propagation criterion is equivalent to strict avalanche criterion. GF (2)n Definition 5: For fx() GF (2) , Nwfxlxftmin ( () ())is defined as the nonlinearity of f ()x . lx() Ln [] x GF (2)n GF (2)n Definition 6: For fx() GF (2) , if gx1 () GF (2) make gxfx1 () () 0, it indicates g1 ()x are GF (2)n annihilators of f ()x . If gx2 () GF (2) let gx2 ()(1 fx ())0, it shows g2 ()x are annihilators of1() f x . The algebraic degree of the annihilators of the lowest algebraic degree in all nonzero annihilators of f ()x and1() f x are called algebraic immunity order which is written as AIfx(())or AIf(). 3. The higher correlation immunity order and nonlinearity of H Boolean functions which can be 2-decomposed Linking the correlation immunity, nonlinearity, 1-degree annihilator of Boolean functions together, it is possible to find out whether constraints exist between correlation immunity order and nonlinearity, which kind of functions contains higher-order correlation immunity functions, and so on. The high-order correlation immunity, nonlinearity and 1-degree annihilator of H Boolean functions f ()x , which can be decomposed into the product of two functions, can be linked together. So we will discuss H Boolean functions, which can be 2-decomposed into the product of two functions, and its correlation immunity, algebraic immunity and nonlinearity. Theorem 1 shows the features of Ry()and Sz()when H Boolean function f ()x is decomposed into a product of two functions, that is f ()xRySz ()(). Theorem 1: Suppose Boolean function f ()x can be decomposed into the product of two functions, namely f ()xRySz ()()( yzxxx 12,,,n , yz ). Then the necessary and sufficient condition of f ()x are H Boolean functions is: degRy ( ) deg Sz ( ) 1. Theorem 1 will not be proved in detail. In Theorem 2, we discuss the correlation immunity of H Boolean function f ()x ( f ()xRySz ()()). The collection of all n-variable H Boolean functions f ()xRySz ()()is denoted by Fyz[,]. n Theorem 2: For f ()xRySzFyz ()() [,], if there are maxCI ( f ( x ))2 1 . fx() Fyz , Proof: For linear functionx , there are
wtttt(() f x x ) w (()()) RySz w ( x ) 2 w ( xRySz ()()). It is known from Theorem 1, degRy ( ) deg Sz ( ) 1. So whenx Ry()orx Sz(), n2 wfxttt(() x ) w ( x ) wRySz (()())2 .
Then f ()x are not correlation immune functions with order wt () . nn21 nn 31 When wyzt () min( , )1, there have wfxt (() x ) 2 2 22 2 . f ()x are correlation immune functions with order min(yz , ) 1.
n n While max min(yz , ) 2 . Therefore, maxCI ( f ( x ))2 1 . fx() Fyz , The proof ends. Theorem 2 reveals that the correlation immune order of H Boolean functions f ()xRySz ()()links with Ry()and Sz(). Similarly, the annihilator of the lowest algebraic degree of f ()x can also be determined by Ry()and Sz(). It comes to Theorem 3. Theorem 3: H Boolean functions f ()xRySzFyz ()() [,], then 1() R y and1() Szare two annihilators of the lowest algebraic degree of f ()x , AI(())1 f x . Proof: For f ()xRySz ()() , there are (1Ry ( )) f ( x ) 0 , (1Sz ( )) f ( x ) 0 , and deg(1Ry ( )) deg(1 Sz ( )) 1. So1() R y and1() Sz are two annihilators of the lowest algebraic degree of f ()x , and AI(())1 f x . The proof ends. From the discussion on the correlation immunity of f ()xRySz ()()in Theorem 2, we can see, the relationship of f ()x and the linear functionsx is strange: Anyx Lxn[],except x Ry()andx Sz(), n1 satisfies wfxt (() x ) 2 .Therefore, as long as taking lx0 () Ry ()and lx0 () Sz (), there will be n2 minwfxtt ( () lx ()) wfx ( () lx0 ())2 . lx() Ln [] x
So there is the following Theorem 4. Theorem 4: For H Boolean function f ()xRySzFyz ()() [,], there are n2 Nwfxlxwfxlxftmin ( () ()) ti ( ()0 ())2 ( i 1, 2 ). lx() Ln [] x and lx01 () Ry (), lx02 () Sz (). Theorem 4 won’t be proved in detail. From Theorem 1 to 4, for H Boolean functions which can be decomposed into the product of two functions, its diffusion, correlation immunity order, algebraic immunity order and nonlinearity can all be linked to 1-degree functions. Therefore, take advantage of the above-mentioned characteristics, we can get higher nonlinearity functions. The following we will discuss the existence of a class of Boolean functions with higher nonlinearity.
4. The existence of a class of H Boolean function with higher nonlinear Similarly with Theorem 3 and Theorem 4, Theorem 5 will detect higher nonlinear functions with the relationship between the annihilator of the lowest algebraic degree and 1-degree functions. f ()xFfyfz ( (),()) yxxx ,,, Theorem 5: If 12 , n is an even number, 12 n , 2
yzxxx 12,,,n and yz . For all zzi , there are df()/ x dzi A () y nn ( zxiii,1,2,,22 n). When A()yxxx 12 n , 2 n n n1 2 1 1) If df()/ x dyii S () z dA ()/ y dy ( yxiii,1,2,, 2 ), then N f 22;
n n 2 1 2) If df()/ x dyii 1 S () z dA ()/ y dy ( yxiii,1,2,, 2 ), then N f 2 . Proof: nn 1) Since df()/ x dzi A () y ( zxiii,1,2,,22 n), so
Sz() xnn x xn . 2212 n And df()/ x dyii S () z dA ()/ y dy ( yxiii,1,2,, 2 ), therefore, f ()xSzAy () ().
Also (1Sz ( )) f ( x ) 0 , degSz ( ) 1, and A()yxxx 12 n , so 2 n n1 2 1 Nft w(() Sz SzAy ()()) w t (()) Sz w t (()())2 SzAy 2 . n 2) If df()/ x dyii 1 S () z dA ()/ y dy ( yxiii,1,2,, 2 ), then
f ()xRySzAy () ()(), and Ry() x12 x xn . 2 Therefore n 2 1 NwRyfxwSzAyft(() ()) t (()())2 . The proof ends. In Theorem 5, we got a class of Boolean functions with higher nonlinearity, whose nonlinearity is the same as the nonlinearity of Bent functions. These result reveals that there exists various types of Boolean functions with higher nonlinearity.
5. Conclusions Using Boolean functions which are constructed by dividing the set of n-variable independent into two parts, we can obtain higher-order correlation immune H Boolean functions and high nonlinearity Boolean functions. These functions are derived by the fact, that their diffusion, correlation immunity, the annihilator of the lowest algebraic degree of 1-order, the algebraic immunity are all related to the 1-degree functions. Making it easier to get the hard-obtained higher-order correlation immune Boolean functions and higher nonlinearity Boolean functions. Therefore, we can consider taking advantage of this correlation to construct Boolean functions with higher correlation immunity order, higher algebraic immunity and higher nonlinearity at the same time.
Acknowledgement This work is supported by National Natural Science Foundation of China (Grant No. 61262085).
References [1] Q. Wen, X. Niu, Y. Yang. The Boolean Functions in modern cryptology. Beijing: Science Press(2000). [2] N. Courtois, W. Meier. Algebraic attacks on stream ciphers with linear feedback. Advances in Cryptology-EUROCRYPT 2003, Warsaw, Poland, 2003, LNCS, 2656: 345-359. [3] Li, C., Zhang, H., Zeng, X, et al. The lower bound on the second-order nonlinearity for a class of Bent functions. Chinese Journal of Computers, 2012, 35(8): 1588-1593. (In Chinese) [4] Su S.H., Tang X.H. Construction of rotation symmetric Boolean functions with optimal algebraic immunity and high nonlinearity. Designs, Codes and Cryptography, 2014, 71(2): 183–199. [5] J. Peng, Q. Wu, H. Kan. On symmetric Boolean functions with high algebraic immunity on even number of variables. IEEE Transactions on Information Theory, 2011, 57, (10), pp. 7205-7220. [6] J. Huang, Z. Wang. The relationship between correlation immune and weight of H Boolean functions. Journal on Communications, Vol. 33(2): 110-118(2012). (In Chinese) [7] Li, C., Zhang, H., Zeng, X, et al. The lower bound on the second-order nonlinearity for a class of Bent functions. Chinese Journal of Computers, 35(8): 1588-1593(2012). [8] Su S.H., Tang X.H. Construction of rotation symmetric Boolean functions with optimal algebraic immunity and high nonlinearity. Designs, Codes and Cryptography, 71(2): 183–199(2014). [9] Sarkar S., Gangopadhyay S. On the second order nonlinearity of a cubic Maiorana-McFarland Bent Functions. International Journal of Foundations of Computer Science, 21(3): 243-254(2010).