Translations of MATHEMATICAL ONOGRAPHS M Volume 241 Boolean Functions in Coding Theory and Cryptography O. A. Logachev A. A. Salnikov V. V. Yashchenko American Mathematical Society Boolean Functions in Coding Theory and Cryptography 10.1090/mmono/241 Translations of MATHEMATICAL ONOGRAPHS M Volume 241 Boolean Functions in Coding Theory and Cryptography O. A. Logachev A. A. Salnikov V. V. Yashchenko M THE ATI A CA M L ΤΡΗΤΟΣ ΜΗ N ΕΙΣΙΤΩ S A O C C I I American Mathematical Society R E E T ΑΓΕΩΜΕ Y M A Providence, Rhode Island F O 8 U 88 NDED 1 EDITORIAL COMMITTEE AMS Subcommittee Robert D. MacPherson Grigorii A. Margulis James D. Stasheff (Chair) ASL Subcommittee Steffen Lempp (Chair) IMS Subcommittee Mark I. Freidlin (Chair) O. A. Logaqev, A. A. Salnikov, V. V. wenko BULEVY FUNKCII V TEORII KODIROVANI I KRIPTOGRAFII M.: MCNMO, 2004 This work was originally published in Russian by Izdatelstvo MCNMO under the title “Bulevy funkcii v teorii kodirovani i kriptografii” c 2004. The present translation was created under license for the American Mathematical Society and is pub- lished by permission. Translated by Svetla Nikova 2000 Mathematics Subject Classification. Primary 94–02; Secondary 94A60, 94C10. For additional information and updates on this book, visit www.ams.org/bookpages/mmono-241 Library of Congress Cataloging-in-Publication Data Logachev, Oleg A. [Bulevy funktsii v teori kodirovaniia i kriptologii. English] Boolean functions in coding theory and cryptography / O.A. Logachev, A.A. Salnikov, V.V. Yashchenko ; translated by Svetla Nikova. p. cm. — (Translations of mathematical monographs ; v. 241) Includes bibliographical references and index. ISBN 978-0-8218-4680-3 (alk. paper) 1. Coding theory. 2. Cryptography. 3. Algebra, Boolean. I. Salnikov, A. A. (Aleksei Alek- sandrovich) II. IAshchenko, V. V. III. Title. QA268.L6413 2011 003.54—dc23 2011035308 Copying and reprinting. Individual readers of this publication, and nonprofit libraries acting for them, are permitted to make fair use of the material, such as to copy a chapter for use in teaching or research. Permission is granted to quote brief passages from this publication in reviews, provided the customary acknowledgment of the source is given. Republication, systematic copying, or multiple reproduction of any material in this publication is permitted only under license from the American Mathematical Society. Requests for such permission should be addressed to the Acquisitions Department, American Mathematical Society, 201 Charles Street, Providence, Rhode Island 02904-2294 USA. Requests can also be made by e-mail to [email protected]. c 2012 by the American Mathematical Society. All rights reserved. The American Mathematical Society retains all rights except those granted to the United States Government. Printed in the United States of America. ∞ The paper used in this book is acid-free and falls within the guidelines established to ensure permanence and durability. Visit the AMS home page at http://www.ams.org/ 10987654321 171615141312 Contents Foreword vii Preface ix Notation xi Chapter 1. Arithmetics of Finite Fields and Polynomials 1 1.1. Basic Algebra 1 1.2. Construction of finite fields 19 1.3. Polynomials over finite fields 28 Comments to Chapter 1 35 Chapter 2. Boolean Functions 37 2.1. Basic concepts and definitions 37 2.2. Numerical and metric characteristics 44 2.3. Autocorrelation and crosscorrelation 56 2.4. Group algebra of Boolean functions 61 2.5. Cryptographic properties of Boolean functions and mappings 65 2.6. Covering sequences of Boolean functions 74 Comments to Chapter 2 76 Chapter 3. Classifications of Boolean Functions 77 3.1. Group equivalence of mappings. Polya’s theorem 77 3.2. Classification of Boolean functions of five variables 83 3.3. Classification of quadratic Boolean functions 91 3.4. Classification of homogeneous cubic forms of 8 variables 99 3.5. RM-equivalence of Boolean functions 101 Comments to Chapter 3 104 Chapter 4. Linear Codes over the Field F2 107 4.1. Basic properties of linear block codes 107 4.2. The decoding problem 116 4.3. Cyclic codes 120 4.4. Some classes of primitive cyclic codes 131 Comments to Chapter 4 136 Chapter 5. Reed–Muller Codes 139 5.1. General properties of the Reed–Muller codes 139 5.2. Reed’s decoding algorithm 146 5.3. First order Reed–Muller codes and connections with other codes 150 5.4. Reed–Muller codes of second order and related codes 157 v vi CONTENTS 5.5. Classification of Boolean functions and Reed–Muller codes of the 3rd order 160 Comments to Chapter 5 163 Chapter 6. Nonlinearity 165 6.1. Nonlinearity as a measure of cryptographic quality 165 6.2. Maximum-nonlinear bent functions and their properties 166 6.3. Some classes of maximum-nonlinear bent functions 172 6.4. Partially maximum-nonlinear (partially bent) functions and their properties 177 6.5. Plateaued functions and partially defined mn-bent functions 179 6.6. Hyperbent functions 188 6.7. Biorthogonal bases 189 Comments to Chapter 6 192 Chapter 7. Correlation Immunity and Resiliency 195 7.1. Main definitions and properties 195 7.2. The inheritance of properties under restrictions of Boolean functions 208 7.3. General methods for constructing correlation-immune functions and resilient mappings 214 7.4. Nonlinearity of correlation-immune and resilient functions 218 7.5. Construction of resilient Boolean functions with good cryptographic properties 222 7.6. Covering sequences of correlation-immune and resilient functions 226 7.7. Quadratic resilient Boolean functions of maximum order 235 Comments to Chapter 7 237 Chapter 8. Codes, Boolean Mappings, and Their Cryptographic Properties 239 8.1. Almost perfect nonlinear and almost bent mappings 239 8.2. Coding-theoretic approach to the study of APN and AB mappings 249 8.3. Cyclic codes and Boolean mappings 255 8.4. Avalanche criteria and propagation criteria 261 8.5. Construction of Boolean functions satisfying the propagation criterion of degree k and order t 265 8.6. Global avalanche characteristics of Boolean functions 266 Comments to Chapter 8 269 Chapter 9. Basics of Cryptanalysis 271 9.1. The Berlekamp–Massey algorithm. Linear complexity 271 9.2. Principles of the statistical method for cryptanalysis of block ciphers 281 9.3. Principles of the correlation cryptanalysis method 287 9.4. Principles of the linear cryptanalysis method 295 9.5. Principles of the difference (differential) cryptanalysis method 300 Comments to Chapter 9 301 Bibliography 305 Index 329 Foreword For the last 10 years there have been practically no books in Russian which have the word “cryptography” in the title. Nowadays many people already know that cryptography is the science which studies ciphers, and that only cryptography gives the most reliable tools for ensuring the security of information technology. However, there are not many specialists in this area, because in order to fully understand cryptography it is necessary to have knowledge in many scientific branches such as mathematics, physics, communication theory, and cybernetics. Thus, at present, cryptography (the theoretical branch of cryptology) becomes a university science. A detailed discussion of this issue has been held during the two conferences at Moscow State University (MGU): “Moscow University and development of cryptography in Russia” (October 17–18, 2002) and “Mathematics and information technology security” (October 23–24, 3003). Institute for Problems of Information Security, a new division of MGU, pub- lishes a series of fundamental books on scientific and methodological problems of information security, including those parts of cryptology that are already included in the university mathematical curriculum. The book by O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko “Boolean functions in coding theory and cryptology” belongs to this series. It is written by mathematicians-cryptographers for mathematicians and presents in a systematic way certain results in one branch of cryptology: application of Boolean functions in the analysis and design of ciphers. The book is recommended to readers with basic university knowledge, namely students and graduate students in mathematics, research mathematicians, and cryptographers. Rector of MGU, Academician V. A. Sadovnichii February, 2004 vii Preface The notion of Boolean function was introduced in the second half of the 19th century in connection with investigations in mathematical logic and foundations of mathematics. Boolean functions are named after George Boole (1815–1864), an English mathematician, one of the founders of mathematical logic. In the first half of the 20th century Boolean functions attain fundamental importance in the foundations of mathematics. However, for a long time Boolean functions have not been used in applications. This situation changed drastically in the middle of the 20th century, when the intensive development of communication technology, instrument-building, and computer technology required the creation of an adequate mathematical apparatus. In this period, applied parts of mathematics such as the theory of finite functional systems, information theory, coding theory, and finally mathematical cryptography have been developed. The practice showed the fruitfulness of the application of Boolean functions to the problems of analysis and synthesis of discrete devices for processing and transformation of information. The concept of cryptography that has been established in the scientific liter- ature includes a range of scientific areas, each of them having its own subject of investigations