Suffficient conditions of five-valued spectra Boolean functions Samed Bajri´c JOZEFˇ STEFAN INSTITUTE Laboratory for Open Systems and Networks Ljubljana, Slovenia 20th Central European Conference on Cryptology June 24{26, 2020, Zagreb, Croatia Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 1 / 18 Table of Contents Outline Short introduction to Boolean functions 5-valued spectra Boolean functions Infinite families of five-valued spectra Boolean functions Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 2 / 18 Short introduction to Boolean Functions Boolean functions: representation n A Boolean function f in n variables is an F2−valued function on F2 Unique representation of f as a polynomial over F2 in n variables of the form X X f(x1; : : : ; xn) = a0 + aixi + aijxixj + ::: + a12:::nx1x2 : : : xn; 1≤i≤n 1≤i<j≤n where a0; aij; : : : ; a12:::n 2 F2, is called the algebraic normal form (ANF) of f The algebraic degree deg(f) is the degree of the ANF Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 3 / 18 Short introduction to Boolean Functions Boolean functions: representation Unique trace expansion of f defined on F2n as X o(j) j 2n−1 f(x) = T r1 (ajx ) + (1 + x ); aj 2 F2o(j) ; j2Γn where: n T r1 (x) is the absolute trace of x over F2n defined by n 2 22 2n−1 T r1 (x) = x + x + x + ::: + x ; for all x 2 F2n Γn - the set of integers obtained by choosing one element in each cyclotomic coset of 2 modulo 2n − 1 o(j) - the size of the cyclotomic coset of 2 modulo 2n − 1 containing j = wt(f) modulo 2, where wt(f) = #fx 2 F2n : f(x) = 1g Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 4 / 18 Short introduction to Boolean Functions Boolean functions: cryptographic criteria To prevent the system from Massey0s attack by the Berlekamp-Massey algorithm, a Boolean function should have a high algebraic degree To prevent the system from leaking statistical dependence between the input and output, a Boolean function should be balanced To prevent the system from linear attacks and correlation attacks, a Boolean function should be of high nonlinearity To prevent the system from algebraic attack, a Boolean function should have an optimal algebraic immunity Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 5 / 18 Short introduction to Boolean Functions Boolean functions: applications In cryptography: I Ciphers CAST and Grain I Hash function HAVAL In discrete mathematics: I Strongly regular graphs I Reed-Muller and Kerdock codes In mobile networks: I Constant-amplitude codes for Code Division Multiple Access Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 6 / 18 Short introduction to Boolean Functions Boolean functions: Walsh Hadamard transform The most important mathematical tool for the study of cryptographic properties of Boolean functions The Walsh Hadamard transform (WHT) of f is an integer valued n function over F2 defined by X f(x)+x·! n Wf (!) = (−1) ;! 2 F2 n x2F2 where x · ! = x1!1 + x2!2 + ::: + xn!n For the Boolean functions defined on F2n it is defined by X f(x)+T rn(λx) Wf (λ) = (−1) 1 ; λ 2 F2n x2F2n Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 7 / 18 Short introduction to Boolean Functions Boolean functions: Walsh Hadamard transform The nonlinearity of f(x) can be obtained via the Walsh transform as n−1 1 Nf = 2 − max!2 n j Wf (!) j 2 F2 n−1 n −1 The nonlinearity of f(x) is always upper bounded by 2 − 2 2 It can reach this value if and only if n is even, i.e., f is bent n n f(x) is bent if and only if j Wf (!) j= 2 2 , for all ! 2 F2 Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 8 / 18 5-valued spectra Boolean functions 5-valued spectra Boolean functions The multiset fWf (λ): λ 2 F2n g is called the Walsh{Hadamard spectrum of the Boolean function f If the Walsh Hadamard spectrum takes the values in f0; ±2λ1 ; ±2λ2 g, then f is so-called 5-valued spectra Boolean function These functions may satisfy multiple cryptographic criteria Their design might contribute to a better understanding of other related combinatorial structures Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 9 / 18 5-valued spectra Boolean functions Ql n The WHT of f(x) = g(x) + j=1 T r1 (ujx) Lemma n ∗ Let n and l (l < 2 − 1) be the positive integers and uj 2 F2n , where j = 1; : : : ; l: Let g(x) be a Boolean function defined over F2n . Define the Boolean function f(x) by l Y n f(x) = g(x) + T r1 (uj x): (1) j=1 Then, for every a 2 F2n , 1 l−1 W (a) = [(2 − 1)Wg(a) + Wg(a + u1) + Wg(a + u2) + ::: + Wg(a + u ) − f 2l−1 l Wg(a + u1 + u2) − Wg(a + u1 + u3) − ::: − Wg(a + ul−1 + ul) + Wg(a + u1 + u2 + u3) + Wg(a + u1 + u2 + u4) + ::: + Wg(a + ul−2 + ul−1 + ul) − . l−1 +(−1) Wg(a + u1 + ::: + ul−2 + ul−1 + ul)]: Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 10 / 18 5-valued spectra Boolean functions Ql n The WHT of f(x) = g(x) + j=1 T r1 (ujx) Proof. ∗ For i1; i2; : : : ; il−1 2 f0; 1g and uj 2 F2n define the sets n n n n T(i1;i2;:::;il−1) = fx 2 F2 jT r1 (u1x) = i1; T r1 (u2x) = i2; : : : ; T r1 (ul−1x) = il−1g; and denote n X g(x)+T r1 (ax) S(i1;i2;:::;il−1)(a) = (−1) ; x2T (i1;i2;:::;il−1) n X g(x)+T r1 ((a+ul)x) Q(i1;i2;:::;il−1)(a + ul) = (−1) : x2T (i1;i2;:::;il−1) The Walsh Hadamard transform of f(x) can be computed as n X f(x)+T r1 (ax) Wf (a) = (−1) = ::: x2F2n = Wg(a) − S(1;1;:::;1;1)(a) + Q(1;1;:::;1;1)(a + ul): Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 11 / 18 5-valued spectra Boolean functions Ql n The WHT of f(x) = g(x) + j=1 T r1 (ujx) Proof. Note that Wg(a) = S(0;0;:::;0;0)(a) + S(0;0;:::;0;1)(a) + ::: + S(1;1;:::;1;1)(a) Similarly, we get 0 1 0 1 0 1 1 1 1 ::: 1 1 S(0;0;:::;0;0)(a) Wg(a) B1 −1 1 ::: 1 −1C BS(0;0;:::;0;1)(a)C B Wg(a + u1) C B C B C B C B1 1 −1 ::: −1 −1C BS(0;0;:::;1;0)(a)C B Wg(a + u2) C B C · B C = B C : B. C B . C B . C @. ::: . A @ . A @ . A 1 −1 −1 ::: 1 −1 S(1;1;:::;1;1)(a) Wg(a + u1 + ::: + ul−1) The coefficient matrix is a Hadamard matrix of order 2l−1. Since for the T Hadamard matrix holds H · H = n · In, we can easily compute S(1;1;:::;1;1)(a) and get the final result. Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 12 / 18 Infinite families of 5-valued spectra functions 5-valued spectra functions via Niho bent functions Theorem Ql n Let f(x) = g(x) + j=1 T r1 (ujx), where n = 2m is a positive integer, n ∗ m 2m+1 ∗ l < 2 − 1; uj 2 F2n . Let g(x) = T r1 (λx ); λ 2 F2m be the monomial Niho quadratic bent function with the Walsh Hadamard transform given by m m T rm(λ−1a2 +1) Wg(a) = −2 (−1) 1 : If n −1 2m T r1 (λ u1 u2) = 1; and n −1 2m n −1 2m T r1 (λ u1 u3) = ::: = T r1 (λ ul−1ul) = 0; then f is a 5-valued spectra function with the Walsh spectrum f0; ±2m; ±2m+1g. Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 13 / 18 Infinite families of 5-valued spectra functions Example I Let n = 8 so that m = 4, and F28 be generated by the primitive 8 4 3 2 polynomial x + x + x + x + 1 and α be a primitive element of F28 . 2 10 5 24 Take λ = 1; u1 = α ; u2 = α ; u3 = α ; u4 = α . Then, 8 2 16 10 8 2 16 5 8 2 16 24 T r1((α ) α ) = 1; T r1((α ) α ) = T r1((α ) α ) = 0; 8 10 16 5 8 10 16 24 8 5 16 24 T r1((α ) α ) = T r1((α ) α ) = T r1((α ) α ) = 0: The function 4 17 8 2 8 10 8 5 8 24 f(x) = T r1(x ) + T r1(α x)T r1(α x)T r1(α x)T r1(α x); is 5-valued with the Walsh spectrum f0; ±24; ±25g. Samed Bajri´c (JSI) Sufficient conditions of 5-valued spectra BF CECC 2020 14 / 18 Infinite families of 5-valued spectra functions 5-valued spectra functions via Gold-like monomial functions Theorem Ql n Let f(x) = g(x) + j=1 T r1 (ujx), where n = 2m is a positive integer, n ∗ 4m 2m+1 l < 2 − 1; uj 2 F2n .