Analysis of Affine Equivalent Boolean Functions for Cryptography by Joanne Elizabeth Fuller Bachelor of Applied Science (Mathematics), 1998 Bachelor of Information Technology (Honours), 1999 Thesis submitted in accordance with the regulation for Degree of Doctor of Philosophy Information Security Research Centre Faculty of Information Technology Queensland University of Technology December, 2003 i ii Keywords Boolean functions, affine transformation, equivalence class, local connectivity, nonlinearity, algebraic order, autocorrelation, S-boxes, Advanced Encryption Standard iii iv Abstract Boolean functions are an important area of study for cryptography These functions, consisting merely of one’s and zero’s, are the heart of numerous cryptographic systems and their ability to provide secure communication Boolean functions have application in a variety of such systems, including block ciphers, stream ciphers and hash functions The continued study of Boolean functions for cryptography is therefore fundamental to the provision of secure communication in the future This thesis presents an investigation into the analysis of Boolean functions and in particular, analysis of affine transformations with respect to both the design and application of Boolean functions for cryptography Past research has often been limited by the difficulties arising from the magnitude of the search space The research presented in this thesis will be shown to provide an important step towards overcoming such restrictions and hence forms the basis for a new analysis methodology The new perspective allows a reduced view of the Boolean space in which all Boolean functions are grouped into connected equivalence classes so that only one function from each class need be established This approach is a significant development in Boolean function research with many applications, including class distinguishing, class structures, self mapping analysis and finite field based s-box analysis The thesis will begin with a brief overview of Boolean function theory; including an introduction to the main theme of the research, namely the affine transformation This will be followed by the presentation of a fundamental new theorem describing the connectivity that exists between equivalence classes The theorem of connectivity will form the foundation for the remainder of the research presented in this thesis A discussion of efficient algorithms for the manipulation of Boolean functions will then be presented The ability of Boolean function research to achieve new levels of analysis and understanding is centered on the availability of computer based programs that can perform various manipulations The development and optimisation of efficient algorithms specifically for execution on a computer will be shown to have a considerable advantage compared to those constructed using a more traditional approach to algorithm optimisation The theorem of connectivity will be shown to be fundamental in the provision of v many avenues of new analysis and application These applications include the first non-exhaustive test for determining equivalent Boolean functions, a visual representation of the connected equivalence class structure to aid in the understanding of the Boolean space and a self mapping constant that enables enumeration of the functions in each equivalence class A detailed survey of the classes with six inputs is also presented, providing valuable insight into their range and structure This theme is then continued in the application Boolean function construction Two important new methodologies are presented; the first to yield bent functions and the second to yield the best currently known balanced functions of eight inputs with respect to nonlinearity The implementation of these constructions is extremely efficient The first construction yields bent functions of a variety of algebraic order and inputs sizes The second construction provides better results than previously proposed heuristic techniques Each construction is then analysed with respect to its ability to produce functions from a variety of equivalence classes Finally, in a further application of affine equivalence analysis, the impact to both s-box design and construction will be considered The effect of linear redundancy in finite field based s-boxes will be examined and in particular it will be shown that the AES s-box possesses complete linear redundancy The effect of such analysis will be discussed and an alternative construction to s-box design that ensures removal of all linear redundancy will be presented in addition to the best known example of such an s-box vi Contents Certificate Recommending Acceptance i Keywords iii Abstract v List of Figures xi List of Tables xiii Declaration xvii Published Papers xix Introduction 1.1 Aims and Outcomes of Thesis 1.2 Overview of Thesis Preliminaries 2.1 Representation 2.1.1 Truth Tables 2.1.2 Algebraic Normal Form The Walsh-Hadamard Transform 10 2.2.1 Nonlinearity 12 2.2.2 Correlation Immunity and Resilience 12 2.2.3 Subfunction Hamming Weight 14 Autocorrelation 16 2.3.1 The Propagation Criteria 18 2.4 Bent Functions 19 2.5 Affine Transformations 20 2.2 2.3 vii 2.6 2.5.1 Equivalence Classes 20 2.5.2 Invariance Analysis 22 2.5.3 Local Connectivity 22 Conclusion 25 Tools for Efficient Boolean Function Analysis 3.1 27 General Optimisation Issues 28 3.1.1 Algorithm Development 28 3.1.2 Operation Minimisation 29 3.1.3 ModularProgramming 30 Implementation Issues 31 3.2.1 Boolean Function Structures 31 3.2.2 The Algebraic Normal Form 32 3.2.3 The Walsh-Hadamard Transform 34 3.2.4 The Autocorrelation Function 36 3.3 A Survey of Boolean Functions of Five Inputs 37 3.4 Conclusion 37 3.2 Analysis of Affine Equivalent Boolean Functions 4.1 4.2 4.3 4.4 4.5 39 Distinguishing Affine Equivalence Classes 40 4.1.1 Basic Class Distinguishing Properties 40 4.1.2 m-step Analysis 42 4.1.3 Identifying the Affine Transform 43 4.1.4 Experimental Analysis 45 Equivalence Class Structures 45 4.2.1 Exploration of the Class Structure 46 4.2.2 A Visual Representation 47 4.2.3 Bent Function Analysis 52 Self Mappings 55 4.3.1 Self Mapping Analysis 58 4.3.2 Counting Boolean Functions 59 A Survey of Boolean Functions of Six Inputs 60 4.4.1 Local and Global Maxima 60 4.4.2 Highly Nonlinear and Balanced Boolean Functions 61 4.4.3 Correlation Immune Boolean Functions 62 Conclusion 63 viii Appendix J Power Mapping Classes Appendix J provides a listing of the specific polynomials and powers corresponding to each possible equivalence class for s-boxes generated using power mappings Table J.1: × Finite Field Power Mappings # (nl,ord,acmax) powers for each valid MOD 0,1,256 0x3,0x7,0xF,0x1F,0x3F,0x7F,0xFF 80,4,112 0x2A,0x55,0x58,0x64,0x94,0xAB,0xB1,0xC9 96,3,64 0x6,0xD,0x1B,0x24,0x28,0x37,0x48,0x49, 0x51,0x6F,0x82,0x91,0x93,0xA3,0xC0,0xDF 96,3,64 0xA,0xC,0x15,0x19,0x2B,0x33,0x42,0x57, 0x60,0x67,0x84,0x85,0xA0,0xAF,0xC1,0xCF 96,4,64 0x16,0x2D,0x5B,0x70,0x8A,0xB7,0xC4,0xE1 96,4,64 0x34,0x4C,0x52,0x69,0x99,0xA5,0xA8,0xD3 96,4,96 0x1C,0x39,0x46,0x73,0x8D,0xA2,0xD0,0xE7 96,5,64 0x3A,0x66,0x75,0x9C,0xB2,0xCD,0xD8,0xEB 96,5,96 0x3C,0x4E,0x79,0x9D,0xA6,0xD2,0xE8,0xF3 10 104,3,128 0x12,0x25,0x30,0x4B,0x61,0x88,0x97,0xC3 11 104,5,56 0x2E,0x5D,0x78,0x96,0xBB,0xCA,0xE4,0xF1 12 112,5,48 0x5A,0x6A,0x6C,0xAC,0xB4,0xB5,0xD5,0xD9 13 112,5,56 0x1E,0x3D,0x7B,0x8E,0xC6,0xE2,0xF0,0xF7 14 112,7,32 0x7E,0xBE,0xDE,0xEE,0xF6,0xFA,0xFC,0xFD 151 152 Appendix K Replacement S-boxes The following s-box was generated from the two-step tweak algorithm It has nonlinearity 106, algebraic order 7, contains no fixed points and no linear redundancy The sbox has a DDT of The distribution of properties over all 255 XOR combinations of the sbox output functions is as follows Table K.1: Frequency Distribution of Sbox Properties nonlinearity frequency maximum autocorrelation frequency 106 32 108 76 40 93 110 147 48 134 112 24 56 27 SBox[256]={ 63,7C,77,DD,F2,6B,6F,C5,30,01,67,2B,FE,D7,AB,76, CA,82,C9,7D,FA,59,47,F0,AD,D4,A2,AF,9C,A4,72,C0, B7,FD,93,26,36,3F,F7,CC,34,A5,E5,F1,71,D8,31,17, 04,C7,23,C3,18,96,05,9A,07,12,80,E2,EB,27,B2,75, 09,83,2C,1A,1B,6E,10,A0,52,3B,D6,B3,29,74,2F,84, 53,D1,00,ED,20,FC,B1,5B,6A,CB,BE,39,4A,4C,58,CF, D0,EF,AA,FB,43,4D,56,85,45,F9,02,7F,50,3C,9F,A8, 51,A3,40,8F,92,9D,38,F5,BC,B6,DA,21,15,FF,F3,D2, CD,0C,13,EC,5F,97,44,5A,C4,A7,7E,3D,64,5D,19,73, 60,81,4F,DC,22,2A,90,88,46,EE,B8,14,DE,5E,0B,DB, E0,32,3A,0A,49,06,24,5C,C2,D3,AC,62,91,95,E4,79, E7,C8,16,6D,8D,D5,4E,A9,6C,33,F4,EA,65,7A,AE,08, BA,78,25,2E,1C,A6,B4,C6,E8,7B,E3,1F,4B,BD,8B,8A, 70,3E,B5,66,48,03,F6,0E,61,35,57,B9,86,C1,1D,9E, E1,F8,98,11,69,D9,8E,94,9B,1E,87,E9,CE,55,28,DF, 8C,A1,89,0D,BF,E6,42,68,41,99,2D,0F,B0,54,BB,37 } 153 The following s-box was generated from the four-step tweak algorithm It has nonlinearity 108, algebraic order 7, contains no fixed points and no linear redundancy The s-box is also a self inverse The distribution of properties over all 255 bα are as follows Table K.2: Distribution of S-box Properties nonlinearity frequency maximum autocorrelation frequency 108 78 32 110 146 40 104 112 30 48 125 56 18 SBox[256]={ 01,00,BD,D6,E3,9B,6B,7E,CC,2A,F0,64,88,63,3F,A0, 66,60,15,79,78,12,32,21,44,2C,8C,CF,A2,F5,50,39, 33,17,30,68,B7,43,81,53,3C,7B,09,CD,19,45,AD,D1, 22,69,16,20,46,FE,84,57,51,1F,C7,BA,28,7A,A1,0E, A4,D3,B6,25,18,2D,34,FF,E6,FA,9C,EC,FD,BF,94,71, 1E,38,80,27,B9,C9,DB,37,B1,E4,9F,DA,DC,76,D5,83, 11,67,89,0D,0B,F1,10,61,23,31,7F,06,6D,6C,96,E8, 95,4F,B2,90,DE,EE,5D,EA,14,13,3D,29,ED,92,07,6A, 52,26,D4,5F,36,9E,AF,A7,0C,62,AB,D8,1A,CE,C2,99, 73,B3,7D,EB,4E,70,6E,E9,C3,8F,E2,05,4A,DD,85,5A, 0F,3E,1C,F4,40,D2,AE,87,E1,F6,D9,8A,D0,2E,A6,86, E5,58,72,91,F2,C0,42,24,C8,54,3B,C6,D7,02,FC,4D, B5,F3,8E,98,F9,CA,BB,3A,B8,55,C5,F8,08,2B,8D,1B, AC,2F,A5,41,82,5E,03,BC,8B,AA,5B,56,5C,9D,74,EF, F7,A8,9A,04,59,B0,48,FB,6F,97,77,93,4B,7C,75,DF, 0A,65,B4,C1,A3,1D,A9,E0,CB,C4,49,E7,BE,4C,35,47 } 154 Bibliography [1] C.M Adams and S.E Tavares Generating and Counting Binary Bent Sequences IEEE Transactions on Information Theory, 36(5):1170–1173, September 1990 [2] Anubis tures, Submission Integrity and to the New Encryption European (NESSIE) Schemes process for Signa- Available at http://cosic.esat.kuleuven.ac.be/nessie/workshop/submission/anubis.zip [3] K.G Beauchamp Applications of Walsh and Related Functions Academic Press, 1984 [4] E.R Berlekamp and L.R Welch Weight Distributions of the Cosets of the (32, 6) Reed-Muller Code IEEE Transactions on Information Theory, 18(1):203–207, January 1972 [5] E Biham Observations on the relations between the bit-functions of many s-boxes Presentation at the 3rd NESSIE Conference, Nov 2002 [6] E Biham and A Shamir Differential cryptanalysis of DES-like cryptosystems In Advances in Cryptology - Crypto ’90, Proceedings, volume 537 of Lecture Notes in Computer Science, pages 2–21 Springer-Verlag, 1991 [7] Camellia Submission tures, and Integrity to the Encryption New European (NESSIE) Schemes process for Signa- Available at http://cosic.esat.kuleuven.ac.be/nessie/workshop/submission/camellia.zip [8] P Camion and A Canteaut Correlation-Immune and Resilient Functions over a Finite Alphabet and their Applications in Cryptography Designs, Codes and Cryptography, 16:121–149, 1999 [9] P Camion, C Carlet, P Charpin, and C Fontaine Propagation Characteristics and Correlation-Immunity of Highly Nonlinear Boolean Functions In Advances in Cryptology - Eurocrypt ’2000, Proceedings, volume 1807 of Lecture Notes in Computer Science, pages 507–522 Springer-Verlag, 2000 155 [10] P Camion, C Carlet, P Charpin, and C Fontaine On Cryptographic Properties of the Cosets of R(1,m) IEEE Transactions on Information Theory, 47(4):1494– 1513, 2001 [11] P Camion, C Carlet, P Charpin, and N Sendrier On Correlation-Immune Functions In Advances in Cryptology - Crypto ’91, Proceedings, volume 576 of Lecture Notes in Computer Science, pages 86–100 Springer-Verlag, 1992 [12] C Carlet Partially-Bent Functions In Advances in Cryptology - Crypto ’92, Proceedings, volume 740 of Lecture Notes in Computer Science, pages 280–291 Springer-Verlag, 1993 [13] C Carlet Partially-Bent Functions Designs, Codes and Cryptography, 3:135– 145, 1993 [14] C Carlet Two New Classes of Bent Functions In Advances in Cryptology Eurocrypt ’93, Proceedings, volume 765 of Lecture Notes in Computer Science, pages 77–101 Springer-Verlag, 1994 [15] C Carlet Generalized partial spreads IEEE Transactions on Information Theory, 41(5):1482–1487, September 1995 [16] C Carlet A Construction of Bent Functions In Finite Fields and Applications (third conference), Glasgow, Great Britain, London Mathematical Society, Lecture Series 233, pages 47–58 Cambridge University Press, 1996 [17] C Carlet On Cryptographic Propagation Criteria for Boolean Functions Information and Computation, 151:32–56, 1999 [18] C Carlet On the Coset Weight Divisibility and Nonlinearity of Resilient and Correlation-Immune Functions Discrete Mathematics and Theoretical Computer Science, 2001 [19] C Carlet and P Guillot A Characterization of Binary Bent Functions Jornal of Combinatorial Theory, 76(2):328–335, 1996 [20] C Carlet and P Sarkar Spectral Domain Analysis of Correlation-Immune and Resilient Boolean Functions Finite Fields and their Applications, 8(1):120–130, 2002 [21] C Carlet, J Seberry, and X.-M Zhang Comments on ”Generating and Counting Binary Bent Sequences” IEEE Transactions on Information Theory, 40(2):600–600, 1994 156 [22] C Carlet, J Seberry, and X.-M Zhang A Construction of Resilient Functions with High Nonlinearity IEEE Transactions on Information Theory, 49(2), 2003 [23] CAST-128 Rfc 2114 - the cast-128 encryption algorithm Available at http://www.faqs.org/rfcs/rfc2144.html [24] P Charpin and E Pasalic On Propagation Properties of Resilient Functions In Workshop on Selected Areas in Cryptology 2002, Workshop Record., pages 185–202, 2002 [25] S Chee, S Lee, K Kim, and D Kim Correlation Immune Functions with Controllable Nonlinearity ETRI Journal, 19(4):389–401, December 1997 [26] S Chee, S Lee, D Lee, and S.H Sung On the Correlation Immune Functions and Their Nonlinearity In Advances in Cryptology - Asiacrypt ’96, Proceedings, volume 1163, pages 232–243, 1996 [27] J.H Cheon Nonlinear Vector Resilient Functions In Advances in Cryptology Crypto ’2001, Proceedings, volume 2139 of Lecture Notes in Computer Science, pages 181–195 Springer-Verlag, 2001 [28] B Chor, O Goldreich, J Hastad, J Friedman, S Rudich, and R Smolensky The Bit Extraction Problem or t-Resilient Functions (preliminary version) In 26th Annual Symposium on Foundations of Computer Science, pages 396–407, 1985 [29] A.J Clark Optimisation Heuristics for Cryptology PhD thesis, Queensland University of Technology, Brisbane, Australia, February 1998 [30] J.A Clark and J.L Jacob Two-Stage Optimisation in the Design of Boolean Functions In Fifth Australian Conference on Information Securtity and Privacy, Proceedings, volume 1841 of Lecture Notes in Computer Science, pages 242–254 Springer-Verlag, 2000 [31] T.W Cusick Boolean Functions Satisfying a Higher Order Strict Avalanche Criterion In Advances in Cryptology - Eurocrypt ’93, Proceedings, volume 765, pages 102–117 Springer-Verlag, 1994 [32] T.W Cusick Bounds on the number of functions satisfying the Strict Avalanche Criterion Information Processing Letters, 57:261–263, 1996 157 [33] J Daemen, L Knudsen, and V Rijmen The Block Cipher Square In Fast Software Encryption 1997, volume 1267 of Lecture Notes in Computer Science, pages 149–165 Springer-Verlag, 1997 [34] J Daemen and V Rijmen AES Proposal: Rijndael Available at http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf [35] E Dawson, W Millan, and L Simpson Designing Boolean Functions for Cryptographic Applications In Proceedings of General Algebra Conference, Vienna, Austria, pages 1–22, 1999 [36] J.D Denev and V.D Tonchev On the Number of Equivalence Classes of Boolean Functions under a Transformation Group IEEE Transactions on Information Theory, 26(5):625–626, September 1980 [37] J.F Dillon Elementary Hadamard Difference Sets In Proc of Sixth Southeastern Conference on Combinatorics, Graph Theory and Computing, pages 237– 249, 1975 [38] C Ding, G Xiao, and W Shan The Stability Theory of Stream Ciphers, volume 561 of Lecture Notes in Computer Science Springer-Verlag, 1991 [39] H Dobbertin Construction of Bent Functions and Balanced Boolean Functions with High Nonlinearity In Fast Software Encryption 1994, volume 1008 of Lecture Notes in Computer Science, pages 61–74 Springer-Verlag, 1994 [40] M Fedorova and Y.V Tarannikov On the Constructing of Highly Nonlinear Resilient Boolean Functions by means of Special Matrices In Progress in Cryptology - Indocrypt ’2001, Proceedings, volume 2247 of Lecture Notes in Computer Science, pages 254–266 Springer-Verlag, 2001 [41] E Filiol and C Fontaine Highly nonlinear balanced Boolean functions with good correlation-immunity In Advances in Cryptology - Eurocrypt ’98, Proceedings, volume 1403 of Lecture Notes in Computer Science, pages 475–488 Springer-Verlag, 1998 [42] R Forre The Strict Avalanche Criterion: Spectral Properties of Boolean Functions and an Extended Definition In Advances in Cryptology - Crypto ’88, Proceedings, volume 403 of Lecture Notes in Computer Science, pages 450–468 Springer-Verlag, 1988 158 [43] Hierocrypt-3 natures, Submission to the New European Schemes for Sig- Integrity and Encryption (NESSIE) process Available at http://cosic.esat.kuleuven.ac.be/nessie/workshop/submission/hierocrypt-3.zip [44] Hierocrypt-L1 natures, Submission to the New European Schemes for Sig- Integrity and Encryption (NESSIE) process Available at http://cosic.esat.kuleuven.ac.be/nessie/workshop/submission/hierocrypt-l1.zip [45] X Hou and P Langevin Results on Bent Functions Jornal of Combinatorial Theory, 80:232–246, 1997 [46] T Jakobsen and L.R Knudsen The Interpolation Attack on Block Ciphers In Fast Software Encryption 1997, volume 1267 of Lecture Notes in Computer Science, pages 28–40 Springer-Verlag, 1997 [47] C.J.A Jansen and D.E Boekee The Algebraic Normal Form of Arbitrary Functions over Finite Fields In Proceedings 8th Symposium on Information Theory in the Benelux, pages 69–76, May 1987 [48] F Sano K Ohkuma, H Muratani and S Kawamura The Block Cipher Hierocrypt In Workshop on Selected Areas in Cryptology 2000, Workshop Record., volume 2012 of Lecture Notes in Computer Science, pages 72–88 SpringerVerlag, 2000 [49] Khazad tures, Submission Integrity and to the New Encryption European (NESSIE) Schemes process for Signa- Available at http://cosic.esat.kuleuven.ac.be/nessie/workshop/submission/khazad.zip [50] K Kurosawa, T Satoh, and K Yamamoto Highly nonlinear t-resilient functions Journal of Universal Computer Science, 3(6):721–729, 1997 [51] S Lloyd Counting Functions Satisfying a Higher Order Strict Avalanche Criterion In Advances in Cryptology - Eurocrypt ’89, Proceedings, volume 434, pages 63–74 Springer-Verlag, 1990 [52] F.J MacWilliams and N.J.A Sloane The Theory of Error Correcting Codes North-Holland Publishing Company, Amsterdam, 1978 [53] J.A Maiorana A Classificationn of the Cosets of the Reed-Muller code r(1, 6) Mathematics of Computation, 57(195):403–414, July 1991 [54] S Maitra Correlation Immune Boolean Functions with Very High Nonlinearity Cryptology ePrint Archive, Report 2000/054, 2000 http://eprint.iarc.org/ 159 [55] S Maitra Autocorrelation Properties of Correlation Immune Boolean Functions In Progress in Cryptology - Indocrypt ’2001, Proceedings, volume 2247 of Lecture Notes in Computer Science, pages 242–253 Springer-Verlag, 2001 [56] S Maitra and E Pasalic Further Constructions of Resilient Boolean Functions with Very High Nonlinearity IEEE Transactions on Information Theory, 48(7):1825–1834, 2002 [57] S Maitra and P Sarkar Hamming weights of correlation immune boolean functions Information Processing Letters, 71:149–133, 1999 [58] M Matsui Linear Cryptanalysis Method for DES Cipher In Advances in Cryptology - Eurocrypt ’93, Proceedings, volume 765, pages 386–397 SpringerVerlag, 1994 [59] W Meier and O Staffelbach Nonlinearity Criteria for Cryptographic Functions In Advances in Cryptology - Eurocrypt ’89, Proceedings, volume 434, pages 549– 562 Springer-Verlag, 1990 [60] W Millan Low Order Approximation of Cipher Functions In Cryptology: Policy and Algorithms Conference, Proceedings, LNCS, volume 1029, pages 144– 155 Springer-Verlag, 1995 [61] W Millan, A Clark, and E Dawson An Effective Genetic Algorithm for Finding Highly Nonlinear Boolean Functions In First International Conference on Information and Communications Security, ICICS’97, volume 1334 of Lecture Notes in Computer Science, pages 149–158 Springer-Verlag, 1997 [62] W Millan, A Clark, and E Dawson Smart Hill Climbing Finds Better Boolean Functions In Workshop on Selected Areas in Cryptology 1997, Workshop Record, pages 50–63, 1997 [63] W Millan, A Clark, and E Dawson Heuristic Design of Cryptographically Strong Balanced Boolean Functions In Advances in Cryptology - Eurocrypt ’98, Proceedings, volume 1403 of Lecture Notes in Computer Science, pages 489–499 Springer-Verlag, 1998 [64] W Millan, A Clark, and E Dawson Boolean Function Design Using Hill Climbing Methods In Fourth Australian Conference on Information Securtity and Privacy, Proceedings, volume 1587 of Lecture Notes in Computer Science, pages 1–11 Springer-Verlag, 1999 160 [65] W.L Millan Analysis and Design of Boolean Functions for Cryptographic Applications PhD thesis, Queensland University of Technology, Brisbane, Australia, December 1997 [66] S Mister Properties of the Building Blocks of Serpent Presentation for an AES Conference, May 2000 [67] MISTY1 tures, Submission Integrity and to the Encryption New European (NESSIE) Schemes process for Signa- Available at http://cosic.esat.kuleuven.ac.be/nessie/workshop/submission/misty1.zip [68] R Schroeppel N Ferguson and D Whiting A Simple Algebraic Representation of Rijndael In Workshop on Selected Areas in Cryptology 2001, Workshop Record., volume 2259 of Lecture Notes in Computer Science, pages 103–111 Springer-Verlag, 2001 [69] K Nyberg Differentially uniform mappings for cryptography In Advances in Cryptology - Eurocrypt ’93, Proceedings, volume 765 of Lecture Notes in Computer Science, pages 55–64 Springer-Verlag, 1994 [70] K Nyberg and L.R Knudsen Provable Security against Differential Cryptanalysis In Advances in Cryptology - Crypto ’92, Proceedings, volume 740 of Lecture Notes in Computer Science, pages 566–574 Springer-Verlag, 1993 [71] L O’Connor An upper bound on the number of functions satisfying the Strict Avalanche Criterion Information Processing Letters, 52:325–327, 1994 [72] National Bureau of Standards (U.S.) Data Encryption Standard (DES) Federal Information Processing Standards, 1977 [73] S.M Park, S Lee, S.H Sung, and K Kim Improving bounds for the number of correlation immune Boolean functions Information Processing Letters, 61:209– 212, 1997 [74] E Pasalic On Boolean Functions in Symmetric-Key Ciphers PhD thesis, Lund University, 2003 [75] E Pasalic and T Johansson Further Results on the Relation Between Nonlinearity and Resiliency of Boolean Functions In IMA Conference on Cryptography and Coding, volume 1746 of Lecture Notes in Computer Science, pages 35–45 Springer-Verlag, 1999 161 [76] E Pasalic, T Johansson, S Maitra, and P Sarkar New Constructions of Resilient and Correlation Immune Boolean Functions Achieving Upper Bounds on Nonlinearity In Workshop on Coding and Cryptography Proceedings, volume 6, pages 425–435 Elsevier Science, 2001 [77] E Pasalic and S Maitra Linear Codes in Generalized Constructions of Resilient Functions with Very High Nonlinearity IEEE Transactions on Information Theory, 48(8):2182–2191, 2002 [78] B Preneel Analysis and Design of Cryptographic Hash Functions PhD thesis, Cathoic University of Leuven, 1994 [79] B Preneel, R Govaerts, and J Vandewalle Boolean Functions Satisfying Higher Order Propagation Criteria In Advances in Cryptology - Eurocrypt ’91, Proceedings, volume 547, pages 141–152 Springer-Verlag, 1991 [80] B Preneel, W Van Leekwijck, L Van Linden, R Govaerts, and J Vandewalle Propagation Characteristics of Boolean Functions In Advances in Cryptology Eurocrypt ’90, Proceedings, volume 473, pages 161–173 Springer-Verlag, 1991 [81] Q tures, Submission Integrity and to the New Encryption European (NESSIE) Schemes process for Signa- Available at http://cosic.esat.kuleuven.ac.be/nessie/workshop/submission/q.zip [82] V Rijmen, J Daemen, B Preneel, A Bosselaers, and E De Win The Cipher SHARK In Fast Software Encryption 1996, volume 1039 of Lecture Notes in Computer Science, pages 99–111 Springer-Verlag, 1996 [83] O.S Rothaus On Bent Functions Journal of Combinatorial Theory (A), 20:300–305, 1976 [84] P Sarkar and S Maitra Construction of Nonlinear Boolean Functions with Important Cryptographic Properties In Advances in Cryptology - Eurocrypt ’2000, Proceedings, volume 1807 of Lecture Notes in Computer Science, pages 485–506 Springer-Verlag, 2000 [85] P Sarkar and S Maitra Nonlinearity Bounds and Constructions of Resilient Boolean Functions In Advances in Cryptology - Crypto ’2000, Proceedings, volume 1880 of Lecture Notes in Computer Science, pages 515–532 SpringerVerlag, 2000 162 [86] SC2000 tures, Submission Integrity and to the New Encryption European (NESSIE) Schemes process for Signa- Available at http://cosic.esat.kuleuven.ac.be/nessie/workshop/submission/sc2000.zip [87] M Schneider On the Construction and Upper Bounds of Balanced and Correlation-immune Functions In Workshop on Selected Areas in Cryptology 1997, Workshop Record, pages 73–87, 1997 [88] J Seberry and X.-M Zhang Highly Nonlinear 0-1 Balanced Boolean Functions Satsifying Strict Avalanche Criterion In Advances in Cryptology - Auscrypt ’92, Proceedings, volume 718 of Lecture Notes in Computer Science, pages 145–155 Springer-Verlag, 1993 [89] J Seberry and X.-M Zhang Constructions of Bent Functions from Two Known Bent Functions Australasian Journal of Combinatorics, 9:21–35, 1994 [90] J Seberry, X.-M Zhang, and Y Zheng Highly Nonlinear Balanced Boolean Functions Satisfying High Degree Propagation Criterion Technical report, Dept of Computer Science, University of Wollongong, November 1993 [91] J Seberry, X.-M Zhang, and Y Zheng On Constructions and Nonlinearity of Correlation Immune Functions In Advances in Cryptology - Eurocrypt ’93, Proceedings, volume 765 of Lecture Notes in Computer Science, pages 181–199 Springer-Verlag, 1994 [92] Serpent Submission to the AES Encryption Standard(AES) Available at http://cl.cam.ac.uk/rja14/serpent.hmtl [93] C.E Shannon Communication Theory of Secrecy Systems The Bell System Technical Journal, 28:656–715, 1949 [94] T Siegenthaler Correlation-Immunity of Nonlinear Combining Functions for Cryptographic Applications IEEE Transactions on Information Theory, 30(5):776–780, September 1984 [95] S.H Sung, S Chee, and C Park Global avalanche characteristics and propagation criterion of balanced Boolean functions Information Processing Letters, 69:21–24, 1999 [96] Y.V Tarannikov On Resilient Boolean Functions with Maximal Possible Nonlinearity In Progress in Cryptology - Indocrypt ’2000, Proceedings, volume 1977 of Lecture Notes in Computer Science, pages 19–30 Springer-Verlag, 2000 163 [97] Y.V Tarannikov New Constructions of Resilient Boolean Functions with Maximal Possible Nonlinearity In Fast Software Encryption 2001, volume 2355 of Lecture Notes in Computer Science, pages 66–77 Springer-Verlag, 2001 [98] D Wagner Proof od Redundancy in Finite Field Inversion Posting to http://Sci.crypt/, September 2002 [99] A.F Webster and S.E Tavares On the Design of S-Boxes In Advances in Cryptology - Crypto ’85, Proceedings, volume 218 of Lecture Notes in Computer Science, pages 523–534 Springer-Verlag, 1986 [100] C.-K Wu On Distribution of Boolean Functions with Nonlinearity ≤ 2n−2 1988 [101] G-Z Xiao and J.L Massey A Spectral Characterization of Correlation-Immune Combining Functions IEEE Transactions on Information Theory, 34(3):569– 571, May 1988 [102] R Yarlagadda and J.E Hershey Analysis and Synthesis of Bent Sequences IEE Proceedings, Pt E., 136(2):112–123, March 1989 [103] A.M Youssef and S.E Tavares AES Round Function On SomeAlgebraic Structures in the Cryptology ePrint Archive, Report 2002/144, 2002 http://eprint.iarc.org/ [104] P Korolev Y.V Tarannikov and A Botev Autocorrelation Coefficients and Correlation Immunity of Boolean Functions In Advances in Cryptology - Asiacrypt ’2001, Proceedings, volume 2248 of Lecture Notes in Computer Science, pages 460–479 Springer-Verlag, 2001 [105] X-M Zhang and Y Zheng GAC - the Criterion for Global Avalanche Characteristics of Cryptographic Functions Journal of Universal Computer Science, 1(5):316–333, 1995 [106] X.-M Zhang and Y Zheng Characterizing the Structures of Cryptographic Functions Satisfying the Propagation Criterion for Almost All Vectors Designs, Codes and Cryptography, 7:111–134, 1996 [107] X.-M Zhang and Y Zheng New Bounds on the Nonlinearity of Boolean Functions In Advances in Cryptology - Eurocrypt ’96, Proceedings, volume 1070 of Lecture Notes in Computer Science, pages 294–306 Springer-Verlag, 1996 164 [108] X.-M Zhang and Y Zheng Cryptographically Resilient Functions IEEE Transactions on Information Theory, 43(5):1740–1747, September 1997 [109] X.-M Zhang, Y Zheng, and H Imai Restriction, Terms and Nonlinearity of Boolean Functions Special Issue on Cryptography for Theoretical Computer Science, 226(1-2):207–223, 1999 [110] Y Zheng and X.-M Zhang Improving Upper Bound on Nonlinearity of High Order Correlation Immune Functions In Workshop on Selected Areas in Cryptology 2000, Workshop Record., volume 2012 of Lecture Notes in Computer Science, pages 264–274 Springer-Verlag, 2000 [111] Y Zheng and X.-M Zhang On Relationships Among Avalanche, Nonlinearity and Correlation Immunity In Advances in Cryptology - Asiacrypt ’2000, Proceedings, volume 1976 of Lecture Notes in Computer Science, pages 470–483 Springer-Verlag, 2000 165 ... Outcomes of Thesis This thesis presents a study of Boolean functions and in particular, analysis of an affine transformation with respect to both the design and application of Boolean functions for cryptography. .. and analysis of Boolean functions for cryptography The level of security achieved in applications based on Boolean functions is measured by the quality of combinatorial properties within the functions. .. Boolean functions have application in a variety of such systems, including block ciphers, stream ciphers and hash functions The continued study of Boolean functions for cryptography is therefore