230 likes | 412 Views
AUTOCORRELATION SPECTRA OF BALANCED BOOLEAN FUNCTIONS ON AN ODD NUMBER OF INPUT VARIABLES WITH MAXIMUM ABSOLUTE VALUE < 2 ( n +1) 2. Selçuk Kavut 1 , Subhamoy Maitra 2 and Melek D. Yücel 1
E N D
AUTOCORRELATION SPECTRA OF BALANCED BOOLEAN FUNCTIONS ON AN ODD NUMBER OF INPUT VARIABLES WITH MAXIMUM ABSOLUTE VALUE < 2(n+1) 2 Selçuk Kavut1, Subhamoy Maitra2 and Melek D. Yücel1 1Department of Electrical and Electronics Engineering Middle East Technical University, Ankara, Türkiye {kavut, melekdy}@metu.edu.tr 2Applied Statistics Unit, Indian Statistical Institute 203 B T Road, Kolkata 700 108, India subho@isical.ac.in
Outline • Introduction • Preliminary Definitions and Rotation Symmetric Boolean Functions (RSBFs) • Basic Search Algorithm, Cost Function and Time Consumption of the Algorithm • Best Achieved Results • Conclusions
In the National Cryptology Conference of Türkiye (2005), • we introduced a stepest-descent like search algorithm • for the design of cryptographically strong Boolean functions. • In this study, we modify our search algorithm and apply it to • Rotation Symmetric Boolean Functions (RSBF’s). • We obtain some cryptographically strong functions for input • variable lengths9 and 11, which have the minimum absolute • indicators in the literature (i.e., the maximum absolute value of • the autocorrelation spectrum). Introduction-1
It has been conjectured (by Zhang & Zheng) that for any • balanced function on an odd number of input variables n, • absolute indicator 2(n+1)(32 for n = 9, and 64 for n = 11). • 2 • The conjecture has been disproved for n = 15, and n = 21 (by • Maitra, Sarkar, Gangopadhyay & Keskar) modifying the • Patterson-Wiedemann type functions. • So far there is no evidence of such functions for odd n < 15, • which we present in this study. Introduction-2
Outline • Introduction • Preliminary Definitions and Rotation Symmetric Boolean Functions (RSBFs) • Basic Search Algorithm, Cost Function and Time Consumption of the Algorithm • Best Achieved Results • Conclusions
Algebraic Normal Form (ANF): • f(x)= a0a1x1 ... anxna12x1x2a13x1x3 ... a12...nx1x2 ...xn • Affine Boolean functions are of degree at most 1. • f(x) = w1x1w2x2 ... wnxnc = w∙xc(1) Preliminary Definitions- 1 • Walsh Hadamard Transform: • F(w) =(−1)f(x)(−1)w∙x (2) • xF2n • Nonlinearity: • NLf = ( 2n− max |F(w)|) / 2 (3) • wF2n
Autocorrelation andAbsolute Indicator: • rf (d) = (−1)f (x)(−1)f (xd) , ∆f = max| rf (d) | (4) • xF2nd≠0F2n Preliminary Definitions - 2 • Sum of Squares Indicator: • SSIf = rf(d)2 (5) • dF2n • Sum of Squared Differences from Bent Spectra: • d0 | rf (d) |2= 2nw |F(w)22n|2 (6)
The above equation is obtained by using the Parseval’s relation on the autocorrelation difference from that of a bent function, e(d) = rf (d) rbent(d). • Then the Walsh transform of e(d) is E(w) = F(w)22n Using the Parseval’s relation d0e(d)2= 2nwE(w)2 , one obtains d0 | rf (d) |2= 2nw |F(w)22n|2.
As well as the bias of the probability expression P{ f(x) =w∙x}= (1/2)+(F(w)/2n+1) the bias term in the expression P{ f(x) =f(x d)}= (1/2)+(rf (d)/2n+1 ) also needs to be minimized. So,the absolute indicator ∆f = max| rf (d) | d≠0F2n is an important parameterfor Boolean functions, which should be kept as small as possible.
Rotation Symmetric Boolean Functions (RSBFs) • Let x(k)be ktimes cyclically shifted form of the n-variable vectorx.The set Gn(x) = { x(k) | for 0≤ k ≤ n }is called an orbit.The number of such orbits is approximately 2n/n . • An n-variable Boolean functionf(x)is called Rotation Symmetric if for each input x,f(x)= f(x(k))for 1≤ k ≤n. • The number of RSBF’s (22n/n) is much smaller than the total number (22n) of n-variable Boolean functions.Moreover, sincetheclassof RSBF’s is rich in terms of cryptographic strength, heuristic search gives fruitful results.
All cyclically rotated input vectors are mapped to the same value in the truth table. As an example, for a 5 variable functionf: f(00001) = f(10000) = f(01000) = f(00100) = f(00010) orbit #1 f(10001) = f(11000) = f(01100) = f(00110) = f(00011) orbit #2 f(10011) = f(11001) = f(11100) = f(01110) = f(00111) orbit #3 f(10111) = f(11011) = f(11101) = f(11110) = f(01111) orbit #4 f(10010) = f(01001) = f(10100) = f(01010) = f(00101) orbit #5 f(10110) = f(01011) = f(10101) = f(11010) = f(01101) orbit #6 f(00000) orbit #7 f(11111) orbit #8 Therefore, for n = 5, there are 28RSBF’s among 232functions. Example: RSBF Orbits for n=5
Outline • Introduction • Preliminary Definitions and Rotation Symmetric Boolean Functions (RSBFs) • Basic Search Algorithm, Cost Function and Time Consumption of the Algorithm • Best Achieved Results • Conclusions
The strategy uses a steepest-descent like iterative • algorithm. Search Strategy-1 • At ach iteration step, the cost function Cost = 2nw |F(w)22n|2 = d0 | rf (d) |2 • is calculated within a pre-defined neighborhood. • In some rare cases, the cost value does not • decrease during the iteration; which provides the • ability of the algorithm to escape from local minima.
The neighborhood is obtained by swapping truth table entries • corresponding to possible pairs of equal-size orbits having • dissimilar values. Search Strategy-2 • For instance, 9 variable RSBFs contain • 2 orbits of size 1 (all zero and all 1), • 2 orbits of size 3 [represented by (001001001) & (110110110)], • and 56 orbits of size 9. • Therefore, half of the truth table consists of 28 orbits of size 9, • one orbit of size 3, and one orbit of size 1 (256 bits = 28x9+3+1). • In order to constitute the neighborhood, two dissimilar-valued • orbits of either size 9, or size 3, or size 1 are swapped.
1.f = finitial 2.do k = 1:N{ 3.do i = 1:M{ 4.Swap equal-size orbits of f 5. SETf[ i ] = fswapped 6. COST[ i ] = costswapped 7. } 8. Find costmin (= min. costswapped in COST) and respective fmin in SET 9. while (fmin is already in STORE){ 10.Remove costmin from COST and fmin from SET 11.Find costmin in COST and respective fmin in SET 12. } 13.STORE[ k ] = fmin 14.f = fmin 15. } To preserve balancedness Basic Algorithm
N = 40,000 for n = 9, and N = 100,000 for n = 11. Time Consumption of the Algorithm • Average search time for one run on a computer with • Pentium IV 2.8 GHz processor and 248 MB RAM is: • 27 minutes for n = 9, • and 29.5 hours for n = 11. • For n = 9, there were 9 successes in 25 runs, and • for n = 11, there were 2 successes within 50 runs.
Outline • Introduction • Preliminary Definitions and Rotation Symmetric Boolean Functions (RSBFs) • Basic Search Algorithm, Cost Function and Time Consumption of the Algorithm • Best Achieved Results • Conclusions
Comparison withSome References(number of variables, resiliency,degree,nonlinearity,absolute indicator) (*) Table elements marked by * have the additional property of PC(1).
Comparison of Some 1-ResilientFunctionsPresented Yesterday & Today at BFCA’06 (number of variables, resiliency,degree,nonlinearity,absolute indicator)
Conclusions • We have exploited a properly modified steepest-descent based iterative heuristic search in RSBFs. • For the first time, we could attain balanced Boolean functions on 9, 11 variables with absolute indicator < 2(n+1). 2 • We expect to come up with still more interesting results for n = 13.
Thank you for your attention!..