A Construction of Bent Functions of <svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="vertical-align:-0.738pt;width:45.262501px;" id="M1" height="14.625" version="1.1" viewBox="0 0 45.262501 14.625" width="45.262501">
	
		
			<g transform="matrix(.022,-0,0,-.022,.062,14.3)"><path id="x1D45B" d="M495 86q-46 -47 -87 -72.5t-63 -25.5q-43 0 -16 107l49 210q7 34 8 50.5t-3 21t-13 4.5q-35 0 -109.5 -72.5t-115.5 -140.5q-21 -75 -38 -159q-50 -10 -76 -21l-6 8l84 340q8 35 -4 35q-17 0 -67 -46l-15 26q44 44 85.5 70.5t64.5 26.5q35 0 10 -103l-24 -98h2
q42 56 97 103.5t96 71.5q46 26 74 26q9 0 16 -2.5t14 -11.5t9.5 -24.5t-1 -44t-13.5 -68.5q-30 -117 -47 -200q-4 -19 -3.5 -25t6.5 -6q21 0 70 48z"></path></g><g transform="matrix(.022,-0,0,-.022,16.292,14.3)"><path id="x2B" d="M535 230h-212v-233h-58v233h-213v50h213v210h58v-210h212v-50z"></path></g><g transform="matrix(.022,-0,0,-.022,34.427,14.3)"><path id="x32" d="M412 140l28 -9q0 -2 -35 -131h-373v23q112 112 161 170q59 70 92 127t33 115q0 63 -31 98t-86 35q-75 0 -137 -93l-22 20l57 81q55 59 135 59q69 0 118.5 -46.5t49.5 -122.5q0 -62 -29.5 -114t-102.5 -130l-141 -149h186q42 0 58.5 10.5t38.5 56.5z"></path></g>

		
	
</svg> Variables from a Bent Function of <svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="vertical-align:-0.144pt;width:11.375px;" id="M2" height="10.4375" version="1.1" viewBox="0 0 11.375 10.4375" width="11.375">
	
		
			<g transform="matrix(.022,-0,0,-.022,.062,10.1)"><use xlink:href="#x1D45B"></use></g>

		
	
</svg> Variables and Its Cyclic Shifts

Climent, Joan-Josep; García, Francisco J.; Requena, Verónica

doi:https://doi.org/10.1155/2014/701298

Algebra

On this page

Abstract Introduction Preliminaries References Copyright Related Articles

Research Article | Open Access

Volume 2014 | Article ID 701298 | https://doi.org/10.1155/2014/701298

A Construction of Bent Functions of Variables from a Bent Function of Variables and Its Cyclic Shifts

Joan-Josep Climent,¹Francisco J. García,²and Verónica Requena³

Academic Editor: Masoud Hajarian

Received09 Oct 2013

Accepted17 Mar 2014

Published17 Apr 2014

Abstract

We present a method to iteratively construct new bent functions of variables from a bent function of variables and its cyclic shift permutations using minterms of variables and minterms of 2 variables. In addition, we provide the number of bent functions of variables that we can obtain by applying the method here presented, and finally we compare this method with a previous one introduced by us in 2008 and with the Rothaus and Maiorana-McFarland constructions.

1. Introduction

Boolean functions are widely used in different types of cryptographic applications, such as block ciphers, stream ciphers, and hash functions [1–3], and in coding theory [4, 5], among others. For example, the implementation of an S-box needs nonlinear Boolean functions to resist attacks such as the linear and differential cryptanalysis [6–9]. For an even number of variables, Boolean functions bearing maximum nonlinearity are called bent functions [10, 11]. The construction of one-to-one S-boxes so that any linear combination of the output functions is balanced has already been explained [12, 13] and also the issue of making such linear combination a bent function [14]. However, no conclusive approaches have been presented yet for the construction of all S-boxes so that they satisfy the property that any linear combination of the outputs is also bent. It is precisely for this reason that a thorough study of the properties of bent functions as well as of the methods to construct them has occupied the minds of many authors in the last decades (see, e.g., [9, 11, 15–35] and the references therein).

Bent functions constitute a fascinating issue in cryptography but, unfortunately, there is a mist hovering over their properties, their classification, and their actual number. The origin of the concept of bent function takes us back to a theoretical article by McFarland [36] where he discussed difference sets in finite noncyclic groups. Dillon [24], a year later, systematized and further elaborated McFarland’s insights and provided proofs for a great number of properties; Dillon’s Ph.D. dissertation has been an excellent source in the field of bent functions up to the mid s. But it was Rothaus [37] who came up with the name for the concept. These functions are called perfect nonlinear Boolean functions by Meier and Staffelbach [30].

There are different ways to obtain bent functions; most of them are based on the algebraic normal form of a Boolean function and the Walsh transform. However, there are very few constructions of bent functions based on the truth table of Boolean functions, for example, the partial spread class of bent functions introduced by Dillon [24]; moreover, from the truth tables of linear functions and bent functions, it is possible to construct bent functions with a greater number of variables [38]. But not all the bent functions in variables can be obtained from bent functions and linear functions with a smaller number of variables, as proved by Chang [21]. Hou and Langevin [28] described how, from a well-known bent function, new bent functions can be obtained with the same number of variables.

Charnes et al. [39, 40] discovered a surprising relation with the classical invariant theory. Qu et al. [41] have found, by computer enumeration, an interesting class of bent functions with variables. Carlet and Guillot [19], Dobbertin [25], Kumar et al. [29], and Langevin [42] have analyzed some bent function constructions, characterizations, properties, and generalizations. Tokareva [34] introduces lower bound on the number of bent functions that can be obtained by the iterative constructions proposed by Canteaut and Charpin [43].

A general method for generating all bent functions is not known to exist yet, except for some particular cases. For example, it is well known that, for , there are only different bent functions, for , Preneel [32] (see also [21]) proved that the number of different bent functions is , and, for , Langevin and Leander [44] proved recently that the number of bent functions is . Nevertheless, the classification and counting for is still an open problem.

We refer the reader to the two excellent surveys in [18] and [23, Chapter 5] about bent functions.

The mentioned literature so far makes an intensive use of the representation of Boolean functions either in polynomial form, in matrix form, or in sequential form. Nevertheless, the classical concept of minterm, which, by the way, is directly related to the implementation of logic circuits and its complexity, has not been frequently applied (see [22]). This paper purports to practically generate bent functions using the representation of Boolean functions as a sum of minterms.

The use of the algebraic normal form or the truth table or both has its advantages and disadvantages. For example, the algebraic normal form of a Boolean function of variables provides directly its degree, and, if it is greater than , we can ensure that is not a bent function [37]; nevertheless, we do not know the cardinality of its support (i.e., the number of minterms). On the other hand, if we know the truth table of , then we know if its support has the necessary number of elements to be a bent function, although we do not know its degree.

The remainder of the paper is organized as follows. In Section 2, we present some basic definitions and notations used. In Section 3, we introduce a general method for the construction of bent functions of variables using a bent function of variables and some of its shifts; we also introduce some other important results required to prove the main theorems. In Section 4, we present the necessary results to count the number of bent functions we can construct based on the method dealt with in Section 3. Finally, in Section 5, we show that our construction generates bent functions which are not Rothaus or Maiorana-McFarland type (see, e.g., [29, 37]); we also show that the construction introduced in this paper is basically different from the construction introduced in [22] and we compute the number of bent functions we can obtain using one construction but not by the other one. In addition, we summarize the number of bent functions obtained by the different methods here considered.

2. Preliminaries

Consider the binary field with the addition modulo (denoted by ) and the multiplication modulo . For any positive integer , it is well known that is a linear space over with the addition given by for and in . Also, we consider the inner product of and . Furthermore, we say that if there exists (with ) such that So, we can order the elements such that Furthermore, if , then and we call the vector the binary expansion of the integer . With this representation, we can identify the vector with the integer and, consequently, we can identify the set with the set .

A Boolean function of variables is a map . The set of all Boolean functions of variables is a linear space over with the addition given by for . For a function of , the -sequence of length , is called the truth table of . The truth table of a Boolean function can be obtained by its minterms. A minterm on variables is an expression of the form where .

For , it is evident that if and only if . We will write instead of . So, the truth table, of has in the th position and elsewhere. Consequently, Also, since if and only if , we can identify the minterm with the integer (or with the vector as best suited).

Now, for all , it is well known that and since the identity implies for , we can state that the set is a basis of .

For all , we call the support of the set according to expression (11) and the identification of with . So, we can identify as the set of minterms of . Therefore, we can rewrite expression (11) as where or as best suited.

The Hamming weight of a -sequence , denoted by , is the number of s in . The Hamming weight of a Boolean function , denoted by , is the Hamming weight of its truth table ; that is, , and consequently, is the number of minterms in the expression of taken as a sum of minterms. A -sequence is balanced if it contains an equal number of s and s, so a function in is balanced if its truth table is balanced.

We say that is an affine function if it takes the form where , , and . If , is called a linear function.

The nonlinearity of a function is defined as where is the set of all affine functions and the distance , for , is defined as . The nonlinearity of is upper bounded (see, e.g., [11, 18, 23, 30]) by The Boolean functions achieving the maximum nonlinearity are called bent functions (see, e.g., [11, 18, 23, 30]). As a consequence, bent functions only exist for even.

It is well know that the above upper bound on the nonlinearity of a Boolean function of variables coincides with the covering radius of the first order binary Reed-Muller code of length (see, e.g., [30, 45]).

The following result (see, e.g., [11, 46]) that we quote for further references gives us a characterization of a bent function.

Theorem 1. Let be a function of variables. The following statements are equivalent. (1) is a bent function.(2)The Boolean function is balanced for all .(3)The number of s in the truth table of the Boolean function is for all .

Taking into account that, and as a consequence of the previous theorem, if is a bent function of variables, then the number of s in its truth table is ; so that and is not balanced. Equivalently, is expressed as a sum of minterms.

Finally, it is well known that for any bent function , the functions and , for all , are also bent functions.

Before moving onto the next section, remember that two Boolean functions and are called affine equivalent if there exist an invertible matrix , two vectors , and a bit such that .

It is known (see, e.g., [47]) that affine equivalent functions are both bent or both not bent. So, many authors work on the problem of finding the number and representatives of affine equivalent classes of bent functions. Nevertheless, we are interested in the problem of finding how many different bent functions there exist or we can construct, because not all affine equivalent bent functions are different as we can see in the following example.

Example 2. Consider the bent function of variables; the invertible matrix the vectors , , and the bit . It is easy to check that the Boolean functions and have both the same truth table and, consequently, are the same Boolean function.

3. Main Results

In the rest of the paper, we consider that is a vector of and that is a vector of .

Firstly, we introduce two important properties of the minterms which allow us to construct functions of variables from functions of variables. In the first one, for each minterm of variables, we obtain four different minterms of variables.

Lemma 3 (see Lemma 1 of [22]). Suppose that and . If is a minterm of variables and is a minterm of variables, then is a minterm of variables, where

The previous lemma tells us that the four minterms of variables, which can be obtained from the minterm of variables, are Note that if we use the vector representation for the indices of the minterms, the four minterms of variables obtained from the minterm of variables are

Furthermore, minterms have the following property that makes them operative from the algebraic point of view.

Lemma 4. One has for all .

Proof. Assume that then

The following theorem is the main result of this paper. Here, we present a construction of bent functions of variables from a bent function of variables and some cyclic shifts of .

Theorem 5. Let be a bent function of variables and consider . If is any permutation of , then is a bent function of variables.

Proof. According to Theorem 1 we must prove that the Boolean function, is balanced for all with . In the following, we use the vector as the argument of the functions and its integer representation as subindex of a minterm. So, by Lemma 4,
Now, for each , if we denote by the permutation of given by then it is not difficult to prove that the cases, corresponding to the different values of and , are reduced to one of the following four cases for some permutation of .
Consider
Consider
Consider
Consider Observe that each one of the factors which multiply to for can be written as
Now, by Theorem 1, since is balanced for all nonzero , we have that is balanced, unless .

Note that, as a consequence of Lemma 4, if is the support of , then is the support of for all . Furthermore, as a consequence of Lemma 3, if we use the decimal notation for the indices of the minterms and consider the permutation , then the support of the bent function constructed in Theorem 5 is the set Nevertheless, if we use the vector notation for the indices of the minterms and consider the permutation , then the support of is the set Note that the sets of expression (35) (resp., (36)) are pairwise disjoints by Lemma 3.

4. Counting Bent Functions

In this section we introduce some results in order to compute the number of bent functions we can construct using Theorem 5. Firstly, we consider three particular cases (see Corollaries 6, 7, and 8) which we can derive directly from Theorem 5. The first one corresponds to the case ; the second one to the case , and the third one to the case .

Corollary 6. If is a bent function of variables and is any permutation of , then is a bent function of variables.

Corollary 7. If is a bent function of variables, , and is any permutation of , then is a bent function of variables.

Corollary 8. If is a bent function of variables, , with , and is any permutation of , then is a bent function of variables.

The following result establishes that the bent functions constructed in Corollary 6 are all different from one another.

Lemma 9. Let and be bent functions of variables. Assume that is the bent function constructed in Corollary 6 using and the permutation of . Assume also that is the bent function constructed in Corollary 6 using and the permutation of . If , then .

Proof. If and are the truth tables of and , respectively, then the truth tables of and have four blocks (not necessarily in that order and not the same order for all):
If , then the four blocks of the second row are a permutation of the four blocks of the first row. But if we consider the cases corresponding to these permutations, we obtain that , or that and both have the same number of minterms and the complementary number of minterms. So, in all cases, we obtain a contradiction and, therefore, .

Our next result, whose proof is similar to the previous one, establishes that the bent functions constructed in Corollary 7 are all different from one another.

Lemma 10. Let and be bent functions of variables. Assume that is the bent function constructed in Corollary 7 using , the vector , and the permutation of . Assume also that is the bent function constructed in Corollary 7 using , the vector , and the permutation of . If , then .

The same result is not true for the bent functions constructed using Corollary 8 as we can see in the following example.

Example 11. Assume that . Consider the vectors , and the bent function . Then, according to expression (10), Lemmas 3 and 4, and Corollary 8, we have that is a bent function of variables.
On the other hand, consider the vectors and and the bent function . Again, by expression (10), Lemmas 3 and 4, and Corollary 8, we have that is a bent function of variables. Clearly .

Note that, in the previous example, and that and are bases of the same linear subspace of . With the aim to avoid this situation which provides equal bent functions, we will consider only vectors such that is a Gauss-Jordan basis of cardinality . Remember that a set is a Gauss-Jordan basis of cardinality if the matrix whose rows are is in reduced row echelon form (see also [48, 49]).

So, our next result establishes that the bent functions constructed in Corollary 8 are all different if is a Gauss-Jordan basis of cardinality of .

Lemma 12. Let and be bent functions of variables. Assume that is the bent function constructed in Corollary 8 using , the Gauss-Jordan basis of cardinality of , and the permutation of . Assume also that is the bent function constructed in Corollary 8 using , the Gauss-Jordan basis of cardinality of , and the permutation of . If , then .

Proof. If and are the truth tables of and , respectively, then the truth tables of and have four blocks (not necessarily in that order and not the same order for all): where , , , , , and are the truth tables of , , , , , and , respectively.
If , then the four blocks of the second row are a permutation of the four blocks of the first row. But if we consider the cases corresponding to these permutations, we obtain that or that and both have the same number of minterms and the complementary number of minterms, or that note that if is a Gauss-Jordan basis of cardinality , then cannot be a Gauss-Jordan basis of cardinality . So, in all cases we obtain a contradiction and, therefore, .

Our next result establishes that none of the bent functions, obtained by one of Corollaries 6, 7, and 8, can be obtained by any of the others involved.

Lemma 13. Let , , and be three bent functions of variables (not necessarily different). Assume that is the bent function constructed in Corollary 6 using and the permutation of . Assume that is the bent function constructed in Corollary 7 using , the vector , and the permutation of . Assume also that is the bent function constructed in Corollary 8 using , the Gauss-Jordan basis of cardinality of , and the permutation of . Then , , and .

Proof. If , , and are the truth tables of , , and , respectively, then the truth tables of , , and have four blocks (not necessarily in that order and not the same order for all): where , , , and are the truth tables of , , , and , respectively.
The result is now evident because has three identical blocks, has only two identical blocks, and all the blocks of are different.

Now, as a consequence of the previous lemmas, we can obtain the number of bent functions of variables that we can construct using Corollaries 6, 7, and 8.

Theorem 14. If is the number of bent functions of variables, then using Corollaries 6, 7, and 8 one can construct different bent functions of variables.

Proof. According to Lemma 9, using Corollary 6, we can construct bent functions of variables.
Similarly, according to Lemma 10, using Corollary 7, we can construct bent functions of variables.
Finally, according to Lemma 12, using Corollary 8, we can construct bent functions of variables where is the number of Gauss-Jordan basis of cardinality in . Now, taking into account that each linear subspace of dimension has a unique Gauss-Jordan basis of cardinality , we have that is the number of linear subspaces of dimension in ; so (see [50, page 46])
The result follows now by replacing expression (49) in expression (48) and by adding expressions (46), (47), and (48) because Lemma 13 guarantees that bent functions constructed according to Corollaries 6, 7, and 8 are all different from one another.

5. Comparison with Other Methods

Our examples now show some bent functions constructed according to Corollaries 7 and 8 that are not Maiorana-McFarland functions or Rothaus functions.

Example 15. Assume that and consider the bent function , the vector , and the permutation . Then Corollary 7, expression (10), and Lemmas 3 and 4 provide the bent function which is not a Maiorana-McFarland function.

Example 16. Assume that and consider the bent function , the vectors , , and the permutation . Then Corollary 8, expression (10), and Lemmas 3 and 4 provide the bent function which is not a Rothaus function, because it does not contain the monomial .

In [22] we introduced the following construction of bent functions of variables using bent functions of variables and the minterms of two variables.

Theorem 17. (1) (Corollary 1 of [22]). If is a bent function of variables and if , then is a bent function of variables.
(2) (Corollary 2 of [22]). Let and be bent functions of variables such that
If is any permutation of , then is a bent function of variables.

In addition, we also establish [22, Theorem 3] that the number of different bent functions of variables we can construct using the previous theorem is that is, from Theorem 17(1) and from Theorem 17(2).

According to expression (10) it is evident that Corollary 6 and Theorem 17(1) provide the same bent functions. It is also evident that the bent functions constructed by Corollary 7 can be obtained by Theorem 17(2) if we take In fact, for , both constructions provide the same bent functions of variables. The following result establishes that this is the only case when both constructions provide the same bent functions.

Theorem 18. Let , , and be bent functions of variables and consider . If then .

Proof. If , , , and are the truth tables of the functions , , , and , respectively, then, according to Theorem 17(2) and Corollary 7, the truth tables of the functions and have four blocks (not necessarily in that order and not the same order for all):
If , then the four blocks of the second row are a permutation of the four blocks of the first row. But if we consider the cases corresponding to these permutations, we obtain that , , , , or . So, in all cases, we obtain a contradiction and, therefore, .

Although, for , both constructions provide the same bent functions of variables, for , Theorems 18 and 14 ensure that Theorem 17(2) provides (see expression (47) and the comment explaining expression (55)) bent functions of variables which cannot be obtained by Corollary 7.

Now, the following result, whose proof is similar to the previous one, establishes that none of the bent functions obtained by Corollary 8 can be obtained by Theorem 17(2) and vice versa.

Theorem 19. Let , , and be bent functions of variables and assume that is a Gauss-Jordan basis of cardinality of ; then .

So, Theorem 19 and expressions (48) and (49) ensure that the number of different bent functions of variables constructed by Corollary 8, which cannot be obtained by Theorem 17(2), is

Finally, adding expressions (55) and (60), we have the following result which establishes the number of different bent functions we can construct using Theorems 5 and 17.

Theorem 20. If is the number of bent functions of variables, then using Theorems 5 and 17 we can construct different bent functions of variables.

Table 1 summarizes the number of bent functions we can construct using Theorems 5 and 17 compared with the number of bent functions of the classes of Rothaus and Maiorana-McFarland and the iterative construction. The number of Rothaus functions for more than variables is unknown. Also, the number of bent functions of more than variables is unknown. Note that for variables the number of bent functions provided by Theorem 5 or by Theorem 17 (see comments after Theorem 18) is the same as the number of bent functions provided by Rothaus construction; nevertheless, both constructions provide different bent functions as we can see in Example 16. Using the iterative construction of Canteaut and Charpin [43], Tokareva [34] obtain the same number of bent functions for variables and more functions for a greater number of variables, but for and variables, she only provides a lower bound on the number of bent functions that can be obtained. Finally, an exhaustive computer search shows that the bent functions of variables obtained by iterative construction and Theorem 17 are the same.

6. Some Remarks

Note that the bent functions obtained by Theorem 5 can be obtained from some affine transformations of the bent function obtained in Theorem 17(1).

For example, for , consider the matrix, where is the identity matrix. It is not difficult to see that the bent function has the same truth table as the bent function and, therefore, both expressions define the same bent function. Analogously, for the matrix the bent function has the same truth table as the bent function and, therefore, both expressions define the same bent function.

We use the construction of Theorem 5 instead of the affine transformations because of the following.(i)As we explained in Example 2, not all the bent functions that are affine equivalent to a given function are different. This fact makes the computation of the number of functions we can construct a difficult task.(ii)The simplicity of the operations with minterms makes the computation of the support of the new bent functions evident.(iii)Finally, in Example 11, using two different bent functions of variables and two different pairs of vectors, we have obtained the same bent function of variables faster and in a clearer fashion. However, to achieve the same result using the affine equivalence, we need a greater number of algebraic manipulations and, besides, it is far from evident the choice of the appropriate pair of vectors to prevent the equality of the obtained functions.

The following example emphasizes the latter two items.

Example 21. For the functions and of Example 11, using the first and the second affine transformations introduced at the beginning of this section, we have, after some algebraic manipulations, the following functions:
As we know, both functions are the same, but, in this way, it is our contention that the support of those functions is not obtainable straightforwardly. Nevertheless, from Example 11, the support of the above functions is the set .

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

The work of the first author was partially supported by Spanish Grant MTM2011-24858 of the Ministerio de Economía y Competitividad of the Gobierno de España.

References

A. Braeken, V. Nikov, S. Nikova, and B. Preneel, “On Boolean functions with generalized cryptographic properties,” in Progress in Cryptology—INDOCRYPT 2004, A. Canteaut and K. Viswanathan, Eds., vol. 3348 of Lecture Notes in Computer Science, pp. 120–135, Springer, Berlin, Germany, 2004.
View at: Google Scholar
C. Carlet and Y. Tarannikov, “Covering sequences of Boolean functions and their cryptographic significance,” Designs, Codes and Cryptography, vol. 25, no. 3, pp. 263–279, 2002.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
K. Kurosawa and R. Matsumoto, “Almost security of cryptographic boolean functions,” IEEE Transactions on Information Theory, vol. 50, no. 11, pp. 2752–2761, 2004.
View at: Publisher Site | Google Scholar | MathSciNet
Y. Borissov, A. Braeken, S. Nikova, and B. Preneel, “On the covering radii of binary Reed-Muller codes in the set of resilient boolean functions,” IEEE Transactions on Information Theory, vol. 51, no. 3, pp. 1182–1189, 2005.
View at: Publisher Site | Google Scholar
K. Kurosawa, T. Iwata, and T. Yoshiwara, “New covering radius of Reed-Muller codes for t-resilient functions,” IEEE Transactions on Information Theory, vol. 50, no. 3, pp. 468–475, 2004.
View at: Publisher Site | Google Scholar | MathSciNet
C. M. Adams, “Constructing symmetric ciphers using the CAST design procedure,” Designs, Codes, and Cryptography, vol. 12, no. 3, pp. 283–316, 1997.
View at: Google Scholar
K. C. Gupta and P. Sarkar, “Improved construction of nonlinear resilient S-boxes,” IEEE Transactions on Information Theory, vol. 51, no. 1, pp. 339–348, 2005.
View at: Publisher Site | Google Scholar | MathSciNet
M. Matsui, “Linear cryptanalysis method for DES cipher,” in Advances in Cryptology—EUROCRYPT '93, T. Helleseth, Ed., vol. 765 of Lecture Notes in Computer Science, pp. 386–397, Springer, Berlin, Germany, 1994.
View at: Google Scholar
K. Nyberg, “Perfect nonlinear S-boxes,” in Advances in Cryptology—EUROCRYPT '91, D. W. Davies, Ed., vol. 547 of Lecture Notes in Computer Science, pp. 378–386, Springer, Berlin, Germany, 1991.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
P. Sarkar and S. Maitra, “Construction of nonlinear Boolean functions with important cryptographic properties,” in Advances in Cryptology—EUROCRYPT 2000, B. Preneel, Ed., vol. 1807 of Lecture Notes in Computer Science, pp. 485–506, Springer, Berlin, Germany, 2000.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
J. Seberry, X.-M. Zhang, and Y. L. Zheng, “Nonlinearity and propagation characteristics of balanced Boolean functions,” Information and Computation, vol. 119, no. 1, pp. 1–13, 1995.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
W. Millan, “How to improve the nonlinearity of bijective S-boxes,” in Information Security and Privacy, C. Boyd and E. Dawson, Eds., vol. 1438 of Lecture Notes in Computer Science, pp. 181–192, Springer, Berlin, Germany, 1998.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
W. Millan, L. Burnet, G. Carter, A. Clark, and E. Dawson, “Evolutionary heuristics for finding cryptographically strong S-boxes,” in Information and Communication Security, V. Varadharajan and Y. Mu, Eds., vol. 1726 of Lecture Notes in Computer Science, pp. 263–274, Springer, Berlin, Germany, 1999.
View at: Google Scholar
J. Detombe and S. Tavares, “Constructing large cryptographically strong S-boxes,” in Advances in Cryptology—AUSCRYPT '92, J. Seberry and Y. Zheng, Eds., vol. 718 of Lecture Notes in Computer Science, pp. 165–181, Springer, Berlin, Germany, 1993.
View at: Google Scholar
C. Carlet, “Two new classes of bent functions,” in Advances in Cryptology—EUROCRYPT '93, T. Helleseth, Ed., vol. 765 of Lecture Notes in Computer Science, pp. 77–101, Springer, Berlin, Germany, 1994.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
C. Carlet, “On the secondary constructions of resilient and bent functions,” in Coding, Cryptography and Combinatorics, vol. 23 of Progress in Computer Science and Applied Logic, pp. 3–28, Birkhäuser, Basel, Switzerland, 2004.
View at: Google Scholar | Zentralblatt MATH | MathSciNet
C. Carlet, “On bent and highly nonlinear balanced/resilient functions and their algebraic immunities,” in Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, M. Fossorier, H. Imai, S. Lin, and A. Poli, Eds., vol. 3857 of Lecture Notes in Computer Science, pp. 1–28, Springer, Berlin, Germany, 2006.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
C. Carlet, “Boolean functions for cryptography and error-correcting codes,” in Boolean Models and Methods in Mathematics, Computer Science, and Engineering, Y. Crama and P. Hammer, Eds., chapter 8, pp. 257–397, Cambridge University Press, New York, NY, USA, 2010.
View at: Google Scholar
C. Carlet and P. Guillot, “A characterization of binary bent functions,” Journal of Combinatorial Theory A, vol. 76, no. 2, pp. 328–335, 1996.
View at: Google Scholar
C. Carlet and J. L. Yucas, “Piecewise constructions of bent and almost optimal boolean functions,” Designs, Codes, and Cryptography, vol. 37, no. 3, pp. 449–464, 2005.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
D. K. Chang, “Binary bent sequences of order 64,” Utilitas Mathematica, vol. 52, pp. 141–151, 1997.
View at: Google Scholar | Zentralblatt MATH | MathSciNet
J.-J. Climent, F. J. Garćia, and V. Requena, “On the construction of bent functions of $n + 2$ variables from bent functions of n variables,” Advances in Mathematics of Communications, vol. 2, no. 4, pp. 421–431, 2008.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
T. W. Cusick and P. Stănică, Cryptographic Boolean Functions and Applications, Academic Press, San Diego, Calif, USA, 2009.
View at: MathSciNet
J. F. Dillon, Elementary hadamard difference sets [Ph.D. thesis], University of Maryland, College Park, Md, USA, 1974.
View at: MathSciNet
H. Dobbertin, “Construction of bent functions and balanced Boolean functions with high nonlinearity,” in Fast Sofware Encription, B. Preneel, Ed., vol. 1008 of Lecture Notes in Computer Science, pp. 61–74, Springer, Berlin, Germany, 1995.
View at: Google Scholar
H. Dobbertin and G. Leander, “Cryptographer's toolkit for construction of 8-bit bent functions,” Cryptology ePrint Archive 2005/089, 2005, http://eprint.iacr.org/.
View at: Google Scholar
J. Fuller, E. Dawson, and W. Millan, “Evolutionary generation of bent functions for cryptography,” in Proceedings of the IEEE Congress on Evolutionary Computation, vol. 2, pp. 1655–1661, December 2003.
View at: Publisher Site | Google Scholar
X.-D. Hou and P. Langevin, “Results on bent functions,” Journal of Combinatorial Theory A, vol. 80, no. 2, pp. 232–246, 1997.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
P. V. Kumar, R. A. Scholtz, and L. R. Welch, “Generalized bent functions and their properties,” Journal of Combinatorial Theory A, vol. 40, no. 1, pp. 90–107, 1985.
View at: Google Scholar | Zentralblatt MATH | MathSciNet
W. Meier and O. Staffelbach, “Nonlinearity criteria for cryptographic functions,” in Advances in Cryptology—EUROCRYPT '89, J. J. Quisquater and J. Vandewalle, Eds., vol. 434 of Lecture Notes in Computer Science, pp. 549–562, Springer, Berlin, Germany, 1990.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
Q. Meng, H. Zhang, J. Cui, and M. Yang, “Almost enumeration of eight-variable bent functions,” Cryptology ePrint Archive 2005/100, 2005, http://eprint.iacr.org/.
View at: Google Scholar
B. Preneel, Analysis and design of cryptographic hash functions [Ph.D. thesis], Katholieke Universiteit Leuven, Leuven, Belgium, 1993.
J. Seberry and X. M. Zhang, “Constructions of bent functions from two known bent functions,” The Australasian Journal of Combinatorics, vol. 9, pp. 21–35, 1994.
View at: Google Scholar | Zentralblatt MATH | MathSciNet
N. Tokareva, “On the number of bent functions from iterative constructions: lower bounds and hypothesis,” Advances in Mathematics of Communications, vol. 5, no. 4, pp. 609–621, 2011.
View at: Publisher Site | Google Scholar | MathSciNet
N. Y. Yu and G. Gong, “Constructions of quadratic bent functions in polynomial forms,” IEEE Transactions on Information Theory, vol. 52, no. 7, pp. 3291–3299, 2006.
View at: Publisher Site | Google Scholar | MathSciNet
R. L. McFarland, “A family of difference sets in noncyclic groups,” Journal of Combinatorial Theory A, vol. 15, no. 1, pp. 1–10, 1973.
View at: Google Scholar | Zentralblatt MATH | MathSciNet
O. S. Rothaus, “On “bent” functions,” Journal of Combinatorial Theory A, vol. 20, no. 3, pp. 300–305, 1976.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
R. Yarlagadda and J. E. Hershey, “Analysis and synthesis of bent sequences,” IEE Proceedings E: Computers and Digital Techniques, vol. 136, no. 2, pp. 112–123, 1989.
View at: Google Scholar
C. Charnes, M. Rötteler, and T. Beth, “On homogeneous bent functions,” in Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, S. Boztaş and I. E. Shparlinski, Eds., vol. 2227 of Lecture Notes in Computer Science, pp. 249–259, Springer, Berlin, Germany, 2001.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
C. Charnes, M. Rötteler, and T. Beth, “Homogeneous bent functions, invariants, and designs,” Designs, Codes and Cryptography, vol. 26, no. 1–3, pp. 139–154, 2002.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
C. Qu, J. Seberry, and J. Pieprzyk, “On the symmetric property of homogeneous Boolean functions,” in Information Security and Privacy, J. Pieprzyk, R. Safavi-Naini, and J. Seberry, Eds., vol. 1587 of Lecture Notes in Computer Science, pp. 26–35, Springer, Berlin, Germany, 1999.
View at: Google Scholar
P. Langevin, “On generalized bent functions,” in Eurocode '92, vol. 339 of CISM Courses and Lectures, pp. 147–157, Springer, New York, NY, USA, 1992.
View at: Google Scholar | Zentralblatt MATH | MathSciNet
A. Canteaut and P. Charpin, “Decomposing bent functions,” IEEE Transactions on Information Theory, vol. 49, no. 8, pp. 2004–2019, 2003.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
P. Langevin and G. Leander, “Counting all bent functions in dimension eight,” in Proceedings of the International Workshop on Coding and Cryptography, Ullensvang, Norway, May 2009.
View at: Google Scholar
G. D. Cohen, M. G. Karpovsky, H. F. Mattson Jr., and J. R. Schatz, “Covering radius—survey and recent results,” IEEE Transactions on Information Theory, vol. 31, no. 3, pp. 328–343, 1985.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
J. Seberry, X.-M. Zhang, and Y. Zheng, “Systematic generation of cryptographically robust S-boxes (extended abstract),” in Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 171–182, Fairfax, Va, USA, November 1993.
View at: Google Scholar
A. Braeken, Y. Borissov, S. Nikova, and B. Preneel, “Classication of Boolean functions of 6 variables or less with respect to some cryptographic properties,” in Automata, Languages and Programming, L. Caires, G. F. Italiano, L. Monteiro, C. Palamidessi, and M. Yung, Eds., vol. 3580 of Lecture Notes in Computer Science, pp. 324–334, Springer, Berlin, Germany, 2005.
View at: Google Scholar
A. Canteaut, M. Daum, H. Dobbertin, and G. Leander, “Finding nonnormal bent functions,” Discrete Applied Mathematics, vol. 154, no. 2, pp. 202–218, 2006.
View at: Publisher Site | Google Scholar | Zentralblatt MATH | MathSciNet
M. Daum, H. Dobbertin, and G. Leander, “An algorithm for checking normality of Boolean functions,” in Proceedings of the International Workshop on Coding and Cryptography (WCC '03), pp. 133–142, March 2003.
View at: Google Scholar
S. A. Vanstone and P. C. van Oorschot, An Introduction to Error Correcting Codes with Applications, Kluwer Academic, Boston, Mass, USA, 1989.

Copyright

Copyright © 2014 Joan-Josep Climent et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

2590

Downloads

562

Citations