-
On the algebraic degree stability of vectorial Boolean functions when restricted to affine subspaces
Authors:
Claude Carlet,
Serge Feukoua,
Ana Salagean
Abstract:
We study the behaviour of the algebraic degree of vectorial Boolean functions when their inputs are restricted to an affine subspace of their domain. Functions which maintain their degree on all subspaces of as high a codimension as possible are particularly interesting for cryptographic applications.
For functions which are power functions $x^d$ in their univariate representation, we fully char…
▽ More
We study the behaviour of the algebraic degree of vectorial Boolean functions when their inputs are restricted to an affine subspace of their domain. Functions which maintain their degree on all subspaces of as high a codimension as possible are particularly interesting for cryptographic applications.
For functions which are power functions $x^d$ in their univariate representation, we fully characterize the exponents $d$ for which the algebraic degree of the function stays unchanged when the input is restricted to spaces of codimension 1 or 2. For codimensions $k\ge 3$, we give a sufficient condition for the algebraic degree to stay unchanged. We apply these results to the multiplicative inverse function, as well as to the Kasami functions. We define an optimality notion regarding the stability of the degree on subspaces, and determine a number of optimal functions, including the multiplicative inverse function and the quadratic APN functions.
We also give an explicit formula for counting the functions that keep their algebraic degree unchanged when restricted to hyperplanes.
△ Less
Submitted 4 April, 2025;
originally announced April 2025.
-
The stability of the algebraic degree of Boolean functions when restricted to affine spaces
Authors:
Claude Carlet,
Serge Feukoua,
Ana Sălăgean
Abstract:
We study the $n$-variable Boolean functions which keep their algebraic degree unchanged when they are restricted to any (affine) hyperplane, or more generally to any affine space of a given co-dimension $k$. For cryptographic applications it is of interest to determine functions $f$ which have a relatively high degree and also maintain this degree when restricted to affine spaces of co-dimension…
▽ More
We study the $n$-variable Boolean functions which keep their algebraic degree unchanged when they are restricted to any (affine) hyperplane, or more generally to any affine space of a given co-dimension $k$. For cryptographic applications it is of interest to determine functions $f$ which have a relatively high degree and also maintain this degree when restricted to affine spaces of co-dimension $k$ for $k$ ranging from 1 to as high a value as possible. This highest value will be called the restriction degree stability of $f$, denoted by $\rm deg\_stab(f)$. We give several necessary and/or sufficient conditions for $f$ to maintain its degree on spaces of co-dimension $k$; we show that this property is related to the property of having ``fast points'' as well as to other properties and parameters. The value of $\rm deg\_stab(f)$ is determined for functions of degrees $r\in \{1,2,n-2,n-1,n\}$ and for functions which are direct sums of monomials; we also determine the symmetric functions which maintain their degree on any hyperplane. Furthermore, we give an explicit formula for the number of functions which maintain their degree on all hyperplanes. Finally, using our previous results and some computer assistance, we determine the behaviour of all the functions in 8 variables, therefore determining the optimal ones (i.e. with highest value of $\rm deg\_stab(f)$) for each degree.
△ Less
Submitted 30 September, 2024;
originally announced September 2024.
-
More on the sum-freedom of the multiplicative inverse function
Authors:
Claude Carlet,
Xiang-dong Hou
Abstract:
In two papers entitled ``Two generalizations of almost perfect nonlinearity" and ``On the vector subspaces of $\mathbb F_{2^n}$ over which the multiplicative inverse function sums to zero", the first author has introduced and studied the notion of sum-freedom of vectorial functions, which expresses that a function sums to nonzero values over all affine subspaces of $\Bbb F_{2^n}$ of a given dimens…
▽ More
In two papers entitled ``Two generalizations of almost perfect nonlinearity" and ``On the vector subspaces of $\mathbb F_{2^n}$ over which the multiplicative inverse function sums to zero", the first author has introduced and studied the notion of sum-freedom of vectorial functions, which expresses that a function sums to nonzero values over all affine subspaces of $\Bbb F_{2^n}$ of a given dimension $k\geq 2$, and he then focused on the $k$th order sum-freedom of the multiplicative inverse function $x\in \Bbb F_{2^n}\mapsto x^{2^n-2}$. Some general results were given for this function (in particular, the case of affine spaces that do not contain 0 was solved positively), and the cases of $k\in \{3,n-3\}$ and of $k$ not co-prime with $n$ were solved as well (negatively); but the cases of those linear subspaces of dimension $k\in [\![ 4;n-4]\!]$, co-prime with $n$, were left open. The present paper is a continuation of the previous work. After studying, from two different angles, the particular case of those linear subspaces that are stable under the Frobenius automorphism, we deduce from the second approach that, for $k$ small enough (approximately, $3\le k\leq n/10$), the multiplicative inverse function is not $k$th order sum-free. Finally, we extend a result previously obtained in the second paper mentioned above, and we deduce in particular that, for any even $n$ and every $2\leq k\leq n-2$, the multiplicative inverse function is not $k$th order sum-free.
△ Less
Submitted 19 July, 2024;
originally announced July 2024.
-
Evolutionary Strategies for the Design of Binary Linear Codes
Authors:
Claude Carlet,
Luca Mariot,
Luca Manzoni,
Stjepan Picek
Abstract:
The design of binary error-correcting codes is a challenging optimization problem with several applications in telecommunications and storage, which has also been addressed with metaheuristic techniques and evolutionary algorithms. Still, all these efforts focused on optimizing the minimum distance of unrestricted binary codes, i.e., with no constraints on their linearity, which is a desirable pro…
▽ More
The design of binary error-correcting codes is a challenging optimization problem with several applications in telecommunications and storage, which has also been addressed with metaheuristic techniques and evolutionary algorithms. Still, all these efforts focused on optimizing the minimum distance of unrestricted binary codes, i.e., with no constraints on their linearity, which is a desirable property for efficient implementations. In this paper, we present an Evolutionary Strategy (ES) algorithm that explores only the subset of linear codes of a fixed length and dimension. To that end, we represent the candidate solutions as binary matrices and devise variation operators that preserve their ranks. Our experiments show that up to length $n=14$, our ES always converges to an optimal solution with a full success rate, and the evolved codes are all inequivalent to the Best-Known Linear Code (BKLC) given by MAGMA. On the other hand, for larger lengths, both the success rate of the ES as well as the diversity of the evolved codes start to drop, with the extreme case of $(16,8,5)$ codes which all turn out to be equivalent to MAGMA's BKLC.
△ Less
Submitted 21 November, 2022;
originally announced November 2022.
-
On the Walsh and Fourier-Hadamard Supports of Boolean Functions From a Quantum Viewpoint
Authors:
Claude Carlet,
Ulises Pastor-Díaz,
José María Tornero
Abstract:
In this paper, we focus on the links between Boolean function theory and quantum computing. In particular, we study the notion of what we call fully-balanced functions and analyse the Fourier--Hadamard and Walsh supports of those functions having such property. We study the Walsh and Fourier supports of other relevant classes of functions, using what we call balancing sets. This leads us to revisi…
▽ More
In this paper, we focus on the links between Boolean function theory and quantum computing. In particular, we study the notion of what we call fully-balanced functions and analyse the Fourier--Hadamard and Walsh supports of those functions having such property. We study the Walsh and Fourier supports of other relevant classes of functions, using what we call balancing sets. This leads us to revisit and complete certain classic results and to propose new ones.
We complete our study by extending the previous results to pseudo-Boolean functions (in relation to vectorial functions) and giving an insight on its applications in the analysis of the possibilities that a certain family of quantum algorithms can offer.
△ Less
Submitted 6 May, 2024; v1 submitted 18 May, 2022;
originally announced May 2022.
-
Simplicity conditions for binary orthogonal arrays
Authors:
Claude Carlet,
Rebeka Kiss,
Gábor P. Nagy
Abstract:
It is known that correlation-immune (CI) Boolean functions used in the framework of side-channel attacks need to have low Hamming weights. The supports of CI functions are (equivalently) simple orthogonal arrays when their elements are written as rows of an array. The minimum Hamming weight of a CI function is then the same as the minimum number of rows in a simple orthogonal array. In this paper,…
▽ More
It is known that correlation-immune (CI) Boolean functions used in the framework of side-channel attacks need to have low Hamming weights. The supports of CI functions are (equivalently) simple orthogonal arrays when their elements are written as rows of an array. The minimum Hamming weight of a CI function is then the same as the minimum number of rows in a simple orthogonal array. In this paper, we use Rao's Bound to give a sufficient condition on the number of rows, for a binary orthogonal array (OA) to be simple. We apply this result for determining the minimum number of rows in all simple binary orthogonal arrays of strengths 2 and 3; we show that this minimum is the same in such case as for all OA, and we extend this observation to some OA of strengths $4$ and $5$. This allows us to reply positively, in the case of strengths 2 and 3, to a question raised by the first author and X. Chen on the monotonicity of the minimum Hamming weight of 2-CI Boolean functions, and to partially reply positively to the same question in the case of strengths 4 and 5.
△ Less
Submitted 9 September, 2022; v1 submitted 2 April, 2022;
originally announced April 2022.
-
Gold Functions and Switched Cube Functions Are Not 0-Extendable in Dimension $n > 5$
Authors:
Christof Beierle,
Claude Carlet
Abstract:
In the independent works by Kalgin and Idrisova and by Beierle, Leander and Perrin, it was observed that the Gold APN functions over $\mathbb{F}_{2^5}$ give rise to a quadratic APN function in dimension 6 having maximum possible linearity of $2^5$ (that is, minimum possible nonlinearity $2^4$). In this article, we show that the case of $n \leq 5$ is quite special in the sense that Gold APN functio…
▽ More
In the independent works by Kalgin and Idrisova and by Beierle, Leander and Perrin, it was observed that the Gold APN functions over $\mathbb{F}_{2^5}$ give rise to a quadratic APN function in dimension 6 having maximum possible linearity of $2^5$ (that is, minimum possible nonlinearity $2^4$). In this article, we show that the case of $n \leq 5$ is quite special in the sense that Gold APN functions in dimension $n>5$ cannot be extended to quadratic APN functions in dimension $n+1$ having maximum possible linearity. In the second part of this work, we show that this is also the case for APN functions of the form $x \mapsto x^3 + μ(x)$ with $μ$ being a quadratic Boolean function.
△ Less
Submitted 28 September, 2022; v1 submitted 25 January, 2022;
originally announced January 2022.
-
Quadratic Zero-Difference Balanced Functions, APN Functions and Strongly Regular Graphs
Authors:
Claude Carlet,
Guang Gong,
Yin Tan
Abstract:
Let $F$ be a function from $\mathbb{F}_{p^n}$ to itself and $δ$ a positive integer. $F$ is called zero-difference $δ$-balanced if the equation $F(x+a)-F(x)=0$ has exactly $δ$ solutions for all non-zero $a\in\mathbb{F}_{p^n}$. As a particular case, all known quadratic planar functions are zero-difference 1-balanced; and some quadratic APN functions over $\mathbb{F}_{2^n}$ are zero-difference 2-bala…
▽ More
Let $F$ be a function from $\mathbb{F}_{p^n}$ to itself and $δ$ a positive integer. $F$ is called zero-difference $δ$-balanced if the equation $F(x+a)-F(x)=0$ has exactly $δ$ solutions for all non-zero $a\in\mathbb{F}_{p^n}$. As a particular case, all known quadratic planar functions are zero-difference 1-balanced; and some quadratic APN functions over $\mathbb{F}_{2^n}$ are zero-difference 2-balanced. In this paper, we study the relationship between this notion and differential uniformity; we show that all quadratic zero-difference $δ$-balanced functions are differentially $δ$-uniform and we investigate in particular such functions with the form $F=G(x^d)$, where $\gcd(d,p^n-1)=δ+1$ and where the restriction of $G$ to the set of all non-zero $(δ+1)$-th powers in $\mathbb{F}_{p^n}$ is an injection. We introduce new families of zero-difference $p^t$-balanced functions. More interestingly, we show that the image set of such functions is a regular partial difference set, and hence yields strongly regular graphs; this generalizes the constructions of strongly regular graphs using planar functions by Weng et al. Using recently discovered quadratic APN functions on $\mathbb{F}_{2^8}$, we obtain $15$ new $(256, 85, 24, 30)$ negative Latin square type strongly regular graphs.
△ Less
Submitted 31 October, 2014; v1 submitted 10 October, 2014;
originally announced October 2014.
-
Higher-order CIS codes
Authors:
Claude Carlet,
Finley Freibert,
Sylvain Guilley,
Michael Kiermaier,
Jon-Lark Kim,
Patrick Solé
Abstract:
We introduce {\bf complementary information set codes} of higher-order. A binary linear code of length $tk$ and dimension $k$ is called a complementary information set code of order $t$ ($t$-CIS code for short) if it has $t$ pairwise disjoint information sets. The duals of such codes permit to reduce the cost of masking cryptographic algorithms against side-channel attacks. As in the case of codes…
▽ More
We introduce {\bf complementary information set codes} of higher-order. A binary linear code of length $tk$ and dimension $k$ is called a complementary information set code of order $t$ ($t$-CIS code for short) if it has $t$ pairwise disjoint information sets. The duals of such codes permit to reduce the cost of masking cryptographic algorithms against side-channel attacks. As in the case of codes for error correction, given the length and the dimension of a $t$-CIS code, we look for the highest possible minimum distance. In this paper, this new class of codes is investigated. The existence of good long CIS codes of order $3$ is derived by a counting argument. General constructions based on cyclic and quasi-cyclic codes and on the building up construction are given. A formula similar to a mass formula is given. A classification of 3-CIS codes of length $\le 12$ is given. Nonlinear codes better than linear codes are derived by taking binary images of $\Z_4$-codes. A general algorithm based on Edmonds' basis packing algorithm from matroid theory is developed with the following property: given a binary linear code of rate $1/t$ it either provides $t$ disjoint information sets or proves that the code is not $t$-CIS. Using this algorithm, all optimal or best known $[tk, k]$ codes where $t=3, 4, \dots, 256$ and $1 \le k \le \lfloor 256/t \rfloor$ are shown to be $t$-CIS for all such $k$ and $t$, except for $t=3$ with $k=44$ and $t=4$ with $k=37$.
△ Less
Submitted 17 June, 2014;
originally announced June 2014.
-
New Classes of Almost Bent and Almost Perfect Nonlinear Polynomials
Authors:
Lilya Budaghyan,
Claude Carlet,
Alexander Pott
Abstract:
We construct infinite classes of almost bent and almost perfect nonlinear polynomials, which are affinely inequivalent to any sum of a power function and an affine function.
We construct infinite classes of almost bent and almost perfect nonlinear polynomials, which are affinely inequivalent to any sum of a power function and an affine function.
△ Less
Submitted 29 June, 2005;
originally announced June 2005.
