[Resource Topic] 2021/762: A wide class of Boolean functions generalizing the hidden weight bit function

Resource Secret-key cryptography
#1

Welcome to the resource topic for 2021/762

Title:
A wide class of Boolean functions generalizing the hidden weight bit function

Authors: Claude Carlet

Abstract:

Designing Boolean functions whose output can be computed with light means at high speed, and satisfying all the criteria necessary to resist all major attacks on the stream ciphers using them as nonlinear components, has been an open problem since the beginning of this century, when algebraic attacks were invented. Functions allowing good resistance are known since 2008, but their output is too complex to compute. Functions with fast and easy to compute output are known which have good algebraic immunity, such as majority functions and the so-called hidden weight bit (HWB) functions, but they all have the same cryptographic weakness: their too small nonlinearity. \In the present paper, we introduce a generalization of the HWB functions into a construction of n-variable balanced functions f from (n-1)-variable Boolean functions g having some property held by a large number of functions. Function f is defined by its support, equal to the image set of a vectorial function depending on g. This makes the function complex enough for allowing good cryptographic parameters, while its output is light to compute. The HWB function is what we obtain with f when the initial function g equals constant 1. Other well chosen functions g provide functions f having good cryptographic parameters. \We analyze the constructed functions f, we provide a fast way to compute their output, we determine their algebraic normal forms and we show that, most often, their algebraic degree is optimal. We study their Walsh transform and their nonlinearity and algebraic immunity. We observe with computer investigations that this generalization of the HWB function allows to keep its quality of being fast to compute and having good enough algebraic immunity, while significantly improving its nonlinearity. The functions already obtained in the investigations provide a quite good (and never reached before) trade-off between speed and security. Further (probably difficult) work should allow obtaining, among such generalized HWB functions whose number is huge, still better filter functions to be used in stream ciphers.

ePrint: https://eprint.iacr.org/2021/762

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .