Results 1  10
of
87
Propagation Characteristics of Boolean Functions
, 1990
"... The relation between the WalshHadamard transform and the autocorrelation function of Boolean functions is used to study propagation characteristics of these functions. The Strict Avalanche Criterion and the Perfect Nonlinearity Criterion are generalized in a Propagation Criterion of degree k. New p ..."
Abstract

Cited by 67 (2 self)
 Add to MetaCart
The relation between the WalshHadamard transform and the autocorrelation function of Boolean functions is used to study propagation characteristics of these functions. The Strict Avalanche Criterion and the Perfect Nonlinearity Criterion are generalized in a Propagation Criterion of degree k. New properties and constructions for Boolean bent functions are given and also the extension of the definition to odd values of n is discussed. New properties of functions satisfying higher order SAC are derived. Finally a general framework is established to classify functions according to their propagation characteristics if a number of bits is kept constant.
Feedback shift registers, 2adic span, and combiners with memory
 Journal of Cryptology
, 1997
"... Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presen ..."
Abstract

Cited by 50 (7 self)
 Add to MetaCart
Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presented, including a synthesis algorithm (analogous to the BerlekampMassey algorithm for LFSR’s) which, for any pseudorandom sequence, constructs the smallest FCSR which will generate the sequence. These techniques are used to attack the summation cipher. This analysis gives a unified approach to the study of pseudorandom sequences, arithmetic codes, combiners with memory, and the MarsagliaZaman random number generator. Possible variations on the FCSR architecture are indicated at the end. Index Terms – Binary sequence, shift register, stream cipher, combiner with memory, cryptanalysis, 2adic numbers, arithmetic code, 1/q sequence, linear span. 1
Nonlinearity bounds and constructions of resilient Boolean functions
 LNCS 1880, M. Bellare, Ed
, 2000
"... Abstract. In this paper we investigate the relationship between the nonlinearity and the order of resiliency of a Boolean function. We first prove a sharper version of McEliece theorem for ReedMuller codes as applied to resilient functions, which also generalizes the well known XiaoMassey characte ..."
Abstract

Cited by 30 (7 self)
 Add to MetaCart
Abstract. In this paper we investigate the relationship between the nonlinearity and the order of resiliency of a Boolean function. We first prove a sharper version of McEliece theorem for ReedMuller codes as applied to resilient functions, which also generalizes the well known XiaoMassey characterization. As a consequence, a nontrivial upper bound on the nonlinearity of resilient functions is obtained. This result coupled with Siegenthaler’s inequality leads to the notion of best possible tradeoff among the parameters: number of variables, order of resiliency, nonlinearity and algebraic degree. We further show that functions achieving the best possible tradeoff can be constructed by the MaioranaMcFarland like technique. Also we provide constructions of some previously unknown functions.
New Approaches to the Design of SelfSynchronizing Stream Ciphers
 EUROCRYPT'91
, 1991
"... Selfsynchronizing stream ciphers (SSSC) are a commonly used encryption technique for channels with low bit error rate but for which bit synchronization can present a problem. Most presently used such ciphers are based on a block cipher (e.g. DES) in 1bit cipher feedback mode. In this paper, severa ..."
Abstract

Cited by 28 (0 self)
 Add to MetaCart
Selfsynchronizing stream ciphers (SSSC) are a commonly used encryption technique for channels with low bit error rate but for which bit synchronization can present a problem. Most presently used such ciphers are based on a block cipher (e.g. DES) in 1bit cipher feedback mode. In this paper, several alternative design approaches for SSSCs are proposed that are superior to the design based on a block cipher with respect to encryption speed and potentially also with respect to security. A method for combining several SSSCs is presented that allows to prove that the combined SSSC is at least as secure as any of the component ciphers. The problem of designing SSSCs is contrasted with the problem of designing conventional synchronous additive stream ciphers and it is shown that different security criteria must be applied. Furthermore, an efficient algorithm is presented for finding a function of low degree that approximates a given Boolean function, if such an approximation exists. Its significance for the cryptographic security of SSSCs and its applications in coding theory are discussed.
Improved Differential Attacks on RC5
, 1996
"... . In this paper we investigate the strength of the secretkey algorithm RC5 newly proposed by Ron Rivest. The target version of RC5 works on words of 32 bits, has 12 rounds and a userselected key of 128 bits. At Crypto'95 Kaliski and Yin estimated the strength of RC5 by differential and linear cryp ..."
Abstract

Cited by 22 (3 self)
 Add to MetaCart
. In this paper we investigate the strength of the secretkey algorithm RC5 newly proposed by Ron Rivest. The target version of RC5 works on words of 32 bits, has 12 rounds and a userselected key of 128 bits. At Crypto'95 Kaliski and Yin estimated the strength of RC5 by differential and linear cryptanalysis. They conjectured that their linear analysis is optimal and that the use of 12 rounds for RC5 is sufficient to make both differential and linear cryptanalysis impractical. In this paper we show that the differential analysis made by Kaliski and Yin is not optimal. We give differential attacks better by up to a factor of 512. Also we show that RC5 has many weak keys with respect to differential attacks. This weakness relies on the structure of the cipher and not on the key schedule. Keywords. Cryptanalysis. Block Cipher. Differential cryptanalysis. Weak keys. 1 Introduction RC5 is a secretkey block cipher proposed by Ron Rivest [5]. RC5 has a variable word size, a variable number ...
Crosscorrelations of linearly and quadratically related geometric
 DISCRETE APPLIED MATHEMATICS
, 1993
"... In this paper we study the crosscorrelation function values of geometric sequences obtained from qary msequences whose underlying msequences are linearly or quadratically related. These values are determined by counting the points of intersection of pairs of hyperplanes or of hyperplanes and qua ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
In this paper we study the crosscorrelation function values of geometric sequences obtained from qary msequences whose underlying msequences are linearly or quadratically related. These values are determined by counting the points of intersection of pairs of hyperplanes or of hyperplanes and quadric hypersurfaces of a finite geometry. The results are applied to obtain the crosscorrelations of msequences and GMW sequences with different primitive polynomials.
On constructions and nonlinearity of correlation immune functions
 In Advances in Cryptology  EUROCRYPT'93
, 1994
"... Abstract. A Boolean function is said to be correlation immune if its output leaks no information about its input values. Such functions have many applications in computer security practices including the construction of key stream generators from a set of shift registers. Finding methods for easy co ..."
Abstract

Cited by 20 (10 self)
 Add to MetaCart
Abstract. A Boolean function is said to be correlation immune if its output leaks no information about its input values. Such functions have many applications in computer security practices including the construction of key stream generators from a set of shift registers. Finding methods for easy construction of correlation immune functions has been an active research area since the introduction of the notion by Siegenthaler. In this paper we study balanced correlation immune functions using the theory of Hadamard matrices. First we present a simple method for directly constructing balanced correlation immune functions of any order. Then we prove that our method generates exactly the same set of functions as that obtained using a method by Camion, Carlet, Charpin and Sendrier. Advantages of our method over Camion et al's include (1) it allows us to calculate the nonlinearity, which is a crucial criterion for cryptographically strong functions, of the functions obtained, and (2) it enables us to discuss the propagation characteristics of the functions. Two examples are given to illustrate our construction method. Finally, we investigate methods for obtaining new correlation immune functions from known correlation immune functions. These methods provide us with a new avenue towards understanding correlation immune functions. 1
Three Characterizations of Nonbinary CorrelationImmune and Resilient Functions
 Designs, Codes and Cryptography 5
, 1997
"... A function f(X 1 ; X 2 ; : : : ; Xn ) is said to be t thorder correlationimmune if the random variable Z = f(X 1 ; X 2 ; : : : ; Xn ) is independent of every set of t random variables chosen from the independent equiprobable random variables X 1 ; X 2 ; : : : ; Xn . Additionally, if all possible o ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
A function f(X 1 ; X 2 ; : : : ; Xn ) is said to be t thorder correlationimmune if the random variable Z = f(X 1 ; X 2 ; : : : ; Xn ) is independent of every set of t random variables chosen from the independent equiprobable random variables X 1 ; X 2 ; : : : ; Xn . Additionally, if all possible outputs are equally likely, then f is called a t \Gamma resilient function. In this paper, we provide three different characterizations of t thorder correlation immune functions and resilient functions where the random variable is over GF (q). The first is in terms of the structure of a certain associated matrix. The second characterization involves Fourier transforms. The third characterization establishes the equivalence of resilient functions and large sets of orthogonal arrays. keywords: Correlationimmune functions, resilient functions, stream ciphers, Fourier transforms, orthogonal arrays. 1 Definitions Let GF (q) denote the Galois Field with q elements, where q = p a is a prime po...
Orthogonal Arrays, Resilient Functions, Error Correcting Codes and Linear Programming Bounds
, 1995
"... Orthogonal arrays (OAs) are basic combinatorial structures, which appear under various disguises in cryptology and the theory of algorithms. Among their applications are universal hashing, authentication codes, resilient and correlationimmune functions, derandomization of algorithms, and perfect l ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
Orthogonal arrays (OAs) are basic combinatorial structures, which appear under various disguises in cryptology and the theory of algorithms. Among their applications are universal hashing, authentication codes, resilient and correlationimmune functions, derandomization of algorithms, and perfect local randomizers. In this paper, we give new explicit bounds on the size of orthogonal arrays using Delsarte's linear programming method. Specifically we prove that the minimum number of rows in a binary orthogonal array of length n and strength t is at least 2 n \Gamma (n2 n\Gamma1 =t + 1) and also at least 2 n \Gamma (2 n\Gamma2 (n + 1)=d t+1 2 e): We also prove that th...
2adic shift registers
 In Fast Software Encryption  FSE’93, v. 809 of Lecture Notes in Computer Science
, 1993
"... Pseudorandom sequences, with a variety of statistical properties (such as high linear span, low autocorrelation and pairwise crosscorrelation values, and high pairwise hamming distance) are important in many areas of communications and computing (such as cryptography, spread spectrum communications ..."
Abstract

Cited by 18 (5 self)
 Add to MetaCart
Pseudorandom sequences, with a variety of statistical properties (such as high linear span, low autocorrelation and pairwise crosscorrelation values, and high pairwise hamming distance) are important in many areas of communications and computing (such as cryptography, spread spectrum communications, error correcting codes, and Monte Carlo integration). Binary sequences~ such as msequences, more general nonlinear feedback shift register sequences, and summation combiner sequences, have been widely studied by many researchers. Linear feedback shift register hardware can be used to relate certain of these sequences (such as msequences) to error correcting codes (such as first order ReedMuller codes). In this paper a new type of feedback register, feedback with carry shift registers (or FCSRs), will be presented. These relatively simple devices can be used to relate summation combiner sequences, arithmetic codes, and 1/q sequences. We describe an algebraic framework, based on algebra over the 2adic numbers, in which the sequences generated by FCSRs can be analyzed, in much the same way that algebra over finite fields can be used to analyze LFSR sequences. As a consequence of this analysis, we present a method for cracking the summation combiner [9] which has been suggested for generating cryptographicaily secure binary sequences. In general,