Algebraic immunity for cryptographically significant Boolean functions: analysis and construction

Recently algebraic attack has received a lot of attention in cryptographic literature. It has been observed that a Boolean function f, interpreted as a multivariate polynomial over GF(2), should not have low degree multiples when used as a cryptographic primitive. In this paper we show that high nonlinearity is a necessary condition to resist algebraic attack and explain how the Walsh spectra values are related to the algebraic immunity (resistance against algebraic attack) of a Boolean function. Next we present enumeration results on linearly independent annihilators. We also study certain classes of highly nonlinear resilient Boolean functions for their algebraic immunity.

Algebraic attack has recently become an important tool in cryptanalysing different stream and block cipher systems. A Boolean function, when used in some cryptosystem, should be designed properly to resist this kind of attack. The cryptographic property of a Boolean function, that resists algebraic attack, is known as Algebraic Immunity ($\mathcal{AI}$). So far, the attempt in designing Boolean functions with required algebraic immunity was only ad-hoc, i.e., the functions were designed keeping in mind the other cryptographic criteria, and then it has been checked whether it can provide good algebraic immunity too. For the first time, in this paper, we present a construction method to generate Boolean functions on n variables with highest possible algebraic immunity ⌈n / 2⌉ . Such a function can be used in conjunction with (using direct sum) functions having other cryptographic properties. In a different direction we identify that functions, having low degree subfunctions, are weak in terms of algebraic immunity and analyse some existing constructions from this viewpoint.

Boolean functions used in stream ciphers against algebraic attacks are required to have a necessary cryptographic property-high algebraic immunity (AI). In this paper, Boolean functions of even variables with the maximum AI are investigated. The number of independent annihilators at the lowest degree of Boolean functions of even variables with the maximum AI is determined. It is shown that when n is even, one can get an (n + 1)-variable Boolean function with the maximum AI from two n-variable Boolean functions with the maximum AI only if the Hamming weights of the two functions satisfy the given conditions. The nonlinearity of the Boolean functions obtained in this way is computed. Similarly, one can get an (n + 2)-variable Boolean function with the maximum AI from four n-variable Boolean functions with the maximum AI. The nonlinearity of a class of Boolean functions with the maximum AI is determined such that their Hamming weights are either the maximum or the minimum.

We observe a property on Boolean functions which explains how work some secondary constructions recently obtained for Boolean bent functions. It leads to a generalization and to a unification of these constructions. It also permits to design highly nonlinear resilient functions from known ones. This construction does not increase the number of variables, contrary to the known general secondary constructions, and it permits to improve some cryptographic characters of the functions (e.g. their algebraic immunity) while keeping good the other characteristics

When designing filter functions in Linear Feedback Shift Registers (LFSR) based stream ciphers, algebraic criteria of Boolean functions such as the Algebraic Immunity (AI) become key characteristics because they guarantee the security of ciphers against the powerful algebraic attacks. In this article, we abstract the algebraic attacks proposed by Courtois and Meier on filtered LFSR twenty years ago, considering how the standard algebraic attack can be generalized beyond filtered LFSR to stream ciphers that employ a Boolean filter function to an updated state. Depending on the updating process, we use different sets of annihilators than those used in the standard algebraic attack; it leads to a generalization of the concept of algebraic immunity, and in some particular cases, potentially more efficient attacks. Motivated by the filter permutator paradigm, we focus on the case where the update function is a bit-permutation, since it maintains the degree of the monomials. For example the degree of the monomials of degree up to d and from n − d to n remains invariant, which leads us to consider annihilators having only monomials of these degrees. If this number of monomials is sufficiently low, linearization is feasible, allowing the linear system to be solved and revealing the key, as in the standard algebraic attack. This particular characteristic is restricted by the standard algebraic attacks and to analyze it we introduce a new notion called Extremal Algebraic Immunity (EAI). We perform a theoretic study of the EAI criterion and explore its relation to other algebraic criteria. We prove the upper bound of the EAI of an n -variable Boolean function and further show that the EAI can be lower bounded by the AI restricted to a subset, as defined by Carlet, Méaux and Rotella at FSE 2017. We also exhibit functions with EAI guaranteed to be lower than the AI, in particular we highlight a pathological case of functions with optimal algebraic immunity and EAI only n / 4 . As applications, we determine the EAI of filter functions of some existing stream ciphers and discuss how extremal algebraic attacks using EAI could apply to variations of known ciphers. The extremal algebraic attack does not give a better complexity than Courtois and Meier's result on the existing stream ciphers. However, we see this work as a study to avoid weaknesses in the construction of future stream ciphers.

Because of the recent algebraic attacks, a high algebraic immunity is now an absolutely necessary property for Boolean functions used in stream ciphers. For a n-variable Boolean function f, the algebraic immunity AI(f) is no more than n/2. If AI(f) equals n/2, the immune of f resisting algebraic attack is optimal. In this paper, focusing on algebraic normal form and the construction requirements of Boolean function, the conditions that Boolean function f does not exists annihator with deg(f)?Tm are analysed. The sufficient conditions that Boolean function f reaches the maximum algebraic immunity are obtainediDTherefore a new class of Boolean functions with optimal algebraic immunity are constructed, and the balanceness and count of the constructed functions are discussed.

Since 2003, algebraic attacks have received a lot of attention in the cryptography literature. In this context, algebraic immunity quantifies the resistance of a Boolean function to the standard algebraic attack of the pseudo-random generators using it as a nonlinear Boolean function. A high value of algebraic immunity is now an absolutely necessary cryptographic criterion for a resistance to algebraic attacks but is not sufficient, because of more general kinds of attacks so-called Fast Algebraic Attacks. In view of these attacks, the study of the set of annihilators of a Boolean function has become very important. We show that studying the annihilators of a Boolean function can be translated into studying the codewords of a linear code. We then explain how to exploit that connection to evaluate or estimate the algebraic immunity of a cryptographic function. Direct links between the theory of annihilators used in algebraic attacks and coding theory are established using an atypical univariate approach.

Algebraic immunity (AI) measures the resistance of a Boolean function f against algebraic attack. Extended algebraic immunity (EAI) extends the concept of algebraic immunity, whose point is that a Boolean function f may be replaced by another Boolean function f c called the algebraic complement of f. In this paper, we study the relation between different properties (such as weight, nonlinearity, etc.) of Boolean function f and its algebraic complement f c . For example, the relation between annihilator sets of f and f c provides a faster way to find their annihilators than previous report. Next, we present a necessary condition for Boolean functions to be of the maximum possible extended algebraic immunity. We also analyze some Boolean functions with maximum possible algebraic immunity constructed by known existing construction methods for their extended algebraic immunity.

In this paper, we put forward an efficient method to study the symmetric Boolean functions with high algebraic immunity on even number of variables. We obtain some powerful necessary conditions for symmetric Boolean functions to achieve high algebraic immunity by studying the weight support of some specific types of Boolean functions of low degrees. With these results, we prove that the algebraic immunity of a large class of symmetric correlation immune Boolean functions, namely the symmetric palindromic functions, is not high. Besides, we construct all symmetric Boolean functions with maximum algebraic immunity and give a description for those with submaximum algebraic immunity. We also determine the Hamming weight, degrees and nonlinearity of the symmetric Boolean functions with maximum algebraic immunity.

In the past few years, algebraic attacks against stream ciphers with linear feedback function have been significantly improved. As a response to the new attacks, the notion of algebraic immunity of a Boolean function f was introduced, defined as the minimum degree of the annihilators of f and f + 1. An annihilator of f is a nonzero Boolean function g, such that fg = 0. There is an increasing interest in construction of Boolean functions that possess optimal algebraic immunity, combined with other characteristics, like balancedness, high nonlinearity, and high algebraic degree. In this paper, we investigate a recently proposed infinite class of balanced Boolean functions with optimal algebraic immunity, optimum algebraic degree and much better nonlinearity than all the previously introduced classes of Boolean functions with maximal algebraic immunity. More precisely, we study the resistance of the functions against one of the new algebraic attacks, namely the fast algebraic attacks (FAAs). Using the special characteristics of the family members, we introduce an efficient method for the evaluation of their behavior against these attacks. The new algorithm is based on the well studied Berlekamp---Massey algorithm.

Algebraic immunity AI(f) defined for a boolean function f measures the resistance of the function against algebraic attacks. Currently known algorithms for computing the optimal annihilator of f and AI(f) are inefficient. This work consists of two parts. In the first part, we extend the concept of algebraic immunity. In particular, we argue that a function f may be replaced by another boolean function f c called the algebraic complement of f. This motivates us to examine AI(f c). We define the extended algebraic immunity of f as AI *(f)= min {AI(f), AI(f c)}. We prove that 0≤AI(f)–AI *(f)≤1. Since AI(f)–AI *(f)= 1 holds for a large number of cases, the difference between AI(f) and AI *(f) cannot be ignored in algebraic attacks. In the second part, we link boolean functions to hypergraphs so that we can apply known results in hypergraph theory to boolean functions. This not only allows us to find annihilators in a fast and simple way but also provides a good estimation of the upper bound on AI *(f).KeywordsAlgebraic AttacksAlgebraic ImmunityHypergraph TheoryGreedy Algorithm

Algebraic Immunity has been considered as one of significant properties for Boolean functions, and possessing maximum algebraic immunity (MAI) is a necessary criteria for Boolean functions used in stream ciphers against algebraic attacks. However, for a given number of variables, the accurate number of Boolean functions with MAI is not known, and the best known bound on the number also seems weak. In this paper, we investigate the enumeration of Boolean functions with MAI, and provide a new lower bound on the number of even-variable Boolean functions with MAI, this lower bound is better than the previous ones.

Using the derivative of the Boolean function and the e-derivative defined by ourselves as research tools, we study the Effects of e-derivative on algebraic immunity, correlation immunity and algebraic degree of H Boolean functions with the Hamming weight . We get some theorems which relevance together algebraic immunity, annihilators, correlation immunity and algebraic degree of H Boolean functions by the e-derivative. Besides, we also get the results that algebraic immunity, correlation immunity and algebraic degree of Boolean functions can be linked together by the e-derivative of H Boolean functions.

Recently, algebraic attacks becomes a major attack method to threat to cryptography security. In order to resist algebraic attacks, algebraic immunity as a Boolean function cryptographic property has been put out. This makes that Boolean functions should have high algebraic immunity to resist algebraic attacks. In this paper, a specific decomposition method of the space is proposed. By the method, we construct a class of odd number of variables Boolean functions with optimal algebraic immunity.

To resist algebraic attacks, Boolean functions should possess high algebraic immunity. In 2003, Courtois and Meier showed that the algebraic immunity of an n-variable Boolean function is upper bounded by /spl lceil/n/2/spl rceil/. And then several papers studied how to find symmetric Boolean functions with maximum algebraic immunity. In this correspondence, we prove that for each odd n, there is exactly one trivially balanced n-variable symmetric Boolean function achieving the maximum algebraic immunity.