Claude Carlet

Claude Carlet, Palash Sarkar

The nonlinear filter model is an old and well understood approach to the design of secure stream ciphers. Extensive research over several decades has shown how to attack stream ciphers based on this model and has identified the required security properties of the Boolean function used as the filtering function to resist such attacks. This led to the problem of constructing Boolean functions which provide adequate security \textit{and} at the same time are efficient to implement. Unfortunately, over the last two decades no fully satisfactory solutions to this problem appeared in the literature. The lack of good solutions has effectively led to the nonlinear filter model becoming more or less obsolete. This is a big loss to the cryptographic design toolkit, since the great advantages of the nonlinear filter model are its simplicity, well understood security and the potential to provide low cost solutions for hardware oriented stream ciphers. In this paper, we revive the nonlinear filter model by constructing appropriate Boolean functions which provide required security and are also efficient to implement. We put forward concrete suggestions of stream ciphers which are $κ$-bit secure against known types of attacks for $κ=80$, 128, 160, 192, 224 and 256. For the 80-bit and the 128-bit security levels, the gate count estimates of our proposals compare quite well to the famous ciphers Trivium and Grain-128a respectively, while for the 256-bit security level, we do not know of any other stream cipher design which has such a low gate count.

Claude Carlet, Marko Čupić, Marko Ðurasevic et al.

Monotone Boolean functions are a structurally important class of Boolean functions, but their restricted form imposes strong limitations on achievable nonlinearity. In this paper, we investigate whether evolutionary computation can evolve monotone Boolean functions with high nonlinearity, both in the balanced and imbalanced settings. We consider three solution encodings: the standard truth table representation, a balanced truth table encoding that preserves Hamming weight, and a symbolic tree-based genetic programming representation. To guide the search toward monotone increasing functions, we introduce a non-monotonicity penalty and combine it with fitness functions targeting balancedness and nonlinearity. Experimental results are reported for dimensions from $n=5$ to $n=14$. The results show that evolutionary search can discover monotone Boolean functions with nonlinearities clearly exceeding those of majority functions, and in several cases approaching the best currently known values for monotone functions. At the same time, the experiments reveal substantial differences between encodings: the balanced truth table encoding performs poorly for larger dimensions, while the standard truth table and genetic programming encodings remain competitive, with genetic programming becoming especially relevant in the largest tested dimensions.

Claude Carlet, and Alexander Kholosha

Much work has been devoted to bent functions in odd characteristic, but there still remains a gap between our knowledge of binary and nonbinary bent functions. In the first part of this paper, we attempt to partially bridge this gap by generalizing to any characteristic important properties known in characteristic two concerning the Walsh transform of derivatives of bent functions. Some of these properties generalize to all bent functions, while others appear to apply only to weakly regular bent functions. We deduce a method to obtain a bent function by adding a quadratic function to a weakly regular bent function. We also identify a particular class of bent functions possessing the property that every first-order derivative in a nonzero direction has a derivative (which is then a second-order derivative of the function) equal to a nonzero constant. We show that this property implies bentness and is shared in particular by all cubic bent functions. This generalizes to the odd characteristic the notion of cubic-like bent function, that was introduced and studied for binary functions by Irene Villa and the first author. In the second part of the paper, we provide (for the first time) a primary construction leading to an infinite class of cubic ternary vectorial bent functions that have only not weakly regular components. We show the bentness of the component functions by two approaches: by calculating the Walsh transform directly and by considering the second-order derivatives (and applying the results from the first part of the paper). We prove that they are not weakly regular by showing they do not have one of the properties that we proved in the first part of the paper for weakly regular bent functions.

Claude Carlet, Marko Djurasevic, Domagoj Jakobovic et al.

Finding balanced, highly nonlinear Boolean functions is a difficult problem where it is not known what nonlinearity values are possible to be reached in general. At the same time, evolutionary computation is successfully used to evolve specific Boolean function instances, but the approach cannot easily scale for larger Boolean function sizes. Indeed, while evolving smaller Boolean functions is almost trivial, larger sizes become increasingly difficult, and evolutionary algorithms perform suboptimally. In this work, we ask whether genetic programming (GP) can evolve constructions resulting in balanced Boolean functions with high nonlinearity. This question is especially interesting as there are only a few known such constructions. Our results show that GP can find constructions that generalize well, i.e., result in the required functions for multiple tested sizes. Further, we show that GP evolves many equivalent constructions under different syntactic representations. Interestingly, the simplest solution found by GP is a particular case of the well-known indirect sum construction.

Anastasiya Gorodilova, Natalia Tokareva, Sergey Agievich et al.

NSUCRYPTO is the unique cryptographic Olympiad containing scientific mathematical problems for professionals, school and university students from any country. Its aim is to involve young researchers in solving curious and tough scientific problems of modern cryptography. From the very beginning, the concept of the Olympiad was not to focus on solving olympic tasks but on including unsolved research problems at the intersection of mathematics and cryptography. The Olympiad history starts in 2014. In 2019, it was held for the sixth time. In this paper, problems and their solutions of the Sixth International Olympiad in cryptography NSUCRYPTO'2019 are presented. We consider problems related to attacks on ciphers and hash functions, protocols, Boolean functions, Dickson polynomials, prime numbers, rotor machines, etc. We discuss several open problems on mathematical countermeasures to side-channel attacks, APN involutions, S-boxes, etc. The problem of finding a collision for the hash function Curl27 was partially solved during the Olympiad.

Claude Carlet, Kwang Ho Kim, Sihem Mesnager

Using recent results on solving the equation $X^{2^k+1}+X+a=0$ over a finite field $\mathbb{F}_{2^n}$, we address an open question raised by the first author in WAIFI 2014 concerning the APN-ness of the Kasami functions $x\mapsto x^{2^{2k}-2^k+1}$ with $gcd(k,n)=1$, $x\in\mathbb{F}_{2^n}$.

Anastasiya Gorodilova, Sergey Agievich, Claude Carlet et al.

Problems and their solutions of the Fifth International Students' Olympiad in cryptography NSUCRYPTO'2018 are presented. We consider problems related to attacks on ciphers and hash functions, Boolean functions, quantum circuits, Enigma, etc. We discuss several open problems on orthogonal arrays, Sylvester matrices and disjunct matrices. The problem of existing an invertible Sylvester matrix whose inverse is again a Sylvester matrix was completely solved during the Olympiad.

Anastasiya Gorodilova, Sergey Agievich, Claude Carlet et al.

Mathematical problems and their solutions of the Fourth International Students' Olympiad in cryptography NSUCRYPTO'2017 are presented. We consider problems related to attacks on ciphers and hash functions, cryptographic Boolean functions, the linear branch number, addition chains, error correction codes, etc. We discuss several open problems on algebraic structure of cryptographic functions, useful proof-of-work algorithms, the Boolean hidden shift problem and quantum computings.

Shihui Fu, Xiutao Feng, Qiang Wang et al.

In 2007, Carlet and Ding introduced two parameters, denoted by $Nb_F$ and $NB_F$, quantifying respectively the balancedness of general functions $F$ between finite Abelian groups and the (global) balancedness of their derivatives $D_a F(x)=F(x+a)-F(x)$, $a\in G\setminus\{0\}$ (providing an indicator of the nonlinearity of the functions). These authors studied the properties and cryptographic significance of these two measures. They provided for S-boxes inequalities relating the nonlinearity $\mathcal{NL}(F)$ to $NB_F$, and obtained in particular an upper bound on the nonlinearity which unifies Sidelnikov-Chabaud-Vaudenay's bound and the covering radius bound. At the Workshop WCC 2009 and in its postproceedings in 2011, a further study of these parameters was made; in particular, the first parameter was applied to the functions $F+L$ where $L$ is affine, providing more nonlinearity parameters. In 2010, motivated by the study of Costas arrays, two parameters called ambiguity and deficiency were introduced by Panario \emph{et al.} for permutations over finite Abelian groups to measure the injectivity and surjectivity of the derivatives respectively. These authors also studied some fundamental properties and cryptographic significance of these two measures. Further studies followed without that the second pair of parameters be compared to the first one. In the present paper, we observe that ambiguity is the same parameter as $NB_F$, up to additive and multiplicative constants (i.e. up to rescaling). We make the necessary work of comparison and unification of the results on $NB_F$, respectively on ambiguity, which have been obtained in the five papers devoted to these parameters. We generalize some known results to any Abelian groups and we more importantly derive many new results on these parameters.