On an improved correlation analysis of stream ciphers using multi-output Boolean functions and the related generalized notion of nonlinearity
نویسندگان
چکیده
We investigate the security of n-bit to m-bit vectorial Boolean functions in stream ciphers. Such stream ciphers have higher throughput than those using single-bit output Boolean functions. However, as shown by Zhang and Chan at Crypto 2000, linear approximations based on composing the vector output with any Boolean functions have higher bias than those based on the usual correlation attack. In this paper, we introduce a new approach for analyzing vector Boolean functions called generalized correlation analysis. It is based on approximate equations which are linear in the input x but of free degree in the output z = F (x). The complexity for computing the generalized nonlinearity for this new attack is reduced from 22 ×n+n to 22n. Based on experimental results, we show that the new generalized correlation attack gives linear approximation with much higher bias than the Zhang-Chan and usual correlation attack. We confirm this with a theoretical upper bound for generalized nonlinearity, which is much lower than for the unrestricted nonlinearity (for Zhang-Chan’s attack) and a fortiori for usual nonlinearity. We also prove a lower bound for generalized nonlinearity which allows us to construct vector Boolean functions with high generalized nonlinearity from bent and almost bent functions. We derive the generalized nonlinearity of some known secondary constructions for secure vector Boolean functions. Finally, we prove that if a vector Boolean function has high nonlinearity or even a high unrestricted nonlinearity, it cannot ensure that it will have high generalized nonlinearity.
منابع مشابه
On an Improved Correlation Analysis of Stream Ciphers Using Muti-Output Boolean Functions and the Related Generalized Notion of Nonlinearity
We investigate the security of n-bit to m-bit vectorial Boolean functions in stream ciphers. Such stream ciphers have higher throughput than those using single-bit output Boolean functions. However, as shown by Zhang and Chan at Crypto 2000, linear approximations based on composing the vector output with any Boolean functions have higher bias than those based on the usual correlation attack. In...
متن کاملGeneralized Correlation Analysis of Vectorial Boolean Functions
We investigate the security of n-bit to m-bit vectorial Boolean functions in stream ciphers. Such stream ciphers have higher throughput than those using single-bit output Boolean functions. However, as shown by Zhang and Chan at Crypto 2000, linear approximations based on composing the vector output with any Boolean functions have higher bias than those based on the usual correlation attack. In...
متن کاملConstruction of Cryptographically Important Boolean Functions
Boolean functions are used as nonlinear combining functions in certain stream ciphers. A Boolean function is said to be correlation immune if its output leaks no information about its input values. Balanced correlation immune functions are called resilient functions. Finding methods for easy construction of resilient functions with additional properties is an active research area. Maitra and Pa...
متن کاملMaximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers
This paper investigates the design of S-boxes used for combining linear feedback shift register (LFSR) sequences in combination generators. Such combination generators have higher throughput than those using Boolean functions as the combining functions. However, Sboxes tend to leak more information about the LFSR sequences than Boolean functions. To study the information leakage, the notion of ...
متن کاملAn Infinite Class of Balanced Functions with Optimal Algebraic Immunity, Good Immunity to Fast Algebraic Attacks and Good Nonlinearity
After the improvement by Courtois and Meier of the algebraic attacks on stream ciphers and the introduction of the related notion of algebraic immunity, several constructions of infinite classes of Boolean functions with optimum algebraic immunity have been proposed. All of them gave functions whose algebraic degrees are high enough for resisting the Berlekamp-Massey attack and the recent Rønjo...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Adv. in Math. of Comm.
دوره 2 شماره
صفحات -
تاریخ انتشار 2008