Relating Boolean gate truth tables to one-way functions

Theory of Cryptography, 2013

We present a protocol for securely computing a Boolean circuit C in presence of a dishonest and malicious majority. The protocol is unconditionally secure, assuming a preprocessing functionality that is not given the inputs. For a large number of players the work for each player is the same as computing the circuit in the clear, up to a constant factor. Our protocol is the first to obtain these properties for Boolean circuits. On the technical side, we develop new homomorphic authentication schemes based on asymptotically good codes with an additional multiplication property. We also show a new algorithm for verifying the product of Boolean matrices in quadratic time with exponentially small error probability, where previous methods only achieved constant error.

2002

Properties of the total and conditional entropy – Strict Avalanche Criterion (SAC) are studied. The theorems that have been proved state the necessary and sufficient conditions for the total and conditional entropy (SAC) maximum of the special type functions, namely, D-functions. A procedure for synthesis of cryptographically strong balanced Boolean functions has been developed on the basis of the results obtained. It allows obtaining a more expanded class of Boolean functions for cryptographic application comparing to the known methods of synthesis

We show that there is significant benefit to using a reconfigurable computer to enumerate bent Boolean functions for cryptographic applications. Bent functions are rare, and the only known way to generate all bent functions is by a sieve technique in which many prospective functions are tested. The speed-up achieved depends on the number of variables n; for n = 8, we show that the reconfigurable computer achieves better than a 60,000× speed-up over a conventional computer. Further, we introduce the transeunt triangle as a means to reduce the number of functions that must be considered. For n = 6, this reduction is better than 500,000,000 to 1. Previously, the transeunt triangle had been used only in the design of exclusive OR logic circuits; it converts a truth table to the algebraic normal form. However, this fact has never been proven rigorously, and that shortcoming is removed in this paper. Our proof provides a practical benefit; it yields a new realization of the transeunt triangle that has less complexity and delay. Finally, we show computational results from a reconfigurable computer. Example 2.1. f = x 1 x 2 x 3 x 4 has the truth table rep

Axioms

In this paper, we present four product operations to construct cryptographic boolean functions from smaller ones with predictable Walsh spectrum. A lot of cryptographic properties of boolean functions can be presented by their Walsh spectrum. In our method, we use the product of Cayley graphs to present new boolean functions with desired Walsh spectrum and investigate their non-linearity, algebraic and correlation immunity.

IEEE Transactions on Information Theory, 2000

We introduce a new class of rate one half binary codes: complementary information set codes. A binary linear code of length 2n and dimension n is called a complementary information set code (CIS code for short) if it has two disjoint information sets. This class of codes contains self-dual codes as a subclass. It is connected to graph correlation immune Boolean functions of use in the security of hardware implementations of cryptographic primitives. Such codes permit to improve the cost of masking cryptographic algorithms against side channel attacks. In this paper we investigate this new class of codes: we give optimal or best known CIS codes of length < 132. We derive general constructions based on cyclic codes and on double circulant codes. We derive a Varshamov-Gilbert bound for long CIS codes, and show that they can all be classified in small lengths ≤ 12 by the building up construction. Some nonlinear S-boxes are constructed by using Z 4 -codes, based on the notion of dual distance of an unrestricted code.

Notices of the American Mathematical Society

s one of the most fundamental objects investigated in pure and applied mathematics and computer science, the notion of a Boolean function was introduced about 150 years ago in the context of fundamental mathematics and mathematical logic by an English mathematician George Boole (1815-1864). Boole's treatment of algebra of logic (now known as Boolean algebra) in his The laws of thought [3] laid the foundation for the design of modern digital computer circuits. For positive integers and , a vectorial, or (,)−Boolean function is a map from the finite field 2 (or the vector space 2) to 2 (or 2) (= 1 corresponds to a Boolean function). Since the middle of the twentieth century, with the rapid development of information and communication technology, Boolean function theory has become an important tool for solving problems of analysis and synthesis of discrete devices which transform and process information, in particular, in cryptography. In this article, we give an overview of the main concepts and problems in the area of cryptographic Boolean functions from the last 40 years. To respond to a need for ensuring security of electronic data, in 1973 the US National Bureau of Standards (now, Lilya Budaghyan is a research director of the project "Optimal Boolean Functions" and a head of Selmer Center-Reliable Communication Group at the

Lecture Notes in Computer Science, 2015

We propose the first Key-policy Attribute-based Encryption (KP-ABE) scheme for (monotone) Boolean circuits based on bilinear maps. The construction is based on secret sharing and just one bilinear map, and can be viewed as an extension of the KP-ABE scheme in [7]. Selective security of the proposed scheme in the standard model is proved, and comparisons with the scheme in [5] based on leveled multilinear maps, are provided. Thus, for Boolean circuits representing multilevel access structures, our KP-ABE scheme is more efficient than the one in [5]. 1 Introduction Attribute-based encryption (ABE) is a new paradigm in cryptography, where messages are encrypted and decryption keys are computed in accordance with a given set of attributes and an access structure on the set of attributes. There are two forms of ABE: key-policy ABE (KP-ABE) [7] and ciphertext-policy ABE (CP-ABE) [2]. In a KP-ABE, each message is encrypted together with a set of attributes and the decryption key is computed for the entire access structure; in a CP-ABE, each message is encrypted together with an access structure while the decryption keys are given for specific sets of attributes. In this paper we focus only on KP-ABE. ABE was introduced in [10] in the form of fuzzy identity-based encryption, as a ization of identity-based encryption [11]. The first KP-ABE scheme was proposed in [7], where the access structures were specified by monotone Boolean formulas (monotone Boolean circuits of fan-out one, with one output wire). An extension to the non-monotonic case has later appeared in [9]. Both approaches [7] and [9] take into consideration only access structures defined by Boolean formulas. However, there are access structures of practical importance that cannot be represented by Boolean formulas, such as multilevel access structures [14, 15]. In such a case, defining KP-ABE schemes for access structures defined by Boolean circuits becomes a necessity. The first solution to this problem was proposed in [5] by using leveled multilinear maps (sets of bilinear maps with some special property). A little later, a lattice-based construction was also proposed [6]. Contribution The KP-ABE schemes for Boolean circuits proposed so far are either based on leveled multilinear maps or on lattices. Direct extensions of the scheme in [7] to Boolean circuits face the backtracking attack [5]. Moreover, it was conjectured in [5] that such extensions cannot be realized using bilinear maps. In this paper we show that an extension of the KP-ABE scheme in [7] to accommodate the case of (monotone) Boolean circuits is possible. In order to reach this objective, the Boolean circuits are endowed with explicit FANOUT-gates. The secret sharing procedure for such circuits works top-down as in [7]. The outputs of FANOUT-gates are encrypted and

2005

Algebraic attack has recently become an important tool in cryptanalysing different stream and block cipher systems. A Boolean function, when used in some cryptosystem, should be designed properly to resist this kind of attack. The cryptographic property of a Boolean function, that resists algebraic attack, is known as Algebraic Immunity (AI). So far, the attempt in designing Boolean functions with required algebraic immunity was only ad-hoc, i.e., the functions were designed keeping in mind the other cryptographic criteria, and then it has been checked whether it can provide good algebraic immunity too. For the first time, in this paper, we present a construction method to generate Boolean functions on n variables with highest possible algebraic immunity n 2 . Such a function can be used in conjunction with (using direct sum) functions having other cryptographic properties. In a different direction we identify that functions, having low degree subfunctions, are weak in terms of algebraic immunity and analyse some existing constructions from this viewpoint.

IACR Cryptol. ePrint Arch., 2021

We provide a new technique for secret sharing and reconstruction for Boolean circuits, applicable in ABE systems. We show that our construction holds for Key-policy ABE and can be adapted also to Ciphertext-policy ABE. This is the most efficient solution for Attribute Based Encryption for circuits access structures using bilinear maps. Our KP-ABE system has decryption key of linear size in the number of attributes, and public parameters linear in the circuit size (Two public values for each FO-gate). We prove that our scheme is secure under the decisional bilinear Diffie-Hellman Assumption in the Selective Set Model.

Lecture Notes in Computer Science, 2000

This paper addresses the problem of obtaining new construction methods for cryptographically significant Boolean functions. We show that for each positive integer m, there are infinitely many integers n (both odd and even), such that it is possible to construct n-variable, m-resilient functions having nonlinearity greater than 2 n−1 − 2 n 2. Also we obtain better results than all published works on the construction of n-variable, m-resilient functions, including cases where the constructed functions have the maximum possible algebraic degree n − m − 1. Next we modify the Patterson-Wiedemann functions to construct balanced Boolean functions on n-variables having nonlinearity strictly greater than 2 n−1 − 2 n−1 2 for all odd n ≥ 15. In addition, we consider the properties strict avalanche criteria and propagation characteristics which are important for design of S-boxes in block ciphers and construct such functions with very high nonlinearity and algebraic degree.

Electron. Colloquium Comput. Complex., 2013

We consider the problem of compression for “easy” Boolean functions: given the truth table of an n-variate Boolean function f computable by some unknown small circuit from a known class of circuits, find in deterministic time poly(2) a circuit C (no restriction on the type of C) computing f so that the size of C is less than the trivial circuit size 2/n. We get both positive and negative results. On the positive side, we show that several circuit classes for which lower bounds are proved by a method of random restrictions: • AC, • (de Morgan) formulas, and • (read-once) branching programs, allow non-trivial compression for circuits up to the size for which lower bounds are known. On the negative side, we show that compressing functions from any class C ⊆ P/poly implies superpolynomial lower bounds against C for a function in NEXP; we also observe that compressing monotone functions of polynomial circuit complexity or functions computable by large-size AC circuits would also imply ne...

Lecture Notes in Computer Science, 2004

Algebraic attacks on LFSR-based stream ciphers recover the secret key by solving an overdefined system of multivariate algebraic equations. They exploit multivariate relations involving key bits and output bits and become very efficient if such relations of low degrees may be found. Low degree relations have been shown to exist for several well known constructions of stream ciphers immune to all previously known attacks. Such relations may be derived by multiplying the output function of a stream cipher by a well chosen low degree function such that the product function is again of low degree. In view of algebraic attacks, low degree multiples of Boolean functions are a basic concern in the design of stream ciphers as well as of block ciphers. This paper investigates the existence of low degree multiples of Boolean functions in several directions: The known scenarios under which low degree multiples exist are reduced and simplified to two scenarios, that are treated differently in algebraic attacks. A new algorithm is proposed that allows to successfully decide whether a Boolean function has low degree multiples. This represents a significant step towards provable security against algebraic attacks. Furthermore, it is shown that a recently introduced class of degree optimized Maiorana-McFarland functions immanently has low degree multiples. Finally, the probability that a random Boolean function has a low degree multiple is estimated.

International Journal of Computing, 2019

Currently, nonlinear Boolean functions are actively investigated worldwide. However, many questions remain unanswered. The theory of nonlinear Boolean functions that are suitable for use in cryptographically strong algorithms is significantly incomplete. Despite the existence of numerous publications on these themes, many issues related to the interconnection of design characteristics affecting the generator’s performance and its cryptographic characteristics still remain unsolved. The possibility of generating a special type of sequence, called de Bruijn sequence, at minimal hardware and software costs to implement nonlinear Boolean functions in stream encryption systems, is the main subject of this work. The paper presents the possible structure boundaries (algebraic degree of a Boolean function, the number of monomials in a function) of iterative de Bruijn sequence bitrate generators for various generated sequence characteristics, such as linear complexity and autocorrelation fun...

Arxiv preprint arXiv:0710.0664, 2007

Reversible logic [4, 11] is one of the hot areas of research. It has many applications in quantum computation [13, 23], low-power CMOS [8, 31] and many more. Synthesis and optimization of reversible circuits cannot be done using conventional ways [29]. The design and analysis ...

IEEE, 2020

Security is a major concern for internet users and industries when it comes to data processing, message transmission, electronic transaction etc. One important feature of secure communication is modern cryptography. It allows the implementation of major cryptographic objectives: confidentiality, authentication, data integrity and non-repudiation. Most NISTrecommended crypto algorithms are highly reliable, faster and powerful, but are still susceptible to attacks such as brute-force attack, algebraic attacks, linear attacks, etc. Hash functions are the most widespread primitives of cryptography that are widely used in information security applications. The main objective of this paper is to design the hardware Intellectual Property (IP) core of the secured one-way hash functions (SHA-256 and MD5) and analyze the fully pipelined optimized hardware architecture. The key feature of this improved implementation is to generate a secure and unique key for the protection of symmetric key crypto algorithms. The proposed work is implemented at high-level language C and converted into Register Transfer Level (RTL) IP using the Xilinx Vivado HLS on ZedBoard. The robustness and randomness of the algorithm are evaluated in the form of the Hamming Distance and Avalanche Effect. The results show that the proposed design offers a higher level of security and implementation flexibility with small design overhead and low power consumption. The resulting SHA-256 architecture operates at 127.22MHz with a throughput of 15Gbps, while MD5 architecture operates at 123MHz with a throughput of 15Gbps.