Heuristic Optimization of Boolean Functions andSubstitution Boxes for Cryptography

Fundamental to the electronic security of information and communication systems, is the correct use and application of appropriate ciphers. The strength of these ciphers, particularly in their ability to resist cryptanalytic attacks, directly in uences the overall strength of the entire system. The strength of the underlying cipher is reliant upon a robust structure and the carefully designed interaction between components in its architecture. Most importantly, however, cipher strength is critically dependent on the strength of the individual components of which it is comprised. Boolean functions and substitution boxes (s-boxes) are among the most common and essential components of ciphers. This is because they are able to provide a cipher with strengthening properties to resist known and potential cryptanalytic attacks. Thus, it is not surprising that significant research effort has been made in trying to develop ways of obtaining boolean functions and substitution boxes with optimal achievable measures of desirable cryptographic properties. Three of the main cryptographic properties required by strong boolean functions and s-boxes are nonlinearity, correlation immunity and propagation criteria, with different cryptographic applications requiring different acceptable measures of these and other properties. As combinations of cryptographic properties exhibited by functions can be conicting, finding cryptographically strong functions often means that a trade-off needs to be made when optimizing property values. Throughout this thesis, the term "optimization" specifically refers to seeking to obtain the best achievable combination of target property values which may be exhibited by boolean functions and s-boxes, regardless of whether the relevant properties are conflicting or complementary. This thesis focusses on a particular class of techniques for obtaining strong functions for cryptographic applications, referred to as heuristic methods or, simply, heuristics. Three new heuristic methods, each aimed at generating boolean functions optimizing one or more of the main cryptographic properties mentioned above, in addition to other desirable properties, are presented. The first of the new heuristic methods developed for this thesis focusses on generating boolean functions which are balanced and exhibit very high nonlinearities. Highly nonlinear balanced functions are critical to many cryptographic applications, as they provide good resistance to linear cryptanalytic attacks. This first method is based on the recursive modification of a starting bent function and is shown to be highly successful and efficient at generating numerous such functions, which also exhibit low autocorrelation values, in a very short computational time. The generation of balanced, correlation immune boolean functions that also exhibit the confl icting property of high nonlinearity is the focus of the second new heuristic method developed for this thesis. By concatenating selected pairs of lower-dimensional boolean functions together in the Walsh Hadamard transform domain, direct optimization for both resilience and nonlinearity was able to take place at each level towards and for the final function. This second method was able to generate examples of boolean functions with almost all of the best known optimal combinations of target property values. Experiments have shown the success of this method in consistently generating highly nonlinear resilient boolean functions, for a range of orders of resilience, with such functions possessing optimal algebraic degree. A third new heuristic method, which searches for balanced boolean functions which satisfy a non-zero degree of propagation criteria and exhibit high nonlinearity, is presented. Intelligent bit manipulations in the truth table of starting functions, based on fundamental relationships between boolean function transforms and measures, provide the design rationale for this method. Two new function generation schemes have been proposed for this method, to efficiently satisfy the requirements placed on the starting functions utilized in the computational process. An optional process attempts to increase the algebraic degree of the resulting functions, without sacrificing the optimalities that are achievable. The validity of this method is demonstrated through the success of various experimental trials. Switching the focus from single output boolean functions to multiple output boolean functions (s-boxes), the effectiveness of existing heuristic techniques (namely Genetic Algorithm, Hill Climbing Method and combined Genetic Algorithm/Hill Climbing) in primarily being applied to improve the nonlinearity of s-boxes of various dimensions, is investigated. The prior success of these heuristic techniques for improving the nonlinearity of boolean functions has been previously demonstrated, as has the success of hill climbing in isolation when applied to bijective s-boxes. An extension to the bijective s-box optimization work is presented in this thesis. In this new research, a Genetic Algorithm, Hill Climbing Method and the two in combination are applied to the nonlinearity and autocorrelation optimization of regular NxM s-boxes (N > M) to investigate the effectiveness and efficiency of each of these heuristics. A new breeding scheme, utilized in the Genetic Algorithm and combined Genetic Algorithm/Hill Climbing trials, is also presented. The success of experimental results compared to random regular s-box generation is demonstrated. New research in applying the Hill Climbing Method to construct NxM sboxes (N > M) required to meet specific property criteria is presented. The consideration of the characteristics desired by the constructed s-boxes largely dictated the generation process. A discussion on the generation process of the component functions is included. Part of the results produced by experimental trials were incorporated into a commonly used family of stream ciphers, thus further supporting the use of heuristic techniques as a useful means of obtaining strong functions suitable for incorporation into practical ciphers. An analysis of the cryptographic properties of the s-box used in the MARS block cipher, the method of generation and the computational time taken to obtain this s-box, led to the new research reported in this thesis on the generation of MARS-like s-boxes. It is shown that the application of the Hill Climbing Method, with suitable requirements placed on the component boolean functions, was able to generate multiple MARS-like s-boxes which satisfied the MARS sbox requirements and provided additional properties. This new work represented an alternative approach to the generation of s-boxes satisfying the MARS sbox property requirements but which are cryptographically superior and can be obtained in a fraction of the time than that which was taken to produce the MARS s-box. An example MARS-like s-box is presented in this thesis. The overall value of heuristic methods in generating strong boolean functions and substitution boxes is clearly demonstrated in this thesis. This thesis has made several significant contributions to the field, both in the development of new, specialized heuristic methods capable of generating strong boolean functions, and in the analysis and optimization of substitution boxes, the latter achieved through applying existing heuristic techniques.

[1]  P. Sarkar,et al.  Improved construction of nonlinear resilient S-boxes , 2002, IEEE Transactions on Information Theory.

[2]  Thomas Johansson,et al.  Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes , 1999, EUROCRYPT.

[3]  John A. Clark,et al.  Two-Stage Optimisation in the Design of Boolean Functions , 2000, ACISP.

[4]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[5]  William Millan,et al.  How to Improve the Nonlinearity of Bijective S-Boxes , 1998, ACISP.

[6]  Willi Meier,et al.  Nonlinearity Criteria for Cryptographic Functions , 1990, EUROCRYPT.

[7]  Jennifer Seberry,et al.  The Relationship Between Propagation Characteristics and Nonlinearity of Cryptographic Functions , 1996 .

[8]  Fred Glover,et al.  Tabu Search: A Tutorial , 1990 .

[9]  William Millan Analysis and design of Boolean functions for cryptographic applications , 1997 .

[10]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[11]  Guang Gong,et al.  New Constructions for Resilient and Highly Nonlinear Boolean Functions , 2003, ACISP.

[12]  Kaoru Kurosawa,et al.  Almost security of cryptographic Boolean functions , 2004, IEEE Transactions on Information Theory.

[13]  Jung Hee Cheon,et al.  S-boxes with Controllable Nonlinearity , 1999, EUROCRYPT.

[14]  Willi Meier,et al.  Fast correlation attacks on certain stream ciphers , 1989, Journal of Cryptology.

[15]  Enes Pasalic,et al.  Further Results on the Relation Between Nonlinearity and Resiliency for Boolean Functions , 1999, IMACC.

[16]  Kaoru Kurosawa,et al.  On Cryptographically Secure Vectorial Boolean Functions , 1999, ASIACRYPT.

[17]  Jennifer Seberry,et al.  Construction of bent functions from two known bent functions , 1994, Australas. J Comb..

[18]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .

[19]  Richard Spillman,et al.  Use of a genetic algorithm in the crypt-analysis of simple substitution ciphers , 1993 .

[20]  William Millan Low Order Approximation of Cipher Functions , 1995, Cryptography: Policy and Algorithms.

[21]  Vincent Rijmen,et al.  The Block Cipher Rijndael , 1998, CARDIS.

[22]  Palash Sarkar,et al.  Construction of Nonlinear Boolean Functions with Important Cryptographic Properties , 2000, EUROCRYPT.

[23]  Philip Hawkes,et al.  Primitive Specification for SOBER-128 , 2003, IACR Cryptol. ePrint Arch..

[24]  Philip Hawkes,et al.  Turing: A Fast Stream Cipher , 2002, FSE.

[25]  O. S. Rothaus,et al.  On "Bent" Functions , 1976, J. Comb. Theory, Ser. A.

[26]  Palash Sarkar,et al.  New Directions in Design of Resilient Boolean Functions , 2000, IACR Cryptol. ePrint Arch..

[27]  Hideki Imai,et al.  Relating Differential Distribution Tables to Other Properties of of Substitution Boxes , 2000, Des. Codes Cryptogr..

[28]  Yuliang Zheng,et al.  Connections among nonlinearity, avalanche and correlation immunity , 2003, Theor. Comput. Sci..

[29]  Andrew J. Clark,et al.  Divide and Conquer Attacks on Certain Classes of Stream Ciphers , 1994, Cryptologia.

[30]  Thomas Siegenthaler,et al.  Decrypting a Class of Stream Ciphers Using Ciphertext Only , 1985, IEEE Transactions on Computers.

[31]  Philip Michael Hawkes,et al.  The t-Class of SOBER Stream Ciphers , 2000 .

[32]  Lawrence. Davis,et al.  Handbook Of Genetic Algorithms , 1990 .

[33]  Selçuk Kavut,et al.  Improved Cost Function in the Design of Boolean Functions Satisfying Multiple Criteria , 2003, INDOCRYPT.

[34]  Yuliang Zheng,et al.  Plateaued Functions , 1999, ICICS.

[35]  Palash Sarkar,et al.  Spectral Domain Analysis of Correlation Immune and Resilient Boolean Functions , 2000, IACR Cryptol. ePrint Arch..

[36]  William Millan,et al.  Boolean Function Design Using Hill Climbing Methods , 1999, ACISP.

[37]  Jeff Gilchrist,et al.  The CAST-256 Encryption Algorithm , 1999, RFC.

[38]  Yuriy Tarannikov,et al.  On Resilient Boolean Functions with Maximal Possible Nonlinearity , 2000, INDOCRYPT.

[39]  Anne Canteaut,et al.  Propagation Characteristics and Correlation-Immunity of Highly Nonlinear Boolean Functions , 2000, EUROCRYPT.

[40]  J. Dillon Elementary Hadamard Difference Sets , 1974 .

[41]  William Millan,et al.  Heuristic Design of Cryptographically Strong Balanced Boolean Functions , 1998, EUROCRYPT.

[42]  Claude Carlet On the Coset Weight Divisibility and Nonlinearity of Resilient and Correlation-Immune Functions , 2001, SETA.

[43]  Subhamoy Maitra,et al.  Further constructions of resilient Boolean functions with very high nonlinearity , 2002, IEEE Trans. Inf. Theory.

[44]  Thomas Siegenthaler,et al.  Correlation-immunity of nonlinear combining functions for cryptographic applications , 1984, IEEE Trans. Inf. Theory.

[45]  Kaoru Kurosawa,et al.  Almost k -Wise Independent Sample Spaces and Their Cryptologic Applications , 2001, Journal of Cryptology.

[46]  Amr M. Youssef,et al.  Hyper-bent Functions , 2001, EUROCRYPT.

[47]  Claude Carlet,et al.  On Plateaued Functions and Their Constructions , 2003, FSE.

[48]  Soumen Maity,et al.  Construction of Cryptographically Important Boolean Functions , 2002, INDOCRYPT.

[49]  Jennifer Seberry,et al.  Nonlinearity and Propagation Characteristics of Balanced Boolean Functions , 1995, Inf. Comput..

[50]  William Millan,et al.  Smart Hill Climbing Finds Better Boolean Functions , 1997 .

[51]  Shai Halevi,et al.  MARS - a candidate cipher for AES , 1999 .

[52]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, Annual International Cryptology Conference.

[53]  Yuriy Tarannikov New Constructions of Resilient Boolean Functions with Maximal Nonlinearity , 2001, FSE.

[54]  Claude Carlet On the Propagation Criterion of Degree l and Order k , 1998, EUROCRYPT.

[55]  William Millan,et al.  An effective genetic algorithm for finding highly nonlinear Boolean Functions , 1997, ICICS.

[56]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[57]  C. D. Gelatt,et al.  Optimization by Simulated Annealing , 1983, Science.

[58]  Yuliang Zheng,et al.  On Relationships among Avalanche, Nonlinearity, and Correlation Immunity , 2000, ASIACRYPT.

[59]  Amr M. Youssef,et al.  Boolean Functions with Large Distance to All Bijective Monomials: N Odd Case , 2001, Selected Areas in Cryptography.

[60]  Subhamoy Maitra Correlation Immune Boolean Functions with Very High Nonlinearity , 2000, IACR Cryptol. ePrint Arch..

[61]  Kaoru Kurosawa,et al.  Highly Nonlinear t-resilient Functions , 1997, J. Univers. Comput. Sci..

[62]  Claude Carlet,et al.  Two New Classes of Bent Functions , 1994, EUROCRYPT.

[63]  Kaoru Kurosawa,et al.  Design of SAC/PC(l) of Order k Boolean Functions and Three Other Cryptographic Criteria , 1997, EUROCRYPT.

[64]  Hans Dobbertin,et al.  Construction of Bent Functions and Balanced Boolean Functions with High Nonlinearity , 1994, FSE.

[66]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[67]  Ed Dawson,et al.  Construction of correlation immune Boolean functions , 1997, ICICS.

[68]  Kaisa Nyberg,et al.  Generalized Feistel Networks , 1996, ASIACRYPT.

[69]  Thomas Johansson,et al.  Fast Correlation Attacks Based on Turbo Code Techniques , 1999, CRYPTO.

[70]  Jovan Dj. Golic,et al.  Fast Low Order Approximation of Cryptographic Functions , 1996, EUROCRYPT.

[71]  Robert L. McFarland,et al.  A Family of Difference Sets in Non-cyclic Groups , 1973, J. Comb. Theory A.

[72]  Kaisa Nyberg,et al.  Constructions of Bent Functions and Difference Sets , 1991, EUROCRYPT.

[73]  Yuliang Zheng,et al.  Auto-Correlations and New Bounds on the Nonlinearity of Boolean Functions , 1996, EUROCRYPT.

[74]  Joos Vandewalle,et al.  Propagation Characteristics of Boolean Functions , 1991, EUROCRYPT.

[75]  Joos Vandewalle,et al.  Correlation Matrices , 1994, FSE.

[76]  Bimal K. Roy,et al.  A Brief Outline of Research on Correlation Immune Functions , 2002, ACISP.

[77]  T. Johansson,et al.  A construction of resilient functions with high nonlinearity , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[78]  Eric Filiol,et al.  Decimation Attack of Stream Ciphers , 2000, INDOCRYPT.

[79]  Subhamoy Maitra Highly nonlinear balanced Boolean functions with good local and global avalanche characteristics , 2002, Inf. Process. Lett..

[80]  Subhamoy Maitra Highly Nonlinear Balanced Boolean Functions with Very Good Autocorrelation Property , 2001, Electron. Notes Discret. Math..

[82]  J. Seberry,et al.  Relationships among nonlinearity criteria , 1994 .

[83]  Palash Sarkar,et al.  New Constructions of Resilient and Correlation Immune Boolean Functions Achieving Upper Bound on Nonlinearity , 2001, Electron. Notes Discret. Math..

[84]  Yuliang Zheng,et al.  New Results on Correlation Immunity , 2000, ICISC.

[85]  H. Feistel Cryptography and Computer Privacy , 1973 .

[86]  Claude Carlet,et al.  A construction of bent function , 1996 .

[87]  Yuliang Zheng,et al.  Improved Upper Bound on the Nonlinearity of High Order Correlation Immune Functions , 2000, Selected Areas in Cryptography.

[88]  James L. Massey,et al.  A spectral characterization of correlation-immune combining functions , 1988, IEEE Trans. Inf. Theory.

[89]  Eli Biham,et al.  TIGER: A Fast New Hash Function , 1996, FSE.

[90]  Stafford E. Tavares,et al.  On the Design of S-Boxes , 1985, CRYPTO.

[91]  Yuriy Tarannikov,et al.  Spectral analysis of high order correlation immune functions , 2001, Proceedings. 2001 IEEE International Symposium on Information Theory (IEEE Cat. No.01CH37252).

[92]  Yuliang Zheng,et al.  GAC - the Criterion for Global Avalance Characteristics of Cryptographic Functions , 1995, J. Univers. Comput. Sci..

[93]  John H. Holland,et al.  Genetic Algorithms and the Optimal Allocation of Trials , 1973, SIAM J. Comput..

[94]  Susan Stepney,et al.  Evolving Boolean Functions Satisfying Multiple Criteria , 2002, INDOCRYPT.

[95]  Carlisle M. Adams,et al.  Constructing Symmetric Ciphers Using the CAST Design Procedure , 1997, Des. Codes Cryptogr..

[96]  Claude Carlet Partially-bent functions , 1993, Des. Codes Cryptogr..

[97]  Palash Sarkar,et al.  Nonlinearity Bounds and Constructions of Resilient Boolean Functions , 2000, CRYPTO.

[98]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[99]  Robert A. J. Matthews,et al.  The Use of Genetic Algorithms in Cryptanalysis , 1993, Cryptologia.

[100]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[101]  Guang Gong,et al.  Additive Autocorrelation of Resilient Boolean Functions , 2003, Selected Areas in Cryptography.

[102]  Soumen Maity,et al.  Minimum Distance between Bent and 1-resilient Boolean Functions , 2003, Ars Comb..

[103]  Cunsheng Ding,et al.  The Stability Theory of Stream Ciphers , 1991, Lecture Notes in Computer Science.