Generalized Correlation Analysis of Vectorial Boolean Functions

We investigate the security of n-bit to m-bit vectorial Boolean functions in stream ciphers. Such stream ciphers have higher throughput than those using single-bit output Boolean functions. However, as shown by Zhang and Chan at Crypto 2000, linear approximations based on composing the vector output with any Boolean functions have higher bias than those based on the usual correlation attack. In this paper, we introduce a new approach for analyzing vector Boolean functions called generalized correlation analysis. It is based on approximate equations which are linear in the input x but of free degree in the output z = F(x). Based on experimental results, we observe that the new generalized correlation attack gives linear approximation with much higher bias than the Zhang-Chan and usual correlation attacks. Thus it can be more effective than previous methods. First, the complexity for computing the generalized nonlinearity for this new attack is reduced from 22m×n+n to 22n. Second, we prove a theoretical upper bound for generalized nonlinearity which is much lower than the unrestricted nonlinearity (for Zhang-Chan's attack) or usual nonlinearity. This again proves that generalized correlation attack performs better than previous correlation attacks. Third, we introduce a generalized divide-and-conquer correlation attack and prove that the usual notion of resiliency is enough to protect against it. Finally, we deduce the generalized nonlinearity of some known secondary constructions for secure vector Boolean functions.

[1]  P. Sarkar,et al.  Improved construction of nonlinear resilient S-boxes , 2002, IEEE Transactions on Information Theory.

[2]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[3]  Anne Canteaut,et al.  Binary m-sequences with three-valued crosscorrelation: A proof of Welch's conjecture , 2000, IEEE Trans. Inf. Theory.

[4]  Robert Gold,et al.  Maximal recursive sequences with 3-valued recursive cross-correlation functions (Corresp.) , 1968, IEEE Trans. Inf. Theory.

[5]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[6]  Yuliang Zheng,et al.  Cryptographically resilient functions , 1997, IEEE Trans. Inf. Theory.

[7]  Yuliang Zheng,et al.  On Nonlinear Resilient Functions (Extended Abstract) , 1995, EUROCRYPT.

[8]  Thomas Siegenthaler,et al.  Decrypting a Class of Stream Ciphers Using Ciphertext Only , 1985, IEEE Transactions on Computers.

[9]  Anne Canteaut,et al.  Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 , 2000, EUROCRYPT.

[10]  Agnes Hui Chan,et al.  Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers , 2000, CRYPTO.

[11]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[12]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[13]  Claude Carlet,et al.  Vectorial Functions and Covering Sequences , 2003, International Conference on Finite Fields and Applications.

[14]  Gary L. Mullen,et al.  Finite Fields and Applications , 2007, Student mathematical library.

[15]  Claude Carlet,et al.  On a New Notion of Nonlinearity Relevant to Multi-output Pseudo-random Generators , 2003, Selected Areas in Cryptography.

[16]  Oded Goldreich,et al.  The bit extraction problem or t-resilient functions , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[17]  Palash Sarkar The Filter-Combiner Model for Memoryless Synchronous Stream Ciphers , 2002, CRYPTO.

[18]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[19]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[20]  John F. Dillon,et al.  Multiplicative Difference Sets via Additive Characters , 1999, Des. Codes Cryptogr..

[21]  Subhamoy Maitra,et al.  Linear Codes in Constructing Resilient Functions with High Nonlinearity , 2001, Selected Areas in Cryptography.

[22]  Kaisa Nyberg,et al.  On the Construction of Highly Nonlinear Permutations , 1992, EUROCRYPT.