Vectorial Boolean Functions: Difference between revisions
No edit summary |
No edit summary |
||
| Line 18: | Line 18: | ||
== Walsh transform == | == Walsh transform == | ||
The <span class="definition">Walsh transform</span> of <math>F : \mathbb{F}_2^m \rightarrow \mathbb{F}_2^n</math> is the integer-valued function <math>W_F : \mathbb{F}_2^m \times \mathbb{F}_2^n</math> defined by | |||
<div class="equation><math> | |||
W_F(u,v) = \sum_{x \in \mathbb{F}_2^m} (-1)^{v \cdot F(x) + u \cdot x} | |||
</math></div> | |||
It can be observed that the Walsh transform of some <math>F</math> is in fact the Fourier transform of the indicator of its graph, i.e. the Fourier transform of the function <math>1_{G_F}</math> defined as | |||
<div class="equation><math> | |||
1_{G_F}(x,y) = \begin{cases} | |||
1 & F(x) = y \\ | |||
0 & F(x) \ne y. | |||
\end{cases} | |||
</math></div> | |||
The <span class="definition">Walsh spectrum</span> of <math>F</math> is the multi-set of all the values of its Walsh transform for all pairs <math>(u,v) \in \mathbb{F}_2^m \times {\mathbb{F}_2^n}^*</math>. The <span class="definition">extended Walsh spectrum</span> of <math>F</math> is the multi-set of the absolute values of its Walsh transform, and the <span class="definition">Walsh support</span> of <math>F</math> is the set of pairs <math>(u,v)</math> for which <math>W_F(u,v) \ne 0</math>. | |||
== Representations == | == Representations == | ||
Revision as of 20:33, 30 December 2018
Introduction
Let [math]\displaystyle{ \mathbb{F}_2^n }[/math] be the vector space of dimension [math]\displaystyle{ n }[/math] over the finite field [math]\displaystyle{ \mathbb{F}_2 }[/math] with two elements. Functions from [math]\displaystyle{ \mathbb{F}_2^m }[/math] to [math]\displaystyle{ \mathbb{F}_2^n }[/math] are called [math]\displaystyle{ (m,n) }[/math]-functions or simply vectorial Boolean functions when the dimensions of the vector spaces are implicit or irrelevant.
Any [math]\displaystyle{ (m,n) }[/math]-function [math]\displaystyle{ F }[/math] can be written as a vector [math]\displaystyle{ F = (f_1, f_2, \ldots f_m) }[/math] of [math]\displaystyle{ n }[/math]-dimensional Boolean functions [math]\displaystyle{ f_1, f_2, \ldots f_m }[/math] which are called the coordinate functions of [math]\displaystyle{ F }[/math].
Cryptanalytic attacks
Vectorial Boolean functions, also referred to as "S-boxes", or "Substitution boxes", in the context of cryptography, are a fundamental building block of block ciphers and are crucial to their security: more precisely, the resistance of the block cipher to cryptanalytic attacks directly depends on the properties of the S-boxes used in its construction.
The main types of cryptanalytic attacks that result in the definition of design criteria for S-boxes are the following:
- the differential attack introduced by Biham and Shamir; to resist it, an S-box must have low differential uniformity;
- the linear attack introduced by Matsui; to resist it, an S-box must have high nonlinearity;
- the higher order differential attack; to resist it, an S-box must have high algebraic degree;
- the interpolation attack; to resist it, the univariate representation of an S-box must have high degree, and its distance to the set of low univariate degree functions must be large;
- algebraic attacks.
Generalities on Boolean functions
Walsh transform
The Walsh transform of [math]\displaystyle{ F : \mathbb{F}_2^m \rightarrow \mathbb{F}_2^n }[/math] is the integer-valued function [math]\displaystyle{ W_F : \mathbb{F}_2^m \times \mathbb{F}_2^n }[/math] defined by
It can be observed that the Walsh transform of some [math]\displaystyle{ F }[/math] is in fact the Fourier transform of the indicator of its graph, i.e. the Fourier transform of the function [math]\displaystyle{ 1_{G_F} }[/math] defined as
The Walsh spectrum of [math]\displaystyle{ F }[/math] is the multi-set of all the values of its Walsh transform for all pairs [math]\displaystyle{ (u,v) \in \mathbb{F}_2^m \times {\mathbb{F}_2^n}^* }[/math]. The extended Walsh spectrum of [math]\displaystyle{ F }[/math] is the multi-set of the absolute values of its Walsh transform, and the Walsh support of [math]\displaystyle{ F }[/math] is the set of pairs [math]\displaystyle{ (u,v) }[/math] for which [math]\displaystyle{ W_F(u,v) \ne 0 }[/math].