Searching for Cryptographically Significant Rotation Symmetric Boolean Functions by Designing Heuristic Algorithms

Wang, Yongjuan; Gao, Guangpu; Yuan, Qingjun

doi:https://doi.org/10.1155/2022/8188533

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Conclusion Appendix Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2022 | Article ID 8188533 | https://doi.org/10.1155/2022/8188533

Searching for Cryptographically Significant Rotation Symmetric Boolean Functions by Designing Heuristic Algorithms

Yongjuan Wang,^1,2Guangpu Gao ,^1,2and Qingjun Yuan^1,2

Academic Editor: Qichun Wang

Received10 Nov 2021

Accepted05 Feb 2022

Published27 Mar 2022

Abstract

It has been proved that the set of rotation symmetric Boolean functions (RSBFs) is abundant in cryptographically strong functions with multiple criteria. In this study, we design two genetic algorithms and apply them to search for balanced RSBFs with high nonlinearity. The experimental results show that our methods can generate cryptographically strong Boolean functions with high nonlinearity, 1-resilient functions, and optimal algebraic immunity. It shows that these functions have superiority from the view point of practical application in cryptosystems compared with known ones which are obtained by other heuristics.

1. Introduction

As the basic nonlinear components, Boolean functions can achieve the confusion and diffusion for ciphers (pp. 398–399 of [1]). When we apply them to cryptosystems, Boolean functions should embrace excellent cryptographic properties, such as balancedness, correlation immunity, high nonlinearity, high algebraic degree, and high algebraic immunity. However, all such characteristics cannot be optimum at the same time, and trade-offs should be of consideration. Therefore, constructions of Boolean functions with compromise criteria are always a challenging open problem [2, 3].

A metaheuristic is designed to generate an almost best solution to an optimization problem with guidance between local improvement and higher level strategies. In the literature, lots of papers used heuristic algorithms to search for cryptographically important Boolean functions and several long open problems had been solved [4–6]. Hill climbing (HC) and genetic algorithm (GA) were firstly applied to search for highly nonlinear Boolean functions in 1996 [7, 8] by modifying the true table of a Boolean function. Because the HC is a local search procedure and cannot generally achieve global optimization, then global metaheuristics, such as genetic algorithm, simulated annealing, ant colony, and their hybridization with HC, have been presented to improve the solutions between the conflicting cryptographic criteria [9–12]. For example, in 1998, the authors introduced a genetic algorithm combined with HC and found balanced Boolean functions in 6, 8, and 10 variables with nonlinearity greater than [9]. However, their method seems not to be valid always for all situations.

Because rotation is a useful operator which can speed up the performance of the ciphers and preserve the security at the same time [13–15], recently, RSBFs have been attracted to be researched because of their advantages in cryptographic algorithms for the simple structure, fast speed, high resource utilization, and their richness of cryptographically significant Boolean functions [16–18]. We call a Boolean function RS if its outputs are invariant under the input of the cyclic shift. Using a steepest-descent-like algorithm, Kavut et al. [4] have searched Boolean functions in 9 variables with nonlinearity 241. This led to solving an almost three-decade-old open problem if there exist Boolean functions of 9 variables whose nonlinearity greater than bent concatenation bound 240.

However, this algorithm cannot guarantee the balancedness of Boolean functions. By applying simulated annealing (SA) to 9-variable RSBFs and with some algebraic techniques, Liu and Youssef [6] constructed 10-variable Boolean functions with algebraic degree 7, resiliency degree 2, and nonlinearity 488. This result has answered the open problem about the existence of such functions in [3]. Motivated by the previous work, searching for RSBFs with multiple cryptographical properties should be further investigated.

In this study, we generalize the traditional genetic algorithm and apply it to search for balanced functions with high nonlinearity in the class of RSBFs. The experimental results demonstrate our method can generate excellent Boolean functions with high nonlinearity, 1-resilient functions, and optimal algebraic immunity. We can also obtain bent functions which have been applied widely in cryptography, spread spectrum, coding theory, and combinatorial design. It shows that these functions have superiority from the point of practical application in cryptosystems compared with known ones that are obtained by other heuristics. We organize this paper as follows. In Section 2, we introduce some preliminary definitions and useful results. Section 3 describes the traditional genetic algorithm. Based on this algorithm, we propose a modification of GA named GA-reset. We also design an algorithm to generate balanced RSBFs. A generality of GA-reset is presented when we pursue the high nonlinearity of RSBF. By combining these algorithms proposed in this paper, we have obtained excellent RSBFs with the variables of 8, 10, and 12. We give a conclusion in Section 4.

2. Preliminaries

2.1. Boolean Functions

Let be the -dimensional vector space over the finite field . Denote by the addition operation over . Let and be the all-zero vector and the all-one vector of , respectively. An -variable Boolean function can be represented uniquely as an -variable polynomial, called its algebraic normal form (ANF). An -variable Boolean function , where , is a mapping from to , which can be represented uniquely as an -variable polynomial, called its algebraic normal form (ANF):

The algebraic degree is defined as the number of variables in the highest order product term with nonzero coefficient. A Boolean function is said to be affine if its degree does not exceed 1. The set of all -variable affine functions is denoted by . We call a function nonlinear if it is not in . The Hamming weight of a binary vector is the number of its nonzero coordinates, and the Hamming weight of a Boolean function is the size of its support . If , we call balanced. Let denote the set of Boolean functions of variables. Given with , , let be an inner product in , for instance, the usual inner product . Then, the Walsh coefficients for a Boolean function are the values of the real valued function over defined by

The Walsh spectrum of the Boolean function is the set of all the Walsh coefficients .

For convenience, we use instead of . It is easy to derive the following elementary identity:and the well-known formula (see Th. 2.17, p.13, of [2])

Definition 1. Let be even. A Boolean function on is called a bent function if and only if its Walsh transform satisfies

Definition 2. A Boolean function on is called -resilient if and only if its Walsh coefficients satisfiedFrom Xiao–Messay theorem [19], the algebraic degree of a -resilient function is at most . Let . For , we define the left-cyclic shift operator acting on as (that is, permutes the indices of coordinates of ).
We can extend the definition of on tuples as follows:Let be the cyclic group of the permutation , and we denote bythe orbit of under the action of .
It is obvious that generates a partition of the vector space . It is shown in [20] that the number of orbits of is exactlywhere is Euler’s function.

2.2. Related Work

The term genetic algorithm (GA) was first used by John Holland in 1995 based on Darwinian evolution theory. Followed by Spillman [21] and Clark [22], it was shown that GA has been successfully applied in cryptanalysis of classical ciphers and modern ciphers [8, 9, 23, 24]. In evolution of Boolean functions, Millan et al. [7, 8] firstly applied GA to find Boolean functions with high nonlinearity. By introducing a resetting step, they combined GA with HC and obtained balanced Boolean functions with high nonlinearity [8]. However, most of the previous work applied several fitness functions to obtain Boolean functions with multiple cryptographical criteria. In this study, we will show that one can obtain cryptographically strong Boolean function by using the fitness function defined in step (2) of Algorithm 1.

(1)	Initialization. To be balanced.
(2)	Fitness function. Let the fitness function be

(3)	Genetic operators Two-point crossover. The two crossover points (potential solution) are chosen randomly on the parent truth tables of the rotation symmetric functions (RSTTs). All bits between these two points are swapped between the parents, rendering two child RSTTs. Mutation. The purpose of mutation in GAs is introducing diversity. According to the mutation probability , we chose some orbits of the RSTT and complete it. We checked the efficiency of the algorithm for the mutation probability of 0.2, 0.1, and 0.05 and found that when , the output is optimum. Selection. The fitness function is evaluated for each individual and then the fitness values are normalized. For the th individual with fitness value , then its probability of being selected is , where is the number of individuals in the population. Compute the cumulative probability distribution and generate a uniform random number ranging in ; then, the th individual is selected if .
(4)	Resetting. As in [9], we add the resetting step to the traditional GAs. That is, if the fitness of the best solution cannot be improved after a number of iterations, then we retain the best solution and randomly generate balanced RSBFs.
(5)	Termination. Because of the randomness of GAs, there must be enough iterations so that the solutions can be convergent. Thus, we assign the number of iterations to be 100,000.

GAs is inspired by bio-operators such as mutation, crossover, and selection. It usually starts from a sample of individuals which is generated randomly. In each iteration, there is an iterative process with the sample, which is called a generation. In a genetic algorithm, the sample with candidate solutions (i.e., individuals) is expected to evolve toward better solutions. For more details, see [25].

3. Searching for Cryptographically Strong RSBFs

We represent the individuals as truth tables of Boolean functions. However, when the search space is restricted to the class of RSBFs, each orbit indicates a gene and the length of the crossover is equal to the number of the orbits. If a bit in the truth table of an RSBF is changed, then it means that all outputs corresponding to an orbit should be changed to obtain another RSBF. Take 10-variable RSBFs as an example. There are orbits of ; we list them in Table 1.

The genetic algorithm searching for RSBFs is designed as Algorithm 1.

Remark 1. The function in step (2) was first proposed by [26] to measure the cryptographical stability of a Boolean function. Kavut et al. make use of it in their steepest-descent-like iterative algorithm and find RSBFs in 9 variables with nonlinearity 241 [4]. Because this fitness function minimizes the squared distance of a Boolean function with even number of variables to bent functions in terms of Walsh spectra, therefore, we can expect a highly nonlinear RSBF with the minimum of it. By experiments, we found that when the initial population size is 30, the efficiency of the algorithm and the scale of the solutions have the best trade-off.

3.1. A Modification of GA-Rest

In the previous algorithm, the “child” solution produced by the “parents” solutions with the genetic operators, crossover and mutation, is generally not a balanced RSBF. Therefore, we improve it as Algorithm 2. Let and be the parent -variable balanced RSBFs and be the Hamming distance of and . Denote by the child bred by and . Let be the number of 1 of the truth table of restricted to the indexes such that the parents bits are different. The objective of the algorithm is to generate a balanced RSBF such that . Note that all entries corresponding to an orbit should be changed to obtain another RSBF if one bit of the truth table of an RSBF is complemented.

	Input: Two RSBFs
	Output: A balanced RSBF
(1)	int
(2)	ifthen
(3)	for to do
(4)	;
(5)	end for
(6)	end if
(7)	for to do
(8)	ifthen
(9)
(10)	else
(11)	ifthen
(12)
(13)	else
(14)	ifthen
(15)	;
(16)	else is randomly equal to 0 or 1.
(17)	;
(18)	ifthen
(19)	.
(20)	end if
(21)	end if
(22)	end if
(23)	end if
(24)	end for return.

Remark 2. Note that the complementing truth table of a Boolean function does not change its nonlinearity. The check in Step 2 of Algorithm 2 is to ensure that only the parents who are close to each other are allowed to breed. The checks in Steps 9 and 12 are used to force the child RSBF to be balanced. Experimental results show that these modifications are benefit for obtaining better solutions.

3.2. Results and Discussion

Denote by the profile of a Boolean function as the number of its input variable, resiliency order, algebraic degree, nonlinearity, and algebraic immunity. Particularly, we denote by and by the unbalanced functions and the balanced functions, respectively. In this section, we perform the traditional GA and GA-rest to search RSBFs with 10 variables to determine which algorithm is better. By programming the traditional GA, the highest nonlinearity of the RSBFs achieved is 484, and it is balanced, but it is not resilient. Meantime, we have obtained many RSBFs with . We present its truth table in a hexadecimal format.

By programming GA-reset, we have found balanced RSBFs with nonlinearity 486, which are higher than the results generated by the traditional GA. And also, we have obtained RSBFs with . The following is one of the examples:

E8959332C75B1A1CA07E32CF03DD03A0 8C546EB94B58E1BF540EF7E7551B8C51 90E133307CA9DFC620CF32C1FD029BAF 776455ADBA2AA86A633653CED1E076468754BD460E4B1F102EA59C97E2FBF52D 4954E1FA0B49F053FAF3400896DAD8EA 3E7A297423678DF39E9C19CDCD806CC8 6C1E1B3D665BB0A8A657AD402F383469.

We collect the best results of the two algorithms in Table 2.

The results show that though the efficiency of GA-reset is lower than GA, the solutions obtained are better than that of GA. It seems that the efficiency of GA-reset and converge of the solutions is in a reasonable trade-off between them.

3.3. Searching for RSBF with High Nonlinearity

If we extend the “generic operators” in Algorithm 1 to all pairs of the current generations, then the algorithm can converge quickly to bent functions. In searching for the class of 10-variable RSBFs, it takes 1′45″34 to obtain bent functions. Most of them are with optimal algebraic immunity. That constructing bent function with optimal algebraic immunity has always been an open problem until the method present in [27]. This shows that the new algorithm converges to global optimal solutions targeting nonlinearity. Together with Algorithm 2, we can search balanced RSBFs with the highest nonlinearity compared with the known algorithms. We state it in Algorithm 3.

Input: The maximum number of iteration .
Output: Cryptographically strong balanced RSBFs
(1)	Generate a set of balanced RSBFs (represented by RSTT) and calculate the fitness function of each individual. Call this set .
(2)	for i = 1 to do:
(3)	for all pairs of the set do
(4)	Perform Algorithm 1 to produce offsprings and compute their values of the fitness function.
(5)	Combine the offspring in the present set, , and choose the best individuals as the new set, .
(6)	Delete duplicate solutions.
(7)	if the fitness of the best solution does not decrease after a number of iterations then
(8)	Retain the best solution and generate randomly balanced RSBFs as the remainder of the set.
(9)	end if
(10)	end for
(11)	end for
(12)	return the best solution from the current set.

Remark 3. It shows that though the efficiency is lower than previous algorithms, we can generate a bent RSBF within an acceptable time. Together with Algorithm 2, we can generate balanced RSBFs with strongly cryptographical properties.
In the remainder of this section, we apply Algorithm 3 to search for 8, 10, and 12-variable RSBFs and the maximum number of the iterations 100,000. We get RSBFs with . They cannot be linearly transformed to balanced functions since there is no zero in their Walsh spectra. However, we find RSBFs which are [8, 9] and there are 76 zeroes in its Walsh spectrum, which can be linearly transformed to 1-resilient functions[10]. We also find RSBFs which are and one of Algorithms 2 and 3 of the examples is in Section Appendix.
We collect and compare the known results obtained by heuristics in Table 3.

4. Conclusion

Rotation symmetric Boolean functions have an advantage in cryptosystems since they can be described lightly. In this study, we search for balanced RSBF with excellent cryptographical properties by designing heuristic algorithms. The experimental results have proved that there is a reasonable trade-off between the efficiency of our algorithms and the convergence of the RSBFs. Bent functions can also be generated by the algorithm. By programming the algorithms shown in this study, we have obtained excellent RSBFs with the variables of 8, 10, and 12. This strategy is shown to be significantly superior to some known algorithms.

Appendix

The truth table of is in the hexadecimal format. FA8D84A6C1318C79B4021A4291B03A83CF75401846 CD751CD6429E154BDD 941BA0FA2F76705507C4752D F1F27E6247B4B27D65 58D3AD4632258FF7E7D 361128E8910EECC5DBE7A3 C3A142362006BA0342E 324CB3BF16EE5C2AFD79 19312BDE348F1D2EA738273784 A75EDDA3752D5F 485927C5BEAB2FA82AA71 A7843064D81A895864200F8FDE5B427B7DAED3E9C 5FA10FD912214C5F380D 55157CDE9D104A7058B D5B5C60F1DF4A9BAE1268 ACE872B159C8EEA27FC24 3930F5609CAF3EC1B3485A E53B75CB9D92A4FC15 D7B4A6A90608D6E66FDF6 A3894B3E3218F762BE31D522925D6EA4269FE9998A 58BFDC9158C9CD6F13D D6EC0641B113D60F 680578D91C322952D60 485441 BF 84A BF6E8679F650C3E CF3AF3DCE8B64FBCD3A433FB D94214AAF6C6461 8090624A576AE0FD551E637 2343723EF1F3F8D3B6130034 C92B107280CFB637 CB 66F13D41AF43F7EE748C C7DE8DF8524828C5D8A0F8953E18DA5632D7E5D 0 B9FD88483AAFE119644F865 F04FA227950C7E5C9BB5FA8A5578E0 F35907 388E9 721E8B7B26B4DE86B6D25D D860EAA41223E23FDA719C6DDCD6506914C0B67 9 AD7939FAE2BE3CC80BC0C764 CE4FBC5F084395AB2F2C0DCBB95 F03F2374D0 9C6 1D26E26CFC8824187CD6BEEC 9686D3D5C866818BAAB6F097132 395F1C7B1A728A E024EE6A62DF8A1106C7517 DB53020AA23C14AF7DD000663FC0A78316

Data Availability

The data used to support the findings of this study have been uploaded to github (https://github.com/kistoday/cryptographically-significant-rotation-symmetric-boolean-functions).

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This research was supported by the National Nature Science Foundation of China, under Grant no. 61872381.

References

C. Carlet, “Vectorial Boolean functions for cryptography,” Boolean Models and Methods in Mathematics Computer Science and Engineering, Cambridge University Press, Cambridege, England, 2010.
View at: Google Scholar
T. W. Cusick and P. Stănică, Cryptographic Boolean Functions and Applications, Academic Press, San Diego, CA, USA, 2009.
P. Sarkar and S. Maitra, “Nonlinearity bounds and constructions of resilient boolean functions,” Advances in Cryptology-CRYPTO 2000, pp. 515–532, 2000.
View at: Publisher Site | Google Scholar
S. Kavut, S. Maitra, and M. D. Yücel, “Search for Boolean functions with excellent profiles in the rotation symmetric class,” IEEE Transactions on Information Theory, vol. 53, no. 5, pp. 1743–1751, 2007.
View at: Publisher Site | Google Scholar
S. Kavut and S. Maitra, “Patterson-wiedemann type functions on 21 variables with nonlinearity greater than bent concatenation bound,” IEEE Transactions on Information Theory, vol. 62, no. 4, pp. 2277–2282, 2016.
View at: Publisher Site | Google Scholar
W. M. Liu and A. M. Youssef, “On the existence of (10, 2, 7, 488) resilient functions,” IEEE Transactions on Information Theory, vol. 55, no. 1, pp. 411-412, 2009.
View at: Publisher Site | Google Scholar
W. Millan, A. Clark, and E. Dawson, “Smart hill climbing finds better Boolean functions,” Workshop on Selected Areas in Cryptology(SAC), Springer, New York, NY, USA, 1997.
View at: Google Scholar
W. Millan, A. Clark, and E. Dawson, “An effective genetic algorithm for finding Boolean functions,” in Proceedings of the International Conference on Information and Communications Security (ICICS), pp. 149–158, Beijing, China, November 1997.
View at: Publisher Site | Google Scholar
W. Millan, A. Clark, and E. Dawson, Heuristic Design of Cryptographically Strong Balanced Boolean Functions, Springer-Verlag, Berlin, Germany, 1998.
J. A. Clark, J. L. Jacob, S. Stepney, S. Maitra, and W. Millan, “Evolving Boolean Functions Satisfying Multiple Criteria,” Progress in Cryptology—Indocrypt 2002, Springer Berlin Heidelberg, Berlin, Germany, 2002.
View at: Google Scholar
J. A. Clark, J. L. Jacob, and S. Stepney, “The design of s-boxes by simulated annealing,” New Generation Computing, vol. 23, no. 3, pp. 219–231, 2005.
View at: Publisher Site | Google Scholar
W. Millan, L. Burnett, G. Carter, A. Clark, and E. Dawson, “Evolutionary heuristics for finding cryptographically strong S-boxes,” Lecture Notes in Computer Science, vol. 1726, pp. 263–274, 2004.
View at: Publisher Site | Google Scholar
T. W. Cusick and P. Stănică, “Fast evaluation, weights and nonlinearity of rotation-symmetric functions,” Discrete Mathematics, vol. 258, no. 1–3, pp. 289–301, 2002.
View at: Publisher Site | Google Scholar
J. Pieprzyk and C. Qu, “Fast hashing and rotation-symmetric functions,” Journal of Universal Computer Science, vol. 5, no. 1, pp. 20–31, 1999.
View at: Google Scholar
V. Rijmen, P. S. L. M. Barreto, and D. L. Gazzoni Filho, “Rotation symmetry in algebraically generated cryptographic substitution tables,” Information Processing Letters, vol. 106, no. 6, pp. 246–250, 2008.
View at: Publisher Site | Google Scholar
T. W. Cusick and Y. Cheon, “Affine equivalence for rotation symmetric Boolean functions with 2k variables,” Designs, Codes and Cryptography, vol. 63, no. 2, pp. 273–294, 2012.
View at: Publisher Site | Google Scholar
D. K. Dalai, S. Maitra, and S. Sarkar, “Results on rotation symmetric bent functions,” Discrete Mathematics, vol. 309, no. 8, pp. 2398–2409, 2009.
View at: Publisher Site | Google Scholar
G. Gao, X. Zhang, W. Liu, and C. Carlet, “Constructions of quadratic and cubic rotation symmetric bent functions,” IEEE Transactions on Information Theory, vol. 58, no. 7, pp. 4908–4913, 2012.
View at: Publisher Site | Google Scholar
G.-Z. Xiao and J. L. Massey, “A spectral characterization of correlation-immune combining functions,” IEEE Transactions on Information Theory, vol. 34, no. 3, pp. 569–571, 1988.
View at: Publisher Site | Google Scholar
P. Stǎnicǎ and S. Maitra, “Rotation symmetric boolean functions-count and cryptographic properties,” Discrete Applied Mathematics, vol. 156, pp. 1567–1580, 2008.
View at: Publisher Site | Google Scholar
R. Spillman, “Cryptanalysis of knapsack ciphers using genetic algorithms,” Cryptologia, vol. 17, no. 4, pp. 367–377, 1993.
View at: Publisher Site | Google Scholar
A. Clark, “Modern optimisation algorithms for cryptanalysis,” in Proceedings of ANZIIS Australian New Zealnd Intelligent Information Systems Conference, pp. 258–262, Brisbane,, November 1994.
View at: Publisher Site | Google Scholar
A. Wang, Y. Li, Y. Ding, L. Zhu, and Y. Wang, “Efficient framework for genetic-algorithm-based correlation power analysis,” IACR Cryptol,ePrint Arch, vol. 179, 2021.
View at: Google Scholar
K. W. Wong, W. S. Yap, D. C. K. Wong, R. C. W. Phan, and B. M. Goi, “Cryptanalysis of genetic algorithm-based encryption scheme,” Multimedia Tools and Applications, vol. 79, no. 35, pp. 25259–25276, 2020.
View at: Publisher Site | Google Scholar
F. W. Glover and G. A. Kochenberger, “Handbook of Metaheuristics,” International Series in Operations Research & Management Science, Springer, New York, NY, USA, 2003.
View at: Google Scholar
C. Ding and G. Xiao, Stream Cipher and Applications, National Defense Industry Press, Beijing, China, 1994.
Z. Tu and Y. Deng, “A conjecture about binary strings and its applications on constructing Boolean functions with optimal algebraic immunity,” Designs, Codes and Cryptography, vol. 60, no. 1, pp. 1–14, 2011.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Yongjuan Wang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies