IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 59, NO. 5, MAY 2013
3233
A Note on Generalized Bent Criteria for Boolean Functions Sugata Gangopadhyay, Enes Pasalic, and Pantelimon Stănică
Abstract—In this paper, we consider the spectra of Boolean functions with respect to the action of unitary transforms obtained by taking tensor products of the Hadamard kernel, denoted by , and the nega-Hadamard kernel, denoted by . The set of all such . A Boolean function is said to transforms is denoted by be if its spectrum with respect to at least one unitary transform in is flat. We obtain a relationship between bent, functions, which is a generalization of the resemibent, and lationship between bent and negabent Boolean functions proved by Parker and Pott [cf., LNCS 4893 (2007), 9–23]. As a corollary to this result, we prove that the maximum possible algebraic degree of a function on variables is and, hence, solve an open problem posed by Riera and Parker [cf., IEEE-TIT 52:9 (2006), 4142–4159]. Index Terms—Algebraic degree, bent function, function, nega-Hadamard transform, Walsh–Hadamard transform.
general, any function from to ( a positive integer) is said to be a generalized Boolean function in variables [5], whose set is being denoted by . Clearly . For any , the algebraic normal form (ANF) is (1) . The Hamming weight of . The algebraic degree of , . Now, let be an integer, and let be the complex -primitive root of unity. The Walsh–Hadamard transform of at any point is the complex valued function
where is
, for all
(2) I. INTRODUCTION The inverse of the Walsh–Hadamard transform is given by
L
ET us denote the set of integers, real numbers, and complex numbers by , , and , respectively, and let the ring of integers modulo be denoted by . The vector space is the space of all -tuples of elements from with the standard operations. By “ ” we denote the addition over , , and , whereas “ ” denotes the addition over for all . Addition modulo is denoted by “ ” and it is understood from the context. If and are in , we define the scalar (or inner) product by In , let and denote the zero vector and the all-one vector, respectively. The cardinality of a set is denoted by . If , then denotes the absolute value of , and denotes the complex conjugate of , where and . We call any function from to a Boolean function in variables and denote the set of all Boolean functions by . In
Manuscript received June 28, 2012; revised October 11, 2012; accepted December 03, 2012. Date of publication January 04, 2013; date of current version April 17, 2013. S. Gangopadhyay is with the Department of Mathematics, Indian Institute of Technology Roorkee, Roorkee 247667, India (e-mail:
[email protected]). E. Pasalic is with the Faculty of Mathematics, Natural Sciences and Information Technologies, University of Primorska, SI-6104 Koper, Slovenia (e-mail:
[email protected]). P. Stănică is with the Department of Applied Mathematics, Naval Postgraduate School, Monterey, CA 93943-5216 USA (e-mail:
[email protected]). Communicated by T. Helleseth, Associate Editor for Sequences. Digital Object Identifier 10.1109/TIT.2012.2235908
(3) is a generalized bent function if and only A function if for all . If and is even, then a generalized bent function is called a bent function. A function , where is odd, is said to be semibent if and only if , for all . The maximum possible algebraic degree of a bent function on variables ( even) is and for a semibent function on variables ( odd) is (cf., [1, Proposition 8.15] and [2]). Let and be a subspace of . For any , the restriction of to the coset is defined as , for all . It is to be noted that the restriction of a function to a coset is unique up to a translation. The following well-known (cf., [1]) result is stated without proof. Proposition 1: Let , be a bent function, be an -dimensional subspace of , and such that . Then, the restrictions of to and , denoted and , respectively, are semibent functions and for all . The nega-Hadamard transform of at any vector is the complex valued function
0018-9448/$31.00 © 2013 IEEE
(4)
3234
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 59, NO. 5, MAY 2013
A function
is said to be negabent if and only if for all . If , then the inverse of the nega-Hadamard transform is (5) for all . The Hadamard kernel, the nega-Hadamard kernel, and the identity transform on , denoted by , , and , respectively, are
variables is and, hence, to solve an open problem posed by Riera and Parker [4]. II. BENT PROPERTIES WITH RESPECT TO Let be the homogeneous symmetric Boolean function of algebraic degree whose ANF is (7) ,
The intersection of two vectors is the vector
We define the function
by
and
(8)
The set of different unitary transforms that are obtained by performing tensor products and , times in any possible sequence, is denoted by . If and partition , then the unitary transform, of dimension , corresponding to this partition is (6) where
by , We also define the function for all , and we set , for easy writing. In the following proposition, we obtain a connection between and which plays a crucial role in developing connections between different bent criteria. We note that the result of Proposition 3, for , is mentioned earlier by Su et al. in the proof of [9, Lemma 1]. In the same paper, they provide a construction of bent-negabent functions of all algebraic degrees ranging from 2 to ( even). Proposition 3: Let
. Then, for all
, (9)
with in the th position, similarly for , and “ ” indicating the tensor product of matrices. Let denote a row or column number of the unitary matrix . We write
Proof: Using the identity , by induction on , we get . Replacing by our result.
where , let is
Riera and Parker [4, Lemma 7] have obtained a general expression for the entries of any matrix . We obtain an alternative description below which we use to connect the spectrum of any to the Walsh–Hadamard spectra of some associated functions.
. For any Boolean function denote a column vector whose row entry , for all . The spectrum of with respect to is the vector . If , then the entry in the th row of is and, if , then the entry in the th row of is , for all . In the former case, is said to be the Walsh–Hadamard spectrum of , while in the latter case, it is the nega-Hadamard spectrum of . The spectrum of a function with respect to a unitary transform is said to be flat if and only if the absolute value of each entry of is 1. is said to be if there Definition 2: A function exists at least one such that is flat. The bent and the negabent functions belong to the class of functions as extreme cases. For results on negabent and bent-negabent functions, we refer to [3], [6], [7], and [9]. In this paper, we obtain a relationship between bent, semibent, and functions, which is a generalization of the relationship between bent and negabent Boolean functions proved by Parker and Pott [3]. This leads us to prove that the maximum possible algebraic degree of a function on
, we obtain
Theorem 4: If is a unitary matrix constructed as in (6), corresponding to the partition , of where , then for any , the entry in the th row and th column of is
where
is such that if if . Proof: We prove the result by induction. The case of can be checked directly. By Proposition 3
Suppose the result is true for . Let
and
, and . Let be the unitary transform induced by the partition corresponding to . The transform corresponding to the partition induced by is , where
GANGOPADHYAY et al.: NOTE ON GENERALIZED BENT CRITERIA FOR BOOLEAN FUNCTIONS
if and product of and
if , we obtain
. By taking the tensor
Suppose to prove. If
3235
is a bent function. If , then
, there is nothing
where
Therefore (13) This proves the result. In the following two theorems, we establish a connection between bent, semibent, and functions, which is a generalization of the relationship between bent and negabent Boolean functions proved by Parker and Pott [3]. The unitary transform in induced by the partition corresponding to is denoted by , while the entry in the th row of the spectrum is . , where is even. Then, is Theorem 5: Let if and only if there exists such that is bent. Proof: If is , then there exists such that for all . By Theorem 4, we obtain
(10) Therefore
(11) has a unique By Jacobi’s two-square theorem, we know that representation (disregarding the sign and order) as a sum of two squares, namely , if is even, and , if is odd. Then, for even
(12) Thus,
is a bent function.
Since is a bent function and is a subspace of codimension 1, by Proposition 1, the restrictions of on and its remaining coset are semibent and their Walsh–Hadamard spectra are disjoint. Therefore, the right-hand side of the above equation belongs to the set for all . This proves that is a function. Theorem 6: Let where is odd. If is , then there exists such that is semibent. Proof: As in the previous theorem, the function is implies that there exists such that for all . Since is an odd integer by (11), we have , . Therefore, by similar argument as in (12), we obtain , which implies that is semibent. The converse of Theorem 6 is not true in general, since the argument used in Theorem 5 to prove the converse is not applicable when is an odd integer. This is illustrated by the following example. Example 7: Suppose . The function . Let . It can be directly checked that is semibent but . Therefore, the spectrum of is not flat with respect to the transform . Riera and Parker [4, p. 4125] posed the following open problem: What is the maximum algebraic degree of a Boolean function of variables? The solution of this problem can be obtained as a corollary to Theorems 5 and 6. Corollary 8: The maximum algebraic degree of a Boolean function on variables is . Proof: Suppose is a function. Then, by Theorems 5 and 6, the function is bent or semibent depending upon being an even or an odd integer, respectively. It is known that the maximum algebraic degree of a bent or semibent function is , whereas is an at most quadratic function. This proves that the algebraic degree of is upper bounded by . Remark 9: Equation (10) connects to the approximation of a Boolean function by the functions of the form . This may endow some cryptographic significance to the spectra of with respect to the transforms in .
3236
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 59, NO. 5, MAY 2013
ACKNOWLEDGMENT The authors would like to thank the anonymous referees for the detailed comments that significantly improved the technical, as well as the editorial quality of the paper. REFERENCES [1] C. Carlet, “Boolean functions for cryptography and error correcting codes,” in Boolean Models and Methods in Mathematics, Computer Science, and Engineering, Y. Crama and P. L. Hammer, Eds. Cambridge, U.K: Cambridge Univ. Press, 2010, pp. 257–397. [2] T. W. Cusick and P. Stanica, Cryptographic Boolean Functions and Applications. New York: Academic, 2009. [3] M. G. Parker and A. Pott, “On Boolean functions which are bent and negabent,” in Proc. Int. Conf. Sequences, Subsequences, Consequences, 2007, vol. LNCS-4893, pp. 9–23. [4] C. Riera and M. G. Parker, “Generalized bent criteria for Boolean functions,” IEEE Trans. Inf. Theory, vol. 52, no. 9, pp. 4142–4159, Sep. 2006. [5] P. Solé and N. Tokareva, “Connections between quaternary and binary bent functions,” Prikl. Diskr. Mat., vol. 1, pp. 6–18, 2009. [6] K. U. Schmidt, M. G. Parker, and A. Pott, “Negabent functions in the Maiorana-McFarland class,” in Proc. Int. Conf. Sequences Appl., 2008, vol. LNCS-5203, pp. 390–402. [7] P. Stanica, S. Gangopadhyay, A. Chaturvedi, A. K. Gangopadhyay, and S. Maitra, “Investigations on bent and negabent functions via the nega-Hadamard transform,” IEEE Trans. Inf. Theory, vol. 58, no. 6, pp. 4064–4072, Jun. 2012.
[8] P. Stanica, T. Martinsen, S. Gangopadhyay, and B. K. Singh, “Bent and generalized bent Boolean functions,” Des. Codes Cryptogr., DOI 10.1007/s10623-012-9622-5. [9] W. Su, A. Pott, and X. Tang, “Characterization of negabent functions and construction of bent-negabent functions with maximum algebraic degree,” arXiv: 1205.6568v1 [cs.IT], May 2012. Sugata Gangopadhyay received his Master of Science in Mathematics degree in the year 1993 from the Indian Institute of Technology Kharagpur. He completed a Ph.D. from the Indian Institute of Technology Kharagpur in 1998. Currently he is an Associate Professor at the Indian Institute of Technology Roorkee. His research interests are in Cryptology and Discrete Mathematics.
Enes Pasalic received the Ph.D. degree in cryptology from Lund University, Lund, Sweden, in 2003. Since May 2003 he has been a postdoctoral researcher at INRIA (Versaille, France) crypto group, and later in 2005 at the Technical University of Denmark, Lyngby. He is currently with University of Primorska, FAMNIT and IAM, Koper, Slovenia. His main research interest is cryptography with emphasis on symmetric-key cryptography.
Pantelimon Stănică received his Master of Science in Mathematics degree in 1992 from University of Bucharest, Romania. He completed his Ph.D. in Mathematics at State University of New York at Buffalo in 1998. Currently, he is a Professor at the Naval Postgraduate School, in Monterey, California. His research interests are in Cryptology, Number Theory and Discrete Mathematics.
