Constructions of Quadratic Bent Functions in Polynomial ... - CiteSeerX

1

Constructions of Quadratic Bent Functions in Polynomial Forms Nam Yul Yu and Guang Gong, Member, IEEE Department of Electrical and Computer Engineering University of Waterloo, CANADA

Abstract In this correspondence, the constructions and enumerations of all bent functions represented by a polynomial form of

"! $ % &$')( * , +.- #

, are presented for

special cases of / . Using an iterative approach, the construction of bent functions of degree

/

variables with

is also provided using the constructed quadratic bent functions.

Index Terms Bent functions, Boolean functions, Maximum nonlinearity, Semi-bent functions.

I. I NTRODUCTION A bent function is a Boolean function with even number of variables whose Walsh transform has a constant magnitude [10]. In the coding context, it is a coset of the first order Reed-Muller code with the largest minimum weight [19]. In other words, a bent function has a maximum distance from a linear function, so it is maximally nonlinear. For the maximum nonlinearity, bent functions have been paid a lot of attention to by researchers for cryptographic applications [4] - [9]. Moreover, the maximum nonlinearity of bent functions corresponds to a minimized maximum correlation between the functions and a trace function. Thus, bent functions also have many applications in algebraic coding and sequence design [19] [22]. In [13] and [14], Khoo, Gong, and Stinson investigated the following sum of monomial trace terms with quadratic exponents where the exponent of variables has the Hamming weight 0 . For

2

"!"# !"#

$

# # % where is the trace function from to . The spectrum of Hadamard transform of

(which will be formally defined in next section) belongs to the integer ring & . If the spectrum of ')( +* 0 -,/. , then % is called a semi-bent function for odd [13]. only takes three values 021 4 576 . Khoo, Gong, and Stinson derived a necessary and sufficient Let

3 odd ,

condition for a semi-bent function, i.e.,

is semi-bent if and only if

8:9 @ 4?>BA Following this work, Charpin, Pasalic, and Tavernier [6] considered 1 !"# odd % DFEC

G !"# A 1 even

G

For even

,

belongs to = I5 4J> % , is semi-bent if and only if 8:9 . For odd , on the other hand, they derived some conditions that ')(

(1)

with three or four

trace terms is semi-bent. Then, they derived the construction of semi-bent functions of odd with higher degree from semi-bent functions of even

in (1), and also derived the construction

of bent functions with higher degree from semi-bent functions of odd . Applying the techniques developed in [13], Ma, Lee, and Zhang [18] showed that a necessary condition for the bent functions with such a representation is as follows.

5 > given by (2) to be bent is 8R9O; [18] necessary and sufficient condition for where 5

and

6

0 , respectively, where

is odd prime and the

with odd . An enumeration of such quadratic bent

0 is also given in Section III. For

0 , we list the result of

the enumeration without proof in Section IV, since the proof is similar to that of

0 but

rather lengthy. In Section V, we demonstrate a way to apply the iterative method of Charpin, Pasalic, and Tavernier for constructing bent functions of

variables with degree

5

using the

quadratic bent functions constructed in this paper. Concluding remarks and discussion will be given in Section VI. II. P RELIMINARIES The following notation will be used throughout the paper. -

is odd prime with

; 0

>

.

is the order of 0 modulo , i.e., the smallest integer

& represents the integer ring. #%$ ' &)( *R * is the finite field with # 5 # is a vector space over ')( > .

elements and

#,$+

such that 0!

> #"

, the multiplicative group of

with a set of all binary -tuples.

#-$

;

.

.

4

- Let

#

$

# to

5

and be positive integers is denoted$by

5

5 L

F , i.e., , i.e.,

@ 4 4 $

is simply denoted as

A. Boolean and polynomial functions

is a divisor of . The trace function from

4 Q!"# A

if the context is clear.

V = V5 6 # 5 !"# # 5 # be a vector in with . A function from to which > takes on values ( or is called a Boolean function. A Boolean function consists of a sum of all > possible products of ’s with coefficients ( or , i.e., - V % 576 !"#

5 where maximum value of with nonzero is called the degree of the Boolean function Let

.

# can berepresented as

5 = !Q# % 3

(4)

5 >

#

to

!"# 5 A

#

, its Hadamard transform is defined

!"# A

% 3! * .

3! is bent if ' 0 where is even. For odd , is semi-bent if +* L 3S! * )' ( 0 H, . . For even , on the other hand, ')( 0 -, . . Bent is semi-bent if

Then,

functions exist only for even . C. Cyclotomic polynomials A polynomial whose roots are the field elements of order is called the dth cyclotomic polynomial [17], denoted by

.

is a monic polynomial of order and degree ,

is the Euler-totient function, defined as the number of integers > [17]. has the following basic properties [1] [20].

where

R8 9O;

Property 1: Let

W U

4@>

prime.

!

be the th cyclotomic polynomial.

4 >

. In particular, "

0 ,

L6

"

L

"

with

where

is

L . In other words, % is self-reciprocal (A polynomial 6 & L & L ). self-reciprocal if & with degree is called 1 6 @ 6 4 6 4 4 4?> For prime , . For prime , . ' ' For

#

>

of

$

A cyclotomic polynomial is irreducible over the integer ring over

#

&

, but it may not be irreducible

. Throughout this paper, we consider cyclotomic polynomials over

useful properties on the factorization of

# over

L

is irreducible over

#

. We list several

without proofs. For more details, see [1],

[17], and [20]. Property 2:

#

if and only if

; 0

is .

Property 3: For prime , let irreducible over #

6

#

L

&

6

& L- &

where &

. Then, the degree and the order of each &

for

>

L

>

are given byis

for

and , respectively.

= be distinct monic irreducible polynomials # # 6 = =%

are distinct over of degree and order , and let . Then, # # monic irreducible polynomials over of degree ' and order .

Property 4: For prime , let

D. A criterion of bent functions with quadratic exponents For odd , Khoo, Gong, and Stinson showed a necessary and sufficient condition for a semibent function with quadratic exponents [13] [14]. Similarly, a necessary and sufficient condition for a bent function with quadratic exponents can be directly resulted from the techniques developed in [13] and [14]. The following fact appears in [18]. Fact 1: For even , let

5OM 6 % 4 5OM 5 Then, is bent if and only if 8:9 > . 5 4 > 4 > 8:9 >

.

given by (2)

’s [18]. Thus, the total number of such

7

III. C ONSTRUCTION

AND ENUMERATION FOR

0

In this section, we construct and enumerate all bent functions given by

for

0

5 > or ; 0

with , where is odd prime with ; 0

odd .

(6)

6

with

need some preparations on the greatest Before we present the construction and enumeration, we common divisor of

L

cyclotomic polynomial

L 1 . In the following, when #

given by (3), i.e.,

we talk about a root of a polynomial over

# extension field of . Lemma 1: Let

Then,

W

be

, we always mean that the root belongs to some

reduced modulo

"

4@>

, and

be a root of

4 >

with

>

.

4 > ; ? 6 (7) 4 6 4 > 4 6 4 6 4 > 3 4 4 4 6 1 6 . where ; > or ; 0 6 where is odd. Then, Let be odd prime with 0

4 > > if and only if 8:9 > A (8) 0 W Proof: can as be rewritten 6 6 L 4 5V6 4 4 5V6 4 4 576 4 4 5V6 3 6 (9) 7 5 6

4 4 A 4 4

6 3

4?> Hence, we obtain (7) from (9) modulo . For the prime , 4@> where . We may write 1 4 6 4?> L= LH > : 8 < 9 ; . Then, .

8

If

; 0

>

L

,

# . Hence, 8R9O; = 4 >

is irreducible over

8:9 >

The last equivalence is from the Euclidean algorithm. By comparing (8).

(10)

and

L

, we obtain

; 0 6 where is odd, on the other hand, & & where & L # @ & 6 L and & are irreducible over with & [6]. Note that if is a root of & , 6 6 then is a root of & , and vice versa. (Note that if is a root of & , then cannot 5 > If

is a root of

be its root [6].) Since

, the order of

is , i.e.,

. From (3),

therefore, 5OM 6 5OM 6 4 576 4 5OM 4 6 4 6R5OM 3 6 and thus is a root of if is its root. If has the irreducible factor & , therefore, & L it simultaneously has the other irreducible factor , and vice versa. Hence, (10) is also true > ;

in this case. Similar to the case of

Theorem 1: Let

6

for

>

where

where

Note that

6

with

>

%

0

, we obtain (8).

be odd prime with

6 0

Proof: From Fact 1 and Corollary 1, ,

; 0

>

or

; 0

6

(11)

0

%

%

, denoted by

, is given by

A

is the number of non-bent functions of

> %

is non-bent if and only if (8) is achieved. Therefore,

if and only if there exists at least one the proof for the first part of the result.

for

>

6

.

is bent

such that (11) is true, which completes

9

5

Next, we consider the enumeration of vectors that we can arrange the elements of

where

(

. Then,

Thus, we see that all

..

into an

.

3

.. .

6 6

.. .

.. .

6 6 6

> > . of the entries is equal to the sum in the th column of for

’s occurring in and 6 in (11) are distinct. In the following, we will 6

the condition of (8) is equivalent to

6 6

count the number of non-bent functions, i.e., the number of vectors

i.e.,

which satisfy (11). Note

matrix as follows.

5

for all

>

satisfying (8). Note that

>

0

> 4 6 6 > for all > A (12) 6 4 6 4 6 4 0

5 6 ! % 4 4 > 4 For each , there are 0 ’s in (12) where '

0

% 4 0 6 > . . For (12), the number of ’s which take on the value > should be

4 4 4 1 6 odd for each . Therefore, there are 6 choices of such 6

’s for each . Since there are choices of , the number of ’s satisfying (12) is given by 6 6 A 0 0 4?> 0 ! ' 0

Meanwhile, there are no conditions on ’s for . in . Thus, the number of choices of such ’s is given by 6 6 A 0

0 4

4

4

Consequently, the number of vectors

which satisfy (8) is given by

5 of vectors

which is equal to the number vectors

0

producing the non-bent functions. Therefore, the number

producing the bent functions is given by

.

10

TABLE I C ONSTRUCTION OF BENT FUNCTIONS WITH QUADRATIC EXPONENTS FOR

9, 65 17, 33, 65 9, 17, 33, 65 5, 33, 65 5, 9, 33, 65 3, 33, 65 3, 9, 33, 65

Remark 1: The first few primes

is the th column vector of column vectors

' 6 and

. Then,

0

to ( .

> 0 0

Thus,

% 1

,

3, 17, 65 3, 9, 17, 65 3, 5, 65 3, 5, 9, 65 3, 5, 17, 33, 65 3, 5, 9, 17, 33, 65

6

)' 6 *

where

'

for

(

>

is bent if and only if there exists at least a pair of such that the sum of elements in the pair is equal

.-

4

4

(

, +

4

+ ,

is bent if and only if

4

,

(

can be free to choose. Also, the number of bent functions is given by

>

0

,

0

0

> $0 > $ A

bent functions are listed in Table I.

Note. For

>$

All possible

with

5, 17, 65 5, 9, 17, 65

, the matrix representation of each coefficients is given by

and

&%('V)'

%

Trace exponents

"#: $ > >

0

> for

Example 1: For

)

is useful for understanding the construction in Theorem 1. In other

words, in the proof of Theorem 1, let

'

(65 CORRESPONDS TO

of Theorem 1 are

R B> > > !>

Note that the matrix

65

Trace exponents

0 , we have

6

such that

6

. Thus,

%

is bent if and only if there exists at least one

. In Theorem 2 of [18], the authors attempted to state the

sufficient condition of this result. However, the assertion appeared there is not in a clear way.

11

IV. C ONSTRUCTION

FOR

0

In this section, we present a necessary and sufficient condition on

bent for

6

0

with

>

and

1

circular symmetric with

if

Lemma 2: Let

'

>

4 >

where

3 6

is the

W

Proof:

>

given by (6) is

>

6

>

; 0

is called

be circular symmetric

, and

such that

contains all monomial terms of

6 @

'

A 0

or

L

'

, where

.

'

is even. Then,

4 > !"# ' , then 6 6 LT 4 ' A ' '

6 ' 6 L

'

The circular symmetric polynomial

property.

6

1

In other words,

and

L !"# % *

degree ; 0

. Assume that there exists a polynomial

W

From

is odd prime with ; 0

following definition with odd . We start from the and lemma.

Definition 1: Let

with

0 , where

%

’s that

'

6 4

6 ' '

'

and the self-reciprocity of

'

6 6 ?

'

V

'

'

6

#

'

#

6 A

with

6 4 '

>

4

'

has the following

4 >BA '

(13)

(Property 1 in Section II),

6 V

'

.

'

'

'

6

#

6

'

(14)

From (13) and (14), we have

Therefore,

'

6

#

'

'

'

6

#

6 4 -

'

6 4

!

?

'

'

'

4?>BA

4 > '

!

A

'

L-

'

(15)

12

- > , we have ; 6 > where

> > > 6 . Furthermore,

( ( from ( . Thus, can be ' 1 ' 6 !"# > 4 written as where . Hence, we have 6 6 6 # 6 ' 6 4 ' 6 4 ' ' (16) ' ' ' ' a variable from 6 to . Applying this to where the last equality is from the change of ;

0

L

is given by (3) for

.

for the case of

following two lemmas on Lemma 3: Let

, we need to investigate

be

0

reduced modulo

0 with

#"

>

and

'

4K>

reduced modulo

4 > '

>

0 . Then,

'

0 . In order to do so, we need the

for each with

4 > 6 ' ' 4 ' 6 4?> 4

;

with

,

'

6

, where

4

'

6 4 >

(17)

6 1 . Furthermore, L is circular symmetric. where ' ' L can be rewritten as Proof: Similar to (9), 6 6 ' 4 5V6 4 4 576 4 ' 4 576 4 4 576 ' ' ' ' ' ' ' 6 4 576 4 A 4 4

6 ' ' 6 1 is given by (17), which shows is circular symmetric. With , ' '

13

Lemma 4: With the notation of Lemma 3,

W 8:9 - > if and only if 8R9O; . ' ' 6 > or ; 0

Let be odd prime with ; 0 where is odd. Then, 8:9 if and only if 8R9O; LH . ' ' ' W L , From the definition of Proof: L V= 4 > 4 7 L 4 ' 7L 4S> where is a quotient of divided by ' . Hence, if has a common factor with ' L , then it also has the common factor with , and vice versa. , from Property 4 in Section If ; 0 II, is irreducible over for a

W '

given . From the irreducibility of

'

and Lemma 4-

, we have

8R9 ' L= ' LH (18) A 8R9 A 0 ' ' ' & & where & and & are the irreducible factors of such that and ? 6 & L & # & & [6]. From Property 4, and are irreducible over and reciprocal & 6 & @ > ' to each other, i.e., . Let be a root of . Then, . If is a root ' & 6 & & , then is a root of , and vice versa. (Note that if is a root of , then of 6 & cannot be its root. If it were true, then this holds for any other roots of and thus the 8R9

14

&

number of valid roots of

6 , the degree

5 > , we have ' from (17), we have . Thus, ' 6 6 ' 4 ' 6 4?> ' 4 6 4 >BA 3 6 if is its root. Therefore, if has the irreducible factor & L , Hence, is a root of & then it simultaneously has the other irreducible factor , and vice versa. Similar to the case > , we have (18) for a given . of ; 0

of

&

, is odd.) Since

should be even, which is impossible because

is a root of

In (17), we denote

where we set

' .

'

>

for each with

..

'

.. .

. Let

be a

3

'

4

' .

.. .

..

.. . 3

'

6 '

>

>

6 matrix whose entries are given by , i.e., 6 6 6

(19)

'

'

'

.. .

.. .

' ..

6

'

.

'

.. .

'

..

'

.. .

.

'

'

'

'

6 6 ' ' > . We write

.. .

6 '

'

6 (20) 6 where is the th column vector of . From (19), we have . Using the matrix , we give the construction of all bent functions represented by (6) for 0 with >

'

'

and

6

0 .

Theorem 2: With the above notation, let

where

is odd, and

bent if and only if for each with

>

be odd prime with

0 with

>

and

; 0

%

0 . Then,

that , given by (20), is not a constant vector. In other words, such 6 where ! ')( > . for at least one with > .

, there exists at least one

for

'

>

or

; 0

(

given by (6) is

> >

'

>

6

or

15

Proof: Similar to the proof of Theorem 1, we will derive the conditions on given by (6) to be non-bent.

for

%

L= 5 4 > 8R9 " 5

> . Since > are all factors of 4 > 4 > , we have 8R9 > ’s for " ' - > if and only if 8R9 >

that if ; 0 or ; 0 with odd , then 8:9 4 1 ' 6 !"# where . is circular symmetric with ; O8 - > . Hence, is also From Lemma 3, - 6 >

circular symmetric with ; 4 ' 4 ' 6 6 ' A '

From Fact 1 and Corollary 1,

L

is bent if and only if 8:9 6 6 4 6 4?> 4 ' 4 ' 6 ' ' '

3 ' 3 ' 4 6 = 4 6 4?>

3 ' ' ' ' ' ' 6 6 6 6 4 ' 4 6 6 ' 4 ' ' = %4 ' ' ' 3 6 4 6 6 A 4 ' 6 ' 4?> 4 '

' ' ' ' '

3 ' 3

(23)

16 column index

,

6

'

'

,

Fig. 1.

Submatrix structure of

row index

6

'

By comparing (22) and (23), we have

> FD EC

>

6

(24) 6 > and ( 6 A 6 > Thus, for the non-bent case, the entries of , with , are determined by (24). This is equivalently saying that each column of is a constant vector if and only if is

'

(

>

and

'

non-bent. This completes the proof for Theorem 2.

In the following, we write entries of We see that

in detail in order to better understand Theorem 2.

consists of several submatrices in Fig 1, which are defined as follows. Each of

is an

matrix, where

6 >

and

'

6

. Also, each of 6 > for

and

is a

6 > matrix, and each of and is an matrix. From , if ' ' % * %

6 6 * . We denote this relation by . Similarly, we have . , then % % 6 )* , denoted by . Thus, each element in is Also, if * , then column vectors , respectively. In other words, of determined by each element in

for '

6

>

are determined by column vectors

> 0 ,

and 0 . For > 4 4 4 4 + 4 4 ,

Example 2: For

>

>

for

>

4

"

" 4 4 , 4 !

+

'

, i.e.,

, we consider

! 4 4

6 .

17

From Theorem 2,

at

>

for

+!

>

",

4 - 4

" (

(25)

0 , on the other hand,

>

,

4

-

4 4 +! 4

" ,

4 4 ", 4

! +

0 for

+

! 4 4

4 4 - " ! A 4 4 4 - + , , + 4 ! 4 " 4

-

at

4

defined by (6) to be bent. If

Hence,

4

4

%

(

or the vector

4 " 4 ! 4 + ,

is not constant

(26)

defined by (6) to be bent. Both (25) and (26) must be achieved so that

is bent. Hence, we see that

L

%

is bent at the - following two exclusive cases.

W 4 $" 4 ! 4 4 4 " ( and 4 ( cases, or J 4 + " 4 ! 4 , > > = > O > > > " cases. ( ( ( and 4 + , 4 > W ! " . For example, with is required to distinguish - from In , +=, >B>)> > 4 4 ! 4 4 ( ( (B( , is bent. Finally, we have in total of , , , $ " 4 " >B> % W 6 6 (27) 0 5 0 0

0 G 0

where the second term is the number of non-bent functions, denoted by

5 . The proof of (27)

is similar to those of the enumeration part of Theorem 1, but one needs to consider the condition for

. This makes the proof rather lengthy, so we omit it here.

If

, in order to obtain the exact formula for the enumeration of the bent functions

constructed in Theorem 2, one has to carefully distinguish a number of cases because the

on conditions imposed with

>

.

’s in

for bent (or non-bent) functions are not independent for each

18

V. I TERATIVE

CONSTRUCTION OF HIGH DEGREE BENT FUNCTIONS USING QUADRATIC BENT FUNCTIONS

In [6], Charpin, Pasalic, and Tavernier proposed a recursive construction of bent functions with high degree using bent functions with low degree. In this section, we apply this iterative method to construct bent functions with high degree using bent functions with quadratic exponents. As an example, we give the case of bent functions of


5

using quadratic

bent functions in polynomial forms. In [6], Charpin, Pasalic, and Tavernier established the following fact to obtain bent functions

with higher degree.

% 576 !"# with , let and be distinct # 5 # 5 and 5 defined by bent functions from to . Then,

= @ 5 4 > 4 5 = 5 4 - 4 > 4 5 # 5 # V 5 5 3 defined by are semi-bent functions from to . Also,

7

5 5 7 4 5 5 # 5 # 5 5 and V 5 5 3 is given is a bent function from to . The degree of

Fact 2: For even

by

and

-V

; 4

*

4

of 0

4 .



Step 5) Iteration: If

and iterate Step 2) In the above procedure,

4

Step 4) Higher degree bent function: Compute a bent function

variables.

semi-bent Step 3) Intermediate functions: Compute semi-bent functions

4 "

*

of 0

and

4 $

.

, stop iterations. Otherwise, increase

by 1, go back to Step 2)

5).

6 is the bent function of 0

variables with degree . The following

is an example which illustrates the above iterative construction. Example 3: Following the above iterative procedure, we obtain a bent function of 12 variables

$

with degree 1)

(

.

: At Steps 1 and 2, we consider quadratic bent functions whose trace representations

$

are given by

VLT

4

+

= ,

V

*

+

4

A ,

of # where is a primitive element of # defined by + 4 4 > ( and 1 , we convert V and * V into their Boolean representations which are given by V @ 4 4 4 + 4 4 4 O V * V * @ 4 -+ 4 * O

where the computation is performed in

. At Step 3, concatenating

and

, two semi-

bent functions of 5 variables with degree 3 can be constructed, i.e.,

* 4 > 4 * = = 4 4 V O% + H 4 > 4 * O V = A

+

+

+

At Step 4, a new bent function of 6 variables with degree 3 can be constructed by concatenating

, i.e., -O%

and

,

?

,

-V 4 > 4 V = A

+

,

+

20

2)

> : At !- Step 2,$we $ select a quadratic bent function - * from * $ L 4 # 4 4 > ( where is defined by * V From the similar approach to 1), its Boolean representation * 4 * and functions , and a bent function + % ! $ with degree 4, respectively. of8 variables " 4 " + * ! # where is defined by 4 + 4 4 4 > 0 : At Step 2, + 1 ! * . Then, the Boolean representation of is given by ( and * V 4 4 4 4 4 4 4 ! 4 !

3)

-

-

, , , + , 4 ! 4 4 ! 4 ! + , # , where the computation is performed in . At Steps - 3 and 4, we obtain - a new bent function of 10 variables with degree 5 - defined by , where and are semi-bent functions , * * > 4 , respectively. , defined by and $ , * 4 : At Step 2, whose Boolean representation is given by

4)

,

-

V 4 4 4 4 4 4 " 4 ! 4 4 " 4 4 ! + + 4 4 " 4 4 ! 4 "4 ! 4 4 + + , + , , # 1 4 4 > where is defined by , and the computation is performed (, # ! " in . At Steps 3 and 4, , where ! and " are semi-bent functions defined by ! * " > 4 + * *

and

, respectively. Since

, iterations stop.

bent function with degree 6. We summarize the Boolean representations of VI. C ONCLUSION

and

is a

+

in Table II.

+

AND DISCUSSION

represented by a polynomial form (2) by giving a We have constructed all bent functions necessary and sufficient condition on odd prime with

; 0 S

>

’s for

S or ; 0

such bent functions has also been given for

0

0

6

with

with

>

and

>

, where

is

with odd . The enumeration for

>

and

> 0

. Applying the

21

TABLE II B ENT FUNCTIONS OF

5-

"

VARIABLES WITH DEGREE

,

.

Bent functions

3

3

Degree

+ , -

recursive method of Charpin, Pasalic, and Tavernier, we have demonstrated an iterative procedure to construct bent functions with maximum degree using the polynomial quadratic bent functions constructed in this paper. In this correspondence, however, we did not study the case for general . In the light of the constructions for

#

0 , for general , we need to know the complete factorization over

of the th cyclotomic polynomials where is a factor of . Unfortunately, this is unknown in the literature even for the case

*

[16] where both

and

*

are primes.

ACKNOWLEDGMENT The authors would like to thank Dr. Pascale Charpin for sending the preprint of [6]. R EFERENCES [1] E. R. Berlekamp, Algebraic Coding Theory. Aegean Park Press, CA, Revised ed. 1984. [2] A. Canteaut, C. Carlet, P. Charpin, and C. Fontaine, “On cryptographic properties of the cosets of

,” IEEE

Trans. Inform. Theory, vol. 47, no. 4, pp. 1494-1513, 2001. [3] A. Canteaut and P. Charpin, “Decomposing bent functions,” IEEE Trans. Inform. Theory, vol. 49, no. 8, pp. 2004-2019, 2003.

22

[4] C. Carlet, “A larger class of cryptographic Boolean functions via a study of the Maiorana-McFarland construction,” Advances in Cryptology - CRYPTO 2002, no. 2442 in Lecture Notes in Computer Science, pp. 549-564, 2002. [5] C. Carlet, P. Charpin, and V. A. Zinoviev, “Codes, bent functions and permutations suitable for DES-like cryptosystem,” Designs, Codes, and Cryptography, vol. 15, pp. 125-156, 1998. [6] P. Charpin, E. Pasalic, and C. Tavernier, “On bent and semi-bent quadratic Boolean functions,” IEEE Trans. Inform. Theory, vol. 51, no. 12, pp. 4286-4298, Dec. 2005. [7] J. F. Dillon, “Elementary Hadamard difference set,” Ph. D. Thesis, University of Maryland, 1974. [8] J. F. Dillon, “New cyclic difference sets with Singer parameters,” Finite Fields and Their Applications, pp. 342-389, 2004. [9] H. Dobbertin, G. Leander, A. Canteaut, C. Carlet, P. Felke, and P. Gaborit, “Construction of bent functions via Niho power functions,” Journal of Combinatorial Theory, Series A, to appear. [10] S. W. Golomb and G. Gong, Signal Design for Good Correlation - for Wireless Communication, Cryptography and Radar. Cambridge University Press, 2005. [11] T. Helleseth and P. V. Kumar, Sequences with Low Correlation. a chapter in Handbook of Coding Theory. Edited by V. Pless and C. Huffman, Elsevier Science Publishers, 1998. [12] T. Kasami, “Weight enumerators for several classes of subcodes of the 2nd-order Reed-Muller codes,” Information and Control, vol. 18, pp. 369-394, 1971. [13] K. Khoo, G. Gong, and D. R. Stinson, “A new characterization of semi-bent and bent functions on finite fields,” Designs, Codes, and Cryptography, to appear. [14] K. Khoo, G. Gong, and D. R. Stinson, “A new family of Gold-like sequences,” in Proc. of IEEE International Symposium on Information Theory (ISIT), p. 181, Lausanne, Switzerland, 2002. [15] S. H. Kim and J. S. No, “New families of binary sequences with low correlation,” IEEE Trans. Inform. Theory, vol. 49, no. 11, pp. 3059-3065, Nov. 2003. [16] T. Y. Lam and K. H. Leung, “On the cyclotomic polynomial

,” Amer. Math. Monthly 10, pp. 562-564, 1996.

[17] R. Lidl and H. Niederreiter, Finite Fields. Encyclopedia of Mathematics and Its Applications, vol. 20, Addison-Wesley, 1983. [18] W. Ma, M. Lee, and F. Zhang, “A new class of bent functions,”, IEICE Trans. Fundamentals, vol. E88-A, no. 7, pp. 20392040, July 2005. [19] F. J. MacWilliams and N. J. Sloane, The Theory of Error-Correcting Codes. Amsterdam: North-Holland, 1977. [20] R. J. McEliece, Finite Fields for Computer Scientists and Engineers. Kluwer Academic Publishers, vol. 23, 1987. [21] R. L. McFarland, “A new family of noncyclic difference sets,” Journal of Combinatorial Theory, Series A, 15, pp. 1-10, 1973. [22] J. D. Olsen, R. A. Scholtz, and L. R. Welch, “Bent-function sequences,” IEEE Trans. Inform. Theory, vol. 28, pp. 858-864, 1982. [23] P. Udaya, “Polyphase and frequency hopping sequences obtained from finite rings,” Ph. D. dissertation, Dept. Elec. Eng., Indian Inst. Technol., Kanpur, 1992.