Counting the number of differentially active S-boxes is of great importance in evaluating the security of a block cipher against differential attack. Mouha et al. proposed a technique based on Mixed-Integer Linear Programming (MILP) to automatically calculate a lower bound of the number of differentially active S-boxes for word-oriented block ciphers, and applied it to symmetric ciphers AES and Enocoro-128v2. Later Sun et al. extended the method by introducing bit-level representations for S-boxes and new constraints in the MILP problem, and applied the extended method to PRESENT-80 and LBlock. This kind of methods greatly depends on the constraints in the MILP problem describing the differential propagation of the block cipher. A more accurate description of the differential propagation leads to a tighter bound on the number of differentially active S-boxes. In this paper, we refine the constraints in the MILP problem describing XOR operations, and apply the refined MILP modeling to determine a lower bound of the number of active S-boxes for the Lai-Massey type block cipher FOX in the model of single-key differential attack, and obtain a tighter bound in FOX64 than existing results. Experimental results show that 6, instead of currently known 8, rounds of FOX64 is strong enough to resist against basic single-key differential attack since the differential characteristic probability is upper bounded by 2-64, and thus the maximum differential characteristic probability of 12-round FOX64 is upper bounded by 2-128, where 128 is the key-length of FOX64. We also get the lower bound of the number of differentially active S-boxes for 5-round FOX128, and proved the security of the full-round FOX128 with respect to single-key differential attack.

In this paper, we derive a simple formula to generate a wide-sense systematic generator matrix(we call it quasi-systematic) B for a Reed-Solomon code. This formula can be utilized to construct an efficient interpolation based erasure-only decoder with time complexity O(n2) and space complexity O(n). Specifically, the decoding algorithm requires 3kr + r2 - 2r field additions, kr + r2 + r field negations, 2kr + r2 - r + k field multiplications and kr + r field inversions. Compared to another interpolation based erasure-only decoding algorithm derived by D.J.J. Versfeld et al., our algorithm is much more efficient for high-rate Reed-Solomon codes.

In this paper, we present an average-case efficient algorithm to resolve the problem of determining whether two Boolean functions in trace representation are identical. Firstly, we introduce a necessary and sufficient condition for null Boolean functions in trace representation, which can be viewed as a generalization of the well-known additive Hilbert-90 theorem. Based on this condition, we propose an algorithmic method with preprocessing to address the original problem. The worst-case complexity of the algorithm is still exponential; its average-case performance, however, can be improved. We prove that the expected complexity of the refined procedure is O(n), if the coefficients of input functions are chosen i.i.d. according to the uniform distribution over F2n; therefore, it performs well in practice.

In this paper, we deal with the algebraic immunity of the symmetric Boolean functions. The algebraic immunity is a property which measures the resistance against the algebraic attacks on symmetric ciphers. It is well known that the algebraic immunity of the symmetric Boolean functions is completely determined by a narrow class of annihilators with low degree which is denoted by G(n,). We study and determine the weight support of part of these functions. Basing on this, we obtain some relations between the algebraic immunity of a symmetric Boolean function and its simplified value vector. For applications, we put forward an upper bound on the number of the symmetric Boolean functions with algebraic immunity at least d and prove that the algebraic immunity of the symmetric palindromic functions is not high.

In this note, we go further on the “basis exchange” idea presented in [2] by using Mobious inversion. We show that the matrix S1(f)S0(f)-1 has a nice form when f is chosen to be the majority function, where S1(f) is the matrix with row vectors υk(α) for all α ∈ 1f and S0(f)=S1(f ⊕ 1). And an exact counting for Boolean functions with maximum algebraic immunity by exchanging one point in on-set with one point in off-set of the majority function is given. Furthermore, we present a necessary condition according to weight distribution for Boolean functions to achieve algebraic immunity not less than a given number.

Construction of quaternion design for Space-Time-Polarization Block Codes (STPBCs) is a hot but difficult topic. This letter introduces a novel way to construct high dimensional quaternion designs based on any existing low dimensional quaternion orthogonal designs(QODs) for STPBC, while preserving the merits of the original QODs such as full diversity and simple decoding. Furthermore, it also provides a specific schema to reach full diversity and maximized code gain by signal constellation rotation on the polarization plane.

Research on permutation polynomials over the finite field F22k with significant cryptographical properties such as possibly low differential uniformity, possibly high nonlinearity and algebraic degree has attracted a lot of attention and made considerable progress in recent years. Once used as the substitution boxes (S-boxes) in the block ciphers with Substitution Permutation Network (SPN) structure, this kind of polynomials can have a good performance against the classical cryptographic analysis such as linear attacks, differential attacks and the higher order differential attacks. In this paper we put forward a new construction of differentially 4-uniformity permutations over F22k by modifying the inverse function on some specific subsets of the finite field. Compared with the previous similar works, there are several advantages of our new construction. One is that it can provide a very large number of Carlet-Charpin-Zinoviev equivalent classes of functions (increasing exponentially). Another advantage is that all the functions are explicitly constructed, and the polynomial forms are obtained for three subclasses. The third advantage is that the chosen subsets are very large, hence all the new functions are not close to the inverse function. Therefore, our construction may provide more choices for designing of S-boxes. Moreover, it has been checked by a software programm for k=3 that except for one special function, all the other functions in our construction are Carlet-Charpin-Zinoviev equivalent to the existing ones.

It is well known that Boolean functions used in stream and block ciphers should have high algebraic immunity to resist algebraic attacks. Up to now, there have been many constructions of Boolean functions achieving the maximum algebraic immunity. In this paper, we present several constructions of rotation symmetric Boolean functions with maximum algebraic immunity on an odd number of variables which are not symmetric, via a study of invertible cyclic matrices over the binary field. In particular, we generalize the existing results and introduce a new method to construct all the rotation symmetric Boolean functions that differ from the majority function on two orbits. Moreover, we prove that their nonlinearities are upper bounded by .

In this letter, some more concrete trellis relations between a lattice and its dual lattice are firstly given. Based on these relations, we generalize the main results of [1].

Vectorial Boolean functions play an important role in cryptography, sequences and coding theory. Both affine equivalence and EA-equivalence are well known equivalence relations between vectorial Boolean functions. In this paper, we give an exact formula for the number of affine equivalence classes, and an asymptotic formula for the number of EA-equivalence classes of vectorial Boolean functions.

In this paper, we study trellis properties of the tensor product (product code) of two linear codes, and prove that the tensor product of the lexicographically first bases for two linear codes in minimal span form is exactly the lexicographically first basis for their product code in minimal span form, also the tensor products of characteristic generators of two linear codes are the characteristic generators of their product code.

It is known that Boolean functions used in stream ciphers should have good cryptographic properties to resist fast algebraic attacks. In this paper, we study a new class of Boolean functions with good cryptographic properties: balancedness, optimum algebraic degree, optimum algebraic immunity and a high nonlinearity.

Constructing APN or 4-differentially uniform permutations achieving all the necessary criteria is an open problem, and the research on it progresses slowly. In ACISP 2011, Carlet put forth an idea for constructing differentially uniform permutations using extension fields, which was illustrated with a construction of a 4-differentially uniform (n,n)-permutation. The permutation has optimum algebraic degree and very good nonlinearity. However, it was proved to be a permutation only for n odd. In this note, we investigate further the construction of differentially uniform permutations using extension fields, and construct a 4-differentially uniform (n,n)-permutation for any n. These permutations also have optimum algebraic degree and very good nonlinearity. Moreover, we consider a more general type of construction, and illustrate it with an example of a 4-differentially uniform (n,n)-permutation with good cryptographic properties.

In algebraic attack on stream ciphers based on LFSRs, the secret key is found by solving an overdefined system of multivariate equations. There are many known algorithms from different point of view to solve the problem, such as linearization, relinearization, XL and Grobner Basis. The simplest method, linearization, treats each monomial of different degrees as a new variable, and consists of variables (the degree of the system of equations is denoted by d). Thus it needs at least equations, i.e. keystream bits to recover the secret key by Gaussian reduction or other. In this paper we firstly propose a concept, called equivalence of LFSRs. On the basis of it, we present a constructive method that can solve an overdefined system of multivariate equations with less keystream bits by extending the primitive polynomial.

Permutation polynomials have important applications in cryptography, coding theory and combinatorial designs. In this letter, we construct four classes of permutation polynomials over 𝔽2n × 𝔽2n, where 𝔽2n is the finite field with 2n elements.

Two classes of 3rd order correlation immune symmetric Boolean functions have been constructed respectively in [1] and [2], in which some interesting phenomena of the algebraic degree have been observed as well. However, a good explanation has not been given. In this paper, we obtain the formulas for the degree of these functions, which can well explain the behavior of their degree.

A Boolean function is said to be correlation immune if its output leaks no information about its input values. Such functions have many applications in computer security practices including the construction of key stream generators from a set of shift registers. Finding methods for easy construction of correlation immune Boolean functions has been an active research area since the introduction of the notion by Siegenthaler. In this paper, we present several constructions of nonpalindromic correlation immune symmetric Boolean functions. Our methods involve finding binomial coefficient identities and obtaining new correlation immune functions from known correlation immune functions. We also consider the construction of higher order correlation immunity symmetric functions and propose a class of third order correlation immune symmetric functions on n variables, where n+1(≥ 9) is a perfect square.

It is well known that the trellises of lattices can be employed to decode efficiently. It was proved in [1] and [2] that if a lattice L has a finite trellis under the coordinate system , then there must exist a basis (b1,b2,,bn) of L such that Wi=span() for 1in. In this letter, we prove this important result in a completely different method, and give an efficient method to compute all bases of this type.

This paper introduces two schemes to put the decoding of the convolutional network code (CNC) into practice, which are named the Intermittent Packet Transmission Scheme (IPTS) and the Redundancy Packet Transmission Scheme (RPTS). According to the decoding formula of the sink nodes, we can see that, at the time k+δ in order to decode the source packet generated at time k, the sink node should know all the source packets generated before k-1. This is impractical. The two schemes we devised make it unnecessary. A construction algorithm is also given about the RPTS networks. For the two schemes, we analyze the strengths and weaknesses and point out their implemented condition.

Trellis diagrams of lattices and the Viterbi algorithm can be used for decoding. It has been known that the numbers of states and labels at every level of any finite trellis diagrams of a lattice L and its dual L* under the same coordinate system are the same. In the paper, we present concrete expressions of the numbers of distinct paths in the trellis diagrams of L and L* under the same coordinate system, which are more concrete than Theorem 2 of [1]. We also give a relation between the numbers of edges in the trellis diagrams of L and L*. Furthermore, we provide the upper bounds on the state numbers of a trellis diagram of the lattice L1L2 by the state numbers of trellis diagrams of lattices L1 and L2.