El campo de la Comunicación, el Arte y la Expresión en el ciclo de

The work in this chapter is intended to set the ball rolling. Nevertheless, it should contribute in some way to the overall thesis proposition.

3.10.1

A Significant Increase in Power?

The following lend credence to the claim that, within the domain of application, the power of the techniques is significantly greater than evidenced in publicly available literature:

The techniques have generated counter-examples to conjectures by theo- reticians. As far as the author is aware, counter-examples to cryptological conjectures by theoreticians have not previously been demonstrated using optimisation techniques. Counter-examples were occasionally generated in a few seconds. Thus, metaheuristic search can provide a very efficient means of gaining confidence in conjectures or else disproving them.

The nonlinearity and autocorrelation values attained using the methods de- scribed in this chapter match or improve on those documented existing optimisation-based literature. By adopting a somewhat indirect approach, it has proved possible to obtain high nonlinearity and low autocorrelation via a single cost function family (and with high algebraic degree). The ap- proach is also very efficient in terms of execution time, due to the ability to carry out a significant amount of precomputation.

The ability to generate functions with high algebraic degree pretty much as a consequence of the way search works is a feature that could prove of considerable use. It would be interesting to determine whether more sophisticated criteria for complexity are also attained.

The nonlinearity results of Millan for bijective S-boxes [79] have been im- proved with a natural extension of the NCT and ACT Boolean function approaches. The nonlinearity and autocorrelation results by Burnett et al. for 8 by m S-boxes have been significantly improved (indeed S-boxes were demonstrated with properties that simultaneously exceeded the best previ- ous values for each). In the latter case the results were stated as the authors’ current conjectures on achievable properties. These have been exceeded.

3.10.2

Toolkit Contributions

This section starts the conceptual toolkit promised in Chapter 1. The contributions in this respect are:

Establishing the potential for indirect approaches and exploiting problem structure in unusual ways. Recall that the initial motivation was geared to the derivation of highly nonlinear functions. Measurements of other prop- erties were a secondary concern. Breaking autocorrelation conjectures with

the NLT approach could accurately be described as ‘accidental’. The deci- sion to record characteristics lead to a much more thorough examination of multiple properties.

Establishing optimisation as a test device for proposed conjectures.

Indicating the potential for unusual cost function families that essentially act as approximations to the actual cost surfaces of interest.

Higher-level optimisation has been shown to have potential for use in cryp- tological problems.

3.11

Open Problems

Here is a list of hopefully interesting questions, prompted by the research pre- sented so far, to which I do not know the answer:

1. Histogram approaches. Can cost functions based on spectral distribution histograms improve the results presented here? Thus, one could start with a desired spectral histogram (e.g. 4

with value zero, 24 with value 4 etc.) A cost function could be created that punished deviation from the desired histogram. Ideas along these lines have emerged recently at the SRC (Millan) as well as to the author (work on histogram-based cost functions for a different problem appears in the next chapter). Histogram approaches will have to cope with problems of discontinuity. However, smoothing methods of some form could be deployed.

2. Optimisation sophistication. How far can the results be improved by adopt- ing more sophisticated optimisation techniques? The results have been ob- tained with what might accurately be described as ‘vanilla’ simulated an- nealing. What might happen if the metaheuristic search community brought its expertise (over thirty years in the making) to bear on these problems? 3. Can theory and optimisation be used more harmoniously? For example, the

following theorem has recently been proved:

Let be a (8,0,-,118) function (if such exists). Then the degree of must be 7 and it is possible to write

where and

are 7-variable functions, each having nonlinear- ity 55 and degree 7.

Can optimisation be used to co-evolve appropriate components to achieve an (8,0,-,118) function? The demonstration of such a function would be a significant result.

4. Can optimisation be used to plant trapdoors in Boolean functions and S- boxes?

3.11.1

Summary

This is the first technical research chapter of the thesis and aims to get the ball rolling. There are clearly limitations to what the method proposed here can achieve and further work is needed. However, the techniques have been shown to be ca- pable of demonstrating results of interest. They do so very simply. As it happens, the experimentation performed so far has more surprises in store.

Chapter 4

Correlation Immunity

For small numbers of input variables, annealing-based approaches can be used to evolve Siegenthaler optimal functions of all orders with the highest possible nonlinearity. The autocorrelation of such evolved functions is often extremely low. This is achieved with a minor modification to the approaches of the previous chap- ter. It is also shown that the research of the last chapter has achieved more than has so far been appreciated. Correlation immune functions are also evolved via a highly unusual approach based on inversion of the Walsh-Hadamard spectrum. The approach starts with a spectrum with appropriate properties and attempts to evolve a permutation which gives rise to a Boolean function under inversion. It is Boolean structure that is evolved. The work is generalised to show how the approaches taken extend naturally to the evolution of bent functions and the evo- lution of functions satisfying particular propagation criteria.

4.1

Introduction

Siegenthaler was the first to demonstrate how correlation between values of small numbers of inputs to a combining function and the value of its output could form the basis of an effective cryptanalytic attack on a standard stream cipher model — the divide and conquer attack described in Chapter 2 [113]. An attempt to characterise resilience to such attacks lead to the notion of the order of correlation immunity of Boolean functions [114]. A function is correlation immune of order (

for short) if all non-empty subsets of inputs of size are statistically independent of the output of that function. It is simpler, however, to work with Zhen and Massey’s characterisation in terms of the Walsh-Hadamard values [47]. A function is correlation immune of order if and only if

(4.1)

Balance, high nonlinearity and high algebraic degree are typical requirements for functions used in stream cipher designs and were the targets of the work of the previous chapter. An obvious question to ask is ‘Can the techniques developed so far be extended to encompass correlation immunity requirements?’ Address- ing this question forms the basis of the research in this chapter. There has been a considerable amount of theoretical work in the derivation of balanced, highly nonlinear correlation immune functions with high algebraic degree. This provides an obvious opportunity to determine how competitive optimisation techniques can be — there is plenty of competition. That the topic should continue to be an ac- tive area of research is testament to the fact it is not a ‘solved’ problem, or even an easy one.