Authors:Şaban Alaca; Goldwyn Millar Pages: 665 - 682 Abstract: Abstract Binary sequences with good autocorrelation properties and large linear complexity are useful in stream cipher cryptography. The Sidelnikov-Lempel-Cohn-Eastman (SLCE) sequences have nearly optimal autocorrelation. However, the problem of determining the linear complexity of the SLCE sequences is still open. It is well known that one can gain insight into the linear complexity of a sequence if one can say something about the divisors of the gcd of a certain pair of polynomials associated with the sequence. Helleseth and Yang (IEEE Trans. Inf. Theory 49(6), 1548–1552 2002), Kyureghyan and Pott (Des. Codes Crypt. 29, 149–164 2003) and Meidl and Winterhof (Des. Codes Crypt. 8, 159–178 2006) were able to obtain some results of this type for the SLCE sequences. Kyureghyan and Pott (Des. Codes Crypt. 29, 149–164 2003) mention that it would be nice to obtain more such results. We derive new divisibility results for the SLCE sequences in this paper. Our approach is to exploit the fact that character values associated with the SLCE sequences can be expressed in terms of a certain type of Jacobi sum. By making use of known evaluations of Gauss and Jacobi sums in the “pure” and “small index” cases, we are able to obtain new insight into the linear complexity of the SLCE sequences. PubDate: 2017-11-01 DOI: 10.1007/s12095-016-0208-3 Issue No:Vol. 9, No. 6 (2017)

Authors:Vladimir Edemskiy; Xiaoni Du Pages: 683 - 691 Abstract: Abstract Based on the generalized cyclotomy theory, we design some classes of sequences with high linear complexity over the finite fields. First, we construct a new class of sequence from some generalized cyclotomic sequences of different orders with different prime powers period. Then we obtain the discrete Fourier transform, defining pairs and the linear complexity of the new sequences. Finally, we study the linear complexity of a special class of q−ary (q prime) sequences. PubDate: 2017-11-01 DOI: 10.1007/s12095-016-0209-2 Issue No:Vol. 9, No. 6 (2017)

Authors:Nian Li; Tor Helleseth Pages: 693 - 705 Abstract: Abstract Motivated by recent results on the constructions of permutation polynomials with few terms over the finite field \({\mathbb F}_{2^n}\) , where n is a positive even integer, we focus on the construction of permutation trinomials over \({\mathbb F}_{2^n}\) from Niho exponents. As a consequence, several new classes of permutation trinomials over \({\mathbb F}_{2^n}\) are constructed from Niho exponents based on some subtle manipulation of solving equations with low degrees over finite fields. PubDate: 2017-11-01 DOI: 10.1007/s12095-016-0210-9 Issue No:Vol. 9, No. 6 (2017)

Authors:Limengnan Zhou; Daiyuan Peng; Hongbin Liang; Changyuan Wang; Hongyu Han Pages: 707 - 728 Abstract: Abstract In a quasi-synchronous frequency-hopping multiple-access system, relative time delay between different users within a zone around the origin can be allowed. Therefore, frequency-hopping sequence (FHS) sets with low-hit-zone (LHZ) have attracted great interest of many related scholars. Moreover, on account of the limited synchronous time or hardware complexity, the periodic partial Hamming correlation (PPHC) plays a major role in determining the synchronization performance. In this paper, we first present three new generalized methods to construct LHZ-FHS sets via Cartesian product. Meanwhile, we pay our attention to the maximum periodic Hamming correlation (PHC) of the constructed LHZ-FHS sets in the first generalized method, and to the maximum PPHC of the constructed LHZ-FHS sets in the rest generalized methods. In addition, we also introduce five new classes of optimal LHZ-FHS sets based on these three generalized methods. PubDate: 2017-11-01 DOI: 10.1007/s12095-017-0211-3 Issue No:Vol. 9, No. 6 (2017)

Authors:J. Wolfmann Pages: 729 - 736 Abstract: Abstract We introduce infinite sequences of Boolean functions whose terms all are bent functions or all are near-bent functions. PubDate: 2017-11-01 DOI: 10.1007/s12095-017-0212-2 Issue No:Vol. 9, No. 6 (2017)

Authors:Heiko Dietrich; Nathan Jolly Pages: 737 - 748 Abstract: Abstract Arrays with low autocorrelation are widely sought in applications; important examples are arrays whose periodic autocorrelation is zero for all nontrivial cyclic shifts, so-called perfect arrays. In 2001, Arasu and de Launey defined almost perfect arrays: these have size 2u×v and autocorrelation arrays with only two nonzero entries, namely 2u v and −2u v in positions (0,0) and (u,0), respectively. In this paper we present a new class of arrays with low autocorrelation: for an integer n≥1, we call an array n-perfect if it has size n u×v and if its autocorrelation array has only n nonzero entries, namely n u v λ i in position (i u,0) for i=0,1,…,n−1, where λ is a primitive n-th root of unity. Thus, an array is 1-perfect (2-perfect) if and only if it is (almost) perfect. We give examples and describe a recursive construction of families of n-perfect arrays of increasing size. PubDate: 2017-11-01 DOI: 10.1007/s12095-017-0214-0 Issue No:Vol. 9, No. 6 (2017)

Authors:Eric Férard Pages: 749 - 767 Abstract: Abstract Let t be an integer ≥ 3 such that t ≡ 1 mod 4. The absolute irreducibility of the polynomial \(\phi _{t}(x, y) = \frac {x^{t} + y^{t} + 1 + (x + y + 1)^{t}}{(x + y)(x + 1)(y + 1)}\) (over \(\mathbb {F}_{2}\) ) plays an important role in the study of APN functions. We prove that this polynomial is absolutely irreducible under the assumptions that the largest odd integer which divides t − 1 is large enough and can not be written in a specific form. PubDate: 2017-11-01 DOI: 10.1007/s12095-017-0213-1 Issue No:Vol. 9, No. 6 (2017)

Authors:Xianfang Wang; Jian Gao; Fang-Wei Fu Pages: 545 - 562 Abstract: Abstract In this paper, we give the complete weight enumerators of two classes of linear codes over the finite field \(\mathbb {F}_{p}\) , where p is a prime. These linear codes are the torsion codes of MacDonald codes over the finite non-chain ring \(\mathbb {F}_{p}+v\mathbb {F}_{p}\) , where v 2 = v. We also employ these linear codes to construct systematic authentication codes with new parameters. PubDate: 2017-09-01 DOI: 10.1007/s12095-016-0198-1 Issue No:Vol. 9, No. 5 (2017)

Authors:Shuai Xue; Wen-Feng Qi; Xiao-Yuan Yang Pages: 563 - 580 Abstract: Abstract In this paper, the best linear approximations of addition modulo 2 n are studied. Let x = (x n−1, x n−2,…,x 0) and y = (y n−1, y n−2,…,y 0) be any two n-bit integers, and let z = x + y (mod 2 n ). Firstly, all the correlations of a single bit z i approximated by x j ’s and y j ’s (0 ≤ i, j ≤ n − 1) are characterized, and similar results are obtained for the linear approximation of the xoring of the neighboring bits of z i ’s. Then the maximum correlations and the best linear approximations are presented when these z j ’s (0 ≤ j ≤ n − 1) are xored in any given means. PubDate: 2017-09-01 DOI: 10.1007/s12095-016-0203-8 Issue No:Vol. 9, No. 5 (2017)

Authors:Thalia M. Laing; Keith M. Martin; Maura B. Paterson; Douglas R. Stinson Pages: 581 - 597 Abstract: Abstract A localised multisecret sharing scheme is a multisecret sharing scheme for an ordered set of players in which players in the smallest sets who are authorised to access secrets are close together in the underlying ordering. We define threshold versions of localised multisecret sharing schemes, we provide lower bounds on the share size of perfect localised multisecret sharing schemes in an information theoretic setting, and we give explicit constructions of schemes to show that these bounds are tight. We then analyse a range of approaches to relaxing the model that provide trade-offs between the share size and the level of security guarantees provided by the scheme, in order to permit the construction of schemes with smaller shares. We show how these techniques can be used in the context of an application to key distribution for RFID-based supply-chain management motivated by the proposal of Juels, Pappu and Parno from USENIX 2008. PubDate: 2017-09-01 DOI: 10.1007/s12095-016-0202-9 Issue No:Vol. 9, No. 5 (2017)

Authors:Yuan Cao; Qingguo Li Pages: 599 - 624 Abstract: Abstract Let \(R=\mathbb{Z}_{4}[u]/ \langle u^k \rangle=\mathbb{Z}_{4}+u \mathbb{Z}_{4}+\ldots+u^{k-1}\mathbb{Z}_{4}\) ( \(u^{k}=0\) ), where k ≥ 2 is an positive integer. For any odd positive integer n, it is known that cyclic codes of length n over R are identified with ideals of the ring \(R[x]/\langle x^{n}-1\rangle\) . In this paper, an explicit representation for each cyclic code over R of length n is provided and a formula to count the number of codewords in each code is given. Then a formula to calculate the number of cyclic codes of length n over R is obtained. Precisely, the dual code of each cyclic code and self-dual cyclic codes of length n over R are investigated. As an application, some good quasi-cyclic codes of length 7k and index k over ℤ4 are obtained from cyclic codes over R = ℤ4 [u] / 〈u k 〉 when k = 2, 3, 4. PubDate: 2017-09-01 DOI: 10.1007/s12095-016-0204-7 Issue No:Vol. 9, No. 5 (2017)

Authors:Xianfang Wang; Can Xiang; Fang-Wei Fu Pages: 625 - 635 Abstract: Abstract In this paper, we devise ideal and probabilistic secret sharing schemes for two kinds of compartmented access structures. The first one is a compartmented access structures with hierarchical compartments. The second one is the compartmented access structures with strictly lower bounds. We propose ideal and probabilistic schemes for these two compartmented access structures by using the idea of bivariate interpolation. PubDate: 2017-09-01 DOI: 10.1007/s12095-016-0205-6 Issue No:Vol. 9, No. 5 (2017)

Authors:Minjia Shi; Rongsheng Wu; Yan Liu; Patrick Solé Pages: 637 - 646 Abstract: Abstract We construct an infinite family of three-Lee-weight codes of dimension 2m, where m is singly-even, over the ring \(\mathbb {F}_{p}+u\mathbb {F}_{p}\) with u 2=0. These codes are defined as trace codes. They have the algebraic structure of abelian codes. Their Lee weight distribution is computed by using Gauss sums. By Gray mapping, we obtain an infinite family of abelian p-ary three-weight codes. When m is odd, and p≡3 (mod 4), we obtain an infinite family of two-weight codes which meets the Griesmer bound with equality. An application to secret sharing schemes is given. PubDate: 2017-09-01 DOI: 10.1007/s12095-016-0206-5 Issue No:Vol. 9, No. 5 (2017)

Authors:Chunming Tang; Yanfeng Qi Pages: 647 - 664 Abstract: Abstract This paper is devoted to the characterization of hyper-bent functions. Several classes of hyper-bent functions have been studied, such as Charpin and Gong’s family \(\sum \limits _{r\in R}\text {Tr}_{1}^{n} (a_{r}x^{r(2^{m}-1)})\) and Mesnager’s family \(\sum \limits _{r\in R}\text {Tr}_{1}^{n}(a_{r}x^{r(2^{m}-1)}) +\text {Tr}_{1}^{2}(bx^{\frac {2^{n}-1}{3}})\) . In this paper, we generalize these results by considering the following class of Boolean functions over \(\mathbb {F}_{2^{n}}\) : $$\sum\limits_{r\in R}\sum\limits_{i=0}^{2}T{r^{n}_{1}}(a_{r,i} x^{r(2^{m}-1)+\frac{2^{n}-1}{3}i}) +T{r^{2}_{1}}(bx^{\frac{2^{n}-1}{3}}), $$ where \(n=2m\) , m is odd, \(b\in \mathbb {F}_{4}\) , and \(a_{r,i}\in \mathbb {F}_{2^{n}}\) . With the restriction of \(a_{r,i}\in \mathbb {F}_{2^{m}}\) , we present a characterization of hyper-bentness of these functions in terms of crucial exponential sums. For some special cases, we provide explicit characterizations for some hyper-bent functions in terms of Kloosterman sums and cubic sums. Finally, we explain how our results on binomial, trinomial and quadrinomial hyper-bent functions can be generalized to the general case where the coefficients \(a_{r,i}\) belong to the whole field \(\mathbb {F}_{2^{n}}\) . PubDate: 2017-09-01 DOI: 10.1007/s12095-016-0207-4 Issue No:Vol. 9, No. 5 (2017)

Authors:Tingting Cui; Huaifeng Chen; Long Wen; Meiqin Wang Abstract: Abstract Integral attack, as a powerful technique in the cryptanalysis field, has been widely utilized to evaluate the security of block ciphers. Integral distinguisher is based on balanced property on output with probability one. To obtain a distinguisher covering more rounds, an attacker will usually increase the data complexity by iterating through all values of more bits of plaintexts under the firm limitation that the data complexity should be less than the whole plaintext space. In order to release the limitation and reduce the data complexity, Wang et al. proposed a statistical integral distinguisher at FSE’16. In this paper, we exploit the statistical integral distinguisher to attack the IDEA and CAST-256 block ciphers. As a result, we manage to mount a key recovery attack on 29-round CAST-256 with 296.8 chosen plaintexts, 2219.4 encryptions and 273 bytes of memory. By making a trade-off between the time complexity and data complexity, the attack can be achieved by 283.9 chosen plaintexts, 2244.4 encryptions and 266 bytes of memory. As far as we know, these are the best attacks on CAST-256 in the single-key model without weak-key assumption so far. What’s more, we find an integral distinguisher of IDEA block cipher, which is the longest integral distinguisher known to now. By taking advantage of this distinguisher, we achieve a key recovery attack on 4.5-round IDEA with 258.5 known plaintexts, 2120.9 encryptions and 246.6 bytes of memory respectively. It is the best integral attack with respect to the number of rounds. PubDate: 2017-08-04 DOI: 10.1007/s12095-017-0245-6

Authors:Yousuf Alsalami Abstract: Abstract Quadratic differentially 4-uniform (n, n − 1)-functions are given in Carlet J. Adv. Math. Commun. 9(4), 541–565 (2015) where a question is raised of whether non-quadratic differentially 4-uniform (n, n − 1)-functions exist. In this paper, we give highly nonlinear differentially 4-uniform (n, n − 1)-functions of optimal algebraic degree for both n even and odd. Using the approach in Carlet J. Adv. Math. Commun. 9(4), 541–565 (2015), we construct these functions using two APN (n − 1, n − 1)-functions which are EA-equivalent Inverse functions satisfying some necessary and sufficient conditions when n is even. We slightly generalize the approach to construct differentially 4-uniform (n, n − 1)-functions from two differentially 4-uniform (n − 1, n − 1)-functions satisfying some necessary conditions. This allows us to derive the differentially 4-uniform (n, n − 1)-functions \((x,x_{n})\mapsto (x_{n}+1)x^{2^{n}-2}+x_{n} \alpha x^{2^{n}-2}\) , \(x \in \mathbb {F}_{2^{n-1}}\) , \(x_{n}\in \mathbb {F}_{2}\) , and \(\alpha \in \mathbb {F}_{2^{n-1}}\setminus \mathbb {F}_{2}\) , where \(Tr_{1}^{n-1}(\alpha )=Tr_{1}^{n-1}(\frac {1}{\alpha })=1\) . These (n, n − 1)-functions are balanced whatever the parity of n is and are then better suited for use as S-boxes in a Feistel cipher. We also give some properties of the Walsh spectrum of these functions to prove that they are CCZ-inequivalent to the differentially 4-uniform (n, n − 1)-functions of the form L ∘ F, where F is a known APN (n, n)-function and L is an affine surjective (n, n − 1)-function. Finally, we also give two new constructions of differentially 8-uniform (n, n − 2)-functions from EA-equivalent Cubic functions and from EA-equivalent Inverse functions. PubDate: 2017-08-01 DOI: 10.1007/s12095-017-0246-5

Authors:Zongxiang Yi; Zhiqiang Lin; Lishan Ke Abstract: Abstract Zero-difference balanced (ZDB) function plays an important role in communication field. In this paper, we propose a generic method to construct ZDB functions on generic algebraic rings. Using this method, we construct many new ZDB functions and retrieve some existing ZDB functions in a much simpler way. Moreover, new applications of the constructed ZDB functions, such as constructing optimal constant weight codes and optimal frequency-hopping sequences, are presented. PubDate: 2017-07-31 DOI: 10.1007/s12095-017-0247-4

Authors:Valérie Nachef; Jacques Patarin; Emmanuel Volte Abstract: Abstract A usual way to construct block ciphers is to apply several rounds of a given structure. Many kinds of attacks are mounted against block ciphers. Among them, differential and linear attacks are widely used. Vaudenay showed that ciphers achieving perfect pairwise decorrelation are secure against linear and differential attacks. It is possible to obtain such schemes by introducing at least one random affine permutation as a round function in the design of the scheme. In this paper, we study attacks on schemes based on classical Feistel schemes where we introduce one or two affine permutations. Since these schemes resist against linear and differential attacks, we will study attacks based on specific equations on 4-tuples of plaintext/ciphertext messages. We show that these schemes are stronger than classical Feistel schemes. PubDate: 2017-07-24 DOI: 10.1007/s12095-017-0244-7

Authors:Éloi de Chérisey; Sylvain Guilley; Annelie Heuser; Olivier Rioul Abstract: Abstract The best possible side-channel attack maximizes the success rate and would correspond to a maximum likelihood (ML) distinguisher if the leakage probabilities were totally known or accurately estimated in a profiling phase. When profiling is unavailable, however, it is not clear whether Mutual Information Analysis (MIA), Correlation Power Analysis (CPA), or Linear Regression Analysis (LRA) would be the most successful in a given scenario. In this paper, we show that MIA coincides with the maximum likelihood expression when leakage probabilities are replaced by online estimated probabilities. Moreover, we show that the calculation of MIA is lighter that the computation of the maximum likelihood. We then exhibit two case-studies where MIA outperforms CPA. One case is when the leakage model is known but the noise is not Gaussian. The second case is when the leakage model is partially unknown and the noise is Gaussian. In the latter scenario MIA is more efficient than LRA of any order. PubDate: 2017-07-20 DOI: 10.1007/s12095-017-0241-x

Authors:Sonia Bogos; John Gaspoz; Serge Vaudenay Abstract: Abstract Homomorphic encryption allows to make specific operations on private data which stays encrypted. While applications such as cloud computing require to have a practical solution, the encryption scheme must be secure. In this article, we detail and analyze in-depth the homomorphic encryption scheme proposed by Zhou and Wornell (20). From the analysis of the encryption scheme, we are able to mount three attacks. The first attack enables to recover a secret plaintext message broadcasted to multiple users. The second attack performs a chosen ciphertext key recovery attack. The last attack is a related chosen plaintext decryption attack. PubDate: 2017-07-17 DOI: 10.1007/s12095-017-0243-8