C-F函数

最新推荐文章于 2024-04-06 15:22:46 发布

寂地沉

最新推荐文章于 2024-04-06 15:22:46 发布

阅读量1.7k

点赞数

分类专栏：密码学布尔函数

本文链接：https://blog.csdn.net/zhangliu463884153/article/details/80030986

版权

密码学布尔函数专栏收录该内容

9 篇文章 3 订阅

订阅专栏

此为C-F函数论文的下载地址
论文名称：An infinite class of balanced functions with optimal algebraic immunity, good immunity to fast algebraic attacks and good nonlinearity
1.construction
这里写图片描述
2.optimal algebraic immunity n/2
3.algebraic degree n-1

4.the low bound of nonlinearity

5.the real value of nonlinearity

#此代码使用magma实现
计算Carlet_Feng function非线性度
for n:=4 to 24 by 1 do
F<w>:=GF(2,n);
Z:=IntegerRing();
f:=[];
for tt:=0 to 2^n-2 by 1 do //初始化f的真值表的值全部为0
bin1:=Eltseq(w^tt, GF(2)); toInt1 := [Z | bin1 [j] : j in {1.. n by 1}];
k1:=&+[toInt1[i]*(2^(i-1)): i in [1..n]]; f[k1]:=0;
end for;
for tt:=0 to 2^(n-1)-2 by 1 do //根据支撑集计算f的真值表
bin2:=Eltseq(w^tt, GF(2)); toInt2 := [Z | bin2 [j] : j in {1.. n by 1}];
Write("AlgebraicDegree.txt",toInt2);
k2:=&+[toInt2[i]*(2^(i-1)): i in [1..n]]; f[k2]:=1;
end for;

f:=[1] cat f;
a:= [1-2*f[i]:i in [1..2^n]];
for tt:=1 to n by 1 do // butterfly algorithm
    t:=2^n div 2^tt;
for j:=0 to 2^tt-1 by 2 do
for l:=1 to t by 1 do
        a[t*j+l]:=a[t*j+l]+a[t*(j+1)+l];
        a[t*(j+1)+l]:=a[t*j+l]-2*a[t*(j+1)+l];
end for;
    end for;
end for;
b:=[Abs (a[i]):i in [1..2^n]];
nl:=2^(n-1)-Max(b) div 2;
nl;
end for;

#SageMath实现C-F函数
from sage.crypto.boolean_function import BooleanFunction
n=27
F.<w>=GF(2^n)
f=[0]*(2^n)
for tt in range(0,2^(n-1)-1):
    f[(w^tt).integer_representation()]=1
f[0]=1;
B=BooleanFunction(f)
B.nonlinearity()

程序计算结果
这里写图片描述

6. Immunity against fast algebraic attacks
n=5 :(1,3),(2,2)
n=6 : (1,3),(2,3);
n=7 : (1,5),(2,3),(3,3)
n=8 : (1,5),(2,4),(3,3)
n=9 : (1,7),(2,6),(3,5),(4,4)
n=10 (1,7),(2,7),(3,6),(4,5)
5元和9元是抵抗快速代数攻击是最优，其他为次优
7.暴力验证经过平移操作函数是否等价

from sage.crypto.boolean_function import BooleanFunction
k=4
s=0
F.<w>=GF(2^k)
f=[0]*(2^k)
for tt in range(0+s,2^(k-1)-1+s):
    f[(w^tt).integer_representation()]=1
f[0]=1;
#f=[]
#f=[1,1,1,0,1,0,0,0]
s=1
g=[0]*(2^k)
for tt in range(0+s,2^(k-1)-1+s):
    g[(w^tt).integer_representation()]=1
g[0]=1;
#g=[]
#g=[1,0,1,1,1,0,0,0]
n=k^2
#第一层生成矩阵A
for key in range(2^n):
    tmp=list(str('{0:b}'.format(key)).rjust(n,'0'))
    listkey=[int(x) for x in tmp ]
    A=matrix(GF(2),k,k)
    for i in range(k):
        for j in range(k):
            A[i,j]=listkey[i*k+j]
    #print(rank(A))
    if A.rank()!=k:
        continue
    print(key)
    #第二层b
    for b in range(2^k):
        #第三层向量L
        for vecl in range(2^k):
            tmp=list(str('{0:b}'.format(vecl)).rjust(k,'0'))
            L=[int(x) for x in tmp]

            #第四层真值表下标X
            flag=true#设置标志位
            for indexX in range(2^k):
                tmp=list(str('{0:b}'.format(indexX)).rjust(k,'0'))
                X=[int(x) for x in tmp]
                matrixX=matrix(GF(2),1,k)
                for i in range(k):
                    matrixX[0,i]=X[i]
                #计算向量L*X的值
                LX=0
                for i in range(k):
                    LX=LX+L[i]*X[i]
                LX=LX%2

                #计算矩阵X*A的值
                XA=matrixX*A
                XAsum=0
                listXA=[xa for xa in XA[0]]
                for i in range(k):
                    XAsum=XAsum+2^(k-1-i)*int(listXA[i])

                if g[indexX]!=(f[(XAsum+b)%(2^k)]+LX)%2:
                    flag=false
                    break

            if flag==true:
               print("找到矩阵A了")
               print(A)
               print(b)
               print(L)
               break