here - Sites personnels de TELECOM ParisTech - TÃ©lÃ©com ParisTech

More documents

Recommendations

Info

20 Chapter 2. On a conjecture about addition modulo 2 k − 12.4.1 General situation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352.4.2 Combining variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372.4.3 One block: d = 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372.4.4 A helpful constraint: min i(α i) ≥ B − 1 . . . . . . . . . . . . . . . . . 402.4.5 Analytic study: d = 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . 422.4.6 Extremal value: β i = 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 452.5 A closed-form expression for f d . . . . . . . . . . . . . . . . . . . . . 472.5.1 Experimental results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482.5.2 Splitting the sum into atomic parts . . . . . . . . . . . . . . . . . . . . 502.5.3 The residual term T d X . . . . . . . . . . . . . . . . . . . . . . . . . . . 532.5.4 A polynomial expression . . . . . . . . . . . . . . . . . . . . . . . . . . 582.5.5 The coefficients a d,n(i 1 ,...,i n). . . . . . . . . . . . . . . . . . . . . . . . . 602.5.6 An additional relation . . . . . . . . . . . . . . . . . . . . . . . . . . . 642.6 Asymptotic behavior: β i → ∞ . . . . . . . . . . . . . . . . . . . . . . 672.6.1 The limit f d (∞, . . . , ∞) . . . . . . . . . . . . . . . . . . . . . . . . . . 672.6.2 The limit f d (1, ∞, . . . , ∞) . . . . . . . . . . . . . . . . . . . . . . . . . 782.7 An inductive approach . . . . . . . . . . . . . . . . . . . . . . . . . . 802.7.1 Overflow and inertia . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802.7.2 Adding 0’s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812.7.3 Adding 1’s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822.8 Other works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852.8.1 Cusick et al. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852.8.2 Carlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852.8.3 Towards a complete proof . . . . . . . . . . . . . . . . . . . . . . . . . 862.9 Efficient test of the Tu–Deng conjecture . . . . . . . . . . . . . . . 862.9.1 The Tu–Deng algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . 862.9.2 Necklaces and Lyndon words . . . . . . . . . . . . . . . . . . . . . . . 882.9.3 Implementation details . . . . . . . . . . . . . . . . . . . . . . . . . . . 89As was underlined in the previous chapter, the good cryptographic properties of the Booleanfunctions of the Jin et al. family [142] described in Subsection 1.2.5, and more precisely theoptimality of their algebraic immunity, depend on the validity of a combinatorial conjecture. Thepurpose of this chapter, if not to prove that conjecture in its full generality, is at least to give agood insight into its expected validity not only through a thorough theoretical study, but alsoby exposing experimental evidence. Part of the work presented in this chapter is the result ofcollaborations with Gérard Cohen, Sihem Mesnager and Hugues Randriam and already appearedin different forms [96, 94]. Several preprints [97, 95, 53] including additional results are availableas well.The main approach used in this chapter is that of reformulating the conjecture in terms ofcarries occurring in an addition modulo 2 k − 1. This formalism and the very basic propertiesverified by that quantity are developed in Section 2.1. Although such an approach may at firstseem quite naive to the reader, what makes the study of the conjecture seemingly so difficult isprecisely that a suitable algebraic structure to cast upon the problem has yet to be found, sothat only a purely combinatorial point of view is possible as of today.Nevertheless, the point of view adopted here provides already enough information to prove inSection 2.2 that the special case of the conjecture required by the family of Tang, Carlet and
2.1. General properties 21Tang [259] is true. Thereafter, we concentrate our efforts on the original conjecture of Tu andDeng [264] which is a natural candidate to extend our study 1 .Unfortunately, the situation is already much more involved and its study builds the end ofthis chapter up. Even though a complete proof has yet to be given, we manage to prove someinteresting results giving evidence of the validity of the conjecture. A family of integers reachingthe upper bound of the conjecture is first characterized in Section 2.4. A closed-form expressionis then deduced in a constrained and better behaved case in Section 2.5. Finally, the conjectureis given a probabilistic interpretation and proved in an asymptotic setting in Section 2.6.To conclude this general introduction, let us mention that we also provide some evidence thata simple inductive approach is not suitable in Section 2.7 and that the experimental results ofSection 2.9 establish the validity of the Tu–Deng conjecture for up to 40 bits, thus extending theoriginal results of Tu and Deng [264]. Finally, other applications of carries in the field of Booleanfunctions exist and can be found e.g. in the works of Canteaut, Charpin and Dobbertin [35] orLangevin et al. [161].2.1 General properties2.1.1 NotationUnless stated otherwise, we use the following notation throughout this chapter:• k ∈ N is the number of bits (or length of binary strings) we are currently working on;• t ∈ Z/(2 k − 1)Z is a fixed modular integer.We use the following function of natural (or modular) integers (or binary strings).Definition 2.1.1 (Hamming weight). For t ∈ N, w H (t) is the Hamming (or binary) weight of t,i.e. the number of 1’s in its binary expansion. For t ∈ Z/(2 k − 1)Z, w H (t) is the Hamming (orbinary) weight of the unique representative of t in { 0, . . . , 2 k − 2 } .From now on, let us denote by S t,v,u,k the set of interest:{S t,v,u,k = (a, b) ∈ ( Z/(2 k − 1)Z ) }2| ua + vb = t; wH (a) + w H (b) ≤ k − 1where k ≥ 2, t ∈ ( Z/(2 k − 1)Z ) ∗and u, v ∈(Z/(2 k − 1)Z ) ×, i.e. u and v are invertible modulo2 k − 1.We now recall the different flavors of the conjecture already mentioned in Chapter 1.Conjecture 1.2.2 (Tu–Deng conjecture). With the above notation,#S t,+1,1,k ≤ 2 k−1 .Conjecture 1.2.7 (Tang–Carlet–Tang conjecture). With the above notation,#S t,−1,1,k ≤ 2 k−1 .Conjecture 1.2.8 (Tang–Carlet–Tang conjecture). With the above notation,#S t,ɛ,u,k ≤ 2 k−1 .Conjecture 1.2.10 (Jin et al. conjecture). With the above notation,#S t,v,u,k ≤ 2 k−1 .1 This was in fact the first proposed flavor of the conjecture, and the first we studied.,
Page 1: 2012-ENST-003EDITE de ParisDoctorat
Page 4 and 5: Jean-Pierre Flori: Boolean function
Page 7: AbstractThe core of this thesis is
Page 11 and 12: AcknowledgmentsVladimir. — Quand
Page 13 and 14: ContentsList of symbols and notatio
Page 15 and 16: Contentsxv4 Efficient characterizat
Page 17 and 18: List of figures1.1 The filter model
Page 19 and 20: List of symbols and notationGeneral
Page 21 and 22: List of symbols and notationxxil(t)
Page 23 and 24: List of symbols and notationxxiiidi
Page 25: List of symbols and notationxxvu
Page 28 and 29: 2 Introduction1 Mathematics and cry
Page 30 and 31: 4 Introductiongiving more general b
Page 33 and 34: Chapter 1Boolean functions incrypto
Page 35 and 36: 1.1. Cryptographic criteria for Boo
Page 37 and 38: 1.2. Families of Boolean functions
Page 43: 1.2. Families of Boolean functions
Page 48 and 49: 22 Chapter 2. On a conjecture about
Page 96 and 97:
70 Chapter 2. On a conjecture about
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
Page 116 and 117:
Page 119:
Part IIBent functions and pointcoun
Page 122 and 123:
96 Chapter 3. Bent functions and al
Page 124 and 125:
98 Chapter 3. Bent functions and al
Page 126 and 127:
100 Chapter 3. Bent functions and a
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
110 Chapter 4. Efficient characteri
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 155:
Part IIIComplex multiplication and
Page 158 and 159:
132 Chapter 5. Complex multiplicati
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 185 and 186:
Chapter 6Complex multiplication in
Page 187 and 188:
6.1. Abelian varieties 1616.1 Abeli
Page 189 and 190:
6.1. Abelian varieties 163Theorem 6
Page 191 and 192:
6.1. Abelian varieties 165A homomor
Page 193 and 194:
6.1. Abelian varieties 1676.1.5 Hom
Page 195 and 196:
6.2. Class groups and units 169The
Page 197 and 198:
6.2. Class groups and units 171in [
Page 199 and 200:
6.3. Complex multiplication 173If t
Page 201 and 202:
6.3. Complex multiplication 175•
Page 203 and 204:
6.3. Complex multiplication 177We h
Page 205 and 206:
6.3. Complex multiplication 179pola
Page 207 and 208:
6.4. Class polynomials for genus 2
Page 209 and 210:
6.4. Class polynomials for genus 2
Page 211:
Appendices
Page 214 and 215:
Table A.3: Coefficients for d = 3,
Page 216 and 217:
Table A.8: Coefficients for d = 8,
Page 218 and 219:
192 Bibliography[13] Elwyn Ralph Be
Page 220 and 221:
194 Bibliography[42] Claude Carlet,
Page 222 and 223:
196 Bibliography[72] Cunsheng Ding,
Page 224 and 225:
198 Bibliography[102] David Freeman
Page 226 and 227:
200 Bibliography[132] Marc Hindry a
Page 228 and 229:
202 Bibliography[161] Philippe Lang
Page 230 and 231:
204 Bibliography[191] Willi Meier a
Page 232 and 233:
206 Bibliography[222] Oscar Seymour
Page 234 and 235:
208 Bibliography[254] Marco Streng.
Page 236 and 237:
210 Bibliography[286] Chia-Fu Yu. T
Page 238 and 239:
212 IndexForm class group . . . . .
Page 240 and 241:
214 IndexKKloosterman sum . . . . .
Page 243 and 244:
Résumé longFauĆ.Werd’ iĚ beru
Page 245 and 246:
1. Des fonctions booléennes et d
Page 247 and 248:
Page 249 and 250:
Page 251 and 252:
Page 253 and 254:
2. Fonctions courbes et comptage de
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261 and 262:
3. Multiplication complexe et polyn
Page 263 and 264:
Page 265 and 266:
Page 267:
show all

here - Sites personnels de TELECOM ParisTech - TÃ©lÃ©com ParisTech

Create successful ePaper yourself

Delete template?

Save as template?