MATHEMATICAL MONOGRAPHS

49
Translations of M ATHEMATICAL M ONOGRAPHS Volume 241 American Mathematical Society Boolean Functions in Coding Theory and Cryptography O. A. Logachev A. A. Salnikov V. V. Yashchenko

Transcript of MATHEMATICAL MONOGRAPHS

Translations of

MATHEMATICAL MONOGRAPHS

Volume 241

American Mathematical Society

Boolean Functions in Coding Theory and Cryptography

O. A. LogachevA. A. SalnikovV. V. Yashchenko

Boolean Functions in Coding Theory and Cryptography

Translations of

MATHEMATICAL MONOGRAPHS

ΑΓ

ΕΩ

ΜΕ

ΕΙΣ

ΙΤΩ

ΤΡΗΤΟΣ ΜΗ

FOUNDED 1888

AM

ER

ICA

N

MATHEMATICALSO

CIE

TY

American Mathematical SocietyProvidence, Rhode Island

Volume 241

Boolean Functions in Coding Theory and CryptographyO. A. Logachev A. A. Salnikov V. V. Yashchenko

10.1090/mmono/241

EDITORIAL COMMITTEE

AMS SubcommitteeRobert D. MacPherson Grigorii A. Margulis James D. Stasheff (Chair)

ASL Subcommittee Steffen Lempp (Chair)IMS Subcommittee Mark I. Freidlin (Chair)

O. A. Logaqev, A. A. Salnikov, V. V. wenko

BULEVY FUNKCII V TEORII KODIROVANI IKRIPTOGRAFII

M.: MCNMO, 2004This work was originally published in Russian by Izdatelstvo MCNMO under the

title “Bulevy funkcii v teorii kodirovani i kriptografii” c© 2004. The presenttranslation was created under license for the American Mathematical Society and is pub-lished by permission.

Translated by Svetla Nikova

2000 Mathematics Subject Classification. Primary 94–02; Secondary 94A60, 94C10.

For additional information and updates on this book, visitwww.ams.org/bookpages/mmono-241

Library of Congress Cataloging-in-Publication Data

Logachev, Oleg A.[Bulevy funktsii v teori kodirovaniia i kriptologii. English]Boolean functions in coding theory and cryptography / O.A. Logachev, A.A. Salnikov, V.V.

Yashchenko ; translated by Svetla Nikova.p. cm. — (Translations of mathematical monographs ; v. 241)

Includes bibliographical references and index.ISBN 978-0-8218-4680-3 (alk. paper)1. Coding theory. 2. Cryptography. 3. Algebra, Boolean. I. Sal′nikov, A. A. (Aleksei Alek-

sandrovich) II. IAshchenko, V. V. III. Title.

QA268.L6413 2011003′.54—dc23

2011035308

Copying and reprinting. Individual readers of this publication, and nonprofit librariesacting for them, are permitted to make fair use of the material, such as to copy a chapter for usein teaching or research. Permission is granted to quote brief passages from this publication inreviews, provided the customary acknowledgment of the source is given.

Republication, systematic copying, or multiple reproduction of any material in this publicationis permitted only under license from the American Mathematical Society. Requests for suchpermission should be addressed to the Acquisitions Department, American Mathematical Society,201 Charles Street, Providence, Rhode Island 02904-2294 USA. Requests can also be made bye-mail to [email protected].

c© 2012 by the American Mathematical Society. All rights reserved.The American Mathematical Society retains all rightsexcept those granted to the United States Government.

Printed in the United States of America.

©∞ The paper used in this book is acid-free and falls within the guidelinesestablished to ensure permanence and durability.

Visit the AMS home page at http://www.ams.org/

10 9 8 7 6 5 4 3 2 1 17 16 15 14 13 12

Contents

Foreword vii

Preface ix

Notation xi

Chapter 1. Arithmetics of Finite Fields and Polynomials 11.1. Basic Algebra 11.2. Construction of finite fields 191.3. Polynomials over finite fields 28Comments to Chapter 1 35

Chapter 2. Boolean Functions 372.1. Basic concepts and definitions 372.2. Numerical and metric characteristics 442.3. Autocorrelation and crosscorrelation 562.4. Group algebra of Boolean functions 612.5. Cryptographic properties of Boolean functions and mappings 652.6. Covering sequences of Boolean functions 74Comments to Chapter 2 76

Chapter 3. Classifications of Boolean Functions 773.1. Group equivalence of mappings. Polya’s theorem 773.2. Classification of Boolean functions of five variables 833.3. Classification of quadratic Boolean functions 913.4. Classification of homogeneous cubic forms of 8 variables 993.5. RM -equivalence of Boolean functions 101Comments to Chapter 3 104

Chapter 4. Linear Codes over the Field F2 1074.1. Basic properties of linear block codes 1074.2. The decoding problem 1164.3. Cyclic codes 1204.4. Some classes of primitive cyclic codes 131Comments to Chapter 4 136

Chapter 5. Reed–Muller Codes 1395.1. General properties of the Reed–Muller codes 1395.2. Reed’s decoding algorithm 1465.3. First order Reed–Muller codes and connections with other codes 1505.4. Reed–Muller codes of second order and related codes 157

v

vi CONTENTS

5.5. Classification of Boolean functions and Reed–Muller codes of the 3rdorder 160

Comments to Chapter 5 163

Chapter 6. Nonlinearity 1656.1. Nonlinearity as a measure of cryptographic quality 1656.2. Maximum-nonlinear bent functions and their properties 1666.3. Some classes of maximum-nonlinear bent functions 1726.4. Partially maximum-nonlinear (partially bent) functions and their

properties 1776.5. Plateaued functions and partially defined mn-bent functions 1796.6. Hyperbent functions 1886.7. Biorthogonal bases 189Comments to Chapter 6 192

Chapter 7. Correlation Immunity and Resiliency 1957.1. Main definitions and properties 1957.2. The inheritance of properties under restrictions of Boolean functions 2087.3. General methods for constructing correlation-immune functions and

resilient mappings 2147.4. Nonlinearity of correlation-immune and resilient functions 2187.5. Construction of resilient Boolean functions with good cryptographic

properties 2227.6. Covering sequences of correlation-immune and resilient functions 2267.7. Quadratic resilient Boolean functions of maximum order 235Comments to Chapter 7 237

Chapter 8. Codes, Boolean Mappings, and Their Cryptographic Properties 2398.1. Almost perfect nonlinear and almost bent mappings 2398.2. Coding-theoretic approach to the study of APN and AB mappings 2498.3. Cyclic codes and Boolean mappings 2558.4. Avalanche criteria and propagation criteria 2618.5. Construction of Boolean functions satisfying the propagation criterion

of degree k and order t 2658.6. Global avalanche characteristics of Boolean functions 266Comments to Chapter 8 269

Chapter 9. Basics of Cryptanalysis 2719.1. The Berlekamp–Massey algorithm. Linear complexity 2719.2. Principles of the statistical method for cryptanalysis of block ciphers 2819.3. Principles of the correlation cryptanalysis method 2879.4. Principles of the linear cryptanalysis method 2959.5. Principles of the difference (differential) cryptanalysis method 300Comments to Chapter 9 301

Bibliography 305

Index 329

Foreword

For the last 10 years there have been practically no books in Russian which havethe word “cryptography” in the title. Nowadays many people already know thatcryptography is the science which studies ciphers, and that only cryptography givesthe most reliable tools for ensuring the security of information technology. However,there are not many specialists in this area, because in order to fully understandcryptography it is necessary to have knowledge in many scientific branches such asmathematics, physics, communication theory, and cybernetics. Thus, at present,cryptography (the theoretical branch of cryptology) becomes a university science. Adetailed discussion of this issue has been held during the two conferences at MoscowState University (MGU): “Moscow University and development of cryptographyin Russia” (October 17–18, 2002) and “Mathematics and information technologysecurity” (October 23–24, 3003).

Institute for Problems of Information Security, a new division of MGU, pub-lishes a series of fundamental books on scientific and methodological problems ofinformation security, including those parts of cryptology that are already includedin the university mathematical curriculum.

The book by O.A. Logachev, A.A. Salnikov, and V.V. Yashchenko “Booleanfunctions in coding theory and cryptology” belongs to this series. It is written bymathematicians-cryptographers for mathematicians and presents in a systematicway certain results in one branch of cryptology: application of Boolean functionsin the analysis and design of ciphers.

The book is recommended to readers with basic university knowledge, namelystudents and graduate students in mathematics, research mathematicians, andcryptographers.

Rector of MGU, Academician V.A. Sadovnichii

February, 2004

vii

Preface

The notion of Boolean function was introduced in the second half of the 19thcentury in connection with investigations in mathematical logic and foundationsof mathematics. Boolean functions are named after George Boole (1815–1864),an English mathematician, one of the founders of mathematical logic. In the firsthalf of the 20th century Boolean functions attain fundamental importance in thefoundations of mathematics. However, for a long time Boolean functions have notbeen used in applications.

This situation changed drastically in the middle of the 20th century, whenthe intensive development of communication technology, instrument-building, andcomputer technology required the creation of an adequate mathematical apparatus.In this period, applied parts of mathematics such as the theory of finite functionalsystems, information theory, coding theory, and finally mathematical cryptographyhave been developed. The practice showed the fruitfulness of the application ofBoolean functions to the problems of analysis and synthesis of discrete devices forprocessing and transformation of information.

The concept of cryptography that has been established in the scientific liter-ature includes a range of scientific areas, each of them having its own subject ofinvestigations and using specific mathematical techniques. Some researchers doabstract investigations “with cryptographic motifs” in the area of computationalcomplexity theory; others are busy constructing and analyzing algorithms for par-ticular cryptographic systems. In many cryptographic areas, Boolean function tech-niques are often used while formulating and solving various problems. This appliesmainly to traditional cryptographic systems with a secret key. The title of thebook “Boolean functions in coding theory and cryptography” reflects the relationbetween many cryptographic problems and encoding and decoding problems forReed–Muller codes.

In this book, for the first time in Russian, we present cryptographic aspectsusing Boolean functions techniques. The only exceptions are questions related tocomplexity theory and solving systems of Boolean functions. In this book bothclassical and recent results are presented.

To understand the material, university courses of linear algebra, group theory,finite fields theory and polynomials, combinatorics and discrete mathematics willsuffice. A knowledge of basics of probability theory is also assumed.

The book is based on courses given by the authors in MGU for students ofMechanics–Mathematics and Computational Mathematics and Cybernetics Depart-ments who major in “Information security”. Recent results obtained by the authorsin the framework of the scheduled work of the MGU Laboratory on MathematicalProblems of Cryptography are also included in the book.

The book consists of nine chapters.

ix

x PREFACE

Chapter 1 is preliminary. It contains basic notions and results of algebra usedin the book. In Chapter 2, basic notions and theorems of Boolean function theoryare proved. In Chapter 3, problems of Boolean function classification under differ-ent groups of transformations are considered. Chapter 4 presents basics of codingtheory. In Chapter 5, properties of Boolean functions are considered from the pointof view of coding theory. In Chapter 6, properties of maximum-nonlinear functionsare studied. Chapter 7 investigates the correlation immunity property of a func-tion. In Chapter 8, various cryptographic characteristics of Boolean functions andmappings are considered in detail. Chapter 9 contains elements of cryptanalysis.

To avoid making the book too large, some of the results are presented as prob-lems. Some of the problems included in the book are still open; they may be a basisfor future research.

All items in the text are numbered consecutively within chapters: definitions,theorems, examples, etc. Thus, for example, Definition 1.121 refers to item 121 inChapter 1 (which turns out to be a definition). The mathematical expressions andfigures have similar but independent numbering.

The authors will accept with gratitude any comments on the book. They couldbe sent to the internet site http://www.cryptography.ru.

The authors express their gratitude to Mikhail Vladimirovich Stepanov for hissupport during the work on the book.

Notation

N — the set of natural numbers (1, 2, 3, . . .);

Z — the ring of integers (. . . ,−2,−1, 0, 1, 2, . . .);

Zn — the ring of residues modulo n ∈ N;R — the field of real numbers;

Q — the field of rational numbers;

C — the field of complex numbers;

#A — cardinality of a set A;

A×B — Cartesian product of sets A and B;

An — nth Cartesian power of a set A (n ∈ N);P· — probability of the event in the brackets;

E[·] — mathematical expectation of the random variable in the brackets;

BA — set of all maps from a set A to a set B;

Πn — set of minimal representatives of cyclotomic classes;

ϕ−1(b) — complete preimage of b ∈ B under a map ϕ ∈ BA;

F — finite field;

Fq — finite field of q elements (q = pn, p is a prime number, n ∈ N);F∗q — multiplicative group of invertible elements of the field Fq;

Fq[x, y, . . . , z] — ring of polynomials in variables x, y, . . . , z over the field Fq;

Trqm/q(α) — relative trace of an element α ∈ Fqm over the field Fq;

Trm(α) — absolute trace of an element α ∈ Fpm over the field Fp (p is prime);

degP (x, y, . . . , z) — degree of a polynomial P (x, y, . . . , z);

V — linear vector space;

Vn,q — vector space of columns of height n ∈ N with coordinates in the fieldFq;

Vn — vector space of columns of height n ∈ N with coordinates in the fieldF2 (n-dimensional Boolean space);

— partial ordering relation of vectors from Vn;

dimV — dimension of a vector space V ;

— operator for matrix transposition;

v = (v(1), . . . , v(n)) — column vector in n-dimensional vector space in coordinatenotation (in a fixed basis);

wt(v) — Hamming weight of a vector v;

dist(v,u) = wt(v − u) — Hamming distance between vectors v and u;

dist(A,B) = minv∈A,u∈B dist(v,u) — Hamming distance between sets of vec-tors A ⊆ V and B ⊆ V ;

⊕ — coordinatewise addition of vectors of the same dimension over thefield F2;

xi

xii NOTATION

Sn — symmetric (permutation) group of order n ∈ N;SV — symmetric permutation group acting on elements of a space V ;

Nn — group of translations acting on the vector space Vn,q of dimensionn ∈ N;

Dn — Jevons group acting on the vector space Vn,q of dimension n ∈ N;〈A〉 — group generated by a set A;

GL(V ) — full linear group acting on a vector space V ;

GA(V ) — full affine group acting on a vector space V ;

r-vector — vector of dimension r ∈ N;r-subset — subset of cardinality r ∈ N;(m× n) matrix — matrix with m ∈ N rows and n ∈ N columns;

rankM — rank of a matrix M ;

detM — determinant of a square matrix M ;

⊗ — tensor product;

a | b — a divides b (a, b ∈ Z);x — largest integer less than or equal to x ∈ R;x — smallest integer greater than or equal to x ∈ R;∅ — empty set;

gcd — greatest common divisor;

lcm — least common multiple;

i =√−1 ∈ C — imaginary unit;

Tn =exp2πi kn

∣∣ k ∈ Zn

— group of nth roots of unity;

T = x ∈ C | |x| = 1 — multiplicative group of complex numbers of absolutevalue 1;

Fn — set of all Boolean functions of n ∈ N variables;

Fn(S) — set of partially defined Boolean functions of 0.5n ∈ N variables withdefining set S ⊆ Vn;

Fn,m — set of all Boolean functions from Vn to Vm (n,m ∈ N);

exp f(x) = (−1)f(x) — function on Vn with values in −1, 1;Ln — set of all linear Boolean functions of n ∈ N variables;

Ln,m — set of all linear Boolean mappings from Vn to Vm (n,m ∈ N);An — set of all affine Boolean functions of n ∈ N variables;

An,m — set of all affine Boolean mappings from Vn to Vm (n,m ∈ N);Bn — set of all Boolean bent functions (maximum-nonlinear functions) of

n ∈ N variables;

Bn(S) — set of partially defined bent functions of n ∈ N variables with definingset S ⊆ Vn;

Sn — set of all symmetric Boolean functions of n ∈ N variables;

〈x,y〉 =∑

j x(j)y(j) — scalar product of vectors x and y;

x · y = (x(1)y(1), . . . , x(n)y(n)) — product of vectors x and y;

Wf (α) =∑

x∈Vn(−1)f(x)⊕〈x,α〉 — Walsh–Hadamard transformation of a Boolean

function f ∈ Fn (α ∈ Vn);

Wf (a, s) =∑

x∈F2n(−1)f(x)⊕Tr(axs) — extended Walsh–Hadamard transforma-

tion of a Boolean function f ∈ Fn (α ∈ Vn, s ∈ Πn);

NOTATION xiii

WDf (α) =

∑x∈D(−1)f(x)⊕〈x,α〉 — partial Walsh–Hadamard transformation of a

Boolean function f ∈ Fn with respect to the set D ⊆ Vn (α ∈ Vn);

Wf (α) =∑

x∈Vnf(x)(−1)〈x,α〉 — Fourier transform of a Boolean function f ∈ Fn

(α ∈ Vn);

WDf (α) =

∑x∈D f(x)(−1)〈x,α〉 — partial Fourier transform of a Boolean function

f ∈ Fn with respect to a set D ⊆ Vn (α ∈ Vn);

Nf — nonlinearity of a Boolean function f ∈ Fn;

GNf — generalized nonlinearity of a Boolean function f ∈ Fn;

DuΦ — derivative of a Boolean mapping Φ ⊂ Fn,m in the direction u ∈ Vn;

Δf (α) =∑

x∈Vn(−1)f(x⊕α)⊕f(x) — autocorrelation of a Boolean function f ∈ Fn

with shift α ∈ Vn;

Δf = maxα∈Vnα=0

|Δf (α)|, σf =∑

α∈Vnα=0

Δ2f (α) — numerical measures of the global

avalanche characteristics of a Boolean function f ∈ Fn;

ill(F ) — linearity index of a Boolean mapping F ∈ Fn,m;

f — dual of a bent function f ∈ Bn;

JG(f) — moment group of a function f in a group G;

LF — subspace of linearity (subspace of linear structures) of a Booleanmapping F ∈ Fn,m;

PCF — set of directions (vectors) for which a mapping F ∈ Fn,m satisfies thepropagation criterion;

μl(F ) — maximum element from the difference table of a Boolean mappingF ∈ Fn,m;

RM(r, n) — binary Reed–Muller code of order r ∈ N and length 2n (n ∈ N);RM∗(r, n) — binary punctured Reed–Muller code of order r ∈ N and length 2n−1

(n ∈ N);Cj(f) — number of code words in the code C that are at distance j from f

(0 j rC);

Aut(C) — automorphism group of a code C;

C⊥ — dual code of a code C;

dC — minimum distance of a code C;

kC — dimension of a linear code C;

rC — covering radius of a code C;

RC — rate of a code C;

WC(x, y) — weight function of a code C;

[n, k, d]-code — linear code of length n ∈ N, dimension k ∈ N, and minimumdistance d ∈ N;

Nmax(n,m) — maximum possible nonlinearity of an m-resilient Boolean functionon Fn;

ρ(x, r) — ball centered at x ∈ Vn of radius r ∈ 0, 1, . . . , n;μ — Mobius function;

δ — Dirac δ-function;

IM — indicator function of a set M ;

En — identity (n× n) matrix;

Hn =(1 11 −1

)[n]— Sylvester–Hadamard matrix of order n ∈ N; [n] is Kronecker

(tensor) power;

xiv NOTATION

NWf — number of binary vectors for which the Walsh–Hadamard coefficientsof a function f are nonzero;

NΔf — number of binary vectors for which the values of the autocorrelationfunction f are nonzero;

conaJ — operation of fixing part of variables of a set of functions; it is givenby a set of indices J = j1, . . . , jl, 1 ≤ j1 < · · · < jl ≤ n, and binaryvectors a = (a(1), . . . , a(l)) ∈ Vl;

pri — projection operator of a Boolean mapping to the ith coordinate;

per(u) — period of a sequence u;

loc(c) — set of locators of a row c;

charu(λ) — characteristic polynomial of a recurrent sequence u.

Bibliography

[1] C. M. Adams, A formal and practical design procedure for Substitution-Permutationnetwork cryptosystem. Ph.D. thesis, Department of Electrical Engineering, Queen’sUniversity at Kingston, 1990.

[2] C. M. Adams, On immunity against Biham and Shamir’s differential cryptanalysis,Information Processing Letters, V. 41, 1992, pp. 77–80.

[3] C. M. Adams and S. E. Tavares, Good S-boxes are Easy to Find, In Proceedingsof Advances in Cryptology: CRYPTO’89, Lect. Notes in Comp. Sci. New York:Springer-Verlag, V. 435, 1990, pp. 612–615.

[4] C. M. Adams and S. E. Tavares, The structured design of cryptographically goodS-boxes, Journal of Crytology, V. 3, 1990, No. 1. pp. 27–41.

[5] C. M. Adams and S. E. Tavares, Generating and Counting Binary Bent Sequences,IEEE Trans. on Inform. Theory, IT 36, No. 5, 1990, pp. 1170–1173.

[6] S. S. Agaian, Hadamard Matrrices and Their Applications, Lecture Notes in Math-ematics, 1168. Berlin, Heidelberg, New York, Tokyo: Springer-Verlag, 1985.

[7] S. V. Agievich, On the representation of bent-functions by bent-rectangles, In Pro-ceedings of the Fifth International Petrozavodsk Conference on Probabilistic Meth-ods in Discrete Mathematics (Petrozavodsk, June 1–6, 2000), Utrecht, Boston: VSP,2000, pp. 121–135.

[8] E. Akyildiz, I. S. Guloglu, and M. Ikeda, A Note on Generalized Bent Functions,Journal of Pure and Applied Algebra, V. 106, No. 1, 1996, pp. 1–9.

[9] A. A. Albert, Fundamental Concepts of High Algebra, Chicago: Univ. of ChicagoPress, 1956.

[10] A. P. Alferov, A. Yu. Zubov, A. S. Kuzmin, and A. V. Cheremushkin, Foundations ofCryptography, Moskva, Helios, Association of Russian Universities, 2001 (in Russian).

[11] A. S. Ambrosimov, Properties of q-valued logic (bent) functions over finite fields,Discretnaja matematika, vol. 6, issue 3, 1994, pp. 50–60 (in Russian).

[12] R. Anderson, Searching for the Optimum Correlation Attack, Fast Software Encryp-tion, Leuven’94, Lect. Notes in Comp. Sci. New York: Springer-Verlag, V. 1008,1995, pp. 137–143.

[13] R. Ash, Information Theory, New York, London, Sydney: Interscience Publishers, aDivision of John Wiley and Sons, 1967.

[14] G. S. Avsarkisyan, Boolean functions disjunctive decomposition with respect to allvariables, Computernye seti, Riga: Zinatne, vol. 1, pp. 78–94 (in Russian).

[15] A. V. Babash and G. P. Shankin, Cryptography, Moskva, Solon-R, 2000 (in Russian).

[16] R. D. Baker, J. H. van Lint, and R. M. Wilson, On the Preparata and GoethalsCodes, IEEE Trans. on Inform. Theory, IT–29, No. 3, 1983, pp. 342–345.

[17] L. A. Bassalygo, G. V. Zaitsev, and V. A. Zinov’ev, Uniformly packed codes, Problemsof Information Transmission, vol. 10, issue 1, 1974, pp. 6–9.

[18] L. A. Bassalygo and V. A. Zinoviev, Remark on Uniformly Packed Codes, Problemsof Information Transmission, vol. 13, issue 3, 1977, pp. 178–180.

[19] Applied Combinatorial Mathematics, E. E. Beckenbach (ed.) New York, London,Sydney: John Wiley & Sons, Inc., 1964.

305

306 BIBLIOGRAPHY

[20] I. Ben-Aroya and E. Biham, Differential Cryptanalysis of Lucifer, In Proceedings inAdvances of Cryptology: CRYPTO’93, Springer-Verlag, 1993, pp. 187–199.

[21] C. H. Bennet, G. Brassard, and J. M. Robert, Privacy Amplification by Public Dis-cussion, SIAM Journal on Computing, V. 17, 1988, pp. 210–229.

[22] E. R. Berlekamp, Algebraic Coding Theory, New York, St. Louis, San Francisco,Toronto, London, Sydney: McGrawHill, 1968.

[23] E. R. Berlekamp and L. R. Welch, Weight Distributions of the Cosets of the (32, 6)Reed–Muller Code, IEEE Trans. on Inform. Theory, IT–18, 1972, pp. 203–207.

[24] S. D. Berman and I. I. Grushko, On B-Functions Encountered in Modular Codes,Problems of Information Transmission, vol. 17, issue 2, 1981, pp. 82–88.

[25] T. A. Berson, Differential Cryptanalysis Mod 232 with Applications to MD5, In Pro-ceedings of Advances in Cryptology: EUROCRYPT’92, Lect. Notes in Comp. Sci.,Springer-Verlag, V. 658, 1992, pp. 71–80.

[26] T. Beth and C. Ding, On Almost Perfect Nonlinear Permutations, In Proceedings ofAdvances in Cryptology: EUROCRYPT’93, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 765, 1993, pp. 65–76.

[27] J. Bierbrauer, Bounds on orthogonal arrays and resilient functions, Journal of Com-binatorial Designs, V. 3, 1995, pp. 179–183.

[28] J. Bierbrauer, K. Gopalakrishnan, and D. R. Stinson, Bounds on Resilient Functionsand Orthogonal Arrays, In Proceedings of Advances in Cryptology: CRYPTO’94,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 839, 1994, pp. 247–256.

[29] J. Bierbrauer, K. Gopalakrishnan, and D. R. Stinson, Orthogonal arrays, resilientfunctions, error correcting codes and linear programming bounds, SIAM J. Discr.Math., V. 9, 1996, pp. 424–452.

[30] E. Biham, A. Biryukov, and A. Shamir, Cryptanalysis of Skipjack Reduced to31 Rounds Using Impossible Differentials, In Advances in Cryptology: EURO-CRYPT’99, Lect. Notes in Comp. Sci., New York: Springer-Verlag, 1999. V. 1592.pp. 12–23.

[31] E. Biham and A. Shamir, Differential Cryptanalysis of DES-like Cryptosystems,Journal of Cryptology, V. 4, No. 1, 1991, pp. 3–72.

[32] A. Biryukov, C. De Canniere, A. Braeken, and B. Preneel, A Toolbox for Cryptanal-ysis: Linear and Affine Equivalence Algorithms, In Advances in Cryptology: EURO-CRYPT’2003, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 2656, 2003,pp. 33–50.

[33] A. Biryukov, C. De Canniere, and M. Quisquater, On Multiple Linear Approxima-tions, http://www.iacr.eprint-arhiv, 2004.

[34] R. E. Blahut, Theory and Practice of Error Control Codes, Addison-Wesley Pub-lishing Company Inc., Reading, Massachusetts, Menlo Park, California, London,Amsterdam, Don Mills, Ontario, Sydney, 1984.

[35] R. E. Blahut, Fast Algorithms for Digital Signal Processing, Addison-Wesley Pub-lishing Company Inc., 1985.

[36] W. Blaser and P. Heinzmann, New Cruptographic Device with High Security UsingPublic Key Distribution, IEEE Student Papers, 1982, pp. 145–153.

[37] V. D. Bliznyuk and M. F. Kholodnyi, Application of Boolean derivatives to the prob-lem for Boolean function decomposition, Avtomatica i telemekhanica, issue 5, 1984,pp. 105–112 (in Russian).

[38] D. Bochmann and Ch. Posthoff, Binare dynamische Systeme, Berlin: Akademie-Verlag, 1981.

[39] A. A. Botev, On the relationship between correlation immunity, nonlinearity andweight for non-balanced Boolean functions, Matematicheskie voprosy kibernetiki, is-sue 11, Moskva, Fizmatlit, 2002, pp. 149–162 (in Russian).

BIBLIOGRAPHY 307

[40] A. E. Brouwer and L. M. Tolhuizen, A Sharpening of the Johnson Bound for BinaryLinear Codes, Design, Codes and Cryptography, V. 3, No. 1, 1993, pp. 95–98.

[41] R. A. Brualdi, N. Cai, and V. S. Pless, Orphan Structure of the First-Order Reed–Muller codes, Discrete Mathematics, V. 102, 1992, pp. 239–247.

[42] A. R. Calderbank, G. McGuire, B. Poonen, and M. Rubinstein, On a Conjecture ofHelleseth Regarding Pairs of Binary m-sequences, IEEE Trans. on Inform. Theory,V. 42, 1996, pp. 988–990.

[43] P. Camion, C. Carlet, P. Charpin and N. Sendrier, On Correlation Immune Func-tions, In Proceedings of Advances in Cryptology: CRYPTO’91, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 576, 1992, pp. 86–100.

[44] P. Camion and A. Canteaut, Construction of t-resilient functions over a finite al-phabet, Advances in Cryptology: Eurocrypt’96, Lect. Notes in Comp. Sci., V. 1070,1996, pp. 283–293.

[45] P. Camion and A. Canteaut, Generalization of Siegenthaler Inequality and Schorr–Vaudenay Multipermutations, Advances in Cryptology: CRYPTO’96, Lect. Notes inComp. Sci., V. 1109, 1996, pp. 372–386.

[46] P. Camion and A. Canteaut, Correlation Immune and Resilient Functions Over aFinite Alphabet and Their Applications in Cryptography, Designs Codes and Cryp-tography, V. 16, No. 2, 1999, pp. 121–149.

[47] A. Canteaut and E. Filiol, Ciphertext Only Reconstructing of Stream Ciphers Basedon Combination Generators, Fast Software Encruption’2000, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 1978, 2001, pp. 165–180.

[48] A. Canteaut, C. Carlet, P. Charpin, and C. Fontaine, Propagation Characteristicsand Correlation Immunity of Highly Nonlinear Boolean Functions, In Proceedings ofAdvances in Cryptology: EUROCRYPT’00, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 1807, 2000, pp. 507–522.

[49] A. Canteaut and M. Trabbia, Improved Fast Correlation Attacks Using Parity-Checkof Weight 4 and 5, In Proceedings of Advances in Cryptology: EUROCRYPT’00,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1807, 2000, pp. 573–588.

[50] A. Canteaut, C. Carlet, P. Charpin, and C. Fontaine, On Cryptographic Propertiesof the Cosets of RM(1,m), IEEE Trans. on Inform. Theory, V. 47, No. 4, 2001, pp.1494–1513.

[51] A. Canteaut, P. Charpin, and H. Dobbertin, Binary m-sequences with Three-ValuedCross-Correlation: A Proof of Welch’s Conjecture, IEEE Trans. on Inform. Theory,V. 46, No. 1, 2000, pp. 4–8.

[52] A. Canteaut, P. Charpin, and H. Dobbertin, Couples de suites binaires de longueurmaximale ayant une correlation croisee a trois valeurs: Conjecture de Welch, Ser. IMath., Paris: C. R. Acad. Sci., V. 328, 1999, pp. 173–178.

[53] A. Canteaut, P. Charpin, and H. Dobbertin, Weight Divisibility of Cycle Codes,Highly Nonlinear Functions on F2m , and Crosscorrelation of Maximum Length Se-quences, SIAM Journal of Discrete Mathematics, V. 13, No. 1, 2000, pp. 105–138.

[54] A. Canteaut, M. Daum, H. Dobbertin, and G. Leander, Normal and Non NormalBent Functions, Proceedings of International Workshop on Coding and Cryptogra-phy, March, 24–28, Versalles (France), 2003, pp. 91–100.

[55] C. Carlet, A transformation on Boolean Functions, its Consequences on some Prob-lems Related to Reed–Muller Codes, EUROCODES’90. Lect. Notes in Comp. Sci.,New York: Springer-Verlag, V. 514, 1991, pp. 42–50.

[56] C. Carlet, The Automorphism Groups of the Kerdock Codes, Journal of Information& Optimization Sciences, V. 12, No. 3, 1991, pp. 387–400.

[57] C. Carlet, Partially-bent functions, In Advances in Cryptology: CRYPTO’92, Lect.Notes in Comp. Sci., Springer-Verlag, V. 740, 1992, pp. 280–291.

308 BIBLIOGRAPHY

[58] C. Carlet, Partially-bent functions, Designs Codes and Cryptography, V. 3, 1993, pp.135–145.

[59] C. Carlet, Two new classes of bent functions, In Proceedings of Advances in Cryp-tology: EUROCRYPT’93, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 765, 1994, pp. 77–101.

[60] C. Carlet, Generalized Partial Spreads, IEEE Trans. on Inform. Theory, V. 41, No. 5,1995, pp. 1482–1487.

[61] C. Carlet, A constraction of bent functions, Seventh Joint Swedish-Russian Interna-tional Workshop on Information Theory, St. Petersburg, Russia, 1995, pp. 57–59.

[62] C. Carlet and Ph. Guillot, A characterization of binary bent functions, Journal ofCombinatorial Theory, Series A, V. 76, No. 2, 1996, pp. 328–335.

[63] C. Carlet and Ph. Guillot, An alternate characterization of the bentness of binaryfunctions, with uniqueness, Designs, Codes and Cryptography, V. 14, No. 2, 1998,pp. 33–140.

[64] C. Carlet, P. Charpin, and V. Zinoviev, Codes, bent functions and permutationssuitable for DES-like cryptosystems, Designs, Codes and Cryptography, V. 15, No. 15,1998, pp. 125–156.

[65] C. Carlet, Hyper-bent functions, PRAGOCRYPT’96, Praga: CTV, GC UCMP, 1996,pp. 145–155.

[66] C. Carlet, J. Seberry, and X. M. Zhang, Comments on Generating and countingbinary bent sequences, IEEE Trans. on Inform. Theory, V. 40, No. 2, 1994, p. 600.

[67] C. Carlet, More Correlation-Immune and Resilient Functions over Galois Fields andGalois Rings, In Proceedings of Advances in Cryptology: EUROCRYPT’97, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 1233, 1997, pp. 422–433.

[68] C. Carlet, On the Propagation Criterion of Degree l and Order k, In Proceedings ofAdvances in Cryptology: EUROCRYPT’98, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 1403, 1998, pp. 462–474.

[69] C. Carlet, On the Coset Weight Divisibility and Nonlinearity of Resilient and Corre-lation Immune Functions, Sequences and Their Applications: SETA’2001, DiscreteMathematics and Theoretical Computer Science, New York: Springer-Verlag, 2001,pp. 131–144.

[70] C. Carlet and P. Sarcar, Spectral Domain Analysis of Correlation Immune and Re-silient Boolean Functions, Finite Fields and Its Applications, V. 8, No. 1, 2002, pp.120–130.

[71] C. Carlet, A Large Class of Cryptographic Boolean Functions via a Study of theMaiorana–McFarland Constructions, In Proceedings of Advances in Cryptology:CRYPTO’02, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 2442, 2002,pp. 549–564.

[72] C. Carlet and E. Prouff, On plateaued functions and their constructions, Fast Soft-ware Encryption, 2003.

[73] C. Carlet and Yu. Tarannikov, Covering sequences of Boolean functions and theircryptographic significance, Designs, Codes and Cryptography, V. 25, 2002, pp.263–279.

[74] C. Carlet and A. Klapper, Upper Bounds on the Numbers of Resilient Functions andof Bent Functions.

[75] J. M. Carroll and L. E. Robbins, Using binary derivaties to test an enhancement ofDES, Cryptologia, V. 12, 1988, pp. 193–208.

[76] J. W. S. Cassels, Rational Quadratic Forms, London, New York, San Francisko:Academic Press, 1978.

[77] F. Chabaud and S. Vaudenay, Links between Differential and Linear Cryptanalysis,In Proceedings of Advances in Cryptology: EUROCRYPT’94, Lect. Notes in Comp.Sci, New York: Springer-Verlag, V. 950, 1995, pp. 356–365.

BIBLIOGRAPHY 309

[78] P. Charpin, A. Tietavainen, and V. Zinoviev, On Binary Cyclic Codes with MinimumDistance d = 3, Problems of information transmission, vol. 33, issue 4, 1997, pp. 287–296.

[79] D. Chaum and J. H. Evertse, Cryptanalysis of DES with a Reduced Number ofRounds; Sequences of Linear Factors in Block Ciphers, In Proceedings of Advancesin Cryptology: CRYPTO’85, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 218, 1986, pp. 192–211.

[80] S. Chee, S. Lee, and K. Kim, Semi-Bent Functions, In Proceedings of Advancesin Cryptology: ASIACRYPT’94, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 914, 1995, pp. 107–118.

[81] S. Chee, S. Lee, D. Lee, and S. Sung, On the Correlation Immune Functions andTheir Nonlinearity, In Proceedings of Advances in Cryptology: ASIACRYPT’96,Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 1163, 1996, pp. 232–243.

[82] J. H. Cheon and S. Chee, Elliptic Curves and Resilient Functions, ICISC’2000, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 2015, 2000, pp. 64–72.

[83] J. H. Cheon, Nonlinear Vector Resilient Functions, In Proceedings of Advances inCryptology: CRYPTO’2001, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 2139, 2001, pp. 458–479.

[84] V. Chepyzhov and B. Smeets, On Fast Correlation Attacks on Certain Stream Ci-phers, In Proceedings of Advances in Cryptology: EUROCRYPT’1991, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 547, 1991, pp. 176–185.

[85] V. Chepyzhov, T. Johansson, and B. Smeets, A Simple Algorithm for Fast Corre-lation Attacks on Stream Ciphers, Fast Software Encryption’2000, Lect. Notes inComp. Sci., New York: Springer-Verlag, V. 1978, 2000, pp. 181–195.

[86] A. V. Cheremushkin, Affine and linear classification methods for binary functions,Russian Academy of Sciences, Cryptographic Academy of Russian Federation, Trudypo diskretnoi matematike, Moskva, Fizmatlit, vol. 4, 2001, pp. 273–314 (in Russian).

[87] B. Chor, O. Goldreich, J. Hastad, J. Friedman, S. Rudich, and R. Smolensky, TheBit Extraction Problem for t-Resilient Functions, 26-th Symposium on Foundationsof Computer Science, 1985, pp. 396–407.

[88] P. Chose, A. Joux, and M. Mitton, Fast Correlation Attacks: an Algorithmic Point ofView, In Proceedings of Advances in Cryptology: EUROCRYPT’2002, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 2332, 2002, pp. 209–221.

[89] H. Chung and P. V. Kumar, A New General Construction for Generalized BentFunction, IEEE Trans. on Inform. Theory, V. 35, No. 1, 1989, pp. 206–209.

[90] J. Clark, J. Jacob, W. Millan, and S. Maitra, Evolution of Boolean Functions Satis-fying Multiple Criteria with Simulated Annealing, Preprint, 2002.

[91] G. Cohen, I. Honkala, A. Lobstein, and S. Litsyn, Covering codes, Elsevier, 1998.

[92] G. D. Cohen, M. G. Karpovsky, H. F. Mattson and, J. Schatz, Covering radius—survey and recent results, IEEE Trans. on Inform. Theory, IT-31, No. 3, 1985, pp.328–343.

[93] D. Coppersmith, The data encryption standard (DES) and its strength against at-tacks, Technical Report RC 18613 (81421), IBM Research Division, December 1992.

[94] H. Cramer, Mathematical Methods of Statistics, Princeton University Press, 1946.

[95] C. W. Curtis and I. Reiner, Representation theory of Finite Groups and Associa-tive Algebras, New York, London: Interscience Publishers, a division of John Wi-ley & Sons, 1962.

[96] Th. W. Cusick, Boolean functions satisfying a higher order strict avalanche criterion,In Proceedings of Advances in Cryptology: EUROCRYPT’93, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 765, 1988, pp. 102–117.

310 BIBLIOGRAPHY

[97] Th. W. Cusick and H. Dobbertin, Some New 3-valued Crosscorrelation Functionsof Binary m-sequences, IEEE Trans. on Inform. Theory, V. 42, No. 4, 1996, pp.1238–1240.

[98] Th. W. Cusick, On constructing balanced correlation immune functions, Sequencesand Their Applications, Proceedings of SETA’98, Springer Discrete Mathematicsand Theoretical Computer Science, 1999, pp. 184–190.

[99] M. Daum, H. Dobbertin, and G. Leander, An Algorithm for Checking Normality ofBoolean Function, Proceedings of International Workshop on Coding and Cryptog-raphy, March, 24–28, Versalles (France), 2003, pp. 133–142.

[100] M. H. Dawson and S. E. Tavares, An expanded set of S-box design criteria basedon information theory and its relation to differential-like attacks, In Proceedings ofAdvances in Cryptology: EUROCRYPT’91, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 547, 1991, pp. 352–367.

[101] P. Delsarte, J. M. Goethals, and F. J. MacWilliams, On Generalaized Reed–MullerCodes and Their Relatives, Information and Control, V. 16, 1970, pp. 403–442.

[102] P. Delsarte, An algebraic approach to the association schemes of coding theory,Philips Research Reports Supplements, V. 10, 1973.

[103] P. Delsarte, Four fundamental parameters of a code and their combinatorial signifi-cance, Information and Control, V. 23, No. 5, 1973, pp. 407–438.

[104] O. V. Denisov, Asymptotic number of the k-order correlation-immune Boolean func-tions, Diskretnaya matematika, vol. 3, issue 2, 1991, pp. 25–46 (in Russian).

[105] O. V. Denisov, Local limit theorem for random binary function part of spectrumdistribution, Diskretnaya matematika, vol. 12, issue 1, 2000, pp. 82–95 (in Russian).

[106] L. E. Dickson, Linear Groups, Leipzig: B. G. Teubner, 1901.

[107] J. Dieudonne, La Geometrie des Groupes classiques, Springer-Verlag, 1971.

[108] J. F. Dillon, A survey of bent functions, The NSA Technical Journal (unclassified),1972, pp. 191–215.

[109] F. J. Dillon, Elementary Hadamard Difference sets, Ph.D. Thesis, University ofMaryland, 1974.

[110] C. Ding, G. Xiao, and W. Shan, The Stability Theory of Stream Ciphers, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 561, 1991.

[111] H. Dobbertin, One-to-One Highly Nonlinear Power Functions on Finite Field withCharacteristic 2, Appl. Algebra Engr. Comm. Comp., V. 9, 1998, pp. 139–152.

[112] H. Dobbertin, Almost Perfect Nonlinear Power Functions on GF (2n), Preprint.

[113] H. Dobbertin, Another Proof of Kasami’s Theorem, Preprint.

[114] H. Dobbertin, Construction of Bent Functions and Balanced Boolean Functions withHigh Nonlinearity, Fast Software Encryption—Second International Workshop, Leu-ven (1994), Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1008, 1995,pp. 61–74.

[115] H. Dobbertin, One-to-One Highly Nonlinear Functions on Finite Field with Char-acteristic 2, Appl. Algebra Engrg. Comm. Comp., V. 9, 1998, pp. 139–152.

[116] H. Dobbertin, Almost Perfect Nonlinear Power Functions on GF (2n): The Nihocase, Inform. and Comp., V. 151, 1999, pp. 57–72.

[117] H. Dobbertin, Almost Perfect Nonlinear Power Functions on GF (2n): The Welchcase, IEEE Trans. Inform. Theory, V. 45, 1999, pp. 1271–1275.

[118] S. M. Dodunekov and V. A. Zinoviev, Note about Preparata codes, Trudy 6th Intern.Symp. Information Theory, Moskva–Tashkent, part 2, 1984, pp. 78–80 (in Russian).

[119] J. H. Evertse, Linear Structures in Blockciphers, In Proceedings of Advances inCryptology: EUROCRYPT’87, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 304, 1988, pp. 249–266.

[120] B. J. Falkowski, A Note on the Polynomial Form of Boolean Functions and RelatedTopics, IEEE Trans. on Computers, V. 48, No. 8, 1999, pp. 860–864.

BIBLIOGRAPHY 311

[121] M. Fedorova and Y. V. Tarannikov, On the Constructing of Highly Nonlinear Re-silient Boolean functions by Means of Special Matrices, Progress in Cryptology: IN-DOCRYPT’2001, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 2247,2001, pp. 254–266.

[122] A. Feinstein, Foundations of Information Theory, New York–Toronto–London:McGraw-Hill Book Company Inc., 1958.

[123] W. Feller, An Introduction to Probability Theory and its Appications, Third edition,John Wiley & Sons, 1968.

[124] E. Filiol and C. Fontaine, Highly Nonlinear Balanced Boolean Functions with aGood Correlation-Immunity, In Proceedings of Advances in Cryptology: EURO-CRYPT’98, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1403, 1998,pp. 475–488.

[125] C. Fontaine, On Some Cosets of the First-Order Reed–Muller Code with High Min-imum Weight, IEEE Trans. on Inform. Theory, V. 45, No. 4, 1999, pp. 1237–1243.

[126] R. Forre, The Strict Avalanche Criterion: Spectral Properties of Boolean Func-tions and an Extended Definition, In Proceedings of Advances in Cryptology:CRYPTO’88, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 403, 1989,pp. 450–468.

[127] R. Forre, A Fast Correlation Attack on Nonlinearly Feed Forward Filter Shift-Register Sequences, In Proceedings of Advances in Cryptology: EUROCRYPT’89,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 434, 1990, pp. 586–595.

[128] R. Forre, Methods and instruments for designing S-boxes, Journal of Crytology, V. 3,No. 2, 1990, pp. 115–130.

[129] J. Friedman, On the Bit Extraction Problem, 33-rd IEEE Symposium on Foundationsof Computer Science, 1982, pp. 314–319.

[130] R. G. Gallager, Low-density parity-check codes, MIT Press, Cambridge, MA, 1963.

[131] R. G. Gallager, Information Theory and Reliable Communication, New York, Lon-don, Sydney, Toronto: John Wiley & Sons Inc., 1968.

[132] M. I. Gelfand, Lectures on linear algebra, Moskva, Nauka, 1971; English transl.,Dover Publ., New York, 1983.

[133] A. Gill, Introduction to the Theory of Finite-State Machines, New York, San Fran-cisco, Toronto, London: McGraw-Hill Book Company Inc., 1962.

[134] J. M. Goethals and S. L. Snover, Nearly Perfect Codes, Discrete Mathematics, V. 3,1972, pp. 64–88.

[135] J. M. Goethals and H. van Tilborg, Uniformly Packed Codes, Philips Res. Reports,V. 30, 1975, pp. 9–36.

[136] R. Gold, Optimal binary sequences for spread-spectrum multiplexing, IEEE Trans.on Inform. Theory, V. 13, No. 4, 1967, pp. 619–621.

[137] R. Gold, Maximal recursive sequences with 3-valued recursive crosscorrelation func-tions, IEEE Trans. on Inform. Theory, V. 14, 1968, pp. 154–156.

[138] J. D. Golic, On Security of Nonlinear Filter Generators, Fast Software Encryption—Cambrige’96, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1039, 1996,pp. 173–188.

[139] J. D. Golic, Fast Low Order Approximation of Cryptographic Functions, In Proceed-ings of Advances in Cryptology: EUROCRYPT’96, Lect. Notes in Comp. Sci., NewYork: Springer-Verlag, V. 1070, 1996, pp. 268–282.

[140] S. W. Golomb, On classification of Boolean functions, IRE Trans. on Circuit Theory,V. 6, 1959, pp. 176–186.

[141] S. V. Golomb, Theory of transformation groups of polynomials over GF (2) withapplications to linear shift register sequences, Inform. Sci., V. 1, 1968, pp. 209–232.

312 BIBLIOGRAPHY

[142] I. B. Golubov, A. V. Efimov, and V. A. Skvortsov, Walsh series and transforms.Theory and application, Math. and Appl. (Soviet Series), 64, Kluwer, Dordrecht,1991.

[143] G. Gong and S. W. Golomb, Transform domain analysis of DES, IEEE Trans. onInform. Theory, IT-45, No. 6, 1999, pp. 2065–2073.

[144] G. Gong, Sequence Analysis, University of Waterloo, Canada, http://www.cacr.math.uwaterloo.

[145] K. Gopalakrishnan, D. G. Hoffman, and D. R. Stinson, A Note on a ConjectureConcerning Symmetric Resilient Functions, Information Processing Letters, V. 47,No. 3, 1993, pp. 139–143.

[146] K. Gopalakrishnan, A Study of Correlation-Immune, Resilient and Related Crypto-graphic Functions, Ph.D. Thesis, University of Nebraska, 1994.

[147] J. Gordon and H. Retkin, Are big S-boxes best?, In Proceedings of Advances inCryptology: EUROCRYPT’82, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 658, 1983, pp. 257–262.

[148] R. R. Green, A Serial Orthogonal Decoder, JPL Space Programms Summary,V. 37–39–IV, 1966, pp. 247–253.

[149] R. R. Green, Analysis of a Serial Orthogonal Decoder, JPL Space Programms Sum-mary, V. 37–53–III, 1968, pp. 185–187.

[150] A. A. Grusho, E. A. Primenko, and E. E. Timonina, Analysis and synthesis ofcryptographic algorithms. Lectures, Yoshkar-Ola, 2000 (in Russian).

[151] A. A. Grusho, E. A. Primenko, and E. E. Timonina, Cryptographic protocols,Yoshkar-Ola, 2001 (in Russian).

[152] A. E. Gukov and V. P. Chistyakov, Matrix approach to investigation of preimagesof the output sequence of a finite automaton, Obozrenie prikladnoi i promyshlennoimatematiki, Moskva, vol. 1, issue 1, 1994, pp. 108–117 (in Russian).

[153] X. Guo-Zhen and J. Massey, A Spectral Characterization of Correlation ImmuneCombining Functions, IEEE Trans. on Inform. Theory, V. 34, No. 3, 1988, pp.569–571.

[154] G. B. Gurevich, Foundations of the theory of algebraic invaraints, Moskva, OGIZ,1948; English transl., Nordhoof, Groningen, 1964.

[155] M. Hall, The Theory of Groups, The MacMillan Company, 1959.

[156] M. Hall, Jr., Combinatorial Theory, Blaisdell Publishing Company, Waltham(Massachusetts)–Toronto–London, 1967.

[157] Yu. S. Harin, V. I. Bernik, and G. V. Matveev, Matematical foundations of cryptol-ogy, Minsk, BGU, 1999 (in Russian).

[158] C. Harpes, G. Kramer, and J. L. Massey, A Generalization of Linear Cryptanalysisand the Applicability of Matsui’s Piling-up Lemma, In Proceedings of Advances inCryptology: EUROCRYPT’95, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 921, 1995, pp. 24–38.

[159] C. Harpes and J. L. Massey, Partitioning Cryptanalysis, Proceedings of Fast SoftwareEncryption Workshop’97, pp. 13–27.

[160] M. A. Harrison, Counting Theorems and Their Applications to Classification ofSwitching Functions, In Recent Development in Switching Theory, New York, 1971.

[161] T. Helleseth, Some Results about the Cross-Correlation Function between Two Max-imal Linear Sequences, Discrete Math., V. 16, 1976, pp. 209–232.

[162] T. Helleseth, T. Klove, and Mykkeltveit, On Covering Radius of Binary Codes, IEEETrans. on Inform. Theory, IT-24, No. 5, 1978, pp. 627–628.

[163] T. Helleseth, C. Rong, and D. Sandberg, New Families of Almost Perfect NonlinearPower Mappings, IEEE Trans. on Inform. Theory, IT-45, No. 2, 1999, pp. 475–485.

[164] T. Helleseth and V. P. Kumar, Sequences with Low Correlation, In: Handbook ofCoding Theory, North-Holland, Amsterdam, 1998, pp. 1765–1853.

BIBLIOGRAPHY 313

[165] H. Hollmann and Q. Xiang, A Proof of the Welch and Niho Conjectures on Cross-correlations of Binary m-sequences, Preprint, 1998.

[166] D. A. Huffman, Canonical Forms for Information-Lossless Finite State Logical Ma-chines, IRE Trans. Circuit Theory, Spec. Suppl, V. 6, 1959, pp. 41–59.

[167] H. Janwa, G. McGuire, and R. M. Wilson, Double-Error-Correcting Codes and Ab-solutely Irreducible Polynomials over GF (2), Journal of Algebra, V. 178, 1995, pp.665–676.

[168] H. Janwa and R. M. Wilson, Hyperplane sections of Fermat varieties in P 3 in char 2and some applications to cyclic codes, In Proceedings Applied Algebra, AlgebraicAlgorithms and Error-Correcting Codes, AAECC-10, Lect. Notes in Comp. Sci.,Berlin: Springer-Verlag, V. 673, 1993, pp. 180–194.

[169] S. Jiang and G. Gong, Cryptanalysis of Stream Ciphers—A Survey, http://

calliope.waterloo.ca/~ggong, 2002.

[170] T. Johansson and F. Jonsson, Improved Fast Correlation Attacks on Stream Ci-phers via Convolutional Codes, In Proceedings of Advances in Cryptology: EURO-CRYPT’99, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1592, 1999,pp. 347–362.

[171] T. Johansson and F. Jonsson, Fast Correlation Attacks Based on Turbo Code-Techiques, In Proceedings of Advances in Cryptology: CRYPTO’99, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 1666, 1999, pp. 181–197.

[172] T. Johansson and F. Jonsson, Fast Correlation Attacks through Reconstruction ofLinear Polynomials, In Proceedings of Advances in Cryptology: CRYPTO’00, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 1880, 2000, pp. 300–315.

[173] T. Johansson and F. Jonsson, Theoretical Analysis of a Correlation Attack Basedon Convolutional Codes, IEEE Trans. on Inform. Theory, V. 48, No. 8, 2002, pp.2173–2181.

[174] T. Johansson and E. Pasalic, A Constraction of Resilient Functions with HighNonlinearity, IEEE International Symposium on Information Theory: ISIT’2000,http://www.eprint.iacr.org, No. 2000/053.

[175] P. Junod, On the complexity of Matsui’s attack, In Proceedings of Selected Areas inCryptography: SAC’2001 (S. Vadenay, A. M. Youssef, eds.), Lect. Notes in Comp.Sci., Springer-Verlag, V. 2259, 2001, pp. 199–211.

[176] P. Junod, On the optimality of linear, differential, and sequential distinguishers, InProceedings of Advances in Cryptology: EUROCRYPT’2003 (E. Biham, ed.), Lect.Notes in Comp. Sci., V. 2656, 2003, pp. 17–32.

[177] Yu. I. Zhuravlev, Algorithms for constructing minimal disjunctive normal forms forfunctions of logic algebra, Diskretnaya matematika i matematicheskie voprosy kiber-netiki, vol. 1, Moskva, Nauka, 1974 (in Russian).

[178] B. S. Kaliski and M. J. B. Robshaw, Linear cryptanalysis using multiple approxima-tions, In Proceedings of Advances of Cryptology: CRYPTO’94 (Y. Desmedt, ed.),Lect. Notes in Comp. Sci., Springer-Verlag, V. 950, 1994, pp. 26–39.

[179] M. G. Karpovsky and E. S. Moskalev, Spectral methods for analysis and synthesisof discrete devices, Leningrad, Energiya, 1973 (in Russian).

[180] Yu. D. Karyakin, Fast Correlation Decoding of Reed-Muller Codes, Problems of In-formation Transmission, vol. 23, issue 2, 1987, pp. 121–129.

[181] T. Kasami, S. Lin, and W. W. Peterson, New Generalizations of Reed–Muller Codes.Part I: Primitive Codes, IEEE Trans. on Inform. Theory, IT-14, No. 2, 1968, pp.189–199.

[182] T. Kasami, S. Lin, and W. W. Peterson, Polynomial Codes, IEEE Trans. on Inform.Theory, IT-14, No. 6, 1968, pp. 807–814.

314 BIBLIOGRAPHY

[183] T. Kasami, Weight Distributions of Bose–Chaudhuri–Hocquenghem Codes, In Pro-ceedings of the Conference on Combinatorial Mathematics and Its Applications,Univ. of North Carolina Press, Chapel Hill, NC, 1969, pp. 335–357.

[184] T. Kasami, Weight Distributions of Bose–Chaudhuri–Hocquenghem Codes, In: Com-binatorial Math. Applications (R. C. Bose, T. A. Dowlings, eds.), Univ. of NorthCarolina Press, Chapel Hill, NC., 1969, Ch. 9.

[185] T. Kasami, The Weight Enumerators for Several Classes of Subcodes of the 2-ndOrder Binary Reed–Muller Codes, Information and Control, V. 18, 1971, pp. 369–394.

[186] T. Kasami and N. Tokura, On the Weight Structure of Reed–Muller Codes, IEEETrans. on Inform. Theory, IT-16, No. 6, 1970, pp. 752–825.

[187] T. Kasami, N. Tokura, E. Ivadari, and J. Inagaki, Coding theory, Transl. fromJapanese, Moskva, Mir, 1978 (in Russian).

[188] A. Kholosha and H. C. A. van Tilborg, Tensor Transform of Boolean Func-tions and Related Agebraic and Probabilistic Properties, http://www.iacr.org/

e-arhiv/2002/.

[189] K. Kim, A study on the construction and analysis of substitution boxes for symmetriccryptosystems, Ph.D. Thesis, Yokohama National Univeristy, Division of Electricaland Computer Engineering, 1990.

[190] K. Kim, T. Matsumoto, and H. Imai, On generating cryptographically desirable sub-stitutions, Transactions of the IEICE, V. 73, No. 7, 1990, pp. 1031–1035.

[191] D. P. Kirienko, Complete description of non-balanced correlation-immune of order 5Boolean functions of 5 variables, Trudy XXIII konferentsii molodykh uchenykh MGU“Sovremennye issledovania v matematike i mekhanike”, vol. 2, 9–14 April, 2001, pp.153–156 (in Russian).

[192] B. M. Kloss and E. N. Nechiporuk, On the classification of multivalued logic func-tions, Problemy kibernetiki, issue 9, 1963 (in Russian).

[193] L. Knudsen, Truncated and Higher Order Differentials, In Proceedings of FastSoftware Encryption, Second International Workshop, Lect. Notes in Comp. Sci.,Springer-Verlag, V. 1008, 1994, pp. 196–211.

[194] L. Knudsen and M. J. B. Robshaw, Non-Linear Approximation in Linear Cryptanal-ysis, In Proceedings of Advances of Cryptology: EUROCRYPT’96 (U. Maurer, ed.),Lect. Notes in Comp. Sci., Springer-Verlag, V. 1070, 1996, pp. 224–236.

[195] L. R. Knudsen and H. E. Mathiassen, A chosen-plaintext linear attack on DES, InProceedings of Fast Software Encryption – FSE’2000 (B. Schneier, ed.), Lect. Notesin Comp. Sci., Springer-Verlag, V. 1978, 2001, pp. 262–272.

[196] S. L. Kolbin, On some properties of mutually inverse systems of p-valued functions,Diskretnaya matematika, vol. 6, issue 2, 1994, pp. 145–149 (in Russian).

[197] V. D. Kolesnik and E. T. Mironchik, Cyclic codes decoding, Moskva, Svyaz, 1968 (inRussian).

[198] V. D. Kolesnik and G. Poltyrev, Lectures on Information Theory, Moskva, Nauka,1982 (in Russian).

[199] P. S. Korolev, Quadratic Boolean functions of high order stability, Matematicheskievoprosy kibernetiki, issue 11, Moskva, Fizmatlit, 2002, pp. 255–261 (in Russian).

[200] P. V. Kumar, R. A. Scholts, and R. L. Welch, Generalized bent functions and theirproperties, Journal of Combinatorial Theory, Series A, V. 40, No. 1, 1985, pp. 90–107.

[201] A. A. Kurmit, Automata without loss of information of finite order, Riga: Zinatne,1972 (in Russian).

[202] K. Kurosawa and T. Satoh, Generalization of higher order SAC to vector outputBoolean Functions, In Proceedings of Advances in Cryptology: ASIACRYPT’96,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1163, 1996, pp. 218–231.

BIBLIOGRAPHY 315

[203] K. Kurosawa and T. Satoh, Design of SAC/PC(l) of Oder k Boolean Functionsand Three Other Cryptographic Criteria, In Proceedings of Advances in Cryptology:EUROCRYPT’97, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1233,1998, pp. 434–449.

[204] K. Kurosawa, T. Satoh, and K. Yamamoto, Highly Nonlinear t-Resilient Functions,Journal of Universal Computer Science, V. 3, No. 6, 1997, pp. 721–729.

[205] K. Kurosawa, T. Iwata, and T. Yoshiwara, New covering radius of Reed–Muller codesfor t-resilient functions, SAC’2001, Lect. Notes in Comp. Sci., Springer-Verlag, No.2259, 2001, pp. 75–86.

[206] K. Kurosawa, T. Johansson, and D. Stinson, Almost k-wise Independent SampleSpaces and Their Cryptographic Applications, Journal of Cryptology, V. 14, No. 4,2001, pp. 231–253.

[207] Yu. V. Kuznetsov, Classes of Boolean functions invariant with respect to the identi-fication of variables, Dokl. Akad. Nauk SSSR, vol. 290, issue 4, 1986, pp. 780–785;English transl., Soviet Math. Dokl. 34 (1987), no. 2, 339–344.

[208] Yu. V. Kuznetsov and S. A. Shkarin, Reed–Muller codes (review), Matematicheskievoprosy kibernetiki, Moskva, Nauka, issue 6, 1996, pp. 5–50 (in Russian).

[209] Yu. V. Kuznetsov and V. V. Yashchenko, On estimation for the degree of nonlinearityof partial Boolean functions, Vestnik MGU, vol. 119, issue 6, 1993, pp. 36–40; Englishtransl., Moscow Univ. Math. Bull. 48 (1993), no. 6, 32–35.

[210] Yu. V. Kuznetsov and V. V. Yashchenko, On partial bent functions, Vestnik MGU,issue 5, 2000, pp. 3–6; English transl., Moscow Univ. Math. Bull. 55 (2000), no. 5,1–4.

[211] Yu. V. Kuznetsov and V. V. Yashchenko, On the plateaued Boolean functions, Proc.XII Intern. School-Semin. “Synthesis and Complexity of Control Systems”, Penza,15–21 October, Part I, Tsenter prikladnykh issledovanii pri mekh.-mat. MGU, 2001,pp. 129–136 (in Russian).

[212] Yu. V. Kuznetsov, On the number of nondegenerate Boolean forms, Proc. XI Intern.School-Semin. “Synthesis and Complexity of Control Systems”, Nizhnii Novgorod,20–25 November, Part I, Tsenter prikladnykh issledovanii pri mekh.-mat. MGU,2001, pp. 105–108 (in Russian).

[213] A. S. Kuzmin, V. L. Kurakin, A. V. Mikhalev, and A. A. Nechaev, Linear recurringsequences over rings and modules (Contemporary Math. and its Appl. Surveys, V. 10,Algebra 2, 1994, Moscow), J. of Math. Sciences, V. 76, No. 6, 1995, pp. 2793–2915.

[214] V. G. Labunets and O. P. Sitnikov, Harmonic analysis of Boolean functions andfuctions of k-valued logic over finite fields, Tekhnicheskaya kibernetika, issue 1, 1975,pp. 141–148 (in Russian).

[215] G. Lachaud and J. Wolfmann, The Weights of the Orthogonals of the ExtendedQuadratic Binary Goppa Codes, IEEE Trans. on Inform. Theory, V. 36, 1990, pp.686–692.

[216] X. Lai, J. Massey, and S. Murphy, Markov Ciphers and Differential Cryptanalysis,In Proceedings of Advances in Cryptology: EUROCRYPT’91, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 547, 1991, pp. 17–38.

[217] X. Lai, Higher Order Derivatives and Differential Cryptanalysis, Communicationsand Cryptography, Kluwer Academic Publishers, 1994, pp. 227–233.

[218] X. Lai, Additive and Linear Structures of Cryptographic Functions, Fast SoftwareEncryption, Second International Workshop, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 1008, 1995, pp. 75–85.

[219] S. Lang, Algebra, Addison-Wesley Publishing Company, Reading, Mass., 1965.

[220] R. J. Lechner, A Transform Approach to Logic Design, IEEE Trans. on Computers,C-19, No. 10, 1970, pp. 627–640.

316 BIBLIOGRAPHY

[221] S. Lee, S. Chee, Sa. Park, and Su. Park, Conditional Correlation Attack on NonlinearFilter Generators, In Proceedings of Advances in Cryptology: ASIACRYPT’96, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 1163, 1996, pp. 360–367.

[222] W. van Leekwijck and L. Van Linden, Cryptografische eigenschappen van Booleanfuncties, Thesis grad. ESAT Katholieke Universiteit Leuven, 1990.

[223] E. L. Lehmann, Testing Statistical Hypotheses, John Wiley, 1959.

[224] V. Levenshtein, Split orthogonal arrays and maximum independent resilient systemsof functions, Designs, Codes and Cryptography, V. 12, 1997, pp. 131–160.

[225] R. Lidl and H. Niederreiter, Finite Fields, Addison-Wesley Publishing Company,Reading, Massachusetts, 1983.

[226] M. Liu, P. Lu, and G. L. Mullen, Correlation-Immune Functions over Finite Fields,IEEE Trans. on Inform. Theory, V. 44, No. 3, 1998, pp. 1273–1278.

[227] A. S. Lloyd, Balance, Uncorrelatedness and the Strict Avalanche Criterion, TechicalReport of Hewlett–Packard Research Laboratories, Bristol, 1989, HPL-ISC-TM-89-012.

[228] A. S. Lloyd, Characterising and counting functions satisfying Strict Avalanche Cri-terion of order (n− 3), 2-nd IMA Conference on Cryptography and Coding, 1989.

[229] A. S. Lloyd, Counting functions satisfying a higher order strict avalanche criterion,In Proceedings of Advances in Cryptology: EUROCRYPT’89, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 434, 1990, pp. 63–74.

[230] A. S. Lloyd, Properties of Binary Functions, In Proceedings of Advances in Cryp-tology: EUROCRYPT’90, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 473, 1991, pp. 124–139.

[231] A. S. Lloyd, Counting binary functions with certain cryptographic properties, Journalof Cryptology, V. 5, No. 2, 1992, pp. 107–131.

[232] A. Lempel and M. Cohn, Maximal Families of Bent Sequences, IEEE Trans. onInform. Theory, V. 28, No. 6, 1982, pp. 865–868.

[233] A. S. Logachev, On a recursive decoding algorithm for subsets of first order Reed–Muller codes, Diskretnaya matematika, vol. 4, issue 2, 1992, pp. 130–135 (in Russian).

[234] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, (Bent) functions over afinite Abelian group, Diskretnaya matematika, vol. 9, issue 4, 1997, pp. 3–20 (inRussian).

[235] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Nondegenerate normal formof Boolean functions, Doklady RAN, vol. 373, issue 2, 2000, pp. 164–167 (in Russian).

[236] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, (Bent) functions and Booleancube partition, 12–th International Conference on Formal Power Series and AlgebraicCombinatorics FPSAC’00, Supplementary abstracts, Moskva, MSU, 2000, pp. 43–48(in Russian).

[237] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Some characteristics ofnonlinearity of group mappings, Diskretnyi analiz i issledovanie operatsii, Series 1,vol. 8, issue 1, 2001, pp. 40–54 (in Russian).

[238] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Normal form of map-pings of finite Abelian groups, International workshop “Diskretnaya matematika iprilozheniya”, 29 January–2 February, 2001, Part III, mekh.-mat. MGU, pp. 315–317 (in Russian).

[239] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Estimation of some pa-rameters of mappings of finite Abelian groups, International workshop “Diskretnayamatematika i prilozhenia”, 29 January–2 February, 2001, Part III, mekh.-mat. MGU,pp. 318–320 (in Russian).

[240] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, On inheritance of propertiesunder restrictions of Boolean functions, Diskretnaya matematika, vol. 9, issue 4,1997, pp. 3–20 (in Russian).

BIBLIOGRAPHY 317

[241] F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes,Amsterdam, New York, Oxford: North-Holland Publishing Company, 1977.

[242] S. Maitra and P. Sarkar, Enumeration of Correlation Immune Boolean Functions,4-th Australasian Conference on Information, Security and Privacy, Lect. Notes inComp. Sci., New York: Springer-Verlag, V. 1587, 1999, pp. 12–15.

[243] S. Maitra and P. Sarkar, Highly Nonlinear Resilient Functions Optimizing Siegen-thaler’s Inequality, In Proceedings of Advances in Cryptology: CRYPTO’99, Lect.Notes in Comp. Sci, New York: Springer-Verlag, V. 1666, 1999, pp. 198–215.

[244] S. Maitra and P. Sarkar, Hamming Weights of Correlation Immune Boolean Func-tions, Information Processing Letters, V. 71, No. 3–4, 1999, pp. 149–153.

[245] S. Maitra, Correlation Immune Boolean Functions with Very High Nonlinearity,http://www.eprint.iacr.org, No. 2000/054.

[246] S. Maitra, Autocorrelation Properties of Correlation Immune Boolean Functions, InProceedings of Progress in Cryptology: INDOCRYPT’2001, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 2247, 2001, pp. 242–253.

[247] S. Maitra, Boolean Functions with Important Cryptographic Properties, Ph. D. The-sis, Indian Statistical Institute, 2001.

[248] S. Maitra and P. Sarkar, Cryptographically Significant Boolean Functions with FiveValued Walsh Spectra, Theoretical Computer Science, V. 276, No. 1–2, 2002, pp.133–146.

[249] S. Maitra and E. Pasalic, Further Construction of Resilient Boolean Functions withVery High Nonlinearity, IEEE Trans. on Inform. Theory, V. 48, No. 7, 2002, pp.1825–1834.

[250] A. I. Maltsev, Foundations of linear algebra, W. H. Freeman & Co., San Francisco–London, 1963.

[251] A. A. Malyutin, Fast correlation decoding of some subsets of first order Reed–Mullercodes, Diskretnaya matematika, vol. 2, issue 2, 1990, pp. 155–158 (in Russian).

[252] Yu. I. Manin, Cubic forms, North-Holland, Amsterdam, 1986.

[253] M. Marcus and H. Minc, A Survey of Matrix Theory and Matrix Inequalities, Boston:Allyn and Bacon, Inc., 1964.

[254] A. W. Marshall and I. Olkin, Inequalities: Theory of Majorization and Its Applica-tions, Academic Press, New York–London–Toronto–Sydney–San-Francisco, 1979.

[255] J. L. Massey, Threshold Decoding, MIT Press, Cambridge, Massachusetts, 1963.

[256] J. L. Massey, Shift-Register syntesis and BCH decoding, IEEE Trans. on Inform.Theory, IT-17, 1969, pp. 464–466.

[257] S. Matsufuji and K. Imamura, Real-Valued Bent Function and Its Application tothe Design of Balanced Quadriphase Sequences with Optimal Correlation Properties,Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, 8-th Interna-tional Conference, AAECC-8, Tokyo, Japan, 1990, Lect. Notes in Comp. Sci., 508,Springer-Verlag, 1991.

[258] M. Matsui and A. Yamagishi, A new method for known plaintext attack of FEALcipher, In Proceedings of Advances in Cryptology: EUROCRYPT’92, Lect. Notes inComp. Sci., Berlin: Springer-Verlag, V. 658, 1992, pp. 1–91.

[259] M. Matsui, Linear cryptanalysis method for DES cipher, In Proceedings of Advancesin Cryptology: EUROCRYPT’93, Lect. Notes in Comp. Sci., Springer, V. 765, 1994,pp. 386–397.

[260] M. Matsui, On Correaltion Between the Order of S-boxes and the Strength of DES,In Proceedings of Advances in Cryptology: EUROCRYPT’94, Lect. Notes in Comp.Sci., Springer, V. 950, 1994, pp. 366–375.

[261] M. Matsui, The First Experimental Cryptanalysis of the Data Encryption Stan-dart, In Advances of Cryptology: CRYPTO’94, Lect. Notes in Comp. Sci., Springer,V. 839, 1995, pp. 1–11.

318 BIBLIOGRAPHY

[262] R. J. McEliece, On Periodic Sequences from GF (q), Journal on Combinatorial The-ory, Ser. A, V. 10, 1971, pp. 80–91.

[263] R. J. McEliece, Weight Congruences for p-ary Cyclic Codes, Discrete Math., V. 3,1972, pp. 177–192.

[264] R. J. McEliece, Finite Fields for Computer Scientists and Engineers, Kluwer Aca-demic Publishers, 2001.

[265] R. L. McFarland, A Family of Difference Sets in Non-cyclic Groups, Journal ofCombinatorial Theory (A), V. 15, No. 1, 1973, pp. 1–10.

[266] G. McGuire and A. Calderbank, Proof of Conjecture of Sarwate and Pursley Re-garding Pairs of Binary m-sequences, IEEE Trans. on Information Theory, V. 41,No. 4, 1995, pp. 1153–1155.

[267] W. Meier and O. Staffelbach, Nonlinearity Criteria for Cryptographic Functions, InProceedings of Advances in Cryptology: EUROCRYPT’89, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 434, 1990, pp. 549–562.

[268] W. Meier and O. Staffelbach, Fast Correlation Attacks on certain Stream Ciphers,Journal of Cryptology, V. 1, 1989, pp. 159–176.

[269] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography,CRC Press, 1996.

[270] J. M. Mihaljevic, M. P. C. Fossorier, and H. Imai, A Low-Complexity and High-Performance Algorithm for the Fast Correlation Attack, In Proceedings of FastSoftware Encryption’2000, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 1978, 2001, pp. 196–212.

[271] V. G. Mikhailov, On the number of preimages of an automaton output sequence,Obozrenie prikladnoi i promyshlennoi matematiki, Moskva, vol. 1, issue 1, 1994, pp.118–121 (in Russian).

[272] V. G. Mikhailov, Generalization of the theorem on the number of preimages of an au-tomaton output sequence, Obozrenie prikladnoi i promyshlennoi matematiki, Moskva,vol. 1, issue 1, 1994, pp. 122–125 (in Russian).

[273] V. G. Mikhailov, Asymptotic normality of the number of preimages of an automatonoutput sequence, Obozrenie prikladnoi i promyshlennoi matematiki, Moskva, vol. 1,issue 1, 1994, pp. 126–135 (in Russian).

[274] V. G. Mikhailov and V. P. Chistyakov, On problems of finite automata theory con-nected with the number of preimages of an output sequence, Obozrenie prikladnoi ipromyshlennoi matematiki, Moskva, vol. 1, issue 1, 1994, pp. 7–31 (in Russian).

[275] W. Millan, A. Clark, and E. Dawson, Heuristic Design of Cryptographically StrongBalanced Boolean Functions, In Proceedings of Advances in Cryptology: EURO-CRYPT’98, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1403, 1998,pp. 489–499.

[276] K. Miranovich, Spectral Analysis of Boolean Functions under Non-Uniformity ofArguments.

[277] C. J. Mitchell, Enumerating Boolean Functions of Cryptographic Significance, Jour-nal of Cryptology, V. 2, No. 3, 1990, pp. 155–170.

[278] S. P. Mo, L. Sangjin, and K. Kwangjo, Improving Bound for the Number of Cor-relation Immune Boolean Functions, Information Processing Letters, V. 61, No. 4,1997, pp. 209–212.

[279] D. E. Muller, Application of Boolean Algebra to Swithing Circuit Design and to ErrorDetection, IRE Transactions on Electronic Computers, V. 3, EC-1954, pp. 6–12.

[280] S. Murphy, The cryptanalysis of FEAL-4 with 20 chosen plaintexts, Journal of Cryp-tology, V. 3, No. 2, 1990, pp. 145–154.

[281] S. Murphy, P. Piper, M. Walker, and P. Wild, Likelihood estimation for block cipherkeys, Technical report, Information Security Group, Royal Holloway, University ofLondon, 1995.

BIBLIOGRAPHY 319

[282] J. J. Mykkeltveit, The Covering Radius of the (128, 8) Reed–Muller Code is 56, IEEETrans. on Inform. Theory, IT-26, No. 3, 1983, pp. 358–362.

[283] Mulan Liu, Peizhong Lu, and G. L. Mullen, Correlation-Immune Functions overFinite Fields, IEEE Trans. on Inform. Theory, V. 44, No. 3, 1998, pp. 1273–1278.

[284] P. Naudin and C. Quitte, Algoritmique Algebrique (avec exercices corriges), Paris,Milan, Barcelone, Bonn: MASSON, 1992.

[285] P. G. Nigmatulin, Boolean functions complexity, Moskva, Nauka, 1991 (in Russian).

[286] Y. Niho, Multi-Valued Cross-Correlation Functions between Two Maximal LinearRecursive Sequences, Ph.D. Thesis, USCEE Rep., 1972.

[287] V. A. Nosov, Regularity criterion for a Boolean nonautonomous automaton withdivided input, Intellektualnye sistemy, Moskva, MGU, Russian Technological ScienceAcademy, vol. 3, issue 3-4, 1998, pp. 269–280 (in Russian).

[288] V. A. Nosov, Construction of classes of latin squares in Boolean data base, Intellek-tualnye sistemy, Moskva, MGU, Russian Technological Science Academy, vol. 4, issue3-4, 1999, pp. 307–320 (in Russian).

[289] K. Nyberg, Constructions of Bent Functions and Difference Sets, In Proceedings ofAdvances in Cryptology: EUROCRYPT’90, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 473, 1991, pp. 151–160.

[290] K. Nyberg, Perfect nonlinear S-boxes, In Proceedings of Advances in Cryptology:EUROCRYPT’91, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 547,1991, pp. 378–386.

[291] K. Nyberg, On the Construction of Higly Nonlinear Permutations, In Proceedingsof Advances in Cryptology: EUROCRYPT’92, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 658, 1993, pp. 92–98.

[292] K. Nyberg and L. Knudsen, Provable Security Against Differential Cryptanalysis, InProceedings of Advances in Cryptology: CRYPTO’92, Lect. Notes in Comp. Sci.,New York: Springer-Verlag, V. 740, 1993, pp. 566–574.

[293] K. Nyberg, Differentially Uniform Mappings for Cryptography, In Proceedings ofAdvances in Cryptology: EUROCRYPT’93, Lect. Notes in Comp. Sci., New York:Springer-Verlag. V. 765. pp. 55–64.

[294] K. Nyberg, New Bent Mappings Suitable for Fast Implementation, Fast SoftwareEncryption, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 809, 1993,pp. 179–184.

[295] K. Nyberg, Linear Approximation of Block Ciphers, In Proceedings of Advancesin Cryptology: EUROCRYPT’94, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 950, 1994, pp. 439–444.

[296] K. Nyberg, S-boxes and Round Functions with Controllable Linearity and Differen-tial Uniformity, Fast Software Encryption Second International Workshop, Leuven,Belgium, 1994, Lect. Notes in Comp. Sci., New York: Springer-Verlag, 1994. V. 1008.pp. 111–130.

[297] K. Nyberg, S-Boxes and Round Functions with Controllable Linearity and Differ-ential Uniformity, Fast Software Encryption, Second International Workshop, Lect.Notes in Comp. Sci. New York: Springer-Verlag, V. 1008, 1995, pp. 111–130.

[298] L. J. O’Connor, Enumeration Nondegenerate Permutations, In Proceedings of Ad-vances in Cryptology: EUROCRYPT’91, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 547, 1992, pp. 368–377.

[299] L. J. O’Connor, An Analysis of Product Ciphers based on the Properties of BooleanFunctions, Ph.D. Dissertation, University of Waterloo, Waterloo, Ontario, Canada,1992, p. 171.

[300] J. D. Olsen, R. A. Scholtz, and L. R. Welch, Bent-Function Sequences, IEEE Trans.on Inform. Theory, V. 28, No. 6, 1982, pp. 858–864.

320 BIBLIOGRAPHY

[301] S. Palit and K. Roy, Cryptanalysis of LFSR-Encryption Codes with Unknown Com-bining Function, In Proceedings of Advances in Cryptology: ASIACRYPT’99, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 1716, 1999, pp. 306–320.

[302] S. Park, S. Lee, S. Sung, and K. Kim, Improving Bounds for the Number ofCorrelation-Immune Boolean Functions, Information Processing Letters, V. 61, 1997,pp. 209–212.

[303] E. Pasalic and T. Johansson, Further Results on the Relation Between Nonlinearityand Resiliency of Boolean Functions, IMA Conference on Cryptography and Coding,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1746, 1999, pp. 35–44.

[304] E. Pasalic, S. Maitra, T. Johansson, and P. Sarkar, New Constructions of Resilientand Correlation Immune Boolean Functions Achieving Upper Bounds on Nonlinear-ity, Workshop on Coding and Cryptography: WCC’2001, Paris, Electronic Notes inDiscrete Mathematics, New York: Elsevier Science, V. 6, 2001.

[305] E. Pasalic and S. Maitra, Linear Codes in Constructing Resilient Functions with HighNonlinearity, Selected Areas in Cryptography: SAC’2001, Lect. Notes in Comp. Sci.,New York: Springer-Verlag, V. 2259, 2001, pp. 60–74.

[306] E. Pasalic and S. Maitra, A Majorana–MacFarland Type Construction for Resilient

Boolean Functions on n Variables (n Even) with Nonlinearity > 2n−1−2n/2+2n/2−2,Proceedings of International Workshop on Coding and Cryptography, March, 24–28,Versailles (France), 2003, pp. 365–374.

[307] N. J. Patterson and D. H. Wiedemann, The Covering Radius of the (215, 16) Reed–Muller Code is at least 16276, IEEE Trans. on Inform. Theory, IT-29, No. 3, 1983,pp. 354–356.

[308] N. J. Patterson and D. H. Wiedemann, Correction to “The Covering Radius of the(215, 16) Reed–Muller Code is at least 16276”, IEEE Trans. on Inform. Theory, IT-36,No. 2, 1990, p. 443.

[309] W. W. Peterson and E. J. Jr. Weldon, Error-Correcting Codes, MIT Press, Cam-bridge, Massachusetts, London, England, 1972.

[310] J. P. Pieprzyk, Error Propagation Property and Application in Cryptography, IEEProc., Part E, V. 136, No. 4, 1989, pp. 262–270.

[311] J. P. Pieprzyk, Nonlinearity of exponent permutations, In Proceedings of Advancesin Cryptology: EUROCRYPT’89, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 434, 1990, pp. 80–92.

[312] J. P. Pieprzyk, On bent permutations, Technical Report: Department of ComputerScience, The University of New South Wales, CS91/11, 1991.

[313] J. P. Pieprzyk and G. Finkelstein, Towards effective nonlinear cryptosystem design,IEE Proceedings, part E: Computers and Digital Techniques, November, 6. Depart-ment of Computer Science, University of New South Wales, Australian Defence ForceAcademy, Canberra, ACT 2600, Australia, V. 135, Series E, 1988, pp. 325–335.

[314] V. Pless, Power Moment Identities on Weight Distributions in Error-CorrectingCodes, Information and Control, V. 6, 1963, pp. 147–152.

[315] Handbook on Coding Theory, V. I, II, V. S. Pless and W. C Huffman, Eds.,Amsterdam–New York–Oxford–Tokyo: Elsevier, 1998.

[316] G. N. Povarov, On group invariance of Boolean functions, Primenenie logiki vtekhnike, Moskva, Akad. Nauk SSSR, 1961, pp. 263–340 (in Russian).

[317] M. M. Postnikov, Lectures on geometry, Second semester, Linear algebra, Moskva,Nauka, 1986 (in Russian).

[318] B. Preneel, W. VanLeekwijck, L. Van Linden, R. Govaerts, and J. VanDewalle,Propagation Characteristics of Boolean Functions, In Proceedings of Advances inCryptology: EUROCRYPT’90, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 473, 1991, pp. 161–173.

BIBLIOGRAPHY 321

[319] B. Preneel, R. Govaerts, and J. Vandewalle, Boolean Functions Satisfying HigherOrder Propagation Criteria, In Proceedings of Advances in Cryptology: EURO-CRYPT’91, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 541, 1991,pp. 141–152.

[320] B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph.D. Thesis,Katholieke Universiteit Leuven, K. Merierlaan 94, 3001 Leuven, Belgium, 1993.

[321] F. P. Preparata, State-Logic Relations for Autonomous Sequential Networks, IEEETrans. Electronic Computers, V. 13, No. 5, 1964, pp. 542–548.

[322] F. P. Preparata, Convolutional Transformations of Binary Sequences: Boolean Func-tions and Their Resynchronizing Properties, IEEE Trans. Electron. Comp., V. 15,No. 6, 1966, pp. 398–409.

[323] I. S. Reed, A Class of Multiple-Error-Correcting Codes and the Decoding Scheme,IRE Trans. on Inform. Theory, IT-4, 1954, pp. 38–49.

[324] M. J. B. Robshaw, Stream Ciphers, RSA Laboratories, Technical Report TR-701,1995.

[325] F. Rodier, On the Nonlinearity of Boolean Functions, Proceedings of InternationalWorkshop on Coding and Cryptography, March, 24–28, Versailles (France), 2003,pp. 397–405.

[326] O. S. Rothaus, On Bent Functions, Journal of Combinatorial Theory (A), V. 20,No. 3, 1976, pp. 300–305.

[327] B. Roy, A brief outline of research on correlation immune functions, In Informa-tion security and privacy: 7-th Australasian conference, ACISP 2002, Melbourne,Australia, July 3–5, 2002, Lect. Notes in Comp. Sci., V. 2384, 2002, pp. 379–394.

[328] R. A. Rueppel, Analysis and Design of Stream Ciphers, New York: Springer-Verlag,1986.

[329] R. A. Rueppel, Stream Ciphers, In Contemporary Cryptography: the Science ofInformation Integrity, Ch. 2, IEEE Press, 1992, pp. 65–134.

[330] B. V. Ryazanov, On the distribution of spectral complexity of Boolean functions,Diskretnaya matematika, vol. 6, issue 2, 1994, pp. 111–119 (in Russian).

[331] B. V. Ryazanov and S. I. Checheta, On the approximation of a random Booleanfunction by a set of quadratic forms, Diskretnaya matematika, vol. 7, issue 3, 1995,pp. 129–145 (in Russian).

[332] Yu. L. Sagalovich, On group invarinace of Boolean functions, Uspekhi matematich-eskikh nauk, vol. 14, issue 6(90), 1959, pp. 191–195 (in Russian).

[333] P. Sarkar and S. Maitra, Construction of Nonlinear Boolean Functions with Impor-tant Cryptographic Properties, In Proceedings of Advances in Cryptology: EURO-CRYPT’2000, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1807, 2000,pp. 485–506.

[334] P. Sarkar and S. Maitra, Nonlinearity Bounds and Constructions of Resilient BooleanFunctions with Important Cryptographic Properties, In Proceedings of Advances inCryptology: CRYPTO’2000, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 1880, 2000, pp. 515–532.

[335] P. Sarkar, A Note on the Spectral Characterization of Correlation Immune BooleanFunctions, Information Processing Letters, V. 74, No. 5–6, 2000, pp. 191–195.

[336] P. Sarkar and S. Maitra, Balancedness and Correlation Immunity of SymmetricBoolean Functions, Preprint, 2000.

[337] P. Sarkar and S. Maitra, Cross-Correlation Analysis of Cryptographically UsefulBoolean Functions and S-boxes, Theory of Computing Systems, V. 35, No. 1, 2002,pp. 39–57.

[338] D. Sarwate and M. Pursley, Crosscorrelation Properties of Pseudorandom and Re-lated Sequences, Proc. IEEE, V. 68, 1980, pp. 593–619.

322 BIBLIOGRAPHY

[339] P. Savicky, On the bent Boolean functions that are symmetric, European Journal ofCombinatorics, V. 15, No. 4, 1994, pp. 407–410.

[340] P. Savicky, Bent functions and random Boolean formulas, Discrete Mathematics,V. 147, 1995, pp. 1–3.

[341] W. G. Schneeweiss, On the Polynomial Form of Boolean Functions: Derivations andApplications, IEEE Trans. on Computers, V. 47, No. 2, 1998, pp. 217–221.

[342] M. Schneider, Note on the Construction and Upper Bounds of Correlation-ImmuneFunctions, 6-th IMA Conference, 1997, pp. 295–306.

[343] J. Seberry, X.-M. Zhang, and Y. Zheng, Nonlinearly Balanced Boolean Functionsand Their Propagation Characteristics, Advances in Cryptology: CRYPTO’93, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 773, 1994, pp. 49–60.

[344] J. Seberry, X.-M. Zhang, and Y. Zheng, On the Constructions and Nonlinearity ofCorrelation Immune Boolean Functions, Advances in Cryptology: EUROCRYPT’93,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 765, 1994, pp. 181–199.

[345] J. Seberry, X.-M. Zhang, and Y. Zheng, Relationships Among Nonlinearity Criteria,In Proceedings of Advances in Cryptology: EUROCRYPT’94, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 950, 1995, pp. 376–388.

[346] J. Seberry, X.-M. Zhang, and Y. Zheng, Improving the Strict Avalanche Character-istics of Cryptographic Functions, Information Processing Letters, V. 50, 1994, pp.37–41.

[347] J. Seberry, X.-M. Zhang, and Y. Zheng, Nonlinearity and propagation characteristicsof balanced Boolean functions, Information and Computation, V. 119, 1995, pp. 1–13.

[348] J. Seberry, X.-M. Zhang, and Y. Zheng, The relationship Between Propagation Char-acteristics and Nonlinearity of Cryptographic Functions, Journal of Universal Com-puter Science, V. 1, No. 2, 1995, pp. 136–150.

[349] J. Seberry and X.-M. Zhang, Highly nonlinear 0-1 balanced Boolean functionssatisfying strict avalanche criterion, In Proceedings of Advances in Cryptology:AUSCRYPT’92, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 718,1993, pp. 145–155.

[350] A. A. Selcuk, On probability of success in linear and differential cryptanalysis, In Pro-ceedings of Security in Communication Networks: Third International Conference,SCN 2002, Amalfi, Italy, September 11–13, 2002 (S. Cimato, C. Galdi, G. Persiano,eds.), Lect. Notes in Comp. Sci., Springer-Verlag, V. 2576, 2002, pp. 174–185.

[351] N. V. Semakov, V. A. Zinoviev, and G. V. Zaitsev, Uniformly Packed Codes, Prob-lems of information transmission, vol. 7, issue 1, 1971, pp. 30–39.

[352] J. P. Serre, Cours D’Arithmetique, Paris: Presses Universitaires de France, 1970.

[353] B. A. Sevastyanov, Course on probability theory and matematical statistics, Moskva,Nauka, 1982 (in Russian).

[354] B. A. Sevastyanov and V. P. Chistyakov, On the number of input sequences cor-responding to the output sequences of a finite automaton, Obozrenie prikladnoi ipromyshlennoi matematiki, Moskva, vol. 1, issue 1, 1994, pp. 96–107 (in Russian).

[355] C. E. Shannon, Communication theory of secrecy systems, Bell System TechnicalJournal, V. 28, 1949, pp. 656–715.

[356] W. Shan, The Structure and the Construction of Correlation Immune Functions,MS Thesis, NTE Institute, Xian, 1987.

[357] V. Y. Shen, A. McKellar, and P. Weiner, A Fast Algorithm for the DisjunctiveDecomposition on Switching Functions, IEEE Trans. on Computers, V. 20., No. 3,1971, pp. 304–309.

[358] Shestakov, Ed., Synthesis of electronic computing and controlling schemes, Moskva,1954 (in Russian).

[359] V. M. Sidelnikov, On the mutual correlation of sequences, Problemy kibernetiki,A.A. Lyapunov, Ed., Moskva, Nauka, issue 24, 1971, pp. 15–42 (in Russian).

BIBLIOGRAPHY 323

[360] V. M. Sidelnikov and A. S. Pershakov, Decoding of Reed–Muller Codes with a LargeNumber of Errors, Problems of information transmission, vol. 28, issue 3, 1992, pp.269–281.

[361] V. M. Sidelnikov, Fast algorithms for constructing labeling set for arrays of discreteinformation, Russian Academy of Sciences, Cryptographic Academy of Russian Fed-eration, Trudy po diskretnoi matematike, Moskva, vol. 1, 1997, pp. 251–264 (inRussian).

[362] T. Siegenthaler, Correlation-immunity of Nonlinear Combining Functions for Cryp-tographic Applications, IEEE Trans. on Inform. Theory, IT-30, No. 5, 1984, pp.776–780.

[363] T. Siegenthaler, Design of Combiners to Prevent Divide and Conquer Attacks, InProceedings of Advances in Cryptology: CRYPTO’85, Lect. Notes in Comp. Sci.,New York: Springer-Verlag, V. 218, 1986, pp. 273–279.

[364] T. Siegenthaler, Cryptoanalysis of Nonlinearly Fitered ML-Sequences, Advances inCryptology: EUROCRYPT’85, Lect. Notes in Comp. Sci., New York: Springer-Verlag, 1988, pp. 103–110.

[365] T. Siegenthaler, Decrypting a Class of Stream Ciphers Using Ciphertext Only, IEEETrans. on Computers, V. 34, No. 1, C-1985, pp. 81–85.

[366] H.-U. Simon, A tight Ω(log logn)-bound on the time for parallel RAM’s to computenondegenerated boolean functions, FCT’83, Lect. Notes in Comp. Sci., V. 158, 1984,pp. 439–444.

[367] Pure algebra. A reference matematical library, L. A. Skornyakov, Ed., vols. 1, 2,Moskva, Nauka, 1990 (in Russian).

[368] V. I. Solodovnikov, (Bent)-functions from a finite Abelian group to a finite Abeliangroup, Discretnaya matematika, vol. 14, issue 1, 2002, pp. 99–113 (in Russian).

[369] D. R. Stinson, Resilient Functions and Large Sets of Orthogonal Arrays, CongressusNumerantium, 1993, V. 92, pp. 105–110.

[370] D. R. Stinson and J. L. Massey, An Infinite Class of Counterexamples to a ConjectureConcerning Non-linear Resilient Functions, Journal of Cryptology, V. 8, No. 3, 1995,pp. 167–173.

[371] I. Stradzin, Invariant groups of Boolean functions of four variables, Avtomatika ivychislitelnaya tekhnika, number 5, 1968, pp. 18–22 (in Russian).

[372] I. Stradzin, Affine classification of Boolean functions of five variables, Avtomatika ivychislitelnaya tekhnika, number 1, 1975, pp. 1–9 (in Russian).

[373] R. L. Stratonovich, Information theory, Moskva, Sovetskoe radio, 1975 (in Russian).

[374] T. Sugita, T. Kasami, and T. Fujiwara, The Weight Distribution of the Third OrderReed–Muller Codes of Length 512, IEEE Trans. on Inform. Theory, V. 42, No. 5,1996, pp. 1622–1625.

[375] S. N. Sumarokov, Prohibitions of binary functions and reversibility for a class ofcoding devices, Obozrenie prikladnoi i promyshlennoi matematiki, number 1, 1994,pp. 33–55 (in Russian).

[376] D. A. Suprunenko, Permutation groups, Minsk, Nauka i tekhnuka, 1996 (in Russian).

[377] Yu. V. Tarannikov, On the sets of l-balalnced Boolean sets and functions, Ph.D.Thesis, Moskva, 1994 (in Russian).

[378] Yu. V. Tarannikov, On the weight of l-balalnced Boolean functions, Diskretnyi analizi issledovanie operatsii, vol. 3, issue 1, 1995, pp. 80–81 (in Russian).

[379] Yu. V. Tarannikov, On some estimations of the weight of l-balalnced Boolean func-tions, Diskretnyi analiz i issledovanie operatsii, vol. 2, issue 4, 1995, pp. 80–96 (inRussian).

324 BIBLIOGRAPHY

[380] Yu. Tarannikov, On certain bounds for the weight of l-balanced Boolean functions,Mathematics and Its Applications, A. D. Korshunov (ed.), Operation Research andDiscrete Analysis, V. 391, 1997, pp. 285–299. http://ultra.inria.msu.ru/papers.html.

[381] Yu. V. Tarannikov, On the class of Boolean functions uniformly distributed over ballswith degree 1, Vestnik Mosk. Univ., Series 1, number 5, 1997, pp. 17–21; Englishtransl., Moscow Univ. Math. Bull. 52 (1997), no. 5, 18–22.

[382] Yu. Tarannikov, Limit values for the density of l-balanced k-valued functions definedover the Boolean cube, International Symposium on Combinatorial Optimization,Bruxelles, April 15–17, 1998, p. 191.

[383] Yu. Tarannikov, Ramsey-like theorems on the structure and numbers of higher ordercorrelation-immune functions, Moscow State University, French-Russian Institute ofApplied Mathematics and Informatics, Preprint No. 5, Moscow, October 1999, 20 pp.http://liapunov.inria.msu.ru/PERSONAL/Taran/index.html.

[384] Yu. Tarannikov, On a method for the constructing of cryptographically strong Booleanfunctions, Moscow State University, French-Russian Institute of Applied Mathemat-ics and Informatics, Preprint No. 6, Moscow, October 1999, 24 p. http://liapunov.inria.msu.ru/PERSONAL/Taran/index.html.

[385] Yu. V. Tarannikov, On the structure and number of correlation-immune functions ofthe highest orders, IX Internat. School-Sem. “Synthesis and Complexity of ControlSystems”, Nizhnii Novgorod, 16–19 December, 1998, Moskva, Izd. MGU, 1999, pp.81–92 (in Russian).

[386] Yu. Tarannikov, On resilient Boolean functions with maximum possible nonlinearity,Cryptology ePrint Archive (http://eprint.iacr.org/), Report 2000/005, March2000, 18 pp.

[387] Yu. Tarannikov, On some connections between codes and cryptographic properties ofBoolean functions, Proceedings of Seventh International Workshop on Algebraic andCombinatorial Coding Theory, Bansko, Bulgaria, June 18–24, 2000, pp. 299–304.

[388] Yu. Tarannikov, On the structure and numbers of higher order correlation-immunefunctions, Proceedings of 2000 IEEE International Symposium on Information The-ory ISIT2000, Sorrento, Italy, June 25–30, 2000, p. 185.

[389] Yu. Tarannikov, On resilient Boolean functions with maximal possible nonlinearity,Proceedings of Indocrypt 2000, Lect. Notes in Comp. Sci., Springer-Verlag, V. 1977,2000, pp. 19–30.

[390] Yu. Tarannikov and D. Kirienko, Spectral analysis of high order correlation im-mune functions, Cryptology ePrint Archive (http://eprint.iacr.org/), Report2000/050, October 2000, 8 pp.

[391] Yu. Tarannikov, New constructions of resilient Boolean functions with maximal non-linearity, Cryptology ePrint Archive (http://eprint.iacr.org/), Report 2000/069,December 2000, 11 pp.

[392] Yu. Tarannikov, New constructions of resilient Boolean functions with maximalnonlinearity, 8th Fast Software Encryption Workshop, Preproceedings, Yokohama,Japan, April 2–4, 2001, pp. 70–81.

[393] Yu. Tarannikov and D. Kirienko, Spectral analysis of high order correlation immunefunctions, Proceedings of 2001 IEEE International Symposium on Information The-ory ISIT’2001, Washington, DC, USA, June 2001, p. 69.

[394] Yu. Tarannikov, P. Korolev, and A. Botev, Autocorrelation coefficients and corre-lation immunity of Boolean functions, Proceedings of Asiacrypt 2001, Gold Coast,Australia, December 9–13, 2001, Lect. Notes in Comp. Sci., Springer-Verlag, V. 2248,2001, pp. 460–479.

BIBLIOGRAPHY 325

[395] Yu. V. Tarannikov, Number characteristics of Boolean functions, Discrete Math. andIts Appl., Collection of Lectures at Schools for Young Scientists on Discrete Math.and Its Appl., Moskva, Izdat. MGU, Part 1, 2001, pp. 129–144 (in Russian).

[396] Yu. V. Tarannikov, On the autocorrelation properties of correlation-immune func-tions, Proc. VII Intern. Sem. “Discrete Math. and Its Appl.”, 29 January–2 February,2001, Moskva, Izdat. MGU, Part 3, pp. 331–333 (in Russian).

[397] Yu. V. Tarannikov, On the correlation-immune and resilient Boolean functions,Matematicheskie voprosy kibernetiki, Moskva, Fizmatlit, issue 11, 2002, pp. 91–148(in Russian).

[398] H. C. A van Tilborg, On Weight in Codes, Technical Report 71-WSK-03, Depart-ment of Mathematics, Technological University of Eindhoven, Netherlands, 1971.

[399] V. D. Tonchev, Combinatorial Configurations, New York: Longman, Wiley, 1988.

[400] O. N. Vasilenko, Number-theoretic algorithms in cryptography, Moskva, 2003 (inRussian).

[401] L. Yu. Vasiliev and L. Yu. Glagolev, Metrical properties of disjunctive normal forms,Diskretnaya matematika i matematicheskie voprosy kibernetiki, V. C. Jablonskii andB. O. Lupanov, Eds., vol. 1, Moskva, Nauka, 1974, pp. 99–148 (in Russian).

[402] S. Vaudenay, On the weak keys of Blowfish, In Proceedings of Fast Software En-cryption, FSE’96 (D. Gollmann, ed.), Lect. Notes in Comp. Sci., Springer-Verlag,V. 1039, 1996, pp. 27–32.

[403] E. B. Vinberg and A. G. Elashvili, Classification of three-vectors in the nine-dimensional space, Trudy seminara po vektornomu i tenzornomu analizu, Moskva,MGU, 1974, pp. 197–233 (in Russian).

[404] I. M. Vinogradov, Elements of number theory, Dover, New York, 1954.

[405] F. S. Vinokurov and N. A. Peryazev, Polynomial decomposition of Boolean functions,Matem. Zametki, vol. 53, issue 2, 1993, pp. 25–29; English transl., Math. Notes 53(1993), no. 1–2, 130–133.

[406] B. L. van der Waerden, Algebra I, New York: Springer-Verlag, 1991; Algebra II, NewYork: Springer-Verlag, 1991.

[407] A. F. Webster and S. E. Tavares, On the Design of S-Boxes, In Proceedings of Ad-vances in Cryptology: CRYPTO’85, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 218, 1986, pp. 523–534.

[408] E. J. Weldon, Jr., New Generalizations of Reed–Muller Codes. Part II: NonprimitiveCodes, IEEE Trans. on Inform. Theory, IT-14, No. 2, 1968, pp. 199–205.

[409] R. Westwick, Irreducible Length of Trivectors of Rank Seven and Eight, Pacific Jour-nal of Mathematics, V. 80, No. 2, 1979, pp. 575–579.

[410] H. Wielandt, Finite Permutation Groups, Academic Press, 1964.

[411] S. V. Yablonskii, G. P. Gavrilov, and V. B. Kudryavtsev, Functions of the algebraof logic and the Post classes, Moskva, Nauka, 1966 (in Russian).

[412] S. V. Yablonskii, Introduction to the theory of functions of k-valued logic, Diskret-naya matematika i matematicheskie voprosy kibernetiki, Moskva, Nauka, vol. 1,1974.

[413] Y. X. Yang and B. Guo, Further Enumerating Boolean Functions of CryptographicSignificance, Journal of Cryptology, V. 8, No. 3, 1995, pp. 115–122.

[414] R. Yarlagadda and J. E. Hershey, Analysis and synthesis of bent sequences, Proc.IEE, part E, V. 136, No. 2, 1989, pp. 112–123.

[415] V. V. Yashchenko, Properties of Boolean mappings that are reducible to their coor-dinate functions, Vestnik MGU, Matematika, 1997, no. 4, pp. 11–13; English transl.,Moscow Univ. Math. Bull. 52 (1997), no. 4, 11–13.

[416] V. V. Yashchenko, On the Propagation Criterion for Boolean Functions and on BentFunctions, Problems of information transmission, vol. 33, issue 1, 1997, pp. 62–71.

326 BIBLIOGRAPHY

[417] V. V. Yashchenko, On the two characteristics of nonlinearity of Boolean mappings,Diskretnyi analiz i issledovanie operatsii, Series 1, vol. 5, number 2, 1998, pp. 90–96(in Russian).

[418] K. Yosida, Functional Analysis, Berlin: Springer-Verlag, 1965.

[419] A. M. Youssef and S. E. Tavares, Spectral Properties and Information Leakage ofMulti-Output Boolean Functions, Proc. 1995 IEEE International Symposium on In-formation Theory, p. 351.

[420] A. M. Youssef, T. W. Cusick, P. Stanica, and S. E. Tavares, New bounds on thenumber of functions satisfying strict avalanche criterion, Third Annual Workshopon Selected Areas in Cryptography, 1996.

[421] A. Youssef and G. Gong, Hyper-bent functions, In Proceedings of Advances in Cryp-tology: EUROCRYPT’2001, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 2045, 2001, pp. 406–419.

[422] L. A. Zalmanzon, Fourier, Walsh, and Haar transforms and their application incontrol, communication, and other areas, Moskva, Nauka, 1989 (in Russian).

[423] O. Zariski and P. Samuel, Commutative Algebra, Vols. I, II., D. Van NostrandCompany Inc., Princeton, 1958.

[424] G. V. Zaitsev, V. A. Zinoviev, and N. V. Semakov, Fast correlation decoding ofblock codes, Kodirovanie i peredacha diskretnykh soobshchenii v sistemakh svyazi,Moskva, Nauka, 1976 (in Russian).

[425] K. Zeng and M. Huang, On the Linear Syndrome Method in Cryptanalysis, In Pro-ceedings of Advances in Cryptology: CRYPTO’88, Lect. Notes in Comp. Sci., NewYork: Springer-Verlag, V. 403, 1990, pp. 469–478.

[426] K. Zeng, C. H. Yang, and T. R. N. Rao, An Improved Linear Syndrome Algo-rithm in Cryptanalysis with Applications, In Proceedings of Advances in Cryptology:CRYPTO’90, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 537, 1991,pp. 34–47.

[427] X.-M. Zhang and Y. Zheng, GAC—the Criterion for Global Avalanche Characteris-tics of Cryptographic Functions, Journal of Universal Computer Science, V. 1, No. 5,1995, pp. 320–337.

[428] X.-M. Zhang and Y. Zheng, Auto-Correlations and New Bounds on the Nonlinearityof Boolean Functions, In Proceedings of Advances in Cryptology: EUROCRYPT’96,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1070, 1996, pp. 294–305.

[429] X.-M. Zhang and Y. Zheng, Characterizing the structures of cryptographic func-tions satisfying the propagation criterion for almost all vectors, Designs, Codes andCryptography, V. 7, 1996, pp. 111–134.

[430] X.-M. Zhang and Y. Zheng, On the Difficulty of Constructing CryptographicallyStrong Substitution Boxes, Journal of Universal Computer Science, V. 2, No. 3, 1996,pp. 147–162.

[431] X.-M. Zhang and Y. Zheng, New Lower Bounds on Nonlinearity and a Class of HighNonlinear Functions, Information Security and Privacy: ACISP’97, Lect. Notes inComp. Sci., New York: Springer-Verlag, V. 1270, 1997, pp. 147–158.

[432] X.-M. Zhang and Y. Zheng, Cryptographically Resilient Functions, IEEE Trans. onInform. Theory, V. 43, No. 5, 1997, pp. 1740–1747.

[433] X.-M. Zhang, Y. Zheng, and H. Imai, Connections Between Nonlinearity and Re-strictions, Terms and Hypergraphs of Boolean Functions, ISIT, Cambridge, MA,USA, 1998, p. 439.

[434] J.-Z. Zhang, Z.-S. You, and Z. L. Li, Enumeration of Binary Orthogonal Arrays ofStrength 1, Discrete Mathematics, to appear.

[435] Y. Zheng and X.-M. Zhang, Improved Upper Bounds on Nonlinearity of High OrderCorrelation Immune Functions, Selected Areas in Cryptography: SAC’2000, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 2012, 2000, pp. 264–274.

BIBLIOGRAPHY 327

[436] Y. Zheng and X.-M. Zhang, On Relationships among Propagation Degree, Nonlin-earity, and Correlation Immunity, In Proceedings of Advances in Cryptology: ASI-ACRYPT’2000, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1976,2000, pp. 470–482.

[437] Y. Zheng and X.-M. Zhang, New Results on Correlation Immune Functions, Interna-tional Conference on Information Security and Cryptology: ICISC’2000, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 2015, 2001, pp. 49–63.

[438] Y. Zheng and X.-M. Zhang, On Plateaued Functions, IEEE Transactions on Infor-mation Theory, V. 47, No. 3, 2001, pp. 1215–1223.

[439] Y. Zheng and X.-M. Zhang, Relationships between Bent Functions and Comple-mentary Plateaued Functions, In Proceedings of the 2nd International Conferenceon Information Security and Cryptography, ICISC’99, Lect. Notes in Comp. Sci.,Berlin, Heidelbeg, New York: Springer-Verlag, V. 1787, 2000, pp. 60–75.

[440] K. H. Zimmermann, Beitrage zur algebraischen Codierungstheorie mittels modularerDarstellungstheorie, Bayreuth. Math. Schr., 1994, No. 48, 278 pp.

Index

(n, r)-forms, 103

RM -equivalence, 101

adder, 273

Advanced Encryption Standard, AES, 283

algebra over a field, 18

algebraic degree

of a function, 42

of a mapping, 249

algebraic system, 1

algorithm

deciphering, 281

decoding, 118

enciphering, 281

Euclidean, 13

Matsui 1, 296

Matsui 2, 296

almost equivalent mappings, 105, 238

array

of a code

standard, 118

orthogonal, 206

attack on the key, 283

automorphism

Frobenius, 30

internal, 6

of a field over another field, 30

of a group, 4

avalanche criterion, 261

strict, 261

strong of order t, 262

average

complexity, 285

reliability, 285

ball, 111

basis

biorthogonal, 189

canonical, 17

normal, 25

of a vector space, 17

polynomial, 25

bent set, 173

bent function, 166

partial, 173

bent mapping, 243

almost, 247

bias, 295

binary operation, 1associative, 1

block cipher, 281

key, 281

Boole, George, ix

Boolean functioncovering sequence of, 74

level of, 74

nontrivial, 74

degeneration structure of, 103

derivative of, 55

numerical normal form of, 50weight of, 45

boomerang method, 303

bound

Bose–Chaudhuri–Hocquenghem (BCH),133

Elias’, 112Hamming’s, 111

Singleton’s, 111

sphere-packing, 111

branching, 70

linear, 71

Burnside lemma, 80

canonical factorization of a polynomial, 15

center of a group, 7character

additive, 25

canonical, 25

distinguishing, 5

multiplicative, 26nontrivial, 5

of a group, 4

trivial, 5

characteristic

difference, 300

function, 239global avalanche, 266

linear, 295

329

330 INDEX

of a field, 11

polynomial

of an LRS, 272

of a register, 273

check polynomial, 123

check symbols, 111

cipher

A5, 70

stream, 70, 287

symmetric, 65

cipher algorithm

DES, 283

GOST 28147-89, 283

cipher standard

DES, 283

GOST 28147-89, 283

ciphertext, 281

block, 281

intermediate, 282

class

cyclotomic, 35, 54

equivalence, 2

Maiorana–McFarland, 173

of affine functions, 43

of maximum-nonlinear functions

M, 173

complete, 172

code

[n, k, d], 107

automorphism group of, 110

binary Golay, 135, 136

complementary, 123

completely regular, 254

constructive distance of, 134

cyclic, 120

nonzeros, 123

primitive, 122

with two zeros, 259

zeros, 123

dual, 109

equidistant, 117

generator matrix of, 109

Hadamard, 190

Hamming’s, 116

Kerdock, 159

linear

block, 107

determined by a mapping, 252

maximum length, 117

minimum distance of, 107

parity-check matrix of, 109

perfect, 117

Preparata, 160

primitive BCH, 134

narrow-sense, 134

punctured, 142

Reed–Muller, 139

set of code words of, 109

simplex, 117, 132

systematic, 111

uniformly packed, 254

weight function of, 114

weight spectrum of, 114

with maximum distance, 111

code dimension, 107

code distance, 107

dual, 250

external, 250

code rate, 107

code word, 107

coefficient

Fourier, 46

Walsh–Hadamard, 46

coefficients

spectral, 46

communication channel

discrete, 108

quantum-cryptographic, 203

completion of a class, 172

complexity

linear, 276

average of statistical classificationprocedure, 285, 286

confusion, 65

conjugate set, 6

constant, 12

constructive enumeration problem, 88

coordinates of a vector, 17, 37

correlation

attack, 294

decoding, 152

coset

leader, 118

of a code, 118

of a subgroup, 3

covering radius of a code, 107

covering sequence

perfect, 234

simple, 228

crosscorelation, 58

cryptanalysis

linear, 295

method, 281

statistical, 281

decision area, 284

decoder

complete, 119

incomplete, 119

decoding Hamming code, 117

deep hole, 166

delay device, 273

Delsarte’s inequality, 255

dependence

essential, 38

quasi-linear, 223

INDEX 331

derivativeof a Boolean function, 55of a polynomial, 16

deviation, 295difference table, 239diffusion, 65dimension of a space, 18

Dirac δ-function, 46discrepancy bits, 277distance

between Boolean functions, 45from a Boolean function to a set, 49Hamming, 44

distance of uniqueness, 284distributed computations, 203distribution of random variables, 196distributivity, 7divisor of an element of a ring, 9domain, 7dual bases, 24

elementof a ring

prime, 9generator of a cyclic group, 2

of a code, 107of a field

primitive, 23of a ring

reversible, 9of infinite order, 3

elementsconjugate, 6equivalent, 2of a field

conjugate, 29of a ring

associates, 9congruent modulo an ideal, 8

Elias bound, 112endomorphism of a group, 4entropy of a random variable, 196

conditional, 196enumerator, 81EPC(k, 0), 264EPC(k, t), 264epimorphism, 4equivalence relation, 2

equivalent codes, 110ergodic theory, 65EWHT, 188exponent of a group, 4extension degree, 17extension of a field, 10

of finite degree, 17

fast correlation attack, 294field, 7

finite, 19

of decomposition, 20

prime, 11

flag of subsets, 69

form

algebraic normal (ANF), 41

alternating, 92

associated, 92

symplectic, 92

Fourier transform, 114

function

d-optimal, 203

d-resilient, 203

affine, 43

argument of, 38

balanced

with respect to a matrix, 266

Boolean, 37

(c0, c1)-regular, 44

G-invariant, 79

c-regular, 44

balanced, 45

bent, 166

correlation-immune, 198

functionally separable, 42

maximum-nonlinear, 166

maximum-nonlinear for a subspace,178

nondegenerate, 102

partial, 181

regular, 44

weakly nondegenerate, 232

correlation-immune, 67

in a given direction, 201

cryptographic (discrete), 65

dual, 168

to a plateaued function, 180

dual to a partially defined mn-bentfunction, 182

Euler’s, 4

given as a linear branching, 71

group-theoretic classification of, 80

hyperbent, 189

linear, 43

linearly dependent on a variable, 42

Mobius, 33

nonlinearity of, 50

nonlinearly dependent on a variable, 42

partially defined d-resilient, 217

plateaued, 180

quadratic, 92

resilient, 67

self-dual, 168

symmetric, 44

functions

G-equivalent, 79

algebraically independent, 66

332 INDEX

generator matrix in the systematic form,111

generator polynomial, 122Gilbert–Varshamov bound, 112global avalanche characteristic, 169

absolute index, 266sum of squares, 266

GOST 28147-89, 283greatest common divisor of polynomials, 13Green’s scheme, 152group, 1

abelian, 1center of, 7commutative, 1complete affine, 86cyclic, 2finite, 2Galois, 30general linear, 85infinite, 2isomorphism, 4of affine transformations, 86of inverted variables, 84of linear transformations, 85of permutations of variables, 84of residue classes, 2of roots of unity, 3of shifts, 84

group action on a set of functions, 78Group Special Mobile, GSM, 70

Hamming bound, 111Hamming code, 116homomorphism, 4

of rings, 9hyperbent function, 189

idealminimal, 28of a ring

maximal, 9prime, 9principal, 8two-sided, 8

idempotent, 125primitive, 128proper, 27, 125

identity element of a group, 1image

branching, 70of a group homomorphism, 4

impossible differentials, 302independent random variables, 196index

of q modulo n, 34of a subgroup, 3of linearity, 70

informationmutual, 197

information symbols, 111

intersection of codes, 127

invariant of a group, 88complete, 88

inverse element, 1

isomorphic vector spaces, 17

isomorphism, 4iteration cipher, 282

Jensen’s inequality, 114

Jevons group, 85

kernel

of a bilinear form, 159

of a homomorphism, 6

of a ring homomorphism, 9of a symplectic matrix, 159

key schedule, 283

Kravchuk polynomials, 116, 227

large set of orthogonal arrays, 207

least common multiple of polynomials, 14

length

of a codeprimitive, 122

of a register, 273

linear

combination, 17complexity, 275

cryptanalysis method, 295

feedback shift register (LFSR), 272recursive sequence (LRS), 272

space, 16

span, 275, 276

structure, 67translator, 67

linearity subspace of a mapping, 68

Lloyd polynomial, 255locators of a vector, 255

MacWilliams identity, 115

mapping

(n, k, d)-resilient, 203, 205almost perfect nonlinear, 245

associated with a function, 70

balanced, 66

branched, 70branching, 70

complete, 261

defined by a polynomial, 16linearity index, 70

perfect nonlinear, 243

plateaued, 247

polynomial, 250resilient, 67, 203

material, 283

volume of, 283matrix

Hadamard, 167

INDEX 333

symplectic, 92, 158

Matsuialgorithm 1, 296

algorithm 2, 296maximum-nonlinear functions

PS, 177PS+, 176PS−, 176

class D, 177class D0, 177

methodboomerang, 303

of conditional differentials, 302of multiple approximation, 302of partial differentials, 302

rectangle, 303minimal polynomial of a sequence, 274

minimum period of a sequence, 271mixing, 65

mn-bent functionpartially defined, 181

mn-functionpartially bent, 178

multiplicity of a root, 16

natural cryptographic assumption, 298

Neyman–Pearson lemma, 290nonlinearity, 67

generalized, 188nonzeros of a cyclic code, 123

norm, 24absolute, 24

normalizer

of a set, 7of an element, 7

operator

fixing some of the variables, 73projection, 72

taking a Boolean derivative, 73optimal Bayes procedure, 287

orbit index, 77order

lexicographic, 38

of a group, 2of a polynomial, 31

of an element of a group, 3partial, 41

orthogonality equations, 47

pair of variablescovering, 226quasi-linear, 223

Parseval’s equation, 48partial spreads, 177

PC(k, t), 264period, 271

of a polynomial, 31of a sequence, 271

of a shortened row of values of afunction, 189

periodic sequence, 271Peterson–Gorenstein–Zierler decoder, 271piling-up lemma, 299plaintext, 281

block, 281

plateaued functioncomplementary, 185of order 2r, 180

Pless identities, 251Polya’s theorem, 82polynomial, 12

characteristic of an element, 30constant, 12constant term of, 12cyclotomically homogeneous, 54cyclotomically reduced, 54degree of, 12dual, 31generator of a cyclic code, 122irreducible, 14Kravchuk, 227leading coefficient of, 12minimal, 28monic, 12primitive, 32quadratic, 256reducible, 14root of, 16

multiple, 16simple, 16

unitary, 12Zhegalkin, 41

pre-period of a sequence, 271procedure for statistical classification, 283product

Kronecker, 151of elements of a group, 2scalar, 26

of vectors, 45propagation criteria, 67, 201, 261

of degree k and order t, 264extended, 264

propagation matrix, 264property

reducible, 72secondary, 73

quotient group, 6quotient ring, 9

rectangle method, 303Reed’s decoding algorithm, 146reflectivity, 2reliability

of an algorithm, 285representative of a cyclotomic class, 54residue class, 8

334 INDEX

resilient, 203

Rijndael, 283

ring, 7

commutative, 7

division, 7

domain, 7

irreducible, 27

of polynomials over a field, 12

principal ideal domain, 9

reducible, 27

with identity, 7

root of unity, 34

primitive, 34

Rothaus criterion, 169

round, 282

subkey, 282

transformation, 282

row operations, 110

SAC(t), 262

self-information of an event, 195

set

difference, 169

simple Hadamard, 169

generating a subgroup, 3

of a code

characteristic, 250

generating, 255

Shannon’s principles, 66

shift operator, 272

Siegenthaler inequality, 202

Singleton bound, 111

skew field, 7

space

r-nonlinearity of, 69

branching, 70

vector, 37

stabilizer of a function, 79

stable subspace, 170

statistical classisfication, 283

statistical cryptanalysis method, 281

stream cipher, 65

subalgebra, 18

subfield, 10

proper, 10

subfunction, 39

subgroup, 3

generated by a set, 3

generated by an element, 3

nontrivial, 3

normal, 6

subkey, 282

subring, 8

sum

of codes, 127

of elements of a group, 2

summandin ANF, 42in Zhegalkin polynomial, 42

weight, 42linear, 42

support of an element, 206symmetry, 2

syndrome vector, 118

tabular method, 38trace, 23, 53

absolute, 23relative, 54

trace equvalence, 53transform

fast Hadamard, 151Fourier, 46Mobius, 41Walsh–Hadamard, 46

extended, 188incomplete, 181

transitivity, 2triangle inequality, 45trigger, 273truth table, 206

type of a permutation, 77

ultimately periodic sequence, 271unknown, 12

variable, 12covering, 226essential, 38fictitious, 38

adding, 39deleting, 39

linear, 223nonessential, 38

variable of a function, 38vector, 16, 37

r-covered by a code, 107preceding, 41

strictly, 41vector space, 16

isomorphism of, 17

weightHamming, 41of a function, 81of an equivalence class, 81

word error probability, 120

zero elementof a ring, 7

of a group, 2zero tail expansion, 276zerodivisors, 7zeros of a cyclic code, 123

Selected Titles in This Series

241 O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Boolean Functions inCoding Theory and Cryptography, 2012

240 Kazuya Kato, Nobushige Kurokawa, and Takeshi Saito, Number Theory 2, 2011

239 I. Ya. Novikov, V. Yu. Protasov, and M. A. Skopina, Wavelet Theory, 2011

238 Leonid L. Vaksman, Quantum Bounded Symmetric Domains, 2010

237 Hitoshi Moriyoshi and Toshikazu Natsume, Operator Algebras and Geometry, 2008

236 Anatoly A. Goldberg, Iossif V. Ostrovskii, and Iossif V. Ostrovskii, ValueDistribution of Meromorphic Functions, 2008

235 Mikio Furuta, Index Theorem. 1, 2007

234 G. A. Chechkin, G. A. Chechkin, A. L. Piatnitski, A. L. Piatnitski, A. S.

Shamaev, and A. S. Shamaev, Homogenization, 2007

233 A. Ya. Helemskii, Lectures and Exercises on Functional Analysis, 2006

232 O. N. Vasilenko, Number-Theoretic Algorithms in Cryptography, 2007

231 Kiyosi Ito, Essentials of Stochastic Processes, 2006

230 Akira Kono and Dai Tamaki, Generalized Cohomology, 2006

229 Yu. N. Lin′kov, Lectures in Mathematical Statistics, 2005

228 D. Zhelobenko, Principal Structures and Methods of Representation Theory, 2006

227 Takahiro Kawai and Yoshitsugu Takei, Algebraic Analysis of Singular PerturbationTheory, 2005

226 V. M. Manuilov and E. V. Troitsky, Hilbert C∗-Modules, 2005

225 S. M. Natanzon and S. M. Natanzon, Moduli of Riemann Surfaces, Real AlgebraicCurves, and Their Superanalogs, 2004

224 Ichiro Shigekawa, Stochastic Analysis, 2004

223 Masatoshi Noumi, Painleve Equations through Symmetry, 2004

222 G. G. Magaril-Il’yaev and V. M. Tikhomirov, Convex Analysis: Theory andApplications, 2003

221 Katsuei Kenmotsu, Surfaces with Constant Mean Curvature, 2003

220 I. M. Gelfand, S. G. Gindikin, and M. I. Graev, Selected Topics in IntegralGeometry, 2003

219 S. V. Kerov, Asymptotic Representation Theory of the Symmetric Group and itsApplications in Analysis, 2003

218 Kenji Ueno, Algebraic Geometry 3, 2003

217 Masaki Kashiwara, D-modules and Microlocal Calculus, 2003

216 G. V. Badalyan, Quasipower Series and Quasianalytic Classes of Functions, 2002

215 Tatsuo Kimura, Introduction to Prehomogeneous Vector Spaces, 2002

214 L. S. Grinblat, Algebras of Sets and Combinatorics, 2002

213 V. N. Sachkov and V. E. Tarakanov, Combinatorics of Nonnegative Matrices, 2002

212 A. V. Mel′nikov, S. N. Volkov, and M. L. Nechaev, Mathematics of FinancialObligations, 2002

211 Takeo Ohsawa, Analysis of Several Complex Variables, 2002

210 Toshitake Kohno, Conformal Field Theory and Topology, 2002

209 Yasumasa Nishiura, Far-from-Equilibrium Dynamics, 2002

208 Yukio Matsumoto, An Introduction to Morse Theory, 2002

207 Ken’ichi Ohshika, Discrete Groups, 2002

206 Yuji Shimizu and Kenji Ueno, Advances in Moduli Theory, 2002

205 Seiki Nishikawa, Variational Problems in Geometry, 2002

204 A. M. Vinogradov, Cohomological Analysis of Partial Differential Equations andSecondary Calculus, 2001

203 Te Sun Han and Kingo Kobayashi, Mathematics of Information and Coding, 2002

202 V. P. Maslov and G. A. Omel’yanov, Geometric Asymptotics for Nonlinear PDE. I,2001

SELECTED TITLES IN THIS SERIES

201 Shigeyuki Morita, Geometry of Differential Forms, 2001

200 V. V. Prasolov and V. M. Tikhomirov, Geometry, 2001

199 Shigeyuki Morita, Geometry of Characteristic Classes, 2001

198 V. A. Smirnov, Simplicial and Operad Methods in Algebraic Topology, 2001

197 Kenji Ueno, Algebraic Geometry 2, 2001

196 Yu. N. Lin′kov, Asymptotic Statistical Methods for Stochastic Processes, 2001

195 Minoru Wakimoto, Infinite-Dimensional Lie Algebras, 2001

194 Valery B. Nevzorov, Records: Mathematical Theory, 2001

193 Toshio Nishino, Function Theory in Several Complex Variables, 2001

192 Yu. P. Solovyov and E. V. Troitsky, C∗-Algebras and Elliptic Operators inDifferential Topology, 2001

191 Shun-ichi Amari and Hiroshi Nagaoka, Methods of Information Geometry, 2000

190 Alexander N. Starkov, Dynamical Systems on Homogeneous Spaces, 2000

189 Mitsuru Ikawa, Hyperbolic Partial Differential Equations and Wave Phenomena, 2000

188 V. V. Buldygin and Yu. V. Kozachenko, Metric Characterization of RandomVariables and Random Processes, 2000

187 A. V. Fursikov, Optimal Control of Distributed Systems. Theory and Applications, 2000

186 Kazuya Kato, Nobushige Kurokawa, and Takeshi Saito, Number Theory 1, 2000

185 Kenji Ueno, Algebraic Geometry 1, 1999

184 A. V. Mel′nikov, Financial Markets, 1999

183 Hajime Sato, Algebraic Topology: An Intuitive Approach, 1999

182 A. V. Bocharov, V. N. Chetverikov, S. V. Duzhin, N. G. Khor’kova, A. V.Samokhin, Yu. N. Torkhov, and A. M. VerbovetskySymmetries and ConservationLaws for Differential Equations of Mathematical Physics, 1999

181 Ya. G. Berkovich and E. M. Zhmud′, Characters of Finite Groups. Part 2, 1999

180 A. A. Milyutin and N. P. Osmolovskii, Calculus of Variations and Optimal Control,1998

179 V. E. Voskresenskiı, Algebraic Groups and Their Birational Invariants, 1998

178 Mitsuo Morimoto, Analytic Functionals on the Sphere, 1998

177 Satoru Igari, Real Analysis—With an Introduction to Wavelet Theory, 1998

176 L. M. Lerman and Ya. L. Umanskiy, Four-Dimensional Integrable HamiltonianSystems with Simple Singular Points (Topological Aspects), 1998

175 S. K. Godunov, Modern Aspects of Linear Algebra, 1998

174 Ya-Zhe Chen and Lan-Cheng Wu, Second Order Elliptic Equations and EllipticSystems, 1998

173 Yu. A. Davydov, M. A. Lifshits, and N. V. Smorodina, Local Properties ofDistributions of Stochastic Functionals, 1998

172 Ya. G. Berkovich and E. M. Zhmud′, Characters of Finite Groups. Part 1, 1998

171 E. M. Landis, Second Order Equations of Elliptic and Parabolic Type, 1998

170 Viktor Prasolov and Yuri Solovyev, Elliptic Functions and Elliptic Integrals, 1997

169 S. K. Godunov, Ordinary Differential Equations with Constant Coefficient, 1997

168 Junjiro Noguchi, Introduction to Complex Analysis, 1998

167 Masaya Yamaguti, Masayoshi Hata, and Jun KigamiMathematics of Fractals, 1997

166 Kenji UenoAn Introduction to Algebraic Geometry, 1997

165 V. V. Ishkhanov, B. B. Lur′e, and D. K. Faddeev, The Embedding Problem inGalois Theory, 1997

For a complete list of titles in this series, visit theAMS Bookstore at www.ams.org/bookstore/.

MMONO/241 www.ams.orgAMS on the Web

For additional informationand updates on this book, visit

www.ams.org/bookpages/mmono-241

This book offers a systematic presentation of cryptographic and code-theoretic aspects of the theory of Boolean functions. Both classical and recent results are thoroughly presented. Prerequisites for the book include basic knowledge of linear algebra, group theory, theory of fi nite fi elds, combinatorics, and probability. The book can be used by research mathematicians and graduate students interested in discrete mathematics, coding theory, and cryptography.