MATHEMATICAL MONOGRAPHS
-
Upload
khangminh22 -
Category
Documents
-
view
3 -
download
0
Transcript of MATHEMATICAL MONOGRAPHS
Translations of
MATHEMATICAL MONOGRAPHS
Volume 241
American Mathematical Society
Boolean Functions in Coding Theory and Cryptography
O. A. LogachevA. A. SalnikovV. V. Yashchenko
Translations of
MATHEMATICAL MONOGRAPHS
ΑΓ
ΕΩ
ΜΕ
ΕΙΣ
ΙΤΩ
ΤΡΗΤΟΣ ΜΗ
FOUNDED 1888
AM
ER
ICA
N
MATHEMATICALSO
CIE
TY
American Mathematical SocietyProvidence, Rhode Island
Volume 241
Boolean Functions in Coding Theory and CryptographyO. A. Logachev A. A. Salnikov V. V. Yashchenko
10.1090/mmono/241
EDITORIAL COMMITTEE
AMS SubcommitteeRobert D. MacPherson Grigorii A. Margulis James D. Stasheff (Chair)
ASL Subcommittee Steffen Lempp (Chair)IMS Subcommittee Mark I. Freidlin (Chair)
O. A. Logaqev, A. A. Salnikov, V. V. wenko
BULEVY FUNKCII V TEORII KODIROVANI IKRIPTOGRAFII
M.: MCNMO, 2004This work was originally published in Russian by Izdatelstvo MCNMO under the
title “Bulevy funkcii v teorii kodirovani i kriptografii” c© 2004. The presenttranslation was created under license for the American Mathematical Society and is pub-lished by permission.
Translated by Svetla Nikova
2000 Mathematics Subject Classification. Primary 94–02; Secondary 94A60, 94C10.
For additional information and updates on this book, visitwww.ams.org/bookpages/mmono-241
Library of Congress Cataloging-in-Publication Data
Logachev, Oleg A.[Bulevy funktsii v teori kodirovaniia i kriptologii. English]Boolean functions in coding theory and cryptography / O.A. Logachev, A.A. Salnikov, V.V.
Yashchenko ; translated by Svetla Nikova.p. cm. — (Translations of mathematical monographs ; v. 241)
Includes bibliographical references and index.ISBN 978-0-8218-4680-3 (alk. paper)1. Coding theory. 2. Cryptography. 3. Algebra, Boolean. I. Sal′nikov, A. A. (Aleksei Alek-
sandrovich) II. IAshchenko, V. V. III. Title.
QA268.L6413 2011003′.54—dc23
2011035308
Copying and reprinting. Individual readers of this publication, and nonprofit librariesacting for them, are permitted to make fair use of the material, such as to copy a chapter for usein teaching or research. Permission is granted to quote brief passages from this publication inreviews, provided the customary acknowledgment of the source is given.
Republication, systematic copying, or multiple reproduction of any material in this publicationis permitted only under license from the American Mathematical Society. Requests for suchpermission should be addressed to the Acquisitions Department, American Mathematical Society,201 Charles Street, Providence, Rhode Island 02904-2294 USA. Requests can also be made bye-mail to [email protected].
c© 2012 by the American Mathematical Society. All rights reserved.The American Mathematical Society retains all rightsexcept those granted to the United States Government.
Printed in the United States of America.
©∞ The paper used in this book is acid-free and falls within the guidelinesestablished to ensure permanence and durability.
Visit the AMS home page at http://www.ams.org/
10 9 8 7 6 5 4 3 2 1 17 16 15 14 13 12
Contents
Foreword vii
Preface ix
Notation xi
Chapter 1. Arithmetics of Finite Fields and Polynomials 11.1. Basic Algebra 11.2. Construction of finite fields 191.3. Polynomials over finite fields 28Comments to Chapter 1 35
Chapter 2. Boolean Functions 372.1. Basic concepts and definitions 372.2. Numerical and metric characteristics 442.3. Autocorrelation and crosscorrelation 562.4. Group algebra of Boolean functions 612.5. Cryptographic properties of Boolean functions and mappings 652.6. Covering sequences of Boolean functions 74Comments to Chapter 2 76
Chapter 3. Classifications of Boolean Functions 773.1. Group equivalence of mappings. Polya’s theorem 773.2. Classification of Boolean functions of five variables 833.3. Classification of quadratic Boolean functions 913.4. Classification of homogeneous cubic forms of 8 variables 993.5. RM -equivalence of Boolean functions 101Comments to Chapter 3 104
Chapter 4. Linear Codes over the Field F2 1074.1. Basic properties of linear block codes 1074.2. The decoding problem 1164.3. Cyclic codes 1204.4. Some classes of primitive cyclic codes 131Comments to Chapter 4 136
Chapter 5. Reed–Muller Codes 1395.1. General properties of the Reed–Muller codes 1395.2. Reed’s decoding algorithm 1465.3. First order Reed–Muller codes and connections with other codes 1505.4. Reed–Muller codes of second order and related codes 157
v
vi CONTENTS
5.5. Classification of Boolean functions and Reed–Muller codes of the 3rdorder 160
Comments to Chapter 5 163
Chapter 6. Nonlinearity 1656.1. Nonlinearity as a measure of cryptographic quality 1656.2. Maximum-nonlinear bent functions and their properties 1666.3. Some classes of maximum-nonlinear bent functions 1726.4. Partially maximum-nonlinear (partially bent) functions and their
properties 1776.5. Plateaued functions and partially defined mn-bent functions 1796.6. Hyperbent functions 1886.7. Biorthogonal bases 189Comments to Chapter 6 192
Chapter 7. Correlation Immunity and Resiliency 1957.1. Main definitions and properties 1957.2. The inheritance of properties under restrictions of Boolean functions 2087.3. General methods for constructing correlation-immune functions and
resilient mappings 2147.4. Nonlinearity of correlation-immune and resilient functions 2187.5. Construction of resilient Boolean functions with good cryptographic
properties 2227.6. Covering sequences of correlation-immune and resilient functions 2267.7. Quadratic resilient Boolean functions of maximum order 235Comments to Chapter 7 237
Chapter 8. Codes, Boolean Mappings, and Their Cryptographic Properties 2398.1. Almost perfect nonlinear and almost bent mappings 2398.2. Coding-theoretic approach to the study of APN and AB mappings 2498.3. Cyclic codes and Boolean mappings 2558.4. Avalanche criteria and propagation criteria 2618.5. Construction of Boolean functions satisfying the propagation criterion
of degree k and order t 2658.6. Global avalanche characteristics of Boolean functions 266Comments to Chapter 8 269
Chapter 9. Basics of Cryptanalysis 2719.1. The Berlekamp–Massey algorithm. Linear complexity 2719.2. Principles of the statistical method for cryptanalysis of block ciphers 2819.3. Principles of the correlation cryptanalysis method 2879.4. Principles of the linear cryptanalysis method 2959.5. Principles of the difference (differential) cryptanalysis method 300Comments to Chapter 9 301
Bibliography 305
Index 329
Foreword
For the last 10 years there have been practically no books in Russian which havethe word “cryptography” in the title. Nowadays many people already know thatcryptography is the science which studies ciphers, and that only cryptography givesthe most reliable tools for ensuring the security of information technology. However,there are not many specialists in this area, because in order to fully understandcryptography it is necessary to have knowledge in many scientific branches such asmathematics, physics, communication theory, and cybernetics. Thus, at present,cryptography (the theoretical branch of cryptology) becomes a university science. Adetailed discussion of this issue has been held during the two conferences at MoscowState University (MGU): “Moscow University and development of cryptographyin Russia” (October 17–18, 2002) and “Mathematics and information technologysecurity” (October 23–24, 3003).
Institute for Problems of Information Security, a new division of MGU, pub-lishes a series of fundamental books on scientific and methodological problems ofinformation security, including those parts of cryptology that are already includedin the university mathematical curriculum.
The book by O.A. Logachev, A.A. Salnikov, and V.V. Yashchenko “Booleanfunctions in coding theory and cryptology” belongs to this series. It is written bymathematicians-cryptographers for mathematicians and presents in a systematicway certain results in one branch of cryptology: application of Boolean functionsin the analysis and design of ciphers.
The book is recommended to readers with basic university knowledge, namelystudents and graduate students in mathematics, research mathematicians, andcryptographers.
Rector of MGU, Academician V.A. Sadovnichii
February, 2004
vii
Preface
The notion of Boolean function was introduced in the second half of the 19thcentury in connection with investigations in mathematical logic and foundationsof mathematics. Boolean functions are named after George Boole (1815–1864),an English mathematician, one of the founders of mathematical logic. In the firsthalf of the 20th century Boolean functions attain fundamental importance in thefoundations of mathematics. However, for a long time Boolean functions have notbeen used in applications.
This situation changed drastically in the middle of the 20th century, whenthe intensive development of communication technology, instrument-building, andcomputer technology required the creation of an adequate mathematical apparatus.In this period, applied parts of mathematics such as the theory of finite functionalsystems, information theory, coding theory, and finally mathematical cryptographyhave been developed. The practice showed the fruitfulness of the application ofBoolean functions to the problems of analysis and synthesis of discrete devices forprocessing and transformation of information.
The concept of cryptography that has been established in the scientific liter-ature includes a range of scientific areas, each of them having its own subject ofinvestigations and using specific mathematical techniques. Some researchers doabstract investigations “with cryptographic motifs” in the area of computationalcomplexity theory; others are busy constructing and analyzing algorithms for par-ticular cryptographic systems. In many cryptographic areas, Boolean function tech-niques are often used while formulating and solving various problems. This appliesmainly to traditional cryptographic systems with a secret key. The title of thebook “Boolean functions in coding theory and cryptography” reflects the relationbetween many cryptographic problems and encoding and decoding problems forReed–Muller codes.
In this book, for the first time in Russian, we present cryptographic aspectsusing Boolean functions techniques. The only exceptions are questions related tocomplexity theory and solving systems of Boolean functions. In this book bothclassical and recent results are presented.
To understand the material, university courses of linear algebra, group theory,finite fields theory and polynomials, combinatorics and discrete mathematics willsuffice. A knowledge of basics of probability theory is also assumed.
The book is based on courses given by the authors in MGU for students ofMechanics–Mathematics and Computational Mathematics and Cybernetics Depart-ments who major in “Information security”. Recent results obtained by the authorsin the framework of the scheduled work of the MGU Laboratory on MathematicalProblems of Cryptography are also included in the book.
The book consists of nine chapters.
ix
x PREFACE
Chapter 1 is preliminary. It contains basic notions and results of algebra usedin the book. In Chapter 2, basic notions and theorems of Boolean function theoryare proved. In Chapter 3, problems of Boolean function classification under differ-ent groups of transformations are considered. Chapter 4 presents basics of codingtheory. In Chapter 5, properties of Boolean functions are considered from the pointof view of coding theory. In Chapter 6, properties of maximum-nonlinear functionsare studied. Chapter 7 investigates the correlation immunity property of a func-tion. In Chapter 8, various cryptographic characteristics of Boolean functions andmappings are considered in detail. Chapter 9 contains elements of cryptanalysis.
To avoid making the book too large, some of the results are presented as prob-lems. Some of the problems included in the book are still open; they may be a basisfor future research.
All items in the text are numbered consecutively within chapters: definitions,theorems, examples, etc. Thus, for example, Definition 1.121 refers to item 121 inChapter 1 (which turns out to be a definition). The mathematical expressions andfigures have similar but independent numbering.
The authors will accept with gratitude any comments on the book. They couldbe sent to the internet site http://www.cryptography.ru.
The authors express their gratitude to Mikhail Vladimirovich Stepanov for hissupport during the work on the book.
Notation
N — the set of natural numbers (1, 2, 3, . . .);
Z — the ring of integers (. . . ,−2,−1, 0, 1, 2, . . .);
Zn — the ring of residues modulo n ∈ N;R — the field of real numbers;
Q — the field of rational numbers;
C — the field of complex numbers;
#A — cardinality of a set A;
A×B — Cartesian product of sets A and B;
An — nth Cartesian power of a set A (n ∈ N);P· — probability of the event in the brackets;
E[·] — mathematical expectation of the random variable in the brackets;
BA — set of all maps from a set A to a set B;
Πn — set of minimal representatives of cyclotomic classes;
ϕ−1(b) — complete preimage of b ∈ B under a map ϕ ∈ BA;
F — finite field;
Fq — finite field of q elements (q = pn, p is a prime number, n ∈ N);F∗q — multiplicative group of invertible elements of the field Fq;
Fq[x, y, . . . , z] — ring of polynomials in variables x, y, . . . , z over the field Fq;
Trqm/q(α) — relative trace of an element α ∈ Fqm over the field Fq;
Trm(α) — absolute trace of an element α ∈ Fpm over the field Fp (p is prime);
degP (x, y, . . . , z) — degree of a polynomial P (x, y, . . . , z);
V — linear vector space;
Vn,q — vector space of columns of height n ∈ N with coordinates in the fieldFq;
Vn — vector space of columns of height n ∈ N with coordinates in the fieldF2 (n-dimensional Boolean space);
— partial ordering relation of vectors from Vn;
dimV — dimension of a vector space V ;
— operator for matrix transposition;
v = (v(1), . . . , v(n)) — column vector in n-dimensional vector space in coordinatenotation (in a fixed basis);
wt(v) — Hamming weight of a vector v;
dist(v,u) = wt(v − u) — Hamming distance between vectors v and u;
dist(A,B) = minv∈A,u∈B dist(v,u) — Hamming distance between sets of vec-tors A ⊆ V and B ⊆ V ;
⊕ — coordinatewise addition of vectors of the same dimension over thefield F2;
xi
xii NOTATION
Sn — symmetric (permutation) group of order n ∈ N;SV — symmetric permutation group acting on elements of a space V ;
Nn — group of translations acting on the vector space Vn,q of dimensionn ∈ N;
Dn — Jevons group acting on the vector space Vn,q of dimension n ∈ N;〈A〉 — group generated by a set A;
GL(V ) — full linear group acting on a vector space V ;
GA(V ) — full affine group acting on a vector space V ;
r-vector — vector of dimension r ∈ N;r-subset — subset of cardinality r ∈ N;(m× n) matrix — matrix with m ∈ N rows and n ∈ N columns;
rankM — rank of a matrix M ;
detM — determinant of a square matrix M ;
⊗ — tensor product;
a | b — a divides b (a, b ∈ Z);x — largest integer less than or equal to x ∈ R;x — smallest integer greater than or equal to x ∈ R;∅ — empty set;
gcd — greatest common divisor;
lcm — least common multiple;
i =√−1 ∈ C — imaginary unit;
Tn =exp2πi kn
∣∣ k ∈ Zn
— group of nth roots of unity;
T = x ∈ C | |x| = 1 — multiplicative group of complex numbers of absolutevalue 1;
Fn — set of all Boolean functions of n ∈ N variables;
Fn(S) — set of partially defined Boolean functions of 0.5n ∈ N variables withdefining set S ⊆ Vn;
Fn,m — set of all Boolean functions from Vn to Vm (n,m ∈ N);
exp f(x) = (−1)f(x) — function on Vn with values in −1, 1;Ln — set of all linear Boolean functions of n ∈ N variables;
Ln,m — set of all linear Boolean mappings from Vn to Vm (n,m ∈ N);An — set of all affine Boolean functions of n ∈ N variables;
An,m — set of all affine Boolean mappings from Vn to Vm (n,m ∈ N);Bn — set of all Boolean bent functions (maximum-nonlinear functions) of
n ∈ N variables;
Bn(S) — set of partially defined bent functions of n ∈ N variables with definingset S ⊆ Vn;
Sn — set of all symmetric Boolean functions of n ∈ N variables;
〈x,y〉 =∑
j x(j)y(j) — scalar product of vectors x and y;
x · y = (x(1)y(1), . . . , x(n)y(n)) — product of vectors x and y;
Wf (α) =∑
x∈Vn(−1)f(x)⊕〈x,α〉 — Walsh–Hadamard transformation of a Boolean
function f ∈ Fn (α ∈ Vn);
Wf (a, s) =∑
x∈F2n(−1)f(x)⊕Tr(axs) — extended Walsh–Hadamard transforma-
tion of a Boolean function f ∈ Fn (α ∈ Vn, s ∈ Πn);
NOTATION xiii
WDf (α) =
∑x∈D(−1)f(x)⊕〈x,α〉 — partial Walsh–Hadamard transformation of a
Boolean function f ∈ Fn with respect to the set D ⊆ Vn (α ∈ Vn);
Wf (α) =∑
x∈Vnf(x)(−1)〈x,α〉 — Fourier transform of a Boolean function f ∈ Fn
(α ∈ Vn);
WDf (α) =
∑x∈D f(x)(−1)〈x,α〉 — partial Fourier transform of a Boolean function
f ∈ Fn with respect to a set D ⊆ Vn (α ∈ Vn);
Nf — nonlinearity of a Boolean function f ∈ Fn;
GNf — generalized nonlinearity of a Boolean function f ∈ Fn;
DuΦ — derivative of a Boolean mapping Φ ⊂ Fn,m in the direction u ∈ Vn;
Δf (α) =∑
x∈Vn(−1)f(x⊕α)⊕f(x) — autocorrelation of a Boolean function f ∈ Fn
with shift α ∈ Vn;
Δf = maxα∈Vnα=0
|Δf (α)|, σf =∑
α∈Vnα=0
Δ2f (α) — numerical measures of the global
avalanche characteristics of a Boolean function f ∈ Fn;
ill(F ) — linearity index of a Boolean mapping F ∈ Fn,m;
f — dual of a bent function f ∈ Bn;
JG(f) — moment group of a function f in a group G;
LF — subspace of linearity (subspace of linear structures) of a Booleanmapping F ∈ Fn,m;
PCF — set of directions (vectors) for which a mapping F ∈ Fn,m satisfies thepropagation criterion;
μl(F ) — maximum element from the difference table of a Boolean mappingF ∈ Fn,m;
RM(r, n) — binary Reed–Muller code of order r ∈ N and length 2n (n ∈ N);RM∗(r, n) — binary punctured Reed–Muller code of order r ∈ N and length 2n−1
(n ∈ N);Cj(f) — number of code words in the code C that are at distance j from f
(0 j rC);
Aut(C) — automorphism group of a code C;
C⊥ — dual code of a code C;
dC — minimum distance of a code C;
kC — dimension of a linear code C;
rC — covering radius of a code C;
RC — rate of a code C;
WC(x, y) — weight function of a code C;
[n, k, d]-code — linear code of length n ∈ N, dimension k ∈ N, and minimumdistance d ∈ N;
Nmax(n,m) — maximum possible nonlinearity of an m-resilient Boolean functionon Fn;
ρ(x, r) — ball centered at x ∈ Vn of radius r ∈ 0, 1, . . . , n;μ — Mobius function;
δ — Dirac δ-function;
IM — indicator function of a set M ;
En — identity (n× n) matrix;
Hn =(1 11 −1
)[n]— Sylvester–Hadamard matrix of order n ∈ N; [n] is Kronecker
(tensor) power;
xiv NOTATION
NWf — number of binary vectors for which the Walsh–Hadamard coefficientsof a function f are nonzero;
NΔf — number of binary vectors for which the values of the autocorrelationfunction f are nonzero;
conaJ — operation of fixing part of variables of a set of functions; it is givenby a set of indices J = j1, . . . , jl, 1 ≤ j1 < · · · < jl ≤ n, and binaryvectors a = (a(1), . . . , a(l)) ∈ Vl;
pri — projection operator of a Boolean mapping to the ith coordinate;
per(u) — period of a sequence u;
loc(c) — set of locators of a row c;
charu(λ) — characteristic polynomial of a recurrent sequence u.
Bibliography
[1] C. M. Adams, A formal and practical design procedure for Substitution-Permutationnetwork cryptosystem. Ph.D. thesis, Department of Electrical Engineering, Queen’sUniversity at Kingston, 1990.
[2] C. M. Adams, On immunity against Biham and Shamir’s differential cryptanalysis,Information Processing Letters, V. 41, 1992, pp. 77–80.
[3] C. M. Adams and S. E. Tavares, Good S-boxes are Easy to Find, In Proceedingsof Advances in Cryptology: CRYPTO’89, Lect. Notes in Comp. Sci. New York:Springer-Verlag, V. 435, 1990, pp. 612–615.
[4] C. M. Adams and S. E. Tavares, The structured design of cryptographically goodS-boxes, Journal of Crytology, V. 3, 1990, No. 1. pp. 27–41.
[5] C. M. Adams and S. E. Tavares, Generating and Counting Binary Bent Sequences,IEEE Trans. on Inform. Theory, IT 36, No. 5, 1990, pp. 1170–1173.
[6] S. S. Agaian, Hadamard Matrrices and Their Applications, Lecture Notes in Math-ematics, 1168. Berlin, Heidelberg, New York, Tokyo: Springer-Verlag, 1985.
[7] S. V. Agievich, On the representation of bent-functions by bent-rectangles, In Pro-ceedings of the Fifth International Petrozavodsk Conference on Probabilistic Meth-ods in Discrete Mathematics (Petrozavodsk, June 1–6, 2000), Utrecht, Boston: VSP,2000, pp. 121–135.
[8] E. Akyildiz, I. S. Guloglu, and M. Ikeda, A Note on Generalized Bent Functions,Journal of Pure and Applied Algebra, V. 106, No. 1, 1996, pp. 1–9.
[9] A. A. Albert, Fundamental Concepts of High Algebra, Chicago: Univ. of ChicagoPress, 1956.
[10] A. P. Alferov, A. Yu. Zubov, A. S. Kuzmin, and A. V. Cheremushkin, Foundations ofCryptography, Moskva, Helios, Association of Russian Universities, 2001 (in Russian).
[11] A. S. Ambrosimov, Properties of q-valued logic (bent) functions over finite fields,Discretnaja matematika, vol. 6, issue 3, 1994, pp. 50–60 (in Russian).
[12] R. Anderson, Searching for the Optimum Correlation Attack, Fast Software Encryp-tion, Leuven’94, Lect. Notes in Comp. Sci. New York: Springer-Verlag, V. 1008,1995, pp. 137–143.
[13] R. Ash, Information Theory, New York, London, Sydney: Interscience Publishers, aDivision of John Wiley and Sons, 1967.
[14] G. S. Avsarkisyan, Boolean functions disjunctive decomposition with respect to allvariables, Computernye seti, Riga: Zinatne, vol. 1, pp. 78–94 (in Russian).
[15] A. V. Babash and G. P. Shankin, Cryptography, Moskva, Solon-R, 2000 (in Russian).
[16] R. D. Baker, J. H. van Lint, and R. M. Wilson, On the Preparata and GoethalsCodes, IEEE Trans. on Inform. Theory, IT–29, No. 3, 1983, pp. 342–345.
[17] L. A. Bassalygo, G. V. Zaitsev, and V. A. Zinov’ev, Uniformly packed codes, Problemsof Information Transmission, vol. 10, issue 1, 1974, pp. 6–9.
[18] L. A. Bassalygo and V. A. Zinoviev, Remark on Uniformly Packed Codes, Problemsof Information Transmission, vol. 13, issue 3, 1977, pp. 178–180.
[19] Applied Combinatorial Mathematics, E. E. Beckenbach (ed.) New York, London,Sydney: John Wiley & Sons, Inc., 1964.
305
306 BIBLIOGRAPHY
[20] I. Ben-Aroya and E. Biham, Differential Cryptanalysis of Lucifer, In Proceedings inAdvances of Cryptology: CRYPTO’93, Springer-Verlag, 1993, pp. 187–199.
[21] C. H. Bennet, G. Brassard, and J. M. Robert, Privacy Amplification by Public Dis-cussion, SIAM Journal on Computing, V. 17, 1988, pp. 210–229.
[22] E. R. Berlekamp, Algebraic Coding Theory, New York, St. Louis, San Francisco,Toronto, London, Sydney: McGrawHill, 1968.
[23] E. R. Berlekamp and L. R. Welch, Weight Distributions of the Cosets of the (32, 6)Reed–Muller Code, IEEE Trans. on Inform. Theory, IT–18, 1972, pp. 203–207.
[24] S. D. Berman and I. I. Grushko, On B-Functions Encountered in Modular Codes,Problems of Information Transmission, vol. 17, issue 2, 1981, pp. 82–88.
[25] T. A. Berson, Differential Cryptanalysis Mod 232 with Applications to MD5, In Pro-ceedings of Advances in Cryptology: EUROCRYPT’92, Lect. Notes in Comp. Sci.,Springer-Verlag, V. 658, 1992, pp. 71–80.
[26] T. Beth and C. Ding, On Almost Perfect Nonlinear Permutations, In Proceedings ofAdvances in Cryptology: EUROCRYPT’93, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 765, 1993, pp. 65–76.
[27] J. Bierbrauer, Bounds on orthogonal arrays and resilient functions, Journal of Com-binatorial Designs, V. 3, 1995, pp. 179–183.
[28] J. Bierbrauer, K. Gopalakrishnan, and D. R. Stinson, Bounds on Resilient Functionsand Orthogonal Arrays, In Proceedings of Advances in Cryptology: CRYPTO’94,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 839, 1994, pp. 247–256.
[29] J. Bierbrauer, K. Gopalakrishnan, and D. R. Stinson, Orthogonal arrays, resilientfunctions, error correcting codes and linear programming bounds, SIAM J. Discr.Math., V. 9, 1996, pp. 424–452.
[30] E. Biham, A. Biryukov, and A. Shamir, Cryptanalysis of Skipjack Reduced to31 Rounds Using Impossible Differentials, In Advances in Cryptology: EURO-CRYPT’99, Lect. Notes in Comp. Sci., New York: Springer-Verlag, 1999. V. 1592.pp. 12–23.
[31] E. Biham and A. Shamir, Differential Cryptanalysis of DES-like Cryptosystems,Journal of Cryptology, V. 4, No. 1, 1991, pp. 3–72.
[32] A. Biryukov, C. De Canniere, A. Braeken, and B. Preneel, A Toolbox for Cryptanal-ysis: Linear and Affine Equivalence Algorithms, In Advances in Cryptology: EURO-CRYPT’2003, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 2656, 2003,pp. 33–50.
[33] A. Biryukov, C. De Canniere, and M. Quisquater, On Multiple Linear Approxima-tions, http://www.iacr.eprint-arhiv, 2004.
[34] R. E. Blahut, Theory and Practice of Error Control Codes, Addison-Wesley Pub-lishing Company Inc., Reading, Massachusetts, Menlo Park, California, London,Amsterdam, Don Mills, Ontario, Sydney, 1984.
[35] R. E. Blahut, Fast Algorithms for Digital Signal Processing, Addison-Wesley Pub-lishing Company Inc., 1985.
[36] W. Blaser and P. Heinzmann, New Cruptographic Device with High Security UsingPublic Key Distribution, IEEE Student Papers, 1982, pp. 145–153.
[37] V. D. Bliznyuk and M. F. Kholodnyi, Application of Boolean derivatives to the prob-lem for Boolean function decomposition, Avtomatica i telemekhanica, issue 5, 1984,pp. 105–112 (in Russian).
[38] D. Bochmann and Ch. Posthoff, Binare dynamische Systeme, Berlin: Akademie-Verlag, 1981.
[39] A. A. Botev, On the relationship between correlation immunity, nonlinearity andweight for non-balanced Boolean functions, Matematicheskie voprosy kibernetiki, is-sue 11, Moskva, Fizmatlit, 2002, pp. 149–162 (in Russian).
BIBLIOGRAPHY 307
[40] A. E. Brouwer and L. M. Tolhuizen, A Sharpening of the Johnson Bound for BinaryLinear Codes, Design, Codes and Cryptography, V. 3, No. 1, 1993, pp. 95–98.
[41] R. A. Brualdi, N. Cai, and V. S. Pless, Orphan Structure of the First-Order Reed–Muller codes, Discrete Mathematics, V. 102, 1992, pp. 239–247.
[42] A. R. Calderbank, G. McGuire, B. Poonen, and M. Rubinstein, On a Conjecture ofHelleseth Regarding Pairs of Binary m-sequences, IEEE Trans. on Inform. Theory,V. 42, 1996, pp. 988–990.
[43] P. Camion, C. Carlet, P. Charpin and N. Sendrier, On Correlation Immune Func-tions, In Proceedings of Advances in Cryptology: CRYPTO’91, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 576, 1992, pp. 86–100.
[44] P. Camion and A. Canteaut, Construction of t-resilient functions over a finite al-phabet, Advances in Cryptology: Eurocrypt’96, Lect. Notes in Comp. Sci., V. 1070,1996, pp. 283–293.
[45] P. Camion and A. Canteaut, Generalization of Siegenthaler Inequality and Schorr–Vaudenay Multipermutations, Advances in Cryptology: CRYPTO’96, Lect. Notes inComp. Sci., V. 1109, 1996, pp. 372–386.
[46] P. Camion and A. Canteaut, Correlation Immune and Resilient Functions Over aFinite Alphabet and Their Applications in Cryptography, Designs Codes and Cryp-tography, V. 16, No. 2, 1999, pp. 121–149.
[47] A. Canteaut and E. Filiol, Ciphertext Only Reconstructing of Stream Ciphers Basedon Combination Generators, Fast Software Encruption’2000, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 1978, 2001, pp. 165–180.
[48] A. Canteaut, C. Carlet, P. Charpin, and C. Fontaine, Propagation Characteristicsand Correlation Immunity of Highly Nonlinear Boolean Functions, In Proceedings ofAdvances in Cryptology: EUROCRYPT’00, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 1807, 2000, pp. 507–522.
[49] A. Canteaut and M. Trabbia, Improved Fast Correlation Attacks Using Parity-Checkof Weight 4 and 5, In Proceedings of Advances in Cryptology: EUROCRYPT’00,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1807, 2000, pp. 573–588.
[50] A. Canteaut, C. Carlet, P. Charpin, and C. Fontaine, On Cryptographic Propertiesof the Cosets of RM(1,m), IEEE Trans. on Inform. Theory, V. 47, No. 4, 2001, pp.1494–1513.
[51] A. Canteaut, P. Charpin, and H. Dobbertin, Binary m-sequences with Three-ValuedCross-Correlation: A Proof of Welch’s Conjecture, IEEE Trans. on Inform. Theory,V. 46, No. 1, 2000, pp. 4–8.
[52] A. Canteaut, P. Charpin, and H. Dobbertin, Couples de suites binaires de longueurmaximale ayant une correlation croisee a trois valeurs: Conjecture de Welch, Ser. IMath., Paris: C. R. Acad. Sci., V. 328, 1999, pp. 173–178.
[53] A. Canteaut, P. Charpin, and H. Dobbertin, Weight Divisibility of Cycle Codes,Highly Nonlinear Functions on F2m , and Crosscorrelation of Maximum Length Se-quences, SIAM Journal of Discrete Mathematics, V. 13, No. 1, 2000, pp. 105–138.
[54] A. Canteaut, M. Daum, H. Dobbertin, and G. Leander, Normal and Non NormalBent Functions, Proceedings of International Workshop on Coding and Cryptogra-phy, March, 24–28, Versalles (France), 2003, pp. 91–100.
[55] C. Carlet, A transformation on Boolean Functions, its Consequences on some Prob-lems Related to Reed–Muller Codes, EUROCODES’90. Lect. Notes in Comp. Sci.,New York: Springer-Verlag, V. 514, 1991, pp. 42–50.
[56] C. Carlet, The Automorphism Groups of the Kerdock Codes, Journal of Information& Optimization Sciences, V. 12, No. 3, 1991, pp. 387–400.
[57] C. Carlet, Partially-bent functions, In Advances in Cryptology: CRYPTO’92, Lect.Notes in Comp. Sci., Springer-Verlag, V. 740, 1992, pp. 280–291.
308 BIBLIOGRAPHY
[58] C. Carlet, Partially-bent functions, Designs Codes and Cryptography, V. 3, 1993, pp.135–145.
[59] C. Carlet, Two new classes of bent functions, In Proceedings of Advances in Cryp-tology: EUROCRYPT’93, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 765, 1994, pp. 77–101.
[60] C. Carlet, Generalized Partial Spreads, IEEE Trans. on Inform. Theory, V. 41, No. 5,1995, pp. 1482–1487.
[61] C. Carlet, A constraction of bent functions, Seventh Joint Swedish-Russian Interna-tional Workshop on Information Theory, St. Petersburg, Russia, 1995, pp. 57–59.
[62] C. Carlet and Ph. Guillot, A characterization of binary bent functions, Journal ofCombinatorial Theory, Series A, V. 76, No. 2, 1996, pp. 328–335.
[63] C. Carlet and Ph. Guillot, An alternate characterization of the bentness of binaryfunctions, with uniqueness, Designs, Codes and Cryptography, V. 14, No. 2, 1998,pp. 33–140.
[64] C. Carlet, P. Charpin, and V. Zinoviev, Codes, bent functions and permutationssuitable for DES-like cryptosystems, Designs, Codes and Cryptography, V. 15, No. 15,1998, pp. 125–156.
[65] C. Carlet, Hyper-bent functions, PRAGOCRYPT’96, Praga: CTV, GC UCMP, 1996,pp. 145–155.
[66] C. Carlet, J. Seberry, and X. M. Zhang, Comments on Generating and countingbinary bent sequences, IEEE Trans. on Inform. Theory, V. 40, No. 2, 1994, p. 600.
[67] C. Carlet, More Correlation-Immune and Resilient Functions over Galois Fields andGalois Rings, In Proceedings of Advances in Cryptology: EUROCRYPT’97, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 1233, 1997, pp. 422–433.
[68] C. Carlet, On the Propagation Criterion of Degree l and Order k, In Proceedings ofAdvances in Cryptology: EUROCRYPT’98, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 1403, 1998, pp. 462–474.
[69] C. Carlet, On the Coset Weight Divisibility and Nonlinearity of Resilient and Corre-lation Immune Functions, Sequences and Their Applications: SETA’2001, DiscreteMathematics and Theoretical Computer Science, New York: Springer-Verlag, 2001,pp. 131–144.
[70] C. Carlet and P. Sarcar, Spectral Domain Analysis of Correlation Immune and Re-silient Boolean Functions, Finite Fields and Its Applications, V. 8, No. 1, 2002, pp.120–130.
[71] C. Carlet, A Large Class of Cryptographic Boolean Functions via a Study of theMaiorana–McFarland Constructions, In Proceedings of Advances in Cryptology:CRYPTO’02, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 2442, 2002,pp. 549–564.
[72] C. Carlet and E. Prouff, On plateaued functions and their constructions, Fast Soft-ware Encryption, 2003.
[73] C. Carlet and Yu. Tarannikov, Covering sequences of Boolean functions and theircryptographic significance, Designs, Codes and Cryptography, V. 25, 2002, pp.263–279.
[74] C. Carlet and A. Klapper, Upper Bounds on the Numbers of Resilient Functions andof Bent Functions.
[75] J. M. Carroll and L. E. Robbins, Using binary derivaties to test an enhancement ofDES, Cryptologia, V. 12, 1988, pp. 193–208.
[76] J. W. S. Cassels, Rational Quadratic Forms, London, New York, San Francisko:Academic Press, 1978.
[77] F. Chabaud and S. Vaudenay, Links between Differential and Linear Cryptanalysis,In Proceedings of Advances in Cryptology: EUROCRYPT’94, Lect. Notes in Comp.Sci, New York: Springer-Verlag, V. 950, 1995, pp. 356–365.
BIBLIOGRAPHY 309
[78] P. Charpin, A. Tietavainen, and V. Zinoviev, On Binary Cyclic Codes with MinimumDistance d = 3, Problems of information transmission, vol. 33, issue 4, 1997, pp. 287–296.
[79] D. Chaum and J. H. Evertse, Cryptanalysis of DES with a Reduced Number ofRounds; Sequences of Linear Factors in Block Ciphers, In Proceedings of Advancesin Cryptology: CRYPTO’85, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 218, 1986, pp. 192–211.
[80] S. Chee, S. Lee, and K. Kim, Semi-Bent Functions, In Proceedings of Advancesin Cryptology: ASIACRYPT’94, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 914, 1995, pp. 107–118.
[81] S. Chee, S. Lee, D. Lee, and S. Sung, On the Correlation Immune Functions andTheir Nonlinearity, In Proceedings of Advances in Cryptology: ASIACRYPT’96,Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 1163, 1996, pp. 232–243.
[82] J. H. Cheon and S. Chee, Elliptic Curves and Resilient Functions, ICISC’2000, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 2015, 2000, pp. 64–72.
[83] J. H. Cheon, Nonlinear Vector Resilient Functions, In Proceedings of Advances inCryptology: CRYPTO’2001, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 2139, 2001, pp. 458–479.
[84] V. Chepyzhov and B. Smeets, On Fast Correlation Attacks on Certain Stream Ci-phers, In Proceedings of Advances in Cryptology: EUROCRYPT’1991, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 547, 1991, pp. 176–185.
[85] V. Chepyzhov, T. Johansson, and B. Smeets, A Simple Algorithm for Fast Corre-lation Attacks on Stream Ciphers, Fast Software Encryption’2000, Lect. Notes inComp. Sci., New York: Springer-Verlag, V. 1978, 2000, pp. 181–195.
[86] A. V. Cheremushkin, Affine and linear classification methods for binary functions,Russian Academy of Sciences, Cryptographic Academy of Russian Federation, Trudypo diskretnoi matematike, Moskva, Fizmatlit, vol. 4, 2001, pp. 273–314 (in Russian).
[87] B. Chor, O. Goldreich, J. Hastad, J. Friedman, S. Rudich, and R. Smolensky, TheBit Extraction Problem for t-Resilient Functions, 26-th Symposium on Foundationsof Computer Science, 1985, pp. 396–407.
[88] P. Chose, A. Joux, and M. Mitton, Fast Correlation Attacks: an Algorithmic Point ofView, In Proceedings of Advances in Cryptology: EUROCRYPT’2002, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 2332, 2002, pp. 209–221.
[89] H. Chung and P. V. Kumar, A New General Construction for Generalized BentFunction, IEEE Trans. on Inform. Theory, V. 35, No. 1, 1989, pp. 206–209.
[90] J. Clark, J. Jacob, W. Millan, and S. Maitra, Evolution of Boolean Functions Satis-fying Multiple Criteria with Simulated Annealing, Preprint, 2002.
[91] G. Cohen, I. Honkala, A. Lobstein, and S. Litsyn, Covering codes, Elsevier, 1998.
[92] G. D. Cohen, M. G. Karpovsky, H. F. Mattson and, J. Schatz, Covering radius—survey and recent results, IEEE Trans. on Inform. Theory, IT-31, No. 3, 1985, pp.328–343.
[93] D. Coppersmith, The data encryption standard (DES) and its strength against at-tacks, Technical Report RC 18613 (81421), IBM Research Division, December 1992.
[94] H. Cramer, Mathematical Methods of Statistics, Princeton University Press, 1946.
[95] C. W. Curtis and I. Reiner, Representation theory of Finite Groups and Associa-tive Algebras, New York, London: Interscience Publishers, a division of John Wi-ley & Sons, 1962.
[96] Th. W. Cusick, Boolean functions satisfying a higher order strict avalanche criterion,In Proceedings of Advances in Cryptology: EUROCRYPT’93, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 765, 1988, pp. 102–117.
310 BIBLIOGRAPHY
[97] Th. W. Cusick and H. Dobbertin, Some New 3-valued Crosscorrelation Functionsof Binary m-sequences, IEEE Trans. on Inform. Theory, V. 42, No. 4, 1996, pp.1238–1240.
[98] Th. W. Cusick, On constructing balanced correlation immune functions, Sequencesand Their Applications, Proceedings of SETA’98, Springer Discrete Mathematicsand Theoretical Computer Science, 1999, pp. 184–190.
[99] M. Daum, H. Dobbertin, and G. Leander, An Algorithm for Checking Normality ofBoolean Function, Proceedings of International Workshop on Coding and Cryptog-raphy, March, 24–28, Versalles (France), 2003, pp. 133–142.
[100] M. H. Dawson and S. E. Tavares, An expanded set of S-box design criteria basedon information theory and its relation to differential-like attacks, In Proceedings ofAdvances in Cryptology: EUROCRYPT’91, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 547, 1991, pp. 352–367.
[101] P. Delsarte, J. M. Goethals, and F. J. MacWilliams, On Generalaized Reed–MullerCodes and Their Relatives, Information and Control, V. 16, 1970, pp. 403–442.
[102] P. Delsarte, An algebraic approach to the association schemes of coding theory,Philips Research Reports Supplements, V. 10, 1973.
[103] P. Delsarte, Four fundamental parameters of a code and their combinatorial signifi-cance, Information and Control, V. 23, No. 5, 1973, pp. 407–438.
[104] O. V. Denisov, Asymptotic number of the k-order correlation-immune Boolean func-tions, Diskretnaya matematika, vol. 3, issue 2, 1991, pp. 25–46 (in Russian).
[105] O. V. Denisov, Local limit theorem for random binary function part of spectrumdistribution, Diskretnaya matematika, vol. 12, issue 1, 2000, pp. 82–95 (in Russian).
[106] L. E. Dickson, Linear Groups, Leipzig: B. G. Teubner, 1901.
[107] J. Dieudonne, La Geometrie des Groupes classiques, Springer-Verlag, 1971.
[108] J. F. Dillon, A survey of bent functions, The NSA Technical Journal (unclassified),1972, pp. 191–215.
[109] F. J. Dillon, Elementary Hadamard Difference sets, Ph.D. Thesis, University ofMaryland, 1974.
[110] C. Ding, G. Xiao, and W. Shan, The Stability Theory of Stream Ciphers, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 561, 1991.
[111] H. Dobbertin, One-to-One Highly Nonlinear Power Functions on Finite Field withCharacteristic 2, Appl. Algebra Engr. Comm. Comp., V. 9, 1998, pp. 139–152.
[112] H. Dobbertin, Almost Perfect Nonlinear Power Functions on GF (2n), Preprint.
[113] H. Dobbertin, Another Proof of Kasami’s Theorem, Preprint.
[114] H. Dobbertin, Construction of Bent Functions and Balanced Boolean Functions withHigh Nonlinearity, Fast Software Encryption—Second International Workshop, Leu-ven (1994), Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1008, 1995,pp. 61–74.
[115] H. Dobbertin, One-to-One Highly Nonlinear Functions on Finite Field with Char-acteristic 2, Appl. Algebra Engrg. Comm. Comp., V. 9, 1998, pp. 139–152.
[116] H. Dobbertin, Almost Perfect Nonlinear Power Functions on GF (2n): The Nihocase, Inform. and Comp., V. 151, 1999, pp. 57–72.
[117] H. Dobbertin, Almost Perfect Nonlinear Power Functions on GF (2n): The Welchcase, IEEE Trans. Inform. Theory, V. 45, 1999, pp. 1271–1275.
[118] S. M. Dodunekov and V. A. Zinoviev, Note about Preparata codes, Trudy 6th Intern.Symp. Information Theory, Moskva–Tashkent, part 2, 1984, pp. 78–80 (in Russian).
[119] J. H. Evertse, Linear Structures in Blockciphers, In Proceedings of Advances inCryptology: EUROCRYPT’87, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 304, 1988, pp. 249–266.
[120] B. J. Falkowski, A Note on the Polynomial Form of Boolean Functions and RelatedTopics, IEEE Trans. on Computers, V. 48, No. 8, 1999, pp. 860–864.
BIBLIOGRAPHY 311
[121] M. Fedorova and Y. V. Tarannikov, On the Constructing of Highly Nonlinear Re-silient Boolean functions by Means of Special Matrices, Progress in Cryptology: IN-DOCRYPT’2001, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 2247,2001, pp. 254–266.
[122] A. Feinstein, Foundations of Information Theory, New York–Toronto–London:McGraw-Hill Book Company Inc., 1958.
[123] W. Feller, An Introduction to Probability Theory and its Appications, Third edition,John Wiley & Sons, 1968.
[124] E. Filiol and C. Fontaine, Highly Nonlinear Balanced Boolean Functions with aGood Correlation-Immunity, In Proceedings of Advances in Cryptology: EURO-CRYPT’98, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1403, 1998,pp. 475–488.
[125] C. Fontaine, On Some Cosets of the First-Order Reed–Muller Code with High Min-imum Weight, IEEE Trans. on Inform. Theory, V. 45, No. 4, 1999, pp. 1237–1243.
[126] R. Forre, The Strict Avalanche Criterion: Spectral Properties of Boolean Func-tions and an Extended Definition, In Proceedings of Advances in Cryptology:CRYPTO’88, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 403, 1989,pp. 450–468.
[127] R. Forre, A Fast Correlation Attack on Nonlinearly Feed Forward Filter Shift-Register Sequences, In Proceedings of Advances in Cryptology: EUROCRYPT’89,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 434, 1990, pp. 586–595.
[128] R. Forre, Methods and instruments for designing S-boxes, Journal of Crytology, V. 3,No. 2, 1990, pp. 115–130.
[129] J. Friedman, On the Bit Extraction Problem, 33-rd IEEE Symposium on Foundationsof Computer Science, 1982, pp. 314–319.
[130] R. G. Gallager, Low-density parity-check codes, MIT Press, Cambridge, MA, 1963.
[131] R. G. Gallager, Information Theory and Reliable Communication, New York, Lon-don, Sydney, Toronto: John Wiley & Sons Inc., 1968.
[132] M. I. Gelfand, Lectures on linear algebra, Moskva, Nauka, 1971; English transl.,Dover Publ., New York, 1983.
[133] A. Gill, Introduction to the Theory of Finite-State Machines, New York, San Fran-cisco, Toronto, London: McGraw-Hill Book Company Inc., 1962.
[134] J. M. Goethals and S. L. Snover, Nearly Perfect Codes, Discrete Mathematics, V. 3,1972, pp. 64–88.
[135] J. M. Goethals and H. van Tilborg, Uniformly Packed Codes, Philips Res. Reports,V. 30, 1975, pp. 9–36.
[136] R. Gold, Optimal binary sequences for spread-spectrum multiplexing, IEEE Trans.on Inform. Theory, V. 13, No. 4, 1967, pp. 619–621.
[137] R. Gold, Maximal recursive sequences with 3-valued recursive crosscorrelation func-tions, IEEE Trans. on Inform. Theory, V. 14, 1968, pp. 154–156.
[138] J. D. Golic, On Security of Nonlinear Filter Generators, Fast Software Encryption—Cambrige’96, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1039, 1996,pp. 173–188.
[139] J. D. Golic, Fast Low Order Approximation of Cryptographic Functions, In Proceed-ings of Advances in Cryptology: EUROCRYPT’96, Lect. Notes in Comp. Sci., NewYork: Springer-Verlag, V. 1070, 1996, pp. 268–282.
[140] S. W. Golomb, On classification of Boolean functions, IRE Trans. on Circuit Theory,V. 6, 1959, pp. 176–186.
[141] S. V. Golomb, Theory of transformation groups of polynomials over GF (2) withapplications to linear shift register sequences, Inform. Sci., V. 1, 1968, pp. 209–232.
312 BIBLIOGRAPHY
[142] I. B. Golubov, A. V. Efimov, and V. A. Skvortsov, Walsh series and transforms.Theory and application, Math. and Appl. (Soviet Series), 64, Kluwer, Dordrecht,1991.
[143] G. Gong and S. W. Golomb, Transform domain analysis of DES, IEEE Trans. onInform. Theory, IT-45, No. 6, 1999, pp. 2065–2073.
[144] G. Gong, Sequence Analysis, University of Waterloo, Canada, http://www.cacr.math.uwaterloo.
[145] K. Gopalakrishnan, D. G. Hoffman, and D. R. Stinson, A Note on a ConjectureConcerning Symmetric Resilient Functions, Information Processing Letters, V. 47,No. 3, 1993, pp. 139–143.
[146] K. Gopalakrishnan, A Study of Correlation-Immune, Resilient and Related Crypto-graphic Functions, Ph.D. Thesis, University of Nebraska, 1994.
[147] J. Gordon and H. Retkin, Are big S-boxes best?, In Proceedings of Advances inCryptology: EUROCRYPT’82, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 658, 1983, pp. 257–262.
[148] R. R. Green, A Serial Orthogonal Decoder, JPL Space Programms Summary,V. 37–39–IV, 1966, pp. 247–253.
[149] R. R. Green, Analysis of a Serial Orthogonal Decoder, JPL Space Programms Sum-mary, V. 37–53–III, 1968, pp. 185–187.
[150] A. A. Grusho, E. A. Primenko, and E. E. Timonina, Analysis and synthesis ofcryptographic algorithms. Lectures, Yoshkar-Ola, 2000 (in Russian).
[151] A. A. Grusho, E. A. Primenko, and E. E. Timonina, Cryptographic protocols,Yoshkar-Ola, 2001 (in Russian).
[152] A. E. Gukov and V. P. Chistyakov, Matrix approach to investigation of preimagesof the output sequence of a finite automaton, Obozrenie prikladnoi i promyshlennoimatematiki, Moskva, vol. 1, issue 1, 1994, pp. 108–117 (in Russian).
[153] X. Guo-Zhen and J. Massey, A Spectral Characterization of Correlation ImmuneCombining Functions, IEEE Trans. on Inform. Theory, V. 34, No. 3, 1988, pp.569–571.
[154] G. B. Gurevich, Foundations of the theory of algebraic invaraints, Moskva, OGIZ,1948; English transl., Nordhoof, Groningen, 1964.
[155] M. Hall, The Theory of Groups, The MacMillan Company, 1959.
[156] M. Hall, Jr., Combinatorial Theory, Blaisdell Publishing Company, Waltham(Massachusetts)–Toronto–London, 1967.
[157] Yu. S. Harin, V. I. Bernik, and G. V. Matveev, Matematical foundations of cryptol-ogy, Minsk, BGU, 1999 (in Russian).
[158] C. Harpes, G. Kramer, and J. L. Massey, A Generalization of Linear Cryptanalysisand the Applicability of Matsui’s Piling-up Lemma, In Proceedings of Advances inCryptology: EUROCRYPT’95, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 921, 1995, pp. 24–38.
[159] C. Harpes and J. L. Massey, Partitioning Cryptanalysis, Proceedings of Fast SoftwareEncryption Workshop’97, pp. 13–27.
[160] M. A. Harrison, Counting Theorems and Their Applications to Classification ofSwitching Functions, In Recent Development in Switching Theory, New York, 1971.
[161] T. Helleseth, Some Results about the Cross-Correlation Function between Two Max-imal Linear Sequences, Discrete Math., V. 16, 1976, pp. 209–232.
[162] T. Helleseth, T. Klove, and Mykkeltveit, On Covering Radius of Binary Codes, IEEETrans. on Inform. Theory, IT-24, No. 5, 1978, pp. 627–628.
[163] T. Helleseth, C. Rong, and D. Sandberg, New Families of Almost Perfect NonlinearPower Mappings, IEEE Trans. on Inform. Theory, IT-45, No. 2, 1999, pp. 475–485.
[164] T. Helleseth and V. P. Kumar, Sequences with Low Correlation, In: Handbook ofCoding Theory, North-Holland, Amsterdam, 1998, pp. 1765–1853.
BIBLIOGRAPHY 313
[165] H. Hollmann and Q. Xiang, A Proof of the Welch and Niho Conjectures on Cross-correlations of Binary m-sequences, Preprint, 1998.
[166] D. A. Huffman, Canonical Forms for Information-Lossless Finite State Logical Ma-chines, IRE Trans. Circuit Theory, Spec. Suppl, V. 6, 1959, pp. 41–59.
[167] H. Janwa, G. McGuire, and R. M. Wilson, Double-Error-Correcting Codes and Ab-solutely Irreducible Polynomials over GF (2), Journal of Algebra, V. 178, 1995, pp.665–676.
[168] H. Janwa and R. M. Wilson, Hyperplane sections of Fermat varieties in P 3 in char 2and some applications to cyclic codes, In Proceedings Applied Algebra, AlgebraicAlgorithms and Error-Correcting Codes, AAECC-10, Lect. Notes in Comp. Sci.,Berlin: Springer-Verlag, V. 673, 1993, pp. 180–194.
[169] S. Jiang and G. Gong, Cryptanalysis of Stream Ciphers—A Survey, http://
calliope.waterloo.ca/~ggong, 2002.
[170] T. Johansson and F. Jonsson, Improved Fast Correlation Attacks on Stream Ci-phers via Convolutional Codes, In Proceedings of Advances in Cryptology: EURO-CRYPT’99, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1592, 1999,pp. 347–362.
[171] T. Johansson and F. Jonsson, Fast Correlation Attacks Based on Turbo Code-Techiques, In Proceedings of Advances in Cryptology: CRYPTO’99, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 1666, 1999, pp. 181–197.
[172] T. Johansson and F. Jonsson, Fast Correlation Attacks through Reconstruction ofLinear Polynomials, In Proceedings of Advances in Cryptology: CRYPTO’00, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 1880, 2000, pp. 300–315.
[173] T. Johansson and F. Jonsson, Theoretical Analysis of a Correlation Attack Basedon Convolutional Codes, IEEE Trans. on Inform. Theory, V. 48, No. 8, 2002, pp.2173–2181.
[174] T. Johansson and E. Pasalic, A Constraction of Resilient Functions with HighNonlinearity, IEEE International Symposium on Information Theory: ISIT’2000,http://www.eprint.iacr.org, No. 2000/053.
[175] P. Junod, On the complexity of Matsui’s attack, In Proceedings of Selected Areas inCryptography: SAC’2001 (S. Vadenay, A. M. Youssef, eds.), Lect. Notes in Comp.Sci., Springer-Verlag, V. 2259, 2001, pp. 199–211.
[176] P. Junod, On the optimality of linear, differential, and sequential distinguishers, InProceedings of Advances in Cryptology: EUROCRYPT’2003 (E. Biham, ed.), Lect.Notes in Comp. Sci., V. 2656, 2003, pp. 17–32.
[177] Yu. I. Zhuravlev, Algorithms for constructing minimal disjunctive normal forms forfunctions of logic algebra, Diskretnaya matematika i matematicheskie voprosy kiber-netiki, vol. 1, Moskva, Nauka, 1974 (in Russian).
[178] B. S. Kaliski and M. J. B. Robshaw, Linear cryptanalysis using multiple approxima-tions, In Proceedings of Advances of Cryptology: CRYPTO’94 (Y. Desmedt, ed.),Lect. Notes in Comp. Sci., Springer-Verlag, V. 950, 1994, pp. 26–39.
[179] M. G. Karpovsky and E. S. Moskalev, Spectral methods for analysis and synthesisof discrete devices, Leningrad, Energiya, 1973 (in Russian).
[180] Yu. D. Karyakin, Fast Correlation Decoding of Reed-Muller Codes, Problems of In-formation Transmission, vol. 23, issue 2, 1987, pp. 121–129.
[181] T. Kasami, S. Lin, and W. W. Peterson, New Generalizations of Reed–Muller Codes.Part I: Primitive Codes, IEEE Trans. on Inform. Theory, IT-14, No. 2, 1968, pp.189–199.
[182] T. Kasami, S. Lin, and W. W. Peterson, Polynomial Codes, IEEE Trans. on Inform.Theory, IT-14, No. 6, 1968, pp. 807–814.
314 BIBLIOGRAPHY
[183] T. Kasami, Weight Distributions of Bose–Chaudhuri–Hocquenghem Codes, In Pro-ceedings of the Conference on Combinatorial Mathematics and Its Applications,Univ. of North Carolina Press, Chapel Hill, NC, 1969, pp. 335–357.
[184] T. Kasami, Weight Distributions of Bose–Chaudhuri–Hocquenghem Codes, In: Com-binatorial Math. Applications (R. C. Bose, T. A. Dowlings, eds.), Univ. of NorthCarolina Press, Chapel Hill, NC., 1969, Ch. 9.
[185] T. Kasami, The Weight Enumerators for Several Classes of Subcodes of the 2-ndOrder Binary Reed–Muller Codes, Information and Control, V. 18, 1971, pp. 369–394.
[186] T. Kasami and N. Tokura, On the Weight Structure of Reed–Muller Codes, IEEETrans. on Inform. Theory, IT-16, No. 6, 1970, pp. 752–825.
[187] T. Kasami, N. Tokura, E. Ivadari, and J. Inagaki, Coding theory, Transl. fromJapanese, Moskva, Mir, 1978 (in Russian).
[188] A. Kholosha and H. C. A. van Tilborg, Tensor Transform of Boolean Func-tions and Related Agebraic and Probabilistic Properties, http://www.iacr.org/
e-arhiv/2002/.
[189] K. Kim, A study on the construction and analysis of substitution boxes for symmetriccryptosystems, Ph.D. Thesis, Yokohama National Univeristy, Division of Electricaland Computer Engineering, 1990.
[190] K. Kim, T. Matsumoto, and H. Imai, On generating cryptographically desirable sub-stitutions, Transactions of the IEICE, V. 73, No. 7, 1990, pp. 1031–1035.
[191] D. P. Kirienko, Complete description of non-balanced correlation-immune of order 5Boolean functions of 5 variables, Trudy XXIII konferentsii molodykh uchenykh MGU“Sovremennye issledovania v matematike i mekhanike”, vol. 2, 9–14 April, 2001, pp.153–156 (in Russian).
[192] B. M. Kloss and E. N. Nechiporuk, On the classification of multivalued logic func-tions, Problemy kibernetiki, issue 9, 1963 (in Russian).
[193] L. Knudsen, Truncated and Higher Order Differentials, In Proceedings of FastSoftware Encryption, Second International Workshop, Lect. Notes in Comp. Sci.,Springer-Verlag, V. 1008, 1994, pp. 196–211.
[194] L. Knudsen and M. J. B. Robshaw, Non-Linear Approximation in Linear Cryptanal-ysis, In Proceedings of Advances of Cryptology: EUROCRYPT’96 (U. Maurer, ed.),Lect. Notes in Comp. Sci., Springer-Verlag, V. 1070, 1996, pp. 224–236.
[195] L. R. Knudsen and H. E. Mathiassen, A chosen-plaintext linear attack on DES, InProceedings of Fast Software Encryption – FSE’2000 (B. Schneier, ed.), Lect. Notesin Comp. Sci., Springer-Verlag, V. 1978, 2001, pp. 262–272.
[196] S. L. Kolbin, On some properties of mutually inverse systems of p-valued functions,Diskretnaya matematika, vol. 6, issue 2, 1994, pp. 145–149 (in Russian).
[197] V. D. Kolesnik and E. T. Mironchik, Cyclic codes decoding, Moskva, Svyaz, 1968 (inRussian).
[198] V. D. Kolesnik and G. Poltyrev, Lectures on Information Theory, Moskva, Nauka,1982 (in Russian).
[199] P. S. Korolev, Quadratic Boolean functions of high order stability, Matematicheskievoprosy kibernetiki, issue 11, Moskva, Fizmatlit, 2002, pp. 255–261 (in Russian).
[200] P. V. Kumar, R. A. Scholts, and R. L. Welch, Generalized bent functions and theirproperties, Journal of Combinatorial Theory, Series A, V. 40, No. 1, 1985, pp. 90–107.
[201] A. A. Kurmit, Automata without loss of information of finite order, Riga: Zinatne,1972 (in Russian).
[202] K. Kurosawa and T. Satoh, Generalization of higher order SAC to vector outputBoolean Functions, In Proceedings of Advances in Cryptology: ASIACRYPT’96,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1163, 1996, pp. 218–231.
BIBLIOGRAPHY 315
[203] K. Kurosawa and T. Satoh, Design of SAC/PC(l) of Oder k Boolean Functionsand Three Other Cryptographic Criteria, In Proceedings of Advances in Cryptology:EUROCRYPT’97, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1233,1998, pp. 434–449.
[204] K. Kurosawa, T. Satoh, and K. Yamamoto, Highly Nonlinear t-Resilient Functions,Journal of Universal Computer Science, V. 3, No. 6, 1997, pp. 721–729.
[205] K. Kurosawa, T. Iwata, and T. Yoshiwara, New covering radius of Reed–Muller codesfor t-resilient functions, SAC’2001, Lect. Notes in Comp. Sci., Springer-Verlag, No.2259, 2001, pp. 75–86.
[206] K. Kurosawa, T. Johansson, and D. Stinson, Almost k-wise Independent SampleSpaces and Their Cryptographic Applications, Journal of Cryptology, V. 14, No. 4,2001, pp. 231–253.
[207] Yu. V. Kuznetsov, Classes of Boolean functions invariant with respect to the identi-fication of variables, Dokl. Akad. Nauk SSSR, vol. 290, issue 4, 1986, pp. 780–785;English transl., Soviet Math. Dokl. 34 (1987), no. 2, 339–344.
[208] Yu. V. Kuznetsov and S. A. Shkarin, Reed–Muller codes (review), Matematicheskievoprosy kibernetiki, Moskva, Nauka, issue 6, 1996, pp. 5–50 (in Russian).
[209] Yu. V. Kuznetsov and V. V. Yashchenko, On estimation for the degree of nonlinearityof partial Boolean functions, Vestnik MGU, vol. 119, issue 6, 1993, pp. 36–40; Englishtransl., Moscow Univ. Math. Bull. 48 (1993), no. 6, 32–35.
[210] Yu. V. Kuznetsov and V. V. Yashchenko, On partial bent functions, Vestnik MGU,issue 5, 2000, pp. 3–6; English transl., Moscow Univ. Math. Bull. 55 (2000), no. 5,1–4.
[211] Yu. V. Kuznetsov and V. V. Yashchenko, On the plateaued Boolean functions, Proc.XII Intern. School-Semin. “Synthesis and Complexity of Control Systems”, Penza,15–21 October, Part I, Tsenter prikladnykh issledovanii pri mekh.-mat. MGU, 2001,pp. 129–136 (in Russian).
[212] Yu. V. Kuznetsov, On the number of nondegenerate Boolean forms, Proc. XI Intern.School-Semin. “Synthesis and Complexity of Control Systems”, Nizhnii Novgorod,20–25 November, Part I, Tsenter prikladnykh issledovanii pri mekh.-mat. MGU,2001, pp. 105–108 (in Russian).
[213] A. S. Kuzmin, V. L. Kurakin, A. V. Mikhalev, and A. A. Nechaev, Linear recurringsequences over rings and modules (Contemporary Math. and its Appl. Surveys, V. 10,Algebra 2, 1994, Moscow), J. of Math. Sciences, V. 76, No. 6, 1995, pp. 2793–2915.
[214] V. G. Labunets and O. P. Sitnikov, Harmonic analysis of Boolean functions andfuctions of k-valued logic over finite fields, Tekhnicheskaya kibernetika, issue 1, 1975,pp. 141–148 (in Russian).
[215] G. Lachaud and J. Wolfmann, The Weights of the Orthogonals of the ExtendedQuadratic Binary Goppa Codes, IEEE Trans. on Inform. Theory, V. 36, 1990, pp.686–692.
[216] X. Lai, J. Massey, and S. Murphy, Markov Ciphers and Differential Cryptanalysis,In Proceedings of Advances in Cryptology: EUROCRYPT’91, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 547, 1991, pp. 17–38.
[217] X. Lai, Higher Order Derivatives and Differential Cryptanalysis, Communicationsand Cryptography, Kluwer Academic Publishers, 1994, pp. 227–233.
[218] X. Lai, Additive and Linear Structures of Cryptographic Functions, Fast SoftwareEncryption, Second International Workshop, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 1008, 1995, pp. 75–85.
[219] S. Lang, Algebra, Addison-Wesley Publishing Company, Reading, Mass., 1965.
[220] R. J. Lechner, A Transform Approach to Logic Design, IEEE Trans. on Computers,C-19, No. 10, 1970, pp. 627–640.
316 BIBLIOGRAPHY
[221] S. Lee, S. Chee, Sa. Park, and Su. Park, Conditional Correlation Attack on NonlinearFilter Generators, In Proceedings of Advances in Cryptology: ASIACRYPT’96, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 1163, 1996, pp. 360–367.
[222] W. van Leekwijck and L. Van Linden, Cryptografische eigenschappen van Booleanfuncties, Thesis grad. ESAT Katholieke Universiteit Leuven, 1990.
[223] E. L. Lehmann, Testing Statistical Hypotheses, John Wiley, 1959.
[224] V. Levenshtein, Split orthogonal arrays and maximum independent resilient systemsof functions, Designs, Codes and Cryptography, V. 12, 1997, pp. 131–160.
[225] R. Lidl and H. Niederreiter, Finite Fields, Addison-Wesley Publishing Company,Reading, Massachusetts, 1983.
[226] M. Liu, P. Lu, and G. L. Mullen, Correlation-Immune Functions over Finite Fields,IEEE Trans. on Inform. Theory, V. 44, No. 3, 1998, pp. 1273–1278.
[227] A. S. Lloyd, Balance, Uncorrelatedness and the Strict Avalanche Criterion, TechicalReport of Hewlett–Packard Research Laboratories, Bristol, 1989, HPL-ISC-TM-89-012.
[228] A. S. Lloyd, Characterising and counting functions satisfying Strict Avalanche Cri-terion of order (n− 3), 2-nd IMA Conference on Cryptography and Coding, 1989.
[229] A. S. Lloyd, Counting functions satisfying a higher order strict avalanche criterion,In Proceedings of Advances in Cryptology: EUROCRYPT’89, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 434, 1990, pp. 63–74.
[230] A. S. Lloyd, Properties of Binary Functions, In Proceedings of Advances in Cryp-tology: EUROCRYPT’90, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 473, 1991, pp. 124–139.
[231] A. S. Lloyd, Counting binary functions with certain cryptographic properties, Journalof Cryptology, V. 5, No. 2, 1992, pp. 107–131.
[232] A. Lempel and M. Cohn, Maximal Families of Bent Sequences, IEEE Trans. onInform. Theory, V. 28, No. 6, 1982, pp. 865–868.
[233] A. S. Logachev, On a recursive decoding algorithm for subsets of first order Reed–Muller codes, Diskretnaya matematika, vol. 4, issue 2, 1992, pp. 130–135 (in Russian).
[234] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, (Bent) functions over afinite Abelian group, Diskretnaya matematika, vol. 9, issue 4, 1997, pp. 3–20 (inRussian).
[235] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Nondegenerate normal formof Boolean functions, Doklady RAN, vol. 373, issue 2, 2000, pp. 164–167 (in Russian).
[236] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, (Bent) functions and Booleancube partition, 12–th International Conference on Formal Power Series and AlgebraicCombinatorics FPSAC’00, Supplementary abstracts, Moskva, MSU, 2000, pp. 43–48(in Russian).
[237] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Some characteristics ofnonlinearity of group mappings, Diskretnyi analiz i issledovanie operatsii, Series 1,vol. 8, issue 1, 2001, pp. 40–54 (in Russian).
[238] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Normal form of map-pings of finite Abelian groups, International workshop “Diskretnaya matematika iprilozheniya”, 29 January–2 February, 2001, Part III, mekh.-mat. MGU, pp. 315–317 (in Russian).
[239] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Estimation of some pa-rameters of mappings of finite Abelian groups, International workshop “Diskretnayamatematika i prilozhenia”, 29 January–2 February, 2001, Part III, mekh.-mat. MGU,pp. 318–320 (in Russian).
[240] O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, On inheritance of propertiesunder restrictions of Boolean functions, Diskretnaya matematika, vol. 9, issue 4,1997, pp. 3–20 (in Russian).
BIBLIOGRAPHY 317
[241] F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes,Amsterdam, New York, Oxford: North-Holland Publishing Company, 1977.
[242] S. Maitra and P. Sarkar, Enumeration of Correlation Immune Boolean Functions,4-th Australasian Conference on Information, Security and Privacy, Lect. Notes inComp. Sci., New York: Springer-Verlag, V. 1587, 1999, pp. 12–15.
[243] S. Maitra and P. Sarkar, Highly Nonlinear Resilient Functions Optimizing Siegen-thaler’s Inequality, In Proceedings of Advances in Cryptology: CRYPTO’99, Lect.Notes in Comp. Sci, New York: Springer-Verlag, V. 1666, 1999, pp. 198–215.
[244] S. Maitra and P. Sarkar, Hamming Weights of Correlation Immune Boolean Func-tions, Information Processing Letters, V. 71, No. 3–4, 1999, pp. 149–153.
[245] S. Maitra, Correlation Immune Boolean Functions with Very High Nonlinearity,http://www.eprint.iacr.org, No. 2000/054.
[246] S. Maitra, Autocorrelation Properties of Correlation Immune Boolean Functions, InProceedings of Progress in Cryptology: INDOCRYPT’2001, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 2247, 2001, pp. 242–253.
[247] S. Maitra, Boolean Functions with Important Cryptographic Properties, Ph. D. The-sis, Indian Statistical Institute, 2001.
[248] S. Maitra and P. Sarkar, Cryptographically Significant Boolean Functions with FiveValued Walsh Spectra, Theoretical Computer Science, V. 276, No. 1–2, 2002, pp.133–146.
[249] S. Maitra and E. Pasalic, Further Construction of Resilient Boolean Functions withVery High Nonlinearity, IEEE Trans. on Inform. Theory, V. 48, No. 7, 2002, pp.1825–1834.
[250] A. I. Maltsev, Foundations of linear algebra, W. H. Freeman & Co., San Francisco–London, 1963.
[251] A. A. Malyutin, Fast correlation decoding of some subsets of first order Reed–Mullercodes, Diskretnaya matematika, vol. 2, issue 2, 1990, pp. 155–158 (in Russian).
[252] Yu. I. Manin, Cubic forms, North-Holland, Amsterdam, 1986.
[253] M. Marcus and H. Minc, A Survey of Matrix Theory and Matrix Inequalities, Boston:Allyn and Bacon, Inc., 1964.
[254] A. W. Marshall and I. Olkin, Inequalities: Theory of Majorization and Its Applica-tions, Academic Press, New York–London–Toronto–Sydney–San-Francisco, 1979.
[255] J. L. Massey, Threshold Decoding, MIT Press, Cambridge, Massachusetts, 1963.
[256] J. L. Massey, Shift-Register syntesis and BCH decoding, IEEE Trans. on Inform.Theory, IT-17, 1969, pp. 464–466.
[257] S. Matsufuji and K. Imamura, Real-Valued Bent Function and Its Application tothe Design of Balanced Quadriphase Sequences with Optimal Correlation Properties,Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, 8-th Interna-tional Conference, AAECC-8, Tokyo, Japan, 1990, Lect. Notes in Comp. Sci., 508,Springer-Verlag, 1991.
[258] M. Matsui and A. Yamagishi, A new method for known plaintext attack of FEALcipher, In Proceedings of Advances in Cryptology: EUROCRYPT’92, Lect. Notes inComp. Sci., Berlin: Springer-Verlag, V. 658, 1992, pp. 1–91.
[259] M. Matsui, Linear cryptanalysis method for DES cipher, In Proceedings of Advancesin Cryptology: EUROCRYPT’93, Lect. Notes in Comp. Sci., Springer, V. 765, 1994,pp. 386–397.
[260] M. Matsui, On Correaltion Between the Order of S-boxes and the Strength of DES,In Proceedings of Advances in Cryptology: EUROCRYPT’94, Lect. Notes in Comp.Sci., Springer, V. 950, 1994, pp. 366–375.
[261] M. Matsui, The First Experimental Cryptanalysis of the Data Encryption Stan-dart, In Advances of Cryptology: CRYPTO’94, Lect. Notes in Comp. Sci., Springer,V. 839, 1995, pp. 1–11.
318 BIBLIOGRAPHY
[262] R. J. McEliece, On Periodic Sequences from GF (q), Journal on Combinatorial The-ory, Ser. A, V. 10, 1971, pp. 80–91.
[263] R. J. McEliece, Weight Congruences for p-ary Cyclic Codes, Discrete Math., V. 3,1972, pp. 177–192.
[264] R. J. McEliece, Finite Fields for Computer Scientists and Engineers, Kluwer Aca-demic Publishers, 2001.
[265] R. L. McFarland, A Family of Difference Sets in Non-cyclic Groups, Journal ofCombinatorial Theory (A), V. 15, No. 1, 1973, pp. 1–10.
[266] G. McGuire and A. Calderbank, Proof of Conjecture of Sarwate and Pursley Re-garding Pairs of Binary m-sequences, IEEE Trans. on Information Theory, V. 41,No. 4, 1995, pp. 1153–1155.
[267] W. Meier and O. Staffelbach, Nonlinearity Criteria for Cryptographic Functions, InProceedings of Advances in Cryptology: EUROCRYPT’89, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 434, 1990, pp. 549–562.
[268] W. Meier and O. Staffelbach, Fast Correlation Attacks on certain Stream Ciphers,Journal of Cryptology, V. 1, 1989, pp. 159–176.
[269] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography,CRC Press, 1996.
[270] J. M. Mihaljevic, M. P. C. Fossorier, and H. Imai, A Low-Complexity and High-Performance Algorithm for the Fast Correlation Attack, In Proceedings of FastSoftware Encryption’2000, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 1978, 2001, pp. 196–212.
[271] V. G. Mikhailov, On the number of preimages of an automaton output sequence,Obozrenie prikladnoi i promyshlennoi matematiki, Moskva, vol. 1, issue 1, 1994, pp.118–121 (in Russian).
[272] V. G. Mikhailov, Generalization of the theorem on the number of preimages of an au-tomaton output sequence, Obozrenie prikladnoi i promyshlennoi matematiki, Moskva,vol. 1, issue 1, 1994, pp. 122–125 (in Russian).
[273] V. G. Mikhailov, Asymptotic normality of the number of preimages of an automatonoutput sequence, Obozrenie prikladnoi i promyshlennoi matematiki, Moskva, vol. 1,issue 1, 1994, pp. 126–135 (in Russian).
[274] V. G. Mikhailov and V. P. Chistyakov, On problems of finite automata theory con-nected with the number of preimages of an output sequence, Obozrenie prikladnoi ipromyshlennoi matematiki, Moskva, vol. 1, issue 1, 1994, pp. 7–31 (in Russian).
[275] W. Millan, A. Clark, and E. Dawson, Heuristic Design of Cryptographically StrongBalanced Boolean Functions, In Proceedings of Advances in Cryptology: EURO-CRYPT’98, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1403, 1998,pp. 489–499.
[276] K. Miranovich, Spectral Analysis of Boolean Functions under Non-Uniformity ofArguments.
[277] C. J. Mitchell, Enumerating Boolean Functions of Cryptographic Significance, Jour-nal of Cryptology, V. 2, No. 3, 1990, pp. 155–170.
[278] S. P. Mo, L. Sangjin, and K. Kwangjo, Improving Bound for the Number of Cor-relation Immune Boolean Functions, Information Processing Letters, V. 61, No. 4,1997, pp. 209–212.
[279] D. E. Muller, Application of Boolean Algebra to Swithing Circuit Design and to ErrorDetection, IRE Transactions on Electronic Computers, V. 3, EC-1954, pp. 6–12.
[280] S. Murphy, The cryptanalysis of FEAL-4 with 20 chosen plaintexts, Journal of Cryp-tology, V. 3, No. 2, 1990, pp. 145–154.
[281] S. Murphy, P. Piper, M. Walker, and P. Wild, Likelihood estimation for block cipherkeys, Technical report, Information Security Group, Royal Holloway, University ofLondon, 1995.
BIBLIOGRAPHY 319
[282] J. J. Mykkeltveit, The Covering Radius of the (128, 8) Reed–Muller Code is 56, IEEETrans. on Inform. Theory, IT-26, No. 3, 1983, pp. 358–362.
[283] Mulan Liu, Peizhong Lu, and G. L. Mullen, Correlation-Immune Functions overFinite Fields, IEEE Trans. on Inform. Theory, V. 44, No. 3, 1998, pp. 1273–1278.
[284] P. Naudin and C. Quitte, Algoritmique Algebrique (avec exercices corriges), Paris,Milan, Barcelone, Bonn: MASSON, 1992.
[285] P. G. Nigmatulin, Boolean functions complexity, Moskva, Nauka, 1991 (in Russian).
[286] Y. Niho, Multi-Valued Cross-Correlation Functions between Two Maximal LinearRecursive Sequences, Ph.D. Thesis, USCEE Rep., 1972.
[287] V. A. Nosov, Regularity criterion for a Boolean nonautonomous automaton withdivided input, Intellektualnye sistemy, Moskva, MGU, Russian Technological ScienceAcademy, vol. 3, issue 3-4, 1998, pp. 269–280 (in Russian).
[288] V. A. Nosov, Construction of classes of latin squares in Boolean data base, Intellek-tualnye sistemy, Moskva, MGU, Russian Technological Science Academy, vol. 4, issue3-4, 1999, pp. 307–320 (in Russian).
[289] K. Nyberg, Constructions of Bent Functions and Difference Sets, In Proceedings ofAdvances in Cryptology: EUROCRYPT’90, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 473, 1991, pp. 151–160.
[290] K. Nyberg, Perfect nonlinear S-boxes, In Proceedings of Advances in Cryptology:EUROCRYPT’91, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 547,1991, pp. 378–386.
[291] K. Nyberg, On the Construction of Higly Nonlinear Permutations, In Proceedingsof Advances in Cryptology: EUROCRYPT’92, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 658, 1993, pp. 92–98.
[292] K. Nyberg and L. Knudsen, Provable Security Against Differential Cryptanalysis, InProceedings of Advances in Cryptology: CRYPTO’92, Lect. Notes in Comp. Sci.,New York: Springer-Verlag, V. 740, 1993, pp. 566–574.
[293] K. Nyberg, Differentially Uniform Mappings for Cryptography, In Proceedings ofAdvances in Cryptology: EUROCRYPT’93, Lect. Notes in Comp. Sci., New York:Springer-Verlag. V. 765. pp. 55–64.
[294] K. Nyberg, New Bent Mappings Suitable for Fast Implementation, Fast SoftwareEncryption, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 809, 1993,pp. 179–184.
[295] K. Nyberg, Linear Approximation of Block Ciphers, In Proceedings of Advancesin Cryptology: EUROCRYPT’94, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 950, 1994, pp. 439–444.
[296] K. Nyberg, S-boxes and Round Functions with Controllable Linearity and Differen-tial Uniformity, Fast Software Encryption Second International Workshop, Leuven,Belgium, 1994, Lect. Notes in Comp. Sci., New York: Springer-Verlag, 1994. V. 1008.pp. 111–130.
[297] K. Nyberg, S-Boxes and Round Functions with Controllable Linearity and Differ-ential Uniformity, Fast Software Encryption, Second International Workshop, Lect.Notes in Comp. Sci. New York: Springer-Verlag, V. 1008, 1995, pp. 111–130.
[298] L. J. O’Connor, Enumeration Nondegenerate Permutations, In Proceedings of Ad-vances in Cryptology: EUROCRYPT’91, Lect. Notes in Comp. Sci., New York:Springer-Verlag, V. 547, 1992, pp. 368–377.
[299] L. J. O’Connor, An Analysis of Product Ciphers based on the Properties of BooleanFunctions, Ph.D. Dissertation, University of Waterloo, Waterloo, Ontario, Canada,1992, p. 171.
[300] J. D. Olsen, R. A. Scholtz, and L. R. Welch, Bent-Function Sequences, IEEE Trans.on Inform. Theory, V. 28, No. 6, 1982, pp. 858–864.
320 BIBLIOGRAPHY
[301] S. Palit and K. Roy, Cryptanalysis of LFSR-Encryption Codes with Unknown Com-bining Function, In Proceedings of Advances in Cryptology: ASIACRYPT’99, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 1716, 1999, pp. 306–320.
[302] S. Park, S. Lee, S. Sung, and K. Kim, Improving Bounds for the Number ofCorrelation-Immune Boolean Functions, Information Processing Letters, V. 61, 1997,pp. 209–212.
[303] E. Pasalic and T. Johansson, Further Results on the Relation Between Nonlinearityand Resiliency of Boolean Functions, IMA Conference on Cryptography and Coding,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1746, 1999, pp. 35–44.
[304] E. Pasalic, S. Maitra, T. Johansson, and P. Sarkar, New Constructions of Resilientand Correlation Immune Boolean Functions Achieving Upper Bounds on Nonlinear-ity, Workshop on Coding and Cryptography: WCC’2001, Paris, Electronic Notes inDiscrete Mathematics, New York: Elsevier Science, V. 6, 2001.
[305] E. Pasalic and S. Maitra, Linear Codes in Constructing Resilient Functions with HighNonlinearity, Selected Areas in Cryptography: SAC’2001, Lect. Notes in Comp. Sci.,New York: Springer-Verlag, V. 2259, 2001, pp. 60–74.
[306] E. Pasalic and S. Maitra, A Majorana–MacFarland Type Construction for Resilient
Boolean Functions on n Variables (n Even) with Nonlinearity > 2n−1−2n/2+2n/2−2,Proceedings of International Workshop on Coding and Cryptography, March, 24–28,Versailles (France), 2003, pp. 365–374.
[307] N. J. Patterson and D. H. Wiedemann, The Covering Radius of the (215, 16) Reed–Muller Code is at least 16276, IEEE Trans. on Inform. Theory, IT-29, No. 3, 1983,pp. 354–356.
[308] N. J. Patterson and D. H. Wiedemann, Correction to “The Covering Radius of the(215, 16) Reed–Muller Code is at least 16276”, IEEE Trans. on Inform. Theory, IT-36,No. 2, 1990, p. 443.
[309] W. W. Peterson and E. J. Jr. Weldon, Error-Correcting Codes, MIT Press, Cam-bridge, Massachusetts, London, England, 1972.
[310] J. P. Pieprzyk, Error Propagation Property and Application in Cryptography, IEEProc., Part E, V. 136, No. 4, 1989, pp. 262–270.
[311] J. P. Pieprzyk, Nonlinearity of exponent permutations, In Proceedings of Advancesin Cryptology: EUROCRYPT’89, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 434, 1990, pp. 80–92.
[312] J. P. Pieprzyk, On bent permutations, Technical Report: Department of ComputerScience, The University of New South Wales, CS91/11, 1991.
[313] J. P. Pieprzyk and G. Finkelstein, Towards effective nonlinear cryptosystem design,IEE Proceedings, part E: Computers and Digital Techniques, November, 6. Depart-ment of Computer Science, University of New South Wales, Australian Defence ForceAcademy, Canberra, ACT 2600, Australia, V. 135, Series E, 1988, pp. 325–335.
[314] V. Pless, Power Moment Identities on Weight Distributions in Error-CorrectingCodes, Information and Control, V. 6, 1963, pp. 147–152.
[315] Handbook on Coding Theory, V. I, II, V. S. Pless and W. C Huffman, Eds.,Amsterdam–New York–Oxford–Tokyo: Elsevier, 1998.
[316] G. N. Povarov, On group invariance of Boolean functions, Primenenie logiki vtekhnike, Moskva, Akad. Nauk SSSR, 1961, pp. 263–340 (in Russian).
[317] M. M. Postnikov, Lectures on geometry, Second semester, Linear algebra, Moskva,Nauka, 1986 (in Russian).
[318] B. Preneel, W. VanLeekwijck, L. Van Linden, R. Govaerts, and J. VanDewalle,Propagation Characteristics of Boolean Functions, In Proceedings of Advances inCryptology: EUROCRYPT’90, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 473, 1991, pp. 161–173.
BIBLIOGRAPHY 321
[319] B. Preneel, R. Govaerts, and J. Vandewalle, Boolean Functions Satisfying HigherOrder Propagation Criteria, In Proceedings of Advances in Cryptology: EURO-CRYPT’91, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 541, 1991,pp. 141–152.
[320] B. Preneel, Analysis and Design of Cryptographic Hash Functions, Ph.D. Thesis,Katholieke Universiteit Leuven, K. Merierlaan 94, 3001 Leuven, Belgium, 1993.
[321] F. P. Preparata, State-Logic Relations for Autonomous Sequential Networks, IEEETrans. Electronic Computers, V. 13, No. 5, 1964, pp. 542–548.
[322] F. P. Preparata, Convolutional Transformations of Binary Sequences: Boolean Func-tions and Their Resynchronizing Properties, IEEE Trans. Electron. Comp., V. 15,No. 6, 1966, pp. 398–409.
[323] I. S. Reed, A Class of Multiple-Error-Correcting Codes and the Decoding Scheme,IRE Trans. on Inform. Theory, IT-4, 1954, pp. 38–49.
[324] M. J. B. Robshaw, Stream Ciphers, RSA Laboratories, Technical Report TR-701,1995.
[325] F. Rodier, On the Nonlinearity of Boolean Functions, Proceedings of InternationalWorkshop on Coding and Cryptography, March, 24–28, Versailles (France), 2003,pp. 397–405.
[326] O. S. Rothaus, On Bent Functions, Journal of Combinatorial Theory (A), V. 20,No. 3, 1976, pp. 300–305.
[327] B. Roy, A brief outline of research on correlation immune functions, In Informa-tion security and privacy: 7-th Australasian conference, ACISP 2002, Melbourne,Australia, July 3–5, 2002, Lect. Notes in Comp. Sci., V. 2384, 2002, pp. 379–394.
[328] R. A. Rueppel, Analysis and Design of Stream Ciphers, New York: Springer-Verlag,1986.
[329] R. A. Rueppel, Stream Ciphers, In Contemporary Cryptography: the Science ofInformation Integrity, Ch. 2, IEEE Press, 1992, pp. 65–134.
[330] B. V. Ryazanov, On the distribution of spectral complexity of Boolean functions,Diskretnaya matematika, vol. 6, issue 2, 1994, pp. 111–119 (in Russian).
[331] B. V. Ryazanov and S. I. Checheta, On the approximation of a random Booleanfunction by a set of quadratic forms, Diskretnaya matematika, vol. 7, issue 3, 1995,pp. 129–145 (in Russian).
[332] Yu. L. Sagalovich, On group invarinace of Boolean functions, Uspekhi matematich-eskikh nauk, vol. 14, issue 6(90), 1959, pp. 191–195 (in Russian).
[333] P. Sarkar and S. Maitra, Construction of Nonlinear Boolean Functions with Impor-tant Cryptographic Properties, In Proceedings of Advances in Cryptology: EURO-CRYPT’2000, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1807, 2000,pp. 485–506.
[334] P. Sarkar and S. Maitra, Nonlinearity Bounds and Constructions of Resilient BooleanFunctions with Important Cryptographic Properties, In Proceedings of Advances inCryptology: CRYPTO’2000, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 1880, 2000, pp. 515–532.
[335] P. Sarkar, A Note on the Spectral Characterization of Correlation Immune BooleanFunctions, Information Processing Letters, V. 74, No. 5–6, 2000, pp. 191–195.
[336] P. Sarkar and S. Maitra, Balancedness and Correlation Immunity of SymmetricBoolean Functions, Preprint, 2000.
[337] P. Sarkar and S. Maitra, Cross-Correlation Analysis of Cryptographically UsefulBoolean Functions and S-boxes, Theory of Computing Systems, V. 35, No. 1, 2002,pp. 39–57.
[338] D. Sarwate and M. Pursley, Crosscorrelation Properties of Pseudorandom and Re-lated Sequences, Proc. IEEE, V. 68, 1980, pp. 593–619.
322 BIBLIOGRAPHY
[339] P. Savicky, On the bent Boolean functions that are symmetric, European Journal ofCombinatorics, V. 15, No. 4, 1994, pp. 407–410.
[340] P. Savicky, Bent functions and random Boolean formulas, Discrete Mathematics,V. 147, 1995, pp. 1–3.
[341] W. G. Schneeweiss, On the Polynomial Form of Boolean Functions: Derivations andApplications, IEEE Trans. on Computers, V. 47, No. 2, 1998, pp. 217–221.
[342] M. Schneider, Note on the Construction and Upper Bounds of Correlation-ImmuneFunctions, 6-th IMA Conference, 1997, pp. 295–306.
[343] J. Seberry, X.-M. Zhang, and Y. Zheng, Nonlinearly Balanced Boolean Functionsand Their Propagation Characteristics, Advances in Cryptology: CRYPTO’93, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 773, 1994, pp. 49–60.
[344] J. Seberry, X.-M. Zhang, and Y. Zheng, On the Constructions and Nonlinearity ofCorrelation Immune Boolean Functions, Advances in Cryptology: EUROCRYPT’93,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 765, 1994, pp. 181–199.
[345] J. Seberry, X.-M. Zhang, and Y. Zheng, Relationships Among Nonlinearity Criteria,In Proceedings of Advances in Cryptology: EUROCRYPT’94, Lect. Notes in Comp.Sci., New York: Springer-Verlag, V. 950, 1995, pp. 376–388.
[346] J. Seberry, X.-M. Zhang, and Y. Zheng, Improving the Strict Avalanche Character-istics of Cryptographic Functions, Information Processing Letters, V. 50, 1994, pp.37–41.
[347] J. Seberry, X.-M. Zhang, and Y. Zheng, Nonlinearity and propagation characteristicsof balanced Boolean functions, Information and Computation, V. 119, 1995, pp. 1–13.
[348] J. Seberry, X.-M. Zhang, and Y. Zheng, The relationship Between Propagation Char-acteristics and Nonlinearity of Cryptographic Functions, Journal of Universal Com-puter Science, V. 1, No. 2, 1995, pp. 136–150.
[349] J. Seberry and X.-M. Zhang, Highly nonlinear 0-1 balanced Boolean functionssatisfying strict avalanche criterion, In Proceedings of Advances in Cryptology:AUSCRYPT’92, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 718,1993, pp. 145–155.
[350] A. A. Selcuk, On probability of success in linear and differential cryptanalysis, In Pro-ceedings of Security in Communication Networks: Third International Conference,SCN 2002, Amalfi, Italy, September 11–13, 2002 (S. Cimato, C. Galdi, G. Persiano,eds.), Lect. Notes in Comp. Sci., Springer-Verlag, V. 2576, 2002, pp. 174–185.
[351] N. V. Semakov, V. A. Zinoviev, and G. V. Zaitsev, Uniformly Packed Codes, Prob-lems of information transmission, vol. 7, issue 1, 1971, pp. 30–39.
[352] J. P. Serre, Cours D’Arithmetique, Paris: Presses Universitaires de France, 1970.
[353] B. A. Sevastyanov, Course on probability theory and matematical statistics, Moskva,Nauka, 1982 (in Russian).
[354] B. A. Sevastyanov and V. P. Chistyakov, On the number of input sequences cor-responding to the output sequences of a finite automaton, Obozrenie prikladnoi ipromyshlennoi matematiki, Moskva, vol. 1, issue 1, 1994, pp. 96–107 (in Russian).
[355] C. E. Shannon, Communication theory of secrecy systems, Bell System TechnicalJournal, V. 28, 1949, pp. 656–715.
[356] W. Shan, The Structure and the Construction of Correlation Immune Functions,MS Thesis, NTE Institute, Xian, 1987.
[357] V. Y. Shen, A. McKellar, and P. Weiner, A Fast Algorithm for the DisjunctiveDecomposition on Switching Functions, IEEE Trans. on Computers, V. 20., No. 3,1971, pp. 304–309.
[358] Shestakov, Ed., Synthesis of electronic computing and controlling schemes, Moskva,1954 (in Russian).
[359] V. M. Sidelnikov, On the mutual correlation of sequences, Problemy kibernetiki,A.A. Lyapunov, Ed., Moskva, Nauka, issue 24, 1971, pp. 15–42 (in Russian).
BIBLIOGRAPHY 323
[360] V. M. Sidelnikov and A. S. Pershakov, Decoding of Reed–Muller Codes with a LargeNumber of Errors, Problems of information transmission, vol. 28, issue 3, 1992, pp.269–281.
[361] V. M. Sidelnikov, Fast algorithms for constructing labeling set for arrays of discreteinformation, Russian Academy of Sciences, Cryptographic Academy of Russian Fed-eration, Trudy po diskretnoi matematike, Moskva, vol. 1, 1997, pp. 251–264 (inRussian).
[362] T. Siegenthaler, Correlation-immunity of Nonlinear Combining Functions for Cryp-tographic Applications, IEEE Trans. on Inform. Theory, IT-30, No. 5, 1984, pp.776–780.
[363] T. Siegenthaler, Design of Combiners to Prevent Divide and Conquer Attacks, InProceedings of Advances in Cryptology: CRYPTO’85, Lect. Notes in Comp. Sci.,New York: Springer-Verlag, V. 218, 1986, pp. 273–279.
[364] T. Siegenthaler, Cryptoanalysis of Nonlinearly Fitered ML-Sequences, Advances inCryptology: EUROCRYPT’85, Lect. Notes in Comp. Sci., New York: Springer-Verlag, 1988, pp. 103–110.
[365] T. Siegenthaler, Decrypting a Class of Stream Ciphers Using Ciphertext Only, IEEETrans. on Computers, V. 34, No. 1, C-1985, pp. 81–85.
[366] H.-U. Simon, A tight Ω(log logn)-bound on the time for parallel RAM’s to computenondegenerated boolean functions, FCT’83, Lect. Notes in Comp. Sci., V. 158, 1984,pp. 439–444.
[367] Pure algebra. A reference matematical library, L. A. Skornyakov, Ed., vols. 1, 2,Moskva, Nauka, 1990 (in Russian).
[368] V. I. Solodovnikov, (Bent)-functions from a finite Abelian group to a finite Abeliangroup, Discretnaya matematika, vol. 14, issue 1, 2002, pp. 99–113 (in Russian).
[369] D. R. Stinson, Resilient Functions and Large Sets of Orthogonal Arrays, CongressusNumerantium, 1993, V. 92, pp. 105–110.
[370] D. R. Stinson and J. L. Massey, An Infinite Class of Counterexamples to a ConjectureConcerning Non-linear Resilient Functions, Journal of Cryptology, V. 8, No. 3, 1995,pp. 167–173.
[371] I. Stradzin, Invariant groups of Boolean functions of four variables, Avtomatika ivychislitelnaya tekhnika, number 5, 1968, pp. 18–22 (in Russian).
[372] I. Stradzin, Affine classification of Boolean functions of five variables, Avtomatika ivychislitelnaya tekhnika, number 1, 1975, pp. 1–9 (in Russian).
[373] R. L. Stratonovich, Information theory, Moskva, Sovetskoe radio, 1975 (in Russian).
[374] T. Sugita, T. Kasami, and T. Fujiwara, The Weight Distribution of the Third OrderReed–Muller Codes of Length 512, IEEE Trans. on Inform. Theory, V. 42, No. 5,1996, pp. 1622–1625.
[375] S. N. Sumarokov, Prohibitions of binary functions and reversibility for a class ofcoding devices, Obozrenie prikladnoi i promyshlennoi matematiki, number 1, 1994,pp. 33–55 (in Russian).
[376] D. A. Suprunenko, Permutation groups, Minsk, Nauka i tekhnuka, 1996 (in Russian).
[377] Yu. V. Tarannikov, On the sets of l-balalnced Boolean sets and functions, Ph.D.Thesis, Moskva, 1994 (in Russian).
[378] Yu. V. Tarannikov, On the weight of l-balalnced Boolean functions, Diskretnyi analizi issledovanie operatsii, vol. 3, issue 1, 1995, pp. 80–81 (in Russian).
[379] Yu. V. Tarannikov, On some estimations of the weight of l-balalnced Boolean func-tions, Diskretnyi analiz i issledovanie operatsii, vol. 2, issue 4, 1995, pp. 80–96 (inRussian).
324 BIBLIOGRAPHY
[380] Yu. Tarannikov, On certain bounds for the weight of l-balanced Boolean functions,Mathematics and Its Applications, A. D. Korshunov (ed.), Operation Research andDiscrete Analysis, V. 391, 1997, pp. 285–299. http://ultra.inria.msu.ru/papers.html.
[381] Yu. V. Tarannikov, On the class of Boolean functions uniformly distributed over ballswith degree 1, Vestnik Mosk. Univ., Series 1, number 5, 1997, pp. 17–21; Englishtransl., Moscow Univ. Math. Bull. 52 (1997), no. 5, 18–22.
[382] Yu. Tarannikov, Limit values for the density of l-balanced k-valued functions definedover the Boolean cube, International Symposium on Combinatorial Optimization,Bruxelles, April 15–17, 1998, p. 191.
[383] Yu. Tarannikov, Ramsey-like theorems on the structure and numbers of higher ordercorrelation-immune functions, Moscow State University, French-Russian Institute ofApplied Mathematics and Informatics, Preprint No. 5, Moscow, October 1999, 20 pp.http://liapunov.inria.msu.ru/PERSONAL/Taran/index.html.
[384] Yu. Tarannikov, On a method for the constructing of cryptographically strong Booleanfunctions, Moscow State University, French-Russian Institute of Applied Mathemat-ics and Informatics, Preprint No. 6, Moscow, October 1999, 24 p. http://liapunov.inria.msu.ru/PERSONAL/Taran/index.html.
[385] Yu. V. Tarannikov, On the structure and number of correlation-immune functions ofthe highest orders, IX Internat. School-Sem. “Synthesis and Complexity of ControlSystems”, Nizhnii Novgorod, 16–19 December, 1998, Moskva, Izd. MGU, 1999, pp.81–92 (in Russian).
[386] Yu. Tarannikov, On resilient Boolean functions with maximum possible nonlinearity,Cryptology ePrint Archive (http://eprint.iacr.org/), Report 2000/005, March2000, 18 pp.
[387] Yu. Tarannikov, On some connections between codes and cryptographic properties ofBoolean functions, Proceedings of Seventh International Workshop on Algebraic andCombinatorial Coding Theory, Bansko, Bulgaria, June 18–24, 2000, pp. 299–304.
[388] Yu. Tarannikov, On the structure and numbers of higher order correlation-immunefunctions, Proceedings of 2000 IEEE International Symposium on Information The-ory ISIT2000, Sorrento, Italy, June 25–30, 2000, p. 185.
[389] Yu. Tarannikov, On resilient Boolean functions with maximal possible nonlinearity,Proceedings of Indocrypt 2000, Lect. Notes in Comp. Sci., Springer-Verlag, V. 1977,2000, pp. 19–30.
[390] Yu. Tarannikov and D. Kirienko, Spectral analysis of high order correlation im-mune functions, Cryptology ePrint Archive (http://eprint.iacr.org/), Report2000/050, October 2000, 8 pp.
[391] Yu. Tarannikov, New constructions of resilient Boolean functions with maximal non-linearity, Cryptology ePrint Archive (http://eprint.iacr.org/), Report 2000/069,December 2000, 11 pp.
[392] Yu. Tarannikov, New constructions of resilient Boolean functions with maximalnonlinearity, 8th Fast Software Encryption Workshop, Preproceedings, Yokohama,Japan, April 2–4, 2001, pp. 70–81.
[393] Yu. Tarannikov and D. Kirienko, Spectral analysis of high order correlation immunefunctions, Proceedings of 2001 IEEE International Symposium on Information The-ory ISIT’2001, Washington, DC, USA, June 2001, p. 69.
[394] Yu. Tarannikov, P. Korolev, and A. Botev, Autocorrelation coefficients and corre-lation immunity of Boolean functions, Proceedings of Asiacrypt 2001, Gold Coast,Australia, December 9–13, 2001, Lect. Notes in Comp. Sci., Springer-Verlag, V. 2248,2001, pp. 460–479.
BIBLIOGRAPHY 325
[395] Yu. V. Tarannikov, Number characteristics of Boolean functions, Discrete Math. andIts Appl., Collection of Lectures at Schools for Young Scientists on Discrete Math.and Its Appl., Moskva, Izdat. MGU, Part 1, 2001, pp. 129–144 (in Russian).
[396] Yu. V. Tarannikov, On the autocorrelation properties of correlation-immune func-tions, Proc. VII Intern. Sem. “Discrete Math. and Its Appl.”, 29 January–2 February,2001, Moskva, Izdat. MGU, Part 3, pp. 331–333 (in Russian).
[397] Yu. V. Tarannikov, On the correlation-immune and resilient Boolean functions,Matematicheskie voprosy kibernetiki, Moskva, Fizmatlit, issue 11, 2002, pp. 91–148(in Russian).
[398] H. C. A van Tilborg, On Weight in Codes, Technical Report 71-WSK-03, Depart-ment of Mathematics, Technological University of Eindhoven, Netherlands, 1971.
[399] V. D. Tonchev, Combinatorial Configurations, New York: Longman, Wiley, 1988.
[400] O. N. Vasilenko, Number-theoretic algorithms in cryptography, Moskva, 2003 (inRussian).
[401] L. Yu. Vasiliev and L. Yu. Glagolev, Metrical properties of disjunctive normal forms,Diskretnaya matematika i matematicheskie voprosy kibernetiki, V. C. Jablonskii andB. O. Lupanov, Eds., vol. 1, Moskva, Nauka, 1974, pp. 99–148 (in Russian).
[402] S. Vaudenay, On the weak keys of Blowfish, In Proceedings of Fast Software En-cryption, FSE’96 (D. Gollmann, ed.), Lect. Notes in Comp. Sci., Springer-Verlag,V. 1039, 1996, pp. 27–32.
[403] E. B. Vinberg and A. G. Elashvili, Classification of three-vectors in the nine-dimensional space, Trudy seminara po vektornomu i tenzornomu analizu, Moskva,MGU, 1974, pp. 197–233 (in Russian).
[404] I. M. Vinogradov, Elements of number theory, Dover, New York, 1954.
[405] F. S. Vinokurov and N. A. Peryazev, Polynomial decomposition of Boolean functions,Matem. Zametki, vol. 53, issue 2, 1993, pp. 25–29; English transl., Math. Notes 53(1993), no. 1–2, 130–133.
[406] B. L. van der Waerden, Algebra I, New York: Springer-Verlag, 1991; Algebra II, NewYork: Springer-Verlag, 1991.
[407] A. F. Webster and S. E. Tavares, On the Design of S-Boxes, In Proceedings of Ad-vances in Cryptology: CRYPTO’85, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 218, 1986, pp. 523–534.
[408] E. J. Weldon, Jr., New Generalizations of Reed–Muller Codes. Part II: NonprimitiveCodes, IEEE Trans. on Inform. Theory, IT-14, No. 2, 1968, pp. 199–205.
[409] R. Westwick, Irreducible Length of Trivectors of Rank Seven and Eight, Pacific Jour-nal of Mathematics, V. 80, No. 2, 1979, pp. 575–579.
[410] H. Wielandt, Finite Permutation Groups, Academic Press, 1964.
[411] S. V. Yablonskii, G. P. Gavrilov, and V. B. Kudryavtsev, Functions of the algebraof logic and the Post classes, Moskva, Nauka, 1966 (in Russian).
[412] S. V. Yablonskii, Introduction to the theory of functions of k-valued logic, Diskret-naya matematika i matematicheskie voprosy kibernetiki, Moskva, Nauka, vol. 1,1974.
[413] Y. X. Yang and B. Guo, Further Enumerating Boolean Functions of CryptographicSignificance, Journal of Cryptology, V. 8, No. 3, 1995, pp. 115–122.
[414] R. Yarlagadda and J. E. Hershey, Analysis and synthesis of bent sequences, Proc.IEE, part E, V. 136, No. 2, 1989, pp. 112–123.
[415] V. V. Yashchenko, Properties of Boolean mappings that are reducible to their coor-dinate functions, Vestnik MGU, Matematika, 1997, no. 4, pp. 11–13; English transl.,Moscow Univ. Math. Bull. 52 (1997), no. 4, 11–13.
[416] V. V. Yashchenko, On the Propagation Criterion for Boolean Functions and on BentFunctions, Problems of information transmission, vol. 33, issue 1, 1997, pp. 62–71.
326 BIBLIOGRAPHY
[417] V. V. Yashchenko, On the two characteristics of nonlinearity of Boolean mappings,Diskretnyi analiz i issledovanie operatsii, Series 1, vol. 5, number 2, 1998, pp. 90–96(in Russian).
[418] K. Yosida, Functional Analysis, Berlin: Springer-Verlag, 1965.
[419] A. M. Youssef and S. E. Tavares, Spectral Properties and Information Leakage ofMulti-Output Boolean Functions, Proc. 1995 IEEE International Symposium on In-formation Theory, p. 351.
[420] A. M. Youssef, T. W. Cusick, P. Stanica, and S. E. Tavares, New bounds on thenumber of functions satisfying strict avalanche criterion, Third Annual Workshopon Selected Areas in Cryptography, 1996.
[421] A. Youssef and G. Gong, Hyper-bent functions, In Proceedings of Advances in Cryp-tology: EUROCRYPT’2001, Lect. Notes in Comp. Sci., New York: Springer-Verlag,V. 2045, 2001, pp. 406–419.
[422] L. A. Zalmanzon, Fourier, Walsh, and Haar transforms and their application incontrol, communication, and other areas, Moskva, Nauka, 1989 (in Russian).
[423] O. Zariski and P. Samuel, Commutative Algebra, Vols. I, II., D. Van NostrandCompany Inc., Princeton, 1958.
[424] G. V. Zaitsev, V. A. Zinoviev, and N. V. Semakov, Fast correlation decoding ofblock codes, Kodirovanie i peredacha diskretnykh soobshchenii v sistemakh svyazi,Moskva, Nauka, 1976 (in Russian).
[425] K. Zeng and M. Huang, On the Linear Syndrome Method in Cryptanalysis, In Pro-ceedings of Advances in Cryptology: CRYPTO’88, Lect. Notes in Comp. Sci., NewYork: Springer-Verlag, V. 403, 1990, pp. 469–478.
[426] K. Zeng, C. H. Yang, and T. R. N. Rao, An Improved Linear Syndrome Algo-rithm in Cryptanalysis with Applications, In Proceedings of Advances in Cryptology:CRYPTO’90, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 537, 1991,pp. 34–47.
[427] X.-M. Zhang and Y. Zheng, GAC—the Criterion for Global Avalanche Characteris-tics of Cryptographic Functions, Journal of Universal Computer Science, V. 1, No. 5,1995, pp. 320–337.
[428] X.-M. Zhang and Y. Zheng, Auto-Correlations and New Bounds on the Nonlinearityof Boolean Functions, In Proceedings of Advances in Cryptology: EUROCRYPT’96,Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1070, 1996, pp. 294–305.
[429] X.-M. Zhang and Y. Zheng, Characterizing the structures of cryptographic func-tions satisfying the propagation criterion for almost all vectors, Designs, Codes andCryptography, V. 7, 1996, pp. 111–134.
[430] X.-M. Zhang and Y. Zheng, On the Difficulty of Constructing CryptographicallyStrong Substitution Boxes, Journal of Universal Computer Science, V. 2, No. 3, 1996,pp. 147–162.
[431] X.-M. Zhang and Y. Zheng, New Lower Bounds on Nonlinearity and a Class of HighNonlinear Functions, Information Security and Privacy: ACISP’97, Lect. Notes inComp. Sci., New York: Springer-Verlag, V. 1270, 1997, pp. 147–158.
[432] X.-M. Zhang and Y. Zheng, Cryptographically Resilient Functions, IEEE Trans. onInform. Theory, V. 43, No. 5, 1997, pp. 1740–1747.
[433] X.-M. Zhang, Y. Zheng, and H. Imai, Connections Between Nonlinearity and Re-strictions, Terms and Hypergraphs of Boolean Functions, ISIT, Cambridge, MA,USA, 1998, p. 439.
[434] J.-Z. Zhang, Z.-S. You, and Z. L. Li, Enumeration of Binary Orthogonal Arrays ofStrength 1, Discrete Mathematics, to appear.
[435] Y. Zheng and X.-M. Zhang, Improved Upper Bounds on Nonlinearity of High OrderCorrelation Immune Functions, Selected Areas in Cryptography: SAC’2000, Lect.Notes in Comp. Sci., New York: Springer-Verlag, V. 2012, 2000, pp. 264–274.
BIBLIOGRAPHY 327
[436] Y. Zheng and X.-M. Zhang, On Relationships among Propagation Degree, Nonlin-earity, and Correlation Immunity, In Proceedings of Advances in Cryptology: ASI-ACRYPT’2000, Lect. Notes in Comp. Sci., New York: Springer-Verlag, V. 1976,2000, pp. 470–482.
[437] Y. Zheng and X.-M. Zhang, New Results on Correlation Immune Functions, Interna-tional Conference on Information Security and Cryptology: ICISC’2000, Lect. Notesin Comp. Sci., New York: Springer-Verlag, V. 2015, 2001, pp. 49–63.
[438] Y. Zheng and X.-M. Zhang, On Plateaued Functions, IEEE Transactions on Infor-mation Theory, V. 47, No. 3, 2001, pp. 1215–1223.
[439] Y. Zheng and X.-M. Zhang, Relationships between Bent Functions and Comple-mentary Plateaued Functions, In Proceedings of the 2nd International Conferenceon Information Security and Cryptography, ICISC’99, Lect. Notes in Comp. Sci.,Berlin, Heidelbeg, New York: Springer-Verlag, V. 1787, 2000, pp. 60–75.
[440] K. H. Zimmermann, Beitrage zur algebraischen Codierungstheorie mittels modularerDarstellungstheorie, Bayreuth. Math. Schr., 1994, No. 48, 278 pp.
Index
(n, r)-forms, 103
RM -equivalence, 101
adder, 273
Advanced Encryption Standard, AES, 283
algebra over a field, 18
algebraic degree
of a function, 42
of a mapping, 249
algebraic system, 1
algorithm
deciphering, 281
decoding, 118
enciphering, 281
Euclidean, 13
Matsui 1, 296
Matsui 2, 296
almost equivalent mappings, 105, 238
array
of a code
standard, 118
orthogonal, 206
attack on the key, 283
automorphism
Frobenius, 30
internal, 6
of a field over another field, 30
of a group, 4
avalanche criterion, 261
strict, 261
strong of order t, 262
average
complexity, 285
reliability, 285
ball, 111
basis
biorthogonal, 189
canonical, 17
normal, 25
of a vector space, 17
polynomial, 25
bent set, 173
bent function, 166
partial, 173
bent mapping, 243
almost, 247
bias, 295
binary operation, 1associative, 1
block cipher, 281
key, 281
Boole, George, ix
Boolean functioncovering sequence of, 74
level of, 74
nontrivial, 74
degeneration structure of, 103
derivative of, 55
numerical normal form of, 50weight of, 45
boomerang method, 303
bound
Bose–Chaudhuri–Hocquenghem (BCH),133
Elias’, 112Hamming’s, 111
Singleton’s, 111
sphere-packing, 111
branching, 70
linear, 71
Burnside lemma, 80
canonical factorization of a polynomial, 15
center of a group, 7character
additive, 25
canonical, 25
distinguishing, 5
multiplicative, 26nontrivial, 5
of a group, 4
trivial, 5
characteristic
difference, 300
function, 239global avalanche, 266
linear, 295
329
330 INDEX
of a field, 11
polynomial
of an LRS, 272
of a register, 273
check polynomial, 123
check symbols, 111
cipher
A5, 70
stream, 70, 287
symmetric, 65
cipher algorithm
DES, 283
GOST 28147-89, 283
cipher standard
DES, 283
GOST 28147-89, 283
ciphertext, 281
block, 281
intermediate, 282
class
cyclotomic, 35, 54
equivalence, 2
Maiorana–McFarland, 173
of affine functions, 43
of maximum-nonlinear functions
M, 173
complete, 172
code
[n, k, d], 107
automorphism group of, 110
binary Golay, 135, 136
complementary, 123
completely regular, 254
constructive distance of, 134
cyclic, 120
nonzeros, 123
primitive, 122
with two zeros, 259
zeros, 123
dual, 109
equidistant, 117
generator matrix of, 109
Hadamard, 190
Hamming’s, 116
Kerdock, 159
linear
block, 107
determined by a mapping, 252
maximum length, 117
minimum distance of, 107
parity-check matrix of, 109
perfect, 117
Preparata, 160
primitive BCH, 134
narrow-sense, 134
punctured, 142
Reed–Muller, 139
set of code words of, 109
simplex, 117, 132
systematic, 111
uniformly packed, 254
weight function of, 114
weight spectrum of, 114
with maximum distance, 111
code dimension, 107
code distance, 107
dual, 250
external, 250
code rate, 107
code word, 107
coefficient
Fourier, 46
Walsh–Hadamard, 46
coefficients
spectral, 46
communication channel
discrete, 108
quantum-cryptographic, 203
completion of a class, 172
complexity
linear, 276
average of statistical classificationprocedure, 285, 286
confusion, 65
conjugate set, 6
constant, 12
constructive enumeration problem, 88
coordinates of a vector, 17, 37
correlation
attack, 294
decoding, 152
coset
leader, 118
of a code, 118
of a subgroup, 3
covering radius of a code, 107
covering sequence
perfect, 234
simple, 228
crosscorelation, 58
cryptanalysis
linear, 295
method, 281
statistical, 281
decision area, 284
decoder
complete, 119
incomplete, 119
decoding Hamming code, 117
deep hole, 166
delay device, 273
Delsarte’s inequality, 255
dependence
essential, 38
quasi-linear, 223
INDEX 331
derivativeof a Boolean function, 55of a polynomial, 16
deviation, 295difference table, 239diffusion, 65dimension of a space, 18
Dirac δ-function, 46discrepancy bits, 277distance
between Boolean functions, 45from a Boolean function to a set, 49Hamming, 44
distance of uniqueness, 284distributed computations, 203distribution of random variables, 196distributivity, 7divisor of an element of a ring, 9domain, 7dual bases, 24
elementof a ring
prime, 9generator of a cyclic group, 2
of a code, 107of a field
primitive, 23of a ring
reversible, 9of infinite order, 3
elementsconjugate, 6equivalent, 2of a field
conjugate, 29of a ring
associates, 9congruent modulo an ideal, 8
Elias bound, 112endomorphism of a group, 4entropy of a random variable, 196
conditional, 196enumerator, 81EPC(k, 0), 264EPC(k, t), 264epimorphism, 4equivalence relation, 2
equivalent codes, 110ergodic theory, 65EWHT, 188exponent of a group, 4extension degree, 17extension of a field, 10
of finite degree, 17
fast correlation attack, 294field, 7
finite, 19
of decomposition, 20
prime, 11
flag of subsets, 69
form
algebraic normal (ANF), 41
alternating, 92
associated, 92
symplectic, 92
Fourier transform, 114
function
d-optimal, 203
d-resilient, 203
affine, 43
argument of, 38
balanced
with respect to a matrix, 266
Boolean, 37
(c0, c1)-regular, 44
G-invariant, 79
c-regular, 44
balanced, 45
bent, 166
correlation-immune, 198
functionally separable, 42
maximum-nonlinear, 166
maximum-nonlinear for a subspace,178
nondegenerate, 102
partial, 181
regular, 44
weakly nondegenerate, 232
correlation-immune, 67
in a given direction, 201
cryptographic (discrete), 65
dual, 168
to a plateaued function, 180
dual to a partially defined mn-bentfunction, 182
Euler’s, 4
given as a linear branching, 71
group-theoretic classification of, 80
hyperbent, 189
linear, 43
linearly dependent on a variable, 42
Mobius, 33
nonlinearity of, 50
nonlinearly dependent on a variable, 42
partially defined d-resilient, 217
plateaued, 180
quadratic, 92
resilient, 67
self-dual, 168
symmetric, 44
functions
G-equivalent, 79
algebraically independent, 66
332 INDEX
generator matrix in the systematic form,111
generator polynomial, 122Gilbert–Varshamov bound, 112global avalanche characteristic, 169
absolute index, 266sum of squares, 266
GOST 28147-89, 283greatest common divisor of polynomials, 13Green’s scheme, 152group, 1
abelian, 1center of, 7commutative, 1complete affine, 86cyclic, 2finite, 2Galois, 30general linear, 85infinite, 2isomorphism, 4of affine transformations, 86of inverted variables, 84of linear transformations, 85of permutations of variables, 84of residue classes, 2of roots of unity, 3of shifts, 84
group action on a set of functions, 78Group Special Mobile, GSM, 70
Hamming bound, 111Hamming code, 116homomorphism, 4
of rings, 9hyperbent function, 189
idealminimal, 28of a ring
maximal, 9prime, 9principal, 8two-sided, 8
idempotent, 125primitive, 128proper, 27, 125
identity element of a group, 1image
branching, 70of a group homomorphism, 4
impossible differentials, 302independent random variables, 196index
of q modulo n, 34of a subgroup, 3of linearity, 70
informationmutual, 197
information symbols, 111
intersection of codes, 127
invariant of a group, 88complete, 88
inverse element, 1
isomorphic vector spaces, 17
isomorphism, 4iteration cipher, 282
Jensen’s inequality, 114
Jevons group, 85
kernel
of a bilinear form, 159
of a homomorphism, 6
of a ring homomorphism, 9of a symplectic matrix, 159
key schedule, 283
Kravchuk polynomials, 116, 227
large set of orthogonal arrays, 207
least common multiple of polynomials, 14
length
of a codeprimitive, 122
of a register, 273
linear
combination, 17complexity, 275
cryptanalysis method, 295
feedback shift register (LFSR), 272recursive sequence (LRS), 272
space, 16
span, 275, 276
structure, 67translator, 67
linearity subspace of a mapping, 68
Lloyd polynomial, 255locators of a vector, 255
MacWilliams identity, 115
mapping
(n, k, d)-resilient, 203, 205almost perfect nonlinear, 245
associated with a function, 70
balanced, 66
branched, 70branching, 70
complete, 261
defined by a polynomial, 16linearity index, 70
perfect nonlinear, 243
plateaued, 247
polynomial, 250resilient, 67, 203
material, 283
volume of, 283matrix
Hadamard, 167
INDEX 333
symplectic, 92, 158
Matsuialgorithm 1, 296
algorithm 2, 296maximum-nonlinear functions
PS, 177PS+, 176PS−, 176
class D, 177class D0, 177
methodboomerang, 303
of conditional differentials, 302of multiple approximation, 302of partial differentials, 302
rectangle, 303minimal polynomial of a sequence, 274
minimum period of a sequence, 271mixing, 65
mn-bent functionpartially defined, 181
mn-functionpartially bent, 178
multiplicity of a root, 16
natural cryptographic assumption, 298
Neyman–Pearson lemma, 290nonlinearity, 67
generalized, 188nonzeros of a cyclic code, 123
norm, 24absolute, 24
normalizer
of a set, 7of an element, 7
operator
fixing some of the variables, 73projection, 72
taking a Boolean derivative, 73optimal Bayes procedure, 287
orbit index, 77order
lexicographic, 38
of a group, 2of a polynomial, 31
of an element of a group, 3partial, 41
orthogonality equations, 47
pair of variablescovering, 226quasi-linear, 223
Parseval’s equation, 48partial spreads, 177
PC(k, t), 264period, 271
of a polynomial, 31of a sequence, 271
of a shortened row of values of afunction, 189
periodic sequence, 271Peterson–Gorenstein–Zierler decoder, 271piling-up lemma, 299plaintext, 281
block, 281
plateaued functioncomplementary, 185of order 2r, 180
Pless identities, 251Polya’s theorem, 82polynomial, 12
characteristic of an element, 30constant, 12constant term of, 12cyclotomically homogeneous, 54cyclotomically reduced, 54degree of, 12dual, 31generator of a cyclic code, 122irreducible, 14Kravchuk, 227leading coefficient of, 12minimal, 28monic, 12primitive, 32quadratic, 256reducible, 14root of, 16
multiple, 16simple, 16
unitary, 12Zhegalkin, 41
pre-period of a sequence, 271procedure for statistical classification, 283product
Kronecker, 151of elements of a group, 2scalar, 26
of vectors, 45propagation criteria, 67, 201, 261
of degree k and order t, 264extended, 264
propagation matrix, 264property
reducible, 72secondary, 73
quotient group, 6quotient ring, 9
rectangle method, 303Reed’s decoding algorithm, 146reflectivity, 2reliability
of an algorithm, 285representative of a cyclotomic class, 54residue class, 8
334 INDEX
resilient, 203
Rijndael, 283
ring, 7
commutative, 7
division, 7
domain, 7
irreducible, 27
of polynomials over a field, 12
principal ideal domain, 9
reducible, 27
with identity, 7
root of unity, 34
primitive, 34
Rothaus criterion, 169
round, 282
subkey, 282
transformation, 282
row operations, 110
SAC(t), 262
self-information of an event, 195
set
difference, 169
simple Hadamard, 169
generating a subgroup, 3
of a code
characteristic, 250
generating, 255
Shannon’s principles, 66
shift operator, 272
Siegenthaler inequality, 202
Singleton bound, 111
skew field, 7
space
r-nonlinearity of, 69
branching, 70
vector, 37
stabilizer of a function, 79
stable subspace, 170
statistical classisfication, 283
statistical cryptanalysis method, 281
stream cipher, 65
subalgebra, 18
subfield, 10
proper, 10
subfunction, 39
subgroup, 3
generated by a set, 3
generated by an element, 3
nontrivial, 3
normal, 6
subkey, 282
subring, 8
sum
of codes, 127
of elements of a group, 2
summandin ANF, 42in Zhegalkin polynomial, 42
weight, 42linear, 42
support of an element, 206symmetry, 2
syndrome vector, 118
tabular method, 38trace, 23, 53
absolute, 23relative, 54
trace equvalence, 53transform
fast Hadamard, 151Fourier, 46Mobius, 41Walsh–Hadamard, 46
extended, 188incomplete, 181
transitivity, 2triangle inequality, 45trigger, 273truth table, 206
type of a permutation, 77
ultimately periodic sequence, 271unknown, 12
variable, 12covering, 226essential, 38fictitious, 38
adding, 39deleting, 39
linear, 223nonessential, 38
variable of a function, 38vector, 16, 37
r-covered by a code, 107preceding, 41
strictly, 41vector space, 16
isomorphism of, 17
weightHamming, 41of a function, 81of an equivalence class, 81
word error probability, 120
zero elementof a ring, 7
of a group, 2zero tail expansion, 276zerodivisors, 7zeros of a cyclic code, 123
Selected Titles in This Series
241 O. A. Logachev, A. A. Salnikov, and V. V. Yashchenko, Boolean Functions inCoding Theory and Cryptography, 2012
240 Kazuya Kato, Nobushige Kurokawa, and Takeshi Saito, Number Theory 2, 2011
239 I. Ya. Novikov, V. Yu. Protasov, and M. A. Skopina, Wavelet Theory, 2011
238 Leonid L. Vaksman, Quantum Bounded Symmetric Domains, 2010
237 Hitoshi Moriyoshi and Toshikazu Natsume, Operator Algebras and Geometry, 2008
236 Anatoly A. Goldberg, Iossif V. Ostrovskii, and Iossif V. Ostrovskii, ValueDistribution of Meromorphic Functions, 2008
235 Mikio Furuta, Index Theorem. 1, 2007
234 G. A. Chechkin, G. A. Chechkin, A. L. Piatnitski, A. L. Piatnitski, A. S.
Shamaev, and A. S. Shamaev, Homogenization, 2007
233 A. Ya. Helemskii, Lectures and Exercises on Functional Analysis, 2006
232 O. N. Vasilenko, Number-Theoretic Algorithms in Cryptography, 2007
231 Kiyosi Ito, Essentials of Stochastic Processes, 2006
230 Akira Kono and Dai Tamaki, Generalized Cohomology, 2006
229 Yu. N. Lin′kov, Lectures in Mathematical Statistics, 2005
228 D. Zhelobenko, Principal Structures and Methods of Representation Theory, 2006
227 Takahiro Kawai and Yoshitsugu Takei, Algebraic Analysis of Singular PerturbationTheory, 2005
226 V. M. Manuilov and E. V. Troitsky, Hilbert C∗-Modules, 2005
225 S. M. Natanzon and S. M. Natanzon, Moduli of Riemann Surfaces, Real AlgebraicCurves, and Their Superanalogs, 2004
224 Ichiro Shigekawa, Stochastic Analysis, 2004
223 Masatoshi Noumi, Painleve Equations through Symmetry, 2004
222 G. G. Magaril-Il’yaev and V. M. Tikhomirov, Convex Analysis: Theory andApplications, 2003
221 Katsuei Kenmotsu, Surfaces with Constant Mean Curvature, 2003
220 I. M. Gelfand, S. G. Gindikin, and M. I. Graev, Selected Topics in IntegralGeometry, 2003
219 S. V. Kerov, Asymptotic Representation Theory of the Symmetric Group and itsApplications in Analysis, 2003
218 Kenji Ueno, Algebraic Geometry 3, 2003
217 Masaki Kashiwara, D-modules and Microlocal Calculus, 2003
216 G. V. Badalyan, Quasipower Series and Quasianalytic Classes of Functions, 2002
215 Tatsuo Kimura, Introduction to Prehomogeneous Vector Spaces, 2002
214 L. S. Grinblat, Algebras of Sets and Combinatorics, 2002
213 V. N. Sachkov and V. E. Tarakanov, Combinatorics of Nonnegative Matrices, 2002
212 A. V. Mel′nikov, S. N. Volkov, and M. L. Nechaev, Mathematics of FinancialObligations, 2002
211 Takeo Ohsawa, Analysis of Several Complex Variables, 2002
210 Toshitake Kohno, Conformal Field Theory and Topology, 2002
209 Yasumasa Nishiura, Far-from-Equilibrium Dynamics, 2002
208 Yukio Matsumoto, An Introduction to Morse Theory, 2002
207 Ken’ichi Ohshika, Discrete Groups, 2002
206 Yuji Shimizu and Kenji Ueno, Advances in Moduli Theory, 2002
205 Seiki Nishikawa, Variational Problems in Geometry, 2002
204 A. M. Vinogradov, Cohomological Analysis of Partial Differential Equations andSecondary Calculus, 2001
203 Te Sun Han and Kingo Kobayashi, Mathematics of Information and Coding, 2002
202 V. P. Maslov and G. A. Omel’yanov, Geometric Asymptotics for Nonlinear PDE. I,2001
SELECTED TITLES IN THIS SERIES
201 Shigeyuki Morita, Geometry of Differential Forms, 2001
200 V. V. Prasolov and V. M. Tikhomirov, Geometry, 2001
199 Shigeyuki Morita, Geometry of Characteristic Classes, 2001
198 V. A. Smirnov, Simplicial and Operad Methods in Algebraic Topology, 2001
197 Kenji Ueno, Algebraic Geometry 2, 2001
196 Yu. N. Lin′kov, Asymptotic Statistical Methods for Stochastic Processes, 2001
195 Minoru Wakimoto, Infinite-Dimensional Lie Algebras, 2001
194 Valery B. Nevzorov, Records: Mathematical Theory, 2001
193 Toshio Nishino, Function Theory in Several Complex Variables, 2001
192 Yu. P. Solovyov and E. V. Troitsky, C∗-Algebras and Elliptic Operators inDifferential Topology, 2001
191 Shun-ichi Amari and Hiroshi Nagaoka, Methods of Information Geometry, 2000
190 Alexander N. Starkov, Dynamical Systems on Homogeneous Spaces, 2000
189 Mitsuru Ikawa, Hyperbolic Partial Differential Equations and Wave Phenomena, 2000
188 V. V. Buldygin and Yu. V. Kozachenko, Metric Characterization of RandomVariables and Random Processes, 2000
187 A. V. Fursikov, Optimal Control of Distributed Systems. Theory and Applications, 2000
186 Kazuya Kato, Nobushige Kurokawa, and Takeshi Saito, Number Theory 1, 2000
185 Kenji Ueno, Algebraic Geometry 1, 1999
184 A. V. Mel′nikov, Financial Markets, 1999
183 Hajime Sato, Algebraic Topology: An Intuitive Approach, 1999
182 A. V. Bocharov, V. N. Chetverikov, S. V. Duzhin, N. G. Khor’kova, A. V.Samokhin, Yu. N. Torkhov, and A. M. VerbovetskySymmetries and ConservationLaws for Differential Equations of Mathematical Physics, 1999
181 Ya. G. Berkovich and E. M. Zhmud′, Characters of Finite Groups. Part 2, 1999
180 A. A. Milyutin and N. P. Osmolovskii, Calculus of Variations and Optimal Control,1998
179 V. E. Voskresenskiı, Algebraic Groups and Their Birational Invariants, 1998
178 Mitsuo Morimoto, Analytic Functionals on the Sphere, 1998
177 Satoru Igari, Real Analysis—With an Introduction to Wavelet Theory, 1998
176 L. M. Lerman and Ya. L. Umanskiy, Four-Dimensional Integrable HamiltonianSystems with Simple Singular Points (Topological Aspects), 1998
175 S. K. Godunov, Modern Aspects of Linear Algebra, 1998
174 Ya-Zhe Chen and Lan-Cheng Wu, Second Order Elliptic Equations and EllipticSystems, 1998
173 Yu. A. Davydov, M. A. Lifshits, and N. V. Smorodina, Local Properties ofDistributions of Stochastic Functionals, 1998
172 Ya. G. Berkovich and E. M. Zhmud′, Characters of Finite Groups. Part 1, 1998
171 E. M. Landis, Second Order Equations of Elliptic and Parabolic Type, 1998
170 Viktor Prasolov and Yuri Solovyev, Elliptic Functions and Elliptic Integrals, 1997
169 S. K. Godunov, Ordinary Differential Equations with Constant Coefficient, 1997
168 Junjiro Noguchi, Introduction to Complex Analysis, 1998
167 Masaya Yamaguti, Masayoshi Hata, and Jun KigamiMathematics of Fractals, 1997
166 Kenji UenoAn Introduction to Algebraic Geometry, 1997
165 V. V. Ishkhanov, B. B. Lur′e, and D. K. Faddeev, The Embedding Problem inGalois Theory, 1997
For a complete list of titles in this series, visit theAMS Bookstore at www.ams.org/bookstore/.
MMONO/241 www.ams.orgAMS on the Web
For additional informationand updates on this book, visit
www.ams.org/bookpages/mmono-241
This book offers a systematic presentation of cryptographic and code-theoretic aspects of the theory of Boolean functions. Both classical and recent results are thoroughly presented. Prerequisites for the book include basic knowledge of linear algebra, group theory, theory of fi nite fi elds, combinatorics, and probability. The book can be used by research mathematicians and graduate students interested in discrete mathematics, coding theory, and cryptography.