On Third-Order Nonlinearity of Biquadratic Monomial Boolean Functions

The rth-order nonlinearity of Boolean function plays a central role against several known attacks on stream and block ciphers. Because of the fact that its maximum equals the covering radius of the rth-order Reed-Muller code, it also plays an important role in coding theory. The computation of exact value or high lower bound on the rth-order nonlinearity of a Boolean function is very complicated problem, especially when r > 1. This paper is concerned with the computation of the lower bounds for third-order nonlinearities of two classes of Boolean functions of the form Tr 1 (λx d ) for all x ∈ F 2 n , λ ∈ F∗ 2 n , where (a) d = 2i + 2j + 2k + 1, where i, j, and k are integers such that i > j > k ≥ 1 and n > 2i, and (b) d = 23l + 22l + 2l + 1, where l is a positive integer such that gcd(l,n) = 1 and n > 6.


Introduction
Boolean functions are the building blocks for the design and the security of symmetric cryptographic systems and for the definition of some kinds of error correcting codes, sequences, and designs.The th-order nonlinearity, nl  (), of a Boolean function  ∈ B  is defined by the minimum Hamming distance of  to RM(, )-Reed-Muller code of length 2  and order  (RM(, ) := { ∈ B  : deg() ≤ }).The nonlinearity of  is given by nl() = nl 1 () and is related to the immunity of  against best affine approximation attacks [1] and fast correlation attacks [2], when  is used as a combiner function or a filter function in a stream cipher.The th-order nonlinearity is an important parameter, which measures the resistance of the function against various low-order approximation attacks [1,3,4].In cryptographic framework, within a tradeoff with the other important criteria, the th-order nonlinearity must be as large as possible; see [5][6][7][8][9].Since, the maximal th-order nonlinearity of all Boolean functions equals the covering radius of RM(, ), it also has an application in coding theory.Besides these applications, an interesting connection between the th-order nonlinearity and the fast algebraic attacks has been introduced, recently in [9], which claims that a cryptographic Boolean function should have high th-order nonlinearity to resist the fast algebraic attack.
Unlike nonlinearity there is no efficient algorithm to compute second-order nonlinearities for  > 11.The most efficient algorithm is introduced by Fourquet and Tavernier [10] which works for  ≤ 11 and up to  = 13 for some special functions.Thus, to identify a class of Boolean function with high th-order nonlinearity, even for  = 2, is a very relevant area of research.In 2008, Carlet has devolved a technique to compute th-order nonlinearity recursively in [11], and using this technique he has obtained the lower bounds of nonlinearity profiles for functions belonging to several classes of functions: Kasami functions, Welch functions, inverse functions, and so forth.Based on this technique, the lower bound for th-order nonlinearity, for  ≥ 2, is obtained for some specific classes of Boolean functions, in many articles; see, for example, [11][12][13][14] and the references therein.The best known asymptotic upper bound for nl 3 () given by Carlet and Mesnager [15] is as follows: The classes of Boolean functions for which the lower bound of third nonlinearity is known are inverse functions [11], Dillon functions [16], and Kasami functions, () = Tr  1 ( 57 ) [12].In this paper, we deduce the theoretical lower bounds on third-order nonlinearities of two classes of biquadratic where ℓ is a positive integer such that gcd(ℓ, ) = 1 and  > 6.
Remainder of the paper is organized as follows.In Section 2 some basic definitions and notations required for the subsequent sections are reviewed.The main results on lower bounds of third-order nonlinearities are presented in Section 3. The numerical compression of our bounds with the previous known results is provided in Section 4. Section 5 is conclusion.

Preliminaries
Let F 2  be the finite field consisting of 2  elements.The group of units of F where   is the smallest positive integer such that  ≡ 2 where Γ() is the set of all coset leaders modulo 2  − 1 and   ∈ F 2   ,  2  −1 ∈ F 2 , for all  ∈ Γ().A Boolean function is said to be a monomial trace function if its trace representation consists of single trace term.The binary representation of an integer  ∈ Z is where  0 ,  1 , . . .,  −1 ∈ {0, 1}.The Hamming weight of  is   () = ∑ −1 =0   , where the sum is over Z.The algebraic degree, denoted by deg(), of  ∈ B  , as represented in (3), is the largest positive integer  for which   () =  and , where || is the cardinality of any set .The Hamming distance between two functions ,  ∈ B  is defined by The set {  () :  ∈ F 2  } is referred to as the WHS of  ∈   which satisfies the Parseval's identity: and so nl() ≤ 2 −1 − 2 (/2)−1 .The function  ∈ B  achieving maximum possible nonlinearity 2 −1 − 2 /2−1 are said to be bent functions (exists only for even ), were introduced by Rothaus [19].
Carlet's [11] recursive lower bounds for third-order nonlinearities which we use to compute our bounds, are given below in Propositions 1 and 2.
Proposition 1 (see [11,Proposition 2]).Let  ∈ B  ; then nl 3 () ≥ (1/4) max{nl(    ) : ,  ∈ F 2  }.The result in Proposition 4 above was introduced by Bracken et al. [20].The bilinear form [17] associated with a quadratic Boolean function  ∈ B  is defined by (, ) := (0) + () + () + ( + ) and the kernel, E  of (, ) is the subspace of F 2  defined by An element  ∈ E  is called a linear structure of .Next, if  is a vector space over a field F  of characteristic 2 and  :  → F  a quadratic form, then dim() and dim(E  ) have the same parity [21].The distribution of the WHT values of a quadratic Boolean function  ∈ B  is given in the following theorem which claims that the weight distribution of the values in the WHS of  depends only on the dimension  of E  .
Theorem 5 (see [17,21]).Let  ∈ B  be a quadratic Boolean function and  = dim(E  ) , where E  is defined in (8); then the weight distribution of the WHT values of  is given by

Main Results
In this section, using Carlet's recursive technique [11], the theoretical lower bounds for third-order nonlinearities of two general classes of monomial Boolean functions of degree 4 are obtained.
Here the kernel of  (, ) associated with where  (,,) () is obtained by replacing , , and  in ( 18) by 3ℓ, 2ℓ, and ℓ, respectively: The Using Proposition 1, we have Using Proposition 2, we have the following.
If there exists at least elements ,  ∈ F  2 such that      is quadratic, then nl 3 () ≥ 2 −4 .This result follows from Proposition 1 and the fact that the nonlinearity of any quadratic function in B  is at least 2 −2 [11,22].

Comparison
The theoretical lower bounds for third-order nonlinearities obtained by using Theorem 6 for  = 3, 4, 5 and ,  are taken in such a way that gcd ( − , ) = 1 and reported in Tables 1  and 2. The bounds are compared with the general bounds for third-order nonlinearity: nl 3 () ≥ 2 −4 , for any biquadratic Boolean function.It is evident that the bounds for  = 3, 4 are efficiently large and decrease with increasing the value of .It is to be noted that Class () is the more general class of biquadratic monomial Boolean functions containing several classes of highly nonlinear Boolean functions.In particular, for  = 5,  = 4, and  = 3 Class () coincides with Kasami functions of algebraic degree 4.
The theoretical bounds for third-order nonlinearities obtained by using Theorem 7 and Proposition 3 are compared with known classes of functions [4,11,12] and reported in Tables 3 and 4. It is to be noted that the lower bounds for third-order nonlinearities of the inverse functions (nl 3 ( inv ) ≥ 2 −1 − 2 (7−2)/8 ) are larger than that of the Dillon functions (nl 3 ( dillon ) ≥ 2 −1 − 2 7/8 ) for all .Thus, it is demonstrated that the lower bound obtained by Theorem 7 is better than the bounds obtained by Gode and Gangopadhyay [12] for Kasami functions: Tr( 57 ), Iwata and Kurosawa's general bound [4] for all  > 8. Also these bounds are improved upon Carlet's [11] bound for inverse function when  is odd, or  = 8, 12, and equal for the rest of values of even .

Conclusion
In this paper, using recursive approach introduced in [11], we have computed the lower bounds of third-order nonlinearities of two general classes of biquadratic monomial Boolean functions.It is demonstrated that in some cases our bounds are better than the bounds obtained previously.

2
International Journal of Engineering Mathematics monomial Boolean functions Tr  1 (  ) for all  ∈ F 2  , where  ∈ F * 2  and (a)  = 2  +2  +2  +1, where , , and  are integers such that  >  >  ≥ 1 and  > 2, and (b) 2  , denoted by F * 2  , is a cyclic group consisting of 2  − 1 elements.An element  ∈ F 2  is said to be a primitive element if it is a generator of the multiplicative group F * 2  .A function from F 2  to F 2 is said to be a Boolean function on  variables; the set of such functions is denoted by B  .Let Z and Z  , where  is a positive integer, denote the ring of integers and integers modulo , respectively.A cyclotomic coset modulo 2  − 1 of  ∈ Z is defined as (mod 2  − 1)[17, page 104].It is a convention to choose the subscript  to be the smallest integer in   and refer to it as the coset leader of   and   denotes the size of   .
=0    2  be a linearized polynomial over F 2  , where V,  are positive integers such that (, ) = 1.Then zeroes of the linearized polynomial () in F 2  are at most 2 V .

Table 1 :
The lower bounds on the third-order nonlinearities obtained by Theorem 6 for odd  and  = 3, 4, 5.

Table 2 :
The lower bounds on the third-order nonlinearities obtained by Theorem 6 for even  and  = 3, 4, 5.

Table 3 :
[4,11,12]n of the value of lower bounds on third-order nonlinearities obtained by Theorem 6 with the bound obtained in[4,11,12]for odd .

Table 4 :
[4,11,12]n of the value of lower bounds on third-order nonlinearities obtained by Theorem 6 with the bound obtained in[4,11,12]for even .