## Cryptology ePrint Archive: Report 2016/419

Walsh-Hadamard Transform and Cryptographic Applications in Bias Computing

Yi LU and Yvo DESMEDT

Abstract: Walsh-Hadamard transform is used in a wide variety of scientific and engineering applications, including bent functions and cryptanalytic optimization techniques in cryptography. In linear cryptanalysis, it is a key question to find a good linear approximation, which holds with probability $(1+d)/2$ and the bias $d$ is large in absolute value. Lu and Desmedt (2011) take a step toward answering this key question in a more generalized setting and initiate the work on the generalized bias problem with linearly-dependent inputs. In this paper, we give fully extended results. Deep insights on assumptions behind the problem are given. We take an information-theoretic approach to show that our bias problem assumes the setting of the maximum input entropy subject to the input constraint. By means of Walsh transform, the bias can be expressed in a simple form. It incorporates Piling-up lemma as a special case. Secondly, as application, we answer a long-standing open problem in correlation attacks on combiners with memory. We give a closed-form exact solution for the correlation involving the multiple polynomial of any weight \emph{for the first time}. We also give Walsh analysis for numerical approximation. An interesting bias phenomenon is uncovered, i.e., for even and odd weight of the polynomial, the correlation behaves differently. Thirdly, we introduce the notion of weakly biased distribution, and study bias approximation for a more general case by Walsh analysis. We show that for weakly biased distribution, Piling-up lemma is still valid. Our work shows that Walsh analysis is useful and effective to a broad class of cryptanalysis problems.

Category / Keywords: secret-key cryptography / (Sparse) Walsh-Hadamard Transform, Linear cryptanalysis, Bias analysis, Maximum entropy principle, Piling-up lemma

Original Publication (with minor differences): Cryptography and Communications (Springer)
DOI:
10.1007/s12095-015-0155-4

Contact author: dr yi lu at ieee org

Available format(s): PDF | BibTeX Citation

Note: Though the original conference version was published back in 2011, we feel that the main results and ideas are not well appreciated in crypto community unfortunately, especially with respect to applicability of Piling-up lemma (which is not restricted to the area of secret-key crypto). We completely rewrite the paper and give fully extended results in the journal "cryptography and communications". We took three times of hard revision work to make a new-look with the presentation, because the reviewers are very critical (but also helpful and encouraging) about the work. It took about one and half years, from we started preparation of the journal version to the final press publication. The current content and quality deserve to have wide-spread audience.

Short URL: ia.cr/2016/419

[ Cryptology ePrint archive ]