**A wide class of Boolean functions generalizing the hidden weight bit function**

*Claude Carlet*

**Abstract: **Designing Boolean functions whose output can be computed with light means at high speed, and satisfying all the criteria necessary to resist all major attacks on the stream ciphers using them as nonlinear components, has been an open problem since the beginning of this century, when algebraic attacks were invented. Functions allowing good resistance are known since 2008, but their output is too complex to compute. Functions with fast and easy to compute output are known which have good algebraic immunity, such as majority functions and the so-called hidden weight bit (HWB) functions, but they all have the same cryptographic weakness: their too small nonlinearity. \\In the present paper, we introduce a generalization of the HWB functions into a construction of $n$-variable balanced functions $f$ from $(n-1)$-variable Boolean functions $g$ having some property held by a large number of functions. Function $f$ is defined by its support, equal to the image set of a vectorial function depending on $g$. This makes the function complex enough for allowing good cryptographic parameters, while its output is light to compute. The HWB function is what we obtain with $f$ when the initial function $g$ equals constant 1. Other well chosen functions $g$ provide functions $f$ having good cryptographic parameters. \\We analyze the constructed functions $f$, we provide a fast way to compute their output, we determine their algebraic normal forms and we show that, most often, their algebraic degree is optimal. We study their Walsh transform and their nonlinearity and algebraic immunity. We observe with computer investigations that this generalization of the HWB function allows to keep its quality of being fast to compute and having good enough algebraic immunity, while significantly improving its nonlinearity. The functions already obtained in the investigations provide a quite good (and never reached before) trade-off between speed and security. Further (probably difficult) work should allow obtaining, among such generalized HWB functions whose number is huge, still better filter functions to be used in stream ciphers.

**Category / Keywords: **secret-key cryptography / Boolean function, nonlinearity, algebraic immunity

**Original Publication**** (with minor differences): **IEEE Transactions on Information Theory

**Date: **received 7 Jun 2021, last revised 6 Nov 2021

**Contact author: **claude carlet at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20211106:153509 (All versions of this report)

**Short URL: **ia.cr/2021/762

[ Cryptology ePrint archive ]