布尔函数代数免疫性质的研究
|
摘要
近年来,代数攻击的提出和发展被认为是密码分忻技术中的最重要的突破。其主要特点是采用了基于代数思想的方法与技巧,将一个密码算法的安全性完全归约为求解一个超定的多变元高次方程组(即该系统中的方程个数多于变量的个数)的问题上。几们对超定的多变元非线性方程组生成和求解进行深入研究,取得很大的进展,使得代数攻击已逐渐发展为一种强有力的密码分忻方法。代数攻击的思想方法具有一般性,对公钥密码、分组密码和序列密码算法的安全性都构成了潜在的威胁,特别对基于线性反馈移位寄存器(LFsR)的序列密码具有强大的攻击威力。代数攻击方法在密码算法设计和安全性分忻的研究中发挥了重要的作用,对未来密码算法的设计与分忻产生了深远的影响。
分组密码和序列密码体制中重要的非线性部件都可以用布尔函数来刻画,其密码学性质的好坏直接影响着密码体制的安全强度。代数攻击丰富了密码分忻技术,它不同于所有以住的基于统计的密码分忻技术,而是依据密码内在的代数结构,采用了代数的分忻技术。针对代数攻击,密码学者提出了新的密码学准则即布尔函数的代数免疫。目前,对布尔函数代数免疫的研究主要包括三方面内容:代数免疫和零化子次数的快速计算、最优代数免疫布尔函数构造和代数免疫与其它密码学性质之间的关系。代数攻击的复杂度是和代数免疫成指数关系。这就意味着代数免疫的些微差别,对代数攻击复杂度的影响都是非常大。因此对布尔函数的代数免疫性质的研究具有重要的理论和实际意义。
本文就布尔函数的代数免疫性质进行了研究,取得的主要结果如下:
1.利用布尔函数特征矩阵的代数结构,讨论正规性与代数次数之间的关系,并首次得到布尔函数正规阶与代数免疫之间的制约关系,布尔函数的正规阶较高时就保证布尔函数具有低次零化子,因而通过确定布尔函数的正规阶来计算其代数免疫,并给出了布尔函数具有1次和2次零化子的判别条件。
2.通过讨论布尔函数汉明重量与代数次数之间的关系,发现若一个n元布尔函数厂的零点集O,限制在一簇仿射子空间上都是代数次数≥k的函数,且这一簇仿射子空间的并集包含O则厂必不存在代数次数 3.给出布尔函数多项式表示定义,重点讨论布尔函数的单变元多项式表示,并利用单变元多项式函数的迹表示给出布尔函数的代数次数与其多项式表示的次数之间的关系:一个布尔函数g的代数次数≤d的等价判别条件是其单变元多项式表示g=∑,gix,gi∈F2n,对于w2(i)≥d+1的系数g,都有gi=O。
4.利用Reed-s010mon码的相关结果,讨论布尔函数的代数免疫,得到布尔函数具有最优代数免疫的判别条件,特别当变元个数为奇数时,得到布尔函数具有最优代数免疫的等价判别条件。
5.研究了旋转对称函数(RSBFs)的密码学性质。发现RSBFs的walsh谱和自相关函数值与函数的取值类似,当输入变量进行循环移位变换时,RSBFs的Wslsh谱和自相关函数值保持不变,其中的Walsh谱特性还是RSBFs的一个等价判别条件。进而讨论了RSBFs的相关免疫、代数次数和代数免疫。
6.讨论了具有最优代数免疫的偶数元择多布尔函数的密码学性质。计算了一些已知具有好的密码学性质的RSBFs的代数免疫,发现这些函数也是代数免疫性质较好的一类布尔函数。
In recent years, algebraic attack is considered as the most important breach of cryptoanalysis. The main characteristic of algebraic attack is that it reduces the safety problem of cryptographic algorithm to the problem of solving an over-defined equations system with high degrees (There are more equations than variants in the system). People make some works on how to generate and solve an over-defined equations system and achieve some results on it. Algebraic attack has turned into an important and mature analysis method. Due to its generality, algebraic attack poses potential threats upon public-key cipher, block cipher and stream cipher. This is especially true for stream ciphers based on LFSR. Algebraic attack has made significant effect on the analysis of a cipher system.
The non-linear parts of both block cipher and stream cipher can be realized by Boolean function. The cryptography properties of Boolean fuctions affect the security of a cipher derectly. As a new important cryptanalysis method, algebraic attack brings forth a new requirement for the design of Boolean functions, algebraic immunity. Alebraic attack makes the cipher analysis techmology diversiform. It is quite different from former analytical methods which were mostly based on the idea of probability. At present, the research to algebraic immunity of Boolean functions main include three aspects: the methods of determining the existence of the low-degree annihilator and calculating the algebraic immunity of a Boolean function, the construction of Optimal Algebraic Immunity Boolean Function and some of its cryptographic properties.
The main object of this dissertation is to study the algebraic immunity of Boolean functions, the main results are as follows:
1. By using the algebraic structure of a Boolean function's character matrix, obtain the interdependent relation between the normality and algebraic immunity of Boolean functions, a relatively high normality of Boolean function guarantees the existence of a low-degree annihilator, thus, the algebraic immunity of Boolean function can be determined by figuring out its normality, get the equivalent criteria when the algebraic immunity is 1 and 2.
2. By making use of the relation between the algebraic degree and Hamming Weights of Boolean function and the fact that Boolean function, find that if we let the offset of a n-variables Boolean function 0/ limits on a sequence of affine subspaces, we always have new Boolean functions with degree >k, we determine the function/has no annihilator with degree 3. Present the general definition of multinomial representation of Boolean function, emphases on the discuss of univariate form. By making use of the trace functions representation of the univariate form, obtain the algebraic degree relation between Boolean function and its univarite form: a Boolean functions g have degree 4. By making use of results about Reed-Solomon code to discuss the single variant form of Boolean function, we can obtain the criteria of the Boolean function with optimal algebraic immunity. Particularly, when there are odd variants, we can obtain the equivalent criteria of the Boolean function with optimal algebraic immunity.
5. Study the cryptography properties of RSBFs. Discuss the Walsh spectra and autocorrelation function of RSBFs, when input variants was cycle shifted, the Walsh spectra and autocorrelation function are unchanged. We attain an equivalent criterion of RSBFs.
6. Discuss the cryptographic properties of even variables majority Boolean functions with and the optimal algebraic immunity, and the algebraic immunity of some RSBFs with the best cryptographic properties is computed.
分组密码和序列密码体制中重要的非线性部件都可以用布尔函数来刻画,其密码学性质的好坏直接影响着密码体制的安全强度。代数攻击丰富了密码分忻技术,它不同于所有以住的基于统计的密码分忻技术,而是依据密码内在的代数结构,采用了代数的分忻技术。针对代数攻击,密码学者提出了新的密码学准则即布尔函数的代数免疫。目前,对布尔函数代数免疫的研究主要包括三方面内容:代数免疫和零化子次数的快速计算、最优代数免疫布尔函数构造和代数免疫与其它密码学性质之间的关系。代数攻击的复杂度是和代数免疫成指数关系。这就意味着代数免疫的些微差别,对代数攻击复杂度的影响都是非常大。因此对布尔函数的代数免疫性质的研究具有重要的理论和实际意义。
本文就布尔函数的代数免疫性质进行了研究,取得的主要结果如下:
1.利用布尔函数特征矩阵的代数结构,讨论正规性与代数次数之间的关系,并首次得到布尔函数正规阶与代数免疫之间的制约关系,布尔函数的正规阶较高时就保证布尔函数具有低次零化子,因而通过确定布尔函数的正规阶来计算其代数免疫,并给出了布尔函数具有1次和2次零化子的判别条件。
2.通过讨论布尔函数汉明重量与代数次数之间的关系,发现若一个n元布尔函数厂的零点集O,限制在一簇仿射子空间上都是代数次数≥k的函数,且这一簇仿射子空间的并集包含O则厂必不存在代数次数
4.利用Reed-s010mon码的相关结果,讨论布尔函数的代数免疫,得到布尔函数具有最优代数免疫的判别条件,特别当变元个数为奇数时,得到布尔函数具有最优代数免疫的等价判别条件。
5.研究了旋转对称函数(RSBFs)的密码学性质。发现RSBFs的walsh谱和自相关函数值与函数的取值类似,当输入变量进行循环移位变换时,RSBFs的Wslsh谱和自相关函数值保持不变,其中的Walsh谱特性还是RSBFs的一个等价判别条件。进而讨论了RSBFs的相关免疫、代数次数和代数免疫。
6.讨论了具有最优代数免疫的偶数元择多布尔函数的密码学性质。计算了一些已知具有好的密码学性质的RSBFs的代数免疫,发现这些函数也是代数免疫性质较好的一类布尔函数。
In recent years, algebraic attack is considered as the most important breach of cryptoanalysis. The main characteristic of algebraic attack is that it reduces the safety problem of cryptographic algorithm to the problem of solving an over-defined equations system with high degrees (There are more equations than variants in the system). People make some works on how to generate and solve an over-defined equations system and achieve some results on it. Algebraic attack has turned into an important and mature analysis method. Due to its generality, algebraic attack poses potential threats upon public-key cipher, block cipher and stream cipher. This is especially true for stream ciphers based on LFSR. Algebraic attack has made significant effect on the analysis of a cipher system.
The non-linear parts of both block cipher and stream cipher can be realized by Boolean function. The cryptography properties of Boolean fuctions affect the security of a cipher derectly. As a new important cryptanalysis method, algebraic attack brings forth a new requirement for the design of Boolean functions, algebraic immunity. Alebraic attack makes the cipher analysis techmology diversiform. It is quite different from former analytical methods which were mostly based on the idea of probability. At present, the research to algebraic immunity of Boolean functions main include three aspects: the methods of determining the existence of the low-degree annihilator and calculating the algebraic immunity of a Boolean function, the construction of Optimal Algebraic Immunity Boolean Function and some of its cryptographic properties.
The main object of this dissertation is to study the algebraic immunity of Boolean functions, the main results are as follows:
1. By using the algebraic structure of a Boolean function's character matrix, obtain the interdependent relation between the normality and algebraic immunity of Boolean functions, a relatively high normality of Boolean function guarantees the existence of a low-degree annihilator, thus, the algebraic immunity of Boolean function can be determined by figuring out its normality, get the equivalent criteria when the algebraic immunity is 1 and 2.
2. By making use of the relation between the algebraic degree and Hamming Weights of Boolean function and the fact that Boolean function, find that if we let the offset of a n-variables Boolean function 0/ limits on a sequence of affine subspaces, we always have new Boolean functions with degree >k, we determine the function/has no annihilator with degree
5. Study the cryptography properties of RSBFs. Discuss the Walsh spectra and autocorrelation function of RSBFs, when input variants was cycle shifted, the Walsh spectra and autocorrelation function are unchanged. We attain an equivalent criterion of RSBFs.
6. Discuss the cryptographic properties of even variables majority Boolean functions with and the optimal algebraic immunity, and the algebraic immunity of some RSBFs with the best cryptographic properties is computed.
引文
[1] F. Annknecht.A linearization attack on the bluetooth key stream generator[EB/OL]. Available at http://eprint.iacr.org/2002/191, 2002.
[2] F.Armknecht,On the existence of low-degree equations for algebraic attacks[EB/OL],Cryptology e-print Archive, 2004/185.
[3] F. Armknecht. Improving fast algebraic attacks [A]. In: B.Roy and W.Meier. Number3017 of Lecture Notes in Computer Science[C]. Fast Software Encryption - FSE 2004,Berlin, Germany: Springer-Verlag, 2004: 65-82.
[4] F. Armknecht, J. Lano, and B. Preneel. Extending the resynchronization attack[A]. In:H. Handschuh and A. Hasan. Number 3357 of Lecture Notes in Computer Science[C].Selected Areas in Cryptography - SAC 2004, Berlin: Springer-Verlag, 2005: 19-38.
[5] F. Armknecht and M. Krause.Algebraicattackson combiners with memory[A].In:D. Boneh. Number2729of LectureNotesinComputerScience[C]. AdvancesinCryptology - CRYPTO 2003, Berlin: Springer-Verlag, 2003: 162-175.
[6] F. Armknecht, C. Carlet, P. Gaborit, S. Kunzli, W. Meier, and O. Ruatta. Efficientcomputation of algebraicimmunity for algebraicand fast algebraicattacks [A].In:S. Vaudenay. Number 4004 of Lecture Notes in Computer Science[C].Advances inCryptology - EUROCRYPT 2006, Berlin: Springer-Verlag, 2006: 147-164.
[7] F. Armknecht and M. Krause. Constructing single- and multi-output Boolean functionswith maximal algebraic immunity[A]. In: M. Bugliesi et al.. Number 4052 of LectureNotes in Computer Science[C]. ICALP 2006, Berlin: Springer-Verlag, 2006: 180-191.
[8] G Ars, J.-C. Faugere, H. Imai, M. Kawazoe, and M. Sugita. Comparison between XL andGrobner basis algorithms [A]. In: P.J. Lee. Number 3329 of Lecture Notes in ComputerScience[C]. Advances in Cryptology - ASIACRYPT 2004. Berlin: Springer-Verlag, 2004:338-353.
[9] S. Babbage. Cryptanalysis of LILI-128. Nessie project internal report[EB/OL].http ://www. Cosic.esat.kuleuven.ac.be/nessie/reports/, January 2001.22.
[10] E.Bihamand A. Shamir.Differentialcryptanalysisof DES-likecryptosystems.InAdvances in Cryptology - Crypto1990, number 537 in Lecture Notes in ComputerScience, Berlin:Springer-Verlag, 1991:2-21.
[11] E. Biham, R. J. Anderson and L. R. Knudsen. Serpent: A New Block Cipher Proposal. In Fast Software Encryption, FSE 1998, number 1372 in Lecture Notes in Computer Science, pages 222-238. Springer-Verlag, 1998.
[12] A. Braeken and B. Preneel. On the algebraic immunity of symmetric Boolean functions [A]. In: S. Maitra et al.. Number 3797 of Lecture Notes in Computer Science[C]. INDOCRYPT 2005, Berlin: Springer-Verlag, 2005: 35-48.
[13] A. Braeken and B. Preneel. Probabilistic algebraic attacks [A]. In: N.P. Smart. Number3796 of Lecture Notes in Computer Science[C]. Cryptography and Coding 2005, Berlin:Springer-Verlag, 2005: 290-303.
[14] A. Braeken, J. Lano, and B. Prneel. Evaluating the resistance of stream ciphers with linearfeedback against fast algebraic attacks [A]. In: L. Batten and R. Safavi-Naini. Number4058 of Lecture Notes in Computer Science[C]. Australasian Conference on InformationSecurity and Privacy - ACISP 2006, Berlin: Springer-Verlag, 2006: 40-51.
[15] A. Braeken, J.Lano, N. Menetens, B. Preneel and I. Verbauwhede. SFINKS: Asynchronous stream cipher for restricted hardware environments. In SKEW- Symmetrickey Encryption Workshop, 2005.
[16] M.Boesgaard,M. Vesterager, T. Pedersen, etc. Rabbit: A new high performance streamcipher[A], Fast soft ware 2003[C], Number 2887 of Lecture Notes in Computer Science,key Encryption Workshop, 2005 Springer-Verlag, 2005, 307-329.
[17] C.Carlet. On the propagation criterion of degree/and orderk, Advances in Cryptology-EUROCTYPT'98, Springer-Verlag, 1403, 462-474.
[18] C. Carlet and P. Gaborit. On the construction of balanced Boolean functions with a goodalgebraic immunity[A]. In Proceeding of International Workshop on Boolean Functions:Cryptography and Applications[C], 2005, Rouen, France, March 2005: 1-14.
[19] C.Carlet, D.K.Dalai, K.C.Gupta and S.Maitra, Algebraic immunity for crypotographicallysignificant Boolean functions: analysis and construction[J], IEEE Trans. Inf. Theory,vol.52(2006),no.7: 3105-3121.
[20] C. Carlet.On the higher order nonlinearities of algebraic immune functions[A].In:C. Dwork.Number4117of LectureNotesinComputerScience[C]. AdvancesinCryptology - CRYPTO 2006, Berlin: Springer-Verlag, 2006: 584-601.
[21] C. Carlet.A method of construction of balanced functions with optimum algebraicimmunity[EB/OL]. http://eprint.iacr.org/2006/149, 2006.
[22] C.Carlet and K.Feng. New balanced Boolean functions satisfying all the maincryptographic criteria [EB/OL]. http://eprint.iacr.org/2008/244, 2008.
[23] A.Canteaut.Open problemsrelated toalgebraicattackson streamciphers [A].InWorkshopon Coding and Cryptography[C], WCC 2005, pages 1-10, invited talk.
[24] A. Canteaut, M. Daum, G. Leander, H. Dobbertin, Normal and non normal bent functions,in: Proceedings of the 2003 International Workshop on Coding and Cryptography (WCC2003),Versailles, France, March 2003:91-100.
[25] A.Canteaut and M.Trabbia. Improved fast correlation attacks using parity-check equationsof weight 4 and 5[A]. In:B. Preneel. Number 1807 of Lecture Notes in ComputerScience[C]. Advances in Cryptology - EUROCRYPT 2000, Berlin:Springer-Verlag,2000: 573-588.
[26] A. Canteaut and M. Videau. Degree of Composition of Highly Nonlinear Functions and Applications to Higher Order Differential Cryptanalysis. In Advances in Cryptology -Eurocrypt 2002, number 2332 in Lecture Notes in Computer Science, Berlin,Germany:Springer Verlag, 2002:518-533.
[27] A. Canteaut and M. Videau.Symmetreic Boolean functions[J]. IEEE Transactions onInformation Theory, 2005, 51(8): 2791-2811.
[28] P. Charpin,Normal Boolean functions [J], Journal of complexity,2004(20): 245-265.
[29] H.Chen, J.Li, Lower Bounds on the Algebraic Immunity of Boolean Functions[EB/OL].http://eprint arXiv:cs/0608080
[30] Y. Crania, Peter Hammer, Boolean Methods and Models[M]. Cambridge Univercity Press,2006.
[31] J.Y. Cho and J. Pieprzyk.Algebraic attacks on SOBER-t32 and SOBER-tl6 withoutstuttering[A]. In: B. Roy and W. Meier. Number 3017 of Lecture Notes in ComputerScience[C]. Fast Software Encryption - FSE 2004, Berlin, Germany: Springer-Verlag,2004: 49-64.
[32] C. Cid and G. Leurent. An analysis of the XSL algorithm[A]. In: B. Roy. Number 3788 ofLecture Notes in Computer Science[C]. Advances in Cryptology - ASIACRYPT 2005,Berlin, Germany: Springer-Verlag, 2005: 333-352.
[33] Y. Crania,P. Hammer, Boolean Methods and Models[M]. Cambridge Univercity Press,2006.
[34] N. Courtois, A. Klimov, J. Patarin, and A. Shamir. Efficient algorithms forsolvingoverdefined systems of multivariate polynomial equations[A]. In: B. Preneel. Number1807 of Lecture Notes in Computer Science[C]. Advances in Cryptology- EUROCRYPT2000. Berlin: Springer-Verlag, 2000: 392-407.
[35] N. Courtois. The security of Hidden Field Equations (HFE)[A]. In: D. Naccache. Number2020 of Lecture Notes in Computer Science[C]. CT-RSA 2001, Berlin: Springer-Verlag,2001:266-281.
[36] N. Courtois and J. Pieprzyk. Cryptanalysis of block ciphers with overdefined systems ofequations[A]. In: Y Zheng. Number 2501 of Lecture Notes in Computer Science[C].Advances in Cryptology - ASIACRYPT 2002, Berlin: Springer-Verlag, 2002: 267-287.
[37] N. Courtois. Higherordercorrelationattacks, XLalgorithm and cryptanalysis ofToyocrypt[A]. In: P.J. Lee and C.H. Lim. Number 2587 of Lecture Notes in ComputerScience[C]. ICISC 2002, Berlin: Springer-Verlag, 2003: 182-199.
[38] N. Courtois and W. Meier. Algebraic attacks on stream ciphers with linear feedback[A]. In:E. Biham. Number2656of LectureNotesinComputerScience[C]. Advances inCryptology - EUROCRYPT 2003, Berlin: Springer-Verlag, 2003: 345-359.
[39] N. Courtois. Fastalgebraicattacksonstreamcipherswithlinear feedback[A]. In:D. Boneh. Number2729of LectureNotesinComputerScience[C]. AdvancesinCryptology - CRYPTO 2003, Berlin, Germany: Springer-Verlag, 2003: 176-194.
[40] N. Courtois. Algebraic attacks on combiners with memory and several outputs[A]. In:C. Park and S. Chee. Number 3506 ofLecture Notes in Computer Science[C].Information Security and Cryptology - ICISC 2004, Berlin: Springer-Verlag, 2005: 3-20.
[41] N. Courtois. Cryptanalysis of SFINKS[A]. In: D. Won and S.Kim. Number 3935 ofLecture Notes in Computer Science[C]. International Conference in Information Securityand Cryptology - ICISC 2005, Berlin: Springer-Verlag, 2005: 261-269.
[42] N. Courtois, B. Debraize, and E. Garrido. On exact algebraic [non-]immunity of S-boxesbased on power functions[A]. In: L. Batten and R. Safavi-Naini. Number 4058 of LectureNotes in Computer Science[C]. Australasian Conference on Information Security andPrivacy-ACISP 2006, Berlin: Springer-Verlag, 2006: 76-86.
[43] D. Coppersmith. Fast evaluation of logarithms in fields of characteristic two[J]. IEEETransactions on Information Theory, 1984, 30(4): 587-594.
[44] D. Coppersmith, S. Halevi, and C.S. Jutla. Cryptanalysis of stream ciphers with linearmasking[A].In:M.Yung. Number 2442 of Lecture Notes in Computer Science[C].Advances in Cryptology - CRYPTO 2002, Berlin: Springer-Verlag, 2002: 515-532.
[45] W. Cusick andP. stanica. FastEvaluation,Weightsand Nonlinearityof RotationSymmetric Functions. Discrete Mathematics, vol 258, No 1-3, 2002:289-301.
[46] D.K.Dalai, K.C.Gupta and S.Maitra, Results on algebraic immunity of crypto graphicallysignificant Boolean functions[A], Indocrypt 2004, Number 3348 of Lecture Notes inComputer Science, Berlin: Springer-Verlag, 2004: 92-106.
[47] D.K. Dalai, K.C. Gupta, and S. Maitra. Crypto graphic ally significant Boolean functions:construction and analysis interms of algebraic immunity[A]. In: H. GilbertandH. Handschuh. Number 3557 of Lecture Notes in Computer Science[C]. Fast SoftwareEncryption - FSE 2005, Berlin: Springer-Verlag, 2005: 98-111.
[48] D.K. Dalai and S. Maitra. Reducing the Number of Homogeneous Linear Equations inFinding Annihilators[A].In:G Gong.Number 4086 of Lecture Notes in ComputerScience[C]. Sequences and Theire Applications - SETA2006, Berlin, Germany,Springer-Verlag 2006: 376-390.
[49] D.K. Dalai, K.C. Gupta, and S. Maitra. Notion of algebraic immunity and its evaluationrelated to fast algebraic attacks[EB/OL].Available at http://eprint.iacr.org/2006/018, 2006.
[50] D.K. Dalai, S. Maitra, and S. Sarkar. Basic theory in construction of Boolean functionswith maximum possible annihilator immunity[J]. Designs, Codes and Cryptography, 2006,40(1): 41-58.
[51] M. Daum, G. Leander, H. Dobbertin, An algorithm for checking normality of Booleanfunctions[A],Proceedingsof the 2003International Workshop on Coding andCryptography (WCC 2003), March2003,133-142.
[52] C. Diem. The XL-algorithm and a conjecture from commutative algebra[A]. In: P.J. Lee.Number 3329 of Lecture Notes in Computer Science[C]. Advances in Cryptology -ASIACRYPT2004, Berlin: Springer-Verlag, 2004: 323-337.
[53] F. Didier and Y Laigle-Chapuy. Finding low-weight polynomial multiples using discretelogarithm[EB/OL]. : Available at http://arxiv.org/abs/cs.CR/0701069, 2007.
[54] J.F.Dillon, Elementaryhadamard difference sets, Ph. D. Thesis[D], universityofMaryland, 1974.
[55] C. Ding, G. Xiao, and W. Shan. The Stability Theory of Stream Ciphers[M]. Number 561of Lecture Notes in Computer Science. Berlin: Springer-Verlag, 1991.
[56] H. Dobbertin, Construction of bent functions and balanced Boolean functions with highnonlinearity[A], in: Fast Software Encryption 1995[C], Number 1008 of Lecture Notes inComputer Science, Berlin, Germany, Springer-Verlag, 1995:61-74.
[57] S. Dubuc, Etude des proprie' te's de de'ge'ne'rescence et de normalite' des functionsboole'ennes et construction de fonctions q-aires parfaitement non-line' aires[D],Universite' de Caen, 2001.
[58] ECRYPT, eSTREAM: ECRYPTStream CipherProject, IST-2002-507932[EB/OL],Available at http://www.ecrypt.eu.org/stream.
[59] P.Ekdahl and T.Johansson.A New Version of the Stream Cipher SNOW[A].InSelectedAreasinCryptography, SAC2002[C],number2595 inLectureNotesinComputer Science, Berlin, Germany Springer-Verlag, 2003:47-61.
[60] J.-C. Faugere. Anew efficient algorithm for computing Grobner bases (F4)[J]. Journal ofPure and Applied Algebra, 1999, 139(1-3): 61-88.
[61] J.-C. Faugere. A new efficient algorithm for computing Grobner bases without reductionto zero F5[A]. In ISSAC, ACM Press, July 2002: 75-83.
[62] J.-C. Faugere and A. Joux.Algebraic cryptanalysis of Hidden Field Equation (HFE)cryptosystems using Grobner bases [A]. In: D. Boneh. Number 2729 of Lecture Notes inComputer Science[C].Advances in Cryptology - CRYPTO 2003, Berlin, Germany:Springer-Verlag, 2003: 44-60.
[63] J.-C. Faugere and G Ars. An algebraic cryptanalysis of nonlinear filter generators usingGrobner bases[EB/OL]. : In Rapport de Recherche de l'INRIA, 2003.
[64] Keqin.Feng, An infinite class of balanced Boolean functions with optimum algebraicimmunity and high nonlinearity[C]. International Workshop on Finite Fields and TheirApplications. Zhengzhou , China, June, 2008.
[65] E. Filiol and C. Fontaine. Highly nonlinear balanced Boolean functions with a goodcorrelation- immunity[A]. In Advances in Cryptology - EUROCRYPT'98[C], Berlin,Germany, Springer-Verlag, 1998.
[66] S. Fischer and W. Meier. Algebraic immunity of S-Boxes and augmented functions[A]. In:A. Biryukov. Number 4593 of Lecture Notes in Computer Science[C]. Fast SoftwareEncryption - FSE 2007, Berlin, Germany: Springer-Verlag, 2007: 366-381.
[67] S.W. Golomb.Shift Register Seuqences[M].San Franscisco, CA: Holden-Day,1967.Revised edition: Laguna Hills, CA: Aegean Zark, 1982.
[68] S.W.Golomb.Gongguang.Signal Design for Good Correlation, For Wireless Communication, Cryptography, and Radar[M], Cambridge university press,2005
[69] D. Han and M. Lee. An algebraic attack on the improved summation generator with 2-bitmemory[J]. Information Processing Letters, 2005, 93: 43-46.
[70] S. Halevi, D. Coppersmith and C. S. Jutla. Scream: A Software-Efficient StreamCipher.In Fast Software Encryption, FSE 2002, number 2365 in Lecture Notes inComputer
[55] C. Ding, G. Xiao, and W. Shan. The Stability Theory of Stream Ciphers[M]. Number 561of Lecture Notes in Computer Science. Berlin: Springer-Verlag, 1991.
[56] H. Dobbertin, Construction of bent functions and balanced Boolean functions with highnonlinearity[A], in: Fast Software Encryption 1995[C], Number 1008 of Lecture Notes inComputer Science, Berlin, Germany, Springer-Verlag, 1995:61-74.
[57] S. Dubuc, Etude des proprie' te's de de'ge'ne'rescence et de normalite' des functionsboole'ennes et construction de fonctions q-aires parfaitement non-line' aires[D],Universite' de Caen, 2001.
[58] ECRYPT, eSTREAM: ECRYPTStream CipherProject, IST-2002-507932[EB/OL],Available at http://www.ecrypt.eu.org/stream.
[59] P.Ekdahl and T.Johansson.A New Version of the Stream Cipher SNOW[A].InSelectedAreasinCryptography, SAC2002[C],number2595 inLectureNotesinComputer Science, Berlin, Germany Springer-Verlag, 2003:47-61.
[60] J.-C. Faugere. Anew efficient algorithm for computing Grobner bases (F4)[J]. Journal ofPure and Applied Algebra, 1999, 139(1-3): 61-88.
[61] J.-C. Faugere. A new efficient algorithm for computing Grobner bases without reductionto zero F5[A]. In ISSAC, ACM Press, July 2002: 75-83.
[62] J.-C. Faugere and A. Joux.Algebraic cryptanalysis of Hidden Field Equation (HFE)cryptosystems using Grobner bases [A]. In: D. Boneh. Number 2729 of Lecture Notes inComputer Science[C].Advances in Cryptology - CRYPTO 2003, Berlin, Germany:Springer-Verlag, 2003: 44-60.
[63] J.-C. Faugere and G Ars. An algebraic cryptanalysis of nonlinear filter generators usingGrobner bases[EB/OL]. : In Rapport de Recherche de l'INRIA, 2003.
[64] Keqin.Feng, An infinite class of balanced Boolean functions with optimum algebraicimmunity and high nonlinearity[C]. International Workshop on Finite Fields and TheirApplications. Zhengzhou , China, June, 2008.
[65] E. Filiol and C. Fontaine. Highly nonlinear balanced Boolean functions with a goodcorrelation- immunity[A]. In Advances in Cryptology - EUROCRYPT'98[C], Berlin,Germany, Springer-Verlag, 1998.
[66] S. Fischer and W. Meier. Algebraic immunity of S-Boxes and augmented functions[A]. In:A. Biryukov. Number 4593 of Lecture Notes in Computer Science[C]. Fast SoftwareEncryption - FSE 2007, Berlin, Germany: Springer-Verlag, 2007: 366-381.
[67] S.W. Golomb.Shift Register Seuqences[M].San Franscisco, CA: Holden-Day,1967.Revised edition: Laguna Hills, CA: Aegean Zark, 1982.
[68] S.W.Golomb.Gongguang.Signal Design for Good Correlation, For Wireless Communication, Cryptography, and Radar[M], Cambridge university press,2005
[69] D. Han and M. Lee. An algebraic attack on the improved summation generator with 2-bitmemory[J]. Information Processing Letters, 2005, 93: 43-46.
[70] S. Halevi, D. Coppersmith and C. S. Jutla. Scream: A Software-Efficient StreamCipher.In Fast Software Encryption, FSE 2002, number 2365 in Lecture Notes inComputer
[85] N.Li,L.J.Qu, W.F.Qi etc. On the construction of Boolean functions with optimal algebraicimmunity[J], In IEEE Transactions on Information Theory, 2008, 54(3):1330-1334.
[86] F. Liu and K.Q. Feng. Efficient computation of algebraic immunity of symmetric Booleanfunctions [A]. In: J.-Y. Cai, S.B. Cooper, and H. Zhu. Number 4484 of Lecture Notes inComputer Science[C]. Theory and Applications of Models of Computation - TAMC 2007,Berlin: Springer-Verlag, 2007: 318-329.
[87] F.Liu and K.Q.Feng.On the 2m-variable symmetric Boolean functions with maximumalgebraic immunity 2m-1 . To be published in Designs, Codes and Cryptography.
[88] M.Lobanov.Tight bound between nonlinearityandalgebraicimmunity[EB/OL].Cryptology ePrint Archive: report 2005/441, http://eprint.iacr.org/2005/441.
[89] M. Matsui. Linear cryptanalysis method for DES cipher[A]. In Advances in Cryptology-Eurocrypt 1993[C], number 765 in Lecture Notes in Computer Science, Springer-Verlag,1994:386-397.
[90] M Mihaljevie,H Imai.Cryptana]ysis of Toyocrypt—HIS stream cipher.IEICE Transactionon Fundamentals,vol.F-B5-A 66-73[EB/OL] http://www.csl.esat.sony CO jp/atl/ papers/IEICEjanO2.pdf.
[91] S. Maitra and P.Sarkar, Maximum nonlinearity of symmetric Boolean functions on oddnumber of variables[J], IEEE Transactions on Information Theory IT-48(2002), no.9,2626-2630.
[92] J.L.Massey. Shift registersysnthesisandBCHdecoding[J]. IEEETransactionsonInformation Theory, 1969, 15(1): 122-127.
[93] R. L.Mcfarland, A family of noncyclic difference sets , Journal of Combinatorics Theory,Series A, 1973, vol.15: 1-10.
[94] W. Meier, E. Pasalic and C. Carlet. Algebraic attacks and decomposition of Booleanfunction[A]. In Advances in Cryptology - Eurocrypt 2004[C], Number 3027 of LectureNotes in Computer Science, Springer Verlag, 2004:474-491.
[95] W.Meier and O.Staffelbach. Fast correlation attacks on certain stream ciphers[J]. Journalof Cryptology, 1989,No.1: 159-176.
[96] S.Murphy and M.J.B.Robshaw.Essential algebraic structure within the AES[A].In:M. Yung. Number2442 of LectureNotes inComputer Science[C]. Advances inCryptology - CRYPTO 2002, Berlin: Springer-Verlag, 2002: 1-16.
[97] National Institute of Standards and Technology, 2001. http ://csrc.nist.gov/Crypto Toolkit/aes/rijndael/.
[98] Y.Nawaz, GGong, and K.C.Gupta. Upper bounds on algebraic immunity of Booleanpower functions[A]. In: M.J.B.Robshaw. Number 4047 of Lecture Notes in ComputerScience[C]. Fast Software Encryption - FSE 2006, Berlin, Germany: Springer-Verlag,2006: 375-389.
[99] NESSIE: New European schemes for signatures, integrity, and encryption. Informationsociety technologiesprogrammeof theEuropeancommission(1ST-1999-12324)[EB/OL].Available at http://www.cryptonessie.org/.
[100] E.Pasalic.Degree optimized resilient Boolean functions from Maiurana-McFarland class[A] .In 9-th IMA conference on Cryptography and Coding, 2003[C], Number 2898 ofLecture Notes in Computer Science, Springer -Verlag ,2003:93-114
[101] J.Patarin. Hidden fields equations(HFE)and isomorphisms of polynomials(lP):two newfamilies of asymmetric algorithms [A] Advances in Cryptology—Eurocrypt 96[C].Berlin:Springer-Verlag,1996.33-48
[102]J. Pieprzyk and C.X.Qu. Fast hashing and Rotation Symmetric Function.[J] JournalUniversal Computer Science. (1999) ,vol5(l): 20-31.
[103]B. Preneel et al, Propagation characteristics of Boolean bent functions, Proceeding ofEurocrypt'90, Berlin:Springer-Verlag 1991:161-173.
[104] B.Preneel, W.Van Leekwijck, L.Van Linden,R.Govaerts, and J.Vandewalle.Propagationcharacteristics of Boolean functions. In Advances in Cryptology - Eurocrypt 1990,Lecture Notes in Computer Science, Springer-Verlag, 1991:161-173.
[105] L.J. Qu and C. Li. Weight support technique and the symmetric Boolean functions withmaximum algebraic immunity on even number of variables [A]. In: D.Y. Pei and M. Yung.Procedding of Information Security and Cryptology 2007[C], 270-281.
[106] L.J. Qu, C. Li, and K.Q. Feng. A note on symmetric Boolean functions with maximumalgebraic immunity on odd number of variables[J]. IEEE Transactions on InformationTheory, 2007, 53(8): 2908-2910.
[107] L.J. Qu and C. Li.On the 2m-variable symmetric Boolean functions with maximumalgebraic immunity[J]. Science in China Series F: Information Sciences. 2008,Vol.51(2)120-127.
[108]R.L.Rivest, M.J.B.Robshaw and Y.L.Yin. RC6 as the AES[C].In AES CandidateConference 2000:337-342.
[109] G.G.Rose and P.Hawkes.Turing:A Fast Stream Cipher[A]. In Fast Software Encryption,FSE2003[C],number 2887 in Lecture Notes in Computer Science, Berlin, Germany,Springer-Verlag,2003. 290-306.
[110] O.S.Rothaus,On bent functions. J Combinatorial Theory (Ser.A), 1976, 20: 300—305. [1ll] P. Sarkar. Hiji-bij-bij: A New Stream Cipher with a Self-Synchronizing Mode ofOperation[A]. Progress in Cryptology - Indocrypt 2003[C], Number 2887 of LectureNotes in Computer Science, Springer-Verlag, 2003:36-51.
[112] C.E. Shannon. Communication theory of secrecy systems[J]. Bell System TechnicalJournal, 1949, 28(4): 656-715.
[113] B. Schneier. Applied Cryptography[M]. New-York: Wiley, 1996.
[114] B. Schneier, J. Kelsey, D. Whiting, D.Wagner and N. Ferguson. Comments on TwofIsh asan AES Candidate[A]. In AES Candidate Conference 2000[C], pages 355-356.
[115] A. Shimizu and S. Miyaguchi. Fast Data Encryption Algorithm FEAL[A]. In Advances inCryptology - Eurocrypt 1987[C], Number 304 of Lecture Notes in Computer Science,Springer-Verlag, 1987:267-278.
[116] Stream cipher project for Ecrypt [EB/OL]. : Available at http://www.ecrypt.eu.org/stream/,
[117]P.Stanica,s.maitra Rotation Symmetric Boolean Functions-Count and Cryptographic Properties[A].In R.C Bost Centenary Sympostuan on Discrete Mathematics and Applications[C],December 2002. Electronoc Notes in Discrete Mathematics,Elsevie,vol 15
[118]P.Stanica s.Maitria.A Constructive Count of Rotation Symmetric Function[EB/OL] http://sciences aum edu/-/stanica/reseach/RSBFs-IPL.pdf,2003-11
[119]R.Stanica. s.Maitria and J.Clark. Results on Rotation symmetric Bent and Correlation immunity Boolean functions[A].Fast software encryption,FSE2004[C].Number 3017 of Lecture Notes in Computer Science,Berlin,Germany:Springer Verlag 2004:161-177
[120]A Shamir,Stream ciphers:dead or alive[A],advances in Cryptology-ASIACRYPT 2004[C]. Number 3329 of Lecture Notes in Computer Science,Springer Verlag 2004,78
[121]T.Siegenthaler. Correlation-immunity ofnonlinear combining functions for cryptographic application[J].IEEE Transactions on Information Theory,1984 IT-30(5):776-780
[122]ZSiegenthaler.Decrypting a class of stream ciphers using ciphertext only[J].IEEE Transactions on Computers,1985,C-34(1):81-85
[123]M Sugita,M aw-azoe,H Imai Relation between XL algorithm and grobner bases algorithms[EB/OL].http://eprint.iacr.org/2004/112,2004
[124]G Xiao and J L Massey. A spectral characterization of correlation immune combining functions[J].IEEE Transactions on Information Theory,1988,34(3):569-571
[125]Bluetooth SIG Specification ofthe Bluetooth system,Version 1 1[EB/OL]:Available at http://www.bluetooth.com,Feburarv 22,2001
[126]北京大学数学系几何与代数教研室代数小组,高等代数[M],高教出版社,第二版,1987
[127]丁存生,肖国镇,序列密码学及其应用[M],国防工业出版社,1994.
[128]郭敬立,孟庆树等.旋转对称函数的设计[l],武汉大学学报(理学版),2004年第10期161-163.
[129]李世取,曾本畦等,密码学中的逻辑函数[M],北京中软电子出版社,2003年.
[130]刘木兰.Gr6bner基理论及其应用[M].北京:科学出版社,2000
[131]万哲先代数和编码(第三版)[M],北京,高等教育出版社,2007
[132]温巧燕,钮心忻,杨义先现代密码学中的布尔函数[M],北京,科学出版社,2000.
[133]杨义先,林须端编码密码学[M],北京几民邮电出版社,1992
[134]张文英,武传坤,于静之密码学中布尔函数的零化子[J].电子学报,2006,34(1):51-54
[135]张龙,吴文玲,温巧燕,序列密码代数攻击的研究现状及其展望[J],通信学报,2006,NO.1:91-98.
[2] F.Armknecht,On the existence of low-degree equations for algebraic attacks[EB/OL],Cryptology e-print Archive, 2004/185.
[3] F. Armknecht. Improving fast algebraic attacks [A]. In: B.Roy and W.Meier. Number3017 of Lecture Notes in Computer Science[C]. Fast Software Encryption - FSE 2004,Berlin, Germany: Springer-Verlag, 2004: 65-82.
[4] F. Armknecht, J. Lano, and B. Preneel. Extending the resynchronization attack[A]. In:H. Handschuh and A. Hasan. Number 3357 of Lecture Notes in Computer Science[C].Selected Areas in Cryptography - SAC 2004, Berlin: Springer-Verlag, 2005: 19-38.
[5] F. Armknecht and M. Krause.Algebraicattackson combiners with memory[A].In:D. Boneh. Number2729of LectureNotesinComputerScience[C]. AdvancesinCryptology - CRYPTO 2003, Berlin: Springer-Verlag, 2003: 162-175.
[6] F. Armknecht, C. Carlet, P. Gaborit, S. Kunzli, W. Meier, and O. Ruatta. Efficientcomputation of algebraicimmunity for algebraicand fast algebraicattacks [A].In:S. Vaudenay. Number 4004 of Lecture Notes in Computer Science[C].Advances inCryptology - EUROCRYPT 2006, Berlin: Springer-Verlag, 2006: 147-164.
[7] F. Armknecht and M. Krause. Constructing single- and multi-output Boolean functionswith maximal algebraic immunity[A]. In: M. Bugliesi et al.. Number 4052 of LectureNotes in Computer Science[C]. ICALP 2006, Berlin: Springer-Verlag, 2006: 180-191.
[8] G Ars, J.-C. Faugere, H. Imai, M. Kawazoe, and M. Sugita. Comparison between XL andGrobner basis algorithms [A]. In: P.J. Lee. Number 3329 of Lecture Notes in ComputerScience[C]. Advances in Cryptology - ASIACRYPT 2004. Berlin: Springer-Verlag, 2004:338-353.
[9] S. Babbage. Cryptanalysis of LILI-128. Nessie project internal report[EB/OL].http ://www. Cosic.esat.kuleuven.ac.be/nessie/reports/, January 2001.22.
[10] E.Bihamand A. Shamir.Differentialcryptanalysisof DES-likecryptosystems.InAdvances in Cryptology - Crypto1990, number 537 in Lecture Notes in ComputerScience, Berlin:Springer-Verlag, 1991:2-21.
[11] E. Biham, R. J. Anderson and L. R. Knudsen. Serpent: A New Block Cipher Proposal. In Fast Software Encryption, FSE 1998, number 1372 in Lecture Notes in Computer Science, pages 222-238. Springer-Verlag, 1998.
[12] A. Braeken and B. Preneel. On the algebraic immunity of symmetric Boolean functions [A]. In: S. Maitra et al.. Number 3797 of Lecture Notes in Computer Science[C]. INDOCRYPT 2005, Berlin: Springer-Verlag, 2005: 35-48.
[13] A. Braeken and B. Preneel. Probabilistic algebraic attacks [A]. In: N.P. Smart. Number3796 of Lecture Notes in Computer Science[C]. Cryptography and Coding 2005, Berlin:Springer-Verlag, 2005: 290-303.
[14] A. Braeken, J. Lano, and B. Prneel. Evaluating the resistance of stream ciphers with linearfeedback against fast algebraic attacks [A]. In: L. Batten and R. Safavi-Naini. Number4058 of Lecture Notes in Computer Science[C]. Australasian Conference on InformationSecurity and Privacy - ACISP 2006, Berlin: Springer-Verlag, 2006: 40-51.
[15] A. Braeken, J.Lano, N. Menetens, B. Preneel and I. Verbauwhede. SFINKS: Asynchronous stream cipher for restricted hardware environments. In SKEW- Symmetrickey Encryption Workshop, 2005.
[16] M.Boesgaard,M. Vesterager, T. Pedersen, etc. Rabbit: A new high performance streamcipher[A], Fast soft ware 2003[C], Number 2887 of Lecture Notes in Computer Science,key Encryption Workshop, 2005 Springer-Verlag, 2005, 307-329.
[17] C.Carlet. On the propagation criterion of degree/and orderk, Advances in Cryptology-EUROCTYPT'98, Springer-Verlag, 1403, 462-474.
[18] C. Carlet and P. Gaborit. On the construction of balanced Boolean functions with a goodalgebraic immunity[A]. In Proceeding of International Workshop on Boolean Functions:Cryptography and Applications[C], 2005, Rouen, France, March 2005: 1-14.
[19] C.Carlet, D.K.Dalai, K.C.Gupta and S.Maitra, Algebraic immunity for crypotographicallysignificant Boolean functions: analysis and construction[J], IEEE Trans. Inf. Theory,vol.52(2006),no.7: 3105-3121.
[20] C. Carlet.On the higher order nonlinearities of algebraic immune functions[A].In:C. Dwork.Number4117of LectureNotesinComputerScience[C]. AdvancesinCryptology - CRYPTO 2006, Berlin: Springer-Verlag, 2006: 584-601.
[21] C. Carlet.A method of construction of balanced functions with optimum algebraicimmunity[EB/OL]. http://eprint.iacr.org/2006/149, 2006.
[22] C.Carlet and K.Feng. New balanced Boolean functions satisfying all the maincryptographic criteria [EB/OL]. http://eprint.iacr.org/2008/244, 2008.
[23] A.Canteaut.Open problemsrelated toalgebraicattackson streamciphers [A].InWorkshopon Coding and Cryptography[C], WCC 2005, pages 1-10, invited talk.
[24] A. Canteaut, M. Daum, G. Leander, H. Dobbertin, Normal and non normal bent functions,in: Proceedings of the 2003 International Workshop on Coding and Cryptography (WCC2003),Versailles, France, March 2003:91-100.
[25] A.Canteaut and M.Trabbia. Improved fast correlation attacks using parity-check equationsof weight 4 and 5[A]. In:B. Preneel. Number 1807 of Lecture Notes in ComputerScience[C]. Advances in Cryptology - EUROCRYPT 2000, Berlin:Springer-Verlag,2000: 573-588.
[26] A. Canteaut and M. Videau. Degree of Composition of Highly Nonlinear Functions and Applications to Higher Order Differential Cryptanalysis. In Advances in Cryptology -Eurocrypt 2002, number 2332 in Lecture Notes in Computer Science, Berlin,Germany:Springer Verlag, 2002:518-533.
[27] A. Canteaut and M. Videau.Symmetreic Boolean functions[J]. IEEE Transactions onInformation Theory, 2005, 51(8): 2791-2811.
[28] P. Charpin,Normal Boolean functions [J], Journal of complexity,2004(20): 245-265.
[29] H.Chen, J.Li, Lower Bounds on the Algebraic Immunity of Boolean Functions[EB/OL].http://eprint arXiv:cs/0608080
[30] Y. Crania, Peter Hammer, Boolean Methods and Models[M]. Cambridge Univercity Press,2006.
[31] J.Y. Cho and J. Pieprzyk.Algebraic attacks on SOBER-t32 and SOBER-tl6 withoutstuttering[A]. In: B. Roy and W. Meier. Number 3017 of Lecture Notes in ComputerScience[C]. Fast Software Encryption - FSE 2004, Berlin, Germany: Springer-Verlag,2004: 49-64.
[32] C. Cid and G. Leurent. An analysis of the XSL algorithm[A]. In: B. Roy. Number 3788 ofLecture Notes in Computer Science[C]. Advances in Cryptology - ASIACRYPT 2005,Berlin, Germany: Springer-Verlag, 2005: 333-352.
[33] Y. Crania,P. Hammer, Boolean Methods and Models[M]. Cambridge Univercity Press,2006.
[34] N. Courtois, A. Klimov, J. Patarin, and A. Shamir. Efficient algorithms forsolvingoverdefined systems of multivariate polynomial equations[A]. In: B. Preneel. Number1807 of Lecture Notes in Computer Science[C]. Advances in Cryptology- EUROCRYPT2000. Berlin: Springer-Verlag, 2000: 392-407.
[35] N. Courtois. The security of Hidden Field Equations (HFE)[A]. In: D. Naccache. Number2020 of Lecture Notes in Computer Science[C]. CT-RSA 2001, Berlin: Springer-Verlag,2001:266-281.
[36] N. Courtois and J. Pieprzyk. Cryptanalysis of block ciphers with overdefined systems ofequations[A]. In: Y Zheng. Number 2501 of Lecture Notes in Computer Science[C].Advances in Cryptology - ASIACRYPT 2002, Berlin: Springer-Verlag, 2002: 267-287.
[37] N. Courtois. Higherordercorrelationattacks, XLalgorithm and cryptanalysis ofToyocrypt[A]. In: P.J. Lee and C.H. Lim. Number 2587 of Lecture Notes in ComputerScience[C]. ICISC 2002, Berlin: Springer-Verlag, 2003: 182-199.
[38] N. Courtois and W. Meier. Algebraic attacks on stream ciphers with linear feedback[A]. In:E. Biham. Number2656of LectureNotesinComputerScience[C]. Advances inCryptology - EUROCRYPT 2003, Berlin: Springer-Verlag, 2003: 345-359.
[39] N. Courtois. Fastalgebraicattacksonstreamcipherswithlinear feedback[A]. In:D. Boneh. Number2729of LectureNotesinComputerScience[C]. AdvancesinCryptology - CRYPTO 2003, Berlin, Germany: Springer-Verlag, 2003: 176-194.
[40] N. Courtois. Algebraic attacks on combiners with memory and several outputs[A]. In:C. Park and S. Chee. Number 3506 ofLecture Notes in Computer Science[C].Information Security and Cryptology - ICISC 2004, Berlin: Springer-Verlag, 2005: 3-20.
[41] N. Courtois. Cryptanalysis of SFINKS[A]. In: D. Won and S.Kim. Number 3935 ofLecture Notes in Computer Science[C]. International Conference in Information Securityand Cryptology - ICISC 2005, Berlin: Springer-Verlag, 2005: 261-269.
[42] N. Courtois, B. Debraize, and E. Garrido. On exact algebraic [non-]immunity of S-boxesbased on power functions[A]. In: L. Batten and R. Safavi-Naini. Number 4058 of LectureNotes in Computer Science[C]. Australasian Conference on Information Security andPrivacy-ACISP 2006, Berlin: Springer-Verlag, 2006: 76-86.
[43] D. Coppersmith. Fast evaluation of logarithms in fields of characteristic two[J]. IEEETransactions on Information Theory, 1984, 30(4): 587-594.
[44] D. Coppersmith, S. Halevi, and C.S. Jutla. Cryptanalysis of stream ciphers with linearmasking[A].In:M.Yung. Number 2442 of Lecture Notes in Computer Science[C].Advances in Cryptology - CRYPTO 2002, Berlin: Springer-Verlag, 2002: 515-532.
[45] W. Cusick andP. stanica. FastEvaluation,Weightsand Nonlinearityof RotationSymmetric Functions. Discrete Mathematics, vol 258, No 1-3, 2002:289-301.
[46] D.K.Dalai, K.C.Gupta and S.Maitra, Results on algebraic immunity of crypto graphicallysignificant Boolean functions[A], Indocrypt 2004, Number 3348 of Lecture Notes inComputer Science, Berlin: Springer-Verlag, 2004: 92-106.
[47] D.K. Dalai, K.C. Gupta, and S. Maitra. Crypto graphic ally significant Boolean functions:construction and analysis interms of algebraic immunity[A]. In: H. GilbertandH. Handschuh. Number 3557 of Lecture Notes in Computer Science[C]. Fast SoftwareEncryption - FSE 2005, Berlin: Springer-Verlag, 2005: 98-111.
[48] D.K. Dalai and S. Maitra. Reducing the Number of Homogeneous Linear Equations inFinding Annihilators[A].In:G Gong.Number 4086 of Lecture Notes in ComputerScience[C]. Sequences and Theire Applications - SETA2006, Berlin, Germany,Springer-Verlag 2006: 376-390.
[49] D.K. Dalai, K.C. Gupta, and S. Maitra. Notion of algebraic immunity and its evaluationrelated to fast algebraic attacks[EB/OL].Available at http://eprint.iacr.org/2006/018, 2006.
[50] D.K. Dalai, S. Maitra, and S. Sarkar. Basic theory in construction of Boolean functionswith maximum possible annihilator immunity[J]. Designs, Codes and Cryptography, 2006,40(1): 41-58.
[51] M. Daum, G. Leander, H. Dobbertin, An algorithm for checking normality of Booleanfunctions[A],Proceedingsof the 2003International Workshop on Coding andCryptography (WCC 2003), March2003,133-142.
[52] C. Diem. The XL-algorithm and a conjecture from commutative algebra[A]. In: P.J. Lee.Number 3329 of Lecture Notes in Computer Science[C]. Advances in Cryptology -ASIACRYPT2004, Berlin: Springer-Verlag, 2004: 323-337.
[53] F. Didier and Y Laigle-Chapuy. Finding low-weight polynomial multiples using discretelogarithm[EB/OL]. : Available at http://arxiv.org/abs/cs.CR/0701069, 2007.
[54] J.F.Dillon, Elementaryhadamard difference sets, Ph. D. Thesis[D], universityofMaryland, 1974.
[55] C. Ding, G. Xiao, and W. Shan. The Stability Theory of Stream Ciphers[M]. Number 561of Lecture Notes in Computer Science. Berlin: Springer-Verlag, 1991.
[56] H. Dobbertin, Construction of bent functions and balanced Boolean functions with highnonlinearity[A], in: Fast Software Encryption 1995[C], Number 1008 of Lecture Notes inComputer Science, Berlin, Germany, Springer-Verlag, 1995:61-74.
[57] S. Dubuc, Etude des proprie' te's de de'ge'ne'rescence et de normalite' des functionsboole'ennes et construction de fonctions q-aires parfaitement non-line' aires[D],Universite' de Caen, 2001.
[58] ECRYPT, eSTREAM: ECRYPTStream CipherProject, IST-2002-507932[EB/OL],Available at http://www.ecrypt.eu.org/stream.
[59] P.Ekdahl and T.Johansson.A New Version of the Stream Cipher SNOW[A].InSelectedAreasinCryptography, SAC2002[C],number2595 inLectureNotesinComputer Science, Berlin, Germany Springer-Verlag, 2003:47-61.
[60] J.-C. Faugere. Anew efficient algorithm for computing Grobner bases (F4)[J]. Journal ofPure and Applied Algebra, 1999, 139(1-3): 61-88.
[61] J.-C. Faugere. A new efficient algorithm for computing Grobner bases without reductionto zero F5[A]. In ISSAC, ACM Press, July 2002: 75-83.
[62] J.-C. Faugere and A. Joux.Algebraic cryptanalysis of Hidden Field Equation (HFE)cryptosystems using Grobner bases [A]. In: D. Boneh. Number 2729 of Lecture Notes inComputer Science[C].Advances in Cryptology - CRYPTO 2003, Berlin, Germany:Springer-Verlag, 2003: 44-60.
[63] J.-C. Faugere and G Ars. An algebraic cryptanalysis of nonlinear filter generators usingGrobner bases[EB/OL]. : In Rapport de Recherche de l'INRIA, 2003.
[64] Keqin.Feng, An infinite class of balanced Boolean functions with optimum algebraicimmunity and high nonlinearity[C]. International Workshop on Finite Fields and TheirApplications. Zhengzhou , China, June, 2008.
[65] E. Filiol and C. Fontaine. Highly nonlinear balanced Boolean functions with a goodcorrelation- immunity[A]. In Advances in Cryptology - EUROCRYPT'98[C], Berlin,Germany, Springer-Verlag, 1998.
[66] S. Fischer and W. Meier. Algebraic immunity of S-Boxes and augmented functions[A]. In:A. Biryukov. Number 4593 of Lecture Notes in Computer Science[C]. Fast SoftwareEncryption - FSE 2007, Berlin, Germany: Springer-Verlag, 2007: 366-381.
[67] S.W. Golomb.Shift Register Seuqences[M].San Franscisco, CA: Holden-Day,1967.Revised edition: Laguna Hills, CA: Aegean Zark, 1982.
[68] S.W.Golomb.Gongguang.Signal Design for Good Correlation, For Wireless Communication, Cryptography, and Radar[M], Cambridge university press,2005
[69] D. Han and M. Lee. An algebraic attack on the improved summation generator with 2-bitmemory[J]. Information Processing Letters, 2005, 93: 43-46.
[70] S. Halevi, D. Coppersmith and C. S. Jutla. Scream: A Software-Efficient StreamCipher.In Fast Software Encryption, FSE 2002, number 2365 in Lecture Notes inComputer
[55] C. Ding, G. Xiao, and W. Shan. The Stability Theory of Stream Ciphers[M]. Number 561of Lecture Notes in Computer Science. Berlin: Springer-Verlag, 1991.
[56] H. Dobbertin, Construction of bent functions and balanced Boolean functions with highnonlinearity[A], in: Fast Software Encryption 1995[C], Number 1008 of Lecture Notes inComputer Science, Berlin, Germany, Springer-Verlag, 1995:61-74.
[57] S. Dubuc, Etude des proprie' te's de de'ge'ne'rescence et de normalite' des functionsboole'ennes et construction de fonctions q-aires parfaitement non-line' aires[D],Universite' de Caen, 2001.
[58] ECRYPT, eSTREAM: ECRYPTStream CipherProject, IST-2002-507932[EB/OL],Available at http://www.ecrypt.eu.org/stream.
[59] P.Ekdahl and T.Johansson.A New Version of the Stream Cipher SNOW[A].InSelectedAreasinCryptography, SAC2002[C],number2595 inLectureNotesinComputer Science, Berlin, Germany Springer-Verlag, 2003:47-61.
[60] J.-C. Faugere. Anew efficient algorithm for computing Grobner bases (F4)[J]. Journal ofPure and Applied Algebra, 1999, 139(1-3): 61-88.
[61] J.-C. Faugere. A new efficient algorithm for computing Grobner bases without reductionto zero F5[A]. In ISSAC, ACM Press, July 2002: 75-83.
[62] J.-C. Faugere and A. Joux.Algebraic cryptanalysis of Hidden Field Equation (HFE)cryptosystems using Grobner bases [A]. In: D. Boneh. Number 2729 of Lecture Notes inComputer Science[C].Advances in Cryptology - CRYPTO 2003, Berlin, Germany:Springer-Verlag, 2003: 44-60.
[63] J.-C. Faugere and G Ars. An algebraic cryptanalysis of nonlinear filter generators usingGrobner bases[EB/OL]. : In Rapport de Recherche de l'INRIA, 2003.
[64] Keqin.Feng, An infinite class of balanced Boolean functions with optimum algebraicimmunity and high nonlinearity[C]. International Workshop on Finite Fields and TheirApplications. Zhengzhou , China, June, 2008.
[65] E. Filiol and C. Fontaine. Highly nonlinear balanced Boolean functions with a goodcorrelation- immunity[A]. In Advances in Cryptology - EUROCRYPT'98[C], Berlin,Germany, Springer-Verlag, 1998.
[66] S. Fischer and W. Meier. Algebraic immunity of S-Boxes and augmented functions[A]. In:A. Biryukov. Number 4593 of Lecture Notes in Computer Science[C]. Fast SoftwareEncryption - FSE 2007, Berlin, Germany: Springer-Verlag, 2007: 366-381.
[67] S.W. Golomb.Shift Register Seuqences[M].San Franscisco, CA: Holden-Day,1967.Revised edition: Laguna Hills, CA: Aegean Zark, 1982.
[68] S.W.Golomb.Gongguang.Signal Design for Good Correlation, For Wireless Communication, Cryptography, and Radar[M], Cambridge university press,2005
[69] D. Han and M. Lee. An algebraic attack on the improved summation generator with 2-bitmemory[J]. Information Processing Letters, 2005, 93: 43-46.
[70] S. Halevi, D. Coppersmith and C. S. Jutla. Scream: A Software-Efficient StreamCipher.In Fast Software Encryption, FSE 2002, number 2365 in Lecture Notes inComputer
[85] N.Li,L.J.Qu, W.F.Qi etc. On the construction of Boolean functions with optimal algebraicimmunity[J], In IEEE Transactions on Information Theory, 2008, 54(3):1330-1334.
[86] F. Liu and K.Q. Feng. Efficient computation of algebraic immunity of symmetric Booleanfunctions [A]. In: J.-Y. Cai, S.B. Cooper, and H. Zhu. Number 4484 of Lecture Notes inComputer Science[C]. Theory and Applications of Models of Computation - TAMC 2007,Berlin: Springer-Verlag, 2007: 318-329.
[87] F.Liu and K.Q.Feng.On the 2m-variable symmetric Boolean functions with maximumalgebraic immunity 2m-1 . To be published in Designs, Codes and Cryptography.
[88] M.Lobanov.Tight bound between nonlinearityandalgebraicimmunity[EB/OL].Cryptology ePrint Archive: report 2005/441, http://eprint.iacr.org/2005/441.
[89] M. Matsui. Linear cryptanalysis method for DES cipher[A]. In Advances in Cryptology-Eurocrypt 1993[C], number 765 in Lecture Notes in Computer Science, Springer-Verlag,1994:386-397.
[90] M Mihaljevie,H Imai.Cryptana]ysis of Toyocrypt—HIS stream cipher.IEICE Transactionon Fundamentals,vol.F-B5-A 66-73[EB/OL] http://www.csl.esat.sony CO jp/atl/ papers/IEICEjanO2.pdf.
[91] S. Maitra and P.Sarkar, Maximum nonlinearity of symmetric Boolean functions on oddnumber of variables[J], IEEE Transactions on Information Theory IT-48(2002), no.9,2626-2630.
[92] J.L.Massey. Shift registersysnthesisandBCHdecoding[J]. IEEETransactionsonInformation Theory, 1969, 15(1): 122-127.
[93] R. L.Mcfarland, A family of noncyclic difference sets , Journal of Combinatorics Theory,Series A, 1973, vol.15: 1-10.
[94] W. Meier, E. Pasalic and C. Carlet. Algebraic attacks and decomposition of Booleanfunction[A]. In Advances in Cryptology - Eurocrypt 2004[C], Number 3027 of LectureNotes in Computer Science, Springer Verlag, 2004:474-491.
[95] W.Meier and O.Staffelbach. Fast correlation attacks on certain stream ciphers[J]. Journalof Cryptology, 1989,No.1: 159-176.
[96] S.Murphy and M.J.B.Robshaw.Essential algebraic structure within the AES[A].In:M. Yung. Number2442 of LectureNotes inComputer Science[C]. Advances inCryptology - CRYPTO 2002, Berlin: Springer-Verlag, 2002: 1-16.
[97] National Institute of Standards and Technology, 2001. http ://csrc.nist.gov/Crypto Toolkit/aes/rijndael/.
[98] Y.Nawaz, GGong, and K.C.Gupta. Upper bounds on algebraic immunity of Booleanpower functions[A]. In: M.J.B.Robshaw. Number 4047 of Lecture Notes in ComputerScience[C]. Fast Software Encryption - FSE 2006, Berlin, Germany: Springer-Verlag,2006: 375-389.
[99] NESSIE: New European schemes for signatures, integrity, and encryption. Informationsociety technologiesprogrammeof theEuropeancommission(1ST-1999-12324)[EB/OL].Available at http://www.cryptonessie.org/.
[100] E.Pasalic.Degree optimized resilient Boolean functions from Maiurana-McFarland class[A] .In 9-th IMA conference on Cryptography and Coding, 2003[C], Number 2898 ofLecture Notes in Computer Science, Springer -Verlag ,2003:93-114
[101] J.Patarin. Hidden fields equations(HFE)and isomorphisms of polynomials(lP):two newfamilies of asymmetric algorithms [A] Advances in Cryptology—Eurocrypt 96[C].Berlin:Springer-Verlag,1996.33-48
[102]J. Pieprzyk and C.X.Qu. Fast hashing and Rotation Symmetric Function.[J] JournalUniversal Computer Science. (1999) ,vol5(l): 20-31.
[103]B. Preneel et al, Propagation characteristics of Boolean bent functions, Proceeding ofEurocrypt'90, Berlin:Springer-Verlag 1991:161-173.
[104] B.Preneel, W.Van Leekwijck, L.Van Linden,R.Govaerts, and J.Vandewalle.Propagationcharacteristics of Boolean functions. In Advances in Cryptology - Eurocrypt 1990,Lecture Notes in Computer Science, Springer-Verlag, 1991:161-173.
[105] L.J. Qu and C. Li. Weight support technique and the symmetric Boolean functions withmaximum algebraic immunity on even number of variables [A]. In: D.Y. Pei and M. Yung.Procedding of Information Security and Cryptology 2007[C], 270-281.
[106] L.J. Qu, C. Li, and K.Q. Feng. A note on symmetric Boolean functions with maximumalgebraic immunity on odd number of variables[J]. IEEE Transactions on InformationTheory, 2007, 53(8): 2908-2910.
[107] L.J. Qu and C. Li.On the 2m-variable symmetric Boolean functions with maximumalgebraic immunity[J]. Science in China Series F: Information Sciences. 2008,Vol.51(2)120-127.
[108]R.L.Rivest, M.J.B.Robshaw and Y.L.Yin. RC6 as the AES[C].In AES CandidateConference 2000:337-342.
[109] G.G.Rose and P.Hawkes.Turing:A Fast Stream Cipher[A]. In Fast Software Encryption,FSE2003[C],number 2887 in Lecture Notes in Computer Science, Berlin, Germany,Springer-Verlag,2003. 290-306.
[110] O.S.Rothaus,On bent functions. J Combinatorial Theory (Ser.A), 1976, 20: 300—305. [1ll] P. Sarkar. Hiji-bij-bij: A New Stream Cipher with a Self-Synchronizing Mode ofOperation[A]. Progress in Cryptology - Indocrypt 2003[C], Number 2887 of LectureNotes in Computer Science, Springer-Verlag, 2003:36-51.
[112] C.E. Shannon. Communication theory of secrecy systems[J]. Bell System TechnicalJournal, 1949, 28(4): 656-715.
[113] B. Schneier. Applied Cryptography[M]. New-York: Wiley, 1996.
[114] B. Schneier, J. Kelsey, D. Whiting, D.Wagner and N. Ferguson. Comments on TwofIsh asan AES Candidate[A]. In AES Candidate Conference 2000[C], pages 355-356.
[115] A. Shimizu and S. Miyaguchi. Fast Data Encryption Algorithm FEAL[A]. In Advances inCryptology - Eurocrypt 1987[C], Number 304 of Lecture Notes in Computer Science,Springer-Verlag, 1987:267-278.
[116] Stream cipher project for Ecrypt [EB/OL]. : Available at http://www.ecrypt.eu.org/stream/,
[117]P.Stanica,s.maitra Rotation Symmetric Boolean Functions-Count and Cryptographic Properties[A].In R.C Bost Centenary Sympostuan on Discrete Mathematics and Applications[C],December 2002. Electronoc Notes in Discrete Mathematics,Elsevie,vol 15
[118]P.Stanica s.Maitria.A Constructive Count of Rotation Symmetric Function[EB/OL] http://sciences aum edu/-/stanica/reseach/RSBFs-IPL.pdf,2003-11
[119]R.Stanica. s.Maitria and J.Clark. Results on Rotation symmetric Bent and Correlation immunity Boolean functions[A].Fast software encryption,FSE2004[C].Number 3017 of Lecture Notes in Computer Science,Berlin,Germany:Springer Verlag 2004:161-177
[120]A Shamir,Stream ciphers:dead or alive[A],advances in Cryptology-ASIACRYPT 2004[C]. Number 3329 of Lecture Notes in Computer Science,Springer Verlag 2004,78
[121]T.Siegenthaler. Correlation-immunity ofnonlinear combining functions for cryptographic application[J].IEEE Transactions on Information Theory,1984 IT-30(5):776-780
[122]ZSiegenthaler.Decrypting a class of stream ciphers using ciphertext only[J].IEEE Transactions on Computers,1985,C-34(1):81-85
[123]M Sugita,M aw-azoe,H Imai Relation between XL algorithm and grobner bases algorithms[EB/OL].http://eprint.iacr.org/2004/112,2004
[124]G Xiao and J L Massey. A spectral characterization of correlation immune combining functions[J].IEEE Transactions on Information Theory,1988,34(3):569-571
[125]Bluetooth SIG Specification ofthe Bluetooth system,Version 1 1[EB/OL]:Available at http://www.bluetooth.com,Feburarv 22,2001
[126]北京大学数学系几何与代数教研室代数小组,高等代数[M],高教出版社,第二版,1987
[127]丁存生,肖国镇,序列密码学及其应用[M],国防工业出版社,1994.
[128]郭敬立,孟庆树等.旋转对称函数的设计[l],武汉大学学报(理学版),2004年第10期161-163.
[129]李世取,曾本畦等,密码学中的逻辑函数[M],北京中软电子出版社,2003年.
[130]刘木兰.Gr6bner基理论及其应用[M].北京:科学出版社,2000
[131]万哲先代数和编码(第三版)[M],北京,高等教育出版社,2007
[132]温巧燕,钮心忻,杨义先现代密码学中的布尔函数[M],北京,科学出版社,2000.
[133]杨义先,林须端编码密码学[M],北京几民邮电出版社,1992
[134]张文英,武传坤,于静之密码学中布尔函数的零化子[J].电子学报,2006,34(1):51-54
[135]张龙,吴文玲,温巧燕,序列密码代数攻击的研究现状及其展望[J],通信学报,2006,NO.1:91-98.