EUROCRYPT 1990: Advances in Cryptology — EUROCRYPT ’90 pp 124-139

# Properties of binary functions

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 473)

## Abstract

In this paper, we shall investigate the connections between three properties of a binary function: the Strict Avalanche Criterion, balance and correlation immunity. The strict avalanche criterion was introduced by Webster and Tavares [7] in order to combine the ideas of completeness and the avalanche effect. A cryptographic transformation is said to be complete if each output bit depends on each input bit, and it exhibits the avalanche effect if an average of one half of the output bits change whenever a single input bit is changed. Forré [1] extended this notion by defining higher order Strict Avalanche Criteria. A function is balanced if, when all input vectors are equally likely, then all output vectors are equally likely. This is an important property for many types of cryptographic functions. The idea of correlation immunity is also extremely important, especially in the field of stream ciphers, where combining functions which are not correlation immune are vulnerable to ciphertext only attacks (see, for example [4]). The concept of mth order correlation immunity was introduced by Siegenthaler [5] as a measure of resistance against such an attack.

## 7. References

1. [1]
Forré, R., “The Strict Avalanche Criterion: Spectral Properties of Boolean Functions and an Extended Definition”, Abstracts CRYPTO88, 1988Google Scholar
2. [2]
Lloyd, S.A, “Balance, uncorrelatedness and the Strict Avalanche Criterion”, Hewlett-Packard Research Laboratories, Bristol, Technical Memo no. HPL-ISC-TM-89-012, 1989 (also submitted to Discrete Applied Mathematics)Google Scholar
3. [3]
Lloyd, S.A, “Characterising and counting functions satisfying the Strict Avalanche Criterion of order (n-3)”, to appear in Proceedings of the Second IMA Conference on Cryptography and Coding, 1989Google Scholar
4. [4]
Siegenthaler, T., “Decrypting a class of stream ciphers using ciphertext only”, IEEE Transactions on Computers, vol. C-34, (1985), pp.81–85
5. [5]
Siegenthaler, T., “Correlation immunity of nonlinear combining functions for cryptographic applications”, IEEE Transactions on Information Theory, vol. IT-30, (1984), pp776–780
6. [6]
Xiao, G-Z, and Massey, J.L., “A Spectral Characterization of Correlation-Immune Combining Functions”, IEEE Transactions on Information Theory, Vol. 34, No. 3 (1988), pp.569–571
7. [7]
Webster, A.F. and Tavares, S.E., “On the design of S-boxes”, Advances in Cryptology, Proceedings CRYPTO85, Springer Verlag, Heidelberg, 1986, pp. 523–534