William Millan

Heuristic design of cryptographically strong balanced Boolean functions

Advances in the design of Boolean functions using heuristic techniques are reported. A genetic algorithm capable of generating highly nonlinear balanced Boolean functions is presented. Hill climbing techniques are adapted to locate balanced, highly nonlinear Boolean functions that also almost satisfy correlation immunity. The definitions for some cryptographic properties are generalised, providing a measure suitable for use as a fitness function in a genetic algorithm seeking balanced Boolean functions that satisfy both correlation immunity and the strict avalanche criterion. Results are presented demonstrating the effectiveness of the methods.

The LILI-II Keystream Generator

The LILI-II keystream generator is a LFSR based synchronous stream cipher with a 128 bit key. LILI-II is a specific cipher from the LILI family of keystream generators, and was designed with larger internal components than previous ciphers in this class, in order to provide increased security. The design offers large period and linear complexity, is immune to currently known styles of attack, and is simple to implement in hardware or software. The cipher achieves a security level of 128 bits.

Evolving Boolean Functions Satisfying Multiple Criteria

Many desirable properties have been identified for Boolean functions with cryptographic applications. Obtaining optimal tradeoffs among such properties is hard. In this paper we show how simulated annealing, a search technique inspired by the cooling processes of molten metals, can be used to derive functions with profiles of cryptographically-relevant properties as yet unachieved by any other technique.

Evolutionary Heuristics for Finding Cryptographically Strong S-Boxes

Recent advances are reported in the use of heuristic optimisation for the design of cryptographic mappings. The genetic algorithm (GA) is adapted for the design of regular substitution boxes (s-boxes) with relatively high nonlinearity and low autocorrelation. We discuss the selection of suitable GA parameters, and in particular we introduce an effective technique for breeding s-boxes. This assimilation operation, produces a new s-box which is a simple and natural compromise between the properties of two dissimilar parent s-boxes. Our results demonstrate that assimilation provides rapid convergence to good solutions. We present an analysis comparing the relative effectiveness of including a local optimisation procedure at various stages of the GA. Our results show that these algorithms find cryptographically strong s-boxes faster than exhaustive search.

Dragon: a fast word based stream cipher

This paper presents Dragon, a new stream cipher constructed using a single word based non-linear feedback shift register and a non-linear filter function with memory. Dragon uses a variable length key and initialisation vector of 128 or 256 bits, and produces 64 bits of keystream per iteration. At the heart of Dragon are two highly optimised 8 × 32 s-boxes. Dragon uses simple operations on 32-bit words to provide a high degree of efficiency in a wide variety of environments, making it highly competitive when compared with other word based stream ciphers. The components of Dragon are designed to resist all known attacks.

Linear redundancy in S-boxes

This paper reports the discovery of linear redundancy in the S-boxes of many ciphers recently proposed for standardisation (including Rijndael, the new AES). We introduce a new method to efficiently detect affine equivalence of Boolean functions, and hence we study the variety of equivalence classes existing in random and published S-boxes. This leads us to propose a new randomness criterion for these components. We present experimental data supporting the notion that linear redundancy is very rare in S-boxes with more than 6 inputs. Finally we discuss the impact this property may have on implementations, review the potential for new cryptanalytic attacks, and propose a new tweak for block ciphers that removes the redundancy. We also provide details of a highly nonlinear 8*8 non-redundant bijective S-box, which is suitable as a plug in replacement where required.

LILI Keystream Generator

A family of keystream generators, called the LILI keystream generators, is proposed for use in stream cipher applications and the security of these generators is investigated with respect to currently known attacks. The design is simple and scalable, based on two binary linear feedback shift registers combined in a simple way, using both irregular clocking and nonlinear functions. The design provides the basic security requirements such as a long period and high linear complexity, and is resistant to known cryptanalytic attacks.

How to Improve the Nonlinearity of Bijective S-Boxes

A method for the systematic improvement of the nonlinearity of bijective substitution boxes is presented. It is shown how to select two outputs so that swapping them increases the nonlinearity. Experimental results show that highly nonlinear bijective substitutions can be obtained by this method that are difficult to obtain by random generation. A survey of results in the design of S-boxes is included.

An effective genetic algorithm for finding highly nonlinear Boolean Functions

We report on the results of the first known use of Genetic Algorithms (GAs) to find highly nonlinear Boolean functions. The basic method, using a new breeding procedure, is shown to be several orders of magnitude faster than random search in locating Boolean functions with very high nonlinearity. When a directed hill climbing method is employed, the results are even better. The performance of random searches is used as a bench mark to assess the effectiveness of a basic GA, a directed hill climbing method, and a GA with hill climbing. The selection of GA parameters and convergence issues are discussed. Finally some future directions of this research are given.

Boolean Function Design Using Hill Climbing Methods

This paper outlines a general approach to the iterative incremental improvement of the cryptographic properties of arbitrary Boolean functions. These methods, which are known as hill climbing, offer a fast way to obtain Boolean functions that have properties superior to those of randomly generated functions. They provide a means to improve the attainable compromise between conflicting cryptographic criteria. We give an overview of the different options available, concentrating on reducing the maximum value of the Walsh-Hadamard transform and autocorrelation function. A user selected heuristic allows the methods to be flexible. Thus we obtain Boolean functions that are locally optimal with regard to one or more important cryptographic properties such as nonlinearity and global autocorrelation.