Proof of a Conjecture about Rotation Symmetric Functions

Pro of of a conjecture ab out rotation sym metric functions ∗ Zhang Xiy ong 1 † , Guo Hua 2 , Li Yifa 1 1.Zhengzhou Information Science and T ec hn ology Institute, PO B ox 10 01-745, Zhengzhou 450002 , PRC 2.Sc ho ol of Computer Science and Engineering, Beihang Universi ty , Be ijing,100083, PRC . Abstract Rotation symmetric Bo olean f unct ions have important app lications in the design of cryptographic algo rithms. W e pro ve the conjecture ab out rotatio n symmetric Boolean functions (RSBFs) of degree 3 prop osed in [1], thus the nonlinearity of such kind of func- tions are determined. Keyw ords: Bo ole an functions, R otation-symmetric, F ourier T r ansform, Nonline arity 1 In tro duction A B o olean function f n ( x 0 , · · · , x n − 1 ) on n v aria bles is a map from F n 2 to F 2 , wher e F n 2 is the vector space of dimension n ov er the tw o element field F 2 . Rotation symmetric Bo ole a n functions (Abbr. RSBFs) are a sp ecial kind of Bo o lean functions with prop erties that its ev aluations on ev ery cyclic inpu ts are the same, thu s could b e used as comp onents to achieve efficient implement atio n in the desig n of a message digest algorithm in cryptog raphy , s uch as MD4, MD5. These functions hav e attracted atten tions in these years (see [2-7]). One of the main fo cus is the nonlinearity of these kind functions (se e [6, 7]). It is k nown that a ha shing a lgorithm employing degree-tw o RSBFs as comp onents cannot resist the linear a nd differential attacks ([4]). Hence, it is necess ary to use higher degr ee RSBFs with highe r nonlinea rity to protect the cryptog r aphy algor ithm from differential attack. Cusick and St˘ anic˘ a ([1]) in vestigated the weigh t of a kind of 3-deg r ee RSBFs and prop osed a conjecture ba sed on their numerical observ ations. Conjecture 1.1 The nonline arity of F n 3 ( x 0 , · · · , x n − 1 ) = P 0 ≤ i ≤ n − 1 x i x i +1( mod n ) x i +2( mod n ) is the same as its weight. As claimed in [1] that if the ab ov e Co njectur e could b e prov ed, then significa n t progr e ss for k - deg ree ( k > 3 ) RSBFs might be possible. Recently Ciungu [8] pro ved the conjecture in the case 3 | n . In this pa pe r , we fa c to r F n 3 int o four sub-functions, discover so me recurrence relations, a nd thus prov e the a b ove Conjecture. The sub-functions a nd rela ted recurre nc e ar e different from C us ick’s[1 ]. The technique used in this pap er may b e applied for the study of RSBFs o f degree k > 3. W e define tw o vectors e 1 = (1 , 0 , · · · , 0) ∈ F n 2 for every n > 1, e 2 n − 1 = (0 , 0 , · · · , 0 , 1) ∈ F n 2 , and abuse 0 = (0 , · · · , 0) to repr esent the zero vector in vector spac es F n 2 of every dimensio n fo r simpleness. By x n and c n we mean the abbr. for ms o f vectors ( x 0 , · · · , x n − 1 ) and ( c 0 , · · · , c n − 1 ) in F n 2 . A linear function is of the for m c n · x n , where · is the vector dot pro duct. The weight of a Bo olea n function f n ( x n ) is the n um b er o f solutions x n ∈ F n 2 such that f n ( x n ) = 1, denoted by w t ( f n ). The distance d ( f n , g n ) b etw een tw o Boolea n functions f n and g n is defined to b e wt ( f n + g n ). Now we list some basic definitions ab o ut Bo olea n functions. ∗ This w ork was supp orted by NSF of China with con tract No. 6080315 4 † Corresp onding E-mail Address: xiyong.zh ang@hotmail.com 1 Definition 1.2 A Bo ole an funct ion f n ( x n ) , is c al le d r otation symmetr ic if f n ( x 0 , · · · , x n − 1 ) = f n ( x n − 1 , x 0 , x 1 , · · · , x n − 2 ) , f or all ( x 0 , · · · , x n − 1 ) ∈ F n 2 . Definition 1.3 F or a Bo ole an funct ion f n ( x n ) , the F ourier t r ansform of f n at c n ∈ F n 2 is define d as c f n ( c n ) = X x n ∈ F n 2 ( − 1) f n ( x n )+ c n · x n . By the definition of F ourier transform, it is easy to see that Lemma 1.4 F or al l ( c 0 , · · · , c n − 1 ) ∈ F n 2 , c F n 3 ( c 0 , · · · , c n − 1 ) = c F n 3 ( c n − 1 , c 0 , · · · , c n − 2 ) . Definition 1.5 The nonline arity N f n of a B o ole an funct ion f n ( x n ) , is define d a s N f n = M in { d ( f n ( x n ) , c n · x n ) | c n ∈ F n 2 } . By Definition 1.5, it is not difficult to deduce that for all f n ( x n ), c f n (0) = 2 n − 2 · wt ( f n ( x n )) . Hence we can restate the ab ov e Conjecture as c F n 3 (0) = M ax {| c F n 3 ( c n ) | | c n ∈ F n 2 } . 2 The pro of of the Con jecture T o prov e the ab ov e Conjecture, w e factor F n 3 int o 4 sub-functions. Let t n = P 0 ≤ i ≤ n − 3 x i x i +1 x i +2 , and f n 0 ( x 0 , · · · , x n − 1 ) = t n , f n 1 ( x 0 , · · · , x n − 1 ) = t n + x 0 x 1 , f n 2 ( x 0 , · · · , x n − 1 ) = t n + x n − 2 x n − 1 , f n 3 ( x 0 , · · · , x n − 1 ) = t n + x 0 x 1 + x n − 2 x n − 1 + x 0 + x n − 1 . (1) Then we hav e X x 0 , ··· ,x n − 1 ( − 1) F n 3 ( x 0 , ··· ,x n − 1 ) = X x 0 , ··· ,x n − 3 X 0 ≤ i ≤ 3 ( − 1) f n − 2 i ( x 0 , ··· ,x n − 3 ) . Lemma 2.1 F or every c n = ( c 0 , · · · , c n − 1 ) ∈ F n 2 , if c n − 1 = 0 , then c f n 0 ( c n ) = 2( [ f n − 2 0 ( c n − 2 ) + ( − 1) c n − 2 · [ f n − 3 0 ( c n − 3 )) , c f n 1 ( c n ) = 2( [ f n − 2 1 ( c n − 2 ) + ( − 1) c n − 2 · [ f n − 3 1 ( c n − 3 )) , c f n 2 ( c n ) = 2( [ f n − 2 0 ( c n − 2 ) + ( − 1) c n − 3 + c n − 2 · [ f n − 3 2 ( c n − 3 + e 2 n − 4 )) , c f n 3 ( c n ) = 2( − 1 ) c n − 2 · [ f n − 3 1 ( c n − 3 + e 1 ) , (2) wher e c n − 2 ∈ F n − 2 2 and c n − 3 ∈ F n − 3 2 ar e the first n − 2 and n − 3 bits of c n ∈ F n 2 , and e 1 = (1 , 0 , · · · , 0) , e 2 n − 4 = (0 , · · · , 0 , 1) ∈ F n − 3 2 . Pro of. W e prov e the first rela tion, pro of of the other three ones are similar. Because c n − 1 = 0, we hav e 2 c f n 0 ( c n ) = P x n : x n − 1 =0 ( − 1) f n 0 ( x n )+ c n · x n + P x n : x n − 1 =1 ( − 1) f n 0 ( x n )+ c n · x n = P x n − 1 ( − 1) f n − 1 0 ( x n − 1 )+ c n − 1 · x n − 1 + P x n − 1 ( − 1) f n − 1 0 ( x n − 1 )+ x n − 3 x n − 2 + c n − 1 · x n − 1 = P x n − 1 : x n − 2 =0 ( − 1) f n − 1 0 ( x n − 1 )+ c n − 1 · x n − 1 + P x n − 1 : x n − 2 =0 ( − 1) f n − 1 0 ( x n − 1 )+ x n − 3 x n − 2 + c n − 1 · x n − 1 + P x n − 1 : x n − 2 =1 ( − 1) f n − 1 0 ( x n − 1 )+ c n − 1 · x n − 1 + P x n − 1 : x n − 2 =1 ( − 1) f n − 1 0 ( x n − 1 )+ x n − 3 x n − 2 + c n − 1 · x n − 1 = P x n − 2 ( − 1) f n − 2 0 ( x n − 2 )+ c n − 2 · x n − 2 + P x n − 2 ( − 1) f n − 2 0 ( x n − 2 )+ c n − 2 · x n − 2 + P x n − 2 ( − 1) f n − 2 0 ( x n − 2 )+ c n − 2 · x n − 2 + x n − 4 x n − 3 + c n − 2 + P x n − 2 ( − 1) f n − 2 0 ( x n − 2 )+ c n − 2 · x n − 2 + x n − 4 x n − 3 + x n − 3 + c n − 2 = 2 · [ f n − 2 0 ( c n − 2 ) + P x n − 2 : x n − 3 =0 ( − 1) f n − 2 0 ( x n − 2 )+ c n − 2 · x n − 2 + x n − 4 x n − 3 + c n − 2 + P x n − 2 : x n − 3 =1 ( − 1) f n − 2 0 ( x n − 2 )+ c n − 2 · x n − 2 + x n − 4 x n − 3 + c n − 2 + P x n − 2 : x n − 3 =0 ( − 1) f n − 2 0 ( x n − 2 )+ c n − 2 · x n − 2 + x n − 4 x n − 3 + x n − 3 + c n − 2 + P x n − 2 : x n − 3 =1 ( − 1) f n − 2 0 ( x n − 2 )+ c n − 2 · x n − 2 + x n − 4 x n − 3 + x n − 3 + c n − 2 = 2 · [ f n − 2 0 ( c n − 2 ) + P x n − 3 ( − 1) f n − 3 0 ( x n − 3 )+ c n − 3 · x n − 3 + c n − 2 + P x n − 3 ( − 1) f n − 3 0 ( x n − 3 )+ c n − 3 · x n − 3 + c n − 2 + P x n − 3 ( − 1) f n − 3 0 ( x n − 3 )+ c n − 3 · x n − 3 + x n − 5 x n − 4 + x n − 4 + c n − 3 + c n − 2 + P x n − 3 ( − 1) f n − 3 0 ( x n − 3 )+ c n − 3 · x n − 3 + x n − 5 x n − 4 + x n − 4 + c n − 3 + c n − 2 +1 = 2 · [ f n − 2 0 ( c n − 2 ) + 2 · ( − 1) c n − 2 · [ f n − 3 0 ( c n − 3 ) + P x n − 3 ( − 1) f n − 3 0 ( x n − 3 )+ c n − 3 · x n − 3 + x n − 5 x n − 4 + x n − 4 + c n − 3 + c n − 2 − P x n − 3 ( − 1) f n − 3 0 ( x n − 3 )+ c n − 3 · x n − 3 + x n − 5 x n − 4 + x n − 4 + c n − 3 + c n − 2 = 2 · [ f n − 2 0 ( c n − 2 ) + 2 · ( − 1) c n − 2 · [ f n − 3 0 ( c n − 3 ) . Lemma 2.2 F or every c n = ( c 0 , · · · , c n − 1 ) ∈ F n 2 , if c n − 1 = 1 , then for i = 0 , 2 , c f n i ( c n ) = [ f n − 1 0 ( c n − 1 ) ± 2 · [ f n − 4 0 ( c n − 4 )) , or = [ f n − 1 0 ( c n − 1 ) ± 2 · [ f n − 4 0 ( c n − 4 ) ± 4 · [ f n − 5 2 ( c n − 5 ) , or = [ f n − 1 0 ( c n − 1 ) ± 2 · [ f n − 4 0 ( c n − 4 ) ± 4 · [ f n − 5 2 ( c n − 5 + e 2 n − 6 ) , (3) and for i = 1 , c f n i ( c n ) = [ f n − 1 1 ( c n − 1 ) ± 2 · [ f n − 4 1 ( c n − 4 ) , or = [ f n − 1 1 ( c n − 1 ) ± 2 · [ f n − 4 1 ( c n − 4 ) ± 4 · [ f n − 5 1 ( c n − 5 ) , or = [ f n − 1 1 ( c n − 1 ) ± 2 · [ f n − 4 1 ( c n − 4 ) ± 4 · [ f n − 5 3 ( c n − 5 + e 1 ) , (4) 3 and for i = 3 , c f n i ( c n ) = [ f n − 1 1 ( c n − 1 + e 1 ) ± 2 · [ f n − 4 1 ( c n − 4 + e 1 ) , or = [ f n − 1 1 ( c n − 1 + e 1 ) ± 2 · [ f n − 4 1 ( c n − 4 + e 1 ) ± 4 · [ f n − 5 1 ( c n − 5 + e 1 ) , or = [ f n − 1 1 ( c n − 1 + e 1 ) ± 2 · [ f n − 4 1 ( c n − 4 + e 1 ) ± 4 · [ f n − 5 3 ( c n − 5 ) , (5) wher e c n − 1 ∈ F n − 1 2 , c n − 4 ∈ F n − 4 2 , and c n − 5 ∈ F n − 5 2 ar e t he first n − 1 , n − 4 and n − 5 bits of c n ∈ F n 2 , and e 1 = (1 , 0 , · · · , 0) , e 2 n − 6 = (0 , · · · , 0 , 1) ∈ F n − 5 2 . Pro of. W e briefly prov e the relations for f n 0 , f n 2 . Because c n − 1 = 1, we hav e c f n 0 ( c n ) = P x n : x n − 1 =0 ( − 1) f n 0 ( x n )+ c n · x n + P x n : x n − 1 =1 ( − 1) f n 0 ( x n )+ c n · x n = [ f n − 1 0 ( c n − 1 ) + P 0 ≤ j ≤ 7 ( − 1) g n − 4 0 ,j . (6) where g n − 4 0 ,j ( x 0 , · · · , x n − 5 ) ar e functions corr esp onding to f n 0 ( x n )+ c n · x n where c n − 1 = 1 , x n − 1 = 1 , j = x n − 4 + 2 x n − 3 + 4 x n − 2 . Ca lculate these functions in details in T a ble 1. j : ( x n − 4 , x n − 3 , x n − 2 ) g n − 4 0 ,j (0 , 0 , 0) f n − 4 0 + c n − 4 · x n − 4 + 1 (1 , 0 , 0) f n − 4 0 + c n − 4 · x n − 4 + x n − 6 x n − 5 + c n − 4 + 1 (0 , 1 , 0) f n − 4 0 + c n − 4 · x n − 4 + c n − 3 + 1 (0 , 0 , 1) f n − 4 0 + c n − 4 · x n − 4 + c n − 2 + 1 (1 , 1 , 0) f n − 4 0 + c n − 4 · x n − 4 + x n − 6 x n − 5 + x n − 5 + c n − 4 + c n − 3 + 1 (1 , 0 , 1) f n − 4 0 + c n − 4 · x n − 4 + x n − 6 x n − 5 + c n − 4 + c n − 2 + 1 (0 , 1 , 1) f n − 4 0 + c n − 4 · x n − 4 + c n − 3 + c n − 2 (1 , 1 , 1) f n − 4 0 + c n − 4 · x n − 4 + x n − 6 x n − 5 + x n − 5 + c n − 4 + c n − 3 + c n − 2 + 1 T able 1: g n − 4 0 ,j (0 ≤ j ≤ 7) co rresp onding to f n 0 ( x n ) + c n · x n . By T able 1, we have P 0 ≤ j ≤ 7 ( − 1) g n − 4 0 ,j = (( − 1) + ( − 1) c n − 2 +1 + ( − 1 ) c n − 3 +1 + ( − 1 ) c n − 3 + c n − 2 ) · [ f n − 4 0 ( c n − 4 ) +( − 1) c n − 4 +1 (1 + ( − 1) c n − 2 ) · [ f n − 4 2 ( c n − 4 ) +( − 1) c n − 4 + c n − 3 +1 (1 + ( − 1) c n − 2 ) · [ f n − 4 2 ( c n − 4 + e 2 n − 5 ) =        − 2( − 1) c n − 3 [ f n − 4 0 ( c n − 4 ) if c n − 2 = 1 , − 2 [ f n − 4 0 ( c n − 4 ) − 4( − 1) c n − 4 [ f n − 5 0 ( c n − 5 ) if c n − 2 = 0 , c n − 3 = 0 , − 2 [ f n − 4 0 ( c n − 4 ) − 4( − 1) c n − 4 + c n − 5 [ f n − 5 2 ( c n − 5 + e 2 n − 6 ) if c n − 2 = 0 , c n − 3 = 1 . (7) So we hav e c f n 0 ( c n ) =        [ f n − 1 0 ( c n − 1 ) − 2( − 1) c n − 3 [ f n − 4 0 ( c n − 4 ) if c n − 2 = 1 , [ f n − 1 0 ( c n − 1 ) − 2 [ f n − 4 0 ( c n − 4 ) − 4 ( − 1) c n − 4 [ f n − 5 0 ( c n − 5 ) if c n − 2 = 0 , c n − 3 = 0 , [ f n − 1 0 ( c n − 1 ) − 2 [ f n − 4 0 ( c n − 4 ) − 4 ( − 1) c n − 4 + c n − 5 [ f n − 5 2 ( c n − 5 + e 2 n − 6 ) if c n − 2 = 0 , c n − 3 = 1 . (8) F or the pro o f of the relation o f f n 2 , we list the functions g n − 4 2 ,j (0 ≤ j ≤ 7) corr esp onding to f n 2 ( x n ) + c n · x n in T a ble 2, wher e c n − 1 = 1 , x n − 1 = 1 , j = x n − 4 + 2 x n − 3 + 4 x n − 2 . 4 j : ( x n − 4 , x n − 3 , x n − 2 ) g n − 4 2 ,j (0 , 0 , 0) f n − 4 0 + c n − 4 · x n − 4 + 1 (1 , 0 , 0) f n − 4 0 + c n − 4 · x n − 4 + x n − 6 x n − 5 + c n − 4 + 1 (0 , 1 , 0) f n − 4 0 + c n − 4 · x n − 4 + c n − 3 + 1 (0 , 0 , 1) f n − 4 0 + c n − 4 · x n − 4 + c n − 2 (1 , 1 , 0) f n − 4 0 + c n − 4 · x n − 4 + x n − 6 x n − 5 + x n − 5 + c n − 4 + c n − 3 + 1 (1 , 0 , 1) f n − 4 0 + c n − 4 · x n − 4 + x n − 6 x n − 5 + c n − 4 + c n − 2 (0 , 1 , 1) f n − 4 0 + c n − 4 · x n − 4 + c n − 3 + c n − 2 + 1 (1 , 1 , 1) f n − 4 0 + c n − 4 · x n − 4 + x n − 6 x n − 5 + x n − 5 + c n − 4 + c n − 3 + c n − 2 T able 2: g n − 4 2 ,j (0 ≤ j ≤ 7) co rresp onding to f n 2 ( x n ) + c n · x n . Similarly c f n 2 ( c n ) = P x n : x n − 1 =0 ( − 1) f n 2 ( x n )+ c n · x n + P x n : x n − 1 =1 ( − 1) f n 2 ( x n )+ c n · x n = [ f n − 1 0 ( c n − 1 ) + P 0 ≤ j ≤ 7 ( − 1) g n − 4 2 ,j , (9) And P 0 ≤ j ≤ 7 ( − 1) g n − 4 2 ,j = (( − 1) + ( − 1 ) c n − 2 + ( − 1 ) c n − 3 +1 + ( − 1 ) c n − 3 + c n − 2 +1 ) · [ f n − 4 0 ( c n − 4 ) +( − 1) c n − 4 (( − 1) + ( − 1) c n − 2 ) · [ f n − 4 2 ( c n − 4 ) +( − 1) c n − 4 + c n − 3 (( − 1) + ( − 1) c n − 2 ) · [ f n − 4 2 ( c n − 4 + e 2 n − 5 ) =        − 2( − 1) c n − 3 [ f n − 4 0 ( c n − 4 ) if c n − 2 = 0 , − 2 [ f n − 4 0 ( c n − 4 ) − 4 ( − 1) c n − 4 [ f n − 5 0 ( c n − 5 ) if c n − 2 = 1 and c n − 3 = 0 , − 2 [ f n − 4 0 ( c n − 4 ) − 4 ( − 1) c n − 4 + c n − 5 [ f n − 5 2 ( c n − 5 + e 2 n − 6 ) if c n − 2 = 1 and c n − 3 = 1 . (10) By (9) and (10), the relation for f n 2 follows. Similarly , c f n 1 ( c n ) = [ f n − 1 1 ( c n − 1 ) + P 0 ≤ j ≤ 7 ( − 1) g n − 4 1 ,j , where P 0 ≤ j ≤ 7 ( − 1) g n − 4 1 ,j can b e calculated as P 0 ≤ j ≤ 7 ( − 1) g n − 4 1 ,j =        − 2( − 1) c n − 3 [ f n − 4 1 ( c n − 4 ) if c n − 2 = 1 , − 2 [ f n − 4 1 ( c n − 4 ) − 4 ( − 1) c n − 4 [ f n − 5 1 ( c n − 5 ) if c n − 2 = 0 and c n − 3 = 0 , − 2 [ f n − 4 1 ( c n − 4 ) − 4 ( − 1) c n − 4 + c n − 5 [ f n − 5 3 ( c n − 5 + e 1 ) if c n − 2 = 0 and c n − 3 = 1 . (11) Similarly again, c f n 3 ( c n ) = [ f n − 1 1 ( c n − 1 + e 1 ) + P 0 ≤ j ≤ 7 ( − 1) g n − 4 3 ,j , where P 0 ≤ j ≤ 7 ( − 1) g n − 4 3 ,j can be calculated a s P 0 ≤ j ≤ 7 ( − 1) g n − 4 3 ,j =        2( − 1) c n − 3 [ f n − 4 1 ( c n − 4 + e 1 ) if c n − 2 = 0 , 2 [ f n − 4 1 ( c n − 4 + e 1 ) + 4 ( − 1) c n − 4 [ f n − 5 1 ( c n − 5 + e 1 ) if c n − 2 = 1 and c n − 3 = 0 , 2 [ f n − 4 1 ( c n − 4 + e 1 ) + 4 ( − 1) c n − 4 + c n − 5 [ f n − 5 3 ( c n − 5 ) if c n − 2 = 1 and c n − 3 = 1 . (12) 5 Cusick and St˘ anic˘ a[1] hav e proved that wt ( F n 3 ( x )) = 2( w t ( F n − 2 3 ( x )) + w t ( F n − 3 3 ( x ))) + 2 n − 3 , i.e. c F n 3 (0) = 2( \ F n − 2 3 (0) + \ F n − 3 3 (0)) (in fact it co uld a lso b e verified by Lemma 2 .1 and Lemma 2.2). The following Lemma gives more relations a bo ut c F n 3 (0). Lemma 2.3 c F n 3 (0) satisfies the fol lowing r elationships: c F n 3 (0) = \ F n − 1 3 (0) + 2 \ F n − 4 3 (0) + 4 \ F n − 5 3 (0) n ≥ 8 , \ F n − 1 3 (0) ≤ c F n 3 (0) ≤ 2 \ F n − 1 3 (0) , n ≥ 7 . (13) Pro of. F or the firs t e quation, by the recurr ence relation c F n (0) = 2( \ F n − 2 (0) + \ F n − 3 (0)) , w e hav e for a ll n ≥ 8 , c F n 3 (0) = 2( \ F n − 2 3 (0) + \ F n − 3 3 (0)) , \ F n − 1 3 (0) = 2( \ F n − 3 3 (0) + \ F n − 4 3 (0)) , 2 \ F n − 2 3 (0) = 4( \ F n − 4 3 (0) + \ F n − 5 3 (0)) , (14) Calculating ” the f irst eq u ation − the second eq uation + the thir d eq ua tion ”, we o btain c F n 3 (0) = \ F n − 1 3 (0) + 2 \ F n − 4 3 (0) + 4 \ F n − 5 3 (0) . n = 3 n = 4 n = 5 n = 6 n = 7 n = 8 n = 9 n = 10 6 8 20 28 56 9 6 168 304 T able 3: The v alues of c F n 3 (0). It is obvious \ F n − 1 (0) ≤ c F n (0) for all n ≥ 4. F or the proof of c F n (0) ≤ 2 \ F n − 1 (0), we show it by induction. F rom T able 3, it is tr ue for n < 7. Assume it is true for all n ≤ s, n, s ≥ 7, w e prov e it for the case s + 1. Since [ F s − 1 3 (0) ≤ 2 [ F s − 2 3 (0) , ( by as sumption ) [ F s − 2 3 (0) ≤ 2 [ F s − 3 3 (0) , ( by as sumption ) c F s 3 (0) = 2( [ F s − 2 3 (0) + [ F s − 3 3 (0)) , [ F s +1 3 (0) = 2( [ F s − 1 3 (0) + [ F s − 2 3 (0)) , (15) It follows fro m the a bove relatio nships that [ F s +1 3 (0) ≤ 2 c F s 3 (0) . Lemma 2.4 L et c n = ( c 0 , · · · , c n − 1 ) ∈ F n 2 . If c 1 = 1 , then | c f n i ( c n ) | ≤ 1 4 · \ F n +2 3 (0) , (0 ≤ i ≤ 3 , n ≥ 9) . Pro of. W e prove it by induction. Firstly with the help of computer, we verify that fo r all n ∈ [3 , 9] , c n 6 = 0, | c f n i ( c n ) | < 1 4 · \ F n +2 3 (0) , (0 ≤ i ≤ 3). (F or example, see T able 4 for the case n = 6. In this case \ F n +2 3 (0) = c F 8 3 (0) = 96, and w e see that | c f 6 i ( c 6 ) | < 1 4 · c F 8 3 (0) = 24 , (0 ≤ i ≤ 3)). Assume the claim is tr ue for all n < s , wher e n ≥ 9 , s ≥ 10, w e now prove it is tr ue for s . Since c 1 = 1, we hav e c n , c n − 1 , c n − 2 , c n − 3 , c n − 4 , c n − 5 are all not zer o vectors. 6 (0 , 36 , 28 , 28 , 4) (1 , 4 , 12 , 4 , 12) (2 , 12 , 20 , 4 , − 4) (3 , − 4 , − 1 2 , − 4 , 4) (4 , 12 , − 4 , 20 , 4) (5 , − 4 , 12 , − 4 , − 4) (6 , − 12 , 4 , − 4 , − 4) (7 , 4 , − 12 , 4 , 4) (8 , 12 , 20 , − 4 , 4) (9 , 12 , 4 , 4 , 12) (10 , 4 , − 4 , 4 , − 4) (11 , − 12 , − 4 , − 4 , 4 ) (12 , 4 , − 1 2 , − 12 , 4 ) (13 , − 12 , 4 , − 4 , − 4 ) (14 , − 4 , 12 , − 4 , − 4) (15 , 12 , − 4 , 4 , 4) (16 , 12 , 4 , 20 , − 4) (1 7 , − 4 , 4 , − 4 , − 12) (18 , 4 , 12 , 12 , 4) (19 , 4 , − 4 , 4 , − 4) (20 , 4 , 4 , − 4 , − 4) ( 21 , 4 , 4 , 4 , 4) (2 2 , − 4 , − 4 , − 12 , 4 ) (23 , − 4 , − 4 , − 4 , − 4 ) (24 , − 12 , − 4 , 4 , − 4 ) (25 , 4 , − 4 , 12 , − 12) (26 , − 4 , − 12 , − 4 , 4 ) (27 , − 4 , 4 , − 1 2 , − 4) (28 , − 4 , − 4 , 12 , − 4 ) (29 , − 4 , − 4 , − 12 , 4 ) (30 , 4 , 4 , 4 , 4) (31 , 4 , 4 , 1 2 , − 4) (32 , 4 , 4 , 1 2 , 12) (33 , 4 , 4 , 4 , 20) (34 , − 4 , − 4 , 4 , − 12 ) (35 , − 4 , − 4 , − 4 , 12) (36 , 12 , 4 , 4 , 12) (37 , − 4 , 4 , − 4 , 4) (38 , 4 , 12 , − 4 , − 12 ) (39 , 4 , − 4 , 4 , 12) (40 , − 4 , − 4 , 12 , − 4 ) (41 , − 4 , − 4 , 4 , 4) (42 , 4 , 4 , 4 , 4) (43 , 4 , 4 , − 4 , − 4) (44 , − 12 , − 4 , 4 , − 4 ) (45 , 4 , − 4 , − 4 , − 12 ) (46 , − 4 , − 12 , − 4 , 4) (47 , − 4 , 4 , 4 , − 4) (48 , − 4 , − 4 , − 12 , 4 ) (49 , − 4 , − 4 , − 4 , 12 ) (50 , 4 , 4 , − 4 , − 4) (51 , 4 , 4 , 4 , 20) (52 , − 12 , − 4 , − 4 , 4 ) (53 , 4 , − 4 , 4 , − 4) (54 , − 4 , − 12 , 4 , − 4 ) (55 , − 4 , 4 , − 4 , − 12) (56 , 4 , 4 , − 12 , 4) (57 , 4 , 4 , − 4 , 12) (5 8 , − 4 , − 4 , − 4 , − 4) (59 , − 4 , − 4 , 4 , − 12) (60 , 12 , 4 , − 4 , 4) (61 , − 4 , 4 , 4 , − 4) (62 , 4 , 1 2 , 4 , − 4) (63 , 4 , − 4 , − 4 , 20) T able 4: ( c, c f 6 0 ( c ) , c f 6 1 ( c ) , c f 6 2 ( c ) , c f 6 3 ( c )), where c = ( c 0 , · · · , c 5 ) ∈ F 6 2 is represent ed b y its corre- sp onding integer num b er P 0 ≤ i ≤ 5 c i 2 i . If c n − 1 = 0, then by Lemma 2.1 a nd Lemma 2.3, w e hav e    c f s 0 ( c s )    =    2( [ f s − 2 0 ( c s − 2 ) + ( − 1 ) c n − 2 · [ f s − 3 0 ( c s − 3 ))    ≤    2( [ f s − 2 0 ( c s − 2 )    + 2    [ f s − 3 0 ( c s − 3 ))    < 1 4 · (2( c F s 3 (0) + [ F s − 1 3 (0))) = 1 4 · [ F s +2 3 (0) . (16) Similarly , the case for | c f n i ( c n ) | < 1 4 · \ F n +2 (0) , ( i = 1 , 2) can be proven. F or the case i = 3, we hav e    c f s 3 ( c s )    =    2( − 1) c s − 2 · [ f s − 3 1 ( c s − 3 + e 1 )    =    2 · [ f s − 3 1 ( c s − 3 + e 1 )    < 1 4 · 2 [ F s − 1 3 (0) < 1 4 · (2 [ F s − 1 3 (0) + 2 c F s 3 (0)) = 1 4 · [ F s +2 3 (0) . (17) If c n − 1 = 1, we prov e the ca se i = 0 , 2, and leav e the pr o of for the case f n 1 , f n 3 to the reader since the recurr ence forms a r e similar . By Lemma 2 .2 , for i = 0 , 2, c f n i ( c n ) = [ f n − 1 0 ( c n − 1 ) ± 2 · [ f n − 4 0 ( c n − 4 )) , or = [ f n − 1 0 ( c n − 1 ) ± 2 · [ f n − 4 0 ( c n − 4 )) ± 4 · [ f n − 5 1 ( c n − 5 ) , or = [ f n − 1 0 ( c n − 1 ) ± 2 · [ f n − 4 0 ( c n − 4 )) ± 4 · [ f n − 5 1 ( c n − 5 + e 2 n − 6 ) . (18) 7 W e pr ove the inequality for the first ca se and the second ca se, while the third case is similar. If c f n i ( c n ) = [ f n − 1 0 ( c n − 1 ) ± 2 · [ f n − 4 0 ( c n − 4 )), then by Lemma 2.3 and induction,    c f s i ( c s )    ≤    [ f s − 1 0 ( c s − 1 )    + 2    [ f s − 4 0 ( c s − 4 )    < 1 4 · ( [ F s +1 3 (0) + 2 [ F s − 2 3 (0)) < 1 4 · (2 c F s 3 (0) + 2 [ F s − 1 3 (0)) = 1 4 · [ F s +2 3 (0) . (19) When c f n i ( c n ) = [ f n − 1 0 ( c n − 1 ) ± 2 · [ f n − 4 0 ( c n − 4 )) ± 4 · [ f n − 5 1 ( c n − 5 ), then by Lemma 2.3 and induction a gain,    c f s i ( c s )    < 1 4 · ( [ F s +1 3 (0) + 2 [ F s − 2 3 (0) + 4 [ F s − 3 3 (0)) = 1 4 · [ F s +2 3 (0) . (20) Theorem 2.5 F or a l l c n = ( x 0 , · · · , x n − 1 ) 6 = 0 and al l n ≥ 3 ,    c F n 3 ( c n )    < c F n 3 (0) . Pro of. F or the few cases n ≤ 10, we hav e the co r rectness by the computer’s co mputation results. Now ass ume n > 1 0. Since c n 6 = 0, by Lemma 1.2, c F n 3 ( x 0 , · · · , x n − 1 ) = c F n 3 ( x j , · · · , x n − j − 1 ) for all j ∈ [0 , n − 1 ]. Thu s we assume c 1 = 1. By Lemma 2.4 , we have    c F n 3 ( c n )    =    [ f n − 2 0 ( c n − 2 ) + ( − 1 ) c n − 2 · [ f n − 2 2 ( c n − 2 ) + ( − 1 ) c n − 1 · [ f n − 2 1 ( c n − 2 ) + ( − 1) c n − 2 + c n − 1 · [ f n − 2 3 ( c n − 2 )    ≤    [ f n − 2 0 ( c n − 2 )    +    [ f n − 2 2 ( c n − 2 )    +    [ f n − 2 1 ( c n − 2 )    +    [ f n − 2 3 ( c n − 2 )    < 1 4 · ( c F n 3 (0) + c F n 3 (0) + c F n 3 (0) + c F n 3 (0)) = c F n 3 (0) . 3 Conclusion In this pap er we prov e the conjecture prop osed in [1], i.e. the no nlinearity o f F n 3 ( x 0 , · · · , x n − 1 ) is the sa me as its weigh t. Recently Cusic k remar ked that co mputer’s results imply tha t the Conjecture ma y b e extended to RSBF with SANF x 0 x a x b ( b > a > 0 ) in the case o f o dd n . How ever it seems diffi cult to prove that. It is interesting to note that it has been pr ov ed in [7] tha t the nonlinearity of F n 2 ( x 0 , · · · , x n − 1 ) = P 0 ≤ i ≤ n − 1 x i x i + s ( mod n ) is the sa me as its weigh t if n gcd ( n,s ) is even. These prop erties show that rotatio n symmetric Bo olea n functions hav e nice crypto g raphic applications. Whether higher degree RSBFs hav e these proper ties is an interesting topic for further resea rch. References [1] Cusick T.W. and St˘ anic˘ a P .: F ast ev aluation,weights and nonlinearity of rotation- symmetric functions, Discr ete Mathematics , 258 (2002), 289-3 01. 8 [2] Filiol E . and F o n taine C.: Highly no nlinear balanced Bo olean functions with a g o o d correla tion-immunit y . In Adv ances in Cryptolo gy -EUROCR YPT’98 , Springer-V er la g, 1998. [3] Piepr zyk J. and Qu C.X.: F ast hashing and rotation symmetric functions. Journal of Universal Computer Scienc e , 5(1),1999 ,20-31 . [4] Mar ia i S., Shimoy ama T. a nd K aneko T.: Higher or der differ e ntial attack using chosen higher o rder differences, in: Sele cte d Ar e as in Crypto gr aphy-SA C’98 , Lectur es Notes in Computer Science. V ol. 1 556, Spring er, Ber lin, 199 9, 106-1 17. [5] St˘ a nic˘ a P . and Maitr a S.: Ro ta tion symmetric Bo olea n functions- Co unt and cryptogr aphic prop erties. Discr ete A pplie d Mathema tics , 156,2008, 1 567-1 580. [6] Kavut S., Ma itra S. and Y ucel M.D.: Search for Bo o lean functions with excellen t profiles in the ro ta tion symmetric clas s, IEEE T r ansactio n on Information The ory , 53 (5),2007 , 1743- 1751. [7] Kim H., Park S. and Ha hn S.G.: On the weight and nonlinear it y of homo geneous r o tation symmetric Bo olea n functions of degree 2 . Discr ete Applie d Mathematics , 1 5 7,200 9, 4 2 8-432 . [8] Ciungu L. C.: Cryptogra phic Bo olea n functions: Thus-Morse sequenc e s, weight and non- linearity . PHD thesis, the University a t Buffalo, State University of New Y or k, 201 0.03. 9