Generation Module

As already stated, there are several scenarios where researchers need to create new S-boxes or Boolean functions. When that need arises, natural question is how to do it. In general, there are three methods how to construct such nonlinear ele-ments, namely, algebraic constructions, random search and heuristic methods (and of course, combinations of those three methods) [Goo05].

Algebraic constructions, like finite field inversion [Nyb91] offer a way to generate nonlinear elements that have several optimal properties. Random search represents a method that can be used for fast generation of multiple S-boxes or Boolean func-tions. As far as the authors know, for larger sizes of S-boxes and Boolean functions, random search cannot reach optimal values (further details in Chapters 4 and 5).

Heuristic methods refer to the experience based methods for problem solving that give solutions that are not guaranteed to be optimal. As presented in the follow-ing chapters, heuristic methods (more precisely, we work with EAs) can be used to generate S-boxes or Boolean functions with highly competitive properties when compared with algebraic construction or random search methods. We implemented several methods for generating nonlinear elements that belong to the above classes.

At this moment, we support only the generation of balanced nonlinear elements.

58

3.6.1 Random Search

With this method, the Generation module creates random balanced Boolean function or S-boxes until a certain termination condition is fulfilled. Termination condition can be either the number of generated nonlinear elements or whether an element with a certain property is generated. In our opinion, the main purpose of a random search is to serve as a benchmark since it cannot compete with the quality of obtained solutions with algebraic construction or heuristic search methods.

3.6.2 Hill Climbing

Hill Climbing (HC) is an optimization technique belonging to the class of local search methods. It is an iterative algorithm that starts with an arbitrary solution to a prob-lem, then attempts to find a better solution by incrementally changing a single ele-ment of the solution. If the change produces a better (or equally good) solution, an incremental change is made to the new solution, repeating until no further improve-ments can be found. Our HC algorithm can make only one change for each element in the encoding. We implemented both hill climbing and strong hill climbing where the difference is that in hill climbing equally good solution is accepted for a change while in the strong HC only the better solutions are accepted.

The hill climbing algorithm works both for Boolean functions and S-boxes, but the implementations are different since for the Boolean functions there is a constraint to keep the function balanced (i.e. the encoding must contain the same number of zeros and ones). The algorithm works by iteratively going through every element iin the encoding and swapping its value with every other element’s j value where i < j. In the case that the fitness of new solution is better, algorithm continues with new element i + 1, otherwise, it reverts the swap and continues to compare element iwith element j + 1. We present the pseudocode for HC algorithm for permutation encoding in Algorithm 3.

Algorithm 3Hill climbing algorithm for permutation encoding.

fitness = evaluate_fitness

for allelement i in permutation encoding do for allelement j in permutation encoding do

swap_elements (i, j)

3.6.3 Absence of EAs in Generation Module

The Generation module has no evolutionary algorithms implemented, but we still mention them here since the core of this thesis is their applications to cryptology.

Here, we offer reasoning behind the decision not to implement EAs in the GET tool. If we decide to implement such methods, first question that arises is what algorithm to implement. As shown in Chapters 4 and 5, for instance, when trying to evolve Boolean functions GP gives better results than the GA. However, GP is difficult to use to evolve S-boxes and it gives significantly worse results. Therefore, if we want to give a fair treatment of both nonlinear elements we need to implement two algorithms. Even then, many other algorithms are possible to use. A similar reasoning can be followed for the EAs selection and variation operators. As soon as we implement several evolutionary algorithms, GET tool would change its focus from S-box and Boolean functions tool to an evolutionary algorithm framework.

In accordance to that, we implement support for the evaluation of Boolean func-tions and S-boxes of arbitrary sizes to the evolutionary framework used throughout the thesis - ECF [Jea14]. We implement minimal working examples, but interested re-searcher can add all evaluation capabilities of GET tool by simply using it as a static library for instance. Additional information about installation and running ECF can be found in Appendices A and B.

3.6.4 Interface

First, a user needs to choose whether to use a random search or a hill climbing algo-rithm. In the case of Boolean functions, the output is TT in bitstring representation, and in the case of S-boxes, the output is a lookup table in a hexadecimal format.

Next, the user needs to choose the stopping condition for an algorithm. In the case that hill climbing is chosen, the user additionally needs to choose the name of the file that contains the nonlinear element to be improved. In Figure 3.2, we display a basic flowchart for the Generation module.

3.6.5 Program Code Example

We give a small source code example when a random search is used. Again, this example is based on static library version of the program. This function generates 100 random S-boxes of input and output size 4 and outputs them to the file “ran-dom.txt”.

# i n c l u d e < g e t . h>

i n t main ( i n t argc , char ∗ argv [ ] ) {

create_random ( 4 , 4 , 1 0 0 , " random . t x t " ) ; }

60

Figure 3.2: Flowchart for the Generate module.