# Claude CarletUniversité de Vincennes - Paris 8 | UP8

Claude Carlet

## About

303

Publications

36,070

Reads

**How we measure 'reads'**

A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more

10,903

Citations

## Publications

Publications (303)

Recently, Beierle and Leander found two new sporadic quadratic APN permutations in dimension 9. Up to EA-equivalence, we present a single trivariate representation of those two permutations as Cu:(F2m)3→(F2m)3,(x,y,z)↦(x3+uy2z,y3+uxz2,z3+ux2y), where m=3 and u∈F23∖{0,1} such that the two permutations correspond to different choices of u. We then an...

Non-Stop University CRYPTO is the International Olympiad in Cryptography that was held for the eight time in 2021. Hundreds of university and school students, professionals from 33 countries worked on mathematical problems in cryptography during a week. The aim of the Olympiad is to attract attention to curious and even open scientific problems of...

In the independent works by Kalgin and Idrisova and by Beierle, Leander and Perrin, it was observed that the Gold APN functions over $\mathbb{F}_{2^5}$ give rise to a quadratic APN function in dimension 6 having maximum possible linearity of $2^5$. In this note, we show that the case of $n \leq 5$ is quite special in the sense that Gold APN functio...

In this paper, we make a comprehensive study of two classes of Boolean functions whose interest originally comes from hybrid symmetric-FHE encryption (with stream ciphers like FiLIP), but which also present much interest for general stream ciphers. The functions in these two classes are cheap and easy to implement, and they allow the resistance to...

The International Olympiad in Cryptography NSUCRYPTO is the unique Olympiad containing scientific mathematical problems for professionals, school and university students from any country. Its aim is to involve young researchers in solving curious and tough scientific problems of modern cryptography. In 2020, it was held for the seventh time. Prizes...

Boolean functions, and bent functions in particular, are considered up to so-called EA-equivalence, which is the most general known equivalence relation preserving bentness of functions. However, for a special type of bent functions, so-called Niho bent functions there is a more general equivalence relation called o-equivalence which is induced fro...

Recently, Beierle and Leander found two new sporadic quadratic APN permutations in dimension 9. Up to EA-equivalence, we present a single trivariate representation of those two permutations as $C_u \colon (\mathbb{F}_{2^m})^3 \rightarrow (\mathbb{F}_{2^m})^3, (x,y,z) \mapsto (x^3+uy^2z, y^3+uxz^2,z^3+ux^2y)$, where $m=3$ and $u \in \mathbb{F}_{2^3}...

Using recent results on solving the equation X2k+1+X+a=0\documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$$X^{2^k+1}+X+a=0$$\end{document} over a finite field F2n\document...

In this work we give several generalizations of the isotopic shift construction, introduced recently by Budaghyan et al. (IEEE Trans Inform Theory 66:5299–5309, 2020), when the initial function is a Gold function. In particular, we derive a general construction of APN functions which covers several unclassified APN functions for n=8\documentclass[1...

We derive necessary conditions related to the notions, in additive combinatorics, of Sidon sets and sum-free sets, on those exponents \begin{document}$ d\in {\mathbb Z}/(2^n-1){\mathbb Z} $\end{document}, which are such that \begin{document}$ F(x) = x^d $\end{document} is an APN function over \begin{document}$ {\mathbb F}_{2^n} $\end{document} (whi...

This work is dedicated to APN and AB functions which are optimal against differential and linear cryptanlysis when used as S-boxes in block ciphers. They also have numerous applications in other branches of mathematics and information theory such as coding theory, sequence design, combinatorics, algebra and projective geometry. In this paper we giv...

The six infinite families of power APN functions are among the oldest known instances of APN functions, and it has been conjectured in 2000 that they exhaust all possible power APN functions. Another long-standing open problem is that of the Walsh spectrum of the Dobbertin power family, which is the only one among the six families for which it rema...

We investigate whether it is possible to evolve cryptographically strong S-boxes that have additional constraints on their structure. We investigate two scenarios: where S-boxes additionally have a specific sum of values in rows, columns, or diagonals and the scenario where we check that the difference between the Hamming weights of inputs and outp...

Given a vectorial function
${F}:\mathbb {F}_{2}^{{n}} \mapsto \mathbb {F}_{2}^{{m}}$
, the indicator
$1_{{\mathcal {G}}_{{F}}}$
of its graph
${\mathcal{ G}}_{{F}}=\{({x},{F}({x})); {x}\in \mathbb {F}_{2}^{{n}}\}$
allows to express the algebraic degree of
$F$
in a simple way. Exploiting the formula, obtained in a previous article, for the gr...

NSUCRYPTO is the unique cryptographic Olympiad containing scientific mathematical problems for professionals, school and university students from any country. Its aim is to involve young researchers in solving curious and tough scientific problems of modern cryptography. From the very beginning, the concept of the Olympiad was not to focus on solvi...

We investigate the differential properties of a vectorial Boolean function G obtained by modifying an APN function F . This generalizes previous constructions where a function is modified at a few points. We characterize the APN-ness of G via the derivatives of F, and deduce an algorithm for searching for APN functions whose values differ from thos...

We characterize the ANF and the univariate representation of any vectorial function as parts of the ANF and bivariate representation of the Boolean function equal to its graph indicator. We show how this provides, when F is bijective, the expression of F
<sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">...

Almost perfect nonlinear (APN) functions over fields of characteristic 2 play an important role in cryptography, coding theory and, more generally, mathematics and information theory. In this paper we deduce a new method for constructing APN functions by studying the isotopic equivalence, concept defined for quadratic planar functions in fields of...

Using recent results on solving the equation $X^{2^k+1}+X+a=0$ over a finite field $\mathbb{F}_{2^n}$, we address an open question raised by the first author in WAIFI 2014 concerning the APN-ness of the Kasami functions $x\mapsto x^{2^{2k}-2^k+1}$ with $gcd(k,n)=1$, $x\in\mathbb{F}_{2^n}$.

Side-channel attacks and fault injection attacks are nowadays important cryptanalysis methods on the implementations of block ciphers, which represent huge threats. Direct sum masking (DSM) has been proposed to protect the sensitive data stored in registers against both SCA and FIA. It uses two linear codes C and D whose sum is direct and equals Fq...

The hull of a linear code is defined to be the intersection of the code and its dual, and was originally introduced to classify finite projective planes. The hull plays an important role in determining the complexity of algorithms for checking permutation equivalence of two linear codes and computing the automorphism group of a linear code. It has...

We revisit the design of filter permutators as a general approach to build stream ciphers that can be efficiently evaluated in a fully homomorphic manner. We first introduce improved filter permutators that allow better security analyses, instances and implementations than the previously proposed family of ciphers. We also put forward the similarit...

The proliferation of small embedded devices having growing but still limited computing and data storage facilities, and the related development of cloud services with extensive storage and computing means, raise nowadays new privacy issues because of the outsourcing of data processing. This has led to a need for symmetric cryptosystems suited for h...

Problems and their solutions of the Fifth International Students’ Olympiad in cryptography NSUCRYPTO’2018 are presented. We consider problems related to attacks on ciphers and hash functions, Boolean functions, quantum circuits, Enigma, etc. We discuss several open problems on orthogonal arrays, Sylvester matrices, and disjunct matrices. The proble...

Side-channel attacks (SCAs) and fault injection attacks (FIAs) allow an opponent to have partial access to the internal behavior of the hardware. Since the end of the 1990s, many works have shown that this type of attacks constitutes a serious threat to cryptosystems implemented in embedded devices. In the state of the art, there exist several coun...

Problems and their solutions of the Fifth International Students' Olympiad in cryptography NSUCRYPTO'2018 are presented. We consider problems related to attacks on ciphers and hash functions, Boolean functions, quantum circuits, Enigma, etc. We discuss several open problems on orthogonal arrays, Sylvester matrices and disjunct matrices. The problem...

Motivated by the application of delegating computation, we revisit the design of filter permutators as a general approach to build stream ciphers that can be efficiently evaluated in a fully homomorphic manner. We first introduce improved filter permutators that allow better security analyses, instances and implementations than the previously propo...

In 2007, Carlet and Ding introduced two parameters, denoted by NbF and NBF, quantifying respectively the balancedness of general functions F between finite Abelian groups and the (global) balancedness of their derivatives DaF(x) = F(x+a)..F(x), a ε G/{0} (providing an indicator of the nonlinearity of the functions). These authors studied the proper...

In this paper, we summarize the results obtained recently in three papers on differentially uniform functions in characteristic 2, and presented at the workshop WCC 2017 in Saint-Petersburg, and we give new results on these functions. Firstly, we recall the recent connection between almost perfect nonlinear (APN) power functions and the two notions...

Mathematical problems and their solutions from the fourth International Students’ Olympiad in cryptography (NSUCRYPTO-2017) are presented. We consider problems related to attacks on ciphers and hash functions, cryptographic Boolean functions, linear branch numbers, addition chains, and error correction codes, among others. We discuss several open p...

This book constitutes the proceedings of the Third International Conference on Codes, Cryptology and Information Security, C2SI 2019, held in Rabat, Morocco, in April 2019.
The 19 regular papers presented together with 5 invited talks were carefully reviewed and selected from 90 submissions. The first aim of this conference is to pay homage to Sai...

Linear codes with complementary duals (abbreviated LCD) are linear codes whose intersection with their dual is trivial. When they are binary, they play an important role in armoring implementations against side-channel attacks and fault injection attacks. Non-binary LCD codes in characteristic 2 can be transformed into binary LCD codes by expansion...

We prove a conjecture on the nonlinearity of monotone Boolean functions in even dimension, proposed in the recent paper “Cryptographic properties of monotone Boolean functions”, by Carlet et al. (J. Math. Cryptol. 10(1), 1–14, 2016). We also prove an upper bound on such nonlinearity, which is asymptotically much stronger than the conjectured upper...

Finding cryptographic primitives satisfying certain properties is a difficult problem. In this domain, besides the algebraic constructions, researchers often use heuristics. There exists a set of interesting problems related to the notion of differential uniformity for a function F : F n 2 → F m 2. When n = m, then the best obtainable differential...

Linear complementary pairs (LCP) of codes play an important role in armoring implementations against sidechannel attacks and fault injection attacks. One of the most common ways to construct LCP of codes is to use Euclidean linear complementary dual (LCD) codes. In this paper, we first introduce the concept of linear codes with σ complementary dual...

Little theoretical work has been done on (n, m)-functions when \(\frac{n}{2}<m<n\), even though these functions can be used in Feistel ciphers, and actually play an important role in several block ciphers. Nyberg has shown that the differential uniformity of such functions is bounded below by \(2^{n-m}+2\) if n is odd or if \(m>\frac{n}{2}\). In th...

Naïve implementation of block ciphers are subject to side-channel and fault injection attacks. To deceive side-channel attacks and to detect fault injection attacks, the designer inserts specially crafted error correcting codes in the implementation. The impact of codes on protection against fault injection attacks is well studied: the number of de...

In [Characterizations of the differential uniformity of vectorial functions by the Walsh transform, IEEE Transactions on Information Theory 2017], the author has characterized differentially δ-uniform functions by equalities satisfied by their Walsh transforms. This generalizes the characterization of APN functions by the fourth moment of the Walsh...

Direct sum masking (DSM) has been proposed as a counter-measure against side-channel attacks (SCA) and fault injection attacks (FIA), which are nowadays important domains of cryptanalysis. DSM needs two linear codes whose sum is direct and equals a whole space $\Bbb F_q^n$. The minimum distance of the former code and the dual distance of the latter...

Using algebraic curves over finite fields, we construct some codes suitable for being used in the countermeasure called Direct Sum Masking which allows, when properly implemented, to protect the whole cryptographic block cipher algorithm against side channel attacks and fault injection attacks, simultaneously. These codes address a problem which ha...

Mathematical problems and their solutions of the Fourth International Students' Olympiad in cryptography NSUCRYPTO'2017 are presented. We consider problems related to attacks on ciphers and hash functions, cryptographic Boolean functions, the linear branch number, addition chains, error correction codes, etc. We discuss several open problems on alg...

We give a new concatenated type construction for linear codes with complementary dual (LCD) over small finite fields. In this construction,we need a special class of inner codes that we call isometry codes. Our construction generalizes a recent construction of Carlet et al. (2014–2016) and of Güneri et al. (2016). In particular, it allows us to con...

Direct Sum Masking (DSM) and Inner Product (IP) masking are two types of countermeasures that have been introduced as alternatives to simpler (e.g., additive) masking schemes to protect cryptographic implementations against side-channel analysis. In this paper, we first show that IP masking can be written as a particular case of DSM. We then analyz...

The correlation immunity of Boolean functions is a property related to cryptography, to error correcting codes, to orthogonal arrays (in combinatorics) and in a slightly looser way to sequences. Correlation-immune Boolean functions (in short, CI functions) have the property of keeping the same output distribution when some input variables are fixed...

In a first part of this paper, we investigate those Boolean functions satisfying two apparently related, but in fact distinct conditions concerning the algebraic degree: 1. we study those Boolean functions f whose restrictions to all a fine hyperplanes have the same algebraic degree (equal to deg(f), the algebraic degree of f), 2. we study those fu...

For every positive integers n and m and every even positive integer δ, we derive inequalities satisfied by the Walsh transforms of all vectorial (n, m)-functions and prove that the case of equality characterizes differential δ-uniformity. This provides a generalization to all differentially δ-uniform functions of the characterization of Almost Perf...

We study the problem of existence of APN functions of algebraic degree n over F2n. We characterize such functions by means of derivatives and power moments of the Walsh transform. We deduce several non-existence results which imply, in particular, that for most of the known APN functions F over F2n the function x2n−1+F(x) is not APN, and changing a...

We study the main cryptographic features of Boolean functions (balancedness, nonlinearity, algebraic immunity) when, for a given number n of variables, the input to these functions is restricted to some subset E of

The notion of o-polynomial comes from finite projective geometry. In 2011 and later, it has been shown that those objects play an important role in symmetric cryptography and coding theory to design bent Boolean functions, bent vectorial Boolean functions, semi-bent functions and to construct good linear codes. In this note, we characterize o-polyn...

This paper is composed of two main parts related to the nonlinearity of vectorial functions. The first part is devoted to maximally nonlinear (n, m) functions (the so-called bent vectorial functions), which contribute to an optimal resistance to both linear and differential attacks on symmetric cryptosystems. They can be used in block ciphers at th...

Linear complementary dual (LCD) cyclic codes were referred historically to as reversible cyclic codes, which had applications in data storage. Due to a newly discovered application in cryptography, there has been renewed interest in LCD codes. In particular, it has been shown that binary LCD codes play an important role in implementations against s...

We study the main cryptographic features of Boolean functions (balancedness, nonlinearity, algebraic immunity) when, for a given number n of variables, the input to these functions is restricted to some subset E of

Linear complementary pairs (LCP) of codes play an important role in armoring implementations against side-channel attacks and fault injection attacks. One of the most common ways to construct LCP of codes is to use Euclidean linear complementary dual (LCD) codes. In this paper, we first introduce the concept of linear codes with $\sigma$ complement...

In 2013, Tang, Carlet and Tang [IEEE TIT 59(1): 653-664, 2013] presented two classes of Boolean functions. The functions in the first class are unbalanced and the functions in the second one are balanced. Both of those two classes of functions have high nonlinearity, high algebraic degree, optimal algebraic immunity, and high fast algebraic immunit...

When discussing how to improve side-channel resilience of a cipher, an obvious direction is to use various masking or hiding countermeasures. However, such schemes come with a cost, e.g. an increase in the area and/or reduction of the speed. When considering lightweight cryptography and various constrained environments, the situation becomes even m...

On one hand collision attacks have been introduced in the context of side-channel analysis for attackers who exploit repeated code with the same data without having any knowledge of the leakage model. On the other hand, stochastic attacks have been introduced to recover leakage models of internally processed intermediate secret variables. Both tech...

Linear codes with complementary duals (abbreviated LCD) are linear codes whose intersection with their dual are trivial. When they are binary, they play an important role in armoring implementations against side-channel attacks and fault injection attacks. Non-binary LCD codes in characteristic 2 can be transformed into binary LCD codes by expansio...

Plateaued (vectorial) functions have an important role in the sequence and cryptography frameworks. Given their importance, they have not been studied in detail in general framework. Several researchers found recently results on their characterizations and introduced new tools to understand their structure and to design such functions. In this work...

We study linear complementary pairs (LCP) of codes (C, D), where both codes belong
to the same algebraic code family. We especially investigate constacyclic and quasi-cyclic LCP
of codes. We obtain characterizations for LCP of constacyclic codes and LCP of quasi-cyclic
codes. Our result for the constacyclic complementary pairs extends the character...

Binary linear codes with good parameters have important applications in secret sharing schemes, authentication codes, association schemes, and consumer electronics and communications. In this paper, we construct several classes of binary linear codes from vectorial Boolean functions and determine their parameters, by further studying a generic cons...

In this paper, we first present a novel secondary construction of bent functions (building new bent functions from two already defined ones). Furthermore, the algebraic degree and algebraic immunity of the constructed functions are analysed. Finally, we apply the construction using as initial functions some specific bent functions and then specify...

The role of Boolean functions is prominent in several areas like cryptography, sequences, and coding theory. Therefore, various methods for the construction of Boolean functions with desired properties are of direct interest. New motivations on the role of Boolean functions in cryptography with attendant new properties have emerged during the years...

Symmetric ciphers purposed for Fully Homomorphic Encryption (FHE) have recently been proposed for two main reasons. First, minimizing the implementation (time and memory) overheads that are inherent to current FHE schemes. Second, improving the homomorphic capacity, i.e. the amount of operations that one can perform on homomorphic ciphertexts befor...

Side Channel Analysis (SCA) is a class of attacks that exploits leakage of information from a cryptographic implementation during execution. To thwart it, masking is a common countermeasure. The principle is to randomly split every sensitive intermediate variable occurring in the computation into several shares and the number of shares, called the...

We recall why linear codes with complementary duals (LCD codes) play a role in counter-measures to passive and active side-channel analyses on embedded cryptosystems. The rate and the minimum distance of such LCD codes must be as large as possible. We recall the known primary construction of such codes with cyclic codes, and investigate other const...

We prove various results on monotone Boolean functions. In particular, we prove a conjecture
proposed recently, stating that there are no monotone bent Boolean functions.
Further, we give an upper bound on the nonlinearity of monotone functions in odd dimension, we describe the Walsh–Hadamard spectrum and investigate some other cryptographic proper...

In this survey, we revisit the Rothaus paper and the chapter of Dillon’s thesis dedicated to bent functions, and we describe the main results obtained on these functions during these last 40 years. We also cover more briefly super-classes of Boolean functions, vectorial bent functions and bent functions in odd characteristic.

This book constitutes the refereed proceedings of the 6th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2016, held in Hyderabad, India, in December 2016.
This annual event is devoted to various aspects of security, privacy, applied cryptography, and cryptographic engineering. This is indeed a very chall...

The role of Boolean functions is prominent in several areas like cryptography, sequences and coding theory. Therefore, various methods to construct Boolean functions with desired properties are of direct interest. When concentrating on Boolean functions and their role in cryptography, we observe that new motivations and hence new properties have em...

We give a survey of recent applications of group rings to combinatorics and to cryptography, including their use in the differential cryptanalysis of block ciphers.