Almost Difference Sets with ApplicationsC. Ding, “Binary cyclotomic generators,” FSE’94, LNCS...

❁Dr. Cunsheng DINGHKUST, Hong Kong Almost Difference Sets with Applications

Almost Difference Sets with Applications

Cunsheng DING, HKUST, Kowloon, Hong Kong, CHINA

July 2004


Outline of this Talk

• Definition and history

• Cyclotomic constructions

• Davis’ constructions

• A generic construction with perfect nonlinear functions

• Two generic constructions with difference sets

• Concluding remarks

• Open problems

Page 1 July 2004


Difference Sets

Definition: Let (A, +) be an abelian group of ordern. Let C be ak-subset ofA.

The setC is an(n, k, λ) difference set ofA if dC(w) = λ for every nonzero

element ofA, wheredC(w) is thedifference function defined by

dC(w) = |(C + w) ∩ C|.

Necessary condition:k(k − 1) = (n − 1)λ.

Remark: Difference sets do not exist for many parametersn, k, λ.

Remark: This is a topic with a long history and many people have workedon it.

Reference:D. Jungnickel and A. Pott, “Difference sets: an introduction,” in

Difference Sets, Sequences and their Correlation Properties, eds., A. Pott, P.V.

Kumar, T. Helleseth and D. Jungnickel, pp. 259–295. Amsterdam: Kluwer, 1999.

Page 2 July 2004


Divisible Difference Sets and Relative Difference Sets

Divisible difference sets:Let (G, +) be a group of ordermn and(N, +) a

subgroup ofG of ordern. A k-subsetD of G is an(m, n, k, λ1, λ2) divisible

difference set if the list of differences{d1 − d2 : d1, d2 ∈ D, d1 6= d2} contain

every nonidentity element ofN exactlyλ1 times and every element ofG \ N

exactlyλ2 times.

If λ1 = 0, D is called arelative difference set, andN is called theforbidden

subgroup.

Page 3 July 2004


The Almost Difference Sets defined by Davis

Definition: J. A. Davis called a divisible difference setD analmost difference set

if λ1 andλ2 differ by 1.

Davis’ motivation: Davis defined this special class of almost difference sets due

to its relationship to “symmetric difference sets”.

Reference:J. A. Davis, “Almost difference sets and reversible difference sets,”

Arch. Math., vol. 59, pp. 595–602, 1992.

Page 4 July 2004


The Almost Difference Sets defined by Ding

Definition: Let (A, +) be an abelian group of ordern. Let C be ak-subset ofA.

The setC is an(n, k, λ) almost difference set of A if dC(w) takes on the valueλ

andλ + 1 altogether(n − 1)/2 times each whenw ranges over all the nonzero

elements ofA, wheredC(w) is thedifference function defined by

dC(w) = |(C + w) ∩ C|.

Motivation: Sequences and highly nonlinear functions for cryptography

C. Ding, “The differential cryptanalysis and design of the natural stream ciphers,”

FSE’93, LNCS 809, Springer-Verlag, pp. 101–115, 1994.

C. Ding, “Binary cyclotomic generators,” FSE’94, LNCS 1008, Springer-Verlag,

pp. 29–60, 1995.

Page 5 July 2004


Discovery of the Confusion

• NATO Workshop on Difference Sets, Sequences and Their Correlation

Properties, Bad Windsheim, Germany, August 2-13, 1998.

• Informed about Davis’ paper by some participant from this workshop.

• Confirmed by Davis that the two are different.

• Questions from J. Seberry during the talk and discussion after the talk.

Comment: There is a need to settle this confusion!

Page 6 July 2004


Unification of the two Types of Almost Difference Sets

• Ding, Helleseth and Martinsen generalized the two kinds of ADSs by defining

the(n, k, λ, t) ADSs, for the purpose of obtaining binary sequences with

optimal autocorrelation.

It unifies the two different kinds of almost difference sets.

• This broader class of ADSs was studied independently by Mertens and

Bessenrodt for the Bernasconi model in physics in 1998.

C. Ding, T. Helleseth and H. M. Martinsen, “New families of binary sequences

with optimal three-level autocorrelation,”IEEE Trans. Inform. Theory 47 (2001)

428–433.

S. Mertens and C. Bessenrodt, “On the ground states of the Bernasconi model,”J.

Phys. A: Math. Gen. 31 (1998) 3731–3749.

Page 7 July 2004


Definition of the Unified (n, k, λ, t) Almost Difference Sets

Definition: Let (A, +) be an abelian group of ordern. A k-subsetC of A is an

(n, k, λ, t) almost difference setof A if dC(w) takes onλ altogethert times and

λ + 1 altogethern − 1 − t times whenw ranges over all the nonzero elements of

A, where

dC(w) = |(C + w) ∩ C|.

Necessary condition:k(k − 1) = tλ + (n − 1 − t)(λ + 1).

Property: D is an(n, k, λ, t) ADS of an abelian group(A, +) iff the complement

D∗ = A \ D is an(n, n − k, n − 2k + λ, t) ADS.

Comment: Difference sets are just special almost difference sets, i.e.,

(n, k, λ, n − 1) almost difference sets!

Page 8 July 2004


Cyclotomy

• “Cyclotomy” (circle division): the problem of dividing thecircumference of

the unit circle into a given number,n, of arcs of equal lengths.

• By the “theory of cyclotomy”, we mean the special attack uponthis problem

discovered by Gauss in connection with the ruler-and-compass construction of

the regular polygon ofn sides.

This formulation of the problem had been discussed in Euclid’s time, and it

was known that the regular polygons ofn = 2s, 3 · 2s, 5 · 2s, 15 · 2s sides were

so constructable for all values ofs. Gauss proved that the regular polygons of

sides2s · n are constructable with ruler and compass, ifn is a prime of the

form 22k

+ 1.

• The theory of cyclotomy is related to the arithmetic ofZn.

Page 9 July 2004


Cyclotomy

Let q = df + 1 be a power of a prime,θ a fixed primitive element of GF(q). Define

D(d,q)i = θi(θd). The cosetsD(d,q)

l are called theindex classes or cyclotomic

classes of orderd with respect to GF(q). Clearly GF(q) \ {0} = ∪d−1i=0 D

(d,q)i .

Define

(l, m)d = |(D(d,q)l + 1) ∩ D(d,q)

m |.

These constants(l, m)d are calledcyclotomic numbers of orderd with respect to

GF(q).

Applications: Sequences, coding theory, cryptography, combinatorics.

Page 10 July 2004


Several Cyclotomic Constructions

1. D(2,q)0 with parameters

(

q, q−12 , q−5

4 , q−12

)

, whereq ≡ 1 (mod 4). It is alsocalled Paley partial difference set.


(

q, q−14 , q−13

16 , q−12

)

, whereq = 25 + 4y2 orq = 9 + 4y2 (Ding 1997).

3. D(4,q)0 ∪ {0} with parameters

(

q, q+34 , q−5

16 , q−12

)

, whereq = 1 + 4y2 orq = 49 + 4y2 (Ding, Helleseth and Lam 1998).


(

q, q−18 , q−41

64 , q−12

)

, whereq ≡ 41 (mod 64) andq = 192 + 4y2 = 1 + 2b2 for some integery andb or q ≡ 41 (mod 64) andq = 132 + 4y2 = 1 + 2b2 for some integery andb (Ding 1997).

5. D(4,q)i ∪ D

(4,q)i+1 for all i with parameters

(

q, q−12 , q−5

4 , q−12

)

, whereq = x2 + 4 andx ≡ 1 (mod 4) (Ding, Helleseth and Lam 1998).

Page 11 July 2004


A Construction with Generalized Cyclotomy

• Let g be a fixed common primitive root of both primesp andq. Defined = gcd(p − 1, q − 1), and letde = (p − 1)(q − 1). Then there exists anintegerx such that

Z∗pq = {gsxi : s = 0, 1, ..., e − 1; i = 0, 1, ..., d − 1}.

• Whiteman’s generalized cyclotomy: thecyclotomic class Di is

Di = {gsxi : s = 0, 1, ..., e − 1}i = 0, 1, ..., d − 1.

• Thegeneralized cyclotomic numbers are defined by

(i, j)d = |(Di + 1) ∩ Dj |.

• It was used by Whiteman to find the two-prime difference sets.

Page 12 July 2004


A Construction with Generalized Cyclotomy

Suppose thatgcd(p − 1, q − 1) = 2. Let D0 andD1 be the cyclotomic classes of

order 2. Define

C = D1 ∪ {p, 2p, · · · , (q − 1)p}.

If q − p = 4 and(p − 1)(q − 1)/4 is odd, thenC is a

(p(p + 4), (p + 3)(p + 1)/2, (p + 3)(p + 1)/4, (p − 1)(p + 5)/4)

almost difference set ofZp(p+4).

Remark: This is a special case of the autocorrelation values of the generalized

cyclotomic sequences of order 2 in the following reference.

Reference:C. Ding, “Autocorrelation values of the generalized cyclotomic

sequences of order 2”,IEEE Trans. Inform. Theory 44 (1998) 1698–1702.

Page 13 July 2004


Lempel-Cohn-Eastman’s Construction

Let q be old. DefineCq = logα(D(2,q)1 − 1). Then the setCq is

• a(

q − 1, q−12 , q−3

4 , 3q−54

)

almost difference set ifq ≡ 3 (mod 4), and

• a(

q − 1, q−12 , q−5

4 , q−14

)

almost difference set ifq ≡ 1 (mod 4).

Comment: It is again based on cyclotomy. Lempel, Cohn and Eastman’s original

construction was on sequences with optimal autocorrelation.

Remark: Someone said that the construction was given by Sidelnikov earlier.

A. Lempel, M. Cohn, and W. L. Eastman, “A class of binary sequences with

optimal autocorrelation properties,”IEEE Trans. Inform. Theory 23 (1977) 38–42.

V. M. Sidelnikov, “Somek-valued pseudo-random sequences and nearly

equidistant codes,”Probl. Inform. Trans. 5 (1969) 12–16.

Page 14 July 2004


Ding-Helleseth-Martinsen’s Constructions: Part I

Let q ≡ 5 (mod 8) be a prime power. It is known thatq = s2 + 4t2 for somesandt with s ≡ ±1 (mod 4). Setn = 2q.

Let i, j, l ∈ {0, 1, 2, 3} be three pairwise distinct integers, and define

C =[

{0} × (D(4,q)i ∪ D

(4,q)j )

]

∪[

{1} × (D(4,q)l ∪ D

(4,q)j )

]

.

ThenC is an(

n, n−22 , n−6

4 , 3n−64

)

almost difference set ofA = GF(2) × GF(q) if

(1) t = 1 and(i, j, l) = (0, 1, 3) or (0, 2, 1); or

(2) s = 1 and(i, j, l) = (1, 0, 3) or (0, 1, 2)

C. Ding, T. Helleseth and H. M. Martinsen, “New families of binary sequenceswith optimal three-level autocorrelation,”IEEE Trans. Inform. Theory 47 (2001)428–433.

Page 15 July 2004


Ding-Helleseth-Martinsen’s Constructions: Part II

Let q ≡ 5 (mod 8) be a prime power. It is known thatq = s2 + 4t2 for somes

andt with s ≡ ±1 (mod 4). Setn = 2q.

Let i, j, l ∈ {0, 1, 2, 3} be three pairwise distinct integers, and define

C =[

{0} ×(

D(4,q)i ∪ D

(4,q)j

)]

∪[

{1} ×(

D(4,q)l ∪ D

(4,q)j

)]

∪ {0, 0}.

ThenC is an(

n, n2 , n−2

4 , 3n−24

)

almost difference set ofA = GF(2) × GF(q) if

(1) t = 1 and(i, j, l) ∈ {(0, 1, 3), (0, 2, 3), (1, 2, 0), (1, 3, 0)}; or

(2) s = 1 and(i, j, l) ∈ {(0, 1, 2), (0, 3, 2), (1, 0, 3), (1, 2, 3)}.

Remark: For the construction of sequences with optimum autocorrelation

Page 16 July 2004


Davis’ Constructions

There are almost difference sets with the following parameters:

1.(

4 · 32a, 2(

32a − 3a)

, 32a − 2 · 3a, 32a − 1)

in H × Z23a , whereH is a group

of order4;

2.(

(q + 1)q2, q(q + 1), q, q2 − 1)

in H × EA(q2), whereEA(q2) denotes the

additive group(GF (q2), +) andH is a group of orderq + 1.

Reference:J. A. Davis, “Almost difference sets and reversible difference sets,”

Arch. Math. 59 (1992) 595–602.

Page 17 July 2004


A Generic Construction with Perfect Nonlinear Functions

Let (A, +) and(B, +) be abelian groups of ordern andm respectively, and letf

be a function fromA to B. One measure of nonlinearity off is defined by

Pf = max0 6=a∈A

maxb∈B

Pr(f(x + a) − f(x) = b), (1)

wherePr(E) denotes the probability of the occurrence of evenE.

Pf ≥1

|B|. (2)

We say thatf hasperfect nonlinearity if Pf = 1m

.

C. Carlet and C. Ding, “Highly nonlinear mappings,”J. Complexity 20 (2004)

205–244.

Page 18 July 2004



The power functionxs from GF(pm) to GF(pm), wherep is odd, has perfectnonlinearityPf = 1

pm for the followings:

• s = 2.

• s = pk + 1, wherem/ gcd(m, k) is odd.

• s = (3k + 1)/2, wherep = 3, k is odd, andgcd(m, k) = 1.

In addition, the functionx10 + x6 − x2 is a perfect nonlinear functions fromGF(3m) to GF(3m) whenm is odd.

Comment: All known perfect nonlinear functions from GF(pm) to GF(pm).

Open Problem: Are there others? If yes, how to construct them?

Remark: See the reference in the previous page for more information.

Page 19 July 2004



Let f be a function from an abelian group(A, +) of ordern to another abelian

group(B, +) of ordern with perfect nonlinearityPf = 1n

.

DefineCb = {x ∈ A|f(x) = b} and

C =⋃

b∈B

{b} × Cb ⊆ B × A.

ThenC is an(n2, n, 0, n − 1) almost difference set ofB × A.

Comment: Any PN function yields an ADS.

K.T. Arasu, C. Ding, T. Helleseth, P.V. Kumar, H. Martinsen,Almost difference

sets and their sequences with optimal autocorrelation,IEEE Trans. InformationTheory 47 (2001) 2834–2943.

Page 20 July 2004


A Generic Construction with Difference Sets

Building block: C an(

l, l−12 , l−3

4

)

or(

l, l+12 , l+1

4

)

difference set ofZl, where

l ≡ 3 (mod 4).

Construction: Define a subset ofZ4l by

U = [(l + 1)C mod 4l] ∪ [(l + 1)(C − δ)∗ + 3l mod 4l]∪

[(l + 1)C∗ + 2l mod 4l] ∪ [(l + 1)(C − δ)∗ + 3l mod 4l](3)

whereC∗ and(C − δ)∗ denote the complement ofC andC − δ in Zl respectively.

Conclusion: U is a(4l, 2l − 1, l − 2, l − 1) or (4l, 2l + 1, l, l − 1) ADS of Z4l.



Page 21 July 2004


Constructions with Difference Sets: the Building Block

The(

l, l−12 , l−3

4

)

or(

l, l+12 , l+1

4

)

difference sets ofZl are calledPaley-Hadamard

difference sets, which include those with parameters:

•(

p, p−12 , p−3

4

)

, wherep ≡ 3 (mod 4) is prime, and the difference set justconsists of all the quadratic residues inZp.

• (2t − 1, 2t−1 − 1, 2t−2 − 1). (Dillon, Dillon and Dobbertin, Gordon, Millsand Welch, Pott, Xiang, at al.)

•(

l, l−12 , l−3

4

)

, wherel = p(p + 2) and bothp andp + 2 are primes. Thesetwin-prime difference sets may be defined as

{(g, h) ∈ Zp × Zp+2 : g, h 6= 0 andχ(g)χ(h) = 1} ∪ {(g, 0) : g ∈ Zp},

whereχ(x) = +1 if x is a nonzero square in the corresponding field, andχ(x) = −1 otherwise;

Page 22 July 2004


Constructions with Difference Sets: the Building Block

The(

l, l−12 , l−3

4

)

or(

l, l+12 , l+1

4

)

difference sets ofZl are calledPaley-Hadamard

difference sets, which include those with parameters:

•(

p, p−12 , p−3

4

)

, wherep is a prime of the formp = 4s2 + 27. They are

cyclotomic difference sets defined by

D = D(6,p)0 ∪ D

(6,p)1 ∪ D

(6,p)3 ,

whereD(6,p)0 denotes the multiplicative group generated byα6,

D(6,p)i = αiD

(6,p)0 denotes the cosets, andα is a primitive element ofZq.

Remark: All these cyclic difference sets give a binary sequence withideal

correlation.

Remark: There are new constructions during the last 6 years.

Page 23 July 2004


Another Generic Construction with Difference Sets

Lemma 1 (Jungnickel)Let D1 be an ordinary (v, a, λ) difference set in a group

A, and let D2 be an difference set with parameters (4u2, 2u2 − u, u2 − u) in a

group B. Then D := (D2 ×D∗1)∪ (D∗

2 ×D1) is a divisible difference set in B×A

relative to {1} × A, with parameters (4u2, v, 2u2v + 2au − uv, λ1, λ2), where

λ1 = (2u2 − u)(v − 2a) + 4u2λ, λ2 = u2v − uv + 2au,

and D∗2 denotes the complement of D2.

D. Jungnickel, “On automorphism groups of divisible designs,” Can. J. Math. 34

(1982) 257–297.

Page 24 July 2004


Another Generic Construction with Difference Sets

As a corollary of Lemma 1, we have the following construction.

Let D1 be an ordinary(

l, l−12 , l−3

4

)

(respectively,(

l, l+12 , l+1

4

)

) difference set in

Zl, let D2 be a trivial difference set inZ4 with parameters(4, 1, 0). Then

D := (D2 × D∗1) ∪ (D∗

2 × D1)

is (4l, 2l − 1, l − 2, l − 1) (respectively,(4l, 2l + 1, l, l − 1)) almost difference set

of Z4 × Zl.



Page 25 July 2004


Concluding Remarks

• Cyclic ADSs correspond to binary sequences with optimum correlation.

• ADSs define binary functions with optimum nonlinearity.

• ADSs can be used to construct error correcting codes.

• Most of the known constructions are related to cyclotomy.

• Constructing ADSs seems more difficult than constructing difference sets!

• Constructing ADS over abelian groupsA with |A| mod 4 = 2 is the hardest,

while that over abelian groupsA with |A| mod 4 = 0 is the easiest.

Page 26 July 2004


Open Problems

There are ADSs that do not belong to the known families:

• E.g.,{0, 1, 2, 3, 4, 5, 6, 7, 9, 11, 12, 15, 16, 19, 23, 24, 29, 30, 32, 35, 37, 39} is

a (45, 22, 10, 22) ADS of Z45

• Another example is the following ADS ofZ33 with parameters(33, 16, 7, 16):

{0, 1, 2, 3, 4, 5, 6, 8, 13, 14, 18, 20, 22, 25, 28, 29}.

Open Problems:

• Construct new ADSs (especially for the case|A| mod 4 = 2).

• Does a(

v, v−12 , λ, t

)

almost difference set exist for all oddv?

Page 27 July 2004


References

• C. Ding,Cryptographic Counter Generators, TUCS Series in Dissertation 4,

Turku Centre for Computer Science, 1997, ISBN 951-650-929-0.

• C. Ding, T. Helleseth, and K. Y. Lam, “Several classes of sequences with

three-level autocorrelation,”IEEE Trans. Inform. Theory, vol. 45, No. 7, pp.

2606–2612, 1999.

• T. W. Cusick, C. Ding, and A. Renvall,Stream Ciphers and Number Theory,

North-Holland Mathematical Library 55. Amsterdam:

North-Holland/Elsevier, 1998.

Page 28 July 2004

Date post:	28-Aug-2020
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

Almost Difference Sets with ApplicationsC. Ding, “Binary cyclotomic generators,” FSE’94, LNCS...

Documents