On Resilient Boolean and Vectorial Boolean Functions with High Nonlinearity

Abstract

Boolean functions and vectorial Boolean functions are the most important nonlinear components of stream ciphers. They should satisfy several criteria such as high nonlinearity, proper resiliency and so on to guarantee the security of the whole system. However, there are some constraints among the criteria, and how to achieve a trade-off between them is an important issue. In this paper, some nonlinear Boolean functions possessing simple algebraic normal form with special Walsh spectrum are proposed. By using these functions, we provide two construction methods on balanced and resilient Boolean functions with high nonlinearity. In addition, based on the disjoint linear codes and vector matrices with special properties, some resilient vectorial Boolean functions with currently best-known nonlinearity have also been given.

1. Introduction

Stream ciphers play an important role in the confidential communication of government, military and other important departments and various mobile communication systems. Cryptographic functions, including Boolean functions and multi-output Boolean functions, are usually used as the most important nonlinear component in symmetric cryptosystems, especially in stream ciphers, and their properties directly affect the security of the whole encryption system. For the known linear cryptographic attack, related attack, Berlekamp–Massey attack, algebraic attack and other attack methods, it is necessary to use functions with high nonlinearity, certain resiliency, high algebraic degree and so on. However, there are some constraints among these criteria, and how to construct Boolean functions with a good trade-off among some of the criteria is an interesting research problem, for instance, the trade-off between the resiliency and nonlinearity, the optimization of algebraic immunity, the new class of Bent functions and the autocorrelation properties. In this paper, we mainly focus on the good trade-off between nonlinearity and resiliency of Boolean functions and vectorial Boolean functions.

In order to obtain Boolean functions satisfying certain criteria, modifications of the Maiorana–McFarland (M–M) construction [1] by concatenating small functions are often employed. The properties of the modified M-M functions absolutely depend on the small functions. Thus, properly selecting the small functions is crucial for the method. For an n-variable function ($n=2k$), when the small functions are different k-variable linear functions with number $2^k$, the constructed function is called Bent [2]. This kind of functions possess the maximal nonlinearity $2^{n-1}-2^{n/2-1}$, but they are not balanced. In [3], balanced Boolean functions with known best nonlinearity have been given by iteratively replacing all zero linear functions in the M-M methods, and Dobbertin obtained the same result, respectively, in [4]. However, how to construct a resilient Boolean function with high nonlinearity is an interesting problem; many results have been provided by using modified M-M methods, see [5,6,7,8,9,10,11,12,13,14,15,16], and the nonlinearity of some resilient functions can be strictly larger than $2^{n-1}-2^{n/2}$.

Vectorial Boolean functions are usually used to improve the production efficiency of the key that generated stream ciphers. They can be viewed as a collection of Boolean functions. An n-input and m-output vectorial Boolean function is referred to as an $(n,m)$ function. Similarly to the Boolean function, vectorial Boolean functions also need to satisfy criteria such as nonlinearity, resiliency and so on. For $(n,m)$ functions with n even, the upper bound of the nonlinearity is still $2^{n-1}-2^{n/2-1}$. However, they are not balanced either. How to construct resilient $(n,m)$ functions with nonlinearity lower than the upper bound but larger than $2^{n-1}-2^{n/2}$ is also an important problem in recent years. By contrast, fewer results have been obtained than the Boolean ones [17,18,19,20,21].

In this paper, we provide some techniques to generate balanced Boolean and resilient Boolean and vectorial Boolean functions with high nonlinearity. For the Boolean case, several kinds of nonlinear small functions with special algebraic normal forms are given. These functions have simple spectral distributions and are suitable to use in the modified M-M method. For the vectorial Boolean case, a construction method based on the disjoint linear codes and vector matrices with special properties is given, and a class of resilient $(n,m)$ functions with nonlinearity larger than $2^{n-1}-2^{n/2}$ are obtained. It is shown that some of the functions even have currently best-known nonlinearity.

2. Preliminaries

An n-variable Boolean function $f\left(x\right)$ is a mapping from ${\mathbb{F}}_2^n$ to ${\mathbb{F}}_2$; $x=(x_1,\cdots ,x_n)\in {\mathbb{F}}_2^n$ can be represented by the following algebraic normal form (ANF):

$$f(x_1,x_2,\cdots ,x_n)=\sum _{u\in {\mathbb{F}}_2^n}{\lambda }_u\left(\prod _{i=1}^n{x}_i^{u_i}\right).$$

(1)

where ${\lambda }_u\in {\mathbb{F}}_2,u=(u_1,\cdots ,u_n).$ The algebraic degree of $f\left(x\right)$, denoted by $deg\left(f\right)$, is the maximal value of $wt\left(u\right)$, where $wt\left(u\right)$ denotes the Hamming weight of u such that ${\lambda }_u\ne 0$. For any n-variable Boolean function $f\left(x\right)$, the Walsh transform of $f\in {\mathcal{B}}_n$ at point $\omega$ is denoted by $W_f\left(\omega \right)$ and calculated as follows:

$$W_f\left(\omega \right)=\sum _{x\in {\mathbb{F}}_2^n}{(-1)}^{f\left(x\right)+\omega ·x},$$

(2)

where the scalar product of $\omega$ and x is defined as $\omega ·x={\omega }_1{x}_1+\cdots +{\omega }_n{x}_n$(mod 2).

Definition 1 

([22]). The nonlinearity of a Boolean function $f\in {\mathcal{B}}_n$, denoted by $N_f$, is defined as the least distance to the set of all affine functions, and it can be obtained through the Walsh transform as follows:

$$N_f=2^{n-1}-\frac{1}{2}\underset{\omega \in {\mathbb{F}}_2^n}{max}\left|W_f\left(\omega \right)\right|.$$

(3)

The function of the original Maiorana–McFarland class is defined as follows:

Definition 2 

([1]). For any positive integers s and k such that $n=s+k$, the Maiorana–McFarland function is a function $f\in {\mathcal{B}}_n$ defined by

$$f(y,x)=\varphi \left(y\right)·x+\pi \left(y\right),x\in {\mathbb{F}}_2^k,y\in {\mathbb{F}}_2^s,$$

where ϕ is any mapping from ${\mathbb{F}}_2^s$ to ${\mathbb{F}}_2^k$ and $\pi \left(y\right)\in {\mathcal{B}}_s$. When ϕ is a one-to-one mapping and $s=k$, the function is bent.

A spectral characterization of correlation-immune Boolean functions has been derived.

Theorem 1 

([23]). A Boolean function $f\left(x\right)\in {\mathcal{B}}_n$ is t-resilient, where $0\le t\le n-1$, if and only if its Walsh transform satisfies

$$W_f\left(\omega \right)=0,\mathrm{for}0\le wt\left(\omega \right)\le t,$$

(4)

where wt$\left(\omega \right)$ is the Hamming weight of the vector $\omega \in {\mathbb{F}}_2^n$, i.e., the number of ones in ω.

It is shown that [24] for a t-resilient Boolean function f, the algebraic degree $deg\left(f\right)\le n-t-1$, and the maximum value is referred to as optimal algebraic degree.

The notion of algebraic immunity was introduced as a measure of resistance to algebraic attacks.

Definition 3 

([25]). The function $g\in {\mathcal{B}}_n$ is said to be an annihilator of $f\in {\mathcal{B}}_n$ if it satisfies that $f\left(x\right)g\left(x\right)=0$ for a nonzero $g\in {\mathcal{B}}_n$. The algebraic immunity of f, denoted by $AI\left(f\right)$, is the minimum degree of all nonzero annihilators of f and $1+f$.

An $(n,m)$ function can be regarded as a mapping from $F_2^n$ to $F_2^m$, which is $F:F_2^n\to F_2^m$. In addition, it can be viewed as a collection of m Boolean functions, namely $F\left(X\right)=(f_1\left(X\right),f_2\left(X\right),\cdots ,f_m\left(X\right))$, where $f_1,f_2,\cdots ,f_m\in B_n$ are component Boolean functions.

Definition 4 

([26]). The nonlinearity of an $(n,m)$ function $F\left(X\right)=(f_1\left(X\right),f_2\left(X\right),\cdots ,f_m\left(X\right))$ is denoted by $N_F$:

$$\begin{array}{c}\hfill N_F=\underset{c\in F_2^{m^{*}}}{min}{N}_{f_c},\end{array}$$

(5)

where $f_c={\oplus }_{i=1}^m{c}_i{f}_i$, $F_2^{m^{*}}=F_2^m\backslash \left\{0\right\}$.

Similarly, the nonlinearity of an $(n,m)$ function can also be denoted by the Walsh transform:

$$\begin{array}{c}\hfill N_f=2^{n-1}-\frac{1}{2}\underset{\omega \in F_2^n,c\in F_2^{m^{*}}}{max}{W}_{f_c}\left(\omega \right).\end{array}$$

(6)

Definition 5 

([27]). An $(n,m)$ function $F\left(X\right)=(f_1\left(X\right),f_2\left(X\right),\cdots ,f_m\left(X\right))$ is t-resilient if and only if for any $c=\left(c_1,c_2,\cdots ,c_m\right)\in F_2^{m^{*}}$, $f_c\left(X_n\right)={\oplus }_{i=1}^m{c}_i{f}_i\left(X_n\right)$ is t-resilient.

3. Construction of Boolean Function

In this section, we give several nonlinear functions with special constructions and analyse their spectral distributions, respectively. These functions will be useful in the M-M construction methods, and two methods are given to obtain a balanced and resilient Boolean function with very high nonlinearity. First of all, we consider the case of a simple function with only a single nonlinear term.

3.1. Small Functions with Special ANF

Lemma 1 

([10]). Let $f\left(x\right)=x_1{x}_2\cdots x_n$, then

$$W_f\left(\alpha \right)=\left\{\begin{array}{cc}{2}^n-2,\hfill & \mathrm{if}\alpha =\mathbf{0}\hfill \\ {(-1)}^{\omega t\left(\alpha \right)+1}·2\hfill & \mathrm{if}\alpha \ne \mathbf{0}\hfill \end{array}.\right.$$

Remark 1. 

Let $f=x_1{x}_2\cdots x_k+a·X_n$, where $s+k=n$, $a=(a_k,a_s)\in {\mathbb{F}}_2^k\times {\mathbb{F}}_2^s$ and $X_n=(x_1,x_2,\cdots ,x_n)$. Let $\alpha \in {\mathbb{F}}_2^k,\beta \in {\mathbb{F}}_2^s$, then

$$\begin{array}{cc}\hfill & W_f(\alpha ,\beta )=\left\{\begin{array}{cc}0,\hfill & \beta \ne a_s\hfill \\ 2^s(2^k-2),\hfill & \beta =a_s,\alpha =a_k\hfill \\ {(-1)}^{wt({\alpha }_k+\alpha )+1}{2}^{s+1},\hfill & \beta =a_s,\alpha \ne a_k\hfill \end{array}.\right.\hfill \end{array}$$

In Lemma 1 and Remark 1, both functions have only a single nonlinear term. Then, we consider the spectral distributions of some functions with two nonlinear terms.

Theorem 2. 

Let $f=x_1{x}_2\cdots x_i+x_j{x}_{j+1}\cdots x_n,i<j<n$ be an n-variable Boolean function, and $(\alpha ,\beta ,\gamma )\in {\mathbb{F}}_2^i\times {\mathbb{F}}_2^{j-i-1}\times {\mathbb{F}}_2^{n-j+1}$, then

$$\begin{array}{cc}\hfill & W_f(\alpha ,\beta ,\gamma )=\left\{\begin{array}{cc}{2}^n-2^{n-i+1}-2^j+2^{j-i+1},\hfill & \alpha =0,\beta =0,\gamma =0\hfill \\ {(-1)}^{wt\left(\gamma \right)+1}(2^j-2^{j-i+1}),\hfill & \alpha =0,\beta =0,\gamma \ne 0\hfill \\ {(-1)}^{wt\left(\alpha \right)+1}(2^{n-i+1}-2^{j-i+1}),\hfill & \alpha \ne 0,\beta =0,\gamma =0\hfill \\ {(-1)}^{wt\left(\alpha \right)+wt\left(\gamma \right)}{2}^{j-i+1},\hfill & \alpha \ne 0,\beta =0,\gamma \ne 0\hfill \\ 0,\hfill & \beta \ne 0\hfill \end{array}.\right.\hfill \end{array}$$

Proof of Theorem 2. 

Let $X=(X_i,X_{j-i-1},X_{n-j+1})\in {\mathbb{F}}_2^i\times {\mathbb{F}}_2^{j-i-1}\times {\mathbb{F}}_2^{n-j+1}$, then

$$\begin{array}{cc}{W}_f(\alpha ,\beta ,\gamma )\hfill & ={\displaystyle \sum _{X\in F_2^n}}{(-1)}^{f+\alpha ·X_i+\beta ·X_{j-i-1}+\gamma ·X_{n-j+1}}\hfill \\ \hfill & ={\displaystyle \sum _{X_i}}{(-1)}^{x_1{x}_2\cdots x_i+\alpha ·X_i}·{\displaystyle \sum _{X_{j-i-1}}}{(-1)}^{\beta ·X_{j-i-1}}·{\displaystyle \sum _{X_{n-j+1}}}{(-1)}^{x_j{x}_{j+1}\cdots x_n+\gamma ·X_{n-j+1}}.\hfill \end{array}$$

In order to obtain the value of the equation, the following cases are needed.

Case 1: When $\beta \ne 0$,

$$\sum _{X_{j-i-1}\in {\mathbb{F}}_2^{j-i-1}}{(-1)}^{\beta ·X_{j-i-1}}=0.$$

Then,

$$W_f(\alpha ,\beta ,\gamma )=0.$$

Case 2: When $\beta =0$,

$$W_f(\alpha ,\beta ,\gamma )=2^{j-i-1}·\sum _{X_i}{(-1)}^{x_1{x}_2\cdots x_i+\alpha ·X_i}·\sum _{X_{n-j+1}}{(-1)}^{x_j{x}_{j+1}\cdots x_n+\gamma ·X_{n-j+1}}.$$

Let $f_1\left(x\right)=x_1{x}_2\cdots x_i$ be an i-variable Boolean function and $f_2\left(x\right)=x_j{x}_j+1\cdots x_n$ be an $(n-j+1)$-variable Boolean function, then

$$W_f(\alpha ,\beta ,\gamma )=2^{j-i-1}{W}_{f_1}\left(\alpha \right)W_{f_2}\left(\gamma \right).$$

According to Lemma 1,

$$W_{f_1}\left(\alpha \right)=\left\{\begin{array}{cc}{2}^i-2,\hfill & \alpha =0\hfill \\ {(-1)}^{wt\left(\alpha \right)+1}2,\hfill & \alpha \ne 0\hfill \end{array}\right.,$$

$$W_{f_2}\left(\gamma \right)=\left\{\begin{array}{cc}{2}^{n-j+1}-2,\hfill & \gamma =0\hfill \\ {(-1)}^{wt\left(\gamma \right)+1}2,\hfill & \gamma \ne 0\hfill \end{array}\right..$$

So we have the next four cases:

Case 2.1: When $\alpha =0,\gamma =0,$ then

$$\begin{array}{c}\hfill W_f(\alpha ,\beta ,\gamma )=2^{j-i-1}(2^i-2)(2^{n-j+1}-2)=2^n-2^{n-i+1}-2^j+2^{j-i+1}.\end{array}$$

Case 2.2: When $\alpha =0,\gamma \ne 0,$ then

$$\begin{array}{c}\hfill W_f(\alpha ,\beta ,\gamma )=2^{j-i-1}(2^i-2){(-1)}^{wt\left(\gamma \right)+1}2={(-1)}^{wt\left(\gamma \right)+1}(2^j-2^{j-i+1}).\end{array}$$

Case 2.3: When $\alpha \ne 0,\gamma =0,$ then

$$\begin{array}{c}\hfill W_f(\alpha ,\beta ,\gamma )=2^{j-i-1}{(-1)}^{wt\left(\alpha \right)+1}2(2^{n-j+1}-2)={(-1)}^{wt\left(\alpha \right)+1}(2^{n-i+1}-2^{j-i+1}).\end{array}$$

Case 2.4: When $\alpha \ne 0,\gamma \ne 0,$ then

$$\begin{array}{c}\hfill W_f(\alpha ,\beta ,\gamma )=2^{j-i-1}{(-1)}^{wt\left(\alpha \right)+1}2{(-1)}^{wt\left(\gamma \right)+1}2={(-1)}^{wt\left(\alpha \right)+wt\left(\gamma \right)}{2}^{j-i+1}.\end{array}$$

According to all cases above, the theorem is proved. □

Theorem 3. 

Let $f=x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n,i<j<n$ be an n-variable Boolean function, and $(\alpha ,\beta ,\gamma )\in {\mathbb{F}}_2^{i-1}\times {\mathbb{F}}_2^{j-i+1}\times {\mathbb{F}}_2^{n-j}$, then

$$\begin{array}{c}\hfill W_f(\alpha ,\beta ,\gamma )=\left\{\begin{array}{cc}{2}^n-2^i-(2^{n-j+1}-4),\hfill & \alpha =0,\beta =0,\gamma =0\hfill \\ {(-1)}^{wt\left(\beta \right)+1}\left((2^{n-j+1}-4)+2^i\right),\hfill & \alpha =0,\beta \ne 0,\gamma =0\hfill \\ {(-1)}^{wt\left(\beta \right)+wt\left(\gamma \right)+1}(2^i-4),\hfill & \alpha =0,\gamma \ne 0\hfill \\ {(-1)}^{wt\left(\alpha \right)+wt\left(\beta \right)+1}(2^{n-j+1}-4),\hfill & \alpha \ne 0,\gamma =0\hfill \\ 4{(-1)}^{wt\left(\alpha \right)+wt\left(\beta \right)+wt\left(\gamma \right)},\hfill & \alpha \ne 0,\gamma \ne 0\hfill \end{array}.\right.\end{array}$$

Proof of Theorem 3. 

Let $X=(X_{i-1},X_{j-i+1},X_{n-j})\in {\mathbb{F}}_2^{i-1}\times {\mathbb{F}}_2^{j-i+1}\times {\mathbb{F}}_2^{n-j}$. We have that

$$W_f(\alpha ,\beta ,\gamma )=\sum _{X\in {\mathbb{F}}_2^n}{(-1)}^{f+\alpha ·X_{i-1}+\beta ·X_{j-i+1}+\gamma ·X_{n-j}}.$$

The mutual term between two polynomials $x_1{x}_2\cdots x_j$ and $x_i{x}_{i+1}\cdots x_n$ is $x_i{x}_{i+1}\cdots x_j$. The Walsh spectra will be discussed in the following situations:

Case 1: When $\alpha =0,\gamma =0$,

$$W_f(\alpha ,\beta ,\gamma )=\sum _{X\in {\mathbb{F}}_2^n}{(-1)}^{f+\beta ·X_{j-i+1}}.$$

In this case, it can be divided into the following two cases according to the value of $\beta$:

Case 1.1: When $\beta =0$,

$$W_f(\alpha ,\beta ,\gamma )=\sum _{X\in {\mathbb{F}}_2^n}{(-1)}^{x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n}.$$

When $X_n$ runs around ${\mathbb{F}}_2^n$, a total of $2^{n-j}-1+2^{i-1}-1=2^{n-j}+2^{i-1}-2$ ones of the value of $x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n$ are taken.

Therefore,

$$W_f(\alpha ,\beta ,\gamma )=2^n-2^{n-j+1}-2^i+4.$$

Case 1.2: When $\beta \ne 0$,

$$W_f(\alpha ,\beta ,\gamma )=\sum _{X\in {\mathbb{F}}_2^n}{(-1)}^{x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n+\beta ·X_{j-i+1}}.$$

It is known that $\beta ·X_{j-i+1}$ is a balanced function, and when $X_n$ runs around ${\mathbb{F}}_2^n$, there are $2^{n-j}+2^{i-1}-2$ ones of the value of $x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n$. Note that when $x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n$ take the value 1, $x_i\cdots x_j$ should be 1.

Therefore,

$$W_f(\alpha ,\beta ,\gamma )={(-1)}^{wt\left(\beta \right)+1}(2^{n-j+1}+2^i-4).$$

Case 2: When $\alpha =0,\gamma \ne 0$, then we have

$$\begin{array}{cc}{W}_f(\alpha ,\beta ,\gamma )\hfill & =\sum _{X\in {\mathbb{F}}_2^n}{(-1)}^{x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n+\beta ·X_{j-i+1}+\gamma ·X_{n-j}}\hfill \\ \hfill & =\sum _{X\in {\mathbb{F}}_2^n,X_{j-i+1}=1}{(-1)}^{x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n+\beta ·1+\gamma ·X_{n-j}}\hfill \\ \hfill & +\sum _{X\in {\mathbb{F}}_2^n,X_{j-i+1}\ne 1}{(-1)}^{\beta ·X_{j-i+1}+\gamma ·X_{n-j}}\hfill \\ \hfill & ={(-1)}^{wt\left(\beta \right)}\sum _{X_{i-1},X_{n-j}}{(-1)}^{x_1{x}_2\cdots x_{i-1}+x_{j+1}{x}_{j+2}\cdots x_n+\gamma ·X_{n-j}}\hfill \\ \hfill & ={(-1)}^{wt\left(\beta \right)}\sum _{X_{i-1}}{(-1)}^{x_1{x}_2\cdots x_{i-1}}\sum _{X_{n-j}}{(-1)}^{x_{j+1}{x}_{j+2}\cdots x_n+\gamma ·X_{n-j}}\hfill \\ \hfill & ={(-1)}^{wt\left(\beta \right)}(2^{i-1}-2){(-1)}^{wt\left(\gamma \right)+1}2\hfill \\ \hfill & ={(-1)}^{wt\left(\beta \right)+wt\left(\gamma \right)+1}(2^i-4).\hfill \end{array}$$

Case 3: When $\alpha \ne 0,\gamma =0$,

$$\begin{array}{cc}{W}_f(\alpha ,\beta ,\gamma )\hfill & ={\displaystyle \sum _{X\in {\mathbb{F}}_2^n}}{(-1)}^{x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n+\alpha ·X_{i-1}+\beta ·X_{j-i+1}}\hfill \\ \hfill & ={\displaystyle \sum _{X,X_{j-i+1}=1}}{(-1)}^{x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n+\beta ·1+\alpha ·X_{i-1}}\hfill \\ \hfill & +{\displaystyle \sum _{X\in {\mathbb{F}}_2^n,X_{j-i+1}\ne 1}}{(-1)}^{\beta ·X_{j-i+1}+\alpha ·X_{i-1}}\hfill \\ \hfill & ={(-1)}^{wt\left(\beta \right)}{\displaystyle \sum _{X_{i-1},X_{n-j}}}{(-1)}^{x_1{x}_2\cdots x_{i-1}+x_{j+1}{x}_{j+2}\cdots x_n+\alpha ·X_{i-1}}\hfill \\ \hfill & ={(-1)}^{wt\left(\beta \right)}{\displaystyle \sum _{X_{i-1}}}{(-1)}^{x_1{x}_2\cdots x_{i-1}+\alpha ·X_{i-1}}{\displaystyle \sum _{X_{n-j}}}{(-1)}^{x_{j+1}{x}_{j+2}\cdots x_n}\hfill \\ \hfill & ={(-1)}^{wt\left(\beta \right)}{(-1)}^{wt\left(\alpha \right)+1}2(2^{n-j}-2)\hfill \\ \hfill & ={(-1)}^{wt\left(\alpha \right)+wt\left(\beta \right)+1}(2^{n-j+1}-4).\hfill \end{array}$$

Case 4: When $\alpha \ne 0,\gamma \ne 0,$

$$\begin{array}{cc}{W}_f(\alpha ,\beta ,\gamma )\hfill & =\sum _{X\in {\mathbb{F}}_2^n}{(-1)}^{x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n+\alpha ·X_{i-1}+\beta ·X_{j-i+1}+\gamma ·X_{n-j}}\hfill \\ \hfill & =\sum _{X_{j-i+1}=1}{(-1)}^{x_1{x}_2\cdots x_j+x_i{x}_{i+1}\cdots x_n+\beta ·1+\alpha ·X_{i-1}+\gamma ·X_{n-j}}\hfill \\ \hfill & +\sum _{X_{j-i+1}\ne 1}{(-1)}^{\beta ·X_{j-i+1}+\alpha ·X_{i-1}+\gamma ·X_{n-j}}\hfill \\ \hfill & ={(-1)}^{wt\left(\beta \right)}\sum _{X\in {\mathbb{F}}_2^n,X_{j-i+1}=1}{(-1)}^{x_1{x}_2\cdots x_{i-1}+x_{j+1}{x}_{j+2}\cdots x_n+\alpha ·X_{i-1}+\gamma ·X_{n-j}}\hfill & \\ \hfill & ={(-1)}^{wt\left(\beta \right)}{(-1)}^{wt\left(\alpha \right)+1}2{(-1)}^{wt\left(\gamma \right)+1}2\hfill \\ \hfill & =4{(-1)}^{wt\left(\alpha \right)+wt\left(\beta \right)+wt\left(\gamma \right)}.\hfill \end{array}$$

Thus, the theorem is proved. □

The above theorems give some nonlinear functions with special spectral distributions. The following constructions shows that these nonlinear functions can be used as the small functions in the modified M-M construction method, and two classes of balanced and resilient Boolean functions with very high nonlinearity are obtained.

3.2. Balanced Boolean Function with High Nonlinearity

Construction 1. 

Let $n\ge 8$ be even, and ϕ be a bijective mapping from ${\mathbb{F}}_2^{n/2}$ to ${\mathbb{F}}_2^{n/2}$. Let $\varphi \left(\mathbf{0}\right)=\mathbf{0}$ and $\varphi \left(\delta \right)=\theta$ with δ be a fixed vector satisfying that $wt\left(\theta \right)>k$ for $k\le n/2$. Let $y=(y_1,\cdots ,y_{n/2})$, $x=(x_1,\cdots ,x_{n/2})$. For any $(y,x)\in {\mathbb{F}}_2^{n/2}\times {\mathbb{F}}_2^{n/2}$, a Boolean function $f\in B_n$ can be obtained as follows:

$$f(y,x)=\sum _{b\in {\mathbb{F}}_2^{n/2}}{y}^b{g}_b\left(x\right),$$

where

$$\begin{array}{c}\hfill y^b=\left\{\begin{array}{c}1,y=b\hfill \\ 0,y\ne b\hfill \end{array},\right.\end{array}$$

and for any $\{i_1,\cdots ,i_k\}\subseteq \{1,\cdots ,n/2\},\{j_1,\cdots ,j_k\}\subseteq \{1,\cdots ,n/2\}$,

$$\begin{array}{c}\hfill g_b\left(x\right)=\left\{\begin{array}{cc}\varphi \left(b\right)·x,\hfill & b\notin \{\mathbf{0},\delta \}\hfill \\ \varphi \left(\delta \right)·x\oplus x_{i_1}{x}_{i_2}\cdots x_{i_k},\hfill & b=\mathbf{0}\hfill \\ \varphi \left(\delta \right)·x\oplus x_{j_1}{x}_{j_2}{x}_{j_k}\oplus 1,\hfill & b=\delta \hfill \end{array}.\right.\end{array}$$

Theorem 4. 

Let f be the function obtained by the above construction, and n is even, $n\ge 8$. Then, we have:

1. 

f is balanced;

2. 

$deg\left(f\right)=n/2+k$;

3. 

$N_f=2^{n-1}-2^{n/2}+2^{n/2-2}$.

Proof of Theorem 4. 

For any $(\beta ,\alpha )\in {\mathbb{F}}_2^{n/2}\times {\mathbb{F}}_2^{n/2}$, we have

$$\begin{array}{ccc}{W}_f(\beta ,\alpha )\hfill & =\sum _{(y,x)\in {\mathbb{F}}_2^n}{(-1)}^{f(y,x)+(\beta ,\alpha )·(y,x)}\hfill & \\ \hfill & =\sum _{b\in {\mathbb{F}}_2^{n/2}}{(-1)}^{\beta ·b}\sum _{x\in {\mathbb{F}}_2^{n/2}}{(-1)}^{g_b\left(x\right)+\alpha ·x}\hfill & \\ \hfill & =\sum _{b\in {\mathbb{F}}_2^{n/2}}{(-1)}^{\beta ·b}·W_{g_b}\left(\alpha \right).\hfill \end{array}$$

When $b\notin \{\mathbf{0},\delta \},$

$$\begin{array}{c}\hfill W_{g_b}\left(\alpha \right)=\left\{\begin{array}{cc}{2}^{n/2},\hfill & \alpha =\varphi \left(b\right)\hfill \\ 0,\hfill & \alpha \ne \varphi \left(b\right)\hfill \end{array}.\right.\end{array}$$

Let $\alpha =({\alpha }_1,\cdots ,{\alpha }_{n/2}),{{\alpha }_i}^{\prime }=({\alpha }_{i_1},\cdots ,{\alpha }_{i_k}),{{\alpha }_i}^{″}=({\alpha }_{i_{k+1}},\cdots ,{\alpha }_{i_{n/2}}),\{i_1,\cdots ,i_k\}\cup \{i_{k+1},\cdots ,i_{n/2}\}\subseteq \{1,\cdots ,n/2\}$. Let ${{\theta }_i}^{\prime }=({\theta }_{i_1},\cdots ,{\theta }_{i_k}),{{\theta }_i}^{″}=({\theta }_{i_{k+1}},\cdots ,{\theta }_{i_{n/2}})$.

When $b=\mathbf{0}$,

$$\begin{array}{c}\hfill W_{g_b}\left(\alpha \right)=\left\{\begin{array}{cc}{2}^{n/2}-2^{n/2-2},\hfill & \alpha =\varphi \left(\delta \right)\hfill \\ \pm 2^{n/2-2},\hfill & {{\alpha }_j}^{\prime }\ne {{\theta }_j}^{\prime },{{\alpha }_i}^{″}={{\theta }_i}^{″}\hfill \\ 0,\hfill & {{\alpha }_i}^{″}\ne {{\theta }_i}^{″}\hfill \end{array}.\right.\end{array}$$

Let ${{\alpha }_j}^{\prime }=({\alpha }_{j_1},\cdots ,{\alpha }_{j_k}),{{\alpha }_j}^{″}=({\alpha }_{j_{k+1}},\cdots ,{\alpha }_{j_{n/2}}),\{j_1,\cdots ,j_k\}\cup \{j_{k+1},\cdots ,j_{n/2}\}\subseteq \{1,\cdots ,n/2\}$. Let ${{\theta }_j}^{\prime }=({\theta }_{j_1},\cdots ,{\theta }_{j_k}),{{\theta }_j}^{″}=({\theta }_{j_{k+1}},\cdots ,{\theta }_{j_{n/2}})$.

When $b=\delta$,

$$\begin{array}{c}\hfill W_{g_b}\left(\alpha \right)=\left\{\begin{array}{cc}{2}^{n/2}-2^{n/2-2},\hfill & \alpha =\varphi \left(\delta \right)\hfill \\ \pm 2^{n/2-2},\hfill & {{\alpha }_j}^{\prime }\ne {{\theta }_j}^{\prime },{{\alpha }_j}^{″}={{\theta }_j}^{″}\hfill \\ 0,\hfill & {{\alpha }_j}^{″}\ne {{\theta }_j}^{″}\hfill \end{array}.\right.\end{array}$$

Thus,

$$max|W_f\left(\alpha \right)|=2^{n/2+1}-2^{n/2-1}.$$

That means

$$N_f=2^{n-1}-2^{n/2}+2^{n/2-2}.$$

When $b\notin \{0,\delta \}$, we have

$$W_{g_b}\left(0\right)=0.$$

Since $wt\left(\theta \right)>k$, when $b=0$ and $b=\delta$, we have

$${{\alpha }_i}^{″}\ne {{\theta }_i}^{″},{{\alpha }_j}^{″}\ne {{\theta }_j}^{″}.$$

This means $W_{g_0}\left(0\right)=0$ and $W_{g_{\delta }}\left(0\right)=0$. Thus, for any $b\in F_2^n$, $W_{g_b}\left(0\right)=0$. So, we have $W_f\left(0\right)={\sum }_{b\in F_2^{n/2}}{W}_{g_b}\left(0\right)=0$, and f is balanced.

Obviously, the terms $y_1{y}_2\cdots y_{n/2}{x}_{i_1}{x}_{i_2}\cdots x_{i_k}$ and $y_1{y}_2\cdots y_{n/2}{x}_{j_1}{x}_{j_2}\cdots x_{j_k}$ are all in the ANF of the function and cannot cancel each other out. Thus, $deg\left(f\right)=n/2+k$. □

Remark 2. 

In this subsection, we provide some small nonlinear functions with special Walsh spectrum which can be applied to construction method of M-M functions, and Construction 1 shows a method to obtain a balanced Boolean function using the small functions. It is known that the best nonlinearity for a balanced function is given by Seberry et al. in [3] and Dobbertin in [4]. When $n<10$, the nonlinearity in Construction 1 can equal the best result, but when $n>12$, the nonlinearity will be smaller. Further research on the applications of the small function in Theorems 2 and 3, such as using the high-meets-low technology [15], will be an interesting challenge.

3.3. The Algebraic Immunity

Next, we discuss the algebraic immunity of the functions in Construction 1. Let $y=(y_1,y_2,\cdots ,y_{n/2})$, $\tau =({\tau }_1,{\tau }_2,\cdots ,{\tau }_{n/2})$, then $f(y,x)$ can be represented as

$$\begin{array}{c}\hfill f(y,x)=f_1(y,x)+f_2(y,x),\end{array}$$

where

$$\begin{array}{c}\hfill f_1(y,x)=\sum _{\tau \in {\mathbb{F}}_2^{n/2}\backslash \Delta }\left(\prod _{i=1}^{n/2}(y_i+{\tau }_i+1)\right)g_{c_{\tau }}\left(x\right),\end{array}$$

where $g_{c_{\tau }}\left(X\right)=c_{\tau }·X$, $wt\left(c_{\tau }\right)\ne 0$, and $\Delta =\{0,\delta \}$. We define $f_1^{\prime }(y,x)=\varphi \left(y\right)·x+\pi \left(y\right)$ as an M-M bent function containing $f_1(y,x)$ as a part of its ANF. Then, $f(y,x)$ can be rewritten as the following form:

$$\begin{array}{c}\hfill f(y,x)=f_1^{\prime }(y,x)+f_2^{\prime }(y,x).\end{array}$$

Let f and g be two n-variable functions. Noticing

$$\begin{array}{c}\hfill AI\left(f\right)-deg\left(g\right)\le AI(f+g)\le AI\left(f\right)+deg\left(g\right),\end{array}$$

we have

$$\begin{array}{c}\hfill AI\left(f_1^{\prime }(y,x)\right)-deg\left(f_2^{\prime }(y,x)\right)\le AI\left(f(y,x)\right)\le AI\left(f_1^{\prime }(y,x)\right)+deg\left(f_2^{\prime }(y,x)\right).\end{array}$$

(7)

As it is known that

$$\begin{array}{c}\hfill AI\left(f_1^{\prime }(y,x)\right)\le deg\left(\varphi \right)+AI\left(\pi \left(y\right)\right)+1.\end{array}$$

(8)

By Inequations (7) and (8), it can be seen that the degree of the permutation $\varphi$ and the algebraic immunity of function $\pi \left(y\right)$ will have a great effect on the $AI\left(f\right(y,x\left)\right)$, and the functions $g_0\left(x\right)$ and $g_{\delta }\left(x\right)$ chosen in the constructions may also influence the algebraic immunity of $f(y,x)$. Simulations show that the usage of different $\varphi$, $g_0\left(x\right)$, $g_{\delta }\left(x\right)$ and $\pi \left(y\right)$ will result in different algebraic immunity. Since the mapping $\varphi$, the functions $\pi \left(y\right)$, $g_0\left(x\right)$ and $g_{\delta }\left(x\right)$ used in the construction do not need to be unique, so in our constructions, for a fixed n, we can easily obtain a large number of balanced functions with the same high nonlinearity but different algebraic immunity. The following examples list balanced functions that possess good algebraic immunity and high nonlinearity.

Example 1. 

When $n=8,k=3$, and $(y,x)\in {\mathbb{F}}_2^4\times {\mathbb{F}}_2^4$, $f(y,x)={\sum }_{b\in {\mathbb{F}}_2^4}{y}^b{g}_b\left(x\right)$. According to Theorem 4, it is a balanced Boolean function, and $deg\left(f\right)=n/2+k=4+3=7$ is the known optimal algebraic degree, $N_f=2^{n-1}-2^{n/2}+2^{n/2-2}=116$ is equal to the best nonlinearity in [3,4]. The truth table of $f(y,x)$ is as follows:

$$\begin{array}{ccc}\hfill & 0110100010010111\left|\right|0101010101010101\left|\right|0011001100110011\left|\right|0110011001100110\left|\right|\hfill & \hfill \\ & 0000111100001111\left|\right|0101101001011010\left|\right|0011110000111100\left|\right|0110100101101001\left|\right|\hfill & \hfill \\ & 0000000011111111\left|\right|0101010110101010\left|\right|0011001111001100\left|\right|0110011010011001\left|\right|\hfill & \hfill \\ & 0000111111110000\left|\right|0101101010100101\left|\right|0011110011000011\left|\right|1001011001101010.\hfill \end{array}$$

3.4. Resilient Boolean Function with High Nonlinearity

Definition 6 

([11]). A set of Boolean functions $\{g_1,g_2,\cdots ,g_c\}\in {\mathcal{B}}_n$ such that for any $\alpha \in {\mathbb{F}}_2^n$,

$$W_{g_i}\left(\alpha \right)W_{g_j}\left(\alpha \right)=0,1\le i<j\le c,$$

(9)

is called a set of disjoint spectra functions.

Obviously, the following set of all $n/2$-variable t-resilient affine functions

$$T_1=\{g_c\left(x\right)=c·x|c\in {\mathbb{F}}_2^{n/2},wt\left(c\right)>t\},$$

is a set of disjoint spectra functions.

Let $x=(x^{\prime },x^{″})$, where $x^{\prime }\in {\mathbb{F}}_2^{n/2-2k}$, $x^{″}\in {\mathbb{F}}_2^{2k}$ and $h\left(x^{″}\right)$ be a fixed $2k$-variable function. Then,

$$T_2=\{g_{c^{\prime }}\left(x\right)=c^{\prime }·x^{\prime }+h\left(x^{″}\right)|c^{\prime }\in {\mathbb{F}}_2^{n/2-2k},wt\left(c^{\prime }\right)>p\}$$

is also a set of disjoint spectra functions. If $h_{c^{\prime }}\left(x^{″}\right)$ is q-resilient, then $g_{c^{\prime }}\left(X\right)$ is $(p+q+1)$-resilient.

Construction 2. 

Let $n\ge 12$, $1\le t\le n/2-2$, $1\le k<n/4$ and $p+q+1=t$ satisfying that ${\sum }_{i=0}^t\left(\genfrac{}{}{0pt}{}{n/2}{i}\right)\le {\sum }_{i=p+1}^{n/2-2k}\left(\genfrac{}{}{0pt}{}{n/2-2k}{i}\right)=\left|T_2\right|$. Let $T_2^{\prime }\subseteq T_2$ with $|T_2^{\prime }|={\sum }_{i=0}^t\left(\genfrac{}{}{0pt}{}{n/2}{i}\right)$, and $T=T_1\cup T_2^{\prime }$. Let $x\in {\mathbb{F}}_2^{n/2},y\in {\mathbb{F}}_2^{n/2}$ and ϕ be a bijective mapping from ${\mathbb{F}}_2^{n/2}$ to T. Then, we construct the function $f\in {\mathcal{B}}_n$ as follows:

$$\begin{array}{c}\hfill f(y,x)=\underset{b\in {\mathbb{F}}_2^{n/2}}{⨁}{y}^b\varphi \left(b\right),y\in {\mathbb{F}}_2^{n/2},\end{array}$$

(10)

where $y^b$ is defined as in Construction 1.

Theorem 5. 

Let $f(y,x)$ be as in Construction 2. Then,

1. 

f is t-resilient;

2. 

$N_f=2^{n-1}-2^{n/2}+2^{n/2-2k}{N}_h$;

3. 

$deg\left(f\right)=n/2+deg\left(h\right)$.

Proof of Theorem 5. 

Let $(\beta ,\alpha )={\mathbb{F}}_2^{n/2}\times {\mathbb{F}}_2^{n/2}$, Then,

$$\begin{array}{ccc}& & W_f(\beta ,\alpha )=\sum _{y\in {\mathbb{F}}_2^{n/2}}\sum _{x\in {\mathbb{F}}_2^{n/2}}{(-1)}^{f(y,x)+\alpha ·x+\beta ·y}\hfill \\ & =& \sum _{b\in {\mathbb{F}}_2^{n/2}}{(-1)}^{\beta ·b}\sum _{x\in {\mathbb{F}}_2^{n/2}}{(-1)}^{\varphi \left(b\right)+\alpha ·x}\hfill \\ \hfill & =& \sum _{b\in {\mathbb{F}}_2^{n/2}}{(-1)}^{\beta ·b}{W}_{\varphi \left(b\right)}\left(\alpha \right).\hfill \end{array}$$

Note that the functions $\varphi \left(b\right)$ are t-resilient. When $0\le wt(\beta ,\alpha )\le t$, we have $0\le wt\left(\alpha \right)\le t$, so $W_{\varphi \left(b\right)}\left(\alpha \right)=0$. Thus, $W_f(\beta ,\alpha )=0$, which means $f(y,x)$ is t-resilient.

It is known that for any $\varphi \left(b\right)\in T_1$, $W_{\varphi \left(b\right)}\left(\alpha \right)=2^{n/2}$, and for any $\varphi \left(b\right)\in T_2$, $W_{\varphi \left(b\right)}\left(\alpha \right)=2^{n/2-2k}(2^{2k}-2N_h)$. Since $T_1$ and $T_2$ are two sets of disjoint spectra functions

$$\begin{array}{c}\hfill \underset{(\beta ,\alpha )}{max}\left|W_f(\beta ,\alpha )\right|=2^{n/2}+2^{n/2}-2^{n/2-2k+1}{N}_h,\end{array}$$

which means

$$\begin{array}{c}\hfill N_f=2^{n-1}-2^{n/2}+2^{n/2-2k}{N}_h.\end{array}$$

Similar to the proof of Theorem 1, the algebraic degree is $n/2+deg\left(h\right)$. □

Example 2. 

For $n=44,t=2$, let $k=7$, $p=0$ and $q=1$. We have ${\sum }_{i=0}^2\left(\genfrac{}{}{0pt}{}{44/2}{i}\right)\le {\sum }_{i=1}^8\left(\genfrac{}{}{0pt}{}{8}{i}\right)$. Let $T_2^{\prime }\subseteq T_2$ with $|T_2^{\prime }|=254$. Let h be a 14-variable, 1-resilient function with nonlinearity 8100 and ϕ be a bijective mapping from ${\mathbb{F}}_2^{22}$ to $T=T_1\cup T_2^{\prime }$. By Construction 2, we can construct a 2-resilient function $f\in {\mathcal{B}}_{20}$ with nonlinearity $2^{43}-2^{21}-2^{14}-2^{12}-2^{11}-2^{10}$, which agrees with Theorem 2 and has nonlinearity larger than [11].

In this subsection, a construction method to obtain a resilient Boolean function with high nonlinearity is given. Since this method is also a modified M-M class, the algebraic properties are similar to the balanced case.

4. Construction of Vectorial Boolean Function

In this section, by using disjoint linear codes and vector matrices with special properties, a class of resilient $(n,m)$ function with very high nonlinearity is given.

4.1. Disjoint Linear Codes and Vector Matrices

Definition 7 

([19]). Disjoint linear codes are a set of $[u,m,t]$ linear codes $C=\{C_1,C_2,\cdots ,C_N\}$ satisfying that:

$$\begin{array}{c}\hfill C_i\cap C_j=\left\{\mathbf{0}\right\},1\le i<j\le N.\end{array}$$

where $\mathbf{0}$ is the all-zero vector.

We denote $N\left(u,m,t\right)$ the number of $\left[u,m,t\right]$ disjoint linear codes, where t is the minimum weight of the $[u,m]$ code.

Lemma 2 

([18]). Let ${\theta }_0,\cdots ,{\theta }_{m-1}$ be a basis of a $\left[u,m,t+1\right]$ linear code C. Let β be a primitive elememt of ${\mathbb{F}}_{2^m}$, and let $\left(1,\beta ,\cdots ,{\beta }^{m-1}\right)$ be a polynomial basis in ${\mathbb{F}}_{2^m}$. Define a bijection $\varphi :{\mathbb{F}}_{2^m}\to C$,

$$\begin{array}{c}\hfill \varphi (b_0+b_1\beta +\cdots +b_{m-1}{\beta }^{m-1})=b_0{\theta }_0+\cdots +b_{m-1}{\theta }_{m-1}.\end{array}$$

Define the matrix A that contains all the code words by

$$\begin{array}{c}\hfill A=\left(\begin{array}{cccc}\varphi \left(1\right)& \varphi \left(\beta \right)& \cdots & \varphi \left({\beta }^{m-1}\right)\\ \varphi \left(\beta \right)& \varphi \left({\beta }^2\right)& \cdots & \varphi \left({\beta }^m\right)\\ ⋮& ⋮& \ddots & ⋮\\ \varphi \left({\beta }^{2^m-2}\right)& \varphi \left(1\right)& \cdots & \varphi \left({\beta }^{m-2}\right)\end{array}\right).\end{array}$$

Then, for any nonzero linear combination of all columns in matrix A, each nonzero code word of C appears only once.

Lemma 3 

([20]). Let $u,m,d$ be integers with $2\le m\le u$. Let α be a root of the primitive polynomial $p\left(x\right)=1+p_{1}x+\cdots +p_{k-1}{x}^{k-1}+x^u\in {\mathbb{F}}_2\left[x\right]$, and $\left(1,\alpha ,{\alpha }^2,\cdots {\alpha }^{u-1}\right)$ be a polynomial basis of ${\mathbb{F}}_{2^u}$. Define a bijection $\pi :{\mathbb{F}}_{2^u}\to {\mathbb{F}}_2^u$,

$$\begin{array}{c}\hfill \pi (b_0+b_1\alpha +\cdots +b_{u-1}{\alpha }^{u-1})=\left(b_0,b_1,\cdots ,b_{u-1}\right).\end{array}$$

Define matrix B of size $\left(2^u-1\right)\times m$ by

$$B=\left(\begin{array}{cccc}\pi \left(1\right)& \pi \left(\alpha \right)& \cdots & \pi \left({\alpha }^{m-1}\right)\\ \pi \left(\alpha \right)& \pi \left({\alpha }^2\right)& \cdots & \pi \left({\alpha }^m\right)\\ ⋮& ⋮& \ddots & ⋮\\ \pi \left({\alpha }^{2^u-2}\right)& \pi \left(1\right)& \cdots & \pi \left({\alpha }^{m-2}\right)\end{array}\right)=\left(\begin{array}{c}{B}_0\\ B_1\\ ⋮\\ B_{2^{u-2}}\end{array}\right).$$

It is known that for any nonzero linear combination of columns in matrix B, the nonzero vector in ${\mathbb{F}}_2^u$ appears only once. If for any vector $c\in {\mathbb{F}}_2^{m*}$ such that $wt\left(c·B_i\right)\le t$, where $i=0,1,\cdots ,2^u-2$. Then, this row will be deleted from matrix B. Thus, we will obtain a new matrix $\tilde{B}$. The number of rows of matrix $\tilde{B}$ is denoted by $M(u,m,t+1)$.

4.2. Resilient Vectorial Function with High Nonlinearity

Construction 3. 

Let $n=2u\ge 12$ be even. Let m, t, k be positive integers with $m,t<⌊n/4⌋$ and $m<k<u$. Let $X_n=\left(X_u^{{}^{\prime }},X_u^{{}^{″}}\right)=\left(X_{n-k}^{{}^{\prime }},X_k^{{}^{″}}\right)\in {\mathbb{F}}_2^n$ with $X_u^{{}^{\prime }},X_u^{{}^{″}}\in {\mathbb{F}}_2^u$, $X_{{}_{n-k}}^{{}^{\prime }}\in {\mathbb{F}}_2^{n-k}$, and $X_{{}_k}^{{}^{″}}\in {\mathbb{F}}_2^k$. Then, an $\left(n,m\right)$ function can be constructed as

$$\begin{array}{c}\hfill \mathbb{F}\left(X_n\right)=\left[f_1\left(X_n\right),f_2\left(X_n\right),\cdots ,f_m\left(X_n\right)\right],\end{array}$$

(11)

where for any $i=1,2,\cdots ,m,$

$$\begin{array}{c}\hfill f_i\left(X_n\right)=\left\{\begin{array}{c}{\phi }_i\left(X_u^{{}^{\prime }}\right)·X_u^{{}^{″}},X_u^{{}^{\prime }}\in E_0\hfill \\ {\psi }_i\left(X_{n-k}^{{}^{\prime }}\right)·X_k^{{}^{″}},X_{n-k}^{{}^{\prime }}\in E_1\hfill \end{array}\right.\end{array}$$

(12)

and ${\psi }_i$, ${\phi }_i$, $E_0,E_1$ are defined as follows.

Let $C_1,C_2,\cdots ,C_s$ be a set of $[u,m,t+1]$ disjoint linear codes satisfying that $s=N(u,m,t+1)$. Let $A_1,\cdots ,A_s$ be the matrices associated with $C_1,C_2,\cdots ,C_s$ as defined in Lemma 2. For $1\le j\le s$ and $1\le i\le m$, we denote $A_j^i$ the i column of matrix $A_j$ and

$$\tilde{A}=\left(\begin{array}{cccc}{A}_1^1& A_1^2& \cdots & A_1^m\\ A_2^1& A_2^2& \cdots & A_2^m\\ ⋮& ⋮& \ddots & ⋮\\ A_s^1& A_s^2& \cdots & A_s^m\end{array}\right).$$

It is easy to know that the size of the matrix $\tilde{A}$ is $s·(2^m-1)\times m.$ Let $E_0=\{e_1,\cdots ,e_{\delta }\}\subset {\mathbb{F}}_2^u$ and $\delta =s·(2^m-1)$. For any $1\le i\le m$, ${\phi }_i$ will be a bijective from $E_0$ to $\tilde{A}$:

$$\left(\begin{array}{cccc}{\phi }_1\left(e_1\right)& {\phi }_2\left(e_1\right)& \cdots & {\phi }_m\left(e_1\right)\\ {\phi }_1\left(e_2\right)& {\phi }_2\left(e_2\right)& \cdots & {\phi }_m\left(e_2\right)\\ ⋮& ⋮& \ddots & ⋮\\ {\phi }_1\left(e_{\delta }\right)& {\phi }_2\left(e_{\delta }\right)& \cdots & {\phi }_m\left(e_{\delta }\right)\end{array}\right)=\tilde{A}.$$

In Lemma 3, let π be a bijective from ${\mathbb{F}}_{2^k}$ to ${\mathbb{F}}_2^k$, then a matrix $\tilde{B}$ of the size $M(k,m,t+1)\times m$ can be obtained. We define $E_1=({\mathbb{F}}_2^u\backslash E_0)\times {\mathbb{F}}_2^{u-k}=\{{ϵ}_1,\cdots ,{ϵ}_{\gamma }\}\subset {\mathbb{F}}_2^{n-k}$, then $\gamma =|E_1|=2^{u-k}·(2^u-s·(2^m-1))=2^{u-k}·(2^u-N(u,m,t+1)·(2^m-1))$. For any $1\le i\le m$, ${\psi }_i$ will be a bijective from $E_1$ to ${\tilde{B}}_{\gamma }$:

$$\left(\begin{array}{cccc}{\psi }_1\left({ϵ}_1\right)& {\psi }_2\left({ϵ}_1\right)& \cdots & {\psi }_m\left({ϵ}_1\right)\\ {\psi }_1\left({ϵ}_2\right)& {\psi }_2\left({ϵ}_2\right)& \cdots & {\psi }_m\left({ϵ}_2\right)\\ ⋮& ⋮& \ddots & ⋮\\ {\psi }_1\left({ϵ}_{\gamma }\right)& {\psi }_2\left({ϵ}_{\gamma }\right)& \cdots & {\psi }_m\left({ϵ}_{\gamma }\right)\end{array}\right)={\tilde{B}}_{\gamma }$$

where ${\tilde{B}}_{\gamma }$ consists of any γ rows of $\tilde{B}$.

Theorem 6. 

Let $\mathbb{F}\left(X_n\right)=\left[f_1\left(X_n\right),f_2\left(X_n\right),\cdots ,f_m\left(X_n\right)\right]$ be the vectorial functions constructed above. Then, we have

1. 

$\mathbb{F}$ is t-resilient;

2. 

$N_f=2^{n-1}-2^{n/2-1}-2^{k-1}$.

Proof of Theorem 6. 

From the definitions of ${\phi }_i$ and ${\psi }_i$, it is known that both of them are bijective. Let $\alpha =\left({\beta }^{{}^{\prime }},{\beta }^{{}^{″}}\right)=\left({\gamma }^{{}^{\prime }},{\gamma }^{{}^{″}}\right)\in {\mathbb{F}}_2^n$ with ${\beta }^{{}^{\prime }},{\beta }^{{}^{″}}\in {\mathbb{F}}_2^u$, ${\gamma }^{{}^{\prime }}\in {\mathbb{F}}_2^{n-k}$ and ${\gamma }^{{}^{″}}\in {\mathbb{F}}_2^k$. For any $c\in {\mathbb{F}}_2^m$, let $f_c\left(X_n\right)=c·\mathbb{F}\left(X_n\right)$. Then, we have

$$\begin{array}{c}\hfill W_{f_c}\left(\alpha \right)=\sum _{X_n\in {\mathbb{F}}_2^n}{\left(-1\right)}^{f_c\left(X_n\right)\oplus \alpha ·X_n}=H_1+H_2.\end{array}$$

where

$$\begin{array}{c}\hfill \begin{array}{cc}{H}_1\hfill & ={\displaystyle \sum _{X_u^{{}^{\prime }}\in E_0}}{\displaystyle \sum _{X_u^{{}^{″}}\in {\mathbb{F}}_2^u}}{\left(-1\right)}^{{\phi }_c\left(X_u^{{}^{\prime }}\right)·X_u^{{}^{″}}\oplus \left({\beta }^{{}^{\prime }},{\beta }^{{}^{″}}\right)·\left(X_u^{{}^{\prime }},X_u^{{}^{″}}\right)}\hfill \\ \hfill & ={\displaystyle \sum _{X_u^{{}^{\prime }}\in E_0}}{\left(-1\right)}^{{\beta }^{{}^{\prime }}·X_u^{{}^{\prime }}}{\displaystyle \sum _{X_u^{{}^{″}}\in {\mathbb{F}}_2^u}}{\left(-1\right)}^{\left({\phi }_c\left(X_u^{{}^{\prime }}\right)+{\beta }^{{}^{″}}\right)·X_u^{{}^{″}}},\hfill \end{array}\end{array}$$

and

$$\begin{array}{c}\hfill H_2=\sum _{X_{n-k}^{{}^{\prime }}\in E_1}{\left(-1\right)}^{{\gamma }^{{}^{\prime }}·X_{n-k}^{{}^{\prime }}}\sum _{X_k^{{}^{″}}\in {\mathbb{F}}_2^k}{\left(-1\right)}^{\left({\psi }_c\left(X_{n-k}^{{}^{\prime }}\right)+{\gamma }^{{}^{″}}\right)·X_k^{{}^{″}}}.\end{array}$$

When ${\phi }_c^{-1}\left({\beta }^{{}^{″}}\right)=\varnothing$, we have $H_1=0$, otherwise $H_1=2^{n/2}·{\left(-1\right)}^{{\beta }^{{}^{\prime }}·{\phi }_c^{-1}\left({\beta }^{{}^{″}}\right)}=\pm 2^{n/2}$. So $H_1\in \left\{0,\pm 2^{n/2}\right\}$, in the same way, $H_2\in \left\{0,\pm 2{}^k\right\}$. Thus, the maximum value of $|W_{f_c}|$ is $2^{n/2}-2^k$.

According to (3),

$$\begin{array}{c}\hfill N_{f_c}=2^{n-1}-2^{n/2-1}-2^{k-1}.\end{array}$$

Combined with (5), we can obtain that the nonlinearity of the constructed function $\mathbb{F}$ is

$$\begin{array}{c}\hfill N_{\mathbb{F}}=2^{n-1}-2^{n/2-1}-2^{k-1}.\end{array}$$

When $0\le wt\left(\alpha \right)\le t$, we have $wt\left({\beta }^{{}^{″}}\right)\le t$ and $wt\left({\gamma }^{{}^{″}}\right)\le t$. Therefore, for $X_u^{{}^{\prime }}\in E_0$ and $X_{n-k}^{{}^{\prime }}\in E_1$, by the definitions of ${\psi }_i$ and ${\phi }_i$, we can obtain $wt\left({\psi }_c\left(X_u^{{}^{\prime }}\right)\right)\ge t+1$ and $wt\left({\phi }_c\left(X_{n-k}^{{}^{\prime }}\right)\right)\ge t+1$. Obviously, ${\psi }_c\left(X_u^{{}^{\prime }}\right)+{\beta }^{{}^{″}}\ne 0$ and ${\phi }_c\left(X_{n-k}^{{}^{\prime }}\right)+{\gamma }^{{}^{″}}\ne 0$. Thus, $H_1=H_2=0$, which means for any $0\le wt\left(\alpha \right)\le t$, $W_{f_c}\left(\alpha \right)=0$. By Theorem 1, $f_c$ is a t-resilient function and so is $\mathbb{F}$. □

Remark 3. 

In Construction 3, the numbers of rows of the matrixs $\tilde{A}$ and $\tilde{B}$ should be enough to ensure that both ${\phi }_i$ and ${\psi }_i$ are bijective mappings. Hence, the following inequation must hold $N\left(u,m,t+1\right)·(2^m-1)·2^u+M\left(k,m,t+1\right)·2^k\ge 2^n$, where the value of $N\left(u,m,t+1\right)$ and $M\left(k,m,t+1\right)$ can be found in [19,20].

Example 3. 

Let $n=32$, $m=4$, $t=1$ and $k=11$. Note that $N(16,4,2)=4365$, $M\left(11,4,2\right)=1957$ and $4365\times (2^4-1)\times 2^{16}+1957\times 2^{11}\ge 2^{32}$ holds. By Construction 2, a 1-resilient $(32,4)$ functions with nonlinearity $\left(32,4,1,2^{31}-2^{15}-2^{11}\right)$ can be obtained. The nonlinearity of this function is better than the results in [19,20].

Based on Construction 3, we list some results in

Table 1. $(n,m,t,N_{\mathbb{F}})$ S-boxes with higher nonlinearity than [19].

Ours	[19]
$(22,4,1,2^{21}-2^{10}-2^8)$	$(22,4,1,2^{21}-2^{10}-2^9)$
$(30,4,1,2^{29}-2^{14}-2^{10})$	$(30,4,1,2^{29}-2^{14}-2^{11})$
$(32,4,1,2^{31}-2^{15}-2^{10})$	$(32,4,1,2^{31}-2^{15}-2^{11})$
$(28,5,1,2^{27}-2^{13}-2^{10})$	$(28,5,1,2^{27}-2^{13}-2^{11})$
$(38,5,1,2^{37}-2^{18}-2^{13})$	$(38,5,1,2^{37}-2^{18}-2^{14})$
$(42,5,1,2^{41}-2^{20}-2^{13})$	$(42,5,1,2^{41}-2^{20}-2^{14})$
$(32,6,1,2^{31}-2^{15}-2^{12})$	$(32,6,1,2^{31}-2^{15}-2^{13})$
$(58,7,1,2^{57}-2^{28}-2^{18})$	$(58,7,1,2^{57}-2^{28}-2^{19})$

:

The table shows that our constructions can sometimes obtain functions with higher nonlinearity than the known result. In other cases, our methods can at least provide the same nonlinearity as the known result, and how to improve the nonlinearity in the equal cases will be the future work.

5. Conclusions

This paper introduces three construction methods to obtain Boolean functions and vectorial Boolean functions with good properties. Firstly, several types of nonlinear functions with special Walsh spectra are given. They can be used in the modified M-M construction methods. For instance, the functions with only a nonlinear term are usually used to optimize the algebraic degree, and in this paper we use them to obtain balanced and resilient functions with high nonlinearity. How to use the other special functions provided is a very interesting research problem. Secondly, a construction of resilient vectorial Boolean function with very high nonlinearity is proposed. The construction combines the disjoint linear codes and the vector matrices with special properties together and provides some functions with currently best-known nonlinearity. Further improvements towards increasing the output dimension as much as possible under the premise of ensuring the nonlinearity appear to be an interesting research task.