Research areas and topics
 Mathematics and their applications in symmetric
cryptography and coding theory.
 Commutative Algebra and Computational Algebraic Geometry
.
Disciplines
My research fits in the following disciplines:
 Mathematics (finite fields, polynomials over finite
fields, exponential sums, cyclotomic fields, algebraic number
theory, etc.);
 Symmetric cryptography (Boolean functions, Bent
functions, plateaued functions, permuations, involutions, Sboxes,
etc.);
 Coding theory;
 Computational Mathematics;
 Commutative Algebra;
 Computational Algebraic Geometry.
Overview on my current and future research
Modern society is critically dependent on the ability to secure,
store, and transmit large amounts of digital information at high
speed. For example, satellite communication, ondemand movies, USB
sticks, and cell phones all rely on mathematical coding theory to
ensure that pictures, speech, music, or data can be recovered
perfectly even if errors are introduced during storage or
transmission. In addition, cryptography is omnipresent in everyone's
life because it is used daily, every time we use the Internet or make
a payment or withdrawal. Mathematics is at the center of these
achievements. Emerging applications continually lead to new code and
cryptography problems. Conversely, new theoretical developments in
these fields allow new applications. My current and future research
attempt to provide theoretical developments in these fields by solving
mathematical problems in coding theory and (symmetric) cryptography.
Two main directions in my current research
My research is in mathematics applied to information theory
and security: cryptography and coding theory. More specifically,
my current work focuses on applications of algebraic and
combinatorial methods in symmetric cryptography and coding theory.
The two main topics of my current research are:
 symmetric cryptography: Some of my current works in
the framework of symmetric cryptography focus on the algebraic
study (existence, characterization, construction,
classification, enumeration, etc.) of functions defined on
finite fields (in any characteristic) satisfying the
properties needed for the security of the ciphers using them.
For example, highly nonlinear functions play a crucial role in
protecting the cryptographic systems against some fundamental
attacks such as linear cryptanalysis. In particular, I am very
interested in constructions and characterizations of bent
functions (or more generally the plateaued functions) that are
fascinating combinatorial objects who play an important role
in several areas (cryptography, coding, sequence theory,
etc.). In the algebraic approach I use the theory of finite
fields, the discrete Fourier transformation, exponential sums,
tools of arithmetic and number theory, algebraic curves and
objects from finite geometry.
.
 error correcting codes: I am working on the
algebraic (and combinatorial) aspects of families of linear
codes. My recent works are devoted to the algebraic
construction of families of optimal linear codes for various
applications. In particular, the design of (almost) optimal
codes for direct sum masking to protect the sensitive data
stored in registers against both sidechannel attacks and
fault injection attacks (which are nowadays important
cryptanalysis methods on the implementations of block ciphers,
which represent huge threats), optimal codes for modern
distributed storage systems and suitable codes for secret
sharing and also for secure twoparty computation.
I am also interested in the
algorithmic aspects in the above topics in the context of computer
algebra.
Awards and Fellowships
 Received (in September 2020) the first
Prize "George Boole International Prize".
 PEDR "Excellence scientific" Award, University of Paris
VIII (national evaluation in (pures) mathematics) in 20192022.
 PEDR "Excellence scientific" Award, University of
Paris VIII (national evaluation in (pures) mathematics) in
20142017.
Publications
HDR (Habilitation to Direct Research) in
Mathematics
 HDR thesis in Mathematics (University of Paris VIII)
entitled "Contributions on Boolean Functions for Symmetric
Cryptography and Error Correcting Codes." defended on 10 December
2012 at Telecom Paris, France.
PhD thesis in Mathematics
 PhD thesis in Mathematics of University of Pierre and
Marie Curie (Paris VI) entitled "Contribution to the study
of morphisms of affine schemes." defended on 21 November 2002.
International journals:
(in reverse chronological order)
 On constructions of weightwise perfectly balanced Boolean
functions. S. Mesnager and S. Su. Journal Cryptography and
Communications Discrete Structures, Boolean Functions and Sequences
(CCDS). To appear.
Abstract :
The recent FLIP cipher is an encryption scheme described by
M\'eaux et al. at the conference EUROCRYPT 2016. It is based on a
new stream cipher model called the filter permutator and tries to
minimize some parameters (including the multiplicative depth). In
the filter permutator, the input to the Boolean function has
constant Hamming weight equal to the weight of the secret key. As
a consequence, Boolean functions satisfying good cryptographic
criteria when restricted to the set of vectors with constant
Hamming weight play an important role in the FLIP stream cipher.
Carlet et al. have shown that for Boolean functions with
restricted input, balancedness and nonlinearity parameters
continue to play an important role with respect to the
corresponding attacks on the framework of FLIP ciphers. In
particular, Boolean functions which are uniformly distributed over
$\F_2$ on $E_{n,k}=\{x\in\F_2^n\mid \mathrm{wt}(x)=k\}$ for every
integer $k$ from $1$ to $n1$ are called weightwise perfectly
balanced (WPB) functions, where $\mathrm{wt}(x)$ denotes the
Hamming weight of $x$. In this paper, we firstly propose two
methods of constructing weightwise perfectly balanced Boolean
functions in $2^k$ variables (where $k$ is a positive integer) by
modifying the support of linear and quadratic functions.
Furthermore, we derive a construction of $n$variable weightwise
almost perfectly balanced Boolean functions for any positive
integer $n$.
 Information Leakages in Codebased Masking: A Unified
Quantification Approach. W. Cheng, S. Guilley, C. Carlet, JL
Danger, and S. Mesnager . The Transactions on Cryptographic Hardware
and Embedded Sytems, volume 2021, issue 3 (TCHES 2021, issue 3),
2021.
Abstract :
In this paper, we present a unified approach to quantifying the
information leakages in the most general codebased masking
schemes. Specifically, by utilizing a uniform representation, we
highlight first that the sidechannel resistance of all codebased
masking schemes can be quantified by an allinone framework
consisting of two easytocompute parameters (the dual distance
and the number of conditioned codewords) from a codingtheoretic
perspective. In particular, we use signaltonoise ratio (SNR) and
mutual information (MI) as two complementary metrics, where a
closedform expression of SNR and an approximation of MI are
proposed by connecting both metrics to the two codingtheoretic
parameters. Second, taking the connection between ReedSolomon
code and SSS (Shamir’s Secret Sharing) scheme, the SSSbased
masking is viewed as a special case of generalized codebased
masking. Hence as a straightforward application, we evaluate the
impact of public points on the sidechannel security of SSSbased
masking schemes, namely the polynomial masking, and enhance the
SSSbased masking by choosing optimal public points for it.
Interestingly, we show that given a specific security order, more
shares in SSSbased masking leak more information on secrets in an
informationtheoretic sense. Finally, our approach provides a
systematic method for optimizing the sidechannel resistance of
every codebased masking. More precisely, this approach enables us
to select optimal linear codes (parameters) for the generalized
codebased masking by choosing appropriate codes according to the
two codingtheoretic parameters. Summing up, we provide a
bestpractice guideline for the application of codebased masking
to protect cryptographic implementations.
 More permutations and involutions for constructing bent
functions. Y. Li, K. Li, S. Mesnager and L. Qu. Journal
Cryptography and Communications Discrete Structures, Boolean
Functions and Sequences (CCDS). To appear.
Abstract :
Bent functions are extremal combinatorial objects with several
applications, such as coding theory, maximum length sequences,
cryptography, the theory of difference sets, etc. Based on C.
Carlet's secondary construction, S. Mesnager proposed in 2014 an
effective method to construct bent functions in their bivariate
representation by employing three permutations of the finite field
$\F_{2^m}$ satisfying an algebraic property $(\mathcal{A}_{m})$.
This paper is devoted to constructing permutations that satisfy
the property $(\mathcal{A}_{m})$ and then obtaining some explicit
bent functions. Firstly, we construct one class of involutions
from vectorial functions and further obtain some explicit bent
functions by choosing some triples of these involutions satisfying
the property $(\mathcal{A}_{m})$. We then investigate some bent
functions by involutions from trace functions and linearized
polynomials. Furthermore, based on several triples of permutations
(not all involutions) that satisfy the property
$(\mathcal{A}_{m})$ constructed by D. Bartoli et al., we give some
more general results and extend most of their work. Then we also
find several general triples of permutations that can also satisfy
the property $(\mathcal{A}_{m})$.
 Fast algebraic immunity of Boolean functions and LCD
codes. S. Mesnager and C. Tang. Journal IEEE transactions
Information Theory. To appear.
Abstract :
Nowadays, the resistance against algebraic attacks and fast
algebraic attacks is considered as an important cryptographic
property for Boolean functions used in stream ciphers. Both
attacks are very powerful analysis concepts and can be applied to
symmetric cryptographic algorithms used in stream ciphers. The
notion of algebraic immunity has received wide attention since it
is a powerful tool to measure the resistance of a Boolean function
to standard algebraic attacks. Nevertheless, an algebraic tool to
handle the resistance to fast algebraic attacks is not clearly
identified in the literature. In the current paper, we propose a
new parameter to measure the resistance of a Boolean function to
fast algebraic attack. We also introduce the notion of fast
immunity profile and show that it informs both on the resistance
to standard and fast algebraic attacks. Further, we evaluate our
parameter for two secondary constructions of Boolean functions.
Moreover, A codingtheory approach to the characterization of
perfect algebraic immune functions is presented. Via this
characterization, infinite families of binary linear complementary
dual codes (or LCD codes for short) are obtained from perfect
algebraic immune functions. Some of the binary LCD codes presented
in this paper are optimal. These binary LCD codes have
applications in armoring implementations against socalled
sidechannel attacks (SCA) and fault noninvasive attacks, in
addition to their applications in communication and data storage
systems.
 PostQuantum Secure Inner Product Functional Encryption
Using Multivariate Public Key Cryptography. S. K. Debnath, S.
Mesnager, K. Dey and N. Kundu. Journal Mediterranean Journal of
Mathematics. To appear.
Abstract :
Functional encryption (FE) is an exciting new public key paradigm
that provides solutions to most of the security challenges of
cloud computing in a noninteractive manner. In the context of FE,
inner product functional encryption (IPFE) is a widely useful
cryptographic primitive. It enables a user with secret key
$usk_\mathbf{y}$ associated to a vector $\mathbf{y}$ to retrieve
only $\langle\mathbf{x},\mathbf{y}\rangle$ from a ciphertext
encrypting a vector $\mathbf{x}$, not beyond that. In the last few
decades, several constructions of IPFE have been designed based on
traditional classical cryptosystems, which are vulnerable to large
enough quantum computers. However, there are few quantum computer
resistants i.e., postquantum IPFE. Multivariate cryptography is
one of the promising candidates of postquantum cryptography. In
this paper, we propose for the {\em firsttime multivariate
cryptographybased} IPFE. Our work achieves nonadaptive
simulationbased security under the hardness of the MQ problem.
 Cyclic bent functions and their applications in
sequences. K. Abdukhalikov, C. Ding, S. Mesnager, C. Tang, and
M. Xiong. Journal IEEE transactions Information Theory. To appear.
Abstract :
Let $m$ be an even positive integer. A Boolean bent function $f$
on $\GF{m1} \times \GF {}$ is called a \emph{cyclic bent
function} if for any $a\neq b\in \GF {m1}$ and $\epsilon \in
\GF{}$, $f(ax_1,x_2)+f(bx_1,x_2+\epsilon)$ is always bent, where
$x_1\in \GF {m1}, x_2 \in \GF {}$. Cyclic bent functions look
extremely rare. This paper focuses on cyclic bent functions on
$\GF {m1} \times \GF {}$ and their applications. The first
objective of this paper is to establish a link between quadratic
cyclic bent functions and a special type of prequasifields, and
construct a class of quadratic cyclic bent functions from the
KantorWilliams prequasifields. The second objective is to use
cyclic bent functions to construct families of optimal sequences.
The results of this paper show that cyclic bent functions have
nice applications in several fields such as coding theory,
symmetric cryptography, and CDMA communication.
 Solving $X^{q+1}+X+a=0$ over Finite Fields. K. H.
Kim, J. Choe and S. Mesnager. Journal Finite Fields and Their
Applications 70: 101797, 2021.
Abstract :
Solving the equation $P_a(X):=X^{q+1}+X+a=0$ over the finite field
$\GF{Q}$, where $Q=p^n, q=p^k$ and $p$ is a prime, arises in many
different contexts including finite geometry, the inverse Galois
problem [2], the construction of difference sets with Singer
parameters [8], determining crosscorrelation between msequences
[9,15] and the construction of errorcorrecting codes [5], as well
as speeding up the index calculus method for computing discrete
logarithms on finite fields [11, 12] and on algebraic curves [18].
Subsequently, in [3, 13, 14, 6, 4, 16, 7, 19], the $\GF{Q}$zeros
of $P_a(X)$ have been studied. It was shown in [3] that their
number is $0$, $1$, $2$ or $p^{\gcd(n, k)}+1$. Some criteria for
the number of the $\GF{Q}$zeros of $P_a(x)$ were found in
[13,14,6,16,19]. However, while the ultimate goal is to identify
all the $\GF{Q}$zeros, even in the case $p=2$, it was solved only
under the condition $\gcd(n, k)=1$ [16]. We discuss this equation
without any restriction on p and gcd(n,k). Criteria for the number
of the FQzeros of Pa(x) are proved by a new methodology. For the
cases of one or two FQzeros, we provide explicit ex pressions
for these rational zeros in terms of a. For the case of pgcd(n,k)
+1 rational zeros, we provide a parametrization of such a’s and
express the pgcd(n,k) + 1 rational zeros by using that
parametrization.
 Further study of $2$to$1$ mappings over $F_{2^n}$.
K. Li, S. Mesnager and L. Qu. Journal IEEE transactions Information
Theory. To appear.
Abstract :
$2$to$1$ mappings over finite fields play an important role in
symmetric cryptography, in particular in the constructions of APN
functions, bent functions, semibent functions. Very recently,
Mesnager and Qu [IEEE Trans. Inf. Theory 65 (12): 78847895]
provided a systematic study of $2$to$1$ mappings over finite
fields. In particular, they determined all $2$to$1$ mappings of
degree at most 4 over any finite field. In addition, another
research direction is to consider $2$to$1$ polynomials with few
terms. Some results about $2$to$1$ monomials and binomials have
been obtained in [IEEE Trans. Inf. Theory 65 (12): 78847895].
Motivated by their work, in this present paper, we push further
the study of $2$to$1$ mappings, particularly, over finite fields
with characteristic $2$ (binary case being the most interesting
for applications). Firstly, we completely determine $2$to$1$
polynomials with degree $5$ over $\gf_{2^n}$ using the well known
HasseWeil bound. Besides, we consider $2$to$1$ mappings with
few terms, mainly trinomials and quadrinomials. Using the
multivariate method and the resultant of two polynomials, we
present two classes of $2$to$1$ trinomials, which explain all
the examples of $2$to$1$ trinomials of the form $x^k+\beta
x^{\ell} + \alpha x\in\gf_{{2^n}}[x]$ with $n\le 7$, and derive
twelve classes of $2$to$1$ quadrinomials with trivial
coefficients over $\gf_{2^n}$.
 A direct proof of APNness of the Kasami functions.
C. Carlet, K. H. Kim and S. Mesnager. Journal Design Codes and
Cryptography 89(3), pages 441446, 2021.
Abstract :
Using recent results on solving the equation $X^{2^k+1}+X+a=0$
over a finite field $\GF{2^n}$ provided by the second and the
third authors, we address an open question raised by the first
author in WAIFI 2014 concerning the APNness of the Kasami
functions $x\mapsto x^{2^{2k}2^k+1}$ with $\gcd(k,n)=1$,
 Thresholdbased postquantum secure verifiable
multisecret sharing for distributed storage blockchain. S.
Mesnager, A. Sinak and O. Yayla. Journal MathematicsMDPI journals.
To appear.
Abstract :
Blockchain systems store transaction data in the form of a
distributed ledger where each node stores a copy of all data,
which gives rise to storage issues. It is wellknown that the
tremendous storage and distribution of the block data are common
problems in blockchain systems. In the literature, some types of
secret sharing schemes are employed to overcome these problems.
The secret sharing method is one of the most significant
cryptographic protocols used to ensure the privacy of the data.
The main purpose of this paper is to improve the recent
distributed storage blockchain systems by proposing an alternative
secret sharing method. We first propose a secure threshold
verifiable multisecret sharing scheme that has the verification
and private communication steps based on postquantum
latticebased hard problems. We then apply the proposed threshold
scheme to the distributed storage blockchain (DSB) system in order
to share transaction data at each block. In the proposed DSB
system, we encrypt the data block with the AES$256$ encryption
algorithm before distributing it among nodes at each block, and
both its secret key and the hash value of the block are privately
shared among nodes simultaneously by the proposed scheme.
Thereafter, in the DSB system, the encrypted data block is encoded
by the ReedSolomon code, and it is shared among nodes. We finally
analyze the storage and recovery communication costs and the
robustness of the proposed DSB system. We observe that our
approach improves effectively the recovery communication cost and
makes it more robust compared to the previous DSB systems. It also
improves extremely the storage cost of the traditional blockchain
systems. Furthermore, the proposed scheme brings to the DSB system
the desirable properties such as verification process and secret
communication without private channels in addition to the known
properties of the schemes used in the previous DSB systems.
Because of the flexibility on the threshold parameter of the
scheme, a diverse range of qualified subsets of nodes in the DSB
system can privately recover the secret values.
 A construction method of balanced rotation symmetric
Boolean functions on arbitrary even number of variables with
optimal algebraic immunity., S. Mesnager, S. Su and H. Zhang.
Journal Design Codes and Cryptography, 89(1), pp. 117, 2021.
Abstract :
Rotation symmetric Boolean functions incorporate a superclass of
symmetric functions which represent an attractive corpus for
computer investigation. These functions have been investigated
from the viewpoints of bentness and correlation immunity and have
also played a role in the study of nonlinearity. In the
literature, many constructions of balanced oddvariable rotation
symmetric Boolean functions with optimal algebraic immunity have
been derived. While it seems that the construction of balanced
evenvariable rotation symmetric Boolean functions with optimal
algebraic immunity is very hard work to breakthrough. In this
paper, we present for the first time a construction of balanced
rotation symmetric Boolean functions on an arbitrary even number
of variables with optimal algebraic immunity by modifying the
support of the majority function. The nonlinearity of the newly
constructed rotation symmetric Boolean functions is also derived.
 Linear codes with onedimensional hull associated with
Gaussian sums., L. Qian, X. Cao and S. Mesnager. Journal
Cryptography and Communications Discrete Structures, Boolean
Functions and Sequences (CCDS). To appear.
Abstract :
The hull of a linear code over finite fields, the intersection of
the code and its dual, has been of interest and extensively
studied due to its wide applications. For example, it plays a
vital role in determining the complexity of algorithms for
checking permutation equivalence of two linear codes and for
computing the automorphism group of a linear code. People are
interested in pursuing linear codes with small hulls since, for
such codes, the aforementioned algorithms are very efficient. In
this field, Carlet, Mesnager, Tang and Qi gave a systematic
characterization of LCD codes, i.e, linear codes with null hull.
In 2019, Carlet, Li and Mesnager presented some constructions of
linear codes with small hulls. In the same year, Li and Zeng
derived some constructions of linear codes with onedimensional
hull by using some specific Gaussian sums. In this paper, we use
general Gaussian sums to construct linear codes with
onedimensional hull by utilizing number fields, which generalizes
some results of Li and Zeng [Constructions of linear codes with
onedimensional hull, IEEE Trans. Inf. Theory, vol. 65, no. 3,
2019] and also of those presented by Carlet, Li and Mesnager
[Linear codes with small hulls in semiprimitive case, Des. Codes
Cryptogr., Des. Codes Cryptogr., vol. 87, no. 12, 2019]. We give
sufficient conditions to obtain such codes. Notably, some codes we
obtained are optimal or almost optimal according to the Database.
This is the first attempt on constructing linear codes by general
Gaussian sums which have onedimensional hull and are optimal.
Moreover, we also develop a bound of on the minimum distances of
linear codes we constructed.
 On those multiplicative subgroups of $ F_{2^n}^*$.,
C. Carlet and S. Mesnager. Journal of Algebraic combinatorics. To
appear.
Abstract :
We study those multiplicative subgroups of ${\mathbb F}_{2^n}^*$
which are Sidon sets and/or sumfree sets in the group $({\mathbb
F}_{2^n},+)$. These Sidon and sumfree sets play an important role
relative to the exponents of APN power functions, as shown by a
paper coauthored by the first author.
 Linear codes from vectorial Boolean functions in the
context of algebraic attacks., M. Boumezbeur, S. Mesnager and
K. Guenda, Journal Discrete Mathematics, Algorithms and Applications
(DMAA). To appear.
Abstract :
In this paper we study the relationship between vectorial
(Boolean) functions and cyclic codes in the context of algebraic
attacks. We first derive a direct link between the annihilators of
a vectorial function (in univariate form) and certain $2^{n}$ary
cyclic codes (which we show that they are LCD codes). We also
present some properties of those cyclic codes as well as their
weight enumerator. In addition we generalize the socalled
algebraic complement and study its properties.
 Optimizing Inner Product Masking Scheme by A Coding
Theory Approach., W. Cheng, S. Guilley, C. Carlet, S. Mesnager
and JL. Danger, IEEE Transactions on Information Forensics and
Security, 16, pages 220235, 2021.
Abstract :
Masking is one of the most popular countermeasures to protect
cryptographic implementations against sidechannel analysis since
it is provably secure and can be deployed at the algorithm level.
To strengthen the original Boolean masking scheme, several works
have suggested using schemes with high algebraic complexity. The
Inner Product Masking (IPM) is one of those. In this paper, we
propose a unified framework to quantitatively assess the
sidechannel security of the IPM in a codingtheoretic approach.
Specifically, starting from the expression of IPM in a coded form,
we use two defining parameters of the code to characterize its
sidechannel resistance. In order to validate the framework, we
then connect it to two leakage metrics (namely signaltonoise
ratio and mutual information, from an informationtheoretic
aspect) and one typical attack metric (success rate, from a
practical aspect) to build a firm foundation for our framework. As
an application, our results provide ultimate explanations on the
observations made by Balasch et al. at EUROCRYPT’15 and at
ASIACRYPT’17, Wang et al. at CARDIS’16 and Poussier et al. at
CARDIS’17 regarding the parameter effects in IPM, like higher
security order in bounded moment model. Furthermore, we show how
to systematically choose optimal codes (in the sense of a concrete
security level) to optimize IPM by using this framework.
Eventually, we present a simple but effective algorithm for
choosing optimal codes for IPM, which is of special interest for
designers when selecting optimal parameters for IPM.
 Letters for postquantum cryptography standard
evaluation. J. Ding, S. Mesnager and LC. Wang. Journal Adv.
Math. Commun. 14(1), 2020.
 New characterizations and construction methods of bent
and hyperbent Boolean functions., S. Mesnager, B. Mandal and
C. Tang. Journal Discrete Mathematics, 343 (11), 112081, 2020.
Abstract :
In this paper, we first derive a necessary and sufficient
condition for a bent Boolean function by analyzing their support
set. Next, using this condition and the Pless power moment
identities, we propose a construction method of bent functions of
$2k$ variables by a suitable choice of $2k$dimension subspace of
$\mathbb F_2^{2^{2k1}2^{k1}}$. Further, we extend our results
to the socalled hyperbent functions.
 Solving some affine equations over finite fields., S.
Mesnager, K. H. Kim, J. H. Choe and D. N. Lee. Journal Finite Fields
and their Applications, 68, 101746, 2020.
Abstract :
Let $l$ and $k$ be two integers such that $l  k$. Define
$T_l^k(X):=X+X^{p^l}+\cdots+X^{p^{k2l}}+X^{p^{kl}}$ and
$S_l^k(X):=XX^{p^l}+\cdots+(1)^{(k/l1)}X^{p^{kl}}$, where $p$
is any prime. This paper gives explicit representations of all
solutions in $\GF{p^n}$ to the affine equations $T_l^{k}(X)=a$ and
$S_l^{k}(X)=a$, $a\in \GF{p^n}$. The case $p=2$ was solved very
recently in \cite{MKCL2019}. The results of this paper reveal
another solution.
 On the boomerang uniformity of quadratic permutations.,
S. Mesnager, C. Tang and M. Xiong. Journal Design Codes and
Cryptography 88(10), pages 22332246, 2020.
Abstract :
At Eurocrypt'18, Cid, Huang, Peyrin, Sasaki, and Song introduced a
new tool called Boomerang Connectivity Table (BCT) for measuring
the resistance of a block cipher against the boomerang attack
which is an important cryptanalysis technique introduced by Wagner
in 1999 against block ciphers. Next, Boura and Canteaut introduced
an important parameter related to the BCT for cryptographic
Sboxes called boomerang uniformity. The purpose of this paper is
to present a brief stateoftheart on the notion of boomerang
uniformity of vectorial Boolean functions (or Sboxes) and provide
new results. More specifically, we present a slightly different
but more convenient formulation of the boomerang uniformity and
prove some new identities. Moreover, we focus on quadratic
permutations in even dimension and obtain general criteria by
which they have optimal BCT. {As a consequence of the new
criteria}, two previously known results can be derived, and many
new quadratic permutations with optimal BCT (optimal means that
the maximal value in the Boomerang Connectivity Table equals the
lowest known differential uniformity) can be found. In particular,
we show that the boomerang uniformity of the binomial
differentially $4$uniform permutations presented by Bracken, Tan,
and Tan equals $4$. Furthermore, we show a link between the
boomerang uniformity and the nonlinearity for some special
quadratic permutations. Finally, we present a characterization of
quadratic permutations with boomerang uniformity $4$. With this
characterization, we show that the boomerang uniformity of a
quadratic permutation with boomerang uniformity $4$ is preserved
by the extended affine (EA) equivalence.
 Constructions of selforthogonal codes from hulls of BCH
codes and their parameters., Z. Du, C. Li, and S. Mesnager.
Journal IEEE transactions Information Theory 66(11), pages
67746785, 2020.
Abstract :
Selforthogonal codes are an interesting type of linear codes due
to their wide applications in communication and cryptography. It
is known that selforthogonal codes are often used to construct
quantum errorcorrecting codes, which can protect quantum
information in quantum computations and quantum communications.
Let $\mathcal C$ be an $[n, k]$ cyclic code over $\Bbb F_q$, where
$\Bbb F_q$ is the finite field of order $q$. The hull of $\mathcal
C$ is defined to be the intersection of the code and its dual. In
this paper, we will employ the defining sets of cyclic codes to
present two general characterizations of the hulls that have
dimension $k1$ or $k^\perp1$, where $k^\perp$ is the dimension
of the dual code $\mathcal C^\perp$. Several sufficient and
necessary conditions for primitive and projective BCH codes to
have $(k1)$dimensional (or $(k^\perp1)$dimensional) hulls are
also developed by presenting lower and upper bounds on their
designed distances. Furthermore, several classes of
selforthogonal codes are proposed via the hulls of BCH codes and
their parameters are also investigated. The dimensions and minimum
distances of some selforthogonal codes are determined explicitly.
In addition, several optimal codes are obtained.
 Recent results and problems on constructions of linear
codes from cryptographic functions, N. Li and S. Mesnager,
Journal Cryptography and Communications Discrete Structures,
Boolean Functions and Sequences (CCDS) 12(5), pages 965986, 2020.
Abstract :
Linear codes have a wide range of applications in the data storage
systems, communication systems, consumer electronics products
since their algebraic structure can be analyzed and they are easy
to implement in hardware. How to construct linear codes with
excellent properties to meet the demands of practical systems
becomes a research topic, and it is an efficient way to construct
linear codes from cryptographic functions. In this paper, we will
introduce some methods to construct linear codes by using
cryptographic functions over finite fields and present some recent
results and problems in this area.
 Solving $x^{2^k+1}+x+a=0$ in $\GF{n}$ with $\gcd(n,k)=1$,
K. H. Kim and S. Mesnager, Journal Finite Fields and Their
Applications (FFA) 63: 101630, 2020.
Abstract :
Let $N_a$ be the number of solutions to the equation
$x^{2^k+1}+x+a=0$ in $\GF {n}$ where $\gcd(k,n)=1$. In 2004, by
Bluher \cite{BLUHER2004} it was known that possible values of
$N_a$ are only 0, 1 and 3. In 2008, Helleseth and Kholosha
\cite{HELLESETH2008} found criteria for $N_a=1$ and an explicit
expression of the unique solution when $\gcd(k,n)=1$. In 2010
\cite{HELLESETH2010}, the extended version of
\cite{HELLESETH2008}, they also got criteria for $N_a=0,3$. In
2014, Bracken, Tan and Tan \cite{BRACKEN2014} presented another
criterion for $N_a=0$ when $n$ is even and $\gcd(k,n)=1$. This
paper completely solves this equation $x^{2^k+1}+x+a=0$ with only
the condition $\gcd(n,k)=1$. We explicitly calculate all possible
zeros in $\GF{n}$ of $P_a(x)$. New criteria for which $a$, $N_a$
is equal to $0$, $1$ or $3$ are byproducts of our result.
 Minimal linear codes from characteristic functions, S.
Mesnager, Y. Qi, H. Ru and C. Tang, Journal IEEE Transactions on
Information Thepry 66(9), pages 54045413, 2020.
Abstract :
Minimal linear codes have interesting applications in secret
sharing schemes and secure twoparty computation. This paper uses
characteristic functions of some subsets of $\mathbb{F}_q$ to
construct minimal linear codes. By properties of characteristic
functions, we can obtain more minimal binary linear codes from
known minimal binary linear codes, which generalizes results of
Ding et al. [IEEE Trans. Inf. Theory, vol. 64, no. 10, pp.
65366545, 2018]. By characteristic functions corresponding to
some subspaces of $\mathbb{F}_q$, we obtain many minimal linear
codes, which generalizes results of [IEEE Trans. Inf. Theory, vol.
64, no. 10, pp. 65366545, 2018] and [IEEE Trans. Inf. Theory,
vol. 65, no. 11, pp. 70677078, 2019]. Finally, we use
characteristic functions to present a characterization of minimal
linear codes from the defining set method and present a class of
minimal linear codes.
 Constructions of optimal locally recoverable codes via
Dickson polynomials, J. Liu, S. Mesnager and D. Tang. Journal
Design Codes and Cryptography (DCC) 88(9), pages 17591780, 2020
Abstract :
In 2014, Tamo and Barg have presented in a very remarkable paper a
family of optimal linear locally recoverable codes (LRC codes)
that attain the maximum possible distance (given code length,
cardinality, and locality). The key ingredients for constructing
such optimal linear LRC codes are the socalled $r$good
polynomials, where $r$ is equal to the locality of the LRC code.
In 2018, Liu et al. presented two general methods of designing
$r$good polynomials by using function composition, which led to
three new constructions of $r$good polynomials. Next, Micheli
provided a Galois theoretical framework which allows to construct
$r$good polynomials. The wellknown Dickson polynomials form an
important class of polynomials which have been extensively
investigated in recent years in different contexts. In this paper,
we provide new methods of designing $r$good polynomials based on
Dickson polynomials. Such $r$good polynomials provide new
constructions of optimal LRC codes.
 Solving $x+x^{2^l}+\cdots+x^{2^{ml}}=a$ over $\GF{2^n}$,
S. Mesnager, K. H. Kim, J. H. Choe, D. N. Lee and D. S. Go. Journal
Cryptography and Communications Discrete Structures, Boolean
Functions and Sequences (CCDS) 12(4), pages 809817, 2020.
Abstract :
This paper presents an explicit representation for the solutions
of the equation $\sum_{i=0}^{\frac kl1}x^{2^{li}} = a \in
\GF{2^n}$ for any given positive integers $k,l$ with $lk$ and
$n$, in the closed field ${\overline{\GF{2}}}$ and in the finite
field $\GF{2^n}$. As a byproduct of our study, we are able to
completely characterize the $a$'s for which this equation has
solutions in $\GF{2^n}$.
 On the number of the rational zeros of linearized
polynomials and the secondorder nonlinearity of cubic Boolean
functions, S. Mesnager, K. H. Kim and M. S. Jo, Journal
Cryptography and Communications Discrete Structures, Boolean
Functions and Sequences (CCDS) 12(4), pages 659674, 2020
Abstract :
Determine the number of the rational zeros of any given linearized
polynomial is one of the vital problems in finite field theory,
with applications in modern symmetric cryptosystems. But, the
known general theory for this task is much far from giving the
exact number when applied to a specific linearized polynomial. The
first contribution of this paper is a better general method to get
a more precise upper bound on the number of rational zeros of any
given linearized polynomial over arbitrary finite field. We
anticipate this method would be applied as a useful tool in many
research branches of finite field and cryptography. Really we
apply this result to get tighter estimations of the lower bounds
on the secondorder nonlinearities of general cubic Boolean
functions, which has been an active research problem during the
past decade. Furthermore, this paper shows that by studying the
distribution of radicals of derivatives of a given Boolean
function one can get a better lower bound of the secondorder
nonlinearity, through an example of the monomial Boolean functions
$g_{\mu}=Tr(\mu x^{2^{2r}+2^r+1})$ defined over the finite field
$\GF{n}$.
 On the MenezesTeskeWeng conjecture, S. Mesnager, K.
H. Kim, J. Choe and C. Tang, Journal Cryptography and
Communications Discrete Structures, Boolean Functions and Sequences
(CCDS) 12 (1), pages 1927, 2020.
Abstract :
In 2003, Alfred Menezes, Edlyn Teske and Annegret Weng presented a
conjecture on properties of the solutions of a type of quadratic
equations over the binary extension fields, which had been
confirmed by extensive experiments but the proof was unknown until
now. We prove that this conjecture is correct. Furthermore, using
this proved conjecture, we have completely determined the null
space of a class of linearized polynomials.
 Several classes of minimal linear codes with few weights
from weakly regular plateaued function , S. Mesnager and A.
Sinak, Journal IEEE transactions Information Theory, vol. 66, no. 4,
pp. 22962310, 2020.
Abstract :
Minimal linear codes have significant applications in secret
sharing schemes and secure twoparty computation. There are
several methods to construct linear codes, one of which is based
on functions over finite fields. Recently, many construction
methods for linear codes from functions have been proposed in the
literature. In this paper, we generalize the recent construction
methods given by Tang et al.~in [IEEE Transactions on Information
Theory, 62(3), 11661176, 2016] to weakly regular plateaued
functions over finite fields of odd characteristic. We first
construct threeweight linear codes from weakly regular plateaued
functions based on the second generic construction and then
determine their weight distributions. We also give a punctured
version and subcode of each constructed code. We note that they
may be (almost) optimal codes and can be directly employed to
obtain (democratic) secret sharing schemes, which have diverse
applications in the industry. We next observe that the constructed
codes are minimal for almost all cases and finally describe the
access structures of the secret sharing schemes based on their
dual codes.
 Codebooks from generalized bent $\mathbb{Z}_4$valued
quadratic forms , Y. Qi, S. Mesnager and C. Tang, Journal
Discrete Mathematics, 343(3), 111736, 2020.
Abstract :
Codebooks with small innerproduct correlation have applications
in unitary spacetime modulations, multiple description coding
over erasure channels, direct spread code division multiple access
communications, compressed sensing, and coding theory. It is
interesting to construct codebooks (asymptotically) achieving the
Levenshtein bound. This paper presents a class of generalized bent
$\mathbb{Z}_4$valued quadratic forms, which contains functions
proposed by Heng and Yue (Optimal codebooks achieving the
Levenshtein bound from generalized bent functions over
$\mathbb{Z}_4$. Cryptogr. Commun. 9(1), 4153, 2017). Using these
generalized bent $\mathbb{Z}_4$valued quadratic forms, we
construct optimal codebooks achieving the Levenshtein bound. These
codebooks have parameters $(2^{2m}+2^m,2^m)$ and alphabet size
$6$.
 A class of narrowsense BCH codes over $\mathbb{F}_q$ of
length $\frac{q^m1}{2}$ , X. Lin, S. Mesnager, Y. Qi and C.
Tang, Journal Design Codes and Cryptography (DCC) 88(2), pages
413427, 2020.
Abstract :
BCH codes with efficient encoding and decoding algorithms have
many applications in communications, cryptography and
combinatorial design. This paper studies a class of linear codes
of length $ \frac{q^m1}{2}$ over $\mathbb{F}_q$ with special
trace representation, where $q$ is an odd prime power. With the
help of the inner distributions of some subsets of association
schemes of quadratic forms, we determine the weight enumerators of
these codes. From determining some cyclotomic coset leaders
$\delta_i$ of cyclotomic cosets modulo $ \frac{q^m1}{2}$, we
prove that narrowsense BCH codes of length $ \frac{q^m1}{2}$
with designed distance $\delta_i=\frac{q^mq^{m1}}{2}1\frac{q^{
\lfloor \frac{m3}{2} \rfloor+i}1}{2}$ have the corresponding
trace representation, and have the minimal distance $d=\delta_i$
and the Bose distance $d_B=\delta_i$, where $1\leq i\leq \lfloor
\frac{m+11}{6} \rfloor$.
 A Proof of the BeierleKranzLeander Conjecture related
to Lightweight Multiplication in $\mathbb{F}_{2^n}$, S.
Mesnager, K. H. Kim, D. Jo, J. Choe, M. Han and D. N, Lee, Journal
Design Codes and Cryptography (DCC), 88(1), pages 5162, 2020.
Abstract :
Lightweight cryptography is an important tool for building strong
security solutions for pervasive devices with limited resources.
Due to the stringent cost constraints inherent in extremely large
applications, the efficient implementation of cryptographic
hardware and software algorithms is of utmost importance to
realize the vision of generalized computing. In CRYPTO 2016,
Beierle, Kranz and Leander have considered lightweight
multiplication in $\mathds{F}_{2^n}$. Specifically, they have
considered the fundamental question of optimizing finite field
multiplications with one fixed element and investigated which
field representation, that is which choice of basis, allows for an
optimal implementation. They have left open a conjecture related
to an XORcount of two. Using the theory of linear algebra, we
prove in the present paper that their conjecture is correct.
Consequently, this proved conjecture can be used as a reference
for further developing and implementing cryptography algorithms in
lightweight devices.
 On generalized hyperbent functions, S. Mesnager,
Journal Cryptography and Communications Discrete Structures,
Boolean Functions and Sequences (CCDS)12(3), pages 455468, 2020.
Abstract :
Hyperbent Boolean functions were introduced in 2001 by Youssef
and Gong (and initially proposed by Golomb and Gong in 1999 as a
component of Sboxes) to ensure the security of symmetric
cryptosystems but no cryptographic attack has been identified
until the one on the filtered LFSRs made by Canteaut and Rotella
in 2016. Hyperbent functions have properties still stronger than
the wellknown bent functions which were introduced by Rothaus and
already studied by Dillon and next by several researchers in more
than four decades. Hyperbent functions are very rare and whose
classification is still elusive. Therefore, not only their
characterization, but also their generation are challenging
problems. Recently, an important direction in the theory of
hyperbent functions was the extension of Boolean hyperbent
functions to whose codomain is the ring of integers modulo a power
of a prime, that is, generalized hyperbent functions. In this
paper, we synthesize previous studies on generalized hyperbent
functions in a unified framework. We provide two characterizations
of generalized hyperbent functions in terms of their digits. We
establish a complete characterization of a family of generalized
hyperbent functions defined over spreads and establish a link
between vectorial hyperbent functions found recently and that
family.
 On twotoone mappings over finite fields, S.
Mesnager and L. Qu, Journal IEEE transactions Information Theory,
65(12), pages 78847895, 2019.
Abstract :
Twotoone ($2$to$1$) mappings over finite fields play an
important role in symmetric cryptography. In particular they allow
to design APN functions, bent functions and semibent functions.
In this paper we provide a systematic study of twotoone mappings
that are defined over finite fields. We characterize such mappings
by means of the Walsh transforms. We also present several
constructions, including an AGWlike criterion, constructions with
the form of $x^rh(x^{(q1)/d})$, those from permutation
polynomials, from linear translators and from APN functions. Then
we present $2$to$1$ polynomial mappings in classical classes of
polynomials: linearized polynomials and monomials, low degree
polynomials, Dickson polynomials and MullerCohenMatthews
polynomials, etc. Lastly, we show applications of $2$to$1$
mappings over finite fields for constructions of bent Boolean and
vectorial bent functions, semibent functions, planar functions
and permutation polynomials. In all those respects, we shall
review what is known and provide several new results.
 Multiple characters transforms and generalized Boolean
functions, S. Mesnager, C. Riera and P. Stanica, Journal
Cryptography and Communications Discrete Structures, Boolean
Functions and Sequences (CCDS) 11(6), pages 12471260, 2019.
Abstract :
In this paper we investigate generalized Boolean functions whose
spectrum is flat with respect to a set of WalshHadamard
transforms defined using various complex primitive roots of $1$.
We also study some differential properties of the generalized
Boolean functions in even dimension defined in terms of these
different characters. We show that those functions have similar
properties to the vectorial bent functions. We next clarify the
case of gbent functions in odd dimension. As a byproduct of our
proofs, more generally, we also provide several results about
plateaued functions. Furthermore, we find characterizations of
plateaued functions with respect to different characters in terms
of second derivatives and fourth moments.
 Several new classes of selfdual bent functions derived
from involutions, G. Luo, X. Cao and S. Mesnager, Journal
Cryptography and Communications Discrete Structures, Boolean
Functions and Sequences (CCDS), 1(6), pages 12611273, 2019.
Abstract :
Bent functions are a kind of Boolean function which have the
maximum Hamming distance to linear and affine functions, they have
some interesting applications in combinatorics, coding theory,
cryptography and sequences. However, generally speaking, how to
find new bent functions is a hard work and is a hot research
project during the past decades. A subclass of bent functions that
has received attention since Dillon's seminal thesis (1974) is the
subclass of those Boolean functions that are equal to their dual
(or Fourier transform in Dillon's terminology): the socalled self
dual bent functions. In this paper, we propose a construction of
involutions from linear translators, and provide two methods for
constructing new involutions by utilizing some given involutions.
With the involutions presented in this paper, several new classes
of selfdual bent functions are produced.
 Minimal Linear Codes with Few Weights and Their Secret
Sharing, S. Mesnager, A. Sinak, O. Yayla, International
Journal of Information Security Science, Vol.8, No.3, pages 4452,
2019.
Abstract :
Minimal linear codes with few weights have significant
applications in secure twoparty computation and secret sharing
schemes. In this paper, we construct twoweight and threeweight
minimal linear codes by using weakly regular plateaued functions
in the wellknown construction method based on the second generic
construction. We also give punctured codes and subcodes for some
constructed minimal codes. We finally obtain secret sharing
schemes with high democracy from the dual codes of our minimal
codes.
 Linear codes with small hulls in semiprimitive case,
C. Carlet, C. Li and S. Mesnager, Journal Design Codes and
Cryptography (DCC), 87(12), pages 28132834, 2019.
Abstract :
The hull of a linear code is defined to be the intersection of the
code and its dual, and was originally introduced to classify
finite projective planes. The hull plays an important role in
determining the complexity of algorithms for checking permutation
equivalence of two linear codes and computing the automorphism
group of a linear code. It has been shown that these algorithms
are very effective in general if the size of the hull is small. It
is clear that the linear codes with the smallest hull are LCD
codes and with the second smallest hull are those with
onedimensional hull. In this paper, we employ character sums in
semiprimitive case to construct LCD codes and linear codes with
onedimensional hull from cyclotomic fields and multiplicative
subgroups of finite fields. Some sufficient and necessary
conditions for these codes are obtained, where prime ideal
decompositions of prime $p$ in cyclotomic fields play a key role.
In addition, we show the nonexistence of these codes in some
cases.
 Further study on the maximum number of bent components of
vectorial functions, S. Mesnager, F. Zhang, C. Tang and Y.
Zhou, Journal Design Codes and Cryptography (DCC), 87(11):
25972610, 2019.
Abstract :
In 2018, Pott et al. have studied in [IEEE Transactions on
Information Theory. Volume: 64, Issue: 1, 2018] the maximum number
of bent components of vectorial functions. They have presented
many nice results and suggested several open problems in this
context. This paper is in the continuation of their study in which
we solve two open problems raised by Pott et al. and partially
solve an open problem raised by the same authors. Firstly, we
prove that for a vectorial function, the property of having the
maximum number of bent components is invariant under the socalled
CCZ equivalence. Secondly, we prove the nonexistence of APN
plateaued functions having the maximum number of bent components.
In particular, quadratic APN functions cannot have the maximum
number of bent components. Finally, we present some sufficient
conditions that the vectorial function defined from
$\mathbb{F}_{2^{2k}}$ to $\mathbb{F}_{2^{2k}}$ by its univariate
representation: $$ \alpha
x^{2^i}\left(x+x^{2^k}+\sum\limits_{j=1}^{\rho}\gamma^{(j)}x^{2^{t_j}}
+\sum\limits_{j=1}^{\rho}\gamma^{(j)}x^{2^{t_j+k}}\right)$$ has
the maximum number of { bent components, where $\rho\leq k$}.
Further, we show that the differential spectrum of the function $
x^{2^i}(x+x^{2^k}+x^{2^{t_1}}+x^{2^{t_1+k}}+x^{2^{t_2}}+x^{2^{t_2+k}})$
(where $i,t_1,t_2$ satisfy some conditions) is different from the
binomial function $F^i(x)= x^{2^i}(x+x^{2^k})$ presented in the
article of Pott et al.
 Some (almost) optimally extendable linear codes, C.
Carlet, C. Li and S. Mesnager, Journal Design Codes and
Cryptography, 87(12), pages 28132834, 2019
Abstract :
Sidechannel attacks (SCA) and fault injection attacks (FIA) are
nowadays important cryptanalysis methods on the implementations of
block ciphers, which represent huge threats. Direct sum masking
(DSM) has been proposed to protect the sensitive data stored in
registers against both SCA and FIA. It uses two linear codes
$\mathcal C$ and $\mathcal D$ whose sum is direct and equals $\Bbb
F_q^n$. The resulting security parameter is the pair $(d(\mathcal
C)1,d({\mathcal D}^\perp)1)$. For being able to protect not only
the sensitive input data stored in registers against SCA and FIA
but the whole algorithm (which is required at least in software
applications), it is necessary to change $\mathcal C$ and
$\mathcal D$ into $\mathcal C^\prime$, which has the same minimum
distance as $\mathcal C$, and $\mathcal D^\prime$, which may have
smaller dual distance than $\mathcal D$. Precisely, $\mathcal
D^\prime$ is the linear code obtained by appending on the right of
its generator matrix the identity matrix with the same number of
rows. It is then highly desired to construct linear codes
$\mathcal D$ such that $d({\mathcal D^\prime}^\perp)$ is very
close to $d({\mathcal D}^\perp)$. In such case, we say that
$\mathcal D$ is almost optimally extendable (and is optimally
extendable if $d({\mathcal D^\prime}^\perp)= d(\mathcal
D^\perp)$). In general, it is notoriously difficult to determine
the minimum distances of the codes $\mathcal D^\perp$ and
${\mathcal D^\prime}^\perp$ simultaneously.
 Weightwise perfectly balanced functions with high
weightwise nonlinearity profil, J. Liu and S. Mesnager,
Journal Designs, Codes and Cryptography (DCC) 87(8), pages
17971813, 2019.
Abstract :
Boolean functions satisfying good cryptographic criteria when
restricted to the set of vectors with constant Hamming weight play
an important role in the recent FLIP stream
cipher~\cite{Meaux2016}. In this paper, we propose a large class
of weightwise perfectly balanced (WPB) functions, which is
$2$rotation symmetric. This new class of WPB functions is not
extended affinely equivalent to the known constructions. We also
discuss the weightwise nonlinearity profile of these functions,
and present general lower bounds on $k$weightwise nonlinearity,
where $k$ is a power of $2$. Moreover, we exhibit a subclass of
the family. By a recursive lower bound, we show that these
subclass of WPB functions have very high weightwise nonlinearity
profile
 On qary plateaued functions over $F_q$ and their
explicit characterizations, S. Mesnager, F. Ozbudak, A. Sinak
and G. Cohen, European Journal of Combinatorics 80, pages 7181,
2019
Abstract :
Plateaued and bent functions play a significant role in
cryptography, sequence theory, coding theory and combinatorics. In
1997, Coulter and Matthews redefined bent functions over any
finite field $\F_q$ where $q$ is a prime power, and established
their properties. The objective of this work is to redefine the
notion of plateaued functions over $\F_q$, and to present several
explicit characterizations of those functions. We first give, over
$\F_q$, the notion of $q$ary plateaued functions, which relies on
the concept of the WalshHadamard transform in terms of canonical
additive character of $\F_q$. We then give a concrete example of
$q$ary plateaued function, that is not vectorial $p$ary
plateaued function. This suggests that the study of plateauedness
is also significant for $q$ary functions over $\F_q$. We finally
characterize $q$ary plateaued functions in terms of derivatives,
Walsh power moments and autocorrelation functions.
 On the nonlinearity of Boolean functions with restricted
input, S. Mesnager, Z. Zhou and C. Ding, Journal Cryptography
and Communications Discrete Structures, Boolean Functions and
Sequences (CCDS), 11(1) pages 6376, 2019.
Abstract :
Very recently, Carlet, M\'eaux and Rotella have studied the main
cryptographic features of Boolean functions when, for a given
number $n$ of variables, the input to these functions is
restricted to some subset $E$ of $\F^n$. Their study includes the
particular case when $E$ equals the set of vectors of fixed
Hamming weight, which is important in the robustness of the
Boolean function involved in the FLIP stream cipher. In this paper
we focus on the nonlinearity of Boolean functions with restricted
input and present new results related to the analysis of this
nonlinearity improving the upper bound given by Carlet et al.
 Linear codes from weakly regular plateaued functions and
their secret sharing schemes, S. Mesnager, F. Ozbudak and A.
Sinak, Journal Designs, Codes and Cryptography (DCC), Volume 87,
Issue 2–3, pages 463–480, 2019.
Abstract :
Linear codes, the most significant class of codes in coding
theory, have diverse applications in secret sharing schemes,
authentication codes, communication, data storage devices and
consumer electronics. The main objectives of this paper are
twofold: to construct threeweight linear codes from plateaued
functions over finite fields, and to analyze the constructed
linear codes for secret sharing schemes. To do the first one, we
generalize the recent contribution of Mesnager given in
[Cryptography and Communications 9(1), 7184, 2017]. We first
introduce the notion of (non)weakly regular plateaued functions
over $\F_p$, with $p$ an odd prime. We next construct threeweight
linear $p$ary (resp. binary) codes from weakly regular $p$ary
plateaued (resp. Boolean plateaued) functions and determine their
weight distributions. We finally show that the constructed linear
codes can be used to construct secret sharing schemes with
``nice'' access structures. To the best of our knowledge, the
construction of linear codes from plateaued functions over $\F_p$,
with $p$ an odd prime, is studied in this paper for the first time
in the literature.
 New characterization and parametrization of LCD codes,
C. Carlet, S. Mesnager, C. Tang and Y. Qi, Journal IEEE Transactions
on Information TheoryIT, 65(1) pages 3949, 2019.
Abstract :
Linear complementary dual (LCD) cyclic codes were referred
historically to as reversible cyclic codes, which had applications
in data storage. Due to a newly discovered application in
cryptography, there has been renewed interest in LCD codes. In
particular, it has been shown that binary LCD codes play an
important role in implementations against sidechannel attacks and
fault injection attacks. In this paper, we first present a new
characterization of binary LCD codes in terms of their orthogonal
or symplectic basis. Using such a characterization, we solve a
conjecture proposed by Galvez et al. on the minimum distance of
binary LCD codes. Next, we consider the action of the orthogonal
group on the set of all LCD codes, determine all possible orbits
of this action, derive simple closed formulas of the size of the
orbits, and present some asymptotic results on the size of the
corresponding orbits. Our results show that almost all binary LCD
codes are oddlike codes with oddlike duals, and about half of
$q$ary LCD codes have orthonormal basis, where $q$ is a power of
an odd prime.
 On $sigma$LCD codes, C. Carlet, S. Mesnager, C. Tang
and Y. Qi, Journal IEEE Transactions on Information TheoryIT.
Volume 65, Issue 3, pages 16941704, 2019.
Abstract :
Linear complementary pairs (LCP) of codes play an important role
in armoring implementations against sidechannel attacks and fault
injection attacks. One of the most common ways to construct LCP of
codes is to use Euclidean linear complementary dual (LCD) codes.
In this paper, we first introduce the concept of linear codes with
$\sigma$ complementary dual ($\sigma$LCD), which includes known
Euclidean LCD codes, Hermitian LCD codes, and Galois LCD codes.
Like Euclidean LCD codes, $\sigma$LCD codes can also be used to
construct LCP of codes. We show that, for $q > 2$, all $q$ary
linear codes are $\sigma$LCD and that, for every binary linear
code $\mathcal C$, the code $\{0\}\times \mathcal C$ is
$\sigma$LCD. Further, we study deeply $\sigma$LCD generalized
quasicyclic (GQC) codes. In particular, we provide
characterizations of $\sigma$LCD GQC codes, selforthogonal GQC
codes and selfdual GQC codes, respectively. Moreover, we provide
constructions of asymptotically good $\sigma$LCD GQC codes.
Finally, we focus on $\sigma$LCD abelian codes and prove that all
abelian codes in a semisimple group algebra are $\sigma$LCD. The
results derived in this paper extend those on the classical LCD
codes and show that $\sigma$LCD codes allow the construction of
LCP of codes more easily and with more flexibility.
 Linear codes over $F_q$ are equivalent to LCD codes for
$q>3$, C. Carlet, S. Mesnager, C. Tang, Y. Qi and R.
Pellikaan, Journal IEEE Transactions on Information TheoryIT,
Volume 64, Issue 4, pages 30103017, 2018.
Abstract :
Linear codes with complementary duals (abbreviated LCD) are linear
codes whose intersection with their dual are trivial. When they
are binary, they play an important role in armoring
implementations against sidechannel attacks and fault injection
attacks. Nonbinary LCD codes in characteristic 2 can be
transformed into binary LCD codes by expansion. In this paper, we
introduce a general construction of LCD codes from any linear
codes. Further, we show that any linear code over $\mathbb F_{q}
(q>3)$ is equivalent to a Euclidean LCD code and any linear
code over $\mathbb F_{q^2} (q>2)$ is equivalent to a Hermitian
LCD code. Consequently an $[n,k,d]$linear Euclidean LCD code over
$\mathbb F_q$ with $q>3$ exists if there is an $[n,k,d]$linear
code over $\mathbb F_q$ and an $[n,k,d]$linear Hermitian LCD code
over $\mathbb F_{q^2}$ with $q>2$ exists if there is an
$[n,k,d]$linear code over $\mathbb F_{q^2}$. Hence, when $q>3$
(resp. $q>2$) $q$ary Euclidean (resp. $q^2$ary Hermitian) LCD
codes possess the same asymptotical bound as $q$ary linear codes
(resp. $q^2$ary linear codes). This gives a direct proof that
every triple of parameters $[n,k,d]$ which is attainable by linear
codes over $\mathbb F_{q}$ with $q>3$ (resp. over $\mathbb
F_{q^2}$ with $q>2$) is attainable by Euclidean LCD codes
(resp. by Hermitian LCD codes). In particular there exist families
of $q$ary Euclidean LCD codes ($q>3$) and $q^2$ary Hermitian
LCD codes ($q>2$) exceeding the asymptotical GilbertVarshamov
bound. Further, we give a second proof of these results using the
theory of Gr\"obner bases. Finally, we present a new approach of
constructing LCD codes by extending linear codes.
 $2$correcting Lee Codes: (Quasi)Perfect Spectral
Conditions and Some Constructions,S. Mesnager, C. Tang and Y.
Qi, Journal IEEE Transactions on Information TheoryIT, Volume 64,
Issue 4, pages 30313041, 2018.
Abstract :
Let $p$ be an odd prime. Recently, Camarero and Mart\'{\i}nez (in
``Quasiperfect Lee codes of radius $2$ and arbitrarily large
dimension", IEEE Trans. Inform. Theory, vol. 62, no. 3, 2016)
constructed some $p$ary $2$quasiperfect Lee codes for $p\equiv
\pm 5 \pmod{12}$. In this paper, some infinite classes of $p$ary
$2$quasiperfect Lee codes for any odd prime $p$ with flexible
length and dimension are presented. More specifically, we provide
a new method for constructing quasiperfect Lee codes. Our
approach uses subsets derived from some quadratic curves over
finite fields (in odd characteristic) to obtain two classes of
$2$quasiperfect Lee codes defined in the space $\mathbb{Z}_p^n$
for $n=\frac{p^k+1}{2}$ $(\text{with} ~p\equiv 1, 5 \pmod{12}
\text{ and } k \text{ is any integer}, \text{ or } p\equiv 1, 5
\pmod{12} \text{ and } k \text{ is an even integer})$ and
$n=\frac{p^k1}{2}$ $(\text{with }p\equiv 1, 5 \pmod{12}, k
\text{ is an odd integer} \text{ and } p^k>12)$. Our codes
encompass the $p$ary ($p\equiv \pm 5 \pmod{12}$)
$2$quasiperfect Lee codes constructed by Camarero and
Mart\'{\i}nez. Furthermore, we prove that the related Cayley
graphs are Ramanujan or almost Ramanujan using Kloosterman sums.
This generalizes the work of Bibak, Kapron, and Srinivasan (in
``The Cayley graphs associated with some quasiperfect Lee codes
are Ramanujan graphs", IEEE Trans. Inform. Theory, vol. 62, no.
11, 2016) from the case $p\equiv 3 \pmod{4}$ and $k=1$ to the case
of any odd prime $p$ and positive integer $k$. Finally, we derive
some necessary conditions with the exponential sums of all
$2$perfect codes and $2$quasiperfect codes, and present a
heuristic algorithm for constructing $2$perfect codes and
$2$quasiperfect codes. Our results show that, in general, the
Cayley graphs associated with $2$perfect codes are Ramanujan.
From the algorithm, some new 2quasiperfect Lee codes different
from those constructed from quadratic curves are given. The Lee
codes presented in this paper have applications in constrained and
partialresponse channels, flash memories, and decision diagrams.
 Linear codes over $F_q$ are equivalent to LCD codes for
$q>3$, C. Carlet, S. Mesnager, C. Tang, Y. Qi and R.
Pellikaan, Journal IEEE Transactions on Information TheoryIT,
64(4), pages 30103017, 2018.
Abstract :
Linear codes with complementary duals (abbreviated LCD) are linear
codes whose intersection with their dual are trivial. When they
are binary, they play an important role in armoring
implementations against sidechannel attacks and fault injection
attacks. Nonbinary LCD codes in characteristic 2 can be
transformed into binary LCD codes by expansion. In this paper, we
introduce a general construction of LCD codes from any linear
codes. Further, we show that any linear code over $\mathbb F_{q}
(q>3)$ is equivalent to a Euclidean LCD code and any linear
code over $\mathbb F_{q^2} (q>2)$ is equivalent to a Hermitian
LCD code. Consequently an $[n,k,d]$linear Euclidean LCD code over
$\mathbb F_q$ with $q>3$ exists if there is an $[n,k,d]$linear
code over $\mathbb F_q$ and an $[n,k,d]$linear Hermitian LCD code
over $\mathbb F_{q^2}$ with $q>2$ exists if there is an
$[n,k,d]$linear code over $\mathbb F_{q^2}$. Hence, when $q>3$
(resp. $q>2$) $q$ary Euclidean (resp. $q^2$ary Hermitian) LCD
codes possess the same asymptotical bound as $q$ary linear codes
(resp. $q^2$ary linear codes). This gives a direct proof that
every triple of parameters $[n,k,d]$ which is attainable by linear
codes over $\mathbb F_{q}$ with $q>3$ (resp. over $\mathbb
F_{q^2}$ with $q>2$) is attainable by Euclidean LCD codes
(resp. by Hermitian LCD codes). In particular there exist families
of $q$ary Euclidean LCD codes ($q>3$) and $q^2$ary Hermitian
LCD codes ($q>2$) exceeding the asymptotical GilbertVarshamov
bound. Further, we give a second proof of these results using the
theory of Gr\"obner bases. Finally, we present a new approach of
constructing LCD codes by extending linear codes.
 Statistical integral distinguisher with multistructure
and its application on AESlike ciphers, T. Cui, H. Chen, S.
Mesnager, L. Sun and M. Wang Cryptography and Communications 10(5),
pages 755776, 2018.
Abstract :
Integral attack is one of the most powerful tool in the field of
symmetric ciphers. In order to reduce the time complexity of
original integral one, Wang \textit{et al.} firstly proposed a
statistical integral distinguisher at FSE'16. However, they don't
consider the cases that there are several integral properties on
output and multiple structures of data should be used at the same
time. In terms of such case, we put forward a new statistical
integral distinguisher, which enables us to reduce the data
complexity comparing to the traditional integral ones under
multiple structures. As illustrations, we use it into the
knownkey distinguishers on AESlike ciphers including AES and the
permutations of Whirlpool, PHOTON and Gr\o stl256 hash functions
based on the Gilbert's work at ASIACRYPT'14. These new
distinguishers are the best ones comparing with previous ones
under knownkey setting. Moreover, we propose a secretkey
distinguisher on 5round AES under chosenciphertext mode. Its
data, time and memory complexities are $2^{114.32}$ chosen
ciphertexts, $2^{110}$ encryptions and $2^{33.32}$ blocks. This is
the best integral distinguisher on AES with secret Sbox under
secretkey setting so far.
 On the $p$ary (Cubic)Bent and Plateaued (Vectorial)
Functions, S. Mesnager, F. Ozbudak and A. Sinak, Journal
Design, Codes, Cryptography 86(8), pages 18651892, 2018.
Abstract :
Plateaued functions play a significant role in cryptography,
sequences for communications, and the related combinatorics and
designs. Comparing to their importance, those functions have not
been studied in detail in a general framework. Our motivation is
to bring further results on the characterizations of bent and
plateaued functions, and to introduce new tools which allow us
firstly a better understanding of their structure and secondly to
get methods for handling and designing such functions. We first
characterize bent functions in terms of all even moments of the
Walsh transform, and then plateaued (vectorial) functions in terms
of the value distribution of the secondorder derivatives.
Moreover, we devote to cubic functions the characterization of
plateaued functions in terms of the value distribution of the
secondorder derivatives, and hence this reveals nonexistence of
homogeneous cubic bent (and also (homogeneous) cubic plateaued for
some cases) functions in odd characteristic. We use a rank notion
which generalizes the rank notion of quadratic functions. This
rank notion reveals new results about (homogeneous) cubic
plateaued functions. Furthermore, we observe nonexistence of a
function whose absolute Walsh transform takes exactly $3$ distinct
values (one being zero). We finally provide a new class of
functions whose absolute Walsh transform takes exactly $4$
distinct values (one being zero).
 New constructions of optimal locally recoverable codes
via good polynomials, J. Liu, S. Mesnager and L. Chen, Journal
IEEE Transactions on Information TheoryIT, 64(2) pages 889899,
2018.
Abstract :
In recent literature, a family of optimal linear locally
recoverable codes (LRC codes) that attain the maximum possible
distance (given code length, cardinality, and locality) is
presented. The key ingredient for constructing such optimal linear
LRC codes is the socalled rgood polynomials, where r is equal to
the locality of the LRC code. However, given a prime p, known
constructions of rgood polynomials over some extension field of
Fp exist only for some special integers r, and the problem of
constructing optimal LRC codes over small field for any given
locality is still open. In this paper, by using function
composition, we present two general methods of designing good
polynomials, which lead to three new constructions of rgood
polynomials. Such polynomials bring new constructions of optimal
LRC codes. In particular, our constructed polynomials as well as
the power functions yield optimal (n; k; r) LRC codes over Fq for
all positive integers r as localities, where q is near the code
length n.
 Complementary dual algebraic geometry codes, S.
Mesnager, C. Tang and Y. Qi, Journal IEEE Transactions on
Information TheoryIT 64(4) pages 23902397, 2018.
Abstract :
Linear complementary dual (LCD) codes is a class of linear codes
introduced by Massey in 1964. LCD codes have been extensively
studied in literature recently. In addition to their applications
in data storage, communications systems, and consumer electronics,
LCD codes have been employed in cryptography. More specifically,
it has been shown that LCD codes can also help improve the
security of the information processed by sensitive devices,
especially against socalled sidechannel attacks (SCA) and fault
noninvasive attacks. In this paper, we are interested in the
construction of particular algebraic geometry (AG) LCD codes which
could be good candidates to be resistant against SCA. We firstly
provide a construction scheme for obtaining LCD codes from any
algebraic curve. Then, some explicit LCD codes from elliptic
curves are presented. MDS codes are of the most importance in
coding theory due to their theoretical significance and practical
interests. In this paper, all the constructed LCD codes from
elliptic curves are MDS or almost MDS. Some infinite classes of
LCD codes from elliptic curves are optimal due to the Griesmer
bound. Finally, we also derive some explicit LCD codes from
hyperelliptic curves and Hermitian curves.
 Bent functions from involutions over $F_2^n$, R.
Coulter and S. Mesnager, Journal IEEE Transactions on Information
TheoryIT,Volume 64, Issue 4, pages 29792986, 2018.
Abstract :
Bent functions are maximally nonlinear Boolean functions.
Introduced by Rothaus and first examined by Dillon, these
important functions have subsequently been studied by many
researchers over the last four decades. Since a complete
classification of bent functions appears elusive, many researchers
concentrate on methods for constructing bent functions. In this
paper, we investigate constructions of bent functions from
involutions over finite fields in even characteristic. We present
a generic construction technique, study its equivalence issues and
show that linear involutions (which are an important class of
permutations) over finite fields give rise to bent functions in
bivariate representations. In particular, we exhibit new
constructions of bent functions involving binomial linear
involutions whose dual functions are directly obtained without
computation. The existence of bent functions from involutions
relies heavily on solving systems of equations over finite fields.
 Classification of bent monomials, constructions of bent
multinomials and upper bounds on the nonlinearity of vectorial
functions, Y. Xu, C. Carlet, S. Mesnager and C. Wu, Journal
IEEE Transactions on Information TheoryIT, Vol. 64, Issue 1, pages
367383, 2018.
Abstract :
The paper is composed of two main parts related to the
nonlinearity of vectorial functions. The first part is devoted to
maximally nonlinear $(n,m)$functions (the socalled bent
vectorial functions) which contribute to an optimal resistance to
both linear and differential attacks on symmetric cryptosystems.
They can be used in block ciphers at the cost of additional
diffusion/compression/expansion layers, or as building blocks for
the construction of substitution boxes (Sboxes) and they are also
useful for constructing robust codes and algebraic manipulation
detection codes. A main issue on bent vectorial functions is to
characterize bent monomial functions $Tr_{m}^n (\lambda x^d)$ from
$\mathbb{F}_{2^n}$ to $\mathbb{F}_{2^m}$ (where $m$ is a divisor
of $n$) leading to a classification of those bent monomials. We
also treat the case of functions with multiple trace terms
involving general results and explicit constructions. Furthermore,
we investigate some open problems raised by Pasalic et al. and
Muratovi\'cRibi\'c et al. in a series of papers on vectorial
functions. The second part is devoted to the nonlinearity of
$(n,m)$functions. No tight upper bound is known when $m$ is
between $frac n2$ and $n$. The covering radius bound is the only
known upper bound in this range (the SidelnikovChabaudVaudenay
bound coincides with it when $m=n1$ and it has no sense when $m$
is less than $n1$). Finding better bounds is an open problem
since the 90s. Moreover, no bound has been found during the last
23 years which improve upon the covering radius bound for a large
part of $(n,m)$functions. We derive such upper bounds for
functions which are sufficiently unbalanced or which satisfy some
conditions. These upper bounds imply some necessary conditions for
vectorial functions to have large nonlinearity.
 Decomposing generalized bent and hyperbent functions,T.
Martinsen, W. Meidl, S. Mesnager and P. Stanica, Journal IEEE
Transactions on Information TheoryIT, Vol 63, Issue 12, pages
78047812, 2017.
Abstract :
In this paper we introduce generalized hyperbent functions from
$\F_{2^n}$ to $\Z_{2^k}$, and investigate decompositions of
generalized (hyper)bent functions. We show that generalized
(hyper)bent functions $f$ from $\F_{2^n}$ to $\Z_{2^k}$ consist of
components which are generalized (hyper)bent functions from
$\F_{2^n}$ to $\Z_{2^{k^\prime}}$ for some $k^\prime less than k$.
For even $n$, most notably we show that the ghyperbentness of $f$
is equivalent to the hyperbentness of the components of $f$ with
some conditions on the WalshHadamard coefficients. For odd $n$,
we show that the Boolean functions associated to a generalized
bent function form an affine space of semibent functions. This
complements a recent result for even $n$, where the associated
Boolean functions are bent.
 Generalized plateaued functions and admissible
(plateaued) functions, S. Mesnager, C. Tang and Y. Qi ,
Journal IEEE Transactions on Information TheoryIT, Vol. 61, Issue
10, pages 61396148, 2017.
Abstract :
Plateaued functions are very important cryptographic functions due
to their various desirable cryptographic characteristics. We point
out that plateaued functions are more general than bent functions
(that is, functions with maximum nonlinearity). Some Boolean
plateaued functions have large nonlinearity, which provides
protection against fast correlation attacks when they are used as
combiners or filters in stream ciphers, and contributes, when they
are the component functions of the substitution boxes in block
ciphers, to protection against linear cryptanalysis. Pary
plateaued functions have attracted recently some attention in the
literature and many activities on generalized pary functions have
been carried out. This paper increases our knowledge on plateaued
functions in the general context of generalized pary functions.
We firstly introduce two new versions of plateaued functions,
which we shall call generalized plateaued functions and admissible
plateaued functions. The generalized plateaued functions extends
the standard notion of plateaued pary functions to those whose
outputs are in the ring Zpk . Next, we study the generalized
plateaued functions and use admissible plateaued functions to
characterize the generalized plateaued functions by means of their
components. Finally, we provide for the first time two
constructions of generalized plateaued functions. In particular,
we generalize a known secondary construction of binary generalized
bent functions and derive constructions of binary generalized
plateaued functions with different amplitude.
 Fast algebraic immunity of Boolean functions, S.
Mesnager and G. Cohen, Journal Advances in Mathematics of
Communications (AMC), Vol 11, No. 2, pages 373377, 2017.
Abstract :
Since 1970, Boolean functions have been the focus of a lot of at
tention in cryptography. An important topic in symmetric ciphers
concerns the cryptographic properties of Boolean functions and
constructions of Boolean functions with good cryptographic
properties, that is, good resistance to known attacks. An
important progress in cryptanalysis areas made in 2003 was the
introduction by Courtois and Meier of algebraic attacks and fast
algebraic at tacks which are very powerful analysis concepts and
can be applied to almost all cryptographic algorithms. To study
the resistance against algebraic attacks, the notion of algebraic
immunity has been introduced. In this paper, we use a parameter
introduced by Liu and al., called fast algebraic immunity, as a
tool to measure the resistance of a cryptosystem (involving
Boolean functions) to fast algebraic attacks. We prove an upper
bound on the fast algebraic im munity. Using our upper bound, we
establish the weakness of trace inverse functions against fast
algebraic attacks confiming a recent result of Feng and Gong.
 On constructions of bent, semibent and five valued
spectrum functions from old bent functions, S. Mesnager and F.
Zhang, Journal Advances in Mathematics of Communications (AMC), Vol
11, No. 2, pages 339345, 2017.
Abstract :
The paper presents methods for designing functions having many
applications in particular to construct linear codes with few
weights. The former codes have several applications in secret
sharing, authentication codes, association schemes and strongly
regular graphs. We firstly provide new secondary constructions of
bent functions generalizing the wellknown Rothaus' constructions
as well as their dual functions. From our generalization, we show
that we are able to compute the dual function of a bent function
built from Rothaus' construction. Next we present a result leading
to a new method for constructing semibent functions and few Walsh
transform values functions built from bent functions.
 On construction of bent functions involving symmetric
functions and their duals, S. Mesnager, F. Zhang and Y. Zhou,
Journal Advances in Mathematics of Communications (AMC), Vol 11, No.
2, pages 347352, 2017.
Abstract :
In this paper, we firstly compute the dual functions of elemen
tary symmetric bent functions. Next, we derive a new secondary
construction of bent functions (given with their dual functions)
involving symmetric bent functions, leading to a generalization of
the wellknow Rothaus' construction.
 Explicit constructions of bent functions from
pseudoplanar functions, K. Abdukhalikov and S. Mesnager,
Journal Advances in Mathematics of Communications (AMC), Vol 11, No.
2, pages 293299, 2017.
Abstract :
We investigate explicit constructions of bent functions which are
linear on elements of spreads. Our constructions are obtained from
symplectic presemifields which are associated to pseudoplanar
functions. The following diagram gives an indication of the main
interconnections arising in this paper: pseudoplanar functions 
commutaive presemifields  bent functions
 Linear codes with few weights from weakly regular bent
functions based on a generic construction, S. Mesnager.
International Journal Cryptography and Communications (CCDS),
Springer, 9(1) pages 7184, 2017
Abstract :
We contribute to the knowledge of linear codes with few weights
from special polyno mials and functions. Substantial efforts
(especially due to C. Ding) have been directed towards their study
in the past few years. Such codes have several applications in
secret sharing, authentication codes, association schemes and
strongly regular graphs. Based on a generic construction of linear
codes from mappings and by employing weakly reg ular bent
functions, we provide a new class of linear pary codes with three
weights given with its weight distribution. The class of codes
presented in this paper is different from those known in
literature.
 A comparison of Carlet's second order nonlinearity bounds,
S. Mesnager, G. McGrew, J. Davis, D. Steele and K. Marsten. Journal
of Computer Mathematics, 94(3) pages 427436, 2017.
Abstract :
Carlet provides two bounds on the second order nonlinearity of
Boolean functions. We construct a family of Boolean functions
where the first bound (the presumed weaker bound) is tight and the
second bound is strictly worse than the first bound. We show that
the difference between the two bounds can be made arbitrarily
large.
 Bent functions linear on elements of some classical
spreads and presemifields spreads , K. Abdukhalikov and S.
Mesnager. International Journal Cryptography and Communications
(CCDS), Springer, 9(1) pages 321, 2017.
Abstract :
Bent functions are maximally nonlinear Boolean functions with an
even number of variables. They have attracted a lot of research
for four decades because of their own sake as interesting
combinatorial objects, and also because of their relations to
coding theory, sequences and their applications in cryptography
and other domains such as design theory. In this paper we
investigate explicit constructions of bent functions which are
linear on elements of spreads. After presenting an overview on
this topic, we study bent functions which are linear on elements
of presemifield spreads and give explicit descriptions of such
functions for known commutative presemifields. A direct connection
between bent functions which are linear on elements of the
Desarguesian spread and oval polynomials over finite fields was
proved by Carlet and the second author. Very recently, further
nice extensions have been made by Carlet in another context. We
introduce oval polynomials for semifields which are dual to
symplectic semifields. In particular, it is shown that from a
linear oval polynomial for a semifield one can get an oval
polynomial for transposed semifield.
 On the nonlinearity of Sboxes and linear codes, J.
Liu, S. Mesnager et L.Chen, Journal Cryptography and Communications
Discrete Structures, Boolean Functions and Sequences (CCDS),
Springer, 9(3) pages 345361, 2017.
Abstract :
For multioutput Boolean functions (also called Sboxes), various
measures of nonlinearity have been widely discussed in the
literature but many problems are left open in this topic. The
purpose of this paper is to present a new approach to estimating
the nonlinearity of Sboxes. A more finegrained view on the
notion of nonlinearity of Sboxes is presented and new connections
to some linear codes are established. More precisely, we mainly
study the nonlinearity indicator (denoted by
$\mathcal{N}_\mathrm{v}$) for Sboxes from a coding theory point
of view. Such a cryptographic parameter $\mathcal{N}_\mathrm{v}$
is more related to best affine approximation attacks on stream
ciphers. We establish a direct link between
$\mathcal{N}_\mathrm{v}$ and the minimum distance of the
corresponding linear code. We exploit that connection to derive
the first general lower bounds on $\mathcal{N}_\mathrm{v}$ of
nonaffine functions from $\F_{2^n}$ to $\F_{2^m}$ for m dividing
n. Furthermore, we show that $\mathcal{N}_\mathrm{v}$ can be
determined directly by the weight distribution of the
corresponding linear code.
 DNA cyclic codes over rings, N. Bennenni, K. Guenda
and S. Mesnager, Journal Advances in Mathematics of Communications
(AMC), Vol 11, No. 1, pages 8398, 2017.
Abstract :
In this paper we construct new DNA cyclic codes over rings.
Firstly, we introduce a new family of DNA cyclic codes over the
ring $R=F_2[u]/(u^6)$. A direct link between the elements of such
a ring and the $64$ codons used in the amino acids of the living
organisms is established. Using this correspondence we study the
reversecomplement properties of our codes. We use the edit
distance between the codewords which is an important combinatorial
notion for the DNA strands. Next, we define the Lee weight, the
Gray map over the ring $R$ as well as the binary image of the DNA
cyclic codes allowing the transfer of studying DNA codes into
studying binary codes. Secondly, we introduce another new family
of DNA skew cyclic codes constructed over the ring $\tilde
{R}=F_2+vF_2={0,1,v,v+1\},$ where $v^2=v$. The codes obtained are
cyclic reversecomplement over the ring $\tilde {R}$. Further we
find their binary images and construct some explicit examples of
such codes.
 Involutions over the Galois field $F_2^n$, P.
Charpin, S. Mesnager and S. Sarkar. Journal IEEE Transactions on
Information TheoryIT, Volume 62, Issue 4, pages 111, 2016.
Abstract :
An involution is a permutation such that its inverse is itself
(i.e., cycle length 2). Due to this property involutions have been
used in many applications including cryptography and coding
theory. In this paper we provide a systematic study of involutions
that are defined over finite field of characteristic 2. We
characterize the involution property of several classes of
polynomials and propose several constructions. Further we study
the number of fixed points of involutions which is a pertinent
question related to permutations with short cycle. In this paper
we mostly have used combinatorial techniques.
 Dickson polynomials that are involutions, P. Charpin,
S. Mesnager and S. Sarkar. Journal Contemporary Developments in
Finite Fields and Their Applications, pages 2245, World Scientific
Press, 2016.
Abstract :
Dickson polynomials which are permutations are interesting
combinatorial objects and well studied. In this paper, we describe
Dickson polynomials of the first kind in $F_{2^n}[x]$ that are
involutions over finite fields of characteristic $2$. Such
description is obtained using modular arithmetic's tools. We give
results related to the cardinality and the number of fixed points
(in the context of cryptographic application) of this corpus. We
also present infinite classes of Dickson involutions. We study
Dickson involutions which have a minimal set of fixed points.
 Further constructions of infinite families of bent
functions from new permutations and their duals, S. Mesnager.
International Journal Cryptography and Communications (CCDS), 8(2),
pages 229246, Springer 2016.
Abstract :
A Boolean function with an even number of variables is called bent
if it is maximally nonlinear. This paper extends the recent work
of the author on bent functions ("Several new infinite families of
bent functions and their duals", IEEEIT, 60(7), pp 43974407,
2014). We exhibit several new infinite families of bent functions
with their dual (bent) functions. Some of them are obtained via
new infinite families of permutations that we provide with their
compositional inverses. We introduce secondarylike constructions
of permutations leading to the construction of several families of
bent functions.
 Yet another variation on minimal linear codes, G.
Cohen, S. Mesnager and H. Randriam. International Journal Advances
in Mathematics of Communications (AMC), Vol.10, No. 1, pages 5361,
2016.
Abstract :
Minimal linear codes are linear codes such that the support of
every codeword does not contain the support of another linearly
independent codeword. Such codes have applications in
cryptography, e.g. to secret sharing. We pursue here their study
and construct improved asymptotically good families of minimal
linear codes. We also consider quasiminimal, $t$minimal, and
$t$quasiminimal linear codes, which are new variations on this
notion.
 Further results on semibent functions in polynomial form,
X. Cao, H. Chen and S. Mesnager, Journal Advances in Mathematics of
Communications (AMC), 10(4) pages 725741, 2016.
Abstract :
Plateaued functions have been introduced by Zheng and Zhang in
1999 as good candidates for designing cryptographic functions
since they possess many desirable cryptographic characteristics.
Plateaued functions bring together various nonlinear
characteristics and include two important classes of Boolean
functions defined in even dimension: the wellknown bent functions
($0$plateaued functions) and the semibent functions
($2$plateaued functions). Bent functions have been extensively
investigated since 1976. Very recently, the study of semibent
functions has attracted a lot of attention in symmetric
cryptography. Many intensive progresses in the design of such
functions have been made especially in recent years. The paper is
devoted to the construction of semibent functions on the finite
field $\mathbb{F}_{2^n}$ ($n=2m$) in the line of a recent work of
S. Mesnager [IEEE Transactions on Information Theory, Vol 57, No
11, 2011]. We extend Mesnager's results and present a new
construction of infinite classes of binary semibent functions in
polynomial trace. The extension is achieved by inserting mappings
$h$ on $\mathbb{F}_{2^n}$ which can be expressed as $h(0) = 0$ and
$h(uy) = h_1(u)h_2(y)$ with $u$ ranging over the circle $U$ of
unity of $\mathbb{F}_{2^n}$, $y \in \mathbb{F}_{2^m}^{*}$ and $uy
\in \mathbb{F}_{2^n}^{*}$, where $h_1$ is a isomorphism on $U$ and
$h_2$ is an arbitrary mapping on $\mathbb{F}_{2^m}^{*}$. We then
characterize the semibentness property of the extended family in
terms of classical binary exponential sums and binary polynomials.
 Four decades of research on bent functions, C. Carlet
and S. Mesnager. International Journal Designs, Codes and
Cryptography (DCC),Vol. 78, No.1, pages 550, Springer, 2016.
Abstract :
In this survey, we revisit the Rothaus paper and the chapter of
Dil lon's thesis dedicated to bent functions, and we describe the
main results obtained on these functions during these last 40
years. We also cover more briefly superclasses of Boolean
functions, vectorial bent functions and bent functions in odd
characteristic.
 Variation on correlation immune Boolean and vectorial
functions, J. Liu, S. Mesnager and L. Chen. International
Journal Advances in Mathematics of Communications (AMC), 10(4) pages
895919, 2016.
Abstract :
Correlation immune functions were introduced to protect some shift
register based stream ciphers against correlation attacks.
Mathematically, the correlation immunity of a Boolean function is
a measure of the degree to which its outputs are uncorrelated with
some subset of its inputs. For cryptographic applications,
relaxing the concept of correlation immunity has been highlighted
and proved to be more appropriate in several cryptographic
situations. Various weakened notions of correlation immunity and
resiliency have been widely introduced for cryptographic
functions, but those notions are difficult to handle. As a
variation, we focus on the notion of $\varphi$correlation
immunity which is closely related to (fast) correlation attacks on
stream ciphers based on nonlinear combiner model. In particular,
we exhibit new connections between $\varphi$correlation immunity
and $\epsilon$almost resiliency, which are two distinct
approaches for characterizing relaxed resiliency. We also extend
the concept of $\varphi$correlation immunity introduced by Carlet
et al. in 2006 for Boolean functions to vectorial functions and
study the main cryptographic parameters of $\varphi$correlation
immune functions. Moreover, we provide new primary constructions
of $\varphi$resilient functions with good designed immunity
profile. Specially, we propose a new recursive method to construct
$\varphi$resilient functions with high nonlinearity, high
algebraic degree, and monotone increasing immunity profile.
 Optimal codebooks from binary codes meeting the
Levenshtein bound, C. Xiang, C. Ding, and S. Mesnager.
International Journal IEEE Transactions on Information TheoryIT
61(12), pages 65266535, 2015.
Abstract :
In this paper, a generic construction of codebooks based on binary
codes is introduced. With this generic construction, a few
previous constructions of optimal codebooks are extended, and a
new class of codebooks almost meeting the Levenshtein bound is
presented. Exponentially many codebooks meeting or amost meeting
the Levenshtein bound from binary codes are obtained in this
paper. The codebooks constructed in this paper have alphabet size
4. As a byproduct, three bounds on the parameters of binary codes
are derived.
 Bent vectorial functions and linear codes from
opolynomials, S. Mesnager. International Journal Designs,
Codes and Cryptography (DCC) 77(1), pages 99116, 2015.
Abstract :
The main topics and interconnections arising in this paper are
symmetric cryptography (Sboxes), coding theory (linear codes) and
finite projective geometry (hyperovals). The paper describes
connections between the two main areas of information theory on
the one side and finite geometry on the other side. Bent vectorial
functions are maximally nonlinear multioutput Boolean functions.
They contribute to an optimal resistance to both linear and
differential attacks of those symmetric cryptosystems in which
they are involved as substitution boxes (Sboxes). We firstly
exhibit new connections between bent vectorial functions and the
hyperovals of the projective plane, extending the recent link
between bent Boolean functions and the hyperovals. Such a link
provides several new classes of optimal vectorial bent functions.
Secondly, we exhibit surprisingly a connection between the
hyperovals of the projective plane in even characteristic and
qary simplex codes. To this end, we present a general
construction of classes of linear codes from opolynomials and
study their weight distribution proving that all of them are
constant weight codes. We show that the hyperovals of
$PG_{2}(2^m)$ from finite projective geometry provide new minimal
codes (used in particular in secret sharing schemes, to model the
access structures) and give rise to multiples of $2^r$ary ($r$
being a divisor of m) simplex linear codes (whose duals are the
perfect $2^r$ary Hamming codes) over an extension field $GF 2^r$
of $\GF 2$.
 Bent functions from spreads, S. Mesnager.
International Journal of the American Mathematical Society (AMS),
Contemporary Mathematics (Proceedings the 11th International
conference on Finite Fields and their Applications Fq11), Volume
632, pages 295316, 2015.
Abstract :
Bent functions are optimal combinatorics objects. Since the
introduction of these functions, substantial efforts have been
directed towards their study in the last three decades. In this
paper, we are interested firstly in bent functions on $\GF n$
whose restriction to $\frac{n}2$spreads are constant. The study
of such bent functions motivates the clarification of connections
between various subclasses of the class of partial bent functions
and relations to the class of hyperbent functions. We investigate
their logic relations and state results giving more insight. We
also draw a Venn diagram which explains the relations between
these classes. Secondly, we present in a synthetic way the most
important progresses obtained about the bent functions on $\GF n$
whose restrictions to $\frac{n}2$spreads are linear. Finally, we
present our advances obtained about the bent functions on $\GF n$
whose restrictions to $\frac{n}2$spreads are affine.
 Several new infinite families of bent functions and their
duals, S. Mesnager, IEEE Transactions on Information
TheoryIT, Vol. 60, No. 7, pages 43974407, 2014.
Abstract :
Bent functions are optimal combinatorial objects. Since the
introduction of these functions, substantial efforts have been
directed towards their study in the last three decades. A complete
classification of bent functions is elusive and looks hopeless
today, therefore, not only their characterization, but also their
generation are challenging problems. The paper is devoted to the
construction of bent functions. Firstly we provide several new
effective constructions of bent functions, selfdual bent
functions and antiselfdual bent functions. Secondly, we provide
seven new infinite families of bent functions by explicitly
calculating their dual functions.
 Sphere coverings and Identifying Codes, D. Auger, G.
Cohen and S. Mesnager, Journal Designs, Codes and Cryptography,
Volume 70, Issues 12, pages 37, 2014.
Abstract :
In any connected, undirected graph $G=(V,E)$, the {\it distance}
$d(x,y)$ between two vertices $x$ and $y$ of $G$ is the minimum
number of edges in a path linking $x$ to $y$ in $G$. A {\it
sphere} in $G$ is a set of the form $S_r(x) = \{ y \in V :
d(x,y)=r \},$ where $x$ is a vertex and $r$ is a nonnegative
integer called the {\it radius} of the sphere. We first address in
this paper the following question : What is the minimum number of
spheres with fixed radius $r \geq 0$ required to cover all the
vertices of a finite, connected, undirected graph $G$ ? We then
turn our attention to the Hamming Hypercube of dimension $n$, and
we show that the minimum number of spheres {\it with any radii}
required to cover this graph is either $n$ or $n+1$, depending on
the parity of $n$. We also relate the two above problems to other
questions in combinatorics, in particular to identifying codes.
 On constructions of semibent functions from bent
functions, G. Cohen and S. Mesnager, Journal Contemporary
Mathematics 625, Discrete Geometry and Algebraic Combinatorics,
Americain Mathematical Society, Pages 141154, 2014.
Abstract :
Plateaued functions are significant in cryptography as they
possess various desirable cryptographic properties. Two important
classes of plateaued functions are those of bent functions and
semibent functions, due to their combinatorial and algebraic
properties. Constructions of bent functions have been extensively
investigated. However only few constructions of semibent
functions have been proposed in the literature. In general,
finding new constructions of bent and semibent functions is not a
simple task. The paper is devoted to the construction of semibent
functions with even number of variables. We show that bent
functions give rise to primary and secondarylike constructions of
semibent functions.
 An efficient characterization of a family of hyperbent
functions with multiple trace terms, J. P. Flori and S.
Mesnager, Journal of Mathematical Cryptology. Vol 7 (1), pages
4368, 2013.
Abstract :
The connection between exponential sums and algebraic varieties
has been known for at least six decades. Recently, Lisoněk
exploited it to reformulate the CharpinGong characterization of
a large class of hyperbent functions in terms of numbers of
points on hyperelliptic curves. As a consequence, he obtained a
polynomial time and space algorithm for certain subclasses of
functions in the CharpinGong family. In this paper, we settle a
more general framework, together with detailed proofs, for such an
approach and show that it applies naturally to a distinct family
of functions proposed by Mesnager. Doing so, a polynomial time and
space test for the hyperbentness of functions in this family is
obtained as well. Nonetheless, a straightforward application of
such results does not provide a satisfactory criterion for
explicit generation of functions in the Mesnager family. To
address this issue, we show how to obtain a more efficient test
leading to a substantial practical gain. We finally elaborate on
an open problem about hyperelliptic curves related to a family of
Boolean functions studied by Charpin and Gong.
 Hyperbent functions via Dillonlike exponents, S.
Mesnager and J. P. Flori, IEEE Transactions on Information
TheoryIT. Vol 59 (5), pages 3215 3232, 2013.
Abstract :
This paper is devoted to hyperbent functions with multiple trace
terms (including binomial functions) via Dillonlike exponents. We
show how the approach developed by Mesnager to extend the
CharpinGong family, which was also used by Wang \etal to obtain
another similar extension, fits in a much more general setting.To
this end, we first explain how the original restriction for
CharpinGong criterion can be weakened before generalizing the
Mesnager approach to arbitrary Dillonlike exponents. Afterward,
we tackle the problem of devising infinite families of extension
degrees for which a given exponent is valid and apply these
results not only to reprove straightforwardly the results of
Mesnager and Wang et. al, but also to characterize the
hyperbentness of several new infinite classes of Boolean
functions. We go into full details only for a few of them, but
provide an algorithm (and the corresponding software) to apply
this approach to an infinity of other new families. Finally, we
propose a reformulation of such characterizations in terms of
hyperelliptic curves and use it to actually build hyperbent
functions in cases which could not be attained through naive
computations of exponential sums.
 Further results on Niho bent functions, L. Budaghyan,
C. Carlet, T. Helleseth, A. Kholosha and S. Mesnager, IEEE
Transactions on Information TheoryIT. Vol 58, No 11, pages
69796985, 2012.
Abstract :
Computed is the dual of the Niho bent function consisting of $2^r$
exponents that was found by Leander and Kholosha. The algebraic
degree of the dual is calculated and it is shown that this new
bent function is not of the Niho type. Finally, three infinite
classes of Niho bent functions are analyzed for their relation to
the completed MaioranaMcFarland class. This is done using the
criterion based on secondorder derivatives of a function.
 On Semibent Boolean Functions, C. Carlet and S.
Mesnager, IEEE Transactions on Information Theory. Vol 58, No 5,
pages: 32873292, 2012.
Abstract :
We show that any Boolean function, in even dimension, equal to the
sum of a Boolean function g$ which is constant on each element of
a spread and of a Boolean function $h$ whose restrictions to these
elements are all linear, is semibent if and only if g and h are
both bent. We deduce a large number of infinite classes of
semibent functions in explicit bivariate (resp. univariate)
polynomial form.
 Semibent functions from Dillon and Niho exponents,
Kloosterman sums and Dickson polynomials, S. Mesnager, IEEE
Transactions on Information Theory. Vol 57, No 11, pages 74437458,
2011.
Abstract :
Kloosterman sums have recently become the focus of much research,
most notably due to their applications in cryptography and coding
theory. In this paper, we extensively investigate the link between
the semibentness property of functions in univariate forms
obtained via Dillon and Niho functions and Kloosterman sums. In
particular, we show that zeros and the value four of binary
Kloosterman sums give rise to semibent functions in even
dimension with maximum degree. Moreover, we study the
semibentness property of functions in polynomial forms with
multiple trace terms and exhibit criteria involving Dickson
polynomials.
 On Dillon's class H of bent functions, Niho bent
functions and opolynomials, C. Carlet and S. Mesnager,
Journal of Combinatorial TheoryJCTserie A 118, pages 2392–2410,
2011.
Abstract :
One of the classes of bent Boolean functions introduced by John
Dillon in his thesis is family $H$. While this class corresponds
to a nice original construction of bent functions in bivariate
form, Dillon could exhibit in it only functions which already
belonged to the wellknown MaioranaMcFarland class. We first
notice that $H$ can be extended to a slightly larger class that we
denote by ${\cal H}$. We observe that the bent functions
constructed via Niho power functions, for which four examples are
known due to Dobbertin et al. and to LeanderKholosha, are the
univariate form of the functions of class ${\cal H}$. Their
restrictions to the vector spaces $\omega\GF {n/2}$, $\omega\in
\GF n^\star$, are linear. We also characterize the bent functions
whose restrictions to the $\omega\GF {n/2}$ s are affine. We
answer the open question raised by Dobbertin et al. in JCT A 2006
on whether the duals of the Niho bent functions introduced in the
paper are affinely equivalent to them, by explicitely calculating
the dual of one of these functions. We observe that this Niho
function also belongs to the MaioranaMcFarland class, which
brings us back to the problem of knowing whether $H$ (or ${\cal
H}$) is a subclass of the MaioranaMcFarland completed class. We
then show that the condition for a function in bivariate form to
belong to class ${\cal H}$ is equivalent to the fact that a
polynomial directly related to its definition is an opolynomial
(also called oval polynomial, a notion from finite geometry).
Thanks to the existence in the literature of 8 classes of
nonlinear opolynomials, we deduce a large number of new cases of
bent functions in ${\cal H}$, which are potentially affinely
inequivalent to known bent functions (in particular, to
MaioranaMcFarland's functions).
 Bent and Hyperbent functions in polynomial form and
their link with some exponential sums and Dickson Polynomials,
S. Mesnager, IEEE Transactions on Information Theory.Vol 57, No 9,
pages 59966009, 2011.
Abstract :
Bent functions are maximally nonlinear Boolean functions with an
even number of variables. They were introduced by Rothaus in 1976.
For their own sake as interesting combinatorial objects, but also
because of their relations to coding theory (ReedMuller codes)
and applications in cryptography (design of stream ciphers), they
have attracted a lot of research, specially in the last 15 years.
The class of bent functions contains a subclass of functions,
introduced by Youssef and Gong in 2001, the socalled hyperbent
functions, whose properties are still stronger and whose elements
are still rarer than bent functions. Bent and hyperbent functions
are not classified. A complete classification of these functions
is elusive and looks hopeless. So, it is important to design
constructions in order to know as many of (hyper)bent functions
as possible. This paper is devoted to the constructions of bent
and hyperbent Boolean functions in polynomial forms. We survey
and present an overview of the constructions discovered recently.
We extensively investigate the link between the bentness property
of such functions and some exponential sums (involving Dickson
polynomials) and give some conjectures that lead to constructions
of new hyperbent functions.
 A new class of bent and hyperbent Boolean functions in
polynomial forms, S. Mesnager, Journal Designs, Codes and
Cryptography. Volume 59, Numbers 13, pages 265279 (2011).
Abstract :
Bent functions are maximally nonlinear Boolean functions and exist
only for functions with even number of inputs. This paper is a
contribution to the construction of bent functions over $\GF{n}$
($n=2m$) having the form $f(x) = \tr {o(s_1)} (a x^ {s_1}) + \tr
{o(s_2)} (b x^{s_2})$ where $o(s_i$) denotes the cardinality of
the cyclotomic class of 2 modulo $2^n1$ which contains $s_i$ and
whose coefficients $a$ and $b$ are, respectively in
$F_{2^{o(s_1)}}$ and $F_{2^{o(s_2)}}$. Many constructions of
monomial bent functions are presented in the literature but very
few are known even in the binomial case. We prove that the
exponents $s_1=2^{m}1$ and $s_2={\frac {2^n1}3}$, where
$a\in\GF{n}$ ($a\not=0$) and $b\in\GF[4]{}$ provide a construction
of bent functions over $\GF{n}$ with optimum algebraic degree. For
$m$ odd, we give an explicit characterization of the bentness of
these functions, in terms of the Kloosterman sums. We generalize
the result for functions whose exponent $s_1$ is of the form
$r(2^{m}1)$ where $r$ is coprime with $2^m+1$. The corresponding
bent functions are also hyperbent. For $m$ even, we give a
necessary condition of bentness in terms of these Kloosterman
sums.
 On the construction of bent vectorial functions, C.
Carlet and S. Mesnager, Journal of Information and Coding Theory:
Algebraic and Combinatorial Coding Theory. Vol 1, No. 2, pages
133148 (2010).
Abstract :
This paper is devoted to the constructions of bent vectorial
functions, that is, maximally nonlinear multioutput Boolean
functions. Such functions contribute to an optimal resistance to
both linear and differential attacks of those cryptosystems in
which they are involved as substitution boxes (Sboxes). We
survey, study more in details and generalize the known primary and
secondary constructions of bent functions, and we introduce new
ones.
 Improving the lower bound on the higher order
Nonlinearity of Boolean Functions With Prescribed Algebraic
Immunity, S. Mesnager, IEEE Transactions on Information Theory
54 (8), pages 36563662 (2008).
Abstract :
The recent algebraic attacks have received a lot of attention in
cryptographic literature. The algebraic immunity of a Boolean
function quantifies its resistance to the standard algebraic
attacks of the pseudorandom generators using it as a nonlinear
filtering or combining function. Very few results have been found
concerning its relation with the other cryptographic parameters or
with the rthorder nonlinearity. As recalled by Carlet at
CRYPTO'06, many papers have illustrated the importance of the r
thorder nonlinearity profile (which includes the firstorder
nonlinearity). The role of this parameter relatively to the
currently known attacks has been also shown for block ciphers.
Recently, two lower bounds involving the algebraic immunity on the
rthorder nonlinearity have been shown by Carlet . None of them
improves upon the other one in all situations. In this paper, we
prove a new lower bound on the rthorder nonlinearity profile of
Boolean functions, given their algebraic immunity, that improves
significantly upon one of these lower bounds for all orders and
upon the other one for low orders.
 On the number of resilient Boolean functions, S.
Mesnager, Journal of Number Theory and its Applications, Vol. 5,
pages 139153, 2008.
Abstract :
Boolean functions are very important primitives of symmetric
cryptosystems. To increase the security of such cryptopsystems,
these Boolean functions have to fit several security criteria. In
particular, they have to be $m$resilient, that is, to be balanced
and $m$correlation immune. This class of Boolean function has
been widely studied by cryptographers. Nevertheless, the problem
of counting the number of $m$resilient $n$variables Boolean
functions is still challenging. In this paper, we propose a new
approach to this question. We reword this question in that to
count integer solutions of a system of linear inequalities. This
allows us to deduce two representation formulas for the number of
$m$resilient $n$variables Boolean functions.
 Improving the upper bounds on the covering Radii of
Binary ReedMuller Codes, C. Carlet and S. Mesnager, IEEE
Transactions on Information Theory 53 (1), pages 162173 (2007).
Abstract :
By deriving bounds on character sums of Boolean functions and by
using the characterizations, due to Kasami , of those elements of
the ReedMuller codes whose Hamming weights are smaller than twice
and a half the minimum distance, we derive an improved upper bound
on the covering radius of the ReedMuller code of order 2, and we
deduce improved upper bounds on the covering radii of the
ReedMuller codes of higher orders
 Test of epimorphism for finitely generated morphisms
between affine algebras over Computational rings, S. Mesnager,
Journal of Algebra and Applications, Vol 4 (4), pages 115 (2005).
Abstract :
In this paper, based on a characterization of epimorphisms of
$R$algebras given by Roby [15], we bring an algorithm testing
whether a given ﬁnitely generated morphism $f : A> B$, where A
and B are ﬁnitely presented aﬃne algebras over the same Nœtherian
commutative ring $R$, is an epimorphism of $R$algebras or not. We
require two computa tional conditions on $R$, which we call a
computational ring.
 Construction of the integral closure of an affine domain
in a finite field extension of its quotient field, S.
Mesnager, Journal of Pure and Applied Algebra, Vol 194, pages
311327 (2004).
Abstract :
The construction of the normalization of an affine domain over a
field is a classical problem solved since sixteen's by Stolzenberg
(1968) and Seidenberg (19701975) thanks to classical algebraic
methods and more recently by Vasconcelos (19911998) and de Jong
(1998) thanks to homological methods. The aim of this paper is to
explain how to use such a construction to obtain effectively the
integral closure of such a domain in any finite extension of its
quotient field, thanks to Dieudonn\'e characterization of such an
integral closure. As application of our construction, we explain
how to obtain an effective decomposition of a quasifinite and
dominant morphism from a normal affine irreducible variety to an
affine irreducible variety as a product of an open immersion and a
finite morphism, conformly to the classical Grothendieck's version
of Zariski's main theorem.
 On resultant criteria and formulas for the inversion of a
polynomial map, S. Mesnager, Communications in Algebra 29 (8),
pages 33273339 (2001).
Abstract :
About the inversion of a polynomial map $F : K^2 \mapsto K^2$ over
an arbitrary field $K$, it is natural to consider the following
questions: (1) Can we find a necessary and sufficient criterion in
terms of resultants for $F$ to be invertible with polynomial
inverse such that, this criterion gives an explicit formula to
compute the inverse of $F$ in this case ? (2) Can we find a
necessary and sufficient condition in terms of resultants for $F$
to be invertible with rational inverse such that, this criterion
gives an explicit formula to compute the inverse of $F$ in this
case ? MacKay and Wang [5] gave a partial answer to question (1),
by giving an explicit expression of the inverse of $F$, when $F$
is invertible without constant terms. on the other hand,Adjamagbo
and Essen \cite{AdjamagboEssen} have fully answered questions (2)
and have furnished a necessary and sufficient criterion which
relies on the existence of some constants $\lambda_1$, $\lambda_2$
in $K^\star$. We improve this result by giving an explicit
relation between $\lambda_1$, $\lambda_2$ and constants of the
Theorem of MacKay and Wang [5]. Concerning question (2), Adjamagbo
and Boury [2] give a criterion for rational maps which relies on
the existence of two polynomials $\lambda_1$, $\lambda_2$. We also
improve this result, by expliciting the relations between these
$\lambda_1$,$\lambda_2$ and the coefficients of $F$. This
improvement enables us, first to give an explicit proof of the
corresponding Theorem of Abhyankhar[1], and secondly, to give a
counter example where these $\lambda_1$,$\lambda_2$ are not in
$K^\star$, contrary to a claim of Yu [6].
Proceedings of international conferences:
(in reverse chronological order)
 Further results on bentnegabent Boolean functions.
S. Mesnager, B. ben Moussat and Z. Zhuo, Proceedings of
International Conference on Security and Privacy (ICSP 2020), 2020,
India.
Abstract :
Bent functions are optimal combinatorial objects having a lot of
applications in particular in cryptography. Since their
introduction, substantial efforts have been directed towards their
study in the last three decades. In this paper, we investigate two
families of functions possessing properties related to bentness:
the socalled negabent and bentnegabent functions, and derive
several results on their constructions and characterizations.
 Infinite Classes of sixweight linear codes derived from
weakly regular plateaued functions. S. Mesnager and A. Sinak,
the 13th International Conference on Information Security and
Cryptology 2020 with the IEEE Turkey Section Support, Turkey 2020.
Abstract :
The construction of linear codes with few weights from
cryptographic functions over finite fields has been widely studied
in the literature since linear codes have a wide range of
applications in practical systems. In this paper, to construct new
linear codes with few weights, we generalize the recent
construction method presented by Xu, Qu and Luo at SETA 2020 for
weakly regular plateaued functions over the finite fields of odd
characteristics. We derive sixweight minimal linear codes from
the subset of the preimage of weakly regular plateaued unbalanced
functions. We also construct sixweight linear codes with flexible
parameters from weakly regular bent and plateaued functions by
choosing two different subsets of the preimage of these
functions.
 Privacy as a Service: Anonymisation of NetFlow Traces.
A. Aloui, M. Msahli, T. Abdessalem, S. Mesnager and S. Bressan,
Proceedings of ICEBE 2019, pages 561571, 2019, China.
Abstract :
Effective data anonymisation is the key to unleash ing the full
potential of big data analytics while preserving pri vacy. An
organization needs to be able to share and consolidate the data it
collects across its departments and in its network of
collaborating organizations. Some of the data collected and the
crossreferences made in its aggregation is private. Effective
data anonymisation attempts to maintain the confidentiality and
privacy of the data while maintaining its utility for the purpose
of analytics. Preventing reidentification is also of particular
importance. The main purpose of this paper is to provide a
definition of an original data anonymisation paradigm in order to
render the reidentification of related users impossible. Here, we
consider the case of a NetFlow Log. The solution includes a
privacy risk analysis process the result of which is the
classification of the data based on privacy levels. We use a
dynamic Kanonymity paradigm while taking into consideration the
privacy risk assessment output. Finally, we empirically evaluate
the performance and data partition of the proposed solution.
 Threeweight minimal linear codes and their
applications. S. Mesnager, A. Sinak and O. Yayla, Proceedings
of the Second International Workshop on Cryptography and its
Applications (IWCA 2019).
Abstract :
Minimal linear codes have important applications in secret sharing
schemes and secure twoparty computation. In this paper, we first
construct linear codes with three weights from weakly regular
plateaued functions based on the second generic construction and
determine their weight distributions. We next give punctured
version of each constructed codes. We finally observe that the
constructed codes in this paper are minimal for almost all cases,
which confirms that the secret sharing schemes based on their dual
codes have the nice access structures.
 Strongly regular graphs from weakly regular plateaued
functions. S. Mesnager and A. Sinak, Proceedings of 2019 Ninth
International Workshop on Signal Design and its Applications in
Communications (IWSDA), China 2019
Abstract :
This paper presents the first construction of strongly regular
graphs and association schemes from weakly regular plateaued
functions over finite fields of odd characteristic. Indeed, we
generalize the construction method of strongly regular graphs from
weakly regular bent functions given by Chee et al. in [Journal of
Algebraic Combinatorics, 34(2), 251266, 2011] to weakly regular
plateaued functions. In this framework, we construct strongly
regular graphs with three types of parameters from weakly regular
plateaued functions with some homogeneous conditions. We also
construct a family of association schemes of class p from weakly
regular pary plateaued functions.
 Further study of $2$to$1$ mappings over $F_{2^n}$.
K. Li, S. Mesnager and L. Qu, Proceedings of 2019 Ninth
International Workshop on Signal Design and its Applications in
Communications (IWSDA), China 2019
Abstract :
2to1 mappings over finite fields play important roles in
symmetric cryptography, such as APN functions, bent functions,
semibent functions and so on. Very recently, Mesnager and Qu [9]
provided a systematic study of 2to 1 mappings over finite
fields. Particularly, they determined all 2to1 mappings of
degree $\leq4 over any finite fields. In addition, another
research direction is to consider 2to 1 polynomials with few
terms. Some results about 2to1 monomials and binomials can be
found in [9]. Motivated by their work, in this present paper, we
continue to study 2to1 mappings, particularly, over finite
fields with characteristic 2. Firstly, we determine 2to1
polynomials with degree 5 over $F_{2^n}$ completely by HasseWeil
bound. Besides, using the multivariate method and the resultant of
two polynomials, we present three classes of 2to1 trinomials and
four classes of 2to1 quadrinomials over $F_{2^n}$.
 Constructions of optimal locally recoverable codes via
Dickson polynomials. J. Liu, S. Mesnager, and D. Tang,
Proceedings of The Eleventh International Workshop on Coding and
Cryptography} (WCC 2019), SaintMalo, France
Abstract :
In 2014, Tamo and Barg have presented in a very remarkable paper a
family of optimal linear locally recoverable codes (LRC codes)
that attain the maximum possible distance (given code length,
cardinality, and locality). The key ingredient for constructing
such optimal linear LRC codes is the socalled $r$good
polynomials, where $r$ is equal to the locality of the LRC code.
In 2018, Liu et al. have presented two general methods of
designing $r$good polynomials by using function composition,
which lead to three new constructions of $r$good polynomials.
Next, Micheli has provided a Galois theoretical framework which
allows to produce $r$good polynomials. The wellknown Dickson
polynomials form an important class of polynomials which have been
extensively investigated in recent years under different contexts.
In this paper, we provide new methods of designing $r$good
polynomials based on Dickson polynomials. Such $r$good
polynomials provide new constructions of optimal LRC codes.
 On good polynomials over finite fields for optimal
locally recoverable codes. S. Mesnager, Proceedings of the
international Conference on Codes, Cryptology and Information
Security C2SI 2019, Maroc, pages 257268, 2019.
Abstract :
[This is an extended abstract of the paper [LiuMesnagerChen2018]
A locally recoverable (LRC) code is a code that enables a simple
recovery of an erased symbol by accessing only a small number of
other symbols. LRC codes currently form one of the rapidly
developing topics in coding theory because of their applications
in distributed and cloud storage systems. In 2014, Tamo and Barg
have presented in a very remarkable paper a family of LRC codes
that attain the maximum possible (minimum) distance (given code
length, cardinality, and locality). The key ingredient for
constructing such optimal linear LRC codes is the socalled
$r$good polynomials, where $r$ is equal to the locality of the
LRC code. In this extended abstract, we review and discuss good
polynomials over finite fields for constructing optimal LRC codes.
 On Plateaued Functions, Linear Structures and
Permutation Polynomials. S. Mesnager, K. Kaytannci and F.
Ozbudak, Proceedings of the international Conference on Codes,
Cryptology and Information Security C2SI 2019, Maroc, pages 217235,
2019.
Abstract :
We obtain concrete upper bounds on the algebraic immunity of a
class of highly nonlinear plateaued functions without linear
structures than the one was given recently in 2017, Cusick.
Moreover, we extend Cusick's class to a much bigger explicit class
and we show that our class has better algebraic immunity by an
explicit example. We also give a new notion of linear translator,
which includes the Frobenius linear translator given in 2018,
Cepak, Pasalic and Muratovi\'{c}Ribi\'{c} as a special case. We
find some applications of our new notion of linear translator to
the construction of permutation polynomials. Furthermore, we give
explicit classes of permutation polynomials over
$\mathbb{F}_{q^n}$ using some properties of $\mathbb{F}_q$ and
some conditions of 2011, Akbary, Ghioca and Wang.
 Characterizations of Partially Bent and Plateaued
Functions over Finite Fields S. Mesnager, F. Ozbudak and A.
Sinak Proceedings of International Workshop on the Arithmetic of
Finite Fields, WAIFI 2018, Bergen, 2018.
Abstract :
Plateaued and partially bent functions over finite fields have
significant applications in cryptography, sequence theory, coding
theory, design theory and combinatorics. They have been
extensively studied due to their various desirable cryptographic
properties. In this paper, we study on characterizations of
partially bent and plateaued (vectorial) functions over finite
fields, with the aim of clarifying their structure. We first
redefine the notion of partially bent functions over any finite
field $\F_q$, with $q$ a prime power, and then provide a few
characterizations of these functions in terms of their
derivatives, Walsh power moments and autocorrelation functions. We
next characterize partially bent (vectorial) functions over
$\F_p$, with $p$ a prime, by means of their secondorder
derivatives and Walsh power moments. We finally characterize
plateaued functions over $\F_p$ in terms of their secondorder
derivatives, autocorrelation functions and Walsh power moments.
 Construction of Some Codes Suitable for Both Side
Channel and Fault Injection Attacks. C. Carlet, C. Guneri, S.
Mesnager, and F. Ozbudak, Proceedings of International Workshop on
the Arithmetic of Finite Fields, WAIFI 2018, Bergen, 2018.
Abstract :
Using algebraic curves over finite fields, we construct some codes
suitable for being used in the countermeasure called Direct Sum
Masking which allows, when properly implemented, to protect the
whole cryptographic block cipher algorithm against side channel
attacks and fault injection attacks, simultaneously. These codes
address a problem which has its own interest in coding theory.
 A new class of threeweight linear codes from weakly
regular plateaued functions. S. Mesnager, F. Ozbudak and A.
Sinak, Proceedings of The Tenth International Workshop on Coding and
Cryptography (WCC 2017). SaintPetersburg, Russia, 2017
Abstract :
Linear codes with few weights have many applications in secret
sharing schemes, authentication codes, communication and strongly
regular graphs. In this paper, we consider linear codes with three
weights in arbitrary characteristic. To do this, we generalize the
recent contribution of Mesnager given in [Cryptography and
Communications 9(1), 7184, 2017]. We first present a new class of
binary linear codes with three weights from plateaued Boolean
functions and their weight distributions. We next introduce the
notion of (weakly) regular plateaued functions in odd
characteristic p and give concrete examples of these functions.
Moreover, we construct a new class of threeweight linear pary
codes from weakly regular plateaued functions and determine their
weight distributions. We finally analyse the constructed linear
codes for secret sharing schemes.
 Preserving Privacy in Distributed System (PPDS) Protocol:
Security analysis. A. Aloui, M. Msahli, T. Abdessalem, S.
Bressan and S. Mesnager, Proceedings of 36th IEEE International
Performance Computing and Communications Conference}, (IPCCC 2017),
San Diego, USA.
Abstract :
Within the diversity of existing Big Data and data processing
solutions, meeting the requirements of privacy and security is
becoming a real need. In this paper we tackle the security
analysis of a new protocol of data processing in distributed
system (PPDS). This protocol is composed of three phases:
authentication, node head selection and data linking. This paper
deals with its formal validation done using HLPSL language via
AVISPA. We provide also its security analysis. Some performance
analysis based on its proof of concept are also given in this
paper.
 New bent functions from permutations and linear
translators. S. Mesnager, P. Ongan and F. Ozbudak Proceedings
of the international Conference on Codes, Cryptology and Information
Security (C2SI2017), pages 282297, Springer 2017.
Abstract :
Starting from the secondary construction originally introduced by
Carlet ["On Bent and Highly Nonlinear Balanced/Resilient Functions
and Their Algebraic Immunities", Applied Algebra, Algebraic
Algorithms and ErrorCorrecting Codes, 2006], that we shall call
\Car let`s secondary construction", Mesnager has showed how one
can construct several new primary constructions of bent functions.
In particular, she has showed that three tuples of permutations
over the finite field F2m such that the inverse of their sum
equals the sum of their inverses give rise to a construction of a
bent function given with its dual. It is not quite easy to find
permutations satisfying such a strong condition (Am).
Nevertheless, Mesnager has derived several candidates of such
permutations in 2015, and showed in 2016 that in the case of
involutions, the problem of construction of bent functions amounts
to solve arithmetical and algebraic problems over finite fields.
This paper is in the line of those previous works. We present new
families of permutations satisfying (Am) as well as new infinite
families of permutations constructed from permutations in both
lower and higher dimensions. Our results involve linear
translators and give rise to new primary constructions of bent
functions given with their dual. And also, we show that our new
families are not in the class of MaioranaMcFarland in general.
 Explicit Characterizations for Plateauedness of pary
(Vectorial) Functions. C. Carlet, S. Mesnager, F. Ozbudak and
A. Sinak. Proceedings of the international Conference on Codes,
Cryptology and Information Security (C2SI2017) pages 328345,
Springer 2017.
Abstract :
Plateaued (vectorial) functions have an important role in the
sequence and cryptography frameworks. Given their importance, they
have not been studied in detail in general framework. Several
researchers found recently results on their characterizations and
introduced new tools to understand their structure and to design
such functions In this work, we mainly extend some of the
observations made in characteristic 2 and given in [C. Carlet,
IEEE T INFORM THEORY 61(11), 2015] to arbitrary characteristic. We
first extend to arbitrary characteristic the characterizations of
plateaued (vectorial) Boolean functions by the autocorrelation
functions, next their characterizations in terms of the
secondorder derivatives, and finally their characterizations via
the moments of the Walsh transform.
 On constructions of bent functions from involutions.
S. Mesnager. Proceedings of 2016 IEEE International Symposium on
Information Theory, (ISIT 2016), Barcelona, Spain, 2016.
Abstract :
Bent functions are maximally nonlinear Boolean functions. They are
important functions introduced by Rothaus and studied firstly by
Dillon and next by many researchers for four decades. Since the
complete classification of bent functions seems elusive, many
researchers turn to design constructions of bent functions. In
this paper, we show that linear involutions (which are an
important class of permutations) over finite fields give rise to
bent functions in bivariate representations. In particular, we
exhibit new constructions of bent functions involving binomial
linear involutions whose dual functions are directly obtained
without computation. The existence of bent functions from
involutions heavily relies on solving systems of equations over
finite fields.
 Partially homomorphic encryption schemes over finite
fields. J. Liu, S. Mesnager and L. Chen. Proceedings of the
Sixth International Conference on Security, Privacy and Applied
Cryptographic Engineerin (Space 2016), pages 109123, Springer,
India 2016.
Abstract :
Homomorphic encryption scheme enables computation in the encrypted
do main, which is of great importance because of its wide and
growing range of applications. The main issue with the known fully
(or partially) homomorphic encryption schemes is the high
computational complexity and large communication cost required for
their exe cution. In this work, we study symmetric partially
homomorphic encryption schemes over finite fields, establishing
relationships between homomorphisms over finite fields with qary
functions. Our proposed partially homomorphic encryption schemes
have perfect secrecy and resist cipheronly attacks to some
extent.
 A Scalable and Systolic Architectures of Montgomery
Modular Multiplication for Public Key Cryptosystems Based on DSPs.
A. Mrabet, N. ElMrabet, R. Lashermes, JB. Rigaud, B. Bouallegue,
S. Mesnager and M. Machhout. Proceedings of the Sixth International
Conference on Security, Privacy and Applied Cryptographic
Engineering (Space 2016), pages 138156, Springer, India 2016.
Abstract :
Inversion can be used in Elliptic Curve Cryptography systems and
pairingbased cryptography, which are becoming popular for Public
Key Cryptosystems. For the same security level, ECC and pairing
use much smaller key length than RSA but need modular inversion.
In ECC when points are represented in socalled affine
coordinates, the addition of two points involves a field
inversion. Some pairing require one inversion over Fp in order to
perform the final exponentiation. Usually, inversions are avoided
in Elliptic Curve Cryptography as they are expensive. For example,
inversions in affine coordinates are transform into multiplication
in Jacobian or projective coordinates. In order to improve
performance of Public Key Cryptosystems, we present an improved
algorithm for prime field modular inversion. We demonstrate that
the affine coordinates can be more efficient than projective or
jacobian for the scalar multiplication.
 Secret sharing schemes with general access structures,
J. Liu, S. Mesnager et L. Chen, proceedings of the "11th
International Conference on Information Security and Cryptology"
Inscrypt 2015 (IACR), Volume 9589, Springer, 2016.
Abstract :
Secret sharing schemes with general monotone access structures
have been widely discussed in the literature. But in some
scenarios, nonmonotone access structures may have more practical
significance. In this paper, we shed a new light on secret sharing
schemes realizing general (not necessarily monotone) access
structures. Based on an attack model for secret sharing schemes
with general access structures, we redefine perfect secret sharing
schemes, which is a generalization of the known concept of perfect
secret sharing schemes with monotone access structures. Then, we
provide for the first time two constructions of perfect secret
sharing schemes with general access structures. The first
construction can be seen as a democratic scheme in the sense that
the shares are generated by the players themselves. Our second
construction significantly enhance the efficiency of the system,
where the shares are distributed by the trusted center (TC).
 On existence (based on an arithmetical problem) and
constructions of bent functions. S. Mesnager, G. Cohen and D.
Madore. Proceedings of the fifteenth International Conference on
Cryptography and Coding, Oxford, United Kingdom, IMACC 2015, Pages
319, LNCS, Springer, Heidelberg, 2015.
Abstract :
Bent functions are maximally nonlinear Boolean functions. They are
wonderful creatures introduced by O. Rothaus in the 1960's and
studied firstly by J. Dillon since 1974. Using some involutions
over finite fields, we present new constructions of bent functions
in the line of recent Mesnager's works. One of the constructions
is based on an arithmetical problem. We discuss existence of such
bent functions using Fermat hypersurface and LangWeil
estimations.
 On the diffusion property of iterated functions. J.
Liu, S. Mesnager and L. Chen. Proceedings of the fifteenth
International Conference on Cryptography and Coding, Oxford, United
Kingdom, IMACC 2015, Pages 239253, LNCS, Springer, Heidelberg,
2015.
Abstract :
For vectorial Boolean functions, the behavior of iteration has
consequence in the diffusion property of the system. We present a
study on the diffusion property of iterated vectorial Boolean
functions. The measure that will be of main interest here is the
notion of the degree of completeness, which has been suggested by
the NESSIE project. We provide the first (to the best of our
knowledge) two constructions of $(n,n)$functions having perfect
diffusion property and optimal algebraic degree. We also obtain
the complete enumeration results for the constructed functions.
 Bent and semibent functions via linear translators.
N. Kocak, S. Mesnager and F. Ozbudak. Proceedings of the fifteenth
International Conference on Cryptography and Coding, Oxford, United
Kingdom, IMACC 2015, Pages 205224, LNCS, Springer, Heidelberg,
2015.
Abstract :
This paper is dealing with two important subclasses of plateaued
functions in even dimension: bent and semibent functions. In the
first part of the paper, we construct mainly bent and semibent
functions in MaioranaMcFarland class using Boolean functions
having linear structures (linear translators) systematically.
Although most of these results are rather direct applications of
some recent results, using linear structures (linear translators)
allows us to have certain flexibilities to control extra
properties of these plateaued functions. In the second part of the
paper, using the results of the first part and exploiting these
flexibilities, we modify many secondary constructions. Therefore,
we obtain new secondary constructions of bent and semibent
functions not belonging to MaioranaMcFarland class. Instead of
using bent (semibent) functions as ingredients, our secondary
constructions use only Boolean (vectorial Boolean) functions with
linear structures (linear translators) which are very easy to
choose. Moreover, all of them are very explicit and we also
determine the duals of the bent functions in our constructions. We
show how these linear structures should be chosen in order to
satisfy the corresponding conditions coming from using derivatives
and quadratic/cubic functions in our secondary constructions.
 Results on characterizations of plateaued functions in
arbitrary characteristic. S. Mesnager, F. Ozbudak and A.
Sinak. Proceedings of BalkanCryptSec 2015, LNCS 9540, Springer,
pages 1730, 2015.
Abstract :
Bent and plateaued functions play a significant role in
cryptography since they can possess various desirable
cryptographic characteristics. We provide the characterizations of
bent and plateaued functions in arbitrary characteristic in terms
of their secondorder directional dierences. Moreover, we present
a new characterization of plateaued functions in arbitrary
characteristic in terms of fourth power moments of their Walsh
transforms. Furthermore, we give a new proof of the
characterization of vectorial bent functions in arbitrary
characteristic. Finally, we also present new characterizations of
vectorial splateaued functions in arbitrary characteristic.
 On involutions of finite fields. P. Charpin, S.
Mesnager and S. Sarkar. Proceedings of 2015 IEEE International
Symposium on Information Theory, ISIT 2015, HongKong, 2015.
Abstract :
In this paper we study involutions over a finite field of order
$2^n$. We present some classes, several constructions of
involutions and we study the set of their fixed points.
 Cyclic codes and algebraic immunity of Boolean functions.
S. Mesnager and G. Cohen. Proceedings of the IEEE Information Theory
Workshop (ITW) 2015, Jerusalem, Israel, 2015.
Abstract :
Since 2003, algebraic attacks have received a lot of attention in
the cryptography literature. In this context, algebraic immunity
quantifies the resistance of a Boolean function to the standard
algebraic attack of the pseudorandom generators using it as a
nonlinear Boolean function. A high value of algebraic immunity is
now an absolutely necessary cryptographic criterion for a
resistance to algebraic attacks but is not sufficient, because of
more general kinds of attacks socalled Fast Algebraic Attacks. In
view of these attacks, the study of the set of annihilators of a
Boolean function has become very important. We show that studying
the annihilators of a Boolean function can be translated into
studying the codewords of a linear code. We then explain how to
exploit that connection to evaluate or estimate the algebraic
immunity of a cryptographic function. Direct links between the
theory of annihilators used in algebraic attacks and coding theory
are established using an atypical univariate approach.
 Variations on Minimal Linear Codes. G. Cohen and S.
Mesnager. Proceedings of the 4th International Castle Meeting on
coding theory and Application. Series: CIM Series in Mathematical
Sciences, Vol. 3, SpringerVerlag, pages 125131, 2015.
Abstract :
Minimal linear codes are linear codes such that the support of
every codeword does not contain the support of another linearly
independent codeword. Such codes have applications in
cryptography, e.g. to secret sharing. We pursue here their study
and construct asymptotically good families of minimal linear
codes. We also push further the study of quasiminimal and
almostminimal linear codes, relaxations of the minimal linear
codes.
 Characterizations of plateaued and bent functions in
characteristic $p$. S. Mesnager, Proceedings of the 8th
International Conference on SEquences and Their Applications (SETA
2014), Melbourne, Australia, LNCS, Springer, pages 7282, 2014.
Abstract :
We characterize bent functions and plateaued functions in terms of
moments of their Walsh transforms. We introduce in any
characteristic the notion of directional difference and establish
a link between the fourth moment and that notion. We show that
this link allows to identify bent elements of particular families.
Notably, we characterize bent functions of algebraic degree $3$.
 On semibent functions and related plateaued functions
over the Galois field $F_{2^n}$. S. Mesnager. Proceedings
"Open Problems in Mathematics and Computational Science", LNCS,
Srpinger, pages 243273, 2014.
Abstract :
Plateaued functions have been introduced in 1999 by Zheng and
Zhang as good candidates for designing cryptographic functions
since they possess desirable various cryptographic
characteristics. They are defined in terms of the WalshHadamard
spectrum. Plateaued functions bring together various nonlinear
characteristics and include two important classes of Boolean
functions defined in even dimension: the wellknown bent functions
and the semibent functions. Bent functions (including their
constructions) have been extensively investigated for more than 35
years. Very recently, the study of semibent functions has
attracted the attention of several researchers. Many progresses in
the design of such functions have been made. The paper is devoted
to certain plateaued functions. The focus is particularly on
semibent functions defined over the Galois field $\GF n$ ($n$
even). We review what is known in this framework and investigate
constructions.
 A note on linear codes and algebraic immunity of Boolean
functions. S. Mesnager. Proceedings of the 21st International
Symposium on Mathematical Theory of Networks and Systems (MTNS
2014), Invited session "Coding Theory: Coding for Security", pages
923927, Groningen, the Netherlands, 2014
Abstract :
Since 2003, Algebraic Attacks have received a lot of attention in
the cryptography literature. In this context, algebraic immunity
quantifies the resistance of a Boolean function to the standard
algebraic attack of the pseudorandom generators using it as a
nonlinear Boolean function. A high value of algebraic immunity is
now an absolutely necessary cryptographic criterion for a
resistance to algebraic attacks but is not sufficient, because of
a more general kind of attacks so called Fast Algebraic Attacks.
In view of these attacks, the study of the set of annihilators of
a Boolean function has become very important. We show that
studying the annihilators of a Boolean function can be translated
in studying the codewords of a linear code. We then explain how to
exploit that connection to evaluate or estimate the algebraic
immunity of a cryptographic function.
 Implementation of Faster Miller over BarretoNaehrig
Curves in Jacobian Cordinates. A. Mrabet Amine, B. Bouallegue,
M. Machhout, N. EL Mrabet ans S. Mesnager. Proceedings of GSCIT
IEEE, pages 16, 2014.
Abstract :
Few years ago, cryptography based on elliptic curves was
increasingly used in the field of security. It has also gained a
lot of importance in the academic community and industry. This is
particularly due to the high level of security that it offers with
relatively small size of the keys, in addition to its ability to
the construction of original protocols which are characterized by
high efficiency. Moreover, it is a technique of great interest for
hardware and software implementation. Pairingfriendly curves are
important for speeding up the arithmetic calculation of pairing on
elliptic curves such as the BarretoNaehrig (BN) curves that
arguably constitute one of the most versatile families. In this
paper, the proposed architecture is designed for field
programmable gate array (FPGA) platforms. We present
implementation results of the Miller’s algorithm of the optimal
ate pairing targeting the 128bit security level using such a
curve BN defined over a 256bit prime field. And we present also a
fast formulas for BN ellipticcurve addition and doubling. Our
architecture is able to compute the Miller’s algorithm in just
638337 of clock cycles.
 On Minimal and AlmostMinimal Linear Codes, G. Cohen
and S. Mesnager, Proceedings of the 21st International Symposium on
Mathematical Theory of Networks and Systems (MTNS 2014), Invited
session "Coding Theory: Coding for Security", pages 928931,
Groningen, the Netherlands, 2014.
Abstract :
Minimal linear codes are such that the support of every codeword
does not contain the support of another linearly independent
codeword. Such codes have applications in cryptography, e.g. to
secret sharing and secure twoparty computations. We pursue here
the study of minimal codes and construct infinite families with
asymptotically nonzero rates. We also introduce a relaxation to
almost minimal codes, where a fraction of codewords is allowed to
violate the minimality constraint. Finally, we construct new
minimal codes based on hyperovals.
 Semibent functions from oval polynomials, S.
Mesnager, Proceedings of Fourteenth International Conference on
Cryptography and Coding, Oxford, United Kingdom, IMACC 2013, LNCS
8308, pages. 115. Springer, Heidelberg, 2013.
Abstract :
Although there are strong links between finite geometry and coding
theory (it has been proved since 1960's that all these connections
between the two areas are important from theoretical point of view
and for applications), the connections between finite geometry and
cryptography remains little studied. In 2011, Carlet and Mesnager
have showed that projective finite geometry can also be useful in
constructing significant cryptographic primitives such as
plateaued Boolean functions. Two important classes of plateaued
Boolean functions are those of bent functions and of semibent
functions, due to their algebraic and combinatorial properties. In
this paper, we show that oval polynomials (which are closely
related to the hyperovals of the projective plane) give rise to
several new constructions of infinite classes of semibent Boolean
functions in even dimension.
 On Minimal and quasiminimal linear codes, G. Cohen,
S. Mesnager and A. Patey, Proceedings of Fourteenth International
Conference on Cryptography and Coding, Oxford, United Kingdom, IMACC
2013, LNCS 8308, pages 8598. Springer, Heidelberg, 2013.
Abstract :
Minimal linear codes are linear codes such that the support of
every codeword does not contain the support of another linearly
independent codeword. Such codes have applications in
cryptography, e.g. to secret sharing. We here study minimal codes,
give new bounds and properties and exhibit families of minimal
linear codes. We also introduce and study the notion of
quasiminimal linear codes, which is a relaxation of the notion of
minimal linear codes, where two nonzero codewords have the same
support if and only if they are linearly dependent.
 Bent and hyperbent functions via Dillonlike exponents,
S. Mesnager and J.P. Flori, ISIT 2012IEEE Internaional Symposium on
Information Theory, IMT, Cambridge, MA, USA, July 2012.
Abstract :
This paper is devoted to hyperbent functions with multiple trace
terms (including binomial functions) via Dillonlike exponents. We
show how the approach developed by Mesnager to extend the
Charpin–Gong family and subsequently extended by Wang et al. fits
in a much more general setting. To this end, we first explain how
the original restriction for Charpin–Gong criterion can be
weakened before generalizing the Mesnager approach to arbitrary
Dillonlike exponents. Afterward, we tackle the problem of
devising infinite families of extension degrees for which a given
exponent is valid and apply these results not only to reprove
straightforwardly the results of Mesnager and Wang et al., but
also to characterize the hyperbentness of new infinite classes of
Boolean functions.
 Semibent functions with multiple trace terms and
hyperelliptic curves.S. Mesnager, Proceeding of International
Conference on Cryptology and Information Security in Latin America,
Latincrypt 2012, LNCS 7533, Springer, pages 1836, 2012.
Abstract :
Semibent functions with even number of variables are a class of
important Boolean functions whose Hadamard transform takes three
values. Semibent functions have been extensively studied due to
their applications in cryptography and coding theory. In this
paper we are interested in the property of semibentness of
Boolean functions defined on the Galois field $\GF n$ (n even)
with multiple trace terms obtained via Niho functions and two
Dillonlike functions (the first one has been studied by the
author and the second one has been studied very recently by Wang
et al. using an approach introduced by the author). We
subsequently give a connection between the property of
semibentness and the number of rational points on some associated
hyperelliptic curves. We use the hyperelliptic curve formalism to
reduce the computational complexity in order to provide an
efficient test of semibentness leading to substantial practical
gain thanks to the current implementation of point counting over
hyperelliptic curves.
 Niho Bent Functions and Subiaco/Adelaide Hyperovals,
T. Helleseth, A. Kholosha and S. Mesnager, Proceedings of the 10th
International Conference on Finite Fields and Their Applications
(Fq'10), Contemporary Math., AMS, 2012. Vol 579, pages 91101, 2012.
Abstract :
In this paper, the relation between binomial Niho bent functions
discovered by Dobbertin et al. and opolynomials that give rise to
Subiaco class of hyperovals is found. This allows to expand the
original class of bent functions in the case when $m \equiv 2 (mod
4)$. These results provide an interesting connection between
Hadamard and cyclic difference sets.
 Dickson polynomials, hyperelliptic curves and hyperbent
functions, J.P. Flori and S. Mesnager, Proceedings of 7th
International conference SEquences and Their Applications, SETA
2012, Waterloo, Canada. LNCS 7780, pages 4052, Springer, 2012.
Abstract :
In this paper, we study the action of Dickson polynomials on
subsets of finite fields of even characteristic related to the
trace of the inverse of an element and provide an alternate proof
of a not so wellknown result. Such properties are then applied to
the study of a family of Boolean functions and a characterization
of their hyperbentness in terms of exponential sums recently
proposed by Wang et al. Finally, we extend previous works of
Lisonek and Flori and Mesnager to reformulate this
characterization in terms of the number of points on hyperelliptic
curves and present some numerical results leading to an
interesting problem.
 On Dillon class H of Niho bent functions and
opolynomials C. Carlet and S. Mesnager, Symposium on
Artificial Intelligence and Mathematics (ISAIM 2012), Fort
Lauderdale, Floride, USA, January 2012.
Abstract :
This extended abstract is a reduced version of the paper (Carlet
and Mesnager 2011). We refer to this paper for the proofs and for
complements.
 Binary Kloosterman sums with value 4, J. P Flori, S.
Mesnager and G.Cohen. Proceedings of Thirteenth International
Conference on Cryptography and Coding, Oxford, United Kingdom, IMACC
2011, LNCS 7089 pages 6178, Springer, 2011.
Abstract :
Kloosterman sums have recently become the focus of much research,
most notably due to their applications in cryptography and their
relations to coding theory. Very recently Mesnager has showed that
the value 4 of binary Kloosterman sums gives rise to several
infinite classes of bent functions, hyperbent functions and
semibent functions in even dimension. In this paper we analyze
the different strategies used to find zeros of binary Kloosterman
sums to develop and implement an algorithm to find the value 4 of
such sums. We then present experimental results showing that the
value 4 of binary Kloosterman sums gives rise to bent functions
for small dimensions, a case with no mathematical solution so far.
 Sphere coverings and identifying codes, D. Auger,
G.Cohen. and S. Mesnager, Proceeding of 3rd International Castle
Meeting on coding theory and Application (3ICMTA), Barcelona, Spain,
September 2011.
Abstract :
In any connected, undirected graph $G=(V,E)$, the {\it distance}
$d(x,y)$ between two vertices $x$ and $y$ of $G$ is the minimum
number of edges in a path linking $x$ to $y$ in $G$. A {\it
sphere} in $G$ is a set of the form $S_r(x) = \{ y \in V :
d(x,y)=r \},$ where $x$ is a vertex and $r$ is a nonnegative
integer called the {\it radius} of the sphere. We first address in
this paper the following question : What is the minimum number of
spheres with fixed radius $r \geq 0$ required to cover all the
vertices of a finite, connected, undirected graph $G$ ? We then
turn our attention to the Hamming Hypercube of dimension $n$, and
we show that the minimum number of spheres {\it with any radii}
required to cover this graph is either $n$ or $n+1$, depending on
$n \mod 2$. We also relate the two above problems to other
questions in combinatorics, in particular to identifying codes.
 On the dual of bent functions with 2^r Niho exponents,
C. Carlet, T. Helleseth, A. Kholosha and S. Mesnager, IEEE
International Symposium on Information Theory, ISIT 2011, pages
703707. SaintPetersturg, Russia, Julyaugust 2011.
Abstract :
Computed is the dual of the Niho bent function consisting of $2^r$
exponents that was found by Leander and Kholosha. The algebraic
degree of the dual is calculated and it is shown that this new
bent function is not of the Niho type. This note is a followup of
the recent paper by Carlet and Mesnager.
 Generalized witness sets, G. Cohen and S. Mesnager,
Proceeding of International Conference on Data Compression,
Communication and Processing CCP 2011, Italy, pages 2124, 2011.
Abstract :
Given a set C of qary ntuples and c in C, how many symbols of c
suffice to distinguish it from the other elements in C? This is a
generalization of an old combinatorial problem, on which we
present (asymptotically tight) bounds and variations.
 On the link of some semibent functions with Kloosterman
sums, S. Mesnager and G. Cohen, Proceeding of International
Workshop on Coding and Cryptology, IWCC 2011, LNCS 6639, pages.
263272, Springer, Heidelberg, 2011.
Abstract :
We extensively investigate the link between the semibentness
property of some functions in polynomial forms and Kloosterman
sums.
 On a conjecture about binary strings distribution,
JP. Flori, H. Randriambololona, G. Cohen and S. Mesnager,
Proceedings of 6th International conference SEquences and Their
Applications, SETA 2010, Paris, France, SETA 2010, LNCS 6338, pages
346358. Springer, Heidelberg, 2010.
Abstract :
It is a diﬃcult challenge to ﬁnd Boolean functions used in stream
ciphers achieving all of the necessary criteria and the research
of such functions has taken a signiﬁcant delay with respect to
crypt analyses. Very recently, an inﬁnite class of Boolean
functions has been proposed by Tu and Deng having many good
cryptographic properties under the assumption that the following
combinatorial conjecture about binary strings is true: Conjecture.
Let $S_{t,k}$ be the following set: $S_{t,k}=\{(a,b) \in
\left(\Zk\right)^2  a + b = t and w(a) + w(b) < k}$. Then the
size of $S_{t,k}$ is less or equal to $2^{k1}$. The main
contribution of the present paper is the reformulation of the
problem in terms of carries which gives more insight on it than
simple counting arguments. Successful applications of our tools
include explicit formulas of the cardinality of $S_{t,k}$ for
numbers whose binary expansion is made of one block, a proof that
the conjecture is asymptotical ly true and a proof that a family
of numbers (whose binary expansion has a high number of 1s and
isolated 0s) reaches the bound of the conjecture. We also
conjecture that the numbers in that family are the only ones
reaching the bound.
 Recent Results on Bent and Hyperbent Functions and Their
Link With Some Exponential Sums, S. Mesnager, IEEE Information
Theory Workshop (ITW 2010), Dublin, AugustSeptember 2010.
Abstract :
Bent functions are maximally nonlinear Boolean functions with an
even number of variables. They were introduced by Rothaus in 1976.
For their own sake as interesting combinatorial objects, but also
because of their relations to coding theory (ReedMuller codes)
and applications in cryptography (design of stream ciphers), they
have attracted a lot of research, specially in the last 15 years.
The class of bent functions contains a subclass of functions,
introduced by Youssef and Gong in 2001, the socalled hyperbent
functions whose properties are still stronger and whose elements
are still rarer than bent functions. Bent and hyperbent functions
are not classified. A complete classification of these functions
is elusive and looks hopeless. So, it is important to design
constructions in order to know as many of (hyper)bent functions
as possible. This paper is devoted to the constructions of bent
and hyperbent Boolean functions in polynomial forms. We survey
and present an overview of the constructions discovered recently.
We extensively investigate the link between the bentness property
of such functions and some exponential sums (involving Dickson
polynomials)
 Hyperbent Boolean functions with multiple trace terms,
S. Mesnager, Proceedings of International Workshop on the Arithmetic
of Finite Fields, WAIFI 2010, LNCS 6087, pages. 97113. Springer,
Heidelberg (2010).
Abstract :
Bent functions are maximally nonlinear Boolean functions with an
even number of variables. These combinatorial objects, with
fascinating properties, are rare. The class of bent functions
contains a subclass of functions the socalled hyperbent
functions whose properties are still stronger and whose elements
are still rarer. In fact, hyperbent functions seem still more
difficult to generate at random than bent functions and many
problems related to the class of hyperbent functions remain open.
(Hyper)bent functions are not classified. A complete
classification of these functions is elusive and looks hopeless.
In this paper, we contribute to the knowledge of the class of
hyperbent functions on finite fields $\GF n$ (where $n$ is even)
by studying a subclass $\mathfrak {F}_n$ of the socalled Partial
Spreads class $PS^$ (such functions are not yet classified, even
in the monomial case). Functions of $\mathfrak {F}_n$ have a
general form with multiple trace terms. We describe the hyperbent
functions of $\mathfrak {F}_n$ and we show that the bentness of
those functions is related to the Dickson polynomials. In
particular, the link between the Dillon monomial hyperbent
functions of $\mathfrak {F}_n$ and the zeros of some Kloosterman
sums has been generalized to a link between hyperbent functions
of $\mathfrak {F}_n$ and some exponential sums where Dickson
polynomials are involved. Moreover, we provide a possibly new
infinite family of hyperbent functions. Our study extends recent
works of the author and is a complement of a recent work of
Charpin and Gong on this topic.
 A new family of hyperbent Boolean functions in
polynomial form, S. Mesnager, Proceedings of Twelfth
International Conference on Cryptography and Coding. Cirencester,
United Kingdom, IMACC 2009, LNCS 5921, pages 402417. Springer,
Heidelberg (2009).
Abstract :
Bent functions are maximally nonlinear Boolean functions and exist
only for functions with even number of inputs. These combinatorial
objects, with fascinating properties, are rare. The class of bent
functions contains a subclass of functions the socalled
hyperbent functions whose properties are still stronger and whose
elements are still rarer. (Hyper)bent functions are not
classified. A complete classification of these functions is
elusive and looks hopeless. So, it is important to design
constructions in order to know as many of (hyper)bent functions
as possible. Few constructions of hyperbent functions defined
over the Galois field $\GF{n}$ ($n = 2m$) are proposed in the
literature. The known ones are mostly monomial functions.\\ This
paper is devoted to the construction of hyperbent functions. We
exhibit an infinite class over $\GF{n}$ ($n=2m$, $m$ odd) having
the form $f(x) = \tr {o(s_1)} (a x^ {s_1}) + \tr {o(s_2)} (b
x^{s_2})$ where $o(s_i$) denotes the cardinality of the cyclotomic
class of $2$ modulo $2^n1$ which contains $s_i$ and whose
coefficients $a$ and $b$ are, respectively in $\GF{{o(s_1)}}$ and
$\GF{{o(s_2)}}$. We prove that the exponents $s_1={3(2^m1)}$ and
$s_2={\frac {2^n1}3}$, where $a\in\GF{n}$ ($a\not=0$) and
$b\in\GF[4]{}$ provide a construction of hyperbent functions over
$\GF{n}$ with optimum algebraic degree. We give an explicit
characterization of the bentness of these functions, in terms of
the Kloosterman sums and the cubic sums involving only the
coefficient $a$.
 A new class of bent Boolean functions in polynomial forms,
S. Mesnager, Proceedings of international Workshop on Coding and
Cryptography, WCC 2009, pages 518, Ullensvang, Norway.
Abstract :
Bent functions are maximally nonlinear Boolean functions and exist
only for functions with even number of inputs. This paper is a
contribution to the construction of bent functions over $\GF{n}$
($n=2m$) having the form $f(x) = \tr {o(s_1)} (a x^ {s_1}) + \tr
{o(s_2)} (b x^{s_2})$ where $o(s_i$) denotes the cardinality of
the cyclotomic class of 2 modulo $2^n1$ which contains $s_i$ and
whose coefficients $a$ and $b$ are, respectively in
$F_{2^{o(s_1)}}$ and $F_{2^{o(s_2)}}$. Many constructions of
monomial bent functions are presented in the literature but very
few are known even in the binomial case. We prove that the
exponents $s_1=2^{\frac n2}1$ and $s_2={\frac {2^n1}3}$, where
$a\in\GF{n}$ ($a\not=0$) and $b\in\GF[4]{}$ provide a construction
of bent functions over $\GF{n}$ with optimum algebraic degree. For
$m$ odd, we give an explicit characterization of the bentness of
these functions, in terms of the Kloosterman sums. For $m$ even,
we give a necessary condition in terms of these Kloosterman sums.
 Secret sharing schemes based on selfdual codes, S.
T. Dougherty, P. Solé and S. Mesnager, IEEE Information Theory
Workshop (ITW 2008), Porto, Portugal 59 May 2008.
Abstract :
Secret sharing is an important topic in cryptography and has
applications in information security. We use selfdual codes to
construct secretsharing schemes. We use combinatorial properties
and invariant theory to understand the access structure of these
secretsharing schemes. We describe two techniques to determine
the access structure of the scheme, the first arising from design
properties in codes and the second from the Jacobi weight
enumerator, and invariant theory.
 On immunity profile of Boolean functions, C. Carlet,
P. Guillot and S. Mesnager, Proceedings of SEquences and Their
Applications, SETA 2006, Beging, China. Lecture Notes in Computer
Science, pages 364375, 2006, Springer.
Abstract :
The notion of resilient function has been recently weakened to
match more properly the features required for Boolean functions
used in stream ciphers. We introduce and we study an alternate
notion of almost resilient function. We show that it corresponds
more closely to the requirements that make the cipher more
resistant to precise attacks.
 On the Walsh support of Boolean functions, C. Carlet
and S. Mesnager, Proceedings of the first workshop on Boolean
functions: Cryptography and Applications, BFCA'05, Rouen, France,
March 2005, pages 6582.
Abstract :
In this paper, we study, in relationship with covering sequences,
the structure of those subsets of $\V {n}$ which can be the Walsh
supports of Boolean functions.
 Nonlinearity and security of self synchronizing Stream
Ciphers, P.Guillot and S. Mesnager, International Symposium on
Nonlinear Theory and its Applications, NOLTA 2005, Bruges, Belgum,
October 2005.
Abstract :
Several chaos based ciphers has been proposed that exploit the
ergodic property of chaotic orbits. As chaotic systems are
unstable and have sensitive dependence on initial conditions, the
main difficulty for the receiver is to reproduce the chaotic
signal that has been generated by the sender in order to correctly
decrypt the message. This is performed by a self synchronizing
device. In discrete cryptography, the closest scheme is the so
called self synchronizing stream cipher (SSSC). After recalling
general security models for assessing cryptographic algorithms, we
present SSSC scheme and two examples of cryptanalysis. In order to
resist to theses attacks, the ciphering function must satisfy high
non linearity properties which are presented.
 Improving the upper bounds on the covering radii of
ReedMuller codes, C. Carlet and S. Mesnager, IEEE
International Symposium on Information Theory, ISIT 2005, Australia,
September 2005.
Abstract :
By deriving bounds on character sums of Boolean functions and by
using the characterizations, due to Kasami and Tokura, of those
elements of the ReedMuller codes whose Hamming weights are
smaller than twice the minimum distance, we derive an improved
upper bound on the covering radius of the ReedMuller code of
order 2, and we deduce improved upper bounds on the covering radii
of the ReedMuller codes of higher orders.
 Test of monomorphism for finitely generated morphisms
between affine schemes. S. Mesnager, Proceedings of the sixth
workshop on Computer Algebra in Scientific Computing, CASC'04, Euler
International Mathematical Institute, SaintPétersbourg, July 2004,
pages 348357.
Abstract :
In this paper, we give algorithmic criterion for morphisms of
finite type between affine schemes to be a monomorphism. As side
results, this paper also contains an algorithmic test for
separability and an algorithmic criterion for ``radiciality'' in
the sense of Grothendieck.
Books and Chapters of books:
(in reverse chronological order)
 "Linear codes from functions" S. Mesnager, Chapitre
20 in A
Concise Encyclopedia of Coding Theory Press/Taylor and Francis
Group (Publisher) London, New York, 2021 (94 pages).
 "Direct Sum Masking as a Countermeasure to SideChannel
and Fault Injection Attacks" C. Carlet, S. Guiley and S.
Mesnager, Chapitre dans Security and Privacy in the Internet of
Things 2019 : 148166, 2019.
 "Construction of Efficient Codes for HighOrder Direct
Sum Masking" C. Carlet, S. Guilley, C. Guneri, S. Mesnager and
F. Ozbudak, Chapitre dans Security and Privacy in the Internet of
Things 2019 : 108128, 2019.
 Book
"Bent functions: fundamentals and results", S. Mesnager,
Springer, Switzerland, 2016.
 Book "Arithmetic of Finite Fields, Ç. K. Koç, S.
Mesnager and E. Savaş, 5th International Workshop, WAIFI 2014,
Volume 9061, pages 1213, Springer, 2015.
 Book "Finite fields and coding theory", S. Mesnager,
Pearson Education, 2007 (In french).
Chair program committee of international
conferences
 Cochair and organizer (with Claude Carlet) of the
International Castle Meeting on Coding Theory and
Applications" 2023, Florence, Italy.
 Cochair and organizer (with Zhengchun Zhou) of the
international conference WAIFI 2022 (Workshop on the
Arithmetic of Finite Fields), Chengdu, China.
 Cochair and organizer of the international
conference in Finite Fields and Their Applications, Paris,
France, 1317 June 2022.
 Cochair (with Kojima Tetsuya and Kwang Soon Kim) of
the international conference IWSDA 2022 (The 10th
International Workshop on Signal Design and its Applications
in Communications), August 15, 2022, United Kingdom.
 Cochair the International Conference on Security and Privacy (ICSP 2021),
Jamshedpur India, November 1617, 2021.
 Coorganizer (with Hugues Randriambololona and
Gilles Zemor) of the conférence "Codes and combinatorics", 45
July 2016 at Telecom Paris, Paris, France.
 General chair of the conference ICCC 2015 ,International
Conference on Coding and Cryptography, Algiers,
Algeria, 25 November 2015.
 Cochair (with Ilias Kosterias and Kenza Guenda) of
session's program "Computational aspects and mathematical
methods for finite field and their applications in information
theory" in the conference ACA 2015 ,
International Conference on Applications of Computer
Algebra, Kalamata, Greece, 2023 July 2015.
 Cochair (with Erkay Savas) of program comitties
WAIFI 2014 ,International
Workshop on the Arithmetic of Finite Fields, Gebze,
Turkey, 2628 September 2014.
Participation in program committees of
international conferences
 Member of program comitties of the international
conference 12th International Workshop on Coding and
Cryptography (WCC 2022), March 711 2022, Rostock,
Germany.
 Member of program comitties of the
international conference The 6th International Workshop
on Boolean Functions and their Applications" (BFA 2021),
Granada, Spain, September 610, 2021.
 Member of program comitties of
International Conference International Workshop on
Trusted Smart Contracts (WTSC 2021), Grenada, March
2021.
 Member of program comitties of
International Conference on Security and Privacy
(ICSP 2020), India, 0506, November 2020.
 Member of program comitties of
the 5th International Conference on Computer
and Communication System, Shanghai, China,
May 1517, 2020.
 Member of program comitties of
11th International Conference on SEquences
and Their Applications (SETA 2020),
SaintPetersburg, Russia, 2225 September
2020.
 Member of program comitties
of the International conference
"Workshop on Trusted Smart Contracts"
WTSC20 , February 14, 2020.
 Member of program comitties
of the International Workshop on the
Arithmetic of Finite Fields " (WAIFI
2020) Rennes, France, July 68, 2020.
 Member of program
comitties of the 5th,
International Workshop on Boolean
Functions and their Applications"
(BFA 2020) Granada, Spain May
2529, 2020.
 Member of program
comitties of the International
conference "Workshop on Trusted
Smart Contracts" WTSC19, 2019.
 Member of program
comitties of the 3rd
international conference
C2SI2019 " International
Conference on Codes,
Cryptology and Information
Security", Rabat, Maroc, April
2224, 2019.
 Member of
program comitties of C2
codes and cryptography,
France, October 2018.
 Member of
program comitties of
the 10th,
International Workshop
on Coding and
Cryptography (WCC
2017) St
Petersburg, Russia,
1822 September 2017.
 Member of
program comitee of
international Castle
Meeting on Coding
Theory and
Applications", 5ICMCTA
,"5th International
Castle Meeting on
Coding Theory and
Applications"
Estonia,
AugustSeptember 2017.
 Member of
program comitties of
the Second,
International
Conference "Codes,
Cryptology and
Information
Security" Rabat,
Morocco, 1012, April
2017.
 Member
of program
comitties of 9th
International
Conference on
SEquences and
Their Applications
(SETA 2016),
Chengdu, China
914 October 2016.
 Member
of program
comitties of International
Workshop on the
Arithmetic of
Finite (WAIFI
2016)
Fields, Ghent,
Belgium, 1316
July 2016.
 Member
of program
comitties of 2sd
International
Conference on
Cryptography
and its
Applications
ICCA 2016 UST,
Oran, Algeria
2627 April
2016.

Member of
program
comitties of
the 9th ,
International
Workshop on
Coding and
Cryptography ,
9th
International
Workshop on
Coding and
Cryptography
(WCC 2015)
Paris, France
1317 April
2015.
 Member
of program
comitties of ,
International
Workshop on
the Arithmetic
of Finite
Fields
Gebze, Turkey,
2628
September
2014.

Member of
program
comitties of
the 8th
International
Conference on
SEquences and
Their
Applications SETA
2014, "8th
International
Conference on
SEquences and
Their
Applications"
Melbourne,
Australia,
2428 november
2014.
 Member
of program
comitties of
the 4th
International
Workshop
Castle Meeting
on Coding
Theory and
Applications",
4ICMCTA
, "4th
International
Castle Meeting
on Coding
Theory and
Applications"
Pamela,
Portugal 1518
September
2014.
 Member
of program
comitties of
the 8th
International
Workshop on
Coding and
Cryptography WCC
2013, "8th
International
Workshop on
Coding and
Cryptography"
Bergen, Norwey
1519 April
2013.
 Member
of program
comitties of
the 7th
International
Workshop on
Coding and
Cryptography WCC
2011,"7th
International
Workshop on
Coding and
Cryptography"
Paris, France,
1115 April
2011.
 Member
of program
comitties of
the 6th
International
Conference on
SEquences and
Their
Applications SETA
2010,"6th
International
Conference on
SEquences and
Their
Applications"
Paris, France,
1217
september
2010.
 Member
of program
comitties of
the 2sd
African
International
Conference on
Cryptology Africacrypt
2009,"2sd
African
International
Conference on
Cryptology "
Gammarth,
Tunisia, 2125
june 2009.
Member of Steering Committee
 International Workshop on the Arithmetic of
Finite Fields
Editorial responsibility
 Editor in Chief (with Prof. Jintai Ding) of
the international Journal Advances
in Mathematics of Communications (AMC)Published
by AIMS (American Institute of Mathematical Sciences).
 Editor in Chief of the international journal "International
Journal of Information and Coding Theory" (IJOCT).
 Editor in the international journal
IEEE Transactions on Information Theory (IEEEIT).
 Editor in the international journal Cryptography
and Communications Discrete Structures, Boolean
Functions and Sequences (CCDS)Published par
Springer.
 Editor in the international journal RAIRO
ITA (Theoretical Informatics and Applications) Published
by Cambridge University Press.
 Editor in the international journal Computer
Mathematics: Computer Systems Theory (IJCMTCOM)
Published BY Taylor Francis.
Editor of Special Issues in
international journals
 International Journal IEEEInformation
Theory: Special Issue dedicated to V. I. Levenshtein,
2021.
 International Journal Cryptography and
Communications Discrete Structures, Boolean Functions, and
Sequences (CCDS): Special Issue: "Contemporary
interactions between codes, cryptographic functions and/or
sequences, 20212022.
 International Journal of mathematics:
Special Issue "The Cryptography of Cryptocurrency",
20202021.
 International Journal of Computer
Mathematics (IJCMCST): Special Issue: "Mathematics of
Cryptography and Coding in the Quantum Era", 20202021.
Talks
International conferences
(in reverse chronological order)
 On constructions of weightwise perfectly
balanced functions, International Workshop on
Boolean Functions and Their Applications (BFA 2020)
 Strongly Regular Graphs from Weakly Regular
Plateaued Functions, International Conference
"the 9th International Workshop on Signal Design and
its Applications in Communications " (IWSDA'19), China
2019.
 Constructions of optimal locally
recoverable codes via Dickson polynomials,
International conference Finite field and their
Applications Fq13, 2019, Vancouver, Canada.
 Constructions of optimal locally
recoverable codes via Dickson polynomials,
International conference The Eleventh International
Workshop on Coding and Cryptography" (WCC 2019), 2019,
Saint Malo, France
 Generalized plateaued functions and
admissible (plateaued) functions, International
conference Workshop on Boolean Functions and Their
Applications(BFA 2017), 2017, Solstrand, Norway.
 On the nonlinearity of Boolean functions
with restricted input, International conference
Finite field and their Applications Fq13, 2017 Gaeta,
Italy.
 On constructions of bent functions from
involutions, IEEE International Symposium on
Information Theory (ISIT 2016) at Barcelona , Spain,
July 2016.
 On construction of bent functions
involving symmetric functions and their duals,
International Conference "Workshop on Mathematics in
Communications (WMC 2016), Santander, Spain, July
2016.
 Fast algebraic immunity of Boolean
functions, International Conference "Workshop on
Mathematics in Communications (WMC 2016), Santander,
Spain, July 2016.
 Explicit constructions of bent functions
from pseudoplanar functions, International
Conference "Workshop on Mathematics in Communications
(WMC 2016), Santander, Spain, July 2016.
 On constructions of bent, semibent and
five valued spectrum functions from old bent
functions, International Conference "Workshop on
Mathematics in Communications (WMC 2016), Santander,
Spain, July 2016.
 On the diffusion property of iterated
functions, International Conference on
Cryptography and Coding, Oxford, United Kingdom,
December 2015.
 On pary bent functions from (maximal)
partial spreads, International Conference Finite
field and their Applications Fq12, New York, July
2015.
 Dickson Polynomials that are Involutions,
International Conference Finite field and their
Applications Fq12, New York, July 2015.
 On involutions of finite fileds,
International conference International Symposium on
Information Theory (ISIT 2015), HongKong, China, June
2015.
 Cyclic codes and Algebraic immunity of
Boolean functions, International conference IEEE
Workshop Information Theory (ITW 2015), Jerusalem,
Israel, April 2015.
 Characterizations of plateaued and bent
functions in characteristic p, International
conference 8th International Conference on SEquences
and Their Applications (SETA 2014), Melbourne,
Australia, November 2014.
 Semibent functions from oval polynomials.
International conference on Cryptography and Coding
IMACC 2013, Oxford, United Kingdom, December 2013.
 Bent functions from spreads.
International conference on Finite Fields and their
Applications, Fq11, Magdeburg, Germany, July 2013.
 Semibent functions with multiple trace
terms and hyperelliptic curves International
conference on Cryptology and Information Security in
Latin America (Latincrypt) 2012 Santiago, Chili,
October 2012.
 Bent and hyperbent functions via
Dillonlike exponents. International conference,
Yet Another Conference on Cryptography (YACC) 2012.
Porquerolles Isaland, France, September 2012.
 On hyperbent functions via Dillonlike
exponents. International conference, ISIT 2012,
IEEE International Symopsium on Infomation Theory in
IMT, Boston, USA, July 2012.
 Dickson polynomials, hyperelliptic curves
and hyperbent functions. International
conference SETA (The 7th international conference on
SEquences and Their Applications) in Waterloo
(Canada), June 2012.
 New semibent functions with multiple
trace terms. Workshop Information Theory and
Applications (ITA 2012) at San Diego (USA),
International conference on invitation, February 2012.
 Identifying and Covering by Spheres.
TwentyFifth Conférence on Combinatorics,
Cryptography, and Computing (MCCCC), Las Vegas (USA),
October 2011.
 Sphere coverings and Identifying Codes.
International conference Castle Meeting on coding
theory and Application (3ICMTA), Cardona (Espagna),
September 2011.
 On the link of some semibent functions
with Kloosterman sums. Workshop of International
Workshop on Coding and Cryptology (IWCC 2011),
contributed talk on invitation, Qingdao (China), May
2011.
 On the link of some semibent functions in
polynomial forms with exponential sums.
International Workshop on Information Theory and
Applications (ITA 2011), contributed talk on
invitation, San Diego (USA), February 2011.
 Recent Results on Bent and Hyperbent
Functions and Their Link With Some Exponential Sums.
International conference (invited talk) Information
Theory Workshop (ITW 2010), Dublin (Irlande),
September 2010.
 Hyperbent Boolean Functions with Multiple
Trace Terms. International Workshop on the
Arithmetic of Finite Fields (WAIFI 2010), Istanbul
(Turkey), June 2010.
 A new family of hyperbent Boolean
functions in polynomial form. International
Conference on Cryptography and Coding (IMACC 2009),
Cirencester (United Kingdom), December 2009.
 A new class of Bent Boolean functions in
polynomial forms. International Workshop on
Coding and Cryptography (WCC 2009), Ullensvang
(Norway), May 2009
 On the number of resilient Boolean
functions. International conference Symposium on
Algebraic Geometry and its Applications (SAGA 2007),
Papeete (Tahiti), May 2007.
 On immunity profile of Boolean functions.
International conference SEquences and Their
Applications (SETA 2006), Begin (China), September
2006.
 On the Walsh support of Boolean functions.
International conference Boolean Functions,
Cryptography and Applications (BFCA 2005), Rouen
(France), March 2005.
Invited talks in international
conferences and international meeting/seminar
(in reverse chronological order)
 Invited talk entitled "Reader’s
digest of “16year achievements on Boolean
functions and open problems"at the
International conference "The 4th
International Workshop on Boolean Functions
and their Applications" (BFA 2020), Invitation
de Lilya Budaghyan and Tor Helleseth.
 Invited talk at the
Conference " the Applied Algebra and
Geometry " UK research network at the
University d'Oxford, December 2019.
Invitation of Heather Harrington
(Université d'Oxford).
 Invited talk at the International
Conference "the 9th International Workshop
on Signal Design and its Applications in
Communications " (IWSDA'19), China 2019.
Invitation of Tor Helleseth (University de
Bergen, Norway), Zheng Ma (Southwest
Jiaotong University, China), HongYeop Song
(Yonsei University, Korea) and Hideyuki
Torii (Kanagawa Institute of Technology,
Japan).
 International Conference The 4th
International Workshop on Boolean Functions
and their Applications" (BFA 2019), 2019,
Florence, Italy. Invitation of Lilya
Budaghyan and Tor Helleseth.
 International Conference CanaDam,
Discrete mathematics, 2019, Vancouver,
Canada. Invitation by the organizers.
 International Conference on Codes,
Cryptology And Information Security` (C2SI),
2019, Rabat, Marocoo. Invitation by the
organizers.
 International Workhop
"Contemporary Coding Theory" at Oberwolfach
(Germany), March 2019. Invitation of Camilla
Hollanti (University Aalto), Joachim
Rosenthal (University of Zurich), and Marcus
Greferath (University Aalto).
 International Workhop in
Algebraic Coding Theory for Networks,
Storage, and Security at Dagstuhl (Germany),
December 2018. Invitation of Martin Bossert
(Universität Ulm, DE), Eimear Byrne
(University College Dublin, IE) and Antonia
WachterZeh (TU München, DE).
 International conference SETA
2018 (Sequences and Their Applications) 2018
at Hong Kong, October 2018.
 International conference BFA 2018
(Boolean Functions and Applications) at
Norway June 2018
 International conference on
Group, Group Ring and Related topics (GGRRT
2017) at Khorfakkan, UAE, November 2017.
 Instructional Workshop in
Cryptology at New Delhi, India, October
2017.
 Seminar in mathematics for
cryptography and coding theory at Chinese
Acadamy of Sciences, Bejiin, China,
September 2016.
 Seminar in mathematics for
cryptography and coding theory at Tianjin
and Nankai Universities, China, September
2016.
 International Conference "Yet
Another Conference on Cryptography" (YACC
2016) Porquerolles Island, France, June 2016.
 International Conference on
Cryptography and Coding, Oxford, United
Kingdom, December 2015. Invitation of Jens
Groth.
 International conference BFA 2014
"International Workshop on Boolean Functions
and Their Applications" at Rosendal (Norway).
Invitation of Lilya Budaghyan, Tor Helleseth
and Alexander Kholosha.
 International conference
MTNS2014; The 21th international symposium
on Mathematical Theory of Networks and
Systems, Groningen (the Netherlands), July
2014. Invitation of Heide
GluesingLuerssen, Joachim Rosenthal and
Margreta Kuijper.
 International Workshop on
Polynomials over Finite Fields:
Functional and Algebraic Properties,
Barcelone (Spain), May 2014. Invitation
of Joachim von zur Gathen, Jaime
Gutierrez, Alina Ostafe, Daniel Panario
and Alev Topuzoglu.
 International seminar in
Coding Theory, Dagstuhl (Germany) in
August 2013. Invitation of HansAndrea
Loeliger, Emina Soljanin and Judy L.
Walker.
 International Conference
Trends in coding theory, Monte
Verita (Switzerland) in October
2012. Invitation of Elisa Gorla,
Joachim Rosenthal and Amin
Shokrollahi.
 International Workshop
on finite fields character sums
and polynomials, Strobl
(Austria) in September 2012.
Invitation of the organizers of
the Workshop.
 International workshop
on coding based crypto (Ecrytp
2012), Lyngby (Denemark) in May
2012. Invitation of Tom Høholdt.
 International Workshop
Information Theory and
Applications (ITA 2012) at San
Diego (USA) in February 2012.
Invitation of Alexander Vardy.
 International seminar
in Coding Theroy at Dagstuhl
(Germany) in November 2011.
Invitation of Joachim Rosenthal
and Amin Shokrollahi.
 International Workshop
on Coding and Cryptology (IWCC
2011) at Qingdao (China) in May
2011. Invitation of Xian Hequn.
 International Workshop
Information Theory and
Applications (ITA 2011) at San
Diego (USA) in February 2011.
Invitation of Alexander Vardy.
 International
Information Theory Workshop (ITW
2010) at Dublin (Irlande) in
September 2010. Invitation of
Marcus Greferath.
Other conferences
and seminars
(in reverse chronological order)
 Seminar AGAA at
University of Paris 8 and
Paris 13 (visio conference),
May 2020, France.
 Seminar at York
University, Februray 2020,
UK. Invitation of Professor
Delaram Kahrobaei.
 Seminar at
Oxford University, December
2019, UK. Invitation of
Professor Heather
Harrington.
 Seminar at the
University of Guangzhou,
October 2019, China.
Invitation of professor
Yuyin Yu.
 Seminar at the
University of Sun Yatsen at
Guangzhou, October 2019,
China. Invitation of
professor ChangAn Zhao.
 International
Seminar in coding theory
"Contemporary Coding
Theory", March 2019,
Oberwolfach (Germany).
Invitation of Camilla
Hollanti (University Aalto),
Joachim Rosenthal
(University of Zurich), and
Marcus Greferath (University
Aalto).
 Seminar at INRIA
Lyon, France, January 2019
 Seminar in
mathematics at University of
Porto, Portugal, July 2018.
 Seminar in
mathematics at University of
Zurich, Suisse, December
2017.
 Seminar in number
theory at Intitute of New
Delhi, India, October 2017.
 Seminar of
algebra and number theory
at University of Aalto,
Finlande, February 2017.
 Seminar in
mathematics for cryptography
and coding theory at
University of Paris 8,
Paris, France, November
2016.
 Seminar in
mathmatics at Telcom Paris
Tech , Paris, France,
September 2016.
 Seminar in
discrete mathmatics at
University Paul Sabatier
(maths institute IMT),
Toulouse, France, April
2016.
 Seminar
"Combinatorics and
algorithmic" at University
of Rouen, France, Feburary
2016.
 Seminar at
HongKong University of
Science and Technology,
HongKong, China, June 2015.
 Seminar "Algebra
and Geometry" at University
of Versailles, France, April
2015.
 Seminar
"Cryptography" University
Cergy (France), April 2015.
Invitation of Valerie Nachef
and Emmanuel Volte.
 Seminar "Discrete
Mathematics" at University
of Nanjing (China), December
2014. Invitation of Xiwang
Cao.
 Seminar
"Cryptography" at University
of Xuzhou (China), December
2014. Invitation of Fengrong
Zhang.
 Seminar
Mathematics at the
Department of Mathematical
Sciences UAE University,
UAE, October 2014.
 Seminar
Combinatorics, University of
Paris XIII, France, May
2014.
 Seminar LIP6,
University of Paris VI,
France, April 2014.
 Seminar project
Boole, University of Paris
VI, France, June 2013.
 Séminaire UCD
School of Mathematical
Sciences, Dublin, Ireland,
Feburary 2012.
 Seminar project
Boole, Institut Henri
Poincaré, Paris, France,
January 2012.
 Seminar
Information Theory, Telecom
ParisTech, France, December
2011.
 Invited talk at
"Coding and Cryptography"
(C2), Saint Pierre d'Oléron,
April 2011.
 Seminar Arithmetic
and information theory (ATI)
lnstitute of Mathématics of
Luminy, Marseille, France,
February 2011.
 Seminar MTII,
University of Paris VIII,
France, January 2011.
 Seminar project
Boole, Institut Henri
Poincaré, Paris, France, May
2010.
 Seminar MTII,
University of Paris VIII,
France, June 2009.
 Seminar I3S,
SophiaAntipolis, Nice,
France, April 2009.
 Seminar Codes and
Cryptography ENSTA, Paris,
October 2005.
 Seminar Algebraic
combinatorics, University of
Paris 13, France, April
2005.
 Seminar of
Cryptography, Uuniversity of
Rennes, Rennes, France,
April 2005.
 Seminar
Information theory and
security, University of
Paris VIII, France, June
2003.
 Seminar Algebraic
geometry, University of
Rennes I, Rennes, France,
April 2002.
 Workshop of
Mathematics, Institute Henri
Poincaré, Paris, France,
March 2002.
Visiting Positions
 Invitation in October 2017 of Professors
Shri Kant, Shanta Laishram et Subhamoy Maitra at
New Delhi (India)
 Invitation in August and September 2017
of Professors Qi Wang (Southern University of
Science and Technology, Shenzhen, Chine),
Yongzhuang Wei, Minquan Cheng et Dianhua Wu
(University of Guilin and Guangxi Normal
University, Chine), Yanfeng Qi (University of
School of Science, Hangzhou Dianzi University,
Hangzhou, Chine), Longjiang Qu (National
University of Defense Technology, Changsha, Chine)
and Maosheng Xiong (HongKong university of
science and technology, HongKong).
 Invitation in February 2017 of
Professors Marcus Greferath and Camilla Hollanti
at the department of mathematics of University of
Aalto, Finlande.
 Invitation in September 2016 of
Professors Dongdai Lin, Keqin Feng and Baofeng Wu
at the Chinese Acadamy of Sciences, China.
 Invitation in September 2016 of
Professors Francoise Soulier, Fangwei Fu and Jian
Liu at Tianjin and Nankai Universities, China.
 Invitation in July 2016 by professor
Zhengchun Zhou, departement of mathematics,
university of Southwest Jiaotong, Chungdu, China.
 Invitation in June 2015 by professor
Cunsheng Ding, HongKong University of Science and
Technology, Hongkong, China.
 Invitation in October 2014 by professor
Kanat Abdukhalikov, department of mathematics, El
Ain, UAE.
 Invitation in September 2014 by professor
Ferruh Özbudak, Middle East Technical University,
Ankara, Turkey.
 Invitation in October 2013 by
professor Janos Korner, University of Rome,
Italy.
 Invitation in November 2010 by profes
Simon Litsyn, University of Tel Aviv, Israel.
 Invitation in September 2010 by
professor Marcus Greferath, College Dublin
Ireland.