propagation characteristics of the divergence of elementary cellular automata

DOI: 10.1142/S0129183110015828

October 21, 2010 8:51 WSPC/141-IJMPC S0129183110015828

International Journal of Modern Physics CVol. 21, No. 10 (2010) 1263–1276c© World Scientific Publishing Company

PROPAGATION CHARACTERISTICS OF THE DIVERGENCE OF

ELEMENTARY CELLULAR AUTOMATA

A. MARTIN DEL REY

E. P. S. de Avila, Department of Applied MathematicsUniversidad de Salamanca, Spain

C/Hornos Caleros 50, 05003-Avila, [email protected]

A. QUEIRUGA DIOS

E. T. S. I. I. de Bejar, Department of Applied MathematicsUniversidad de Salamanca, Spain, Avda. Fernandez Ballesteros 2

37700-Bejar, Salamanca, [email protected]

G. RODRIGUEZ SANCHEZ

E. P. S. de Zamora, Department of Applied MathematicsUniversidad de Salamanca, Spain

Avda. Requejo 33, 49022-Zamora, [email protected]

Received 24 May 2010Accepted 14 September 2010

In this work the notion of divergence of elementary cellular automata is introduced andit is analyzed from a cryptographic point of view. Specifically, the balancedness andpropagation characteristics are analyzed.

Keywords: Elementary cellular automata; divergence; boolean functions; balancedness;propagation characteristics.

PACS Nos.: 05.65.+b, 89.75.-k.

1. Introduction

Cellular automata (CA for short) have been widely studied not only from a theo-

retical point of view (algebraic aspects of the evolution, complexity, etc.) but also

several applications to different scientific areas have been proposed in the litera-

ture: Cryptography, Coding Theory, Random Number Generation, etc.1–4 CA are

intimately related to boolean functions since such functions govern their evolu-

tion when the set of states is F2. As a consequence the study of cryptographic

applications of CA is related to the study of cryptographic properties of boolean

1263

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.

http://dx.doi.org/10.1142/S0129183110015828


1264 A. M. del Rey, A. Q. Dios & G. R. Sanchez

functions (balancedness, propagation characteristics, nonlinearity, resiliency, etc.).

A particular and very interesting type of CA are Elementary Cellular Automata

(roughly speaking they are CA endowed with the state set F2 and whose evolution

is defined by means of a three-variable boolean function). It is well-known that

elementary cellular automata have limited applications in Cryptography.5

The main goal of this paper is to search a simple method to obtain from elemen-

tary cellular automata, other complex cellular automata with better cryptographic

properties. In this sense, the notion of divergence of elementary CA is introduced

and some cryptographic properties are studied: the balancedness and the propaga-

tion characteristics.

The rest of the paper is organized as follows: In Sec. 2 the basic theory of

boolean functions and elementary cellular automata are introduced; the divergence

of elementary cellular automata is shown in Sec. 3, and some of its cryptographic

properties are studied in Sec. 4. Finally, the conclusions are presented in Sec. 5.

2. Mathematical Preliminaries

2.1. Boolean functions

Let Fn2 be the nth-dimensional vector space over the Galois field F2 = {0, 1}, and

set {e1, . . . , en} its standard basis. An n-variable boolean function is a map of the

form f : Fn2 → F2. The set of all n-variable boolean functions is denoted by BFn

and its cardinal is |BFn| = 22n

.

The Hamming weight of a vector u = (u1, . . . , un) ∈ Fn2 is denoted by wt(u)

and it is defined as the number of its non-zero coordinates. The Hamming weight

of an n-variable boolean function f is defined as

wt(f) =∣

∣

{

u ∈ Fn2 such that f(u) 6= 0

}∣

∣ , (1)

that is, it is the cardinality of its support. Moreover, the Hamming distance between

two boolean functions f , g ∈ BFn is defined as d(f, g) = wt(f ⊕ g), where (f ⊕

g)(u) = f(u) ⊕ g(u).

The usual representation of a boolean function f is by means of its Algebraic

Normal Form (ANF for short) which is the n-variable polynomial representation

over F2, that is:

f(

u1, . . . , un

)

= a0 ⊕⊕

1≤k≤n

1≤i1,i2,...,ik≤n

ai1i2,...,ikui1ui2 , . . . , uik

, a0, ai1,...,ik∈ F2 (2)

being the degree of the ANF the algebraic degree of the function.

An n-variable vectorial boolean function is a map of the form

F : Fn2 → F

m2

u 7→ F (u) =(

F1(u), . . . , Fm(u))

(3)

where Fi : Fn2 → F2 are n-variable boolean functions.

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.


Propagation Characteristics of the Divergence of ECA 1265

The partial derivative of an n-variable boolean function f with respect to the

ith variable ui is the n-variable boolean function defined as follows:

∂f

∂ui

: Fn2 → F2

u 7→∂f

∂ui

(u) = f(u) ⊕ f(

u ⊕ ei

)

(4)

that is,

∂f

∂ui

(u) = f(

u1, . . . , ui, . . . , un

)

⊕ f(

u1, . . . , ui ⊕ 1, . . . , un

)

. (5)

Furthermore, the notion of partial derivative can be extended to the concept of

directional derivative as follows: The directional derivative of an n-variable boolean

function f with respect to b ∈ Fn2 is

Dbf : Fn2 → F2

u 7→ Dbf(u) = f(u) ⊕ f(u ⊕ b) .(6)

Note that the partial derivative with respect to the ith variable ui stands for the

directional derivative with respect to ei ∈ Fn2 : (∂f/∂ui) = Dei

f . The following

important result holds:

Theorem 1. Let f be an n-variable boolean function and set

1 ≤ i1 < i2 < · · · < ik ≤ n (7)

with k ≤ n, then:

(

Dei1◦ · · · ◦ Deik

)

f(u) =⊕

1≤l≤kj1<···<jl

j1,...,jl∈{i1,...,ik}

Dej1⊕···⊕ejl

f(u) , (8)

where (Db1 ◦ Db2)f(u) = Db1(Db2f(u)), with b1, b2 ∈ Fn2 .

2.2. Cellular automata

CA are finite state machines7 formed by m memory units called cells that are

arranged linearly. Each cell assumes a state from the finite state set F2 at every

step of time. The state of the ith cell at time t is denoted by xti ∈ F2 and it changes

synchronously in discrete steps of time according to a local transition function f .

This function is a k-variable boolean function, with k ≤ m, whose variables are the

previous states of its neighbor cells, that is:

f : Fk2 → F2

(

xti+α1

, . . . , xti+αk

)

7→ xt+1i = f

(

xti+α1

, . . . , xti+αk

)

(9)

for every 1 ≤ i ≤ m. As a consequence, there exists 22k

possible cellular automata.

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



Note that the set of indices V = {α1, . . . , αk} ⊂ Z defines the neighborhood of

each cell of the cellular automaton (in this paper we will assume that the neigh-

borhood is homogeneous). In this sense, if V = {−q, . . . , 0, . . . , q} then the cellular

automaton is said to have symmetric neighborhoods of radius q.

As the number of cells is finite, boundary conditions must be stated in order to

preserve the well-defined evolution. Usually one takes periodic boundary conditions:

xti = xt

j if i ≡ j(mod m) for every t , (10)

i.e. the cells are handled with a toroidal arrangement: when one goes off on the left,

one comes in on the right.

The m-dimensional vector X t = (xt1, . . . , x

tm) ∈ F

m2 is called configuration of the

cellular automata at time t. The whole evolution of a particular cellular automata

can be comprised in its global transition function:

Φ: Fm2 → F

m2

Xt 7→ Φ(

Xt)

= Xt+1 .(11)

Note that the global function Φ is the vectorial boolean function:

Φ(u) =(

Φ1(u), . . . , Φm(u))

, (12)

where

Φi(u) = f(

ui+α1, . . . , ui+αk

)

, 1 ≤ i ≤ m , (13)

is a k-variable boolean function.

A particular type of cellular automata is formed by the Elementary Cellular

Automata (ECA for short). These are cellular automata endowed with symmetric

neighborhoods of radius q = 1. Consequently, there exist 223

= 256 ECA, each of

which can be indexed by a rule number w which is computed as follows8:

0 ≤ w =

7∑

i=0

αi · 2i ≤ 255 , (14)

where the truth table of the boolean function f is:

xti−1 xt

i xti+1 7→ xt+1

i

0 0 0 7→ α0

0 0 1 7→ α1

0 1 0 7→ α2

0 1 1 7→ α3

1 0 0 7→ α4

1 0 1 7→ α5

1 1 0 7→ α6

1 1 1 7→ α7

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



3. The Divergence of an ECA

3.1. Definition

In this section we will introduce a new concept related to elementary cellular au-

tomata and boolean derivative: The divergence of an ECA. This notion can be

considered as the analogous of divergence for real functions. More precisely:

Definition 1. The divergence of an m-cell ECA whose global transition function

is defined by (11)–(13) is a p-cell cellular automaton with p > m and

V =

{

−m − 1

2, . . . , 0, . . . ,

m − 1

2

}

, if m is odd with m = 2r + 1

{

−m

2+ 1, . . . , 0, . . . ,

m

2

}

, if m is even with m = 2r

(15)

whose local transition function is given by:

div(Φ): Fm2 → F2

u 7→ div(Φ)(u) =

m⊕

i=1

∂Φi

∂ui

(u) .(16)

Example 1. Let us consider the ECA with rule number 30, that is, its local tran-

sition function is as follows:

xt+1

i = f(

xti−1, x

ti , x

ti+1

)

= xti−1 ⊕ xt

i ⊕ xti+1 ⊕ xt

ixti+1 , 1 ≤ i ≤ m . (17)

Then, the divergence of such ECA is defined by the boolean functions:

div(Φ)(u) = u1 ⊕ u2 ⊕ u3 ⊕ u4 ⊕ u5 ⊕ u6 ⊕ u7 ⊕ u8 , (18)

div(Φ)(u) = 1 ⊕ u1 ⊕ u2 ⊕ u3 ⊕ u4 ⊕ u5 ⊕ u6 ⊕ u7 ⊕ u8 ⊕ u9 , (19)

for m = 8 and m = 9 respectively, and the subindices are taken modulo m; that is,

the local transition functions are:

xt+1

i = f(

xti−3, x

ti−2, x

ti−1, x

ti, x

ti+1, x

ti+2, x

ti+3, x

ti+4

)

= xti−3 ⊕ xt

i−2 ⊕ xti−1 ⊕ xt

i ⊕ xti+1 ⊕ xt

i+2 ⊕ xti+3 ⊕ xt

i+4 , (20)

xt+1

i = f(

xti−4, x

ti−3, x

ti−2, x

ti−1, x

ti, x

ti+1, x

ti+2, x

ti+3, x

ti+4

)

= 1 ⊕ xti−4 ⊕ xt

i−3 ⊕ xti−2 ⊕ xt

i−1 ⊕ xti ⊕ xt

i+1 ⊕ xti+2 ⊕ xt

i+3 ⊕ xti+4 , (21)

for 1 ≤ i ≤ p with p > m.

A simple calculus shows that:

Proposition 1. The divergence of an arbitrary ECA with local transition function

f(

xti−1, x

ti , x

ti+1

)

= a0 ⊕ a1xti−1 ⊕ a2x

ti ⊕ a3x

ti+1 ⊕ a12x

ti−1x

ti ⊕ a13x

ti−1x

ti+1

⊕a23xtix

ti+1 ⊕ a123x

ti−1x

tix

ti+1 , (22)

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



is

• If m = 2r + 1 is odd, then:

div(Φ)(

xti−r , . . . , x

ti+r

)

= a2 ⊕(

a12 ⊕ a23

)

r⊕

j=−r

xti+j

⊕a123xti−rx

ti+r−1 ⊕ a123x

ti−r+1x

ti+r

⊕a123

r−2⊕

j=−r

xti+jx

ti+j+2 . (23)

• If m = 2r is even, then:

div(Φ)(

xti−r+1, . . . , x

ti+r

)

=(

a12 ⊕ a23

)

r⊕

j=−r+1

xti+j

⊕a123xti−r+1x

ti+r−1 ⊕ a123x

ti−r+2x

ti+r

⊕a123

r−2⊕

j=−r+1

xti+jx

ti+j+2 . (24)

3.2. Analysis and classification

Note that the divergence of an ECA is defined by means of three boolean parame-

ters: a2, a12 ⊕ a23 and a123 when m is odd, and by only two parameters, a12 ⊕ a23

and a123, when m is even. As a consequence, there exist 23 = 8 possible divergences

for each m odd and 22 = 4 different divergences when m is even. These divergences

are shown in Tables 1 and 2, respectively.

This result allows us to classify the elementary cellular automata in different

classes according to their divergences. Such classification is shown in Tables 3 and

4 respectively.

4. Cryptographic Analysis of the Divergence

In this section we will study the use of the divergences of ECA for cryptographic

purposes. Specifically, some properties that suitable cryptographic boolean func-

tions must satisfy are analyzed.

4.1. Balancedness

As is well-known, cryptographic boolean functions must be balanced, that is, their

outputs must be uniformly distributed9 over F2. In this sense, if f is an n-variable

boolean function, it is balanced when wt(f) = 2n−1. This property allows one to

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



Table 1. Explicit expressions of the divergences for m odd.

Parameters Divergence

Class Ia2 = 0a12 ⊕ a23 = 0a123 = 0

0

Class IIa2 = 0a12 ⊕ a23 = 0a123 = 1

xti−r

xti+r−1

⊕ xti−r+1

xti+r

⊕

r−2⊕

j=−r

xti+jx

ti+j+2

Class IIIa2 = 0a12 ⊕ a23 = 1a123 = 0

r⊕

j=−r

xti+j

Class IVa2 = 0a12 ⊕ a23 = 1a123 = 1

r⊕

j=−r

xti+j ⊕ x

ti−rx

ti+r−1 ⊕ x

ti−r+1x

ti+r ⊕

r−2⊕

j=−r

xti+jx

ti+j+2

Class Va2 = 1a12 ⊕ a23 = 0a123 = 0

1

Class VIa2 = 1a12 ⊕ a23 = 0a123 = 1

1 ⊕ xti−r

xti+r−1

⊕ xti−r+1

xti+r

⊕

r−2⊕

j=−r

xti+jx

ti+j+2

Class VIIa2 = 1a12 ⊕ a23 = 1a123 = 0

1 ⊕r

⊕

j=−r

xti+j

Class VIIIa2 = 1a12 ⊕ a23 = 1a123 = 1

1 ⊕r

⊕

j=−r

xti+j ⊕ x

ti−rx

ti+r−1 ⊕ x

ti−r+1x

ti+r ⊕

r−2⊕

j=−r

xti+jx

ti+j+2

avoid statistical dependence between the input and the output that can be used in

some types of cryptanalytic attacks.

Example 2. The n-variable affine boolean function f is balanced because (it is

easy to check that) its Hamming weight is:

wt(f) =∣

∣

{

u ∈ Fn2 such that f(u) 6= 0

}∣

∣ (25)

=

∣

∣

∣

∣

∣

{

u ∈ Fn2 such that

n∑

i=1

ui is an odd number

}∣

∣

∣

∣

∣

(26)

=∑

0≤i≤n,i odd

(

n

i

)

= 2n−1 . (27)

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



Table 2. Explicit expressions of the divergences for m even.

Parameters Divergence

Class Ia12 ⊕ a23 = 0a123 = 0

0

Class IIa12 ⊕ a23 = 0a123 = 1

xti−r+1

xti+r−1

⊕ xti−r+2

xti+r

⊕

r−2⊕

j=−r+1

xti+jx

ti+j+2

Class IIIa12 ⊕ a23 = 1a123 = 0

r⊕

j=−r+1

xti+j

Class IVa12 ⊕ a23 = 1a123 = 1

r⊕

j=−r+1

xti+j ⊕ x

ti−r+1x

ti+r−1 ⊕ x

ti−r+2x

ti+r ⊕

r−2⊕

j=−r+1

xti+jx

ti+j+2

Table 3. Classification of ECA according to their divergences whenm is odd.

Class ECA (rule number)

Class I0, 5, 10, 15, 18, 23, 24, 29, 66, 71, 72, 77, 80, 85, 90, 95, 160,

165, 170, 175, 178, 183, 184, 189, 226, 231, 232, 237, 240,

245, 250, 255

Class II32, 37, 42, 47, 50, 55, 56, 61, 98, 103, 104, 109, 112, 117,

122, 127, 128, 133, 138, 143, 146, 151, 152, 157, 194, 199,

200, 205, 208, 213, 218, 223

Class III34, 39, 40, 45, 48, 53, 58, 63, 96, 101, 106, 111, 114, 119,

120, 125, 130, 135, 136, 141, 144, 149, 154, 159, 192, 197,

202, 207, 210, 215, 216, 221

Class IV2, 7, 8, 13, 16, 21, 26, 31, 64, 69, 74, 79, 82, 87, 88, 93, 162,

167, 168, 173, 176, 181, 186, 191, 224, 229, 234, 239, 242,

247, 248, 253

Class V33, 36, 43, 46, 51, 54, 57, 60, 99, 102, 105, 108, 113, 116,

123, 126, 129, 132, 139, 142, 147, 150, 153, 156, 195, 198,

201, 204, 209, 212, 219, 222

Class VI1, 4, 11, 14, 19, 22, 25, 28, 67, 70, 73, 76, 81, 84, 91, 94, 161,

164, 171, 174, 179, 182, 185, 188, 227, 230, 233, 236, 241,

244, 251, 254

Class VII3, 6, 9, 12, 17, 20, 27, 30, 65, 68, 75, 78, 83, 86, 89, 92, 163,

166, 169, 172, 177, 180, 187, 190, 225, 228, 235, 238, 243,

246, 249, 252

Class VIII35, 38, 41, 44, 49, 52, 59, 62, 97, 100, 107, 110, 115, 118,

121, 124, 131, 134, 137, 140, 145, 148, 155, 158, 193, 196,

203, 206, 211, 214, 217, 220

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



Table 4. Classification of ECA according to their divergences

when m is even.

Class ECA (rule number)

Class I

0, 5, 10, 15, 18, 23, 24, 29, 33, 36, 43, 46, 51, 54, 57, 60,

66, 71, 72, 77, 80, 85, 90, 95, 99, 102, 105, 108, 113, 116,

123, 126, 129, 132, 139, 142, 147, 150, 153, 156, 160,

165, 170, 175, 178, 183, 184, 189, 195, 198, 201, 204,

209, 212, 219, 222, 226, 231, 232, 237, 240, 245, 250, 255

Class II

1, 4, 11, 14, 19, 22, 25, 28, 32, 37, 42, 47, 50, 55, 56, 61,

67, 70, 73, 76, 81, 84, 91, 94, 98, 103, 104, 109, 112, 117,

122, 127, 128, 133, 138, 143, 146, 151, 152, 157, 161,

164, 171, 174, 179, 182, 185, 188, 194, 199, 200, 205,

208, 213, 218, 223, 227, 230, 233, 236, 241, 244, 251, 254

Class III

3, 6, 9, 12, 17, 20, 27, 30, 34, 39, 40, 45, 48, 53, 58, 63,

65, 68, 75, 78, 83, 86, 89, 92, 96, 101, 106, 111, 114, 119,

120, 125, 130, 135, 136, 141, 144, 149, 154, 159, 163,

166, 169, 172, 177, 180, 187, 190, 192, 197, 202, 207,

210, 215, 216, 221, 225, 228, 235, 238, 243, 246, 249, 252

Class IV

2, 7, 8, 13, 16, 21, 26, 31, 35, 38, 41, 44, 49, 52, 59, 62,

64, 69, 74, 79, 82, 87, 88, 93, 97, 100, 107, 110, 115, 118,

121, 124, 131, 134, 137, 140, 145, 148, 155, 158, 162,

167, 168, 173, 176, 181, 186, 191, 193, 196, 203, 206,

211, 214, 217, 220, 224, 229, 234, 239, 242, 247, 248, 253

Balancedness property plays a central role in the study of cryptographic prop-

erties of boolean functions: the analysis of much of them can be reduced to the

study of the balancedness of a particular function (for example, a boolean function

satisfies the Strict Avalanche Criterion if their partial derivatives are balanced).

The balanced ECA are the following: 15, 23, 27, 29, 30, 39, 43, 45, 46, 51, 53,

54, 57, 58, 60, 71, 75, 77, 78, 83, 85, 86, 89, 90, 92, 99, 101, 102, 105, 106, 108, 113,

114, 116, 120, 135, 139, 141, 142, 147, 149, 150, 153, 154, 156, 163, 165, 166, 169,

170, 172, 177, 178, 180, 184, 195, 197, 198, 201, 202, 204, 209, 210, 212, 216, 225,

226, 228, 232, and 240.

In the case of the divergences of ECA, the following results hold:

• For m odd, classes I, V are not balanced since these divergences are affine constant

functions. Furthermore, classes IV and VIII are not balanced.

• For m odd, classes III and VII are balanced since the divergences are non-constant

affine boolean functions (see Example 2). Moreover, classes II and VI are also

balanced.

• For m even, class I is not balanced because it corresponds to the zero boolean

function.

• For m even, class III is balanced: the divergence is a non-constant affine boolean

function (see Example 2).

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



• When m is even and it is not multiple of 4, class II is balanced, otherwise (m

even and multiple of 4) this class is not balanced.

• For m even and m = 4, 12, 20, . . . class IV is balanced (if m 6= 4, 12, . . . it is not

balanced).

4.2. Propagation characteristics

4.2.1. Strict Avalanche Criterion

An n-variable boolean function f satisfies the Strict Avalanche Criterion (SAC)

if and only if f changes with probability 0.5 whenever a single input bit is com-

plemented. The characterization of SAC in terms of the boolean derivative was

introduced by Webster and Tavares10: the boolean function f satisfies SAC if

(∂f/∂uj) = Dejf is a balanced function for every uj . In our case, it is:

• If m is even, then the divergences belonging to classes I and III are not balanced

since they are the following boolean constant functions:

∂(div(Φ))

∂uj

= 0 ,∂(div(Φ))

∂uj

= 1 , (28)

respectively. On the other hand, the divergences of classes II and IV are

∂(div(Φ))

∂uj

= uj−2 ⊕ uj+2 , (29)

∂(div(Φ))

∂uj

= 1 ⊕ uj−2 ⊕ uj+2 , (30)

respectively, where the subindices are taken as modulus m. Note that they are

balanced (see Example 2).

• If m is odd, the divergences of classes I and V are not balanced because they are

the zero constant function:

∂(div(Φ))

∂uj

= 0 . (31)

Also, the divergences of classes III and VII are not balanced since they are the

constant function:

∂(div(Φ))

∂uj

= 1 . (32)

On the other hand, the balanced divergences are those of classes II, IV and VI,

VIII as they are:

∂(div(Φ))

∂uj

= 1 ⊕ uj−2 ⊕ uj , (33)

∂(div(Φ))

∂uj

= uj−2 ⊕ uj , (34)

respectively (where the subindices are taken as modulus m).

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



Consequently, when m is even, only classes II and IV are SAC, and for m odd, the

SAC classes are II, IV, VI and VIII.

4.2.2. Propagation Criterion

In order to assure well diffusion properties, boolean functions must satisfy the

Propagation Criterion. This criterion was introduced by Preneel et al.11 and it

is based on the properties of the derivatives of boolean functions that give the

behavior of such functions when some variables of the input are complemented. The

n-variable boolean function f satisfies the propagation criterion PC with respect

to B ⊂ Fn2 if for every b ∈ B the derivative function, Dbf , is balanced. Moreover,

the boolean function f satisfies PC(k) if it satisfies PC with respect to the set:

W (k) ={

b ∈ Fn2 − {0} such that wt(b) ≤ k

}

={

ei1 ⊕ · · · ⊕ eij, 1 ≤ i1 < · · · < ij ≤ n, 1 ≤ j ≤ k

}

. (35)

Note that the SAC is the particular case of PC for k = 1.

In our case, the following results hold.

Trivially, classes I and V for m odd and I for m even do not satisfy PC.

Classes III and VII for m odd and III for m even do not satisfy PC since the

divergences are affine boolean functions and their derivatives (with respect to any

boolean vector) are constant functions (non-balanced).

Classes II and VI for m odd, and class II for m even satisfies PC and it can be

proven by recurrence on k:

• For k = 1: As classes II and VI are SAC, they satisfy PC(1).

• For k = 2: Applying Theorem 1, it yields:

Dei1⊕ei2

f =(

Dei1◦ Dei2

)

f ⊕ Dei1f ⊕ Dei2

f

= Dei1

(

ui2−2 ⊕ ui2+2

)

⊕ ui1−2 ⊕ ui1+2 ⊕ ui2−2 ⊕ ui2+2

=

1 ⊕ ui1−4 ⊕ ui1−2 ⊕ ui1 ⊕ ui1+2 , if i1 = i2 − 2

1 ⊕ ui1−2 ⊕ ui1 ⊕ ui1+2 ⊕ ui1+4 , if i1 = i2 + 2

ui1−2 ⊕ ui1+2 ⊕ ui2−2 ⊕ ui2+2 , otherwise

(36)

for every 1 ≤ i1 < i2 ≤ n. Then, Dei1⊕ei2

f is a non-constant affine function, and

as a consequence, it is balanced.

• Suppose that the statement holds true for k − 1, then:

Dei1⊕···⊕eik

f =(

Dei1◦ · · · ◦Deik

)

f

⊕⊕

1≤l≤k−1

j1<···<jlj1,...,jl∈{i1,...,ik}

Dej1⊕···⊕ejl

f . (37)

By recurrence each summation of the form Dej1⊕···⊕ejl

f is a non-constant affine

boolean function. Moreover, (Dei1◦ · · · ◦ Deik

)f = 0 for k > 2. Consequently,

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



Dei1⊕···⊕eik

f is the XOR sum of non-constant affine boolean functions, then it

is balanced.

A similar argument shows that classes IV and VIII for m odd, and IV for m even

satisfy PC.

5. Conclusions

As is well-known, the evolution of elementary cellular automata are defined by

means of a three-variable boolean function. ECA are not suitable for cryptographic

purposes due to the simplicity of the boolean functions governing their evolution.

Nevertheless, it is possible to construct more complex cellular automata starting

from ECA. In this sense, in this work, the notion of divergence of ECA (with a

cellular space of order m) is introduced whose local transition function is given by

an m-variable boolean function. Specifically, such boolean functions defining the

divergences of ECA are the following:

f(

u1, . . . , um

)

= β , (38)

f(

u1, . . . , um

)

= β ⊕

m⊕

i=1

uiui+2 , (39)

f(

u1, · · · , um

)

= β ⊕

m⊕

i=1

ui , (40)

f(

u1, . . . , um

)

= β ⊕

m⊕

i=1

(

ui ⊕ uiui+2

)

, (41)

where the subindices are taken modulo m, and β = 0, 1 for m odd, and β = 0 for

m even.

It is shown that the classes derived from the boolean functions (38) are not bal-

anced and they do not satisfy the propagation characteristics. The classes obtained

from functions of the form (39) are balanced (with the exception of m being a multi-

ple of 4) and they also satisfy the propagation characteristics. Although the classes

with boolean functions (40) are balanced, they do not satisfy the propagation char-

acteristics. Finally, the cellular automata given by the boolean functions (41) are

balanced for m = 4, 12, 20, . . . and they satisfy the propagation characteristics.

Consequently, the balanced ECA whose divergences are also balanced are the

following: 27, 30, 39, 45, 53, 58, 75, 78, 83, 86, 89, 92, 101, 106, 114, 120, 135, 141,

149, 154, 163, 166, 169, 172, 177, 180, 197, 202, 210, 216, 225, 228. Note that all

belong to classes II and VII for m odd and to class III for m even. Moreover, if

m is not multiple of 4 the ECA whose divergences are balanced and satisfy the

propagation characteristics are 1, 4, 11, 14, 19, 22, 25, 28, 32, 37, 42, 47, 50, 55,

56, 61, 67, 70, 73, 76, 81, 84, 91, 94, 98, 103, 104, 109, 112, 117, 122, 127, 128, 133,

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



138, 143, 146, 151, 152, 157, 161, 164, 171, 174, 179, 182, 185, 188, 194, 199, 200,

205, 208, 213, 218, 223, 227, 230, 233, 236, 241, 244, 251, and 254.

Acknowledgments

This work has been supported by Ministerio de Ciencia e Innovacion (Spain) under

Grant MTM2008-02773.

Appendix

In what follows, we introduce the computational implementation of some results

shown in the manuscript by using the Computer Algebra System Mathematica

7. Specifically, the computational computing of the divergences of all elementary

cellular automata are made by means of the following algorithm.

Initialization of some parameters (number of cells, boundary conditions and

modulus):

m=5;(* Number of cells *)

PBC={\[Epsilon]->Subscript[x,m],\[Eta]->Subscript[x,1]};modulus=Append[Table[Subscript[x,i]^2,{i,1,m}],2];

Definition of a function representing a generic boolean transition function:f[w ]:= Module[{q},

Do[q[i]=w[[i]],{i,1,8}];q[1]+q[2]*a+q[3]*b+q[4]*c+q[5]*a*b+q[6]*a*c+q[7]*b*c+q[8]*a*b*c];

Definition of functions that convert boolean expressions:(* From coefficient list to Wolfram Number *)

ListToWR[w ] := Module[{aux},aux=Mod[Table[f[w]/.{a->IntegerDigits[i,2,3][[1]],b->IntegerDigits[i,2,3][[2]],

c->IntegerDigits[i,2,3][[3]]},{i,0,7}],2];FromDigits[Reverse[aux], 2]

];

(* From ANF to coefficient list *)

ANFtoList[pol ]:={pol/.{x->0,y->0,z->0},Coefficient[polinomio,x],Coefficient[polinomio,y],

Coefficient[polinomio,z],Coefficient[polinomio,x*y],

Coefficient[polinomio,x*z],Coefficient[polinomio,y*z],

Coefficient[polinomio,x*y*z]};

Definition of the function (called Divergence) that computes the divergence:

Divergence[w ]:=Module[{der,divPBC},der=D[f[w],b];

divPBC =PolynomialMod[

((der/.{a->Subscript[x,m],b->Subscript[x,1],c->Subscript[x,2]})+Sum[der/.{a->Subscript[x,i-1],b->Subscript[x,i],c->Subscript[x,i+1]},{i,2,m-1}]+(der/.{a->Subscript[x,m-1],b->Subscript[x,m],c->Subscript[x,1]}))/.PBC,modulus];

{ListToWR[w],divPBC}];

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.



Computing and showing the divergences:

Do[

sequence= IntegerDigits[i, 2, 8];

div[ListToWR[sequence]]=Divergencia[sequence],{i,0,255}];aux=Table[div[i],{i,0,255}];TableForm[Sort[aux],

TableHeadings->{{},{"WR","Divergence"}},TableAlignments->Center]

References

1. R. Alonso-Sanz and L. Bull, Int. J. Mod. Phys. C 19, 351 (2008).2. P. P. Chaudhuri, D. R. Chowdhury, S. Nandi and S. Chattopadhyay, Additive Cellular

Automata: Theory and Applications, Vol. 1 (Wiley-IEEE Computer Society Press, LosAlamitos, CA, 1997).

3. A. F. Sabater, Commun. Contemp. Math. 477, 1 (2009).4. P. Sarkar, ACM Comput. Surv. 32, 80 (2000).5. J. Escuadra Burrieza, A. M. del Rey, J. L. Perez Iglesias, A. Q. Dios, G. R. Sanchez

and A. de la Villa Cuenca, Int. J. Comput. Math. (To appear).6. A. M. del Rey and G. R. Sanchez, Inform. Comput. (Submitted).7. S. Wolfram, A New Kind of Science (Wolfram Media Inc., Champaign, IL, 2002).8. S. Wolfram, Cellular Automata and Complexity: Collected Papers (Addison-Wesley,

1994).9. T. W. Cusick and P. Stanica, Cryptographic Boolean Functions and Applications (Aca-

demic Press, 2009).10. A. F. Webster and S. E. Tavares, Lect. Notes Comput. Sci. 219, 523 (1985).11. B. Preneel, W. Van Leekwijck, L. Van Linden, R. Govaerts and J. Vandevalle, Lect.

Notes Comput. Sci. 473, 161 (1991).

Int.

J. M

od. P

hys.

C 2

010.

21:1

263-

1276

. Dow

nloa

ded

from

ww

w.w

orld

scie

ntif

ic.c

omby

BO

STO

N U

NIV

ER

SIT

Y o

n 11

/04/

14. F

or p

erso

nal u

se o

nly.

propagation characteristics of the divergence of elementary cellular automata

Documents