Skip to main content
SpringerLink
Log in

Boolean Functions

  • Chapter
  • First Online:
Algebra for Cryptologists

  • 2500 Accesses

Abstract

Following from our previous chapter in which we noted some properties that we require in Boolean functions which are to be used as combining functions and filter functions, we now look at Boolean functions more closely. We start with an efficient way of determining the Algebraic Normal Form of a Boolean function, given its outputs for all possible inputs (and conversely) and then proceed with the Walsh–Hadamard transform and its applications to the kind of problems that we have identified. We end the chapter with a brief introduction to the Discrete Fourier Transform, where our knowledge of finite fields is required once again.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 19.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 29.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 39.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    But there may be times when it might be useful to think of the domain of the function as the finite field GF(2n), in which case some other ordering like \(\{0, 1,\alpha,\alpha ^{2},\ldots,\alpha ^{2^{n}-2 }\}\) might be more convenient.

  2. 2.

    Properly called the Hamming distance, after Richard W. Hamming (1915–1998), American mathematician, and one of the giants in coding theory.

  3. 3.

    More properly this is called the Hamming weight of x.

  4. 4.

    Recall that a Boolean function f is balanced if #{x | f(x) = 0} = #{x | f(x) = 1}.

  5. 5.

    It can be shown from the definition of the Kronecker product that

    $$\displaystyle{(\mathbf{A} \otimes \mathbf{B})(\mathbf{C} \otimes \mathbf{D}) = \mathbf{AC} \otimes \mathbf{BD},}$$

    assuming that these products are defined.

    It is also easy to see that, considering identity matrices,

    $$\displaystyle{\mathbf{I}_{n} \otimes \mathbf{I}_{m} = \mathbf{I}_{mn}.}$$

    Consequently (AB)−1 = A −1B −1.

  6. 6.

    This is not the most general definition of Hadamard matrices, but it is the one we shall use for the moment. A more general definition will be useful when we consider the so-called MDS matrices in Sect. 9.5

  7. 7.

    See, for example, the book by F.A. McWilliams and N.J.A. Sloane: The Theory of Error-Correcting Codes, North-Holland, 1977, p. 44.

  8. 8.

    Also called, among other names, the Walsh–Hadamard-transform. The conversion of f to \(\hat{f}\) is required because the Walsh transform is defined in general for application to sequences of real or complex numbers of length 2n for some positive integer n. We may, occasionally, abuse terminology and refer to the result of applying the transform to \(\hat{f}\), as “the Walsh transform of f”.

  9. 9.

    With the arithmetic being carried out in GF(2), so that 1 + 1 = 0, since we are dealing with vectors over GF(2).

  10. 10.

    In analogy with Fourier analysis, f and \(\hat{f}\) are sometimes referred to as being in the “time domain” and \(\hat{F }\) as being in the “frequency domain”. In our context this terminology does not seem to be helpful, but we will bow to custom in pointing out that \(\hat{F }\) is called the (Walsh-) spectrum of f.

  11. 11.

    That is, \(\hat{l}_{\psi } \cdot \hat{ l}_{\omega } = 0\) if ψω.

  12. 12.

    δ xy  = 1 if x = y, 0 otherwise.

  13. 13.

    The correlation coefficient can be quite small, if n is large enough.

  14. 14.

    Xiao Guo-Zhen and Massey, J.L.: A spectral characterization of correlation-immune combining functions, IEEE Trans. Info Th. 34, 1988, pp. 569–571.

  15. 15.

    We refer the interested reader to the paper by Xiao and Massey referenced in the previous footnote.

  16. 16.

    See Sect. 7.10

  17. 17.

    Sarkar, P. and Maitra, S.: Nonlinearity bounds and constructions of resilient Boolean functions; Proc. Crypto 2000, LNCS 1818, Springer-Verlag, 2000, 516–533.

  18. 18.

    These observations appear to be due to B. Preneel, W. van Leeckwijck, L. van Linden, R. Govaerts and J. Vandewalle: Propagation characteristics of Boolean functions, Proc. Eurocrypt ’90, LNCS 473, Springer-Verlag, 1990.

  19. 19.

    A linear Boolean function on n variables is one of the form i = 0 n−1 a i x i , with a i  ∈ { 0, 1} for all i. An affine Boolean function is of the form c + i = 0 n−1 a i x i , with c, a i  ∈ { 0, 1}.

  20. 20.

    Sadly, the words “nonlinear” and “nonlinearity” are overworked, and do not always mean the same things in the cryptological literature. Our notion of nonlinearity may be called functional nonlinearity, as opposed to algebraic nonlinearity, which refers to the degree of the function when expressed in its Algebraic Normal Form. Our definition here gives the only meaning we shall attach to “nonlinearity” as a noun, though when using the adjective we may be a bit more sloppy. So, please be warned.

  21. 21.

    Our source here is the paper by Filiol and Fontaine: Filiol, E. and Fontaine, C.: Highly nonlinear balanced functions with a good correlation-immunity, Proceedings Eurocrypt ’98, LNCS 1403, Springer-Verlag. The paper by Sarkar and Maitra, referenced in footnote 17 above, gives some similar bounds for functions which must also satisfy some given correlation immunity constraints. A paper by Fu, S., Sun, B., Li, C. and Qu, L., Construction of odd-variable resilient Boolean functions with optimal degree J. Info. Sc. and Eng. 27 (2011) pp. 1931–1942, presents further results considering odd numbers of variables, correlation immunity and the degrees.

  22. 22.

    Zheng and Zhang (Y. Zheng and X.-M. Zhang: On relationships among avalanche, nonlinearity and correlation immunity, Proc. Asiacrypt 2000, LNCS 1976, Springer-Verlag, 2000, pp. 470–482) make the observation, worth quoting, that “high nonlinearity generally has a positive impact on confusion, whereas a high degree of avalanche enhances the effect of diffusion”.

  23. 23.

    W. Meier and O. Staffelbach: Nonlinearity criteria for cryptographic functions, Proc. Eurocrypt ’88, LNCS 330, Springer-Verlag 1989.

  24. 24.

    Bent functions were discovered by Rothaus (O.S. Rothaus: On bent functions, J. Comb. Th. 26, 1976, pp. 300–305) in a combinatorial context.

  25. 25.

    In their paper referenced in footnote 22.

  26. 26.

    In the same paper, i.e. the one referenced in footnote 22.

  27. 27.

    The concept of a linear structure appears to be due to Evertse: Evertse J.-H.: Linear Structures in Block Ciphers, Proc. Eurocrypt ’87. As an example of such a structure, in vector-valued functions, he mentions the complementation property of the Data Encryption Standard. This is the property that if c = E K (m) is the DES encryption of plaintext m using key K, then \(\overline{c} = E_{\overline{K}}(\overline{m})\), where \(\overline{x}\) denotes the bitwise complement of x.

  28. 28.

    A proof of a more general result (dealing with functions on (GF(p))n rather than just (GF(2))n, may be found in Lai, X.: Additive and linear structures of cryptographic functions, Proc. Fast Software Encryption 1994, LNCS 1008, Springer-Verlag, 75–85.

  29. 29.

    Meier, W. and Staffelbach, O.: Non-linearity criteria for Boolean functions, Proc. Eurocrypt ’89, LNCS 434, 549–562.

  30. 30.

    Nyberg, K.: On the construction of highly nonlinear permutations, Proc. Eurocrypt ’92.

  31. 31.

    The most complete analysis of bent functions still appears to be that of Dillon, which first appeared in the in-house journal of the National Security Agency in 1972, (Dillon, J.F.: A Survey of Bent Functions, NSA Techn. J., 1972) and which has been updated periodically since then.

  32. 32.

    I should stop using this phrase: it makes me sound too much like an estate agent.

  33. 33.

    Maiorama, J.A.: A class of bent functions, R41 Technical Paper, 1970.

  34. 34.

    McFarland, R.L.: A family of difference sets in non-cyclic groups, J. Combinatorial Th., Series A 15, 1973.

  35. 35.

    Kocak, O., Kurt, O., Öztop, N. and Saygi, Z.: Notes on bent functions in polynomial form, Int. J. Info. Sec. Sc. 1 (2012), 43–48.

  36. 36.

    Seberry, J., Zhang, X.-M. and Zheng, Y.: Nonlinearly balanced Boolean functions and their propagation characteristics, Proc. Crypto ’93, Springer-Verlag.

  37. 37.

    Kurosawa, K. and Satoh, T.: Design of SAC/PC(l) of order k Boolean functions and three other cryptographic criteria, Proc. Eurocrypt ’97, Springer-Verlag.

  38. 38.

    Shamir, A., Patarin, J., Courtois, N. and Klimov, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations, Proc. Eurocrypt 2000, LNCS 1807, Springer-Verlag.

  39. 39.

    Courtois, N. and Meier, W.: Algebraic attacks on stream ciphers with linear feedback, Proc. Eurocrypt 2003, LNCS 2656, Springer-Verlag.

  40. 40.

    These definitions are taken from the paper by Dalai, D.K., Maitra, S. and Sarkar, S.: Basic theory in construction of Boolean functions with maximum annihilator immunity, Designs, Codes and Cryptogrpahy 40 (2006), pp. 41–58.

  41. 41.

    Dalai et al. use the term annihilator immunity for reasons explained in their paper.

  42. 42.

    Braeken, A. and Preneel, B.: On the algebraic immunity of symmetric Boolean functions, Proc. Indocrypt 2005, LNCS 3797, Springer-Verlag, pp. 35–48.

  43. 43.

    Op. cit.

  44. 44.

    Kam, J.B. and Davida, G.I: Structured design of substitution-permutation encryption networks, in IEEE Trans. Computers 28 (1979).

  45. 45.

    Section 5.6, to be precise.

Author information

Authors and Affiliations

  1. Tokai, Cape Town, South Africa

    Alko R. Meijer

Authors
  1. Alko R. Meijer
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Meijer, A.R. (2016). Boolean Functions. In: Algebra for Cryptologists. Springer Undergraduate Texts in Mathematics and Technology. Springer, Cham. https://doi.org/10.1007/978-3-319-30396-3_8

Download citation

Publish with us

Policies and ethics

Search

Navigation