New Characterizations for the Multi-output Correlation-Immune Boolean Functions
Jinjin Chai, Zilong Wang, Sihem Mesnager, Guang Gong

TL;DR
This paper introduces three novel methods to characterize multi-output correlation-immune Boolean functions, improving computational efficiency and aiding in the design of functions resistant to side-channel attacks.
Contribution
The paper proposes three new characterization techniques for t-th order correlation-immune multi-output Boolean functions, including a generalized Boolean function approach and Fourier spectral methods, reducing computational complexity.
Findings
Walsh transform characterization reduces complexity from $(2^m-1)\sum_{j=1}^t \binom{n}{j}$ to $m\sum_{j=1}^t \binom{n}{j}$.
Fourier spectral methods are more efficient for symmetric multi-output CI functions.
New characterizations support the design of functions for side-channel attack resistance.
Abstract
Correlation-immune (CI) multi-output Boolean functions have the property of keeping the same output distribution when some input variables are fixed. Recently, a new application of CI functions has appeared in the system of resisting side-channel attacks (SCA). In this paper, three new methods are proposed to characterize the th-order CI multi-output Boolean functions (-input and -output). The first characterization is to regard the multi-output Boolean functions as the corresponding generalized Boolean functions. It is shown that a generalized Boolean functions is a th-order CI function if and only if the Walsh transform of defined here vanishes at all points with Hamming weights between and . Compared to the previous Walsh transforms of component functions, our first method can reduce the computational complexity from …
| 0 | 0 | 0 | 00 | 0 |
| 0 | 0 | 1 | 00 | 0 |
| 0 | 1 | 0 | 01 | 1 |
| 0 | 1 | 1 | 11 | 3 |
| 1 | 0 | 0 | 01 | 1 |
| 1 | 0 | 1 | 01 | 1 |
| 1 | 1 | 0 | 00 | 0 |
| 1 | 1 | 1 | 10 | 2 |
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCoding theory and cryptography · Cryptographic Implementations and Security · graph theory and CDMA systems
∎
11institutetext: Jinjin Chai and Zilong Wang22institutetext: State Key Laboratory of Integrated Service Networks
School of Cyber Engineering, Xidian University
22email: [email protected], [email protected] 33institutetext: Sihem Mesnager 44institutetext: Department of Mathematics
University of Paris VIII, University of Paris XIII
44email: [email protected] 55institutetext: Guang Gong 66institutetext: Department of Electrical and Computer Engineering
University of Waterloo
66email: [email protected]
New Characterizations for the Multi-output Correlation-Immune Boolean Functions ††thanks: This research is supported in part by NSFC (No. 61671013, 61672410, 61602361), NSF of Shaanxi Province (No. 2018JM6076), and the Programme of Introducing Talents of Discipline to Universities (China 111 Project, No. B16037)
Jinjin Chai
Zilong Wang
Sihem Mesnager
Guang Gong
(Received: date / Accepted: date)
Abstract
Correlation-immune (CI) multi-output Boolean functions have the property of keeping the same output distribution when some input variables are fixed. Recently, a new application of CI functions has appeared in the system of resisting side-channel attacks (SCA). In this paper, three new methods are proposed to characterize the th-order CI multi-output Boolean functions (-input and -output). The first characterization is to regard the multi-output Boolean functions as the corresponding generalized Boolean functions. It is shown that a generalized Boolean functions is a th-order CI function if and only if the Walsh transform of defined here vanishes at all points with Hamming weights between and . Compared to the previous Walsh transforms of component functions, our first method can reduce the computational complexity from to . The last two methods are generalized from Fourier spectral characterizations. Especially, Fourier spectral characterizations are more efficient to characterize the symmetric multi-output CI Boolean functions.
Keywords:
Side-channel attacksMulti-output Boolean functionGeneralized Boolean functionCorrelation immunityWalsh transformDiscrete Fourier transform
MSC:
42A38 94A60 06E30
††journal: Designs, Codes and Cryptography
1 Introduction
The correlation-immune (CI) functions were originally used to resist Siegenthaler’s correlation attack siegenthaler1985 (or ‘divide and conquer attack ’ Siegenthaler1984 ) in stream ciphers in the last century. The correlation immunity of functions gradually loses its interest with the development of new attacks. But, recently, in paper carlet2014Correlation-immune ; Carlet2018Constructing , a new application of CI functions has appeared in the system of resisting side-channel attacks (SCA), which has renewed interest. These attacks on the implementations of block ciphers in embedded systems like smart cards, FPGA or ASIC assume an attacker model different from classical attacks, and are extremely powerful in practice. These implementations then need to include counter-measures, which reduces the efficiency of the cryptosystem and adds additional storage. The CI functions allow cost reduction of counter-measures to SCA. Moreover, these functions need to have low Hamming weights.
We focus on the characterization of CI functions. A characterization of CI Boolean functions was obtained by Xiao and Massey Xiao1988A in terms of the Walsh transform in 1988. That is, a Boolean function is th-order CI if and only if its Walsh transform vanishes for all points with Hamming weights between and . In 1959 Golomb Golomb1959On introduced the concept of the invariants of Boolean functions in order to classify Boolean functions. This work was collected in his book Shift Register Sequences Golomb1967Shift , Chapter VIII. Golomb did not mention the original applications for cryptography of his work on invariants until his paper Golomb1999On published in 1999. In fact, his work is the same concept with the Walsh spectral characterization of CI Boolean functions. It has been proposed in CarletBoolean to call this the Golomb-Xiao-Massey characterization. The Golomb-Xiao-Massey characterization of multi-output correlation immune functions comes directly from the one of correlation immune Boolean functions. That is, a multi-output Boolean function is th-order CI if and only if all its nonzero linear combinations of the component functions are th-order CI. In addition to Golomb-Xiao-Massey characterization, other methods to characterize CI functions, such as matrices Gopalakrishnan1995 ; camion1999correlation , orthogonal arrays Camion1991On ; Bierbrauer96 , and the Fourier spectra WangDiscrete2018 ; wang2019TheFourier were also proposed.
Since there is a natural one-to-one correspondence between vectors in and integers in , we can represent a multi-output Boolean function as a corresponding generalized Boolean function. Schmidt Schmidt2006Quaternary gave the -adic expansion for a generalized Boolean function (this expansion is unique), and used it to study generalized bent functions that are applied in MC-CDMA. Similarly, we use this representation to get new characterizations for multi-output CI Boolean functions. Our first characterization shows that a multi-output Boolean function is a th-order CI Boolean function if and only if the Walsh transform of the corresponding generalized Boolean function defined in this paper vanishes at all points with Hamming weights between and . Compared to the previous Walsh spectral characterization method, this method reduces the complexity of calculations from to to determine whether a function is th-order CI. Wang and Gong WangDiscrete2018 investigated discrete Fourier transform of (single-output) Boolean functions and deduced an equivalent condition for th-order CI Boolean functions. Fourier spectral characterizations are generalized here to characterize the th-order multi-output CI Boolean functions. And these Fourier spectral characterizations are much more efficient to characterize the symmetric multi-output CI Boolean functions.
The rest of the paper is organized as follows. In Section 2, we introduce three representations of multi-output Boolean functions, the definitions of the correlation immunity, as well as the Walsh transform of the multi-output Boolean functions. In Section 3, we present three new characterizations for multi-output CI Boolean functions. The first characterization is in terms of the Walsh transform and the last two characterizations are in terms of the Fourier transforms over the complex field. Section 4 concludes the paper.
2 Preliminaries
The following notations will be used throughout the paper.
and are positive integers.
is a finite field with elements. is a residue class ring of integers modulo .
.
For , denotes the Hamming weight of , i.e., the number of nonzero terms in .
For , is a primitive root of unity over the complex field.
denotes the number of elements in the set .
is a symmetric group consisting of permutations of the set . is a permutation of symbols .
2.1 The Representations of Multi-output Boolean Functions
Here we give three representations of a multi-output Boolean function: representations as component functions, as a trace function, and as a generalized Boolean function. We shall introduce them respectively in this section.
A Boolean function is a function : with variable , where is the finite field with two elements, and is -dimension vector space over . It can be represented by its algebraic normal form (ANF):
[TABLE]
where is the binary expansion of .
A -input and -output multi-output Boolean function can be represented as a function from to . Every component function , , is a Boolean function. Obviously, is a (single-output) Boolean function when . Multi-output Boolean functions are also called vectorial Boolean functions. We will refer to a multi-output Boolean function as an -function for simplicity.
A multi-output Boolean function can be represented as a trace function from to when is a divisor of . The vector space can be endowed with the structure of the field . Then any multi-output Boolean function can be viewed as a function from to ( is a sub-field of ). A multi-output Boolean function can be represented in the form
[TABLE]
where is the trace function from to .
A generalized Boolean function is a function from to . Such a function can be uniquely expressed as a linear combination of the monomials
[TABLE]
where the coefficient of each monomial belongs to . Since there is a natural one-to-one correspondence between the vectors in and the elements in , we can represent a multi-output Boolean function as its corresponding generalized Boolean function, i.e.,
[TABLE]
Such representation was used to study generalized bent functions by Schmidt Schmidt2006Quaternary .
Note that in formula (1), each is a Boolean function which is calculated modulo , while the summation is calculated modulo . So the algebraic normal form of the general generalized Boolean function cannot be directly obtained from the weighted sum of the algebraic normal of the component Boolean function . For example, let be a multi-output Boolean function where
[TABLE]
It is clear . However, from the truth table of the function , we have
[TABLE]
For more information about correlation-immune Boolean and vectorial functions, we invite the readers to consult the excellent chapters provided by Carlet Carlet2010Boolean ; Carlet2010vectorial .
2.2 Correlation Immunity
The multi-output CI Boolean functions are defined initially from the perspective of probability theory, which is similar to the definition of CI of single-output Boolean functions.
Definition 1
Let be an integer such that . An -function is called th-order CI if its output distribution does not change when at most coordinates of are kept constant. In other words,
[TABLE]
for every -subset , , and .
We will refer to a th-order CI -function as -CI function for simplicity. The Walsh transform of an -function is the function which maps any ordered pair to the value at of the Walsh transform of the component function , that is,
[TABLE]
Fact 1
An -function is an -CI function if and only if for , , where denotes the Hamming weight of .
If we consider an -function by a generalized Boolean Function, then equation (2) shall be rewritten as
[TABLE]
for every -subset , , and .
3 New Characterizations
In this section, we present three new characterizations for multi-output CI Boolean functions. Our first two characterizations shall consider the multi-output Boolean functions as generalized Boolean functions. The last characterization considers the multi-output Boolean functions from the perspective of component functions.
3.1 The First Characterization
We give a new method to characterize a multi-output CI Boolean function in terms of its corresponding generalized Boolean function’s Walsh transform.
Theorem 3.1
Let be a generalized Boolean function. Then is an -CI function if and only if
[TABLE]
for and , where is a primitive root of unity in the complex field.
We introduce the ‘linear combination lemma’ Xiao1988A ; Brynielsson1989A before proving theorem 3.1.
Fact 2
Xiao1988A * The discrete random variable is independent of the independent binary random variables if and only if is independent of the sum for every choice of .*
Now, we shall prove Theorem 3.1 by using Fact 2.
Proof
The equation (5) can be divided into two parts. One is for , and the other is for , i.e.,
[TABLE]
We denote that
[TABLE]
and
[TABLE]
where . Hence, equation (6) is equivalent to
[TABLE]
For any integer , let be the th cyclotomic polynomial mceliece1987finite , which is a monic polynomial of degree (Euler function). It is known that
[TABLE]
where gcd denotes the great common divisor and . We have
[TABLE]
For , is a monic polynomial with integer coefficients that is the minimal polynomial over the rational field of any primitive th root of unity. Since is a primitive root of unity in the complex field, and is irreducible in the integer ring, then every divide . In addition, are pairwise coprime for . Let denote the product of for , i.e.,
[TABLE]
Note that must be a multiple of , and , we obtain that
[TABLE]
Since
[TABLE]
we obtain that
[TABLE]
Thus, is independent of for . Then we get is independent of according to Fact 2. In other words,
[TABLE]
which is exactly the definition of the -CI function. ∎
Compared to the previous Walsh spectral characterization (Fact 1), this characterization reduces the computational complexity from to .
3.2 The Second Characterization
The second characterization is in terms of Fourier spectra of sequences described by the corresponding generalized Boolean functions. We first introduce the concept of the discrete Fourier transform (DFT) over the complex field of the sequences. Note that DFT over the complex field introduced here is the traditional DFT, which is different from the DFT over the finite field Golomb2005Signal .
We describe a sequence of length corresponding to a generalized Boolean function by listing the values taken by as which ranges over all its values in lexicographic order. In other words, sequence is defined by
[TABLE]
where and is the binary representation of the integer for , i.e., . For example, for and we have and respectively.
Let be a primitive root of unity over the complex field for . The polynomials associated with sequences (every sequence defined by the generalized Boolean function ) are given by
[TABLE]
Definition 2
Let be a th primitive root of unity over the complex field. The *discrete Fourier transform * (DFT) of sequences (every sequence defined by the generalized Boolean function ) over the complex field are defined by
[TABLE]
where , is a primitive root of unity over the complex field.
It is obvious that the equation (8) is the DFT of a sequence defined by a Boolean function when . Let be a function obtained by permuting the variables in , and be the polynomial associated with the function . Then the Fourier spectral characterization is given below.
Theorem 3.2
Let be a generalized Boolean function. Then is an -CI function if and only if
[TABLE]
for and .
Proof
Recall the polynomials in equation (7) and the definition of DFT in Definition 2, we have
[TABLE]
Since the minimal polynomial of over the rational field is , we obtain that is equivalent to the fact that . We first consider permutation to be identity. Since
[TABLE]
we have
[TABLE]
From the definition of the cyclotomic polynomial, we know , so
[TABLE]
Then we have
[TABLE]
Then the summation in (9) can be divided into two parts, where the first part is for and the second part is for . Hence , , is equivalent to
[TABLE]
Combining like terms about , the above condition is equivalent to
[TABLE]
so the coefficients of are
[TABLE]
Now, we denote that
[TABLE]
and
[TABLE]
where . Thus, equation (10) is equivalent to
[TABLE]
Since is a primitive root of unity in the complex field, and is irreducible in the integer ring, then every divide . In addition, are pairwise coprime for . Let denote the product of all , ,
[TABLE]
Note that must be a multiple of , and , we obtain that
[TABLE]
Since
[TABLE]
we obtain that . In other words,
[TABLE]
for and , i.e.,
[TABLE]
For , let denote a transposition. Such a permutation exchange the place of two elements and , leaving the others fixed. for any is equivalent to the fact that does not depend on the values of , i.e,
[TABLE]
Then considering any permutation , we obtain
[TABLE]
which is exactly the definition of the -CI function. ∎
Definition 3
A generalized Boolean function is called a symmetric function if permuting its variables leads to itself.
For symmetric function , since for any permutation , the second characterization for the symmetric functions is much simpler. Only points of Fourier spectra should be calculated.
Corollary 1
Let be a symmetric generalized Boolean function. Then is an -CI function if and only if
[TABLE]
for .
3.3 The Third Characterization
The Fourier spectral characterization in section 3.2 is to regard the multi-output Boolean function as a generalized Boolean function. In this section, we give another Fourier spectral characterization for multi-output CI Boolean functions by the Fourier transform of component functions.
In paper WangDiscrete2018 , Wang and Gong investigated the Fourier spectral characterizations of CI Boolean functions. Theorem 4 in WangDiscrete2018 showed that a Boolean function is th-order CI if and only if its Fourier spectrum vanishes at a special point for any permutation .
Fact 3
WangDiscrete2018 * A Boolean function is an -CI function if and only if for .*
It is known from Walsh spectral characterization (Fact 1) that a multi-output Boolean function is th-order CI if and only if all its nonzero linear combinations of the component functions of are th-order CI. Then another Fourier spectral characterization is given below.
Theorem 3.3
Let be a multi-output Boolean function from to . Then is an -CI function if and only if
[TABLE]
for .
Corollary 2
Let be a symmetric multi-output Boolean function from to . Then is an -CI function if and only if
[TABLE]
4 Conclusions
In this paper, we have studied three new characterizations for multi-output CI Boolean functions. The first characterization was given in terms of the Walsh transforms of corresponding generalized Boolean functions. The last two characterizations were obtained in terms of the Fourier transforms over the complex field.
A generalized Boolean function is an -CI function if and only if
[TABLE]
for and , where is a primitive root of unity in the complex field. This characterization reduces the computational complexity compared to the previous Walsh spectral characterization. 2. 2.
A generalized Boolean function is an -CI function if and only if
[TABLE]
for and . Moreover, a symmetric generalized Boolean function is an -CI function if and only if
[TABLE]
for . 3. 3.
A multi-output Boolean function is an -CI function if and only if
[TABLE]
for . A symmetric -function is an -CI function if and only if
[TABLE]
The Golomb-Xiao-Massey characterization Golomb1959On ; Golomb1967Shift ; Xiao1988A ; Golomb1999On and the Fourier spectral characterization WangDiscrete2018 of (single-output) Boolean functions can be regarded as a special case of the results in this paper when .
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1(1) Bierbrauer, J., Gopalakrishnan, K., Stinson, D.R.: Orthogonal arrays, resilient functions, error-correcting codes, and linear programming bounds. SIAM Journal on Discrete Mathematics 9 (3), 424–452 (1996)
- 2(2) Brynielsson, L.: A short proof of the xiao-massey lemma. IEEE Trans. Inf. Theory 35 (6), 1344 (1989)
- 3(3) Camion, P., Canteaut, A.: Correlation-immune and resilient functions over a finite alphabet and their applications in cryptography. Des. Codes Cryptogr. 16 (2), 121–149 (1999)
- 4(4) Camion, P., Carlet, C., Charpin, P., Sendrier, N.: On correlation-immune functions. In: Advances in Cryptology: Crypto’91 Proceedings (Lecture Notes in Computer Science), vol. 576, pp. 86–100 (1991)
- 5(5) Carlet, C.: Boolean Functions for Cryptography and Coding Theory. To appear in Cambridge University Press
- 6(6) Carlet, C.: Boolean functions for cryptography and error correcting codes. In: Chapter of the monography Boolean models and methods in mathematics, computer science, and engineering , Y. Crama and P. Hammer (eds.), pp. 257–397 (2010)
- 7(7) Carlet, C.: Vectorial boolean functions for cryptography. In: Chapter of the monography Boolean models and methods in mathematics, computer science, and engineering , Y. Crama and P. Hammer (eds.), pp. 398–469. Cambridge University Press Cambridge (2010)
- 8(8) Carlet, C., Chen, X.: Constructing low-weight dth-order correlation-immune boolean functions through the fourier-hadamard transform. IEEE Trans. Inf. Theory 64 (4), 2969–2978 (2018)
