Balanced Boolean function

Last updated December 08, 2024

In mathematics and computer science, a balanced Boolean function is a Boolean function whose output yields as many 0s as 1s over its input set. This means that for a uniformly random input string of bits, the probability of getting a 1 is 1/2.^[1]

Examples

Examples of balanced Boolean functions are the majority function,^[1] the "dictatorship function" that copies the first bit of its input to the output,^[1] and the parity check function that produces the exclusive or of the input bits.^[2]

If $f$ is a bent function on $n$ bits, and $\alpha$ is any nonzero vector of $n$ bits, then the function that maps $x$ to $f(x)\oplus f(x\oplus \alpha )$ is balanced. The bent functions are exactly the functions for which this is true, for all nonzero choices of $\alpha$ .^[3]

The dictatorship function can be evaluated after examining only a single bit of the input, but that bit must always be examined. Benjamini, Schramm, and Wilson describe a more complex example based on percolation theory with the property that a randomized Las Vegas algorithm can compute the function exactly while ensuring that the probability of reading any particular input bit is small, roughly inversely proportional to the square root of the number of bits.^[1]

Application

Balanced Boolean functions are used in cryptography, where being balanced is one of "the most important criteria for cryptographically strong Boolean functions".^[3] If a function is not balanced, it will have a statistical bias, making it subject to cryptanalysis such as the correlation attack.

Related Research Articles

In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Shannon's property of confusion. Mathematically, an S-box is a nonlinear vectorial Boolean function.

In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel, who did pioneering research while working for IBM; it is also commonly known as a Feistel network. A large number of block ciphers use the scheme, including the US Data Encryption Standard, the Soviet/Russian GOST and the more recent Blowfish and Twofish ciphers. In a Feistel cipher, encryption and decryption are very similar operations, and both consist of iteratively running a function called a "round function" a fixed number of times.

In computer science, a one-way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. Here, "easy" and "hard" are to be understood in the sense of computational complexity theory, specifically the theory of polynomial time problems. This has nothing to do with whether the function is one-to-one; finding any one input with the desired image is considered a successful inversion.

The Deutsch–Jozsa algorithm is a deterministic quantum algorithm proposed by David Deutsch and Richard Jozsa in 1992 with improvements by Richard Cleve, Artur Ekert, Chiara Macchiavello, and Michele Mosca in 1998. Although of little practical use, it is one of the first examples of a quantum algorithm that is exponentially faster than any possible deterministic classical algorithm.

In cryptanalysis, the piling-up lemma is a principle used in linear cryptanalysis to construct linear approximations to the action of block ciphers. It was introduced by Mitsuru Matsui (1993) as an analytical tool for linear cryptanalysis. The lemma states that the bias of a linear Boolean function (XOR-clause) of independent binary random variables is related to the product of the input biases:

<span class="mw-page-title-main">Boolean function</span> Function returning one of only two values

In mathematics, a Boolean function is a function whose arguments and result assume values from a two-element set. Alternative names are switching function, used especially in older computer science literature, and truth function, used in logic. Boolean functions are the subject of Boolean algebra and switching theory.

In computational complexity theory, P/poly is a complexity class representing problems that can be solved by small circuits. More precisely, it is the set of formal languages that have polynomial-size circuit families. It can also be defined equivalently in terms of Turing machines with advice, extra information supplied to the Turing machine along with its input, that may depend on the input length but not on the input itself. In this formulation, P/poly is the class of decision problems that can be solved by a polynomial-time Turing machine with advice strings of length polynomial in the input size. These two different definitions make P/poly central to circuit complexity and non-uniform complexity.

In cryptography, a verifiable random function (VRF) is a public-key pseudorandom function that provides proofs that its outputs were calculated correctly. The owner of the secret key can compute the function value as well as an associated proof for any input value. Everyone else, using the proof and the associated public key, can check that this value was indeed calculated correctly, yet this information cannot be used to find the secret key.

In cryptography, higher-order differential cryptanalysis is a generalization of differential cryptanalysis, an attack used against block ciphers. While in standard differential cryptanalysis the difference between only two texts is used, higher-order differential cryptanalysis studies the propagation of a set of differences between a larger set of texts. Xuejia Lai, in 1994, laid the groundwork by showing that differentials are a special case of the more general case of higher order derivates. Lars Knudsen, in the same year, was able to show how the concept of higher order derivatives can be used to mount attacks on block ciphers. These attacks can be superior to standard differential cryptanalysis. Higher-order differential cryptanalysis has notably been used to break the KN-Cipher, a cipher which had previously been proved to be immune against standard differential cryptanalysis.

Neural cryptography is a branch of cryptography dedicated to analyzing the application of stochastic algorithms, especially artificial neural network algorithms, for use in encryption and cryptanalysis.

In cryptography, learning with errors (LWE) is a mathematical problem that is widely used to create secure encryption algorithms. It is based on the idea of representing secret information as a set of equations with errors. In other words, LWE is a way to hide the value of a secret by introducing noise to it. In more technical terms, it refers to the computational problem of inferring a linear $-ary function over a finite ring from given samples some of which may be erroneous. The LWE problem is conjectured to be hard to solve, and thus to be useful in cryptography.$

In the mathematical field of combinatorics, a bent function is a Boolean function that is maximally non-linear; it is as different as possible from the set of all linear and affine functions when measured by Hamming distance between truth tables. Concretely, this means the maximum correlation between the output of the function and a linear function is minimal. In addition, the derivatives of a bent function are balanced Boolean functions, so for any change in the input variables there is a 50 percent chance that the output value will change.

SMASH is a cryptographic hash function which was created by Lars R. Knudsen. SMASH comes in two versions: 256-bit and 512-bit. Each version was supposed to rival SHA-256 and SHA-512, respectively, however, shortly after the SMASH presentation at FSE 2005, an attack vector against SMASH was discovered which left the hash broken.

In computational complexity theory, the complexity class PPP is a subclass of TFNP. It is the class of search problems that can be shown to be total by an application of the pigeonhole principle. Christos Papadimitriou introduced it in the same paper that introduced PPAD and PPA. PPP contains both PPAD and PWPP as subclasses. These complexity classes are of particular interest in cryptography because they are strongly related to cryptographic primitives such as one-way permutations and collision-resistant hash functions.

In theoretical computer science, the term isolation lemma refers to randomized algorithms that reduce the number of solutions to a problem to one, should a solution exist. This is achieved by constructing random constraints such that, with non-negligible probability, exactly one solution satisfies these additional constraints if the solution space is not empty. Isolation lemmas have important applications in computer science, such as the Valiant–Vazirani theorem and Toda's theorem in computational complexity theory.

In cryptography, a public key exchange algorithm is a cryptographic algorithm which allows two parties to create and share a secret key, which they can use to encrypt messages between themselves. The ring learning with errors key exchange (RLWE-KEX) is one of a new class of public key exchange algorithms that are designed to be secure against an adversary that possesses a quantum computer. This is important because some public key algorithms in use today will be easily broken by a quantum computer if such computers are implemented. RLWE-KEX is one of a set of post-quantum cryptographic algorithms which are based on the difficulty of solving certain mathematical problems involving lattices. Unlike older lattice based cryptographic algorithms, the RLWE-KEX is provably reducible to a known hard problem in lattices.

An Oblivious RAM (ORAM) simulator is a compiler that transforms an algorithm in such a way that the resulting algorithm preserves the input-output behavior of the original algorithm but the distribution of the memory access patterns of the transformed algorithm is independent of the memory access pattern of the original algorithm.

Garbled circuit is a cryptographic protocol that enables two-party secure computation in which two mistrusting parties can jointly evaluate a function over their private inputs without the presence of a trusted third party. In the garbled circuit protocol, the function has to be described as a Boolean circuit.

In cryptography, black-box obfuscation was a proposed cryptographic primitive which would allow a computer program to be obfuscated in a way such that it was impossible to determine anything about it except its input and output behavior. Black-box obfuscation has been proven to be impossible, even in principle.

In cryptography, the branch number is a numerical value that characterizes the amount of diffusion introduced by a vectorial Boolean function $F$ that maps an input vector $a$ to output vector $. For the (usual) case of a linear F the value of the differential branch number is produced by:$

applying nonzero values of $a$ to the input of $F$ ;
calculating for each input value $a$ the Hamming weight $, and adding weights and together;$
selecting the smallest combined weight across for all nonzero input values: $.$

References

1 2 3 4 Benjamini, Itai; Schramm, Oded; Wilson, David Bruce (2005), "Balanced boolean functions that can be evaluated so that every input bit is unlikely to be read", in Gabow, Harold N.; Fagin, Ronald (eds.), Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22–24, 2005, Association for Computing Machinery, pp. 244–250, arXiv: math.PR/0410282 , doi:10.1145/1060590.1060627, ISBN 1-58113-960-8
↑ Chakrabarty, K.; Hayes, J.P. (1998), "Balanced Boolean functions", IEE Proceedings – Computers and Digital Techniques, 145 (1): 52, doi:10.1049/ip-cdt:19981769 (inactive 7 December 2024){{citation}}: CS1 maint: DOI inactive as of December 2024 (link)
1 2 Seberry, Jennifer; Zhang, Xian-Mo; Zheng, Yuliang (1993), "Nonlinearly balanced Boolean functions and their propagation characteristics", in Stinson, Douglas R. (ed.), Advances in Cryptology – CRYPTO '93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22–26, 1993, Proceedings, Lecture Notes in Computer Science, vol. 773, Springer, pp. 49–60, doi:10.1007/3-540-48329-2_5, ISBN 978-3-540-57766-9

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[bsw-1] 1 2 3 4 Benjamini, Itai; Schramm, Oded; Wilson, David Bruce (2005), "Balanced boolean functions that can be evaluated so that every input bit is unlikely to be read", in Gabow, Harold N.; Fagin, Ronald (eds.), Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22–24, 2005, Association for Computing Machinery, pp. 244–250, arXiv: math.PR/0410282 , doi:10.1145/1060590.1060627, ISBN 1-58113-960-8

[ch-2] Chakrabarty, K.; Hayes, J.P. (1998), "Balanced Boolean functions", IEE Proceedings – Computers and Digital Techniques, 145 (1): 52, doi:10.1049/ip-cdt:19981769 (inactive 7 December 2024){{citation}}: CS1 maint: DOI inactive as of December 2024 (link)

[szz-3] 1 2 Seberry, Jennifer; Zhang, Xian-Mo; Zheng, Yuliang (1993), "Nonlinearly balanced Boolean functions and their propagation characteristics", in Stinson, Douglas R. (ed.), Advances in Cryptology – CRYPTO '93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22–26, 1993, Proceedings, Lecture Notes in Computer Science, vol. 773, Springer, pp. 49–60, doi:10.1007/3-540-48329-2_5, ISBN 978-3-540-57766-9

[1]

[2]

[3]

Balanced Boolean function

Contents

Examples

Application

Related Research Articles

References