A Boolean function takes the form , where is known as the
Boolean domain and is a non-negative integer called the
arity of the function. In the case where , the function is a constant element of . A Boolean function with multiple outputs, with is a vectorial or vector-valued Boolean function (an
S-box in symmetric
cryptography).[6]
There are different Boolean functions with arguments; equal to the number of different
truth tables with entries.
Every -ary Boolean function can be expressed as a
propositional formula in variables , and two propositional formulas are
logically equivalent if and only if they express the same Boolean function.
A Boolean function can have a variety of properties:[7]
Constant: Is always true or always false regardless of its arguments.
Monotone: for every combination of argument values, changing an argument from false to true can only cause the output to switch from false to true and not from true to false. A function is said to be
unate in a certain variable if it is monotone with respect to changes in that variable.
Linear: for each variable, flipping the value of the variable either always makes a difference in the truth value or never makes a difference (a
parity function).
Symmetric: the value does not depend on the order of its arguments.
Balanced: if its
truth table contains an equal number of zeros and ones. The
Hamming weight of the function is the number of ones in the truth table.
Bent: its derivatives are all balanced (the autocorrelation spectrum is zero)
Correlation immune to mth order: if the output is uncorrelated with all (linear) combinations of at most m arguments
Evasive: if evaluation of the function always requires the value of all arguments
A Boolean function is a Sheffer function if it can be used to create (by composition) any arbitrary Boolean function (see
functional completeness)
The algebraic degree of a function is the order of the highest order monomial in its
algebraic normal form
Circuit complexity attempts to classify Boolean functions with respect to the size or depth of circuits that can compute them.
Derived functions
A Boolean function may be decomposed using
Boole's expansion theorem in positive and negative Shannoncofactors (
Shannon expansion), which are the (k-1)-ary functions resulting from fixing one of the arguments (to zero or one). The general (k-ary) functions obtained by imposing a linear constraint on a set of inputs (a linear subspace) are known as subfunctions.[8]
The Boolean derivative of the function to one of the arguments is a (k-1)-ary function that is true when the output of the function is sensitive to the chosen input variable; it is the XOR of the two corresponding cofactors. A derivative and a cofactor are used in a
Reed–Muller expansion. The concept can be generalized as a k-ary derivative in the direction dx, obtained as the difference (XOR) of the function at x and x + dx.[8]
The Möbius transform (or Boole-Möbius transform) of a Boolean function is the set of coefficients of its
polynomial (
algebraic normal form), as a function of the monomial exponent vectors. It is a
self-inverse transform. It can be calculated efficiently using a
butterfly algorithm ("Fast Möbius Transform"), analogous to the
Fast Fourier Transform.[9]Coincident Boolean functions are equal to their Möbius transform, i.e. their truth table (minterm) values equal their algebraic (monomial) coefficients.[10] There are 2^2^(k−1) coincident functions of k arguments.[11]
Cryptographic analysis
The Walsh transform of a Boolean function is a k-ary integer-valued function giving the coefficients of a decomposition into
linear functions (
Walsh functions), analogous to the decomposition of real-valued functions into
harmonics by the
Fourier transform. Its square is the power spectrum or Walsh spectrum. The Walsh coefficient of a single bit vector is a measure for the correlation of that bit with the output of the Boolean function. The maximum (in absolute value) Walsh coefficient is known as the linearity of the function.[8] The highest number of bits (order) for which all Walsh coefficients are 0 (i.e. the subfunctions are balanced) is known as resiliency, and the function is said to be
correlation immune to that order.[8] The Walsh coefficients play a key role in
linear cryptanalysis.
The autocorrelation of a Boolean function is a k-ary integer-valued function giving the correlation between a certain set of changes in the inputs and the function output. For a given bit vector it is related to the Hamming weight of the derivative in that direction. The maximal autocorrelation coefficient (in absolute value) is known as the absolute indicator.[7][8] If all autocorrelation coefficients are 0 (i.e. the derivatives are balanced) for a certain number of bits then the function is said to satisfy the propagation criterion to that order; if they are all zero then the function is a
bent function.[12] The autocorrelation coefficients play a key role in
differential cryptanalysis.
The Walsh coefficients of a Boolean function and its autocorrelation coefficients are related by the equivalent of the
Wiener–Khinchin theorem, which states that the autocorrelation and the power spectrum are a Walsh transform pair.[8]
Linear approximation table
These concepts can be extended naturally to vectorial Boolean functions by considering their output bits (coordinates) individually, or more thoroughly, by looking at the set of all linear functions of output bits, known as its components.[6] The set of Walsh transforms of the components is known as a Linear Approximation Table (LAT)[13][14] or correlation matrix;[15][16] it describes the correlation between different linear combinations of input and output bits. The set of autocorrelation coefficients of the components is the autocorrelation table,[14] related by a Walsh transform of the components[17] to the more widely used Difference Distribution Table (DDT)[13][14] which lists the correlations between differences in input and output bits (see also:
S-box).
For example, the extension of the binary XOR function is
which equals
Some other examples are negation (), AND () and OR (). When all operands are independent (share no variables) a function's polynomial form can be found by repeatedly applying the polynomials of the operators in a Boolean formula. When the coefficients are calculated
modulo 2 one obtains the
algebraic normal form (
Zhegalkin polynomial).
Direct expressions for the coefficients of the polynomial can be derived by taking an appropriate derivative:
In both cases, the sum is taken over all bit-vectors a covered by m, i.e. the "one" bits of a form a subset of the one bits of m.
When the domain is restricted to the n-dimensional
hypercube, the polynomial gives the probability of a positive outcome when the Boolean function f is applied to n independent random (
Bernoulli) variables, with individual probabilities x. A special case of this fact is the
piling-up lemma for
parity functions. The polynomial form of a Boolean function can also be used as its natural extension to
fuzzy logic.
On the symmetric hypercube
Often, the Boolean domain is taken as , with false ("0") mapping to 1 and true ("1") to -1 (see
Analysis of Boolean functions). The polynomial corresponding to is then given by:
Using the symmetric Boolean domain simplifies certain aspects of the
analysis, since negation corresponds to multiplying by -1 and
linear functions are
monomials (XOR is multiplication). This polynomial form thus corresponds to the Walsh transform (in this context also known as Fourier transform) of the function (see above). The polynomial also has the same statistical interpretation as the one in the standard Boolean domain, except that it now deals with the expected values (see
piling-up lemma for an example).
Applications
Boolean functions play a basic role in questions of
complexity theory as well as the design of processors for
digital computers, where they are implemented in electronic circuits using
logic gates.
In
cooperative game theory, monotone Boolean functions are called simple games (voting games); this notion is applied to solve problems in
social choice theory.
^McCluskey, Edward J. (2003-01-01),
"Switching theory", Encyclopedia of Computer Science, GBR: John Wiley and Sons Ltd., pp. 1727–1731,
ISBN978-0-470-86412-8, retrieved 2021-05-03
^
abcdefTarannikov, Yuriy; Korolev, Peter; Botev, Anton (2001). "Autocorrelation Coefficients and Correlation Immunity of Boolean Functions". In Boyd, Colin (ed.). Advances in Cryptology — ASIACRYPT 2001. Lecture Notes in Computer Science. Vol. 2248. Berlin, Heidelberg: Springer. pp. 460–479.
doi:10.1007/3-540-45682-1_27.
ISBN978-3-540-45682-7.