Counting rotation symmetric functions using ... - Semantic Scholar
Discrete Applied Mathematics 169 (2014) 162–167
Contents lists available at ScienceDirect
Discrete Applied Mathematics journal homepage: www.elsevier.com/locate/dam
Counting rotation symmetric functions using Polya’s theorem Lakshmy K.V. a , M. Sethumadhavan a,∗ , Thomas W. Cusick b a
TIFAC CORE in Cyber Security, Amrita Vishwa Vidyapeetham, Coimbatore, India
b
Department of Mathematics, University at Buffalo, Buffalo, NY, USA
article
info
Article history: Received 20 April 2013 Received in revised form 7 October 2013 Accepted 22 December 2013 Available online 10 January 2014 Keywords: Rotation symmetric Boolean functions Balanced functions Homogeneous functions Polya’s enumeration theorem
abstract Homogeneous rotation symmetric (invariant under cyclic permutation of the variables) Boolean functions have been extensively studied in recent years due to their applications in cryptography. In this paper we give an explicit formula for the number of homogeneous rotation symmetric functions over the finite field GF (pm ) using Polya’s enumeration theorem, which completely solves the open problem proposed by Yuan Li in 2008. This result simplifies the proof and the nonexplicit counting formula given by Shaojing Fu et al. over the field GF (p). This paper also gives an explicit count for n-variable balanced rotation symmetric Boolean functions with n = pq, where p and q are distinct primes. Previous work only gave an explicit count for the case where n is prime and lower bounds for the case where n is a prime power. © 2013 Elsevier B.V. All rights reserved.
1. Introduction Functions which are invariant under the action of the cyclic group are called rotation symmetric functions. These classes of functions are extremely rich in terms of cryptographically significant functions. Rotation symmetric Boolean functions were first introduced by Pieprzyk and Qu in 1999 [11] and used as components in hashing algorithms to speed up the implementation of a cryptographic hash function. Since then, rotation symmetric Boolean functions have proven to be very useful in several areas of cryptography. This led to many papers on various aspects of the theory of these functions for example [1,2,7,10,12]. A variety of criteria for choosing Boolean functions with cryptographic applications have been identified. For example, the property of being balanced (a Boolean function is said to be balanced if it takes equal number of zeros and ones for all of its inputs) is an important cryptographic criterion. Other criteria are nonlinearity, autocorrelation, correlation immunity, algebraic degree, algebraic immunity, etc. Much discussion of the various criteria can be found in [3]. The trade-offs among these criteria have received a lot of attention in the literature for a long time [3, Chapter 4]. The more the criteria to be taken into account, the more difficult the problem is to obtain a Boolean function satisfying these properties. It is important to ensure that the selected criteria for the Boolean functions do not restrict the choice of the functions too severely. Hence the set of functions with specific criteria need to be enumerated. In 2003, Maitra and Stănică [12] presented various counting results for rotation symmetric Boolean functions, including the count of homogeneous functions. Yuan Li [8] generalized the concept of rotation symmetric functions from GF (2) to GF (p) in 2008 and obtained many enumeration results of rotation symmetric functions over GF (p). In particular, Li enumerated homogeneous rotation symmetric functions with degree 3. Later, Fu et al. [6] gave a lower bound on the number of homogeneous rotation symmetric functions. However, it remained an open problem to enumerate n-variable homogeneous rotation symmetric functions for general n [8, Section 5]. In 2012, Shaojing Fu et al. [5] solved this enumeration problem over the finite fields GF (p). In this paper we enumerate the
∗
Corresponding author. Tel.: +91 4222685000; fax: +91 4222656274. E-mail addresses: [email protected] (Lakshmy K.V.), [email protected], [email protected] (M. Sethumadhavan), [email protected] (T.W. Cusick). 0166-218X/$ – see front matter © 2013 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.dam.2013.12.016
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167
163
homogeneous rotation symmetric functions over the finite field GF (pm ) using Polya’s enumeration theorem, which completely solves the open problem proposed by Li in 2008. This result also simplifies the proof and counting formula (given in a nonexplicit form, since it depends on the solution set of a system of equations which is difficult to solve explicitly) of Shaojing Fu et al. [5] over the field GF (p). Much work has been done on counting special types of Boolean functions which are balanced; for some references, see [3, Sections 3.3 and 5.15]. Stănică et al. [13, Theorem 1] gave a formula for the number of balanced rotation symmetric Boolean functions with an odd prime number of variables. In 2010 Fu et al. [4] proved that the problem of counting balanced rotation symmetric Boolean functions is equivalent to solving a system of equations and enumerating the solutions (but it is difficult to do this enumeration in general). They gave a method for counting the balanced rotation symmetric functions when the number of variables n is a power of a prime. In this paper we give an explicit formula for this in the case n = pq, where p and q are distinct primes. The rest of the paper is organized as follows. In Section 2 we provide basic definitions, notations and also state Polya’s enumeration theorem for the sake of completeness. In Section 3 we enumerate the homogeneous rotation symmetric functions over the finite fields using Polya’s enumeration theorem. In Section 4, we get the enumeration formulas for balanced rotation symmetric Boolean functions when the number of variables is a product of two distinct primes. In Section 5, we summarize the paper. 2. Preliminaries Let GF (2) be the binary finite field and GF (2)n be the n dimensional vector space over GF (2). A Boolean function on n variables may be viewed as a mapping from GF (2)n → GF (2). A Boolean function f (x1 , x2 , . . . , xn ) can also be interpreted as a truth table of binary string of length 2n having the form f (0, . . . , 0), f (0, . . . , 1), . . . , f (1, . . . , 1). The weight of f is the number of ones in its truth table denoted by wt (f ). An n-variable Boolean function f is balanced if and only if wt (f ) = 2n−1 . Let us denote the addition operator over GF (2) by +. An n-variable function f (x1 , x2 , . . . , xn ) can be seen as a Boolean n multivariate polynomial over GF (2), that is f (x1 , x2 , . . . , xn ) = a0 + i=1 ai xi + 1≤i<j≤n ai,j xi xj + · · · + a1,2,...,n x1 x2 . . . xn , where the coefficients are from the binary field GF (2). This form of representation is called algebraic normal form (ANF ). Definition 1 (Cyclic Rotation). Let xi ∈ F2 ; for any 1 ≤ i ≤ n and 0 ≤ k ≤ n − 1 we define
ρ (xi ) = k n
xi+k xi+k−n
if i + k ≤ n if i + k > n.
Let x = (x1 , x2 , . . . , xn ) ∈ F2n . Then we can extend the definition of ρnk on tuples and monomials as follows: ρnk (x) = (ρnk (x1 ), ρnk (x2 ), . . . , ρnk (xn )) and ρnk (xi1 xi2 . . .) = ρnk (xi1 )ρnk (xi2 ) . . . . Definition 2 (Rotation Symmetric Function). A Boolean function f (x1 , x2 , . . . , xn ) is called rotation symmetric if for each input (x1 , x2 , . . . , xn ) ∈ F2n and any 0 ≤ k ≤ n − 1, f (ρnk (x1 , x2 , . . . , xn )) = f (x1 , x2 , . . . , xn ). The rotation symmetric Boolean function f possesses the same value corresponding to each of the subsets generated from the rotational symmetry. Note that if the ANF of the rotation symmetric function contains a term a · xi1 xi2 . . . xid then it has all the terms from the orbit ρnk (xi1 xi2 . . . xid ) for 0 ≤ k ≤ n − 1 of xi1 xi2 . . . xid . 2.1. Polya’s enumeration theorem Two well known main theorems in combinatorics concerned with counting mathematical objects with regard to symmetry are Burnside’s lemma and Polya’s enumeration theorem. Burnside’s lemma utilizes the concept of orbits to count mathematical objects with regard to symmetry, whereas Polya’s enumeration theorem uses the cycle index of a group for reducing the computational burden. Definition 3 (Cycle Index Polynomial). Let G be a permutation group on n symbols. For σ ∈ G let lk (σ ) denote the number of cycles of σ of length k. Then the cycle index polynomial of G is a polynomial in n variables x1 , x2 , . . . , xn given by ZG (x1 , x2 , . . . , xn ) =
n 1
|G|
l (σ )
xii
.
σ ∈G i=1 n/d
The cycle index of the cyclic group Cn is given by ZCn (x1 , x2 , . . . , xn ) = 1n where φ is Euler’s totient function. d/n φ(d)xd Let X be a set. A coloring of X is an assignment of a color to each element of X . That is a coloring corresponds to a function f : X → C , where C is a set of colors. When |X | = k and |C | = m, there are mk colorings of X using the colors from C . A weight function w is any function from a set C of colors into a set S.
Theorem 1 (Polya’s Enumeration Theorem). on a set X whose m If a group elements are colored by elements of C , which are m G acts m 2 n weighted by w , then the expression ZG i = 1 w ci , i = 1 w ci , . . . , i=1 wci generates the pattern inventory of distinct colorings by weight, where ZG (x1 , x2 , . . . , xn ) is the cycle index polynomial of G.
164
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167
3. Enumeration of homogeneous rotation symmetric functions Let GF (pm ) be the finite field of pm elements and (GF (pm ))n be the vector space of dimension n over GF (pm ). We can generalize the concept of rotation symmetric function from GF (2) to GF (pm ). An n-variable function f : GF ((pm ))n → GF (pm ) can be considered as a multivariate polynomial over GF (pm ) with its ANF pm −1
f (x1 , x2 , . . . , xn ) =
k
k
ak1 ,k2 ,...,kn x11 x22 . . . xknn ,
ak1 ,k2 ,...,kn ∈ GF (pm ).
ki =0 i=1,2,...,n
The sum k1 + k2 + · · · + kn is defined as the degree of the term with a nonzero coefficient. The greatest degree of all terms of f is called the algebraic degree of f . A function is said to be homogeneous if all monomials in the ANF of the function are of same degree. k k k If the ANF of a rotation symmetric function has a term axi11 xi22 . . . xidd , a ∈ GF (pm ), k1 + k2 + · · · + kd = w , then it has
k
k
k
t
t
t
all the terms of the following set axi11+j xi22+j . . . xidd+j = axl11 xl22 . . . xldd /j = 0, 1, . . . , n − 1, l1 < l2 < · · · < ld where ir + j is treated as ir + j − n if ir + j > n. The minimal monomial in this set is the element with the smallest vector (l1 , l2 , . . . , ld ). Let gn,w be the number of minimal monomials of degree w . We can calculate gn,w over GF (pm ) using Polya’s enumeration theorem. Theorem 2. The number of minimal monomials of degree w ≥ 1, over GF (pm ) is gn,w =
1 n
(k0 ,k1 ,...,kpm −1 ) d/r pm −1 pm −1 : i=0 ki =n, i=1 iki =w
n ! φ(d) m d , p −1 kj ! d
r = gcd(k0 , k1 , . . . , kpm −1 , w).
j=o
Proof. Let X be the set of all monomials in n-variables and G be the group of cyclic permutations on n elements. Then the n
d m cycle index polynomial of G is ZG (t1 , t2 , . . . , tn ) = 1n d/n φ(d)td . Consider the set of colors as the finite field GF (p ). Let us m define the weight for each colors as w(0, 0, . . . , 0) = y0 ; w(0, 0, . . . , 1) = y1 , . . . , w(p − 1, . .. , p − 1) = yp −1 . Then by
Polya’s theorem, the pattern index of nonequivalent colorings of X under G is given by I = ZG
pm −1 i =0
yi ,
pm −1 i =0
y2i , . . . ,
m n/d p −1 d φ(d) . Then the number of minimal monomials of degree w is the sum of coefficients i=0 yi m pm −1 k k k p −1 of y00 y11 y22 . . . ypm −1 with i=0 ki = n and i=1 iki = w in the expansion of I. By noting the points that when d = 1 pm −1 kpm −1 k k k the term y00 y11 y22 . . . ypm −1 with i=1 ki = n occurs exactly once in the expansion of I with the multinomial coeffipm −1 kpm −1 k k k (n)! and when d > 1 the expansion of I contributes a term y00 y11 y22 . . . ypm −1 with cient pm −1 i=1 ki = n if and only pm −1 i =0
yni
j=0
=
1 d/n n kpm −1
(kj )!
if r = gcd(k0 , k1 , . . . , kpm −1 , w) is greater than one. Hence by summing over all divisors of r we can deduce the sum of k
k
kpm −1
k
coefficients of y00 y11 y22 . . . ypm −1 with gn,w =
1 n
pm −1
(k0 ,k1 ,...,kpm −1 ) d/r pm −1 pm −1 : i=0 ki =n i=1 iki =w
i=1
ki = n and
pm −1 i=1
iki = w in the expansion of I as
n
φ(d)
! d , kj ! d
pm −1
r = gcd(k0 , k1 , . . . , kpm −1 , w).
j =o
Corollary 1. The number of n-variable homogeneous rotation symmetric functions over GF (pm ) of degree w ≥ 1 is (pm )gn,w − 1. Remark 1. This result simplifies not just the proof, but also the counting formula given in Fu et al. [5]. Theorem 11 in [5] involves the nonexplicit number NΩ but here the formula is more explicit. 4. Enumeration of balanced rotation symmetric functions A Boolean function is said to be balanced if it takes equal number of zeros and ones for all of its inputs. So in order to get balanced rotation symmetric Boolean functions, we need to partition GF (2)n into two groups each of size 2n−1 . Let Nn be the number of balanced n-variable rotation symmetric Boolean functions and let hn denote the number of orbits with maximal length n. In 2004, Stănică, Maitra and Clark [13, Theorem 1] calculated the value of Nn when n = p where p is an
odd prime as Np = 2
2p − 2 p
2p−1 − 1 p
. Later Stănică and Maitra [12, Theorem 8(ii)] gave a lower bound of Nn when n = pr as
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167
Npr ≥ 2
r
i=1
hpi hpi
165
where
2
i p pi−1 2 − 2 , pi hpi = r −1 r r −j a j p − r p p − hpi − 2, + φ( p ) 2 2
1≤i≤r −1 i = r.
j =1
j =1
However, it was shown in the recent paper [9] by Q. Li et al. that the more general formula for hn in [12, Theorem 8(iii)] is sometimes incorrect; for example, computation shows that h12 = 355, but the formula gives h12 = 344. In 2010 Shaojing Fu, et al. [4] proved that the problem of enumeration of balanced rotation symmetric Boolean functions is equivalent to solving a system of equations and enumerating the solutions. As a result they gave an enumeration formula for Nn when n = pr as Npr =
hpi
T r j =1
(1)
(1)
(1)
(2)
(2)
(2)
(T )
(T )
(T )
where (z1 , z2 , . . . , zr ), (z1 , z2 , . . . , zr ), . . . , (z1 , z2 , . . . , zr )
j zi
i=1
is the set of solutions of the system of equations
r r −1 zi pi = 2p θ : i=0 zi ∈ Z , 0 ≤ zi ≤ hpi ,
0 ≤ i ≤ r.
For large values of r, solving the system of equations is highly complex and hence a tighter lower bound for Npr was given in [4] as
h
pj 2p
hpj+1 hpi hpj hpi r −1 r r hpi . hpj hpj+1 hpi Npr ≥ 4 +2 l =1 − lp + l i=1 j =2 i=1
2
2
2
i̸=j±1
2
Consider the n-variable balanced rotation symmetric Boolean functions for the case when n is product of two distinct primes. Let dn,l denote the number of orbits of length l. Theorem 3. The number of n-variable balanced rotation symmetric Boolean functions for the case n = pq is given by: Case 1: p = 2, q is an odd prime. dn,q
2
Nn = 4
dn,q
dn,n
dn,q + 2r dn,n − r .
r =0 r ≡1(mod 2)
2
2
Case 2: p and q are odd primes n,q
d
n,p
d
p
Nn = 4
q
where dn,l =
k/l
µ
l k
gcd(n,k)
2
dn,q
dn,n
dn,n
dn,p + sq dn,q + rp dn,n + r + s + dn,n + r − s
r =0 s=0 r ≡0(mod 2) s≡0(mod 2)
1 l
dn,p 2
2
2
2
.
Proof. In order to count the number of n-variable balanced rotation symmetric Boolean functions, Nn , we divide the 2n elements of (GF (2))n into two groups An and Bn of equal size 2n−1 . Since the function that we are considering is rotation symmetric, the vectors in the same orbit must be in the same group. We know that the length of the orbit should be a divisor of n. Since n = pq, the only possible lengths orbits are 1, p, q and n. Using Lemma 1 of [10] we can calculate the l of the gcd(n,k) number of orbits of length l as dn,l = 1l . k/l µ k 2 Case 1: p = 2, q is an odd prime. q
n
q
2 −2 We have dn,1 = 2, dn,2 = 1, dn,q = 2 q−2 and dn,n = 2 −2q . Note that dn,q is always even and dn,n is always odd. Hence the only possible ways to group the elements into two groups of equal size are (4-tuples give the number of orbits of each size)
2, 0,
dn,q + 2r dn,n − r , 2 2
0, 1,
where 0 ≤ r ≤
dn,q − 2r dn,n + r dn,q + 2r dn,n − r , 2, 0, , , 0, 1, , , 2 2 2 2
dn,q − 2r dn,n + r , 2 2 dn,q 2
, r being odd.
166
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167
So the number of balanced rotation symmetric Boolean functions on n variables is given by dn,q
d n ,q dn,q dn,n dn,n 2 1 1 = dn,n − r + dn,q − 2r dn,n + r dn,q + 2r 2 0 0 r =0 2 2 r ≡1(mod 2) 2 2 dn,q dn,n dn,q dn,n 2 1 2 1 + dn,q + 2r dn,n − r + dn,q − 2r dn,n + r 0 1 0 1 2 2 2 2 2
Nn
2 2
dn,q
2
i.e.; Nn = 4
dn,q
dn,n
dn,q + 2r dn,n − r .
r =0 r ≡1(mod 2)
2
2
Case 2: p and q are odd primes. q
p
n
p
q
We have dn,1 = 2, dn,p = 2 p−2 , dn,q = 2 q−2 and dn,n = 2 −2 n−2 +2 . Note that dn,l is even for l = 1, p, q, n. Hence the only possible ways to group the elements into two groups of equal size are
dn,p − sq dn,q − rp dn,n + r + s , 1, , , , 2 2 2 dn,p + sq dn,q − rp dn,n + r − s dn,p − sq dn,q + rp dn,n − r + s 1, , , , 1, , ,
dn,p + sq dn,q + rp dn,n − r − s , , 1, 2 2 2 2
where 0 ≤ r ≤
2
dn,q p
2
,0 ≤ s ≤
dn,p q
2
2
2
, r , s even.
So the number of balanced rotation symmetric Boolean functions on n variables is given by d
Nn
n,q
n,p
d
d n ,q dn,n dn,p 2 = 4 dn,q + rp dn,n − r − s dn,p + sq 1 r =0 s=0 2 2 2 r ≡0(mod 2) s≡0(mod 2) dn,p dn,q d n ,n 2 + dn,p − sq dn,q − rp dn,n + r + s 1 2 2 2 d n ,p dn,q d n ,n 2 + dn,p + sq dn,q + rp dn,n + r − s 1 2 2 2 d n ,p dn,q d n ,n 2 + dn,p − sq dn,q − rp dn,n − r + s 1 2 2 2 p
q
n,q
d
p
i.e.; Nn = 4
n,p
d
q
r =0 s=0 r ≡0(mod 2) s≡0(mod 2)
dn,p
dn,q
d n ,n
d n ,n
dn,p + sq dn,q + rp dn,n + r + s + dn,n + r − s . 2
2
2
2
5. Conclusions Using Polya’s theorem, we have explicitly enumerated the homogeneous rotation symmetric functions over the finite field GF (pm ) which simplifies the existing result for homogeneous rotation symmetric functions. We have also calculated the count of balanced n-variable rotation symmetric Boolean functions for the case n = pq (with p and q being distinct primes). Acknowledgment The first author is supported by the Council of Scientific and Industrial Research (CSIR) of India. References [1] T.W. Cusick, Affine equivalence of cubic homogeneous rotation symmetric Boolean functions, Inform. Sci. 181 (2011) 5067–5083. [2] T.W. Cusick, P. Stănică, Fast evaluation, weights and nonlinearity of rotation symmetric functions, Discrete Math. 258 (2002) 289–301. [3] T.W. Cusick, P. Stănică, Cryptographic Boolean Functions and Applications, Academic Press, San Diego, 2009.
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167 [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
167
S. Fu, C. Li, L. Qu, On the number of rotation symmetric Boolean functions, Sci. China Inf. Sci. 53 (3) (2010) 537–545. S. Fu, C. Li, L. Qu, D. Dong, On the number of rotation symmetric functions over GF (p), Math. Comput. Modelling 55 (1) (2012) 142–150. S. Fu, C. Li, B. Sun, Enumeration of homogeneous rotation symmetric functions over Fp , in: Cryptology and Network Security, 2008, pp. 278–284. S. Kavut, S. Maitra, M.D. Yücel, Enumeration of 9-variable rotation symmetric Boolean functions having nonlinearity >240, in: Advances in Cryptology—Indocrypt, in: LNCS, vol. 4329, Springer, Berlin, 2006, pp. 266–279. Y. Li, Results on rotation symmetric polynomials over GF (p), Inform. Sci. 178 (1) (2008) 280–286. Q. Li, G. Gao, W. Liu, Analysis of properties and counting of orbits for k-rotation symmetric Boolean functions, J. Commun. 33 (1) (2012) 114–119. = Tongxin Xuebao (in Chinese). A. Maximov, Classes of plateaued rotation symmetric Boolean functions under transformation of Walsh spectra, in: Workshop on Coding and Cryptography, WCC 2005, in: LNCS, vol. 3969, Springer, Berlin, 2006, pp. 325–334. J. Pieprzyk, C. Qu, Fast Hashing and rotation symmetric functions, J. UCS 5 (1) (1999) 20–31. P. Stănică, S. Maitra, Rotation symmetric Boolean functions—count and cryptographic properties, Discrete Appl. Math. 156 (2008) 1567–1580. P. Stănică, S. Maitra, J. Clark, Results on rotation symmetric bent and correlation immune Boolean functions, in: Fast Software Encryption, in: LNCS, vol. 3017, Springer, Berlin, 2004, pp. 161–177.
Contents lists available at ScienceDirect
Discrete Applied Mathematics journal homepage: www.elsevier.com/locate/dam
Counting rotation symmetric functions using Polya’s theorem Lakshmy K.V. a , M. Sethumadhavan a,∗ , Thomas W. Cusick b a
TIFAC CORE in Cyber Security, Amrita Vishwa Vidyapeetham, Coimbatore, India
b
Department of Mathematics, University at Buffalo, Buffalo, NY, USA
article
info
Article history: Received 20 April 2013 Received in revised form 7 October 2013 Accepted 22 December 2013 Available online 10 January 2014 Keywords: Rotation symmetric Boolean functions Balanced functions Homogeneous functions Polya’s enumeration theorem
abstract Homogeneous rotation symmetric (invariant under cyclic permutation of the variables) Boolean functions have been extensively studied in recent years due to their applications in cryptography. In this paper we give an explicit formula for the number of homogeneous rotation symmetric functions over the finite field GF (pm ) using Polya’s enumeration theorem, which completely solves the open problem proposed by Yuan Li in 2008. This result simplifies the proof and the nonexplicit counting formula given by Shaojing Fu et al. over the field GF (p). This paper also gives an explicit count for n-variable balanced rotation symmetric Boolean functions with n = pq, where p and q are distinct primes. Previous work only gave an explicit count for the case where n is prime and lower bounds for the case where n is a prime power. © 2013 Elsevier B.V. All rights reserved.
1. Introduction Functions which are invariant under the action of the cyclic group are called rotation symmetric functions. These classes of functions are extremely rich in terms of cryptographically significant functions. Rotation symmetric Boolean functions were first introduced by Pieprzyk and Qu in 1999 [11] and used as components in hashing algorithms to speed up the implementation of a cryptographic hash function. Since then, rotation symmetric Boolean functions have proven to be very useful in several areas of cryptography. This led to many papers on various aspects of the theory of these functions for example [1,2,7,10,12]. A variety of criteria for choosing Boolean functions with cryptographic applications have been identified. For example, the property of being balanced (a Boolean function is said to be balanced if it takes equal number of zeros and ones for all of its inputs) is an important cryptographic criterion. Other criteria are nonlinearity, autocorrelation, correlation immunity, algebraic degree, algebraic immunity, etc. Much discussion of the various criteria can be found in [3]. The trade-offs among these criteria have received a lot of attention in the literature for a long time [3, Chapter 4]. The more the criteria to be taken into account, the more difficult the problem is to obtain a Boolean function satisfying these properties. It is important to ensure that the selected criteria for the Boolean functions do not restrict the choice of the functions too severely. Hence the set of functions with specific criteria need to be enumerated. In 2003, Maitra and Stănică [12] presented various counting results for rotation symmetric Boolean functions, including the count of homogeneous functions. Yuan Li [8] generalized the concept of rotation symmetric functions from GF (2) to GF (p) in 2008 and obtained many enumeration results of rotation symmetric functions over GF (p). In particular, Li enumerated homogeneous rotation symmetric functions with degree 3. Later, Fu et al. [6] gave a lower bound on the number of homogeneous rotation symmetric functions. However, it remained an open problem to enumerate n-variable homogeneous rotation symmetric functions for general n [8, Section 5]. In 2012, Shaojing Fu et al. [5] solved this enumeration problem over the finite fields GF (p). In this paper we enumerate the
∗
Corresponding author. Tel.: +91 4222685000; fax: +91 4222656274. E-mail addresses: [email protected] (Lakshmy K.V.), [email protected], [email protected] (M. Sethumadhavan), [email protected] (T.W. Cusick). 0166-218X/$ – see front matter © 2013 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.dam.2013.12.016
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167
163
homogeneous rotation symmetric functions over the finite field GF (pm ) using Polya’s enumeration theorem, which completely solves the open problem proposed by Li in 2008. This result also simplifies the proof and counting formula (given in a nonexplicit form, since it depends on the solution set of a system of equations which is difficult to solve explicitly) of Shaojing Fu et al. [5] over the field GF (p). Much work has been done on counting special types of Boolean functions which are balanced; for some references, see [3, Sections 3.3 and 5.15]. Stănică et al. [13, Theorem 1] gave a formula for the number of balanced rotation symmetric Boolean functions with an odd prime number of variables. In 2010 Fu et al. [4] proved that the problem of counting balanced rotation symmetric Boolean functions is equivalent to solving a system of equations and enumerating the solutions (but it is difficult to do this enumeration in general). They gave a method for counting the balanced rotation symmetric functions when the number of variables n is a power of a prime. In this paper we give an explicit formula for this in the case n = pq, where p and q are distinct primes. The rest of the paper is organized as follows. In Section 2 we provide basic definitions, notations and also state Polya’s enumeration theorem for the sake of completeness. In Section 3 we enumerate the homogeneous rotation symmetric functions over the finite fields using Polya’s enumeration theorem. In Section 4, we get the enumeration formulas for balanced rotation symmetric Boolean functions when the number of variables is a product of two distinct primes. In Section 5, we summarize the paper. 2. Preliminaries Let GF (2) be the binary finite field and GF (2)n be the n dimensional vector space over GF (2). A Boolean function on n variables may be viewed as a mapping from GF (2)n → GF (2). A Boolean function f (x1 , x2 , . . . , xn ) can also be interpreted as a truth table of binary string of length 2n having the form f (0, . . . , 0), f (0, . . . , 1), . . . , f (1, . . . , 1). The weight of f is the number of ones in its truth table denoted by wt (f ). An n-variable Boolean function f is balanced if and only if wt (f ) = 2n−1 . Let us denote the addition operator over GF (2) by +. An n-variable function f (x1 , x2 , . . . , xn ) can be seen as a Boolean n multivariate polynomial over GF (2), that is f (x1 , x2 , . . . , xn ) = a0 + i=1 ai xi + 1≤i<j≤n ai,j xi xj + · · · + a1,2,...,n x1 x2 . . . xn , where the coefficients are from the binary field GF (2). This form of representation is called algebraic normal form (ANF ). Definition 1 (Cyclic Rotation). Let xi ∈ F2 ; for any 1 ≤ i ≤ n and 0 ≤ k ≤ n − 1 we define
ρ (xi ) = k n
xi+k xi+k−n
if i + k ≤ n if i + k > n.
Let x = (x1 , x2 , . . . , xn ) ∈ F2n . Then we can extend the definition of ρnk on tuples and monomials as follows: ρnk (x) = (ρnk (x1 ), ρnk (x2 ), . . . , ρnk (xn )) and ρnk (xi1 xi2 . . .) = ρnk (xi1 )ρnk (xi2 ) . . . . Definition 2 (Rotation Symmetric Function). A Boolean function f (x1 , x2 , . . . , xn ) is called rotation symmetric if for each input (x1 , x2 , . . . , xn ) ∈ F2n and any 0 ≤ k ≤ n − 1, f (ρnk (x1 , x2 , . . . , xn )) = f (x1 , x2 , . . . , xn ). The rotation symmetric Boolean function f possesses the same value corresponding to each of the subsets generated from the rotational symmetry. Note that if the ANF of the rotation symmetric function contains a term a · xi1 xi2 . . . xid then it has all the terms from the orbit ρnk (xi1 xi2 . . . xid ) for 0 ≤ k ≤ n − 1 of xi1 xi2 . . . xid . 2.1. Polya’s enumeration theorem Two well known main theorems in combinatorics concerned with counting mathematical objects with regard to symmetry are Burnside’s lemma and Polya’s enumeration theorem. Burnside’s lemma utilizes the concept of orbits to count mathematical objects with regard to symmetry, whereas Polya’s enumeration theorem uses the cycle index of a group for reducing the computational burden. Definition 3 (Cycle Index Polynomial). Let G be a permutation group on n symbols. For σ ∈ G let lk (σ ) denote the number of cycles of σ of length k. Then the cycle index polynomial of G is a polynomial in n variables x1 , x2 , . . . , xn given by ZG (x1 , x2 , . . . , xn ) =
n 1
|G|
l (σ )
xii
.
σ ∈G i=1 n/d
The cycle index of the cyclic group Cn is given by ZCn (x1 , x2 , . . . , xn ) = 1n where φ is Euler’s totient function. d/n φ(d)xd Let X be a set. A coloring of X is an assignment of a color to each element of X . That is a coloring corresponds to a function f : X → C , where C is a set of colors. When |X | = k and |C | = m, there are mk colorings of X using the colors from C . A weight function w is any function from a set C of colors into a set S.
Theorem 1 (Polya’s Enumeration Theorem). on a set X whose m If a group elements are colored by elements of C , which are m G acts m 2 n weighted by w , then the expression ZG i = 1 w ci , i = 1 w ci , . . . , i=1 wci generates the pattern inventory of distinct colorings by weight, where ZG (x1 , x2 , . . . , xn ) is the cycle index polynomial of G.
164
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167
3. Enumeration of homogeneous rotation symmetric functions Let GF (pm ) be the finite field of pm elements and (GF (pm ))n be the vector space of dimension n over GF (pm ). We can generalize the concept of rotation symmetric function from GF (2) to GF (pm ). An n-variable function f : GF ((pm ))n → GF (pm ) can be considered as a multivariate polynomial over GF (pm ) with its ANF pm −1
f (x1 , x2 , . . . , xn ) =
k
k
ak1 ,k2 ,...,kn x11 x22 . . . xknn ,
ak1 ,k2 ,...,kn ∈ GF (pm ).
ki =0 i=1,2,...,n
The sum k1 + k2 + · · · + kn is defined as the degree of the term with a nonzero coefficient. The greatest degree of all terms of f is called the algebraic degree of f . A function is said to be homogeneous if all monomials in the ANF of the function are of same degree. k k k If the ANF of a rotation symmetric function has a term axi11 xi22 . . . xidd , a ∈ GF (pm ), k1 + k2 + · · · + kd = w , then it has
k
k
k
t
t
t
all the terms of the following set axi11+j xi22+j . . . xidd+j = axl11 xl22 . . . xldd /j = 0, 1, . . . , n − 1, l1 < l2 < · · · < ld where ir + j is treated as ir + j − n if ir + j > n. The minimal monomial in this set is the element with the smallest vector (l1 , l2 , . . . , ld ). Let gn,w be the number of minimal monomials of degree w . We can calculate gn,w over GF (pm ) using Polya’s enumeration theorem. Theorem 2. The number of minimal monomials of degree w ≥ 1, over GF (pm ) is gn,w =
1 n
(k0 ,k1 ,...,kpm −1 ) d/r pm −1 pm −1 : i=0 ki =n, i=1 iki =w
n ! φ(d) m d , p −1 kj ! d
r = gcd(k0 , k1 , . . . , kpm −1 , w).
j=o
Proof. Let X be the set of all monomials in n-variables and G be the group of cyclic permutations on n elements. Then the n
d m cycle index polynomial of G is ZG (t1 , t2 , . . . , tn ) = 1n d/n φ(d)td . Consider the set of colors as the finite field GF (p ). Let us m define the weight for each colors as w(0, 0, . . . , 0) = y0 ; w(0, 0, . . . , 1) = y1 , . . . , w(p − 1, . .. , p − 1) = yp −1 . Then by
Polya’s theorem, the pattern index of nonequivalent colorings of X under G is given by I = ZG
pm −1 i =0
yi ,
pm −1 i =0
y2i , . . . ,
m n/d p −1 d φ(d) . Then the number of minimal monomials of degree w is the sum of coefficients i=0 yi m pm −1 k k k p −1 of y00 y11 y22 . . . ypm −1 with i=0 ki = n and i=1 iki = w in the expansion of I. By noting the points that when d = 1 pm −1 kpm −1 k k k the term y00 y11 y22 . . . ypm −1 with i=1 ki = n occurs exactly once in the expansion of I with the multinomial coeffipm −1 kpm −1 k k k (n)! and when d > 1 the expansion of I contributes a term y00 y11 y22 . . . ypm −1 with cient pm −1 i=1 ki = n if and only pm −1 i =0
yni
j=0
=
1 d/n n kpm −1
(kj )!
if r = gcd(k0 , k1 , . . . , kpm −1 , w) is greater than one. Hence by summing over all divisors of r we can deduce the sum of k
k
kpm −1
k
coefficients of y00 y11 y22 . . . ypm −1 with gn,w =
1 n
pm −1
(k0 ,k1 ,...,kpm −1 ) d/r pm −1 pm −1 : i=0 ki =n i=1 iki =w
i=1
ki = n and
pm −1 i=1
iki = w in the expansion of I as
n
φ(d)
! d , kj ! d
pm −1
r = gcd(k0 , k1 , . . . , kpm −1 , w).
j =o
Corollary 1. The number of n-variable homogeneous rotation symmetric functions over GF (pm ) of degree w ≥ 1 is (pm )gn,w − 1. Remark 1. This result simplifies not just the proof, but also the counting formula given in Fu et al. [5]. Theorem 11 in [5] involves the nonexplicit number NΩ but here the formula is more explicit. 4. Enumeration of balanced rotation symmetric functions A Boolean function is said to be balanced if it takes equal number of zeros and ones for all of its inputs. So in order to get balanced rotation symmetric Boolean functions, we need to partition GF (2)n into two groups each of size 2n−1 . Let Nn be the number of balanced n-variable rotation symmetric Boolean functions and let hn denote the number of orbits with maximal length n. In 2004, Stănică, Maitra and Clark [13, Theorem 1] calculated the value of Nn when n = p where p is an
odd prime as Np = 2
2p − 2 p
2p−1 − 1 p
. Later Stănică and Maitra [12, Theorem 8(ii)] gave a lower bound of Nn when n = pr as
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167
Npr ≥ 2
r
i=1
hpi hpi
165
where
2
i p pi−1 2 − 2 , pi hpi = r −1 r r −j a j p − r p p − hpi − 2, + φ( p ) 2 2
1≤i≤r −1 i = r.
j =1
j =1
However, it was shown in the recent paper [9] by Q. Li et al. that the more general formula for hn in [12, Theorem 8(iii)] is sometimes incorrect; for example, computation shows that h12 = 355, but the formula gives h12 = 344. In 2010 Shaojing Fu, et al. [4] proved that the problem of enumeration of balanced rotation symmetric Boolean functions is equivalent to solving a system of equations and enumerating the solutions. As a result they gave an enumeration formula for Nn when n = pr as Npr =
hpi
T r j =1
(1)
(1)
(1)
(2)
(2)
(2)
(T )
(T )
(T )
where (z1 , z2 , . . . , zr ), (z1 , z2 , . . . , zr ), . . . , (z1 , z2 , . . . , zr )
j zi
i=1
is the set of solutions of the system of equations
r r −1 zi pi = 2p θ : i=0 zi ∈ Z , 0 ≤ zi ≤ hpi ,
0 ≤ i ≤ r.
For large values of r, solving the system of equations is highly complex and hence a tighter lower bound for Npr was given in [4] as
h
pj 2p
hpj+1 hpi hpj hpi r −1 r r hpi . hpj hpj+1 hpi Npr ≥ 4 +2 l =1 − lp + l i=1 j =2 i=1
2
2
2
i̸=j±1
2
Consider the n-variable balanced rotation symmetric Boolean functions for the case when n is product of two distinct primes. Let dn,l denote the number of orbits of length l. Theorem 3. The number of n-variable balanced rotation symmetric Boolean functions for the case n = pq is given by: Case 1: p = 2, q is an odd prime. dn,q
2
Nn = 4
dn,q
dn,n
dn,q + 2r dn,n − r .
r =0 r ≡1(mod 2)
2
2
Case 2: p and q are odd primes n,q
d
n,p
d
p
Nn = 4
q
where dn,l =
k/l
µ
l k
gcd(n,k)
2
dn,q
dn,n
dn,n
dn,p + sq dn,q + rp dn,n + r + s + dn,n + r − s
r =0 s=0 r ≡0(mod 2) s≡0(mod 2)
1 l
dn,p 2
2
2
2
.
Proof. In order to count the number of n-variable balanced rotation symmetric Boolean functions, Nn , we divide the 2n elements of (GF (2))n into two groups An and Bn of equal size 2n−1 . Since the function that we are considering is rotation symmetric, the vectors in the same orbit must be in the same group. We know that the length of the orbit should be a divisor of n. Since n = pq, the only possible lengths orbits are 1, p, q and n. Using Lemma 1 of [10] we can calculate the l of the gcd(n,k) number of orbits of length l as dn,l = 1l . k/l µ k 2 Case 1: p = 2, q is an odd prime. q
n
q
2 −2 We have dn,1 = 2, dn,2 = 1, dn,q = 2 q−2 and dn,n = 2 −2q . Note that dn,q is always even and dn,n is always odd. Hence the only possible ways to group the elements into two groups of equal size are (4-tuples give the number of orbits of each size)
2, 0,
dn,q + 2r dn,n − r , 2 2
0, 1,
where 0 ≤ r ≤
dn,q − 2r dn,n + r dn,q + 2r dn,n − r , 2, 0, , , 0, 1, , , 2 2 2 2
dn,q − 2r dn,n + r , 2 2 dn,q 2
, r being odd.
166
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167
So the number of balanced rotation symmetric Boolean functions on n variables is given by dn,q
d n ,q dn,q dn,n dn,n 2 1 1 = dn,n − r + dn,q − 2r dn,n + r dn,q + 2r 2 0 0 r =0 2 2 r ≡1(mod 2) 2 2 dn,q dn,n dn,q dn,n 2 1 2 1 + dn,q + 2r dn,n − r + dn,q − 2r dn,n + r 0 1 0 1 2 2 2 2 2
Nn
2 2
dn,q
2
i.e.; Nn = 4
dn,q
dn,n
dn,q + 2r dn,n − r .
r =0 r ≡1(mod 2)
2
2
Case 2: p and q are odd primes. q
p
n
p
q
We have dn,1 = 2, dn,p = 2 p−2 , dn,q = 2 q−2 and dn,n = 2 −2 n−2 +2 . Note that dn,l is even for l = 1, p, q, n. Hence the only possible ways to group the elements into two groups of equal size are
dn,p − sq dn,q − rp dn,n + r + s , 1, , , , 2 2 2 dn,p + sq dn,q − rp dn,n + r − s dn,p − sq dn,q + rp dn,n − r + s 1, , , , 1, , ,
dn,p + sq dn,q + rp dn,n − r − s , , 1, 2 2 2 2
where 0 ≤ r ≤
2
dn,q p
2
,0 ≤ s ≤
dn,p q
2
2
2
, r , s even.
So the number of balanced rotation symmetric Boolean functions on n variables is given by d
Nn
n,q
n,p
d
d n ,q dn,n dn,p 2 = 4 dn,q + rp dn,n − r − s dn,p + sq 1 r =0 s=0 2 2 2 r ≡0(mod 2) s≡0(mod 2) dn,p dn,q d n ,n 2 + dn,p − sq dn,q − rp dn,n + r + s 1 2 2 2 d n ,p dn,q d n ,n 2 + dn,p + sq dn,q + rp dn,n + r − s 1 2 2 2 d n ,p dn,q d n ,n 2 + dn,p − sq dn,q − rp dn,n − r + s 1 2 2 2 p
q
n,q
d
p
i.e.; Nn = 4
n,p
d
q
r =0 s=0 r ≡0(mod 2) s≡0(mod 2)
dn,p
dn,q
d n ,n
d n ,n
dn,p + sq dn,q + rp dn,n + r + s + dn,n + r − s . 2
2
2
2
5. Conclusions Using Polya’s theorem, we have explicitly enumerated the homogeneous rotation symmetric functions over the finite field GF (pm ) which simplifies the existing result for homogeneous rotation symmetric functions. We have also calculated the count of balanced n-variable rotation symmetric Boolean functions for the case n = pq (with p and q being distinct primes). Acknowledgment The first author is supported by the Council of Scientific and Industrial Research (CSIR) of India. References [1] T.W. Cusick, Affine equivalence of cubic homogeneous rotation symmetric Boolean functions, Inform. Sci. 181 (2011) 5067–5083. [2] T.W. Cusick, P. Stănică, Fast evaluation, weights and nonlinearity of rotation symmetric functions, Discrete Math. 258 (2002) 289–301. [3] T.W. Cusick, P. Stănică, Cryptographic Boolean Functions and Applications, Academic Press, San Diego, 2009.
Lakshmy K.V. et al. / Discrete Applied Mathematics 169 (2014) 162–167 [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
167
S. Fu, C. Li, L. Qu, On the number of rotation symmetric Boolean functions, Sci. China Inf. Sci. 53 (3) (2010) 537–545. S. Fu, C. Li, L. Qu, D. Dong, On the number of rotation symmetric functions over GF (p), Math. Comput. Modelling 55 (1) (2012) 142–150. S. Fu, C. Li, B. Sun, Enumeration of homogeneous rotation symmetric functions over Fp , in: Cryptology and Network Security, 2008, pp. 278–284. S. Kavut, S. Maitra, M.D. Yücel, Enumeration of 9-variable rotation symmetric Boolean functions having nonlinearity >240, in: Advances in Cryptology—Indocrypt, in: LNCS, vol. 4329, Springer, Berlin, 2006, pp. 266–279. Y. Li, Results on rotation symmetric polynomials over GF (p), Inform. Sci. 178 (1) (2008) 280–286. Q. Li, G. Gao, W. Liu, Analysis of properties and counting of orbits for k-rotation symmetric Boolean functions, J. Commun. 33 (1) (2012) 114–119. = Tongxin Xuebao (in Chinese). A. Maximov, Classes of plateaued rotation symmetric Boolean functions under transformation of Walsh spectra, in: Workshop on Coding and Cryptography, WCC 2005, in: LNCS, vol. 3969, Springer, Berlin, 2006, pp. 325–334. J. Pieprzyk, C. Qu, Fast Hashing and rotation symmetric functions, J. UCS 5 (1) (1999) 20–31. P. Stănică, S. Maitra, Rotation symmetric Boolean functions—count and cryptographic properties, Discrete Appl. Math. 156 (2008) 1567–1580. P. Stănică, S. Maitra, J. Clark, Results on rotation symmetric bent and correlation immune Boolean functions, in: Fast Software Encryption, in: LNCS, vol. 3017, Springer, Berlin, 2004, pp. 161–177.
