1. Introduction
The theory of Boolean functions is a fascinating area of research in discrete mathematics with applications to cryptography and coding theory. Claude Shannon’s properties of confusion and diffusion are fundamental concepts for achieving security in cryptosystems. The notion of diffusion is related to the degree to which the influence of a single input plaintext bit is spread throughout the resulting ciphertext, and the notion of confusion is related to the complexity of the relationship between the secret key and ciphertext. Boolean functions with high nonlinearity can be used to provide confusion in block encryption algorithms [
1,
2]. Nonlinearity is the minimum number of bits which must change in the truth table of a Boolean function to become an affine function. The Walsh transform is the most important mathematical tool for the analysis of cryptographic properties of Boolean functions. The understanding of the Walsh transform of a Boolean function uniquely determines the function; therefore, working fully with the Walsh transform is possible.
Here we study a connection between the Walsh spectrum of m-variable Boolean functions and Ryser’s formula of the permanent for Sylvester Hadamard matrices of order .
In 1812, Cauchy and Binet independently introduced the notion of the permanent as a matrix function.
Definition 1. Let N be the set , (). The symmetric group is the group of all permutations of N. The permanent of an matrix is defined by At first glance, it seems to be a straightforward version of the determinant, but this is a misleading impression. For instance, the determinant of an arbitrary matrix can be evaluated efficiently using Gaussian elimination; however, the computation of the permanent is much more complicated. Valiant [
3] proved that it belongs to the class of ♯P-complete problems, which basically means that there is almost no possibility of finding a polynomial time deterministic algorithm for computing the permanent in general. Precisely, the central problem studied in arithmetic complexity theory is the permanent versus determinant problem, which is considered the arithmetic analogue of the
NP vs.
P problem (see [
4]).
There are wide applications of the permanent of certain matrices, such as 0,1 and/or sparse matrices with special structures. Especially in combinatorial counting and graph theory [
5]. For instance, if
G is a balanced (the two parts have equal size) bipartite graph and
is its adjacency matrix, the
counts perfect matchings in
G. Nevertheless, as far as we know, there is not any clear combinatorial interpretation of the permanent of Hadamard matrices. Here we give some ideas towards an interpretation of the permanent of the Sylvester Hadamard matrices in terms of Boolean functions with high nonlinearity.
Notation. Throughout the article, we make use of − for and 1 for . We write for a Sylvester Hadamard matrix of order . The cardinality of a set S is denoted . We use for the identity matrix of order n and for the transpose of M. The Galois field with two elements is denoted by and the m-dimensional vector space over , equipped with the canonical basis by . means the usual inner product for .
3. Ryser’s Formula for and the Walsh Spectrum of Boolean Functions
H.J. Ryser found the following alternative method to evaluate the permanent of a matrix
of order
n,
where
denotes the set of all strictly increasing sequences of
r integers taken from the set
. This is one of the fastest known general algorithms for computing a permanent.By counting multiplications it has an efficiency of
(see pp. 31–11 [
12]).
Proposition 2. Assuming that is the Sylvester Hadamard matrix of order , f an arbitary m-variable Boolean function and . Then,
.
Proof. The first identity follows from Proposition 1 and the second one is immediate. □
The following result studies some properties of the function that we will use later.
Lemma 1. Let f be an arbitrary and be the result of concatenating the TT of f to itself. Then .
Let , and . If then . For instance, when or 4.
Let and . Then .
Proof. Identities 1 and 2 follow from
for
and
is null for some
. For identity 3, we have to take into account that
. □
In the sequel, we will try to extract some consequences of the Proposition 2. Firstly, it may help in finding an interpretation of the permanent of in terms of nonlinearity.
Since
the nonlinearity of
f is computed from the Walsh sprectrum by
If a maximum absolute value of occurs at , then either is the best linear approximation of f (when ) or its complement, the affine function , is as good as, or better than, the best linear approximation (when ).
It is a simple corollary of Parseval’s identity,
that
Therefore, for any Boolean function in
m variables,
and this bound is achieved only when
m is even and
. Hence,
An m-variable Boolean function with m even and maximum nonlinearity is called bent. Furthermore, if f is bent then . This is the maximum of in and
The affine functions are the other extreme, with respect to the Walsh spectrum. There is only one non-null Walsh coefficient for an affine function, and its value is either
, when it is linear, or
otherwise. Therefore,
By Parseval’s identity, if some of the Walsh coefficients are smaller than average in absolute value, especially if some are 0, then the others must be larger. Thus, if f is a Boolean function with a small and even then it can be expected that will be null. For odd and after carrying out some computer searches up to , we found that more often takes positive than negative values.
Although the formula for nonlinearity is sign free, the quotient
could provide some information of the “global” nonlinearity of the whole set
m-variable Boolean functions. Especially, when
could indicate a better density of Boolean functions with high nonlinearity in
than in
. For
and 4, this is confirmed with the behaviour of the quotient between the number of bent functions in
m variables between the number of Boolean functions (see [
2], Chapter 7). Attending to our observation we also claim the following.
Conjecture 1. If
m is even, then
and if
m is odd, then
Secondly, we will try to take advantage of computing the permanent of a Sylvester Hadamard matrix from partitioning in classes under the affine equivalence relationship.
Definition 2 ([
2]).
Two m-variable Boolean functions f and h are said to be affine equivalent if there exists an invertible matrix A with entries in and a constant such that for all it holds that The following Lemma studies the Walsh spectra of affine equivalent Boolean functions f and h. As immediate consequence, we have .
Lemma 2 ([
13]).
Let f and h be two affine equivalent m-variable Boolean functions, , then Another important consequence is,
Proposition 3. If f and h are affine equivalent m-variable Boolean functions then Proof. This follows from Proposition 2 and Lemma 2. Since runs over all the elements of when g runs over all the elements of and the number of times that is even for any fixed when when g runs over all the elements of . This last statement is due to the fact that the number of elements of with concrete values in certain positions divides . □
Now, the formula for the permanent of can be rewritten in terms of classes under the affine equivalence relation for the set of m-variable Boolean functions.
Proposition 4. where is the set of classes under the affine equivalence for the m-variable Boolean functions of weight r, is a representative of the class , . Proof. It is immediate from Proposition 2, Proposition 3 and the fact that where □
Example 2. Now we are going to compute using Formula (3),Taking into account that for any 3-variable Boolean function with even. Then,(Using Table 1, we get) Therefore, the problem of computing the permanent of a Sylvester Hadamard matrix of order
can be carried out by enumerating
m-variable Boolean functions with an arbitrary Walsh spectrum. This enumeration problem, although of interest in cryptography [
14], requires a huge amount of computational resources. For instance, the number of bent functions (those Boolean functions with flat spectrum) so far has only been known for dimensions up to and including 8 (see [
15]). Thus, Formula (
3) only has a theoretical interest.
Finally, we give another formula for the permanent of
as a straightforward consequence of some results from [
16,
17]. Let
be the group of permutations on the set
E and
be the parity
or
of
for each
. Then,
is defined as the set
.
Now, taking into account the following facts:
Therefore, the formula for the permanent of
given in Proposition 2 can be rewritten as