on the multiplicative complexity of 6 variable boolean
play

On the Multiplicative Complexity of 6-variable Boolean Functions C - PowerPoint PPT Presentation

Nov 02, 2023 •200 likes •428 views

On the Multiplicative Complexity of 6-variable Boolean Functions C a gda s C alk, Meltem S onmez Turan , Ren e Peralta National Institute of Standards and Technology, Gaithersburg, MD, USA July 5, 2017 BFA 2017 Os, Norway What

  1. On the Multiplicative Complexity of 6-variable Boolean Functions C ¸a˘ gda¸ s C ¸alık, Meltem S¨ onmez Turan , Ren´ e Peralta National Institute of Standards and Technology, Gaithersburg, MD, USA July 5, 2017 BFA 2017 Os, Norway

  2. What is Multiplicative Complexity? Multiplicative complexity is a complexity measure that is defined as the minimum number of AND gates required to implement a function f by a circuit over the basis (AND, XOR, NOT). 1

  3. Why do we count the AND gates? • Lightweight Cryptography: Efficient implementations needed for resource-constrained devices (e.g. RFID tags). The technique of minimizing the number of AND gates, and then optimizing the linear components leads to the implementations with low gate complexity. • Secure multi-party computation: Reducing the number of AND gates improves the efficiency of secure multi-party protocols (e.g. conducting online auctions in a way that the winning bid can be determined without opening the losing bids). • Side channel attacks: Minimizing the number of AND gates is necessary when implementing a masking scheme to prevent side-channel attacks. • Cryptanalysis of cryptographic primitives: Primitives with low multiplicative complexity may be susceptible to algebraic cryptanalysis. 2

  4. Some Properties of Multiplicative Complexity • Multiplicative complexity of a function with degree d is at least d − 1. • Multiplicative complexity is invariant w.r.t affine transformation. • f and g are affine equivalent, if there exists an affine transformation of the form f ( x ) = g ( Ax + a ) + b · x + c , where A is a non-singular n × n matrix over F 2 ; x , a are column vectors over F 2 ; b is a row vector over F 2 . • If f and g are affine equivalent, they are said to be in the same equivalence class and they have the same multiplicative complexity. • Multiplicative complexity of a randomly selected n -bit Boolean function is at least 2 n / 2 − O ( n ). No specific n -bit Boolean function has been proven to have multiplicative complexity larger than n − 1 for any n . 3

  5. 4- and 5-bit Boolean Functions (Turan and Peralta, 2014) Turan and Peralta (2014) showed that multiplicative complexity is • ≤ 3 for f ∈ B 4 (8 equivalence classes), • ≤ 4 for f ∈ B 5 (48 equivalence classes). Method Equivalence classes for n = 4 Class Representative 1. Find a simple representative from each 1 x 1 equivalence class. 2 x 1 x 2 2. Find a circuit with small number of AND 3 x 1 x 2 + x 3 x 4 gates. 4 x 1 x 2 x 3 5 x 1 x 2 x 3 + x 1 x 4 3. Check if it is optimal using the degree 6 x 1 x 2 x 3 x 4 bound. 7 x 1 x 2 x 3 x 4 + x 1 x 2 8 x 1 x 2 x 3 x 4 + x 1 x 2 + x 3 x 4 4

  6. 6-bit Boolean Functions The approach of Turan & Peralta does not work for n = 6, since • The number of equivalence classes is 150 537, and • Simple heuristics do not find optimal circuits, as representatives are more complex. • For some classes, it is not possible to verify optimality using the degree bound. Our approach Exhaustively construct all Boolean circuits with 1,2, 3, . . . AND gates, and mark the Boolean functions that can be generated by the circuits until all 6-bit Boolean functions are generated. 5

  7. 6-bit Boolean Functions The approach of Turan & Peralta does not work for n = 6, since • The number of equivalence classes is 150 537, and • Simple heuristics do not find optimal circuits, as representatives are more complex. • For some classes, it is not possible to verify optimality using the degree bound. Our approach Exhaustively construct all Boolean circuits with 1,2, 3, . . . AND gates, and mark the Boolean functions that can be generated by the circuits until all 6-bit Boolean functions are generated a function from each equivalence class is generated. 5

  8. 6-bit Boolean Functions The approach of Turan & Peralta does not work for n = 6, since • The number of equivalence classes is 150 537, and • Simple heuristics do not find optimal circuits, as representatives are more complex. • For some classes, it is not possible to verify optimality using the degree bound. Our approach Exhaustively construct all Boolean circuits topologies with 1,2, 3, . . . AND gates, and mark the Boolean functions that can be generated by the circuits until a function from each equivalence class is generated. 5

  9. Boolean circuit and Topology of a circuit (Codish et al, 2015) Definition (Boolean circuit) For a given n ∈ N , let X n = { x 1 , x 2 , . . . , x n } denote the n inputs to a circuit. A Boolean circuit C with n inputs and k AND gates is a pair C = ( A , O ), where: • A = { a 1 , . . . , a k } is a list of k AND gates, where the i -th AND gate inputs L i and R i with L i , R i ∈ � 1 , x 1 , . . . , x n , L 1 . R 1 , . . . , L i − 1 . R i − 1 � . • O ∈ � 1 , x 1 , . . . , x n , L 1 . R 1 , . . . , L k . R k � is the output gate. 6

  10. Boolean circuit and Topology of a circuit (Codish et al, 2015) Definition (Boolean circuit) For a given n ∈ N , let X n = { x 1 , x 2 , . . . , x n } denote the n inputs to a circuit. A Boolean circuit C with n inputs and k AND gates is a pair C = ( A , O ), where: • A = { a 1 , . . . , a k } is a list of k AND gates, where the i -th AND gate inputs L i and R i with L i , R i ∈ � 1 , x 1 , . . . , x n , L 1 . R 1 , . . . , L i − 1 . R i − 1 � . • O ∈ � 1 , x 1 , . . . , x n , L 1 . R 1 , . . . , L k . R k � is the output gate. Definition (Topology) A topology of a circuit C = ( A , O ) is the set of AND gates A , except that L ∪ R ⊂ A for all � L , R � ∈ A . Given an AND-XOR circuit C = �A , O� , the topology of C is �� L ∩ A , R ∩ A� | � L , R � ∈ A� . 6

  11. Example: Boolean Circuit and Topology Let f = x 1 x 2 x 3 + x 1 x 2 + x 1 x 4 + x 2 x 3 + x 4 . The circuit C = �A , O� is x 2 x 3 represented as A = � a 1 , a 2 � x 2 + x 4 ∧ a 1 = �{ x 2 } , { x 3 }� x 1 a 2 = �{ a 1 , x 2 , x 4 } , { x 1 }� O = �{ x 4 } , { a 1 , a 2 }� ∧ x 4 The topology of C is represented as A = � a 1 , a 2 � a 1 = �∅ , ∅� a 2 = �{ a 1 } , ∅� ∧ O = �∅ , { a 1 , a 2 }� ∧ 7

  12. Constructing Circuit Topologies Let T k be the set of all topologies with k AND gates. We use an iterative method to construct T k +1 as follows: 1. Let S be an empty set. 2. For each topology t ∈ T k , 2.1 For all choices of ( L k +1 , R k +1 ) ( L k +1 and R k +1 can take on all 2 k possible combinations of previous k AND gates), 2.1.1 Let t ′ be a new topology constructed by adding a new AND gate a k +1 with inputs ( L k +1 , R k +1 ) to t . 2.1.2 S = S ∪ t ′ 3. We eliminate redundant topologies (due to symmetry). T k +1 = S . 8

  13. Constructing Circuit Topologies Let T k be the set of all topologies with k AND gates. We use an iterative method to construct T k +1 as follows: 1. Let S be an empty set. 2. For each topology t ∈ T k , 2.1 For all choices of ( L k +1 , R k +1 ) ( L k +1 and R k +1 can take on all 2 k possible combinations of previous k AND gates), 2.1.1 Let t ′ be a new topology constructed by adding a new AND gate a k +1 with inputs ( L k +1 , R k +1 ) to t . 2.1.2 S = S ∪ t ′ 3. We eliminate redundant topologies (due to symmetry). T k +1 = S . Number of topologies for k up to 6 k 1 2 3 4 5 6 | T k | 1 2 8 84 3 170 475 248 8

  14. Constructing Circuit Topologies Topologies with 1 AND gate ∧ 9

  15. Constructing Circuit Topologies Topologies with 1 AND gate ∧ Topologies with 2 AND gates ∧ and ∧ ∧ ∧ 9

  16. Constructing Circuit Topologies Topologies with 1 AND gate ∧ Topologies with 2 AND gates ∧ and ∧ ∧ ∧ Topologies with 3 AND gates ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ ∧ 9

  17. Evaluating Topologies to Generate Boolean Functions • A topology with k AND gates can be supplied 2 k linear function inputs X = ( L 1 , . . . , L 2 k ) . Trying all inputs becomes quickly infeasible ∧ since there are 2 2 kn choices (2 60 inputs for ∧ ∧ n = 6, k = 5). • Any affine transformation of the inputs L 1 L 2 A ( X ) = ( A ( L 1 ) , . . . , A ( L 2 k )) will produce a L 4 L 5 ∧ function from the same equivalence class. L 3 L 6 Hence, the inputs that are affine ∧ ∧ transformations of each other need not be considered. • The number of inputs corresponds to the � 2 k 2 ( ≈ 2 26 � Gaussian binomial coefficient n inputs for n = 6, k = 5). 10

  18. Computation Summary • Generated all topologies ≤ 6 AND gates. • For each topology having k = 1 , 2 , 3 , 4 , 5 AND gates, all equivalence classes each topology can produce is found. • 149 426 equivalence classes out of 150 357 generated with at most 5 AND gates. • Remaining 931 equivalence classes were generated from a selection of 6 AND gate topologies. • Computations were done on a cluster (Intel Xeon E5-2630 processor, 64GB RAM) and took 38 422 core hours. 11

  19. Multiplicative Complexity Distribution for n = 6 Multiplicative complexity distribution of the equivalence classes and functions for n = 6 MC #classes #functions log 2 (# functions ) 0 1 128 7 . 00 1 1 83 328 16 . 34 2 3 73 757 184 26 . 13 3 24 281 721 079 808 38 . 03 4 914 7 944 756 861 878 272 52 . 81 5 148 483 18 344 082 080 963 133 440 63 . 99 6 931 94 716 954 089 619 456 56 . 39 12

Recommend

On the Multiplicative Complexity of Symmetric Boolean Functions Lus Brando, ada

On the Multiplicative Complexity of Symmetric Boolean Functions Lus Brando, ada

On the Multiplicative Complexity of Symmetric Boolean Functions Lus Brando, ada alk, Meltem Snmez Turan, Ren Peralta National Institute of Standards and Technology (Gaithersburg, MD, USA) The 3 rd International Workshop on

925 views • 64 slides
On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking Dahmun

On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking Dahmun

On the Multiplicative Complexity of Boolean Functions and Bitsliced Higher-Order Masking Dahmun Goudarzi and Matthieu Rivain CHES 2016, Santa-Barbara Higher-Order Masking x = x 1 + x 2 + + x d 2/28 Higher-Order Masking x = x 1 + x 2 +

855 views • 42 slides
1 Characters Boolean A char variable stores a single character A boolean value represents

1 Characters Boolean A char variable stores a single character A boolean value represents

CSC 2014 Java Bootcamp Lecture 2 Variables, Expressions, I/O & Control VARIABLES & EXPRESSIONS 2 Variables Variable Initialization A variable is a name for a location in memory A variable can be given an initial value in the

105 views • 10 slides
The Multiplicative Quantum Adversary Robert palek Quantum query complexity Quantum query

The Multiplicative Quantum Adversary Robert palek Quantum query complexity Quantum query

The Multiplicative Quantum Adversary Robert palek Quantum query complexity Quantum query complexity Given a function f: {0,1} n {0,1} m Quantum query complexity not necessarily Boolean output Given a function f: {0,1} n

1.43k views • 115 slides
Definitions Boolean set: B 0 , 1 Boolean constants: 0, 1 Boolean variable: x 0

Definitions Boolean set: B 0 , 1 Boolean constants: 0, 1 Boolean variable: x 0

Computer Architecture applied computer science 03.01 Boolean algebra urbino worldwide campus 03 Logic networks 03.01 Boolean algebra Definitions Boolean

489 views • 6 slides
Boolean Logic Invented by George Boole Boolean logic is the basis for modern computer logic.

Boolean Logic Invented by George Boole Boolean logic is the basis for modern computer logic.

Boolean Logic Invented by George Boole Boolean logic is the basis for modern computer logic. Works only with binary values What is a Boolean Variable? A variable (cell) that holds either true or false Can be thought of conceptually

524 views • 4 slides
Making Decisions Boolean Data Type A boolean variable is either True or False . loggedin = True

Making Decisions Boolean Data Type A boolean variable is either True or False . loggedin = True

Making Decisions Boolean Data Type A boolean variable is either True or False . loggedin = True administrator = False Boolean Operators - Comparison (Equality - do not confuse with = !) == 42 == 42 (Inequality) != 10 != 12 (Less

611 views • 27 slides
MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity .

MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity .

MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity . Arnab Roy 1 and Tyge Tiessen 1 ) Technical University of Denmark 1 Royal Holloway, University of London 2 TU Graz 3 1 (joint work with Martin Albrecht

275 views • 26 slides
On the Amortized Complexity of Zero Knowledge Protocols for Multiplicative Relations Ronald Cramer

On the Amortized Complexity of Zero Knowledge Protocols for Multiplicative Relations Ronald Cramer

On the Amortized Complexity of Zero Knowledge Protocols for Multiplicative Relations Ronald Cramer 1 ard 2 Valerio Pastro 2 Ivan Damg 1 CWI Amsterdam 2 Aarhus University August 15, 2012 Centrum Wiskunde & Informatica Cramer, Damg ard,

569 views • 25 slides
CS 312 Introduction to booleans Jeffrey Wang Boolean boolean is another primitive data type in

CS 312 Introduction to booleans Jeffrey Wang Boolean boolean is another primitive data type in

CS 312 Introduction to booleans Jeffrey Wang Boolean boolean is another primitive data type in Java, just like int, double, and char A variable of the boolean type can have one of two values: true or false Examples: boolean

136 views • 10 slides
Constructions of n -variable balanced Boolean functions with maximum absolute n value in

Constructions of n -variable balanced Boolean functions with maximum absolute n value in

Constructions of n -variable balanced Boolean functions with maximum absolute n value in autocorrelation spectra < 2 2 Deng Tang Southwest Jiaotong University, Chengdu, China ( Joint work with Subhamoy Maitra, Selc uk Kavut, and Bimal

546 views • 35 slides
Proof Complexity of Quantified Boolean Formulas Olaf Beyersdorff School of Computing, University

Proof Complexity of Quantified Boolean Formulas Olaf Beyersdorff School of Computing, University

Proof Complexity of Quantified Boolean Formulas Olaf Beyersdorff School of Computing, University of Leeds Olaf Beyersdorff Proof Complexity of Quantified Boolean Formulas 1 / 39 Proof complexity (in one slide) Main question What is the size

575 views • 39 slides
Functional lower bounds for arithmetic circuits and connections to boolean circuit complexity

Functional lower bounds for arithmetic circuits and connections to boolean circuit complexity

Functional lower bounds for arithmetic circuits and connections to boolean circuit complexity Michael Forbes Mrinal Kumar Ramprasad Saptharishi Princeton University Rutgers University T el Aviv University Computational Complexity

1.35k views • 107 slides
Satisfiability Sat and 3sat Consider a set of boolean variables x 1 , x 2 , . . . x n . Sat :

Satisfiability Sat and 3sat Consider a set of boolean variables x 1 , x 2 , . . . x n . Sat :

CS500 CS500 Satisfiability Sat and 3sat Consider a set of boolean variables x 1 , x 2 , . . . x n . Sat : Instance: A CNF formula . A literal is either a boolean variable x i or its negation x i . Question: Is there a truth assignment to the

332 views • 4 slides
Unit 7 Minterm and Canonical Sums 2- and 3-Variable Boolean Algebra Theorems DeMorgan's Theorem

Unit 7 Minterm and Canonical Sums 2- and 3-Variable Boolean Algebra Theorems DeMorgan's Theorem

7.1 Unit 7 Minterm and Canonical Sums 2- and 3-Variable Boolean Algebra Theorems DeMorgan's Theorem Simplification using Boolean Algebra 7.2 Duality As we progress in this unit, remember and look for the idea of duality at work

887 views • 61 slides
Complexity Amir Shpilka Tel Aviv University 1 Algebraic Complexity February 14, 2020 Rough

Complexity Amir Shpilka Tel Aviv University 1 Algebraic Complexity February 14, 2020 Rough

Crash course on Algebraic Complexity Amir Shpilka Tel Aviv University 1 Algebraic Complexity February 14, 2020 Rough Plan Lecture 1: Models of computation, Complexity Classes, Reductions and Completeness, Connection to Boolean world,

1.47k views • 146 slides
Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 , . . . , x n be boolean variables. Boolean Function of Arity n Semantics and Verification 2005 Abstract Syntax for Boolean Expressions ( x ranges

382 views • 4 slides
Spiral 1 / Unit 3 Minterm and Maxterms Canonical Sums and Products 2- and 3-Variable Boolean

Spiral 1 / Unit 3 Minterm and Maxterms Canonical Sums and Products 2- and 3-Variable Boolean

1-3.1 Spiral 1 / Unit 3 Minterm and Maxterms Canonical Sums and Products 2- and 3-Variable Boolean Algebra Theorems DeMorgan's Theorem Function Synthesis use Canonical Sums/Products 1-3.2 Outcomes I know the difference between

719 views • 54 slides
A Proof Complexity View of Pseudo-Boolean Solving Marc Vinyals Tata Institute of Fundamental

A Proof Complexity View of Pseudo-Boolean Solving Marc Vinyals Tata Institute of Fundamental

A Proof Complexity View of Pseudo-Boolean Solving Marc Vinyals Tata Institute of Fundamental Research Mumbai, India Joint work with Jan Elffers, Jess Girldez-Cru, Stephan Gocht, and Jakob Nordstrm Theory and Practice of Satisfiability

1.01k views • 56 slides
Developing Multiplicative Thinking More Assessing and Monitoring Multiplicative Thinking Welcome

Developing Multiplicative Thinking More Assessing and Monitoring Multiplicative Thinking Welcome

Developing Multiplicative Thinking More Assessing and Monitoring Multiplicative Thinking Welcome I Your Host: Tonda Thompson KCM Regional Math Coach tonda.thompson@grrec.org KCM WEBSITE kentuckymathematics.org AGENDA Standards

337 views • 14 slides
MLL normalization and transitive closure: circuits, complexity, and Euler tours Harry Mairson

MLL normalization and transitive closure: circuits, complexity, and Euler tours Harry Mairson

MLL normalization and transitive closure: circuits, complexity, and Euler tours Harry Mairson Problem: Given a proofnet in multiplicative linear logic (MLL), what is the computational complexity of determining its normal form? [sensitive to

1.01k views • 55 slides
Even delta-matroids and the complexity of planar Boolean CSPs Alexandr Kazda, Vladimir

Even delta-matroids and the complexity of planar Boolean CSPs Alexandr Kazda, Vladimir

Even delta-matroids and the complexity of planar Boolean CSPs Alexandr Kazda, Vladimir Kolmogorov, Michal Rol nek A K, V K, M R (IST Austria) Edge CSP for even -matroids 1 / 12 History Our world: CSP( { 0 , 1 } , ) where contains

669 views • 54 slides
Streaming space complexity of nearly all functions of one variable Vladimir Braverman, Stephen

Streaming space complexity of nearly all functions of one variable Vladimir Braverman, Stephen

Streaming space complexity of nearly all functions of one variable Vladimir Braverman, Stephen Chestnut, David P. Woodruff, Lin F. Yang January 7, 2016 A stream of m = 7 items from [ n ] = [4] 4 , 2 , 3 , 2 , 4 , 2 , 2 0 0

622 views • 20 slides
Developing Multiplicative Thinking- Foundations of Multiplicative Thinking with Julie Adams

Developing Multiplicative Thinking- Foundations of Multiplicative Thinking with Julie Adams

Developing Multiplicative Thinking- Foundations of Multiplicative Thinking with Julie Adams Welcome! Your host Julie Adams Regional Consultant Kentucky Center for Mathematics jaadams2@moreheadstate.edu KCM Website

472 views • 28 slides

More recommend