On Cusick-Cheons Conjecture About Balanced Boolean Functions in the Cosets of the Binary Reed-Muller Code

On Cusick-Cheon’ s Conjec ture About Bala nced Boolean Functions in the Cosets o f the Binary Reed-Muller C ode Y uri L. Bori ssov Abstract — It is pro ved an am plification of Cusick-Cheon’s conjecture on balanced Boolean functions in the cosets of the binary Reed-Muller code RM ( k , m ) of order k and length 2 m , in the cases where k = 1 or k ≥ ( m − 1) / 2 . Index T erms — Boolean function, Reed-Muller code, coset of linear code, W alsh-Hadamard transform. I . I N T RO D U C T I O N For basic d efinitions and facts we refer to [8]. L et RM ( k , m ) denote the k th-o rder Reed-Muller c ode of length 2 m . This linear code consists of all binary vectors o f length 2 m (truth tab les) associated with Boolean fun ctions in m v ariables whose d egree is less than or equ al to k . A Boolean function is said to be balanced if its truth tab le contain s equal nu mber of zeroes and on es. W e shall also c all a tru th table o f a balanced Boolean function ba lanced word. In [4], the autho rs have co njectured the f ollowing: C O N J E C T U R E 1 . 1 : The c ode RM ( k , m ) , k > 0 , consid- ered a s a coset in the qu otient space Q ( k , m ) def = RM ( k + 1 , m ) / R M ( k , m ) has mo re balan ced functions than any other coset in Q ( k , m ) . This conjectur e was verified in cases k = 1 , m − 2 [5]. Based o n it the author s of [4] derived very good upp er and lower bound s on the number of b alanced Boole an functio ns which are contained in RM ( k , m ) . For some particular values of k and arbitrary m , exp licit for mulas fo r th e number o f balanced function s in R M ( k , m ) are k nown [8], [10]. Apart from trivial c ases ( k = 1 , m − 1 and m ) there are such formu las fo r k = 2 and k = m − 2 , as a p art of the known weight-distribution of the correspondin g Reed-Muller cod es. Howe ver , th e p roblem of d etermining th e weight-distribution of R M ( k , m ) in general, seems to be d ifficult [8] and e ven partial results are welcomed [7]. For similar results in the context of cry ptogr aphic applicatio ns, see also [2], [ 3] and [11, Ch. 8 ]. This paper is organized as follows. In next section we summarize necessary backgro und. In Section III we present proof s of the extension o f Con jecture 1.1 fo r ar bitrary c oset o f the R M ( k , m ) , if k = 1 or k ≥ ( m − 1) / 2 . Fin ally , in Section IV we giv e an example wh ich illustrates th ese con siderations. I I . B AC K G R O U N D Let us r ecall the so- called Ma cW illiams’ s id entity [8, p . 127]. Y . L . Borissov is with the Institute of Mathematics and Informatics, Bulgari an Academy of Sciences, Sofia 1113, Bulgaria. Theorem 2.1: Let A be a binar y linear ( n, K ) c ode a nd ( A 0 , A 1 , . . . , A n ) deno te the weight distribution of A i.e. the total number of vectors of weight i in A is A i for each i . Then n X i =0 A i X i = 2 K − n n X i =0 B i (1 + X ) n − i (1 − X ) i , (1) where B i is the total number of vectors of weight i in A ⊥ , the o rthogo nal code of A . W e make use also of th e fo llowing result proven by Assmu s and Mattson. Theorem 2.2: ([1]) Le t A be a binary linear ( n, K ) cod e and a be an n − vector over F 2 = GF (2) no t in A . Let ( d 0 , d 1 , . . . , d n ) denote the weight distribution of the coset A + a ; th us the total n umber of vectors of weig ht i in A + a is d i for each i . Then n X i =0 d i X i = 2 K − n n X i =0 (2 b i − B i )(1 + X ) n − i (1 − X ) i , (2) where b i is defined as th e numbe r of vectors of weight i in the o rthogo nal cod e A ⊥ that ar e also orthog onal to a and B i is th e total nu mber o f vector s of weight i in A ⊥ . The above results wer e stated fo r a linear cod e over an arbitrary finite field, but for our g oals these p articular versions are en ough . The f ollowing deep theorem is d ue to M cEliece. Theorem 2.3: ([9]) Th e weig ht of ev ery cod ew ord in RM ( k , m ) is divisible by 2 [( m − 1) /k ] . Let us rem ind also the fo llowing d efinition. D E FI N I T I O N 2 . 4 : [8, p. 151] F or an arbitrary positive in- teger n the Krawtchouk p olynom ial P k ( x ; n ) = P k ( x ) is defined as P k ( x ; n ) def = k X j =0 ( − 1) j  x j  n − x k − j  , k = 0 , 1 , 2 , . . . , wher e as u sual x is a variable while the binomial co efficients are d efined as in Ex. 1 8 [ 8, Ch. 1]. Note th at P k ( x ) is a p olynom ial of degree k . For the sake of comp leteness we r ecall the definitions of weight an d W alsh-Hadamard transform of a Boolean f unction . Below , ” P ” stands for the o rdinary su mmation, while ” + ” is used f or the mo dulo- 2 sum mation. The weight of a Boolean f unction f is equ al to the num ber of non zero p ositions in the truth table of f an d is deno ted by wt ( f ) . A Boolean function f is uniquely de termined by its W alsh-Hadam ard transfor m, which is a real-valued function over F m 2 defined f or all ω ∈ F m 2 as W f ( ω ) = X x ∈ F m 2 ( − 1) f ( x )+ x · ω = 2 m − 2 w t ( f + x · ω ) , (3) Here the d ot p r o duct or scalar p roduc t of th e vector s x = ( x 1 , x 2 , . . . , x m ) a nd ω = ( ω 1 , ω 2 , . . . , ω m ) is d efined as x · ω = x 1 ω 1 + x 2 ω 2 + · · · + x m ω m . It is easy to see tha t th e Boolean function f is balanc ed if and only if W f ( 0 ) = 0 . W e r ecall also, the so-called Parse v al’ s equation: X ω ∈ F m 2 W f ( ω ) 2 = 2 2 m (4) I I I . T H E P RO O F S First, we shall p rove the fo llowing lemma. Lemma 3 .1: For an ar bitrary even positiv e integer n an d i = 0 , 1 , . . . , n let us define the numb ers K ( i, n ) as K ( i, n ) def = i X j =0 ( − 1) j  i j  n − i n/ 2 − j  , Then K ( i, n ) is equ al to 0 for i o dd, negati ve when i ≡ 2 (mod 4) a nd positiv e whe n i ≡ 0 (mod 4) . Pr o of: Note th at K ( i, n ) is actua lly P n/ 2 ( i ) , where P n/ 2 ( x ) is the Krawtchouk p olynom ial of degree n/ 2 . Furthe r we make u se of the Ex. 46 [ 8, p. 153] which states that f or arbitrary nonnegative integers i and j the following recurren t formu la holds: ( n − i ) P j ( i + 1) = ( n − 2 j ) P j ( i ) − i P j ( i − 1) , where P j ( x ) is the Krawtchouk polyn omial of degree j . In our case j = n/ 2 , thu s we have: ( n − i ) P n/ 2 ( i + 1) = − iP n/ 2 ( i − 1) (5) The initial values: P n/ 2 (0) =  n n/ 2  and P n/ 2 (1) = 0 are easily comp uted (see e.g. equ ation 5 . 57 and E x. 44 [8, pp. 151-1 53]). The proof follows by inductio n on i using r ecurren t relation ( 5 ) . Now , we sh all prove an amplification of Cusick- Cheon’ s conjecture in som e special cases. Theorem 3.2: Let B ( k , m ) be the numb er of balanced words in the binary Reed-Muller code RM ( k , m ) , k ≥ ( m − 1) / 2 . T hen any non trivial coset of R M ( k , m ) contains less than B ( k , m ) ba lanced words. Pr o of: Let a be a binary vector o f length n = 2 m not in A = RM ( k, m ) and C = A + a b e the considered c oset. It is well-known that the dimension of A is K = P k j =0  m j  and the ortho gonal c ode A ⊥ coincides to RM ( m − k − 1 , m ) . Let b i be the number of vectors of weight i in A ⊥ that are orthog onal to a and B i is the total numb er of vectors o f weight i in A ⊥ , 0 ≤ i ≤ n . A pplying Theo rem 2.1 and Theo rem 2.2, we get, r espectively: B ( k , m ) = 2 K − n n X i =0 B i K ( i, n ) d n/ 2 = 2 K − n n X i =0 (2 b i − B i ) K ( i, n ) , where d n/ 2 is the numbe r of ba lanced words in C and the number s K ( i, n ) are defined in Lemma 3 .1. So, we y ield: B ( k , m ) − d n/ 2 = 2 K − n +1 n X i =0 ( B i − b i ) K ( i, n ) (6) Clearly , by definitio n of the nu mbers B i and b i , we have: B i ≥ b i . Also, there exists at least one weight i for which last inequality holds strictly , since, other wise the vector a must belong to A . Furthermo re, if k ≥ ( m − 1 ) / 2 then ( m − 1) / ( m − k − 1) ≥ 2 , and hence accord ing to McEliece’ s Theorem all weights o f cod ew ords in A ⊥ are d ivisible by 4. Thu s, by Lemma 3 .1 the n umbers K ( i, n ) are positive and consequen tly , the sum in equation (6) is p ositiv e as well, which completes the p roof. Finally , we shall prove the following extension o f the Conjecture 1 .1 in the case where k = 1 : Proposition 3.3: Any nontr ivial coset of the first o rder bi- nary Reed-Mu ller code RM (1 , m ) c ontains less than 2 m +1 − 2 balanced words. Pr o of: First, let us note that the number of balanc ed words in RM (1 , m ) itself, is 2 m +1 − 2 , and the two unbalanced words are the all-zero and all-one vectors o f leng th 2 m . Let f be an arbitr ary non-affine fu nction and f be its corre- sponding truth tab le. W e consider the coset C = RM (1 , m ) + f . By the P arsev al’ s eq uation ther e exists at least one ω , say ω 0 , such that W f ( ω 0 ) 6 = 0 . Let g = f + x · ω 0 . Clearly , W f ( ω 0 ) = W g ( 0 ) and the refore the function g is unbalanced , as well as g + 1 , of course. Supp ose, g and g + 1 are the only two unba lanced functions (words) in C . Then obviously , W f ( ω ) = 0 , fo r ω 6 = ω 0 and b y the Parse val’ s equation W f ( ω 0 ) = ± 2 m . Hence, accord ing to ( 3), wt ( g ) is equal to either 0 or 2 m , which means that either f = x · ω 0 or f = x · ω 0 + 1 , a con tradiction to a choice of f . Conseque ntly , C co ntains more th an two un balanced words which c ompletes the p roof. I V . A N E X A M P L E In th is sectio n we present an example which illustrates the above considerations. W e shall use the same notatio ns as in the p roof o f Th eorem 3 .2. Consider the ( m − 2) th order Reed -Muller code RM ( m − 2 , m ) , m ≥ 3 , which is in fact th e exten ded Ham ming code of length n = 2 m . The o rthogo nal co de is the first-ord er Reed- Muller code R M (1 , m ) and consists of truth tables of th e affine functio ns an d the vectors 0 , 1 . So, th e nonze ro B ’ s are: B 2 m − 1 = 2 m +1 − 2 and B i = 1 for i = 0 , 2 m . Ap plying equation (1) for the weight-distribution of th e code H m = RM ( m − 2 , m ) , we get the well-known (see e.g. [10]): n X i =0 H i X i = 2 − ( m +1) [(1 + X ) n + (2 m +1 − 2)(1 − X 2 ) n/ 2 + (1 − X ) n ] Thus, we have: B ( m − 2 , m ) = H n/ 2 = 1 n [  n n/ 2  + ( n − 1)  n/ 2 n/ 4  ] Let a 1 be the following 2 m − vector of weight 2 : (0 , 0 , . . . , 1 , 1 ) . This vector is assoc iated with the Boole an function which is a product of the first m − 1 amongst the Boolean variables Y 1 , Y 2 , . . . , Y m − 1 , Y m i.e. the functio n: Y 1 Y 2 . . . Y m − 1 . It is easy to see th at th e tru th tab le o f an affine function is o rthog onal to a 1 only if this functio n d oes not contain Y m as a n essential variable. So, b 2 m − 1 = 2 m − 2 an d since the vectors 0 , 1 are orthogon al to a 1 it f ollows b 0 = b 2 m = 1 . App lying equatio n (2) fo r the weigh t-distribution of the coset C 1 = H m + a 1 , we get: n X i =0 d i X i = 2 − ( m +1) [(1 + X ) n − 2(1 − X 2 ) n/ 2 + (1 − X ) n ] Therefo re, we have: d n/ 2 = 1 n [  n n/ 2  −  n/ 2 n/ 4  ] This r esult coincide s with the o utcome of computatio ns giv en in [5]. In fact, it can be shown that all cosets of RM ( m − 2 , m ) in RM ( m − 1 , m ) are affine equ iv alent (see, e.g. [6 ]) and therefor e they h av e the same weig ht-distribution (in particular, the same n umber of b alanced f unctions). Let, now a 2 be the following 2 m − vector of w eight 1 : (0 , 0 , . . . , 0 , 1 ) . This vector is assoc iated with the Boole an function Y 1 Y 2 . . . Y m − 1 Y m . Of course, we can proceed as in the pr evious case, but the f ollowing simple argum ents sho w that every word in the coset C 2 = H m + a 2 is with odd weight. Indeed , if f ∈ H m then wt ( f ) is an even numb er and wt ( f + a 2 ) is eq ual to w t ( f ) ± 1 accordin gly to the value of the last coordin ate o f f . T hus, there ar e no balanced functio ns in the coset C 2 , and by similar argumen ts this is valid also for all cosets o f R M ( m − 2 , m ) not in RM ( m − 1 , m ) . V . C O N C L U S I O N In this paper , w e conside r an extension o f Cusick- Cheon’ s conjecture o n balan ced Boolean f unction s in the cosets o f the bin ary Reed-Muller co de RM ( k , m ) and prove it in the special cases: k = 1 or k ≥ ( m − 1 ) / 2 . T o o ur kn owledge, the Conjecture 1.1 is st ill unproved (o r disproved) in the remaining cases. Note a lso, that The orem 3.2 is v alid for any code o f ev en leng th wh ose orth ogona l is doubly- ev en cod e i.e. if the weights o f all codewords in the ortho gonal code are divisible by 4. Acknowledgments The auth or wishes to thank Thom as W . Cusick f or pointin g out th e problem an d u seful d iscussions. R E F E R E N C E S [1] E.F . Assmus Jr . and H.F . Mattson Jr . , ” The W eight -Distrib ution of a Coset of a Line ar Code”, IEEE T ransactions on Information T heory , 1978, pp. 497. [2] P . Camion, C. Carlet , P . Charpin , and N. Sendrier , ”On Corre lation- Immune Funct ions”, Crypto 1991, LNCS vol. 576, Springe-V erlag, pp. 86-100, 1992. [3] C. Carlet and A. Klapper , ”Upper Bounds on the Numbers of Resilien t Function s and Bent Functions”, 23rd Symposium on Information Theory in the Benelux, Louv ain-La-Neuv e, Belgique, may 2002. [4] T .W . Cusick and Y . Cheon, ”Counting Balance d Boolean Functions in n V ariables with Bounded Degree”, E xperiment al Mathemati cs , 16:1, pp. 101-105. [5] T .W .Cusick’ s talk at NA TO Advance d Study Institute ”Boolean Func- tions in Cryptolog y and Information Security”, Moscow , September 8- 15, 2007. [6] X.D. Hou, ” GL ( m, 2) Acti ng on R ( r, m ) /R ( r − 1 , m ) ”, Discret e Math. , v ol. 149, pp. 99-122, 1996. [7] T . Kasami, N. T okura, and S. Azumi, ”On the W eight Enumerati on of W eights Less tha n 2.5d of Reed -Muller Codes”, Information and Contr ol , vol. 30, pp. 380-395 , 1976. [8] F .J. McW ill iams and N.J.A. Sloa ne, The Theory of E rr or-Corr ect ing Codes , N orth-Holl and Publishing Company 1977. [9] R.J. McElie ce, ”W eight Congruences for p − ary Cycli c Codes”, Discr ete Math. , 3 (1972), pp. 177-192. [10] W . W . Petersen, Erro r-Corr ecti ng Codes , John Wile y and Sons Inc., 1961. [11] B. Preneel, Analysis and Design of Crypto graph ic Hash Functions , Ph. D. the sis, Katholi eke Univ ersite it Leuven, 1993.