The Multiplicative Complexity of Boolean Functions on Four and Five Variables

A generic way to design lightweight cryptographic primitives is to construct simple rounds using small nonlinear components such as 4x4 S-boxes and use these iteratively (e.g., PRESENT and SPONGENT). In order to efficiently implement the primitive, efficient implementations of its internal components are needed. Multiplicative complexity of a function is the minimum number of AND gates required to implement it by a circuit over the basis (AND, XOR, NOT). It is known that multiplicative complexity is exponential in the number of input bits n. Thus it came as a surprise that circuits for all 65 536 functions on four bits were found which used at most three AND gates. In this paper, we verify this result and extend it to five-variable Boolean functions. We show that the multiplicative complexity of a Boolean function with five variables is at most four

Neural networks, error-correcting codes, and polynomials over the binary n-cube

Several ways of relating the concept of error-correcting codes to the concept of neural networks are presented. Performing maximum-likelihood decoding in a linear block error-correcting code is shown to be equivalent to finding a global maximum of the energy function of a certain neural network. Given a linear block code, a neural network can be constructed in such a way that every codeword corresponds to a local maximum. The connection between maximization of polynomials over the n-cube and error-correcting codes is also investigated; the results suggest that decoding techniques can be a useful tool for solving such maximization problems. The results are generalized to both nonbinary and nonlinear codes

Determining the Multiplicative Complexity of Boolean Functions using SAT

We present a constructive SAT-based algorithm to determine the multiplicative complexity of a Boolean function, i.e., the smallest number of AND gates in any logic network that consists of 2-input AND gates, 2-input XOR gates, and inverters. In order to speed-up solving time, we make use of several symmetry breaking constraints; these exploit properties of XAGs that may be useful beyond the proposed SAT-based algorithm. We further propose a heuristic post-optimization algorithm to reduce the number of XOR gates once the optimum number of AND gates has been obtained, which also makes use of SAT solvers. Our algorithm is capable to find all optimum XAGs for representatives of all 5-input affine-equivalent classes, and for a set of frequently occurring 6-input functions.Comment: 8 pages, 2 tables, comments welcom

Computing all monomials of degree n−1n-1 using 2n−32n-3 AND gates

We consider the vector-valued Boolean function $f:\{0,1\}^n\rightarrow \{0,1\}^n$ that outputs all $n$ monomials of degree $n-1$, i.e., $f_i(x)=\bigwedge_{j\neq i}x_j$, for $n\geq 3$. Boyar and Find have shown that the multiplicative complexity of this function is between $2n-3$ and $3n-6$. Determining its exact value has been an open problem that we address in this paper. We present an AND-optimal implementation of $f$ over the gate set $\{\text{AND},\text{XOR},\text{NOT}\}$, thus establishing that the multiplicative complexity of $f$ is exactly $2n-3$