Correlation immunity and resiliency of Boolean functions

The Boolean functions used in the stream ciphers must be balanced for avoiding statistical dependence between their input and their output ^[1].

Combining function, combiner model, combination generator

A combination generator is a running-key generator for stream cipher applications. It is composed of several linear feedback shift registers whose outputs are combined by a Boolean function to produce the keystream. The combining function ${\displaystyle f(x_{1},x_{2},\dots ,x_{n})}$ is a Boolean function that takes the outputs of ${\displaystyle n}$ individual generators ${\displaystyle (x_{1},x_{2},\dots ,x_{n})}$ as inputs and produces a single output bit at each step. The choice of ${\displaystyle f}$ significantly affects the cryptographic strength of the system, such as its resilience to correlation attacks, balance properties, and algebraic complexity.

Any combination function ${\displaystyle f(x)}$ used for generating the pseudorandom sequence in the stream cipher must stay balanced if we keep constant some coordinates of ${\displaystyle f}$.

Correlation immunity

Definition

The Boolean function ${\displaystyle f}$ is called ${\displaystyle m-}$order correlation immune if the output distribution probability of ${\displaystyle f}$ is unaltered when any ${\displaystyle m}$ of its input bits are kept constant.

Using, Walsh transform below, the Boolean function ${\displaystyle f}$ is ${\displaystyle m-}$order correlation immune if and only if ${\displaystyle {\widehat {f}}(u)=0}$, for all ${\displaystyle u\in \mathbb {F} _{2}^{n}}$, s.t. ${\displaystyle 1\leq w_{H}(u)\leq m,}$, where ${\displaystyle w_{H}(u)}$ is the Hamming weight of ${\displaystyle u}$.

Importance of correlation-immune functions

The notion of correlation-immune function is related to the notion of orthogonal array. The notion of correlation immunity was introduced by Siegenthaler ^[2]. If combining function is not ${\displaystyle m-}$th order correlation-immune, then there exist a correlation between the output of the function and ${\displaystyle m}$ coordinated of its input. Moreover, if ${\displaystyle m}$ is small enough ― a divide-and-conquer attack, correlation attack for stream ciphers, and later improved to fast correlation attack ― uses this weakness for attacking the system.

Resiliency

Definition

Balanced ${\displaystyle m}$-th order correlation-immune functions are called ${\displaystyle m}$-resilient functions.

Using, Walsh transform below, the Boolean function ${\displaystyle f}$ is ${\displaystyle m-}$resilient if and only if ${\displaystyle {\widehat {f}}(u)=0}$, for all ${\displaystyle u\in \mathbb {F} _{2}^{n}}$, s.t. ${\displaystyle w_{H}(u)\leq m,}$.

The maximum value of ${\displaystyle m}$ such that ${\displaystyle f}$ is ${\displaystyle m}$-resilient is called the resiliency order of ${\displaystyle f}$.

Walsh transform of correlation immunity and resiliency

Correlation immunity and resiliency can be characterized through the Walsh transform ^[3]

${\displaystyle {\widehat {f}}(u)=\sum _{x\in \mathbb {F} _{2}^{n}}(-1)^{f(x)\oplus x\cdot u}.}$