Analysis on Boolean Function in a Restricted (Biased) Domain

Abstract

Boolean functions are usually studied under the assumption that each input bit is considered independent and identically distributed. However, in the case of some stream ciphers, a keystream bit is generated by using a nonlinear Boolean function with inputs from a restricted domain. At Eurocrypt 2016, one such stream cipher (FLIP) has been proposed, where a Boolean function on $n$ variables was exploited with inputs of weight $\frac {n}{2}$ only. Recently, Carlet et al. studied several properties of such functions and obtained certain bounds on linear approximations of direct sum in the restricted domain. In this paper, we observe that for a direct sum like $f=f_{1}+f_{2}$ , the inputs to each sub-function $f_{1}$ , $f_{2}$ do not follow a uniform distribution in the restricted domain. In this regard, we study the properties of the Boolean functions by considering a general probability distribution on the inputs. We further obtain several bounds related to the biases of direct sums. Finally, we obtain a lower bound on the bias of the nonlinear filter function of FLIP. Our results provide a general framework to study security parameters of ciphers over restricted domain.