On $2k$-Variable Symmetric Boolean Functions with Maximum Algebraic Immunity $k$

Algebraic immunity of Boolean function $f$ is defined as the minimal degree of a nonzero $g$ such that $fg=0$ or $(f+1)g=0$. Given a positive even integer $n$, it is found that the weight distribution of any $n$-variable symmetric Boolean function with maximum algebraic immunity $\frac{n}{2}$ is determined by the binary expansion of $n$. Based on the foregoing, all $n$-variable symmetric Boolean functions with maximum algebraic immunity are constructed. The amount is $(2\wt(n)+1)2^{\lfloor \log_2 n \rfloor}$

💡 Research Summary

The paper investigates the algebraic immunity (AI) of symmetric Boolean functions when the number of variables n is even, i.e., n = 2k. AI of a Boolean function f is defined as the smallest degree of a non‑zero Boolean polynomial g such that either f·g = 0 or (f + 1)·g = 0. It is well known that the maximal possible AI for an n‑variable Boolean function is ⌈n/2⌉, and for even n this bound equals k = n/2. While the odd‑variable case has been completely characterized (maximum‑AI functions must be balanced and only two symmetric functions satisfy this), the even‑variable case remained largely open, especially for symmetric functions, which are of practical interest because of their compact representation and hardware efficiency.

The authors first recall basic notions: the algebraic normal form (ANF), the simplified value vector (SVV) v_f = (v_f(0),…,v_f(n)) that records the function’s output for inputs of each Hamming weight, and the simplified ANF (SANF) vector λ_f. Lemma 2.1 shows the duality between v_f and λ_f via Lucas’ theorem, while Lemma 2.2 states that a symmetric function of degree < 2^ℓ has a period 2^ℓ in its SVV. Lemma 2.3 identifies the majority function as a canonical example attaining AI = k.

A central technical tool is the weight‑support (WS) technique. For a Boolean polynomial P_b = ∏{i=1}^{b}(x{2i‑1}+x_{2i}) the weight support is WS(P_b) = {b}. Lemma 2.4 proves that any non‑trivial annihilator g of a symmetric function f can be written as g = P_b·h where b ≤ ⌊n/2⌋ and h is a symmetric polynomial of degree ≤ deg(g) − b. Consequently, if f has maximal AI = k, the WS of f and that of any potential annihilator must be disjoint, imposing strong constraints on the SVV.

The paper’s main contribution is a complete description of those constraints for even n. Writing n in the form n = 2^p·μ + 2m with 0 ≤ m < 2^p, the authors prove (Theorem 3.1) that for any i, j ∈ {1,…,μ} the SVV must satisfy

 v_f(2^p·μ + m − 2^p·i + 2^p − 1) = v_f(2^p·μ + m + 2^p·j − 2^p − 1) + 1 (mod 2).

In other words, the values of v_f on two families of indices—one “below” the middle point and one “above” it—must be complementary. This condition is derived first for the special case where n is a multiple of 4 (Lemma 3.1) and then generalized to any even n. The proof proceeds by induction on μ and uses the WS technique to construct a low‑degree annihilator whenever the condition is violated, thereby contradicting the assumption AI = k.

Having established the necessary condition, the authors show it is also sufficient. They construct explicit annihilators for any violation, and conversely prove that any symmetric function obeying the condition cannot admit a non‑zero annihilator of degree < k. Two concrete families of functions satisfying the condition are presented (Theorem 3.5), demonstrating that the condition indeed captures all maximal‑AI symmetric functions.

Finally, the enumeration of such functions is performed. Let wt(n) denote the number of 1’s in the binary expansion of n. For each 1‑bit there are two possible choices (the “upper” or “lower” block of the SVV), giving 2·wt(n) possibilities, plus one extra possibility corresponding to the constant‑balanced case. The remaining ⌊log₂ n⌋ bits of the SVV can be chosen arbitrarily, yielding a factor 2^{⌊log₂ n⌋}. Hence the total number of n‑variable symmetric Boolean functions with AI = n/2 is

 (2·wt(n) + 1) · 2^{⌊log₂ n⌋}.

This formula extends earlier partial results and provides a closed‑form count for all even‑variable symmetric functions with optimal algebraic immunity.

In summary, the paper delivers a full structural characterization and exact enumeration of even‑variable symmetric Boolean functions attaining the maximal algebraic immunity k = n/2. The results deepen the theoretical understanding of symmetric functions in cryptographic design, offering a concrete catalogue of functions that are provably resistant to algebraic attacks while retaining the implementation advantages of symmetry.