Correlation-Immune Boolean Functions

Updated 15 February 2026

Correlation-immune Boolean functions are mappings from F2^n to F2 that ensure output independence from any t-subset of input bits, characterized by the vanishing of Walsh coefficients.
They underpin cryptographic schemes and coding theory by linking to orthogonal arrays and perfect colorings, which reinforce security against side-channel attacks.
Various construction methods, including algebraic, spectral, and cellular automata approaches, efficiently balance resiliency, nonlinearity, and algebraic immunity for practical applications.

A correlation-immune Boolean function is a mapping $f\colon\mathbb{F}_2^n\to\mathbb{F}_2$ whose output is statistically independent of any subset of its input variables up to a prescribed size, a property characterized spectrally via the vanishing of specified Walsh–Fourier coefficients. Such functions, and their multi-output and unbalanced generalizations, play central roles in cryptographic constructions—particularly for masking schemes against side-channel attacks—coding theory, and the theory of orthogonal arrays. This article provides a comprehensive account of correlation-immune Boolean functions, their algebraic and combinatorial characterizations, classification results, construction methodologies, and extremal bounds.

1. Fundamental Characterizations and Spectra

Let $f \colon \mathbb{F}_2^n \to \mathbb{F}_2$ , where $\mathbb{F}_2$ denotes the binary field. The function is said to be $t$ -th order correlation-immune (CI) if, for any subset $I\subset\{1,\ldots,n\}$ with $|I| \le t$ , the conditional distribution of $f(x)$ is balanced (uniform) for all fixed assignments $x_I=a$ . Spectrally, this property translates to the vanishing of Walsh coefficients for all nonzero $a$ with $1\le \mathrm{wt}(a)\le t$ : $W_f(a) = \sum_{x\in \mathbb{F}_2^n} (-1)^{f(x)\oplus a\cdot x}$ where $\mathrm{wt}(a)$ denotes the Hamming weight. Thus, the defining condition is $W_f(a) = 0$ for all $1\le \mathrm{wt}(a)\le t$ . For symmetric functions, it suffices to verify the condition for a single weight profile at each level (Wang et al., 2019).

Correlation immunity is thus equivalent to the absence of statistical dependence between $f$ and any nontrivial parity of up to $t$ input bits. The spectrum-based characterization provides an algorithmically efficient test and is the basis for spectral construction and classification in cryptographic practice.

2. Combinatorial Equivalence: Orthogonal Arrays and Perfect Colorings

A deep combinatorial equivalence relates $t$ -th order CI to binary orthogonal arrays (OA) of strength $t$ (Mariot et al., 2022). Specifically, the support of $f$ ,

$\operatorname{supp}(f) = \{x\in \mathbb{F}_2^n : f(x) = 1\},$

forms an OA $(N, n, 2, t)$ , that is, an $N \times n$ $0$–$1$ matrix in which every projection onto $t$ columns contains each $2^t$ binary pattern exactly $N/2^t$ times. This OA–CI correspondence establishes direct connections between coding theory, combinatorial design, and Boolean function analysis.

An alternative, graph-theoretic viewpoint relates CI to perfect colorings (equitable partitions) of the $n$ -cube $Q_n$ . Here, a coloring is perfect if the number (and color) of neighbors of a vertex depends only on the color class, and the relevant property is that the nonprincipal eigenvalues of the associated quotient matrix are bounded in terms of the CI order (Krotov et al., 2023, Potapov, 2011). In particular, for $t$ -th order CI, all nonprincipal eigenvalues $\lambda$ satisfy $\lambda\le n-2(t+1)$ .

For $t = n-4$ , there is a full classification of these perfect colorings, and the intersection with low-degree polynomial representations results in a complete enumeration of degree-$3$ ( $n-4$ )-correlation-immune functions up to equivalence (Krotov et al., 2023).

3. Constructions and Structural Properties

3.1. Algebraic and Spectral Constructions

Boolean functions with prescribed correlation immunity can be constructed via several paradigms. The concatenation method, direct product constructions, and iterative techniques with majority and bent-function cores enable the design of functions with targeted resiliency, nonlinearity, and algebraic immunity simultaneously, with circuit size $O(n)$ (Sarkar, 2 Oct 2025). These constructions maintain tight trade-offs among these properties: given parameters $m_0,x_0,a_0$ , there exists an $n$ -variate function $f$ with resiliency at least $m_0$ , linear bias at most $2^{-x_0}$ , and algebraic immunity at least $a_0$ , for $n=O(m_0+x_0+a_0)$ .

3.2. Construction via Cellular Automata and MOCA

Families of mutually orthogonal cellular automata (MOCA) provide a different, graph-theoretic framework for constructing CI functions (Mariot et al., 2022). Here, bipermutive CA are defined by local rules that induce labelings on de Bruijn graphs. Collections of $k$ pairwise-orthogonal bipermutive CA (MOCA) enable the construction of binary OAs of strength at least $2$, with the Boolean function's support defined as the set of row vectors of the OA. Computational experiments for $n\leq12$ variables confirm that the resulting functions not only guarantee CI order $\geq2$ but typically achieve order $\geq3$ .

3.3. Multi-Output and Generalized Boolean Functions

The notion of CI extends naturally to multi-output Boolean functions $f: \mathbb{F}_2^n \to \mathbb{F}_2^m$ . Three spectral characterizations for $(n,m,t)$ -CI functions have been established: the component-wise Walsh transform, the generalized Walsh transform via an encoding $f_g$ into $\mathbb{Z}_{2^m}$ , and a discrete Fourier (DFT) based criterion—each reducing the computational checking in distinctive ways and offering efficiency gains for S-box and masking layer construction (Chai et al., 2019).

4. Classification, Extremal Results, and Bounds

4.1. Inequalities and Extremal Density

The trade-off between the average neighbor count, density, and correlation immunity is captured in the inequality: $\operatorname{nei}(S) + 2(\operatorname{cor}(S) + 1)(1 - \rho(S)) \leq n$ where $S\subseteq \mathbb{F}_2^n$ , $\operatorname{nei}(S)$ is the average number of neighbors in $S$ , $\operatorname{cor}(S)$ is the CI order, and $\rho(S)=|S|/2^n$ is the density (Potapov, 2011). Equality is achieved if and only if $S$ is the support of a perfect coloring, and extremal cases include Hamming codes and their generalizations.

4.2. Fon-Der-Flaass Bound and Classification

For unbalanced Boolean functions (i.e., those not taking each value equally often), the maximum achievable CI order for nonconstant $f$ is $\leq 2n/3-1$ (Fon-Der-Flaass bound) (Fon-Der-Flaass, 2014, Krotov et al., 2018, Krotov, 2020). Functions attaining this bound correspond precisely to equitable 2-partitions of the hypercube with eigenvalue $-n/3$ for the quotient matrix. Specific divisibility conditions restrict the allowed weight distributions, ruling out entire infinite series of putative quotient matrices (Krotov et al., 2018).

Explicit constructions for $n=12$ and $t=7$ yield complete classifications for functions of weights 1024, 1536, and 1792, corresponding to simple OA $(M,12,2,7)$ with $M$ as above. The number of equivalence classes is determined (e.g., there are 103 classes with weight 1536) and links to combinatorial properties such as cycle decompositions of the induced subgraphs in the cube (Krotov, 2020).

4.3. Enumeration and Asymptotic Lower Bounds

Potapov established a super-exponential lower bound on the number of balanced CI functions of median order: for $n$ even, the number $r(n,n/2)$ satisfies $r(n,n/2) \ge n^{2^{(n/2)-2}(1+o(1))}$ (Potapov, 2019). This result demonstrates the abundance—and hence cryptographic utility—of high-order resilient Boolean functions even at maximal feasible orders.

5. Applications and Cryptographic Implications

Correlation-immune Boolean functions are vital in resistant system design, including stream ciphers, S-boxes, masking countermeasures, and side-channel attack prevention. CI functions guarantee that no subset (up to a given order) of input bits provides any statistical leakage about the output, thwarting correlation and divide-and-conquer attacks (Wang et al., 2019, Mariot et al., 2022).

In practical design, the cryptographic objective is to maximize CI order, nonlinearity, and algebraic immunity simultaneously, subject to explicit complexity constraints. The algebraic and spectral trade-offs established in recent constructions (Sarkar, 2 Oct 2025) demonstrate that these properties can be efficiently combined in hardware-compatible designs.

6. Open Problems and Future Directions

Several structural and enumerative aspects of correlation-immune Boolean functions remain open. Notably, the characterization and construction of functions saturating multiple bounds simultaneously (e.g., maximal correlation immunity and optimal algebraic immunity) in the unbalanced setting, classification of non-simple orthogonal arrays for higher strengths, and the extension of spectral characterizations to more general domains are active areas of research (Krotov et al., 2018, Krotov, 2020). Further exploration of MOCA-based, de Bruijn-graph, and group-theoretic constructions promises new families of extremal CI functions (Mariot et al., 2022). Understanding the asymptotic enumeration and the combinatorial structure of these objects is likely to yield new insights in both cryptography and combinatorial design theory.