Minimizing the Boolean circuit implementation of a given cryptographic function is an important issue. A number of papers [1], [2], [3], [4] only consider cancellation-free straight-line programs for producing small circuits over GF(2). Cancellation is allowed by the Boyar–Peralta (BP) heuristic [5], [6]. This yields a valuable tool for practical applications such as building fast software and low-power circuits for cryptographic applications, e.g. AES [5], [7], HMAC-SHA-1 [8], PRESENT [9], GOST [9], and so on. However, the BP heuristic does not take into account the matrix density. In a dense linear system the rows can be computed by adding or removing a few elements from a “common path” that is “close” to almost all rows. The new heuristic described in this paper will merge the idea of “cancellation” and “common path”. An extensive testing activity has been performed. Experimental results of the new and the BP heuristic were compared. They show that the Boyar–Peralta results are not optimal on dense systems.

最小化给定密码函数的布尔电路实现是一个重要的问题。许多论文[1]，[2]，[3]，[4]仅考虑了用于制造GF（2）上的小电路的免取消直线程序。Boyar–Peralta（BP）启发式[5]，[6]允许取消。这为实际应用提供了有价值的工具，例如为加密应用构建快速软件和低功耗电路，例如AES [5]，[7]，HMAC-SHA-1 [8]，PRESENT [9]，GOST [9] ， 等等。但是，BP启发式没有考虑矩阵密度。在密集的线性系统中，可以通过从“接近”几乎所有行的“公用路径”中添加或删除一些元素来计算行。本文介绍的新启发式方法将融合“取消”和“共同道路”的思想。已经进行了广泛的测试活动。比较了新算法和BP启发式算法的实验结果。他们表明，在密集系统上，Boyar-Peralta结果并非最佳。