Towards an Optimal CNF Encoding of

Boolean Cardinality Constraints

(Technical Report)

Carsten Sinz

Symbolic Computation Group, WSI for Computer Science

University of Tübingen, 72076 Tübingen, Germany
[email protected]

Abstract. We consider the problem of encoding Boolean cardinality constraints

in conjunctive normal form (CNF). Boolean cardinality constraints are formu-
lae expressing that at most (resp. at least) k out of n propositional variables or
formulae are true. We present a unifying framework for a whole family of such
encodings encompassing previously proposed solutions. We give two novel en-
codings that improve upon existing results, one which requires only 7n clauses
and 2n additional variables, and another one demanding O(n · k) clauses, but
with the advantage that inconsistencies can be detected in linear time by unit
propagation alone. Moreover, we prove a linear lower bound on the number of
required clauses for any such encoding.

1 Introduction
Cardinality constraints—expressing numerical bounds on discrete quantities—arise fre-
quently out of the encoding of real-world problems: in product configuration, e.g., en-
gineers want to express that at least n parts of a certain kind are needed for a fully
functional product [1, 2]; in scheduling radio frequencies transmitters have to obey cer-
tain non-interference distance rules [3]; or in reconstructing images form computer to-
mographs different projections impose different numerical constraints on the original
picture [4]. Moreover, the general problem of re-encoding problems of a finite variable
logic in ordinary propositional logic usually requires setting up cardinality constraints
expressing that each variable has to take exactly one of its possible values at any time.
With considerable progress made over the last years in solving propositional satis-
fiability (SAT) instances, interest increased in tackling problems that include cardinal-
ity constraints using SAT-solvers. This requires, however, a re-formulation of cardinal-
ity constraints in the language of purely propositional logic, or, even more restrictive,
in conjunctive normal form (CNF), the predominant input language of modern SAT-
solvers. The SAT-approach also offers the advantage that problem instances consisting
of a mixture of ordinary Boolean constraints and cardinality constraints (occurring fre-
quently in practical applications like product configuration), can be handled with only
one unified technique, thus making the use of hybrid solvers dispensable.
Boolean cardinality constraints are a special—but common—form of cardinality
constraints. They put numerical restrictions on the number of propositional variables
2

that are allowed to be true at the same time. A typical construct like ≤k (x1 , . . . , xn )
means that not more than k out of the n variables x1 , . . . , xn are allowed to be true. The
traditional way of converting a constraint like ≤k (x1 , . . . , xn ) to purely propositional
logic is by explicitly excluding all possible combinations of k + 1 variables being true.
So, exemplarily for the case k = 1, we have to exclude all combinations of two variables
being simultaneously true, thus obtaining
^
(¬xi ∨ ¬xj ) .
1≤i<j≤n

This formula, however, consists of n2 , i.e. O(n2 ), clauses. In general, using the given

translation technique, we obtain the formula

^ _
¬xi
M ⊆{1,...,n} i∈M
|M |=k+1

n


as an encoding of ≤ k (x1 , . . . , xn ). Unfortunately, this encoding requires k+1 clauses
n
p
of length k + 1, which in the worst case of k = dn/2e − 1 amounts to O(2 / n/2)
clauses.1
Better encodings are known. Bailleux and Boufkhad [4], e.g., presented an encoding
requiring only a quadratic number of clauses. Another translation, given by Warners [6]
for the more general case of discrete linear inequalities with integer coefficients, results
in an encoding with 8n clauses and 2n additional variables.

General Approach: Counting and Comparing. In this paper we identify a general

idea that seems to be common to all efficient encodings of cardinality constraints—
although they are often not presented in this form by their authors: first, a (hardware)
circuit is built that computes whether or not the cardinality constraint is fulfilled. Then,
this hardware is encoded as efficiently as possible by a formula in clausal normal form.

x1 s0
x2
ok?
∑ ≤k
sm
xn

Fig. 1. General approach to compute ≤ k (x1 , . . . , xn ): First, sum up the input bits xi with a
unary or binary counter; then, compare the resulting sum with the bound k.

1
The complexity bound is by Stirling’s approximation of n!. A more elaborate result can be
found in [5].
 3

Obviously, there are different possibilities on how to construct such a circuit, but in
general they consist of two subsequent stages: in the first stage, the counter stage, the
number of inputs that are set to true is counted. Then, in a subsequent comparator stage,
it is checked whether the counter result lies within the bound given by the cardinality
constraint. The general approach is displayed in Fig. 1 for the cardinality constraint
≤ k (x1 , . . . , xn ). Two criteria allow a coarse distinction of different counter designs:
(i) Does the circuit count in unary or in binary, i.e., is the counter result encoded as a
unary or binary number?2 And (ii), is the counter realized as a sequential or as a parallel
implementation?
In the literature we have found two counter-based realizations of CNF encodings:
Bailleux and Boufkhad’s solution [4] makes use of a parallel, unary counter; the ap-
proach by Warners [6] resembles a parallel, binary counter, but with some differences
in the encoding and without explicit reference to a hardware design.
The rest of this paper is organized as follows: In the next section we give basic
definitions. Then we present two circuit designs resulting in novel CNF encodings:
one based on a sequential, unary counter, the other based on a parallel, binary counter.
Thereafter, we prove a linear lower bound on the number of clauses for any CNF en-
coding. Finally, we point to possible future directions of research and conclude.

2 Basic Definitions

We consider the general problem of encoding a full propositional language, extended by

cardinality constraints, in conjunctive normal form (CNF)—a problem that frequently
occurs with the encoding of real-world problems as outlined in the introduction. For a
purely propositional conversion procedure (i.e. with no cardinality constraints present)
we refer the reader to the literature [7, 8], and concentrate on the conversion of cardi-
nality constraints themselves instead.
As a starting point for our encoding, we assume a propositional language where
formulae (φ, ψ, . . . ) are built from a set of variables V := {xi | 1 ≤ i ≤ imax } by
using the following generation rule:

φ, ψ ::= ⊥ | > | xi | ¬φ | (φ ∨ ψ) | (φ ∧ ψ) | (φ ⇒ ψ) | (φ ⇔ ψ) | (φ ⊕ ψ) .

Here, ⊥ denotes falsity, > denotes truth, ⊕ stands for exclusive OR, the other symbols
have the usual meaning. The set of all formulae built upon V we will denote by F (V )
or simply F . We further assume the customary definition of the semantics of formulae
using variable assignments α : V → B and corresponding evaluation functions α̂ :
F (V ) → B for formulae, where B = {0, 1} denotes the set of Boolean constants.
We extend our language to additionally include cardinality constaints, i.e. expres-
sions of the form ≤k (φ1 , . . . , φn ), ≥k (φ1 , . . . , φn ), and =k (φ1 , . . . , φn ), with k ∈ Z,
n ≥ 0, and φi ∈ F for 1 ≤ i ≤ n. The intended meaning is that at most (at least,
exactly) k among the formulae φi (1 ≤ i ≤ n) are true. A formal definition of their
semantics is given by the following definition.
2
In a unary number representation, a value n between 0 and k is represented as a vector of k
bits (nk nk−1 . . . n1 ), with the first n bits set to true and the others to false.
4

Definition 1. For a variable assignment α : V → B, the truth value of a cardinality

constraint is determined as follows:

α̂(≤k (φ1 , . . . , φn )) = 1 iff |{φi | α̂(φi ) = 1}| ≤ k

α̂(≥k (φ1 , . . . , φn )) = 1 iff |{φi | α̂(φi ) = 1}| ≥ k
α̂(=k (φ1 , . . . , φn )) = 1 iff |{φi | α̂(φi ) = 1}| = k

We can separate the problem of CNF conversion for cardinality constraints and that
of CNF conversion for the ordinary propositional logical operators by the following
lemma.
SAT
Lemma 1. We denote by φ ≡ ψ that φ and ψ are satisfiability equivalent, i.e. that φ
is satisfiable iff ψ is. Then the following holds:
SAT ^
≤k (φ1 , . . . , φn ) ≡ ≤k (y1 , . . . , yn ) ∧ (φi ⇒ yi )
1≤i≤n
SAT ^
≥k (φ1 , . . . , φn ) ≡ ≥k (y1 , . . . , yn ) ∧ (yi ⇒ φi ) ,
1≤i≤n

where the yi ’s are new propositional variables not occurring in any of the φi ’s.

Proof. With equivalences instead of implications (on the right), the given formulae are
obvious. By the usual polarity argument [8] of CNF conversion, the respective direc-
tions of the equivalences can be dropped.

The following lemma summarizes some simple properties of cardinality constraints.

Lemma 2. For any k ∈ Z, n ∈ N and propositional variables xi (1 ≤ i ≤ n) the

following properties hold:
1. ≤k (x1 , . . . , xn ) iff ≥(n − k) (¬x1 , . . . , ¬xn ).
2. ¬ ≤k (x1 , . . . , xn ) iff ≥(k + 1) (x1 , . . . , xn ).
3. ≤k (x1 , . . . , xn ) is always true for k ≥ n and always false for k < 0.
4. ≥k (x1 , . . . , xn ) is always true for k ≤ 0 and always false for k > n.
5. =k (x1 , . . . , xn ) iff ≤k (x1 , . . . , xn ) ∧ ≥k (x1 , . . . , xn ).

Proof. Trivial.

By Lemma 2, we can restrict our attention to cardinality constraints of the form

≤k (x1 , . . . , xn ), i.e. we need not consider the opposite form ≥k (x1 , . . . , xn ). Alter-
natively, we could have used both forms and restrict k to the interval [0, bn/2c]. More-
over, conversion to negation normal form (NNF) for formulae containing cardinality
constraints can now be accomplished by Lemma 2(2).
We now can define what we mean by a clausal encoding:

Definition 2. A clause set E over the variables V = {x1 , . . . , xn , s1 , . . . , sm } is a

clausal encoding of ≤k (x1 , . . . , xn ) if for all assignments α : {x1 , . . . , xn } → B the
following holds: there is an extension of α to α∗ : V → B that is a model of E if and
 5

only if α is a model of ≤k (x1 , . . . , xn ), i.e. if and only if at most k of the variables xi

are set to 1 by α.3

Thus, a clausal encoding is a representation of ≤k (x1 , . . . , xn ) that preserves sat-

isfiability for all assignments to the variables xi . It may employ auxiliary variables
{s1 , . . . , sm } to encode the cardinality constraint.
To compare the efficiency (according to Bailleux and Boufkhad [4]) of different
encodings we use the following definition, which defines the complexity of evaluating
a clausal encoding of cardinality constraints, i.e. how much time it takes to find out
whether or not a cardinality constraint is fulfilled, given an assignment to all variables
xi of the cardinality constraint.

Definition 3. A clausal encoding E of ≤ k (x1 , . . . , xn ) over the variables V = {x1 ,

. . . , xn , s1 , . . . , sm } is called decidable in time t(n) if the following holds: for each
(partial) assignment α : {x1 , . . . , xn } → B it can be decided in time t(n) whether or
not α possesses an extension α∗ : V → B that is a model of E.

3 Encoding Using a Sequential Counter

We now give a CNF encoding for cardinality constraints of the form ≤k (x1 , . . . , xn )
that is based on a sequential
Pi counter circuit. The circuit is shown in Fig. 2 and computes
partial sums si = j=1 xj for increasing values of i upto the final i = n. The values
of all si ’s are represented as unary numbers. The overflow bits vi are set to true if the
partial sum si is greater than k.

xi

x1 x2 xn si-1,1 ≥1 si,1
&
si-1,2 ≥1 si,2
s1,1 s2,1 sn-1,1 si-1,k-1
si-1,k-1
&
s1,k s2,k sn-1,k si-1,k ≥1 si,k

&

v1 v2 vn vi

Fig. 2. Left: Circuit for computing ≤ k (x1 , . . . , xn ). si,j denotes the j-th digit of the i-th partial
sum si in unary representation; variables vi are overflow bits, indicating that the i-th partial sum
is greater than k. Right: Sub-circuit for computing a partial sum si in unary representation.

3
A model for a formula φ is the same as a satisfying assignment of φ, i.e. an assignment to the
variables of φ under which φ evaluates to true.
6

In the following, to avoid special treatment, we tacitly skip the cases k = 0 as well
as n > 1 and always assume k > 0 and n > 1.4

The first partial sum s1 of the sequential counter is easy to compute, it is just equiv-
alent to x1 , thus s1,1 ⇔ x1 and all other digits of s1 are zero. We therefore obtain
s1,j ⇔ ⊥, or simply ¬s1,j , for 1 < j ≤ k. Moreover, overflow bit v1 is never set
(as k > 0), and therefore v1 ⇔ ⊥. At the other end, the last (n-th) partial sum does
not have to be computed, we only need the overflow bit, for which vn ⇔ xn ∧ sn−1,k
holds. For all intermediate values of i, i.e. i ∈ {2, . . . , n − 1}, we have to add xi to the
already computed partial sum si−1 to obtain si . As the partial sums are given in unary
representation, we just have to set the lowest digit that is still zero in si−1 to one in si
if xi is true. Otherwise, i.e. if xi is false, si = si−1 . In Fig. 2, on the right hand side,
we have depicted the sub-circuit that accomplishes this task. It is easily seen that for
xi = 0 the input bits si−1,j are just copied to the next partial sum si . Otherwise the
lowest 0-digit is switched to 1 in si . The sub-circuit to compute si is characterized by
the following set of equivalences:

si,1 ⇔ xi ∨ si−1,1
si,j ⇔ xi ∧ si−1,j−1 ∨ si−1,j for 1 < j ≤ k
vi ⇔ xi ∧ si−1,k

Now, for the cardinality constraint to be fulfilled, no overflows are allowed, and thus
all vi have to be false. This property conceptionally already belongs to the comparator
part of the whole circuit computing the cardinality constraint. We can use the fact that
¬vi for 1 ≤ i ≤ n has to hold to simplify the equivalences defining the counter circuit.

We can further simplify the set of equivalences, by applying a common technique to

compute compact CNF representations: from the equivalences defining the si,j only one
direction is of relevance, the other can be dropped due to polarity considerations (we just
need the direction from ”right” to ”left”). This technique, that preserves satisfiability of
the whole set of equivalences, was introduced by Tseitin [9] and was later re-invented
and extended by different authors [10, 11, 7, 8]. We refer the reader interested in the
details of this technique to the literature.

We thus arrive at a set of clauses, call it LTn,kSEQ , defining the cardinality constraint
≤ k (x1 , . . . , xn ) based on the sequential counter with the additional property that no

4
The cardinality constraint for the case k = 0 is easily seen to be equivalent to ¬x1 ∧· · ·∧¬xn ,
which is already in CNF. For n = 0, the constraint is always true. For n = 1 it is true if k > 0,
and otherwise equivalent to (¬x1 ).
 7

overflows must occur:

(¬x1 ∨ s1,1 )
(¬s1,j ) for 1 < j ≤ k

(¬xi ∨ si,1 ) 

(¬si−1,1 ∨ si,1 )


 
(¬xi ∨ ¬si−1,j−1 ∨ si,j ) for 1 < i < n
for 1 < j ≤ k
(¬si−1,j ∨ si,j )




(¬xi ∨ ¬si−1,k )


(¬xn ∨ ¬sn−1,k )

The first two lines represent the case i = 1, the last line the case i = n. Counting the
number of clauses nCL in this set, we arrive at k + 1 clauses altogether for the cases
i = 0 and i = n, and (n − 2) · (2(k − 1) + 3) clauses for the remaining cases, summing
up to nCL = 2nk + n − 3k − 1 clauses. Moreover, apart from the essential xi ’s, the
clause set uses nV = (n − 1) · k auxiliary variables.
Due to its practical importance, we give in brief the clause set LTn,1
SEQ for the case
k = 1 explicitly (as a formula):
^ 
(¬x1 ∨s1,1 )∧(¬xn ∨¬sn−1,1 )∧ (¬xi ∨si,1 )∧(¬si−1,1 ∨si,1 )∧(¬xi ∨¬si−1,1 )
1<i<n

This clause set consists of 3n − 4 clauses (and n − 1 additional encoding variables) and
is thus—with regard to the number of clauses—superior to the naı̈ve encoding for all
n > 5. The following theorem summarizes our results.

Theorem 1. LTn,k
SEQ is a clausal encoding of ≤ k (x1 , . . . , xn ) requiring O(n · k)
clauses and O(n · k) auxiliary variables.

Proof. We just give an outline of the proof that LTn,k SEQ is a clausal encoding of ≤
k (x1 , . . . , xn ). By induction we show two parts: first, that setting k + 1 variables of the
xi ’s to true leads to a contradiction and, second, that by setting exactly k of the variables
xi to true all auxiliary encoding variables si,j get fixed values. From the second part it
follows that fixing k variables to true does not lead to a contradiction, and thus setting
less than k variables does so, too. The upper bounds on the number of clauses and
variables can be read off directly from the encoding given in this section.
All details of the proof can be found on the Internet under http://www-sr.informatik.
uni-tuebingen.de/˜sinz/CardConstraints.

The encoding LTn,k SEQ also fulfills the efficiency condition given by Bailleux and
Boufkhad [4]. If more than k variables are set to true (which violates the cardinality
constraint ≤ k (x1 , . . . , xn )), this can be detected by unit propagation alone, i.e. by a
linear time decision procedure. This can be seen immediately from the fact that LTn,k SEQ
consists solely of Horn clauses, and sets of Horn clauses are well known to be decidable
by unit propagation. Therefore LTn,k SEQ is decidable in linear time. Another requirement
8

of efficiency as defined by Bailleux and Boufkhad is that, for a partial assignment that
sets k of the variables xi to true, the value of all other xi ’s must be derivable by unit
propagation. That LTn,k
SEQ fulfills this condition, too, can be seen by the argument given
in the proof of Theorem 1: if k of the variables xi are set to true, all auxiliary variables
si,j have fixed values, and thus the remaining xi ’s are forced to be set to false.
We have observed that many cardinality constraints occurring in practice require
only small values of k (compared to n). Take the following as a typical representative
for such a constraint: in product configuration products are typically equipped with
a set of Boolean variables representing the denomination country of the product. Out
of those, exactly one variable has to be selected, making up a cardinality constraint
with k = 1. Thus, LTn,k SEQ can deliver compact encodings for many cases of practical
relevance.
Besides, note that the clause set LTn,k
SEQ can be further simplified by propagating
and thus removing the unit clauses (¬s1,j ) for 1 < j ≤ k. This would result in a further
reduction in the number of clauses and variables that we do not want to elaborate on
here.

4 Encoding Using a Parallel Counter

The second encoding we present is based on a parallel counter circuit designed by

Muller and Preparata [12]. Their counter (shown in Fig. 3) recursively splits the input
bits xi into two halves, and counts the number of inputs that are set to true in each
half. The results—represented as binary numbers—are then added using a standard m-
bit binary adder. In order to obtain a circuit for cardinality constraints based on this
counter, the output bits of the counter are handed on to a subsequent comparator which
checks whether or not the counter value is less than k. (The comparator is not shown in
Fig. 3.)

4.1 Parallel Counter Circuit

The input to the parallel counter consists of n variables x1 , . . . , xn that are to be

counted. The input variables are divided into two halves of preferably equal size that are
processed by two independent sub-counters in parallel. The first half is always assumed
to be at least as large as the second one and to possess 2m − 1 inputs (for some integer
m). Thus the result of the counter for the first half can always be represented as an m-
bit binary number. The second half is handled by another counter that is responsible for
the remaining inputs (except for one, which is treated separately). These conditions can
be met by choosing m in such a way that 2m ≤ n < 2m+1 holds, i.e. m = blog nc.5
Note that by choosing m that way, it may happen that the second half has to process
less inputs than the first one, including the border case where the second half has no
inputs at all.
The results of each half, represented as binary numbers ym−1 . . . y0 and zm−1 . . . z0
with the usual bit order (i.e. y0 and z0 are the least significant bits), are then added by an
5
By ‘log’ we denote the logarithmus dualis, i.e. the logarithm to the base 2.
 9

x1 x2m-1 x2m xn-1 xn

∑2m-1 ∑2m-1
ym-1 y1 y0 zm-1 z1 z0

Am-1 A1 A0
∑n
sm sm-1 s1 s0

Fig. 3. Parallel counter according to Muller and Preparata [12] for recursively computing the
number of inputs xi that are set to true (represented as a binary number). The sub-circuits Aj are
1-bit-(full-)adders.

ordinary m-bit adder. This m-bit adder is built from m 1-bit adders. In the case shown
in Fig. 3, where the second half also consists of 2m − 1 inputs, all 1-bit-adders have to
be full-adders. In other cases, where n is not of the form 2m+1 − 1, some of them may
be replaced by half-adders (with only two inputs), as some of the counter’s inputs must
be 0. More exactly, this happens for each 0 in the binary representation of n.
Before we give the defining equations for the basic constituents of the parallel
counter—the 1-bit (full and half) adders—we want to derive upper bounds on the num-
ber of those basic building blocks that are needed for the complete circuit. To estimate
the number of full-adders, Muller and Preparata observe that each full-adder has one
output less than it has inputs, and thus reduces the number of “wires” by one (the half-
adders do not change this number). As we start with n inputs and end with m + 1
outputs, we know that our circuit consists of n − (m + 1) full adders. As noted above,
the number of half adders equals the number of zeros in the binary representation of
n and therefore must be less than or equal to m. Thus our parallel counter possesses
exactly n − blog nc − 1 full-adders and at most blog nc half-adders.
Each half-adder is determined by the following set of equivalences
sout ⇔ a ⊕ b
cout ⇔ a ∧ b ,
where we assume that the half-adder computes a + b and that sout and cout are the
sum resp. carry output bit of the half-adder. The equivalences describing the full-adder,
computing a + b + c, are:
sout ⇔ a ⊕ b ⊕ c
cout ⇔ a ∧ b ∨ c ∧ (a ⊕ b) ,
again with the same meaning of the output bits sout and cout . Dropping once more one
direction of the equivalences, and converting the remaining implications (form “right”
10

to “left”) to CNF, yields three clauses

(a ∨ ¬b ∨ sout ) (¬a ∨ ¬b ∨ cout )

(¬a ∨ b ∨ sout )

for each half-adder and seven clauses

(a ∨ b ∨ ¬c ∨ sout ) (¬a ∨ ¬b ∨ cout )

(a ∨ ¬b ∨ c ∨ sout ) (¬a ∨ ¬c ∨ cout )
(¬a ∨ b ∨ c ∨ sout ) (¬b ∨ ¬c ∨ cout )
(¬a ∨ ¬b ∨ ¬c ∨ sout )

for each full-adder. Combining this with the result of the last paragraph, we obtain

7 · (n − blog nc − 1) + 3 · (blog nc) = 7n − 4blog nc − 7

as an upper bound on the number of clauses required for the parallel binary counter.
We may further note that the additionally required variables for the parallel counter
are exactly the sum and overflow bits of the half- and full-adders. We therefore need at
most 2 · (n − 1) additional variables.

4.2 Comparator Circuit

We still need a comparator circuit as a companion to the parallel counter of the last
section in order to encode a cardinality constraint ≤ k (x1 , . . . , xn ). This comparator
circuit has to make sure that the result sm sm−1 . . . s0 of the binary counter is not greater
than k. For building this binary comparator we assume that the constraint’s limit k is
given as an (m + 1)-bit binary number, say k = km . . . k0 . We can then easily give
recursive equations to generate the clauses for the (m + 1)-bit comparator:
(
{{¬s0 }} if k0 = 0
L(k0 ) =
∅ if k0 = 1
(
{{¬si }} ∪ L(ki−1 . . . k0 ) if ki = 0
L(ki . . . k0 ) =
{{¬si }} ⊗ L(ki−1 . . . k0 ) if ki = 1

Here ⊗ denotes clause distribution, i.e. A ⊗ B = {x ∪ y | x ∈ A, y ∈ B} for sets

of clauses A, B. Clause distribution corresponds to computing the disjunction of two
clause sets by applying the distributivity law. With this definition, L(km . . . k0 ) then is
the clause set that ensures that the counter’s output is less than k. The intention behind
the inductive definition is this: for an i-bit comparator, if the highest, i.e. the i-th, bit of
k is zero, then the counter bit si must also be zero (otherwise the counter value would
be greater). If the highest bit is 1, then the lower (i − 1) bit-value of the counter must
be smaller than the lower (i − 1) bit-value of k, but only if si is set.
We want to demonstrate the functioning of the comparator by an example. Let
k = 20 = (10100)2 . Then we obtain the following clause set expressing that the 5-
 11

bit counter value s4 . . . s0 is less than 20:

L(k0 ) = {{¬s0 }}
L(k1 k0 ) = {{¬s1 }, {¬s0 }}
..
.
L(k4 k3 k2 k1 k0 ) = {{¬s4 , ¬s3 }, {¬s4 , ¬s2 , ¬s1 }, {¬s4 , ¬s2 , ¬s0 }}

It is easily seen that the (m + 1)-bit comparator generates as many clauses as there
are zeros in the (m + 1)-bit binary representation of k. As we may assume k to be
not greater than n (see Lemma 2), we obtain a blog nc upper bound on the number of
clauses required for the comparator.
Combining the results of this paragraph with that of the last one and doing the same
for the clause sets of the parallel counter and the comparator (resulting in the clause set
LTn,k
PAR ), we arrive at a theorem characterizing the encoding of cardinality constraints
with a parallel binary counter:

Theorem 2. LTn,kPAR is a clausal encoding of ≤k (x1 , . . . , xn ) requiring at most 7n −

3blog nc − 6 clauses and 2n − 2 auxiliary variables.

Proof. Along the lines of the proof for Theorem 1. For details see http://www-sr.infor-
matik.uni-tuebingen.de/˜sinz/CardConstraints.

5 Comparison
In this section we want to compare the two encodings given in this paper with other en-
codings that can be found in the literature. Criteria for assessing the different encodings
are (i) the number of clauses required for the encoding; (ii) the number of additional
propositional variables required for the encoding; and (iii) the time needed to decide
the encoding (as defined in Def. 3). Besides our two encodings, we have included the
naı̈ve encoding (given in the introduction) and the encodings of Bailleux&Boufkhad
and Warners into our comparison.

Table 1. Comparison of different encodings for ≤ k (x1 , . . . , xn ).

Encoding #clauses
` n ´ #add. vars decided
Naı̈ve k+1
0 immediate
Sequential unary counter (LTn,k
SEQ ) O(n · k) O(n · k) by unit prop.
Parallel binary counter (LTn,k
PAR ) 7n − 3blog nc − 6 2n − 2 by search
Bailleux & Boufkhad [4] O(n2 ) O(n · log n) by unit prop.
Warners [6] 8n 2n by search

Table 1 shows the results. With respect to the number of clauses required, our en-
coding LTn,k
PAR is the best with a little less than 7n clauses; however, it requires search
12

to check whether the constraint is fulfilled or not. Among the encodings requiring no
search, which are thus decidable in linear time, is that of Bailleux&Boufkhad and our
LTn,k
SEQ encoding. The latter performs better for small values of k, whereas the former
is better for large bounds.

6 Lower Bound
Considering the different encodings given in the last section, the question arises in how
far these results can still be improved. To handle this question, we prove a linear lower
bound on the number of clauses required for any clausal encoding of cardinality con-
straints. This means that no sub-linear (e.g. logarithmic) encoding is possible. So, the
formulae derived in the last section are asymptotically optimal with respect to the num-
ber of clauses (i.e. the encoding problem needs Ω(n) clauses) . However, there is still a
gap remaining, in the sense that our lower bound can only show that at least n clauses
are required, whereas the best encoding still uses almost 7n clauses. We believe, how-
ever, that the upper bound is closer to the exact complexity bound.
We want to show now that every encoding of ≤ k (x1 , . . . , xn ) requires at least n
clauses:

Theorem 3. For all n ∈ N and all k with 0 ≤ k < n − 1, each clausal (CNF) encoding
of ≤ k (x1 , . . . , xn ) requires at least n clauses.

Proof. Our proof runs in two parts: First, we show that each literal ¬xi has to occur
at least once in the clause set. Then, we prove that multiple negative literals ¬xi in the
same clause make additional clauses unavoidable.
Let E be any CNF-encoding of ≤ k (x1 , . . . , xn ). To prove the first part, assume
that for some p with 1 ≤ p ≤ n, literal ¬xp does not occur in the clause set E. We
know that, by definition, every assignment α : {x1 , . . . , xn } → B, in which exactly
k variables are set to 1, can be extended to a satisfying assignment α∗ of E by assign-
ing appropriate values to the auxiliary variables. Take any such assignment α with the
additional property that α(xp ) = 0. Such an α always exists, as k < n. Now, let β
be α altered at point xp (i.e. β(xi ) = α(xi ) for all i 6= p and β(xp ) = 1) and β ∗ the
respectively altered extension. As, by assumption, there is no clause containing ¬xp , all
clauses of E remain satisfied. Thus, β ∗ is a satisfying assignment of E in which k + 1
variables are set to 1. This, however, is a contradiction to our assumption that E is a
clausal encoding of ≤ k (x1 , . . . , xn ).
Now, for the second part of our proof, assume that there is a clause c ∈ E containing
some literals ¬xp and ¬xq (with p 6= q) simultaneously. If there is no such clause, E
must contain at least n clauses, one for each literal ¬xp , and we are done.
Consider an assignment α with α(xp ) = α(xq ) = 0 and exactly k literals set to 1.
As k < n − 1 such an assignment always exists. By definition, α can be extended to a
model α∗ of E. Changing α to β by setting β(xq ) = 1, we arrive at an assignment with
k + 1 variables set to 1 and its extension β ∗ still satisfying clause c. As no extension
of β, and thus neither β ∗ , is a model of E, there must be another clause d ∈ E which
is not satisfied by β ∗ , and thus both ¬xp ∈/ d and ¬xq ∈ d must hold. Thus, we have
shown that for all p, q with 1 ≤ p, q ≤ n and p 6= q there must be at least one clause
 13

cq,p that contains ¬xq , but does not contain ¬xp . This requirement can only be met by
at least n clauses.

We want to close this section with two notes: First, note that the case k = n − 1
can be accomplished with less than n clauses. One clause, namely (¬x1 ∨ · · · ∨ ¬xn )
is sufficient. For k = n no restictions apply, and thus no clauses at all are required.
Second, if k 6= 0, it turns out that all clauses in an optimal CNF-encoding of E must be
non-unit clauses. To see this, assume that there exists a unit-clause that is essential, i.e.
contains exactly one of the variables xi and thus cannot be removed. Such a unit-clause
must contain a negative literal (as can be seen from the prove above), thus it must be of
the form (¬xi ). This, however, is a contradiction, as setting xi to true must be allowed
if k > 0.

7 Conclusions and Future Work

We have presented two methods for encoding Boolean cardinality constraints in con-
junctive normal form. Both methods improve on existing results: one achieves the cur-
rently least known number of clauses (to the best of the author’s knowledge), the other
has advantages for constraints of the form ≤k (x1 , . . . , xn ) for small values of k.
Moreover, we have shown a lower bound on the number of clauses required for any
clausal encoding of cardinality constraints. Such a proof touches the realm of Boolean
function complexity [13, 14]. It might be an interesting topic for future research to see in
how far results from this field are transferrable to the area of minimal clausal encodings.
We think that looking for improved lower bounds is worthwhile and still expect
much room for improvement. Moreover, an experimental evaluation of the different
encodings should be of interest.

Availability: We have implemented generators for both the LTn,k n,k

SEQ and the LTPAR en-
coding in C++. They can be downloaded at http://www-sr.informatik.uni-tuebingen.de/
˜sinz/CardConstraints.

References
1. Sabin, D., Weigel, R.: Product configuration frameworks – a survey. IEEE Intelligent Sys-
tems 13 (1998) 42–49
2. Küchlin, W., Sinz, C.: Proving consistency assertions for automotive product data manage-
ment. J. Automated Reasoning 24 (2000) 145–163
3. Cabon, B., de Givry, S., Lobjois, L., Schiex, T., Warners, J.P.: Radio link frequency assign-
ment. Constraints 4 (1999) 79–89
4. Bailleux, O., Boufkhad, Y.: Efficient CNF encoding of boolean cardinality constraints. In
Rossi, F., ed.: 9th Intl. Conf. on Principles and Practice of Constraint Programming (CP
2003). Volume 2833 of Lecture Notes in Computer Science., Springer (2003) 108–122
5. Stanica, P.: Good lower and upper bounds on binomial coefficients. Journal of Inequalities
in Pure and Applied Mathematics 2 (2001)
6. Warners, J.P.: A linear-time transformation of linear inequalities into conjunctive normal
form. Inf. Process. Lett. 68 (1998) 63–69
14

7. Nonnengart, A., Rock, G., Weidenbach, C.: On generating small clause normal forms. In
Kirchner, C., Kirchner, H., eds.: 15th Intl. Conf. on Automated Deduction (CADE-15). Vol-
ume 1421 of Lecture Notes in Computer Science., Springer (1998) 397–411
8. Jackson, P., Sheridan, D.: The optimality of a fast CNF conversion and its use with
SAT. Technical Report APES-82-2004, APES Research Group (2004) Available from
http://www.dcs.st-and.ac.uk/ apes/apesreports.html.
9. Tseitin, G.S.: On the complexity of derivation in propositional calculus. In Silenko, A.O.,
ed.: Studies in Constructive Mathematics and Mathematical Logic. (1970) 115–125
10. Murray, N.V.: Completely non-clausal theorem proving. Artif. Intell. 18 (1982) 67–85
11. Plaisted, D.A., Greenbaum, S.: A structure-preserving clause form translation. J. Symb.
Comput. 2 (1986) 293–304
12. Muller, D.E., Preparata, F.P.: Bounds to complexities of networks for sorting and for switch-
ing. J. ACM 22 (1975) 195–201
13. Wegener, I.: The Complexity of Boolean Functions. Wiley-Teubner (1987)
14. Paterson, M., ed.: Boolean Function Complexity. Number 169 in London Mathematical
Society Lecture Note Series. Cambridge University Press (1992)