A Highly Nonlinear Differentially 4 Uniform Power Mapping That Permutes Fields of Even Degree

Functions with low differential uniformity can be used as the s-boxes of symmetric cryptosystems as they have good resistance to differential attacks. The AES (Advanced Encryption Standard) uses a differentially-4 uniform function called the inverse function. Any function used in a symmetric cryptosystem should be a permutation. Also, it is required that the function is highly nonlinear so that it is resistant to Matsui's linear attack. In this article we demonstrate that a highly nonlinear permutation discovered by Hans Dobbertin has differential uniformity of four and hence, with respect to differential and linear cryptanalysis, is just as suitable for use in a symmetric cryptosystem as the inverse function.Comment: 10 pages, submitted to Finite Fields and Their Application

Differentially 4-uniform functions

We give a geometric characterization of vectorial boolean functions with differential uniformity less or equal to 4

Differentially low uniform permutations from known 4-uniform functions

Functions with low differential uniformity can be used in a block cipher as S-boxes since they have good resistance to differential attacks. In this paper we consider piecewise constructions for permutations with low differential uniformity. In particular, we give two constructions of differentially 6-uniform functions, modifying the Gold function and the Bracken–Leander function on a subfield.publishedVersio

New Results about the Boomerang Uniformity of Permutation Polynomials

In EUROCRYPT 2018, Cid et al. \cite{BCT2018} introduced a new concept on the cryptographic property of S-boxes: Boomerang Connectivity Table (BCT for short) for evaluating the subtleties of boomerang-style attacks. Very recently, BCT and the boomerang uniformity, the maximum value in BCT, were further studied by Boura and Canteaut \cite{BC2018}. Aiming at providing new insights, we show some new results about BCT and the boomerang uniformity of permutations in terms of theory and experiment in this paper. Firstly, we present an equivalent technique to compute BCT and the boomerang uniformity, which seems to be much simpler than the original definition from \cite{BCT2018}. Secondly, thanks to Carlet's idea \cite{Carlet2018}, we give a characterization of functions $f$ from $\mathbb{F}_{2}^n$ to itself with boomerang uniformity $\delta_{f}$ by means of the Walsh transform. Thirdly, by our method, we consider boomerang uniformities of some specific permutations, mainly the ones with low differential uniformity. Finally, we obtain another class of $4$-uniform BCT permutation polynomials over $\mathbb{F}_{2^n}$, which is the first binomial.Comment: 25 page

The differential spectrum of a ternary power mapping

Postponed access: the file will be available after 2022-03-06A function f(x)from the finite field GF(pn)to itself is said to be differentially δ-uniform when the maximum number of solutions x ∈GF(pn)of f(x +a) −f(x) =bfor any a ∈GF(pn)∗and b ∈GF(pn)is equal to δ. Let p =3and d =3n−3. When n >1is odd, the power mapping f(x) =xdover GF(3n)was proved to be differentially 2-uniform by Helleseth, Rong and Sandberg in 1999. Fo r even n, they showed that the differential uniformity Δfof f(x)satisfies 1 ≤Δf≤5. In this paper, we present more precise results on the differential property of this power mapping. Fo r d =3n−3with even n >2, we show that the power mapping xdover GF(3n)is differentially 4-uniform when n ≡2 (mod 4) and is differentially 5-uniform when n ≡0 (mod 4). Furthermore, we determine the differential spectrum of xdfor any integer n >1.acceptedVersio

On sets determining the differential spectrum of mappings

Special issue on the honor of Gerard CohenInternational audienceThe differential uniformity of a mapping $F : F 2 n → F 2 n$ is defined as the maximum number of solutions $x$ for equations $F (x+a)+F (x) = b$ when a ̸ = 0 and $b$ run over $F 2 n$. In this paper we study the question whether it is possible to determine the differential uniformity of a mapping by considering not all elements a ̸ = 0, but only those from a special proper subset of $F 2 n \ {0}$. We show that the answer is " yes " , when $F$ has differential uniformity 2, that is if $F$ is APN. In this case it is enough to take a ̸ = 0 on a hyperplane in $F 2 n$. Further we show that also for a large family of mappings F of a special shape, it is enough to consider a from a suitable multiplicative subgroup of $F 2 n$