A New Method to Investigate the CCZ-Equivalence between Functions with Low Differential Uniformity

Recently, many new classes of differentially $4$-uniform permutations have been constructed. However, it is difficult to decide whether they are CCZ-inequivalent or not. In this paper, we propose a new notion called Projected Differential Spectrum . By considering the properties of the projected differential spectrum, we find several relations that should be satisfied by CCZ-equivalent functions. Based on these results, we mathematically prove that any differentially $4$-uniform permutation constructed in \cite{CTTL} by {C.Carlet, D.Tang, X.Tang, et al.,} is CCZ-inequivalent to the inverse function. We also get two interesting results with the help of computer experiments. The first one is a proof that any permutation constructed in \cite{CTTL} is CCZ-inequivalent to a function which is the summation of the inverse function and any Boolean function on \gf_{2^{2k}} when $4\le k\le 7$. The second one is a differentially $4$-uniform permutation on \gf_{2^6} which is CCZ-inequivalent to any function in the aforementioned two classes

cc-differential uniformity, (almost) perfect cc-nonlinearity, and equivalences

In this article, we introduce new notions $cc$-differential uniformity, $cc$-differential spectrum, PccN functions and APccN functions, and investigate their properties. We also introduce $c$-CCZ equivalence, $c$-EA equivalence, and $c1$-equivalence. We show that $c$-differential uniformity is invariant under $c1$-equivalence, and $cc$-differential uniformity and $cc$-differential spectrum are preserved under $c$-CCZ equivalence. We characterize $cc$-differential uniformity of vectorial Boolean functions in terms of the Walsh transformation. We investigate $cc$-differential uniformity of power functions $F(x)=x^d$. We also illustrate examples to prove that $c$-CCZ equivalence is strictly more general than $c$-EA equivalence.Comment: 18 pages. Comments welcom

On the Derivative Imbalance and Ambiguity of Functions

In 2007, Carlet and Ding introduced two parameters, denoted by $Nb_F$ and $NB_F$, quantifying respectively the balancedness of general functions $F$ between finite Abelian groups and the (global) balancedness of their derivatives $D_a F(x)=F(x+a)-F(x)$, $a\in G\setminus\{0\}$ (providing an indicator of the nonlinearity of the functions). These authors studied the properties and cryptographic significance of these two measures. They provided for S-boxes inequalities relating the nonlinearity $\mathcal{NL}(F)$ to $NB_F$, and obtained in particular an upper bound on the nonlinearity which unifies Sidelnikov-Chabaud-Vaudenay's bound and the covering radius bound. At the Workshop WCC 2009 and in its postproceedings in 2011, a further study of these parameters was made; in particular, the first parameter was applied to the functions $F+L$ where $L$ is affine, providing more nonlinearity parameters. In 2010, motivated by the study of Costas arrays, two parameters called ambiguity and deficiency were introduced by Panario \emph{et al.} for permutations over finite Abelian groups to measure the injectivity and surjectivity of the derivatives respectively. These authors also studied some fundamental properties and cryptographic significance of these two measures. Further studies followed without that the second pair of parameters be compared to the first one. In the present paper, we observe that ambiguity is the same parameter as $NB_F$, up to additive and multiplicative constants (i.e. up to rescaling). We make the necessary work of comparison and unification of the results on $NB_F$, respectively on ambiguity, which have been obtained in the five papers devoted to these parameters. We generalize some known results to any Abelian groups and we more importantly derive many new results on these parameters

Computational search for isotopic semifields and planar functions in characteristic 3

In this thesis, we investigate the possibility of finding new planar functions and corresponding semifields in characteristic 3 by the construction of isotopic semifields from the known families and sporadic instances of planar functions. Using the conditions laid out by Coulter and Henderson, we are able to deduce that a number of the known infinite families can never produce CCZ-inequivalent functions via isotopism. For the remaining families, we computationally investigate the isotopism classes of their instances over finite fields of order 3^n for n ≤ 8. We find previously unknown isotopisms between the semifields corresponding to some of the known planar functions for n = 6 and n = 8. This allows us to refine the known classification of planar functions up to isotopism, and to provide an updated, partial classification up to isotopism over finite fields of order 3^n for n ≤ 8.Masteroppgave i informatikkINF399MAMN-INFMAMN-PRO

Towards a deeper understanding of APN functions and related longstanding problems

This dissertation is dedicated to the properties, construction and analysis of APN and AB functions. Being cryptographically optimal, these functions lack any general structure or patterns, which makes their study very challenging. Despite intense work since at least the early 90's, many important questions and conjectures in the area remain open. We present several new results, many of which are directly related to important longstanding open problems; we resolve some of these problems, and make significant progress towards the resolution of others. More concretely, our research concerns the following open problems: i) the maximum algebraic degree of an APN function, and the Hamming distance between APN functions (open since 1998); ii) the classification of APN and AB functions up to CCZ-equivalence (an ongoing problem since the introduction of APN functions, and one of the main directions of research in the area); iii) the extension of the APN binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$ into an infinite family (open since 2006); iv) the Walsh spectrum of the Dobbertin function (open since 2001); v) the existence of monomial APN functions CCZ-inequivalent to ones from the known families (open since 2001); vi) the problem of efficiently and reliably testing EA- and CCZ-equivalence (ongoing, and open since the introduction of APN functions). In the course of investigating these problems, we obtain i.a. the following results: 1) a new infinite family of APN quadrinomials (which includes the binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$); 2) two new invariants, one under EA-equivalence, and one under CCZ-equivalence; 3) an efficient and easily parallelizable algorithm for computationally testing EA-equivalence; 4) an efficiently computable lower bound on the Hamming distance between a given APN function and any other APN function; 5) a classification of all quadratic APN polynomials with binary coefficients over $F_{2^n}$ for $n \le 9$; 6) a construction allowing the CCZ-equivalence class of one monomial APN function to be obtained from that of another; 7) a conjecture giving the exact form of the Walsh spectrum of the Dobbertin power functions; 8) a generalization of an infinite family of APN functions to a family of functions with a two-valued differential spectrum, and an example showing that this Gold-like behavior does not occur for infinite families of quadratic APN functions in general; 9) a new class of functions (the so-called partially APN functions) defined by relaxing the definition of the APN property, and several constructions and non-existence results related to them.Doktorgradsavhandlin

An efficient implementation of a test for EA-equivalence

We implement an algorithm for testing EA-equivalence between vectorial Boolean functions proposed by Kaleyski in the C programming language, and observe that it reduces the running time (as opposed to the original Magma implementation of the algorithm) necessary to decide equivalence up to 300 times in many cases. Our implementation also significantly reduces the memory usage, and makes it possible to run the algorithms for dimensions from 10 onwards, which was impossible using the original implementation due to its memory consumption. Our approach allows us to reconstruct the exact form of the equivalence and to prove that two given functions are equivalent (for comparison, computing invariants for the functions, which is the approach typically used in practice, only allows us to show that two functions are not equivalent). Furthermore, our approach works for functions of any algebraic degree, while most existing approaches (such as invariants and other algorithms for EA-equivalence) are restricted to the quadratic case. We then adapt Kaleyski’s algorithm to test for linear and affine equivalence instead of EA-equivalence. We supply an implementation in C of this procedure as well. As an application, we show how this method can be used to test quadratic APN functions for EA-equivalence through the linear equivalence of their orthoderivatives. We observe that by taking this approach, we can reduce the time necessary for deciding EA-equivalence up to 20 times (as compared with our efficient C implementation from the previous paragraph). The downside compared to Kaleyski’s original algorithm is that this faster method makes it difficult to recover the exact form of the EA-equivalence between the tested APN functions. We confirm this by running some computational experiments in dimension 6, and observing that only one out of all possible linear equivalences between the orthoderivatives corresponds to the EA-equivalence between the APN functions in question. To the best of our knowledge, this is the first investigation into the exact relationship between the EA-equivalence of quadratic APN functions and the affine equivalence of their orthoderivatives given in the literature.Masteroppgave i informatikkINF399MAMN-INFMAMN-PRO

Classification and computational search for planar functions in characteristic 3

Masteroppgave i informatikkINF399MAMN-PROGMAMN-IN

Computational investigation of 0-APN monomials

This thesis is dedicated to exploring methods for deciding whether a power function $F(x) = x^d$ is 0-APN. Any APN function is 0-APN, and so 0-APN-ness is a necessary condition for APN-ness. APN functions are cryptographically optimal, and are thus an object of significant interest. Deciding whether a given power function is 0-APN, or APN, is a very difficult computational problem in dimensions greater than e.g. 30. Methods which allow this to be resolved more efficiently are thus instrumental to resolving open problems such as Dobbertin's conjecture. Dobbertin's conjecture states that any APN power function must be equivalent to a representative from one of the six known infinite families. This has been verified for all dimensions up to 34, and up to 42 for even dimensions. There have, however, been no further developments, and so Dobbertin's conjecture remains one of the oldest and most well-known open problems in the area. In this work, we investigate some methods for efficiently testing 0-APN-ness. A 0-APN function can be characterized as one that does not vanish on any 2-dimensional linear subspace. We determine the minimum number of linear subspaces that have to be considered in order to check whether a power function is 0-APN. We characterize the elements of this minimal set of linear subspaces, and formulate and implement efficient procedures for generating it. We computationally test the efficiency of this method for dimension 35, and conclude that it can be used to decide 0-APN-ness much faster than by conventional methods, although a dedicated effort would be needed to exploit this further due to the huge number of exponents that need to be checked in high dimensions such as 35. Based on our computational results, we observe that most of the cubic power functions are 0-APN. We generalize this observation into a ``doubly infinite'' family of 0-APN functions, i.e. a construction giving infinitely many exponents, each of which is 0-APN over infinitely many dimensions. We also present some computational results on the differential uniformity of these exponents, and observe that the Gold and Inverse power functions can be expressed using the doubly infinite family.Masteroppgave i informatikkINF399MAMN-PROGMAMN-IN