A Matrix Approach for Constructing Quadratic APN Functions

We find a one to one correspondence between quadratic APN functions without linear or constant terms and a special kind of matrices (We call such matrices as QAMs). Based on the nice mathematical structures of the QAMs, we have developed efficient algorithms to construct quadratic APN functions. On $\mathbb{F}_{2^7}$, we have found more than 470 classes of new CCZ-inequivalent quadratic APN functions, which is 20 times more than the known ones. Before this paper, there are only 23 classes of CCZ-inequivalent APN functions on $\mathbb{F}_{2^{8}}$ have been found. With our method, we have found more than 2000 classes of new CCZ-inequivalent quadratic APN functions, and this number is still increasing quickly

On a secondary construction of quadratic APN functions

Almost perfect nonlinear functions possess the optimal resistance to the differential cryptanalysis and are widely studied. Most known constructions of APN functions are obtained as functions over finite fields F27 and very little is known about combinatorial constructions in F2n. We consider how to obtain a quadratic APN function in n + 1 variables from a given quadratic APN function in n variables using special restrictions on new terms

Функции на расстоянии один от APN-функций от малого числа переменных

Исследуется вопрос существования APN-функций на расстоянии один друг от друга. Доказано, что гипотеза о том, что таких APN-функций нет, выполнена для большинства известных APN-функций от не более чем восьми переменных

Invariants for EA- and CCZ-equivalence of APN and AB functions

An (n,m)-function is a mapping from ${\mathbb {F}_{2}^{n}}$ to ${\mathbb {F}_{2}^{m}}$. Such functions have numerous applications across mathematics and computer science, and in particular are used as building blocks of block ciphers in symmetric cryptography. The classes of APN and AB functions have been identified as cryptographically optimal with respect to the resistance against two of the most powerful known cryptanalytic attacks, namely differential and linear cryptanalysis. The classes of APN and AB functions are directly related to optimal objects in many other branches of mathematics, and have been a subject of intense study since at least the early 90’s. Finding new constructions of these functions is hard; one of the most significant practical issues is that any tentatively new function must be proven inequivalent to all the known ones. Testing equivalence can be significantly simplified by computing invariants, i.e. properties that are preserved by the respective equivalence relation. In this paper, we survey the known invariants for CCZ- and EA-equivalence, with a particular focus on their utility in distinguishing between inequivalent instances of APN and AB functions. We evaluate each invariant with respect to how easy it is to implement in practice, how efficiently it can be calculated on a computer, and how well it can distinguish between distinct EA- and CCZ-equivalence classes.publishedVersio

On values of vectorial Boolean functions and related problems in APN functions

In this paper we prove that there are only differential 4-uniform functions which are on distance 1 from an APN function. Also we prove that there are no APN functions of distance 1 from another APN functions up to dimension 5. We determine some properties of the set of values of an arbitrary vectorial Boolean function from F_n^2 to F_n^2 in connection to the set of values of its derivatives. These results are connected to several open question concerning metric properties of APN functions

Discrete antiderivatives for functions over F_pⁿ

In the design of cryptographic functions, the properties of their discrete derivatives have to be carefully considered, as many cryptographic attacks exploit these properties. One can therefore attempt to first construct derivatives with the desired properties and then recover the function itself. Recently Suder developed an algorithm for reconstructing a function (also called antiderivative) over the finite field F2n given its discrete derivatives in up to n linearly independent directions. Pasalic et al. also presented an algorithm for determining a function over Fpn given one of its derivatives. Both algorithms involve solving a pn×pn system of linear equations; the functions are represented as univariate polynomials over Fpn. We show that this apparently high computational complexity is not intrinsic to the problem, but rather a consequence of the representation used. We describe a simpler algorithm, with quasilinear complexity, provided we work with a different representation of the functions. Namely they are polynomials in n variables over Fp in algebraic normal form (for p>2, additionally, we need to use the falling factorial polynomial basis) and the directions of the derivatives are the canonical basis of Fpn. Algorithms for other representations (the directions of the derivatives not being the canonical basis vectors or the univariate polynomials over Fpn mentioned above) can be obtained by combining our algorithm with converting between representations. However, the complexity of these conversions is, in the worst case, exponential. As an application, we develop a method for constructing new quadratic PN (Perfect Nonlinear) functions. We use an approach similar to the one of Suder, who used antiderivatives to give an alternative formulation of the methods of Weng et al. and Yu et al. for searching for new quadratic APN (Almost Perfect Nonlinear) functions

Deciding EA-equivalence via invariants

We define a family of efficiently computable invariants for (n,m)-functions under EA-equivalence, and observe that, unlike the known invariants such as the differential spectrum, algebraic degree, and extended Walsh spectrum, in the case of quadratic APN functions over $\mathbb {F}_{2^n}$ with n even, these invariants take on many different values for functions belonging to distinct equivalence classes. We show how the values of these invariants can be used constructively to implement a test for EA-equivalence of functions from $\mathbb {F}_{2}^{n}$ to $\mathbb {F}_{2}^{m}$; to the best of our knowledge, this is the first algorithm for deciding EA-equivalence without resorting to testing the equivalence of associated linear codes.publishedVersio