On the Fourier Spectra of the Infinite Families of Quadratic APN Functions

It is well known that a quadratic function defined on a finite field of odd degree is almost bent (AB) if and only if it is almost perfect nonlinear (APN). For the even degree case there is no apparent relationship between the values in the Fourier spectrum of a function and the APN property. In this article we compute the Fourier spectrum of the new quadranomial family of APN functions. With this result, all known infinite families of APN functions now have their Fourier spectra and hence their nonlinearities computed.Comment: 12 pages, submitted to Adavances in the Mathematics of communicatio

Gold functions and switched cube functions are not 0-extendable in dimension n > 5

In the independent works by Kalgin and Idrisova and by Beierle, Leander and Perrin, it was observed that the Gold APN functions over $\mathbb {F}_{2^5}$ give rise to a quadratic APN function in dimension 6 having maximum possible linearity of $2^5$ (that is, minimum possible nonlinearity $2^4$). In this article, we show that the case of $n \le 5$ is quite special in the sense that Gold APN functions in dimension $n>5$ cannot be extended to quadratic APN functions in dimension $n+1$ having maximum possible linearity. In the second part of this work, we show that this is also the case for APN functions of the form $x \mapsto x^3 + \mu (x)$ with $\mu$ being a quadratic Boolean function.publishedVersio

Computational investigation of 0-APN monomials

This thesis is dedicated to exploring methods for deciding whether a power function $F(x) = x^d$ is 0-APN. Any APN function is 0-APN, and so 0-APN-ness is a necessary condition for APN-ness. APN functions are cryptographically optimal, and are thus an object of significant interest. Deciding whether a given power function is 0-APN, or APN, is a very difficult computational problem in dimensions greater than e.g. 30. Methods which allow this to be resolved more efficiently are thus instrumental to resolving open problems such as Dobbertin's conjecture. Dobbertin's conjecture states that any APN power function must be equivalent to a representative from one of the six known infinite families. This has been verified for all dimensions up to 34, and up to 42 for even dimensions. There have, however, been no further developments, and so Dobbertin's conjecture remains one of the oldest and most well-known open problems in the area. In this work, we investigate some methods for efficiently testing 0-APN-ness. A 0-APN function can be characterized as one that does not vanish on any 2-dimensional linear subspace. We determine the minimum number of linear subspaces that have to be considered in order to check whether a power function is 0-APN. We characterize the elements of this minimal set of linear subspaces, and formulate and implement efficient procedures for generating it. We computationally test the efficiency of this method for dimension 35, and conclude that it can be used to decide 0-APN-ness much faster than by conventional methods, although a dedicated effort would be needed to exploit this further due to the huge number of exponents that need to be checked in high dimensions such as 35. Based on our computational results, we observe that most of the cubic power functions are 0-APN. We generalize this observation into a ``doubly infinite'' family of 0-APN functions, i.e. a construction giving infinitely many exponents, each of which is 0-APN over infinitely many dimensions. We also present some computational results on the differential uniformity of these exponents, and observe that the Gold and Inverse power functions can be expressed using the doubly infinite family.Masteroppgave i informatikkINF399MAMN-PROGMAMN-IN

On Two Fundamental Problems on APN Power Functions

The six infinite families of power APN functions are among the oldest known instances of APN functions, and it has been conjectured in 2000 that they exhaust all possible power APN functions. Another long-standing open problem is that of the Walsh spectrum of the Dobbertin power family, which is still unknown. Those of Kasami, Niho and Welch functions are known, but not the precise values of their Walsh transform, with rare exceptions. One promising approach that could lead to the resolution of these problems is to consider alternative representations of the functions in questions. We derive alternative representations for the infinite APN monomial families. We show how the Niho, Welch, and Dobbertin functions can be represented as the composition xi∘x1/j of two power functions, and prove that our representations are optimal, i.e. no two power functions of lesser algebraic degree can be used to represent the functions in this way. We investigate compositions xi∘L∘x1/j for a linear polynomial L , show how the Kasami functions in odd dimension can be expressed in this way with i=j being a Gold exponent and compute all APN functions of this form for n≤9 and for L with binary coefficients, thereby showing that our theoretical constructions exhaust all possible cases. We present observations and data on power functions with exponent ∑k−1i=122ni−1 which generalize the inverse and Dobbertin families. We present data on the Walsh spectrum of the Dobbertin function for n≤35 , and conjecture its exact form. As an application of our results, we determine the exact values of the Walsh transform of the Kasami function at all points of a special form. Computations performed for n≤21 show that these points cover about 2/3 of the field.acceptedVersio

Towards a deeper understanding of APN functions and related longstanding problems

This dissertation is dedicated to the properties, construction and analysis of APN and AB functions. Being cryptographically optimal, these functions lack any general structure or patterns, which makes their study very challenging. Despite intense work since at least the early 90's, many important questions and conjectures in the area remain open. We present several new results, many of which are directly related to important longstanding open problems; we resolve some of these problems, and make significant progress towards the resolution of others. More concretely, our research concerns the following open problems: i) the maximum algebraic degree of an APN function, and the Hamming distance between APN functions (open since 1998); ii) the classification of APN and AB functions up to CCZ-equivalence (an ongoing problem since the introduction of APN functions, and one of the main directions of research in the area); iii) the extension of the APN binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$ into an infinite family (open since 2006); iv) the Walsh spectrum of the Dobbertin function (open since 2001); v) the existence of monomial APN functions CCZ-inequivalent to ones from the known families (open since 2001); vi) the problem of efficiently and reliably testing EA- and CCZ-equivalence (ongoing, and open since the introduction of APN functions). In the course of investigating these problems, we obtain i.a. the following results: 1) a new infinite family of APN quadrinomials (which includes the binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$); 2) two new invariants, one under EA-equivalence, and one under CCZ-equivalence; 3) an efficient and easily parallelizable algorithm for computationally testing EA-equivalence; 4) an efficiently computable lower bound on the Hamming distance between a given APN function and any other APN function; 5) a classification of all quadratic APN polynomials with binary coefficients over $F_{2^n}$ for $n \le 9$; 6) a construction allowing the CCZ-equivalence class of one monomial APN function to be obtained from that of another; 7) a conjecture giving the exact form of the Walsh spectrum of the Dobbertin power functions; 8) a generalization of an infinite family of APN functions to a family of functions with a two-valued differential spectrum, and an example showing that this Gold-like behavior does not occur for infinite families of quadratic APN functions in general; 9) a new class of functions (the so-called partially APN functions) defined by relaxing the definition of the APN property, and several constructions and non-existence results related to them.Doktorgradsavhandlin

On known constructions of APN and AB functions and their relation to each other

This work is dedicated to APN and AB functions which are optimal against differential and linear cryptanlysis when used as Sboxes in block ciphers. They also have numerous applications in other branches of mathematics and information theory such as coding theory, sequence design, combinatorics, algebra and projective geometry. In this paper we give an overview of known constructions of APN and AB functions, in particular, those leading to infinite classes of these functions. Among them, the bivariate construction method, the idea first introduced in 2011 by the third author of the present paper, turned out to be one of the most fruitful. It has been known since 2011 that one of the families derived from the bivariate construction contains the infinite families derived by Dillon’s hexanomial method. Whether the former family is larger than the ones it contains has stayed an open problem which we solve in this paper. Further we consider the general bivariate construction from 2013 by the third author and study its relation to the recently found infinite families of bivariate APN functions

Analysis, classification and construction of optimal cryptographic Boolean functions

Modern cryptography is deeply founded on mathematical theory and vectorial Boolean functions play an important role in it. In this context, some cryptographic properties of Boolean functions are defined. In simple terms, these properties evaluate the quality of the cryptographic algorithm in which the functions are implemented. One cryptographic property is the differential uniformity, introduced by Nyberg in 1993. This property is related to the differential attack, introduced by Biham and Shamir in 1990. The corresponding optimal functions are called Almost Perfect Nonlinear functions, shortly APN. APN functions have been constructed, studied and classified up to equivalence relations. Very important is their classification in infinite families, i.e. constructing APN functions that are defined for infinitely many dimensions. In spite of an intensive study of these maps, many fundamental problems related to APN functions are still open and relatively few infinite families are known so far. In this thesis we present some constructions of APN functions and study some of their properties. Specifically, we consider a known construction, L1(x^3)+L2(x^9) with L1 and L2 linear maps, and we introduce two new constructions, the isotopic shift and the generalised isotopic shift. In particular, using the two isotopic shift constructing techniques, in dimensions 8 and 9 we obtain new APN functions and we cover many unclassified cases of APN maps. Here new stands for inequivalent (in respect to the so-called CCZ-equivalence) to already known ones. Afterwards, we study two infinite families of APN functions and their generalisations. We show that all these families are equivalent to each other and they are included in another known family. For many years it was not known whether all the constructed infinite families of APN maps were pairwise inequivalent. With our work, we reduce the list to those inequivalent to each other. Furthermore, we consider optimal functions with respect to the differential uniformity in fields of odd characteristic. These functions, called planar, have been valuable for the construction of new commutative semifields. Planar functions present often a close connection with APN maps. Indeed, the idea behind the isotopic shift construction comes from the study of isotopic equivalence, which is defined for quadratic planar functions. We completely characterise the mentioned equivalence by means of the isotopic shift and the extended affine equivalence. We show that the isotopic shift construction leads also to inequivalent planar functions and we analyse some particular cases of this construction. Finally, we study another cryptographic property, the boomerang uniformity, introduced by Cid et al. in 2018. This property is related to the boomerang attack, presented by Wagner in 1999. Here, we study the boomerang uniformity for some known classes of permutation polynomials.Doktorgradsavhandlin

Mathematical aspects of the design and security of block ciphers

Block ciphers constitute a major part of modern symmetric cryptography. A mathematical analysis is necessary to ensure the security of the cipher. In this thesis, I develop several new contributions for the analysis of block ciphers. I determine cryptographic properties of several special cryptographically interesting mappings like almost perfect nonlinear functions. I also give some new results both on the resistance of functions against differential-linear attacks as well as on the efficiency of implementation of certain block ciphers