If a generalised butterfly is APN then it operates on 6 bits

International audienceWhether there exist Almost Perfect Non-linear permutations (APN) operating on an even number of bit is the so-called Big APN Problem. It has been solved in the 6-bit case by Dillon et al. in 2009 but, since then, the general case has remained an open problem. In 2016, Perrin et al. discovered the butterfly structure which contains Dillon et al.'s permutation over $F_2^6$. Later, Canteaut et al. generalised this structure and proved that no other butterflies with exponent 3 can be APN. Recently, Yongqiang et al. further generalized the structure with Gold exponent and obtained more differentially 4-uniform permutations with the optimal nonlinearity. However, the existence of more APN permutations in their generalization was left as an open problem. In this paper, we adapt the proof technique of Canteaut et al. to handle all Gold exponents and prove that a generalised butterfly with Gold exponents over $F_2^{2n}$ can never be APN when n > 3. More precisely, we prove that such a generalised butterfly being APN implies that the branch size is strictly smaller than 5. Hence, the only APN butterflies operate on 3-bit branches, i.e. on 6 bits in total

Cryptographically strong permutations from the butterfly structure

Boomerang connectivity table is a new tool to characterize the vulnerability of cryptographic functions against boomerang attacks. Consequently, a cryptographic function is desired to have boomerang uniformity as low as its differential uniformity. Based on generalized butterfly structures recently introduced by Canteaut, Duval and Perrin, this paper presents infinite families of permutations of ${\mathbb {F}}_{2^{2n}}$ for a positive odd integer n, which have the best known nonlinearity and boomerang uniformity 4. Both open and closed butterfly structures are considered. The open butterflies, according to experimental results, appear not to produce permutations with boomerang uniformity 4. On the other hand, from the closed butterflies we derive a condition on coefficients $\alpha , \beta \in {\mathbb {F}}_{2^n}$ such that the functions $$\begin{aligned} V_i(x,y) := (R_i(x,y), R_i(y,x)), \end{aligned}$$ where $R_i(x,y)=(x+\alpha y)^{2^i+1}+\beta y^{2^i+1}$ and $\gcd (i,n)=1$, permute ${{\mathbb {F}}}_{2^n}^2$ and have boomerang uniformity 4. In addition, experimental results for $n=3, 5$ indicate that the proposed condition seems to cover all such permutations $V_i(x,y)$ with boomerang uniformity 4.acceptedVersio