Towards a deeper understanding of APN functions and related longstanding problems

This dissertation is dedicated to the properties, construction and analysis of APN and AB functions. Being cryptographically optimal, these functions lack any general structure or patterns, which makes their study very challenging. Despite intense work since at least the early 90's, many important questions and conjectures in the area remain open. We present several new results, many of which are directly related to important longstanding open problems; we resolve some of these problems, and make significant progress towards the resolution of others. More concretely, our research concerns the following open problems: i) the maximum algebraic degree of an APN function, and the Hamming distance between APN functions (open since 1998); ii) the classification of APN and AB functions up to CCZ-equivalence (an ongoing problem since the introduction of APN functions, and one of the main directions of research in the area); iii) the extension of the APN binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$ into an infinite family (open since 2006); iv) the Walsh spectrum of the Dobbertin function (open since 2001); v) the existence of monomial APN functions CCZ-inequivalent to ones from the known families (open since 2001); vi) the problem of efficiently and reliably testing EA- and CCZ-equivalence (ongoing, and open since the introduction of APN functions). In the course of investigating these problems, we obtain i.a. the following results: 1) a new infinite family of APN quadrinomials (which includes the binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$); 2) two new invariants, one under EA-equivalence, and one under CCZ-equivalence; 3) an efficient and easily parallelizable algorithm for computationally testing EA-equivalence; 4) an efficiently computable lower bound on the Hamming distance between a given APN function and any other APN function; 5) a classification of all quadratic APN polynomials with binary coefficients over $F_{2^n}$ for $n \le 9$; 6) a construction allowing the CCZ-equivalence class of one monomial APN function to be obtained from that of another; 7) a conjecture giving the exact form of the Walsh spectrum of the Dobbertin power functions; 8) a generalization of an infinite family of APN functions to a family of functions with a two-valued differential spectrum, and an example showing that this Gold-like behavior does not occur for infinite families of quadratic APN functions in general; 9) a new class of functions (the so-called partially APN functions) defined by relaxing the definition of the APN property, and several constructions and non-existence results related to them.Doktorgradsavhandlin

Triplicate functions

We define the class of triplicate functions as a generalization of 3-to-1 functions over GF(2^n) for even values of n. We investigate the properties and behavior of triplicate functions, and of 3-to-1 among triplicate functions, with particular attention to the conditions under which such functions can be APN. We compute the exact number of distinct differential sets of power APN functions and quadratic 3-to-1 functions; we show that, in this sense, quadratic 3-to-1 functions are a generalization of quadratic power APN functions for even dimensions, while quadratic APN permutations are generalizations of quadratic power APN functions for odd dimensions. We show that quadratic 3-to-1 APN functions cannot be CCZ-equivalent to permutations in the case of doubly-even dimensions. We survey all known infinite families of APN functions with respect to the presence of 3-to-1 functions among them, and conclude that for even n almost all of the known infinite families contain functions that are quadratic 3-to-1 or EA-equivalent to quadratic 3-to-1 functions. We also give a simpler univariate representation of the family recently introduced by Gologlu singly-even dimensions n than the ones currently available in the literature

cc-differential uniformity, (almost) perfect cc-nonlinearity, and equivalences

In this article, we introduce new notions $cc$-differential uniformity, $cc$-differential spectrum, PccN functions and APccN functions, and investigate their properties. We also introduce $c$-CCZ equivalence, $c$-EA equivalence, and $c1$-equivalence. We show that $c$-differential uniformity is invariant under $c1$-equivalence, and $cc$-differential uniformity and $cc$-differential spectrum are preserved under $c$-CCZ equivalence. We characterize $cc$-differential uniformity of vectorial Boolean functions in terms of the Walsh transformation. We investigate $cc$-differential uniformity of power functions $F(x)=x^d$. We also illustrate examples to prove that $c$-CCZ equivalence is strictly more general than $c$-EA equivalence.Comment: 18 pages. Comments welcom

Mathematical aspects of the design and security of block ciphers

Block ciphers constitute a major part of modern symmetric cryptography. A mathematical analysis is necessary to ensure the security of the cipher. In this thesis, I develop several new contributions for the analysis of block ciphers. I determine cryptographic properties of several special cryptographically interesting mappings like almost perfect nonlinear functions. I also give some new results both on the resistance of functions against differential-linear attacks as well as on the efficiency of implementation of certain block ciphers

Autocorrelations of Vectorial Boolean Functions

International audienceRecently, BarOn et al. introduced at Eurocrypt'19 a new tool, called the differential-linear connectivity table (DLCT), which allows for taking into account the dependency between the two subciphers E0 and E1 involved in differential-linear attacks. This paper presents a theoretical characterization of the DLCT, which corresponds to an autocorrelation table (ACT) of a vectorial Boolean function. We further provide some new theoretical results on ACTs of vectorial Boolean functions

Investigations on cc-Boomerang Uniformity and Perfect Nonlinearity

We defined in~\cite{EFRST20} a new multiplicative $c$-differential, and the corresponding $c$-differential uniformity and we characterized the known perfect nonlinear functions with respect to this new concept, as well as the inverse in any characteristic. The work was continued in~\cite{RS20}, investigating the $c$-differential uniformity for some further APN functions. Here, we extend the concept to the boomerang uniformity, introduced at Eurocrypt '18 by Cid et al.~\cite{Cid18}, to evaluate S-boxes of block ciphers, and investigate it in the context of perfect nonlinearity and related functions.Comment: 31 pages, 1 figur

Improved bounds on sizes of generalized caps in AG(n,q)AG(n,q)

An $m$-general set in $AG(n,q)$ is a set of points such that any subset of size $m$ is in general position. A $3$-general set is often called a capset. In this paper, we study the maximum size of an $m$-general set in $AG(n,q)$, significantly improving previous results. When $m=4$ and $q=2$ we give a precise estimate, solving a problem raised by Bennett.Comment: Revised version. To appear in SIAM Journal on Discrete Mathematic