On sets determining the differential spectrum of mappings

Special issue on the honor of Gerard CohenInternational audienceThe differential uniformity of a mapping $F : F 2 n → F 2 n$ is defined as the maximum number of solutions $x$ for equations $F (x+a)+F (x) = b$ when a ̸ = 0 and $b$ run over $F 2 n$. In this paper we study the question whether it is possible to determine the differential uniformity of a mapping by considering not all elements a ̸ = 0, but only those from a special proper subset of $F 2 n \ {0}$. We show that the answer is " yes " , when $F$ has differential uniformity 2, that is if $F$ is APN. In this case it is enough to take a ̸ = 0 on a hyperplane in $F 2 n$. Further we show that also for a large family of mappings F of a special shape, it is enough to consider a from a suitable multiplicative subgroup of $F 2 n$

Partially APN Boolean functions and classes of functions that are not APN infinitely often

In this paper we define a notion of partial APNness and find various characterizations and constructions of classes of functions satisfying this condition. We connect this notion to the known conjecture that APN functions modified at a point cannot remain APN. In the second part of the paper, we find conditions for some transformations not to be partially APN, and in the process, we find classes of functions that are never APN for infinitely many extensions of the prime field \F_2, extending some earlier results of Leander and Rodier.Comment: 24 pages; to appear in Cryptography and Communication

An infinite family of 0-APN monomials with two parameters

We consider an infinite family of exponents e(l, k) with two parameters, l and k, and derive sufficient conditions for e(l, k) to be 0-APN over F2n . These conditions allow us to generate, for each choice of l and k, an infinite list of dimensions n where xe(l,k) is 0-APN much more efficiently than in general. We observe that the Gold and Inverse exponents, as well as the inverses of the Gold exponents can be expressed in the form e(l, k) for suitable l and k. We characterize all cases in which e(l, k) can be cyclotomic equivalent to a representative from the Gold, Kasami, Welch, Niho, and Inverse families of exponents. We characterize when e(l, k) can lie in the same cyclotomic coset as the Dobbertin exponent (without considering inverses) and provide computational data showing that the Dobbertin inverse is never equivalent to e(l, k). We computationally test the APN-ness of e(l, k) for small values of l and k over F2n for n≤100 , and sketch the limits to which such tests can be performed using currently available technology. We conclude that there are no APN monomials among the tested functions, outside of the known classes.publishedVersio

Differential uniformity and the associated codes of cryptographic functions

International audienceThe associated codes of almost perfect nonlinear (APN) functions have been widely studied. In this paper we consider more generally the codes associated with functions that have differential uniformity at least 4. We emphasize, for such a function F , the role of codewords of weight 3 and 4 and of some cosets of its associated code C F. We give some properties on codes associated with differential uniformity exactly 4. We obtain lower bounds and upper bounds for the numbers of codewords of weight less than 5 of the codes C F. We show that the nonlinearity of F decreases when these numbers increase. We obtain a precise expression to compute these numbers when F is a plateaued or a differentially two-valued function. As an application, we propose a method to construct differentially 4-uniform functions with a large number of 2-to-1 derivatives from APN functions

Towards a deeper understanding of APN functions and related longstanding problems

This dissertation is dedicated to the properties, construction and analysis of APN and AB functions. Being cryptographically optimal, these functions lack any general structure or patterns, which makes their study very challenging. Despite intense work since at least the early 90's, many important questions and conjectures in the area remain open. We present several new results, many of which are directly related to important longstanding open problems; we resolve some of these problems, and make significant progress towards the resolution of others. More concretely, our research concerns the following open problems: i) the maximum algebraic degree of an APN function, and the Hamming distance between APN functions (open since 1998); ii) the classification of APN and AB functions up to CCZ-equivalence (an ongoing problem since the introduction of APN functions, and one of the main directions of research in the area); iii) the extension of the APN binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$ into an infinite family (open since 2006); iv) the Walsh spectrum of the Dobbertin function (open since 2001); v) the existence of monomial APN functions CCZ-inequivalent to ones from the known families (open since 2001); vi) the problem of efficiently and reliably testing EA- and CCZ-equivalence (ongoing, and open since the introduction of APN functions). In the course of investigating these problems, we obtain i.a. the following results: 1) a new infinite family of APN quadrinomials (which includes the binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$); 2) two new invariants, one under EA-equivalence, and one under CCZ-equivalence; 3) an efficient and easily parallelizable algorithm for computationally testing EA-equivalence; 4) an efficiently computable lower bound on the Hamming distance between a given APN function and any other APN function; 5) a classification of all quadratic APN polynomials with binary coefficients over $F_{2^n}$ for $n \le 9$; 6) a construction allowing the CCZ-equivalence class of one monomial APN function to be obtained from that of another; 7) a conjecture giving the exact form of the Walsh spectrum of the Dobbertin power functions; 8) a generalization of an infinite family of APN functions to a family of functions with a two-valued differential spectrum, and an example showing that this Gold-like behavior does not occur for infinite families of quadratic APN functions in general; 9) a new class of functions (the so-called partially APN functions) defined by relaxing the definition of the APN property, and several constructions and non-existence results related to them.Doktorgradsavhandlin