On the Derivative Imbalance and Ambiguity of Functions

In 2007, Carlet and Ding introduced two parameters, denoted by $Nb_F$ and $NB_F$, quantifying respectively the balancedness of general functions $F$ between finite Abelian groups and the (global) balancedness of their derivatives $D_a F(x)=F(x+a)-F(x)$, $a\in G\setminus\{0\}$ (providing an indicator of the nonlinearity of the functions). These authors studied the properties and cryptographic significance of these two measures. They provided for S-boxes inequalities relating the nonlinearity $\mathcal{NL}(F)$ to $NB_F$, and obtained in particular an upper bound on the nonlinearity which unifies Sidelnikov-Chabaud-Vaudenay's bound and the covering radius bound. At the Workshop WCC 2009 and in its postproceedings in 2011, a further study of these parameters was made; in particular, the first parameter was applied to the functions $F+L$ where $L$ is affine, providing more nonlinearity parameters. In 2010, motivated by the study of Costas arrays, two parameters called ambiguity and deficiency were introduced by Panario \emph{et al.} for permutations over finite Abelian groups to measure the injectivity and surjectivity of the derivatives respectively. These authors also studied some fundamental properties and cryptographic significance of these two measures. Further studies followed without that the second pair of parameters be compared to the first one. In the present paper, we observe that ambiguity is the same parameter as $NB_F$, up to additive and multiplicative constants (i.e. up to rescaling). We make the necessary work of comparison and unification of the results on $NB_F$, respectively on ambiguity, which have been obtained in the five papers devoted to these parameters. We generalize some known results to any Abelian groups and we more importantly derive many new results on these parameters

Mathematical aspects of the design and security of block ciphers

Block ciphers constitute a major part of modern symmetric cryptography. A mathematical analysis is necessary to ensure the security of the cipher. In this thesis, I develop several new contributions for the analysis of block ciphers. I determine cryptographic properties of several special cryptographically interesting mappings like almost perfect nonlinear functions. I also give some new results both on the resistance of functions against differential-linear attacks as well as on the efficiency of implementation of certain block ciphers

Towards a deeper understanding of APN functions and related longstanding problems

This dissertation is dedicated to the properties, construction and analysis of APN and AB functions. Being cryptographically optimal, these functions lack any general structure or patterns, which makes their study very challenging. Despite intense work since at least the early 90's, many important questions and conjectures in the area remain open. We present several new results, many of which are directly related to important longstanding open problems; we resolve some of these problems, and make significant progress towards the resolution of others. More concretely, our research concerns the following open problems: i) the maximum algebraic degree of an APN function, and the Hamming distance between APN functions (open since 1998); ii) the classification of APN and AB functions up to CCZ-equivalence (an ongoing problem since the introduction of APN functions, and one of the main directions of research in the area); iii) the extension of the APN binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$ into an infinite family (open since 2006); iv) the Walsh spectrum of the Dobbertin function (open since 2001); v) the existence of monomial APN functions CCZ-inequivalent to ones from the known families (open since 2001); vi) the problem of efficiently and reliably testing EA- and CCZ-equivalence (ongoing, and open since the introduction of APN functions). In the course of investigating these problems, we obtain i.a. the following results: 1) a new infinite family of APN quadrinomials (which includes the binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$); 2) two new invariants, one under EA-equivalence, and one under CCZ-equivalence; 3) an efficient and easily parallelizable algorithm for computationally testing EA-equivalence; 4) an efficiently computable lower bound on the Hamming distance between a given APN function and any other APN function; 5) a classification of all quadratic APN polynomials with binary coefficients over $F_{2^n}$ for $n \le 9$; 6) a construction allowing the CCZ-equivalence class of one monomial APN function to be obtained from that of another; 7) a conjecture giving the exact form of the Walsh spectrum of the Dobbertin power functions; 8) a generalization of an infinite family of APN functions to a family of functions with a two-valued differential spectrum, and an example showing that this Gold-like behavior does not occur for infinite families of quadratic APN functions in general; 9) a new class of functions (the so-called partially APN functions) defined by relaxing the definition of the APN property, and several constructions and non-existence results related to them.Doktorgradsavhandlin

Triplicate functions

We define the class of triplicate functions as a generalization of 3-to-1 functions over $\mathbb {F}_{2^{n}}$ for even values of n. We investigate the properties and behavior of triplicate functions, and of 3-to-1 among triplicate functions, with particular attention to the conditions under which such functions can be APN. We compute the exact number of distinct differential sets of power APN functions and quadratic 3-to-1 functions; we show that, in this sense, quadratic 3-to-1 functions are a generalization of quadratic power APN functions for even dimensions, in the same way that quadratic APN permutations are generalizations of quadratic power APN functions for odd dimensions. We show that quadratic 3-to-1 APN functions cannot be CCZ-equivalent to permutations in the case of doubly-even dimensions. We compute a lower bound on the Hamming distance between any two quadratic 3-to-1 APN functions, and give an upper bound on the number of such functions over $\mathbb {F}_{2^{n}}$ for any even n. We survey all known infinite families of APN functions with respect to the presence of 3-to-1 functions among them, and conclude that for even n almost all of the known infinite families contain functions that are quadratic 3-to-1 or are EA-equivalent to quadratic 3-to-1 functions. We also give a simpler univariate representation in the case of singly-even dimensions of the family recently introduced by Göloglu than the ones currently available in the literature. We conduct a computational search for quadratic 3-to-1 functions in even dimensions n ≤ 12. We find six new APN instances for n = 10, and the first sporadic APN instance for n = 12 since 2006. We provide a list of all known 3-to-1 APN functions for n ≤ 12.publishedVersio

A new family of semifields with 2 parameters

A new family of commutative semifields with two parameters is presented. Its left and middle nucleus are both determined. Furthermore, we prove that for any different pairs of parameters, these semifields are not isotopic. It is also shown that, for some special parameters, one semifield in this family can lead to two inequivalent planar functions. Finally, using similar construction, new APN functions are given

Quadratic Zero-Difference Balanced Functions, APN Functions and Strongly Regular Graphs

Let $F$ be a function from $\mathbb{F}_{p^n}$ to itself and $\delta$ a positive integer. $F$ is called zero-difference $\delta$-balanced if the equation $F(x+a)-F(x)=0$ has exactly $\delta$ solutions for all non-zero $a\in\mathbb{F}_{p^n}$. As a particular case, all known quadratic planar functions are zero-difference 1-balanced; and some quadratic APN functions over $\mathbb{F}_{2^n}$ are zero-difference 2-balanced. In this paper, we study the relationship between this notion and differential uniformity; we show that all quadratic zero-difference $\delta$-balanced functions are differentially $\delta$-uniform and we investigate in particular such functions with the form $F=G(x^d)$, where $\gcd(d,p^n-1)=\delta +1$ and where the restriction of $G$ to the set of all non-zero $(\delta +1)$-th powers in $\mathbb{F}_{p^n}$ is an injection. We introduce new families of zero-difference $p^t$-balanced functions. More interestingly, we show that the image set of such functions is a regular partial difference set, and hence yields strongly regular graphs; this generalizes the constructions of strongly regular graphs using planar functions by Weng et al. Using recently discovered quadratic APN functions on $\mathbb{F}_{2^8}$, we obtain $15$ new $(256, 85, 24, 30)$ negative Latin square type strongly regular graphs

On known constructions of APN and AB functions and their relation to each other

This work is dedicated to APN and AB functions which are optimal against differential and linear cryptanlysis when used as Sboxes in block ciphers. They also have numerous applications in other branches of mathematics and information theory such as coding theory, sequence design, combinatorics, algebra and projective geometry. In this paper we give an overview of known constructions of APN and AB functions, in particular, those leading to infinite classes of these functions. Among them, the bivariate construction method, the idea first introduced in 2011 by the third author of the present paper, turned out to be one of the most fruitful. It has been known since 2011 that one of the families derived from the bivariate construction contains the infinite families derived by Dillon’s hexanomial method. Whether the former family is larger than the ones it contains has stayed an open problem which we solve in this paper. Further we consider the general bivariate construction from 2013 by the third author and study its relation to the recently found infinite families of bivariate APN functions