66 research outputs found

    On known constructions of APN and AB functions and their relation to each other

    Get PDF
    This work is dedicated to APN and AB functions which are optimal against differential and linear cryptanlysis when used as Sboxes in block ciphers. They also have numerous applications in other branches of mathematics and information theory such as coding theory, sequence design, combinatorics, algebra and projective geometry. In this paper we give an overview of known constructions of APN and AB functions, in particular, those leading to infinite classes of these functions. Among them, the bivariate construction method, the idea first introduced in 2011 by the third author of the present paper, turned out to be one of the most fruitful. It has been known since 2011 that one of the families derived from the bivariate construction contains the infinite families derived by Dillon’s hexanomial method. Whether the former family is larger than the ones it contains has stayed an open problem which we solve in this paper. Further we consider the general bivariate construction from 2013 by the third author and study its relation to the recently found infinite families of bivariate APN functions

    On isotopisms of commutative presemifields and CCZ-equivalence of functions

    Get PDF
    A function FF from \textbf{F}pn_{p^n} to itself is planar if for any aa\in\textbf{F}pn_{p^n}^* the function F(x+a)F(x)F(x+a)-F(x) is a permutation. CCZ-equivalence is the most general known equivalence relation of functions preserving planar property. This paper considers two possible extensions of CCZ-equivalence for functions over fields of odd characteristics, one proposed by Coulter and Henderson and the other by Budaghyan and Carlet. We show that the second one in fact coincides with CCZ-equivalence, while using the first one we generalize one of the known families of PN functions. In particular, we prove that, for any odd prime pp and any positive integers nn and mm, the indicators of the graphs of functions FF and F2˘7F\u27 from \textbf{F}pn_{p^n} to \textbf{F}pm_{p^m} are CCZ-equivalent if and only if FF and F2˘7F\u27 are CCZ-equivalent. We also prove that, for any odd prime pp, CCZ-equivalence of functions from \textbf{F}pn_{p^n} to \textbf{F}pm_{p^m}, is strictly more general than EA-equivalence when n3n\ge3 and mm is greater or equal to the smallest positive divisor of nn different from 1

    On relations between CCZ- and EA-equivalences

    Get PDF
    In the present paper we introduce some sufficient conditions and a procedure for checking whether, for a given function, CCZ-equivalence is more general than EA-equivalence together with taking inverses of permutations. It is known from Budaghyan et al. (IEEE Trans. Inf. Theory 52.3, 1141–1152 2006; Finite Fields Appl. 15(2), 150–159 2009) that for quadratic APN functions (both monomial and polynomial cases) CCZ-equivalence is more general. We prove hereby that for non-quadratic APN functions CCZ-equivalence can be more general (by studying the only known APN function which is CCZ-inequivalent to both power functions and quadratics). On the contrary, we prove that for power non-Gold APN functions, CCZ equivalence coincides with EA-equivalence and inverse transformation for n ≤ 8. We conjecture that this is true for any n.acceptedVersio

    Triplicate functions

    Get PDF
    We define the class of triplicate functions as a generalization of 3-to-1 functions over F2n\mathbb {F}_{2^{n}} for even values of n. We investigate the properties and behavior of triplicate functions, and of 3-to-1 among triplicate functions, with particular attention to the conditions under which such functions can be APN. We compute the exact number of distinct differential sets of power APN functions and quadratic 3-to-1 functions; we show that, in this sense, quadratic 3-to-1 functions are a generalization of quadratic power APN functions for even dimensions, in the same way that quadratic APN permutations are generalizations of quadratic power APN functions for odd dimensions. We show that quadratic 3-to-1 APN functions cannot be CCZ-equivalent to permutations in the case of doubly-even dimensions. We compute a lower bound on the Hamming distance between any two quadratic 3-to-1 APN functions, and give an upper bound on the number of such functions over F2n\mathbb {F}_{2^{n}} for any even n. We survey all known infinite families of APN functions with respect to the presence of 3-to-1 functions among them, and conclude that for even n almost all of the known infinite families contain functions that are quadratic 3-to-1 or are EA-equivalent to quadratic 3-to-1 functions. We also give a simpler univariate representation in the case of singly-even dimensions of the family recently introduced by Göloglu than the ones currently available in the literature. We conduct a computational search for quadratic 3-to-1 functions in even dimensions n ≤ 12. We find six new APN instances for n = 10, and the first sporadic APN instance for n = 12 since 2006. We provide a list of all known 3-to-1 APN functions for n ≤ 12.publishedVersio

    Partially APN Boolean functions and classes of functions that are not APN infinitely often

    Get PDF
    In this paper we define a notion of partial APNness and find various characterizations and constructions of classes of functions satisfying this condition. We connect this notion to the known conjecture that APN functions modified at a point cannot remain APN. In the second part of the paper, we find conditions for some transformations not to be partially APN, and in the process, we find classes of functions that are never APN for infinitely many extensions of the prime field \F_2, extending some earlier results of Leander and Rodier.Comment: 24 pages; to appear in Cryptography and Communication

    A New Family of APN Quadrinomials

    Get PDF
    The binomial B(x) = x 3 +βx 36 (where β is primitive in F 2 2) over F 2 10 is the first known example of an Almost Perfect Nonlinear (APN) function that is not CCZ-equivalent to a power function, and has remained unclassified into any infinite family of APN functions since its discovery in 2006. We generalize this binomial to an infinite family of APN quadrinomials of the form x 3 +a(x 2i+1 )2 k +bx 3·2m +c(x2 i+m+2m ) 2k from which B(x) can be obtained by setting a = β, b = c = 0, i = 3, k = 2. We show that for any dimension n = 2m with m odd and 3 + m,setting(a, b, c)=(β, β 2 , 1) and i =m -2 or i = (m - 2) -1 mod n yields an APN function, and verify that for n = 10 the quadrinomials obtained in this way for i = m - 2 and i = (m - 2) -1 mod n are CCZ-inequivalent to each other, to B(x), and to any other known APN function over F 2 10.acceptedVersio

    ARITHMETIZATION-ORIENTED APN FUNCTIONS

    Get PDF
    Recently, many cryptographic primitives such as homomorphic encryption (HE), multi-party computation (MPC) and zero-knowledge (ZK) protocols have been proposed in the literature which operate on prime field Fp\mathbb{F}_p for some large prime pp. Primitives that are designed using such operations are called arithmetization-oriented primitives. As the concept of arithmetization-oriented primitives is new, a rigorous cryptanalysis of such primitives is yet to be done. In this paper, we investigate arithmetization-oriented APN functions. More precisely, we investigate APN permutations in the CCZ-classes of known families of APN power functions over prime field Fp\mathbb{F}_p. Moreover, we present a new class of APN binomials over Fq\mathbb{F}_q obtained by modifying the planar function x2x^2 over Fq\mathbb{F}_q. We also present a class of binomials having differential uniformity at most 55 defined via the quadratic character over finite fields of odd characteristic. We give sufficient conditions for which this family of binomials is permutation. Computationally it is confirmed that the latter family contains new APN functions for some small parameters. We conjecture it to contain an infinite subfamily of APN functions

    On the behavior of some APN permutations under swapping points

    Get PDF
    The article of record as published may be found at https://doi.org/10.1007/s12095-021-00520-zWe define the pAPN-spectrum (which is a measure of how close a function is to being APN) of an (n,n)-function F and investigate how its size changes when two of the outputs of a given function F are swapped. We completely characterize the behavior of the pAPN-spectrum under swapping outputs when F is the inverse function over F2n . We further theoretically investigate this behavior for functions from the Gold and Welch monomial APN families, and experimentally determine the size of the pAPN-spectrum after swapping outputs for representatives from all infinite monomial APN families up to dimension n = 10; based on our computation results, we conjecture that the inverse function is the only monomial APN function for which swapping two its outputs can leave an empty pAPN-spectrum
    corecore