On the suitability of power functions as S-boxes for symmetric cryptosystems

textI present some results towards a classification of power functions that are Almost Perfect Nonlinear (APN), or equivalently differentially 2-uniform, over F2n for infinitely many positive integers n. APN functions are useful in constructing S-boxes in AES-like cryptosystems. An application of a theorem by Weil [20] on absolutely irreducible curves shows that a monomial x m is not APN over F2n for all sufficiently large n if a related two variable polynomial has an absolutely irreducible factor defined over F2. I will show that the latter polynomial’s singularities imply that except in five cases, all power functions have such a factor. Three of these cases are already known to be APN for infinitely many fields. The last two cases are still unproven. Some specific cases of power functions have already been known to be APN over only finitely many fields, but they also follow from the results below.Mathematic

Decoding Generalized Reed-Solomon Codes and Its Application to RLCE Encryption Schemes

This paper compares the efficiency of various algorithms for implementing quantum resistant public key encryption scheme RLCE on 64-bit CPUs. By optimizing various algorithms for polynomial and matrix operations over finite fields, we obtained several interesting (or even surprising) results. For example, it is well known (e.g., Moenck 1976 \cite{moenck1976practical}) that Karatsuba's algorithm outperforms classical polynomial multiplication algorithm from the degree 15 and above (practically, Karatsuba's algorithm only outperforms classical polynomial multiplication algorithm from the degree 35 and above ). Our experiments show that 64-bit optimized Karatsuba's algorithm will only outperform 64-bit optimized classical polynomial multiplication algorithm for polynomials of degree 115 and above over finite field $GF(2^{10})$. The second interesting (surprising) result shows that 64-bit optimized Chien's search algorithm ourperforms all other 64-bit optimized polynomial root finding algorithms such as BTA and FFT for polynomials of all degrees over finite field $GF(2^{10})$. The third interesting (surprising) result shows that 64-bit optimized Strassen matrix multiplication algorithm only outperforms 64-bit optimized classical matrix multiplication algorithm for matrices of dimension 750 and above over finite field $GF(2^{10})$. It should be noted that existing literatures and practices recommend Strassen matrix multiplication algorithm for matrices of dimension 40 and above. All our experiments are done on a 64-bit MacBook Pro with i7 CPU and single thread C codes. It should be noted that the reported results should be appliable to 64 or larger bits CPU architectures. For 32 or smaller bits CPUs, these results may not be applicable. The source code and library for the algorithms covered in this paper are available at http://quantumca.org/

On permutation polynomials EA-equivalent to the inverse function over GF(2n)GF(2^n)

It is proved that there does not exist a linearized polynomial $L(x)\in\mathbb{F}_{2^n}[x]$ such that $x^{-1}+L(x)$ is a permutation on $\mathbb{F}_{2^n}$ when $n\geq5$, which is proposed as a conjecture in \cite{li}. As a consequence, a permutation is EA-equivalent to the inverse function over $\mathbb{F}_{2^n}$ if and only if it is affine equivalent to it when $n\geq 5$

Analysis, classification and construction of optimal cryptographic Boolean functions

Modern cryptography is deeply founded on mathematical theory and vectorial Boolean functions play an important role in it. In this context, some cryptographic properties of Boolean functions are defined. In simple terms, these properties evaluate the quality of the cryptographic algorithm in which the functions are implemented. One cryptographic property is the differential uniformity, introduced by Nyberg in 1993. This property is related to the differential attack, introduced by Biham and Shamir in 1990. The corresponding optimal functions are called Almost Perfect Nonlinear functions, shortly APN. APN functions have been constructed, studied and classified up to equivalence relations. Very important is their classification in infinite families, i.e. constructing APN functions that are defined for infinitely many dimensions. In spite of an intensive study of these maps, many fundamental problems related to APN functions are still open and relatively few infinite families are known so far. In this thesis we present some constructions of APN functions and study some of their properties. Specifically, we consider a known construction, L1(x^3)+L2(x^9) with L1 and L2 linear maps, and we introduce two new constructions, the isotopic shift and the generalised isotopic shift. In particular, using the two isotopic shift constructing techniques, in dimensions 8 and 9 we obtain new APN functions and we cover many unclassified cases of APN maps. Here new stands for inequivalent (in respect to the so-called CCZ-equivalence) to already known ones. Afterwards, we study two infinite families of APN functions and their generalisations. We show that all these families are equivalent to each other and they are included in another known family. For many years it was not known whether all the constructed infinite families of APN maps were pairwise inequivalent. With our work, we reduce the list to those inequivalent to each other. Furthermore, we consider optimal functions with respect to the differential uniformity in fields of odd characteristic. These functions, called planar, have been valuable for the construction of new commutative semifields. Planar functions present often a close connection with APN maps. Indeed, the idea behind the isotopic shift construction comes from the study of isotopic equivalence, which is defined for quadratic planar functions. We completely characterise the mentioned equivalence by means of the isotopic shift and the extended affine equivalence. We show that the isotopic shift construction leads also to inequivalent planar functions and we analyse some particular cases of this construction. Finally, we study another cryptographic property, the boomerang uniformity, introduced by Cid et al. in 2018. This property is related to the boomerang attack, presented by Wagner in 1999. Here, we study the boomerang uniformity for some known classes of permutation polynomials.Doktorgradsavhandlin

Decoding and constructions of codes in rank and Hamming metric

As coding theory plays an important role in data transmission, decoding algorithms for new families of error correction codes are of great interest. This dissertation is dedicated to the decoding algorithms for new families of maximum rank distance (MRD) codes including additive generalized twisted Gabidulin (AGTG) codes and Trombetti-Zhou (TZ) codes, decoding algorithm for Gabidulin codes beyond half the minimum distance and also encoding and decoding algorithms for some new optimal rank metric codes with restrictions. We propose an interpolation-based decoding algorithm to decode AGTG codes where the decoding problem is reduced to the problem of solving a projective polynomial equation of the form q(x) = xqu+1 +bx+a = 0 for a,b ∈ Fqm. We investigate the zeros of q(x) when gcd(u,m)=1 and proposed a deterministic algorithm to solve a linearized polynomial equation which has a close connection to the zeros of q(x). An efficient polynomial-time decoding algorithm is proposed for TZ codes. The interpolation-based decoding approach transforms the decoding problem of TZ codes to the problem of solving a quadratic polynomial equation. Two new communication models are defined and using our models we manage to decode Gabidulin codes beyond half the minimum distance by one unit. Our models also allow us to improve the complexity for decoding GTG and AGTG codes. Besides working on MRD codes, we also work on restricted optimal rank metric codes including symmetric, alternating and Hermitian rank metric codes. Both encoding and decoding algorithms for these optimal families are proposed. In all the decoding algorithms presented in this thesis, the properties of Dickson matrix and the BM algorithm play crucial roles. We also touch two problems in Hamming metric. For the first problem, some cryptographic properties of Welch permutation polynomial are investigated and we use these properties to determine the weight distribution of a binary linear codes with few weights. For the second one, we introduce two new subfamilies for maximum weight spectrum codes with respect to their weight distribution and then we investigate their properties.Doktorgradsavhandlin

Higher dimensional abelian Chern-Simons theories and their link invariants

The role played by Deligne-Beilinson cohomology in establishing the relation between Chern-Simons theory and link invariants in dimensions higher than three is investigated. Deligne-Beilinson cohomology classes provide a natural abelian Chern-Simons action, non trivial only in dimensions $4l+3$, whose parameter $k$ is quantized. The generalized Wilson $(2l+1)$-loops are observables of the theory and their charges are quantized. The Chern-Simons action is then used to compute invariants for links of $(2l+1)$-loops, first on closed $(4l+3)$-manifolds through a novel geometric computation, then on $\mathbb{R}^{4l+3}$ through an unconventional field theoretic computation.Comment: 40 page

Towards a deeper understanding of APN functions and related longstanding problems

This dissertation is dedicated to the properties, construction and analysis of APN and AB functions. Being cryptographically optimal, these functions lack any general structure or patterns, which makes their study very challenging. Despite intense work since at least the early 90's, many important questions and conjectures in the area remain open. We present several new results, many of which are directly related to important longstanding open problems; we resolve some of these problems, and make significant progress towards the resolution of others. More concretely, our research concerns the following open problems: i) the maximum algebraic degree of an APN function, and the Hamming distance between APN functions (open since 1998); ii) the classification of APN and AB functions up to CCZ-equivalence (an ongoing problem since the introduction of APN functions, and one of the main directions of research in the area); iii) the extension of the APN binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$ into an infinite family (open since 2006); iv) the Walsh spectrum of the Dobbertin function (open since 2001); v) the existence of monomial APN functions CCZ-inequivalent to ones from the known families (open since 2001); vi) the problem of efficiently and reliably testing EA- and CCZ-equivalence (ongoing, and open since the introduction of APN functions). In the course of investigating these problems, we obtain i.a. the following results: 1) a new infinite family of APN quadrinomials (which includes the binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$); 2) two new invariants, one under EA-equivalence, and one under CCZ-equivalence; 3) an efficient and easily parallelizable algorithm for computationally testing EA-equivalence; 4) an efficiently computable lower bound on the Hamming distance between a given APN function and any other APN function; 5) a classification of all quadratic APN polynomials with binary coefficients over $F_{2^n}$ for $n \le 9$; 6) a construction allowing the CCZ-equivalence class of one monomial APN function to be obtained from that of another; 7) a conjecture giving the exact form of the Walsh spectrum of the Dobbertin power functions; 8) a generalization of an infinite family of APN functions to a family of functions with a two-valued differential spectrum, and an example showing that this Gold-like behavior does not occur for infinite families of quadratic APN functions in general; 9) a new class of functions (the so-called partially APN functions) defined by relaxing the definition of the APN property, and several constructions and non-existence results related to them.Doktorgradsavhandlin

Some 33-designs and shortened codes from binary cyclic codes with three zeros

Linear codes and $t$-designs are interactive with each other. It is well known that some $t$-designs have been constructed by using certain linear codes in recent years. However, only a small number of infinite families of the extended codes of linear codes holding an infinite family of $t$-designs with $t\geq 3$ are reported in the literature. In this paper, we study the extended codes of the augmented codes of a class of binary cyclic codes with three zeros and their dual codes, and show that those codes hold $3$-designs. Furthermore, we obtain some shortened codes from the studied cyclic codes and explicitly determine their parameters. Some of those shortened codes are optimal or almost optimal.Comment: 20 pages. arXiv admin note: text overlap with arXiv:2110.03881, arXiv:2007.0592

Symbol correspondences for spin systems

The present monograph explores the correspondence between quantum and classical mechanics in the particular context of spin systems, that is, SU(2)-symmetric mechanical systems. Here, a detailed presentation of quantum spin-j systems, with emphasis on the SO(3)-invariant decomposition of their operator algebras, is followed by an introduction to the Poisson algebra of the classical spin system and a similarly detailed presentation of its SO(3)-invariant decomposition. Subsequently, this monograph proceeds with a detailed and systematic study of general quantum-classical symbol correspondences for spin-j systems and their induced twisted products of functions on the 2-sphere. This original systematic presentation culminates with the study of twisted products in the asymptotic limit of high spin numbers. In the context of spin systems, it shows how classical mechanics may or may not emerge as an asymptotic limit of quantum mechanics.Comment: Research Monograph, 171 pages (book format, preliminary version