[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Log in

On the behavior of some APN permutations under swapping points

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

We define the pAPN-spectrum (which is a measure of how close a function is to being APN) of an (n, n)-function F and investigate how its size changes when two of the outputs of a given function F are swapped. We completely characterize the behavior of the pAPN-spectrum under swapping outputs when F is the inverse function over \(\mathbb {F}_{2^{n}}\). We further theoretically investigate this behavior for functions from the Gold and Welch monomial APN families, and experimentally determine the size of the pAPN-spectrum after swapping outputs for representatives from all infinite monomial APN families up to dimension n = 10; based on our computation results, we conjecture that the inverse function is the only monomial APN function for which swapping two of its outputs can leave an empty pAPN-spectrum.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Similar content being viewed by others

Notes

  1. We have been calling this the “Rodier condition”, but we realized that it did occur in the literature prior to Rodier’s work, for power monomials in [11], so we will now call it by the three names.

References

  1. Berlekamp, E.R., Rumsey, H., Solomon, G.: On the solutions of algebraic equations over finite fields. Inf. Control. 10, 553–564 (1967)

    Article  MathSciNet  Google Scholar 

  2. Browning, K.A., Dillon, J.F., McQuistan, M.T., Wolfe, A.J., An, APN: Permutation in Dimension Six, Finite Fields: Theory and Applications, Pp. 33-42, Contemp. Math. 518, Amer. 6 Soc., Providence, RI (2010)

  3. Budaghyan, L., Carlet, C., Helleseth, T., Li, N., Sun, B.: On upper bounds for algebraic degrees of APN functions. IEEE Trans. Inform. Theory 64 (6), 4399–4411 (2018)

    Article  MathSciNet  Google Scholar 

  4. Budaghyan, L., Kaleyski, N., Kwon, S., Riera, C., Stănică, P., functions, Partially APN Boolean: Classes of functions that are not APN infinitely often, Cryptography & Communications - CCDS 12 (2020), 527–545; preliminary version in Proc Sequences and Their Applications – SETA 2018 Hong Kong (2018)

  5. Budaghyan, L., Kaleyski, N., Riera, C., Stănică, P.: On the sensitivity of some APN permutations to swapping points, Proc. Sequences and Their Applications – SETA, Paper # 9 (2020)

  6. Calderini, M.: I.villa, On the Boomerang Uniformity of some Permutation Polynomials. Cryptogr. Commun. 12, 1161–1178 (2020)

    Article  MathSciNet  Google Scholar 

  7. Carlet, C.: Vectorial Boolean Functions for Cryptography. In: Crama, Y., Hammer, P. (eds.) Boolean Methods and Models, Cambridge Univ, pp. 398–472. Press, Cambridge (2010)

  8. Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. Advances in cryptology–EUROCRYPT’94, LNCS 950, pp. 356–365 (1995)

  9. Coulter, R.S., Henderson, M.: A note on the roots of trinomials over a finite field. Bull. Austral. Math. Soc. 69, 429–432 (2004)

    Article  MathSciNet  Google Scholar 

  10. Ellingsen, P., Felke, P., Riera, C., Stănică, P., Tkachenko, A.: C-differentials, multiplicative uniformity and (almost) perfect c-nonlinearity. IEEE Trans. Inf. Theory 66(9), 5781–5789 (2020)

    Article  MathSciNet  Google Scholar 

  11. Janwa, H., Wilson, M.: Hyperplane sections of Fermat varieties in p3 in char. 2 and some applications to cyclic codes, Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, Proceedings AAECC10 (G. Cohen, T. Mora and O. Moreno, Eds.), LNCS 673, Springer-Verlag, New York/Berlin, pp 180–194 (1993)

  12. Kaleyski, N.S.: Changing APN functions at two points. Cryptography and Communications 11(6), 1165–1184 (2019)

    Article  MathSciNet  Google Scholar 

  13. Li, S., Meidl, W., Polujan, A., Pott, A., Riera, C., Stănică, P.: Vanishing flats: a combinatorial viewpoint on the planarity of functions and their application. IEEE Trans. Inf. Theory 66(11), 7101–7112 (2020)

    Article  MathSciNet  Google Scholar 

  14. Liang, J.: On the solutions of trinomial equations over finite fields. Bull. Cal. Math. Soc. 70, 379–382 (1978)

    MathSciNet  MATH  Google Scholar 

  15. Nyberg, K.: Differentially uniform mappings for cryptography, Workshop on the Theory and Application of of Cryptographic Techniques, May 23 (Pp. 55-64) Springer, Berlin, Heidelberg (1993)

  16. Tang, D., Carlet, C., Tang, X.: Differentially 4-uniform bijections by permuting the inverse function. Des. Codes. Cryptogr. 77, 117–141 (2014)

    Article  MathSciNet  Google Scholar 

  17. Qu, L., Tan, Y., Tan, C.H., Li, C.: Constructing differentially 4-uniform permutations over \(\mathbb {F}_{2^{2k}}\) via the switching method. IEEE Trans. Inf. Theory 59(4), 4675–4686 (2013)

    MATH  Google Scholar 

  18. Qu, L., Tan, Y., Li, C., Gong, G.: More constructions of differentially 4-uniform permutations on \(\mathbb {F}_{2^{2k}}\). Des. Codes Cryptogr. 78, 391–408 (2016)

    MathSciNet  MATH  Google Scholar 

  19. Rodier, F.: Borne sur le degré des polynômes presque parfaitement non-linéaires, Arithmetic, Geometry, Cryptography and Coding Theory, G. lachaud, C. Ritzenthaler and M. Tsfasman, eds., Contemporary Math. no 487, AMS, Providence (RI), USA, pp 169–181 (2009)

  20. Williams, K.S.: Note on cubics over GF(2n) and GF(3n). J. Number Theory 7, 361–365 (1975)

    Article  MathSciNet  Google Scholar 

  21. Yu, Y., Wang, M., Li, Y.: Constructing differentially 4-uniform permutations from known ones. Chinese Journal of Electronics 22(3), 495–499 (2013)

    Google Scholar 

  22. Zha, Z., Hu, L., Sun, S.: Constructing new differentially 4-uniform permutations from the inverse function. Finite Fields Appl. 25, 64–78 (2014)

    Article  MathSciNet  Google Scholar 

Download references

Acknowledgements

The authors would like to thank the referees for the thorough reading and detailed comments, which improved our manuscript. The paper was started while the fourth named author visited the Selmer Center at the University of Bergen and the Western Norway University of Applied Sciences in the Spring of 2019. This author thanks these institutions for the excellent working conditions. The research of the first two named authors is supported by the “Optimal Boolean Functions” grant of the Trond Mohn foundation.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Pantelimon Stănică.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This article belongs to the Topical Collection: Sequences and Their Applications III

Guest Editors: Chunlei Li, Tor Helleseth and Zhengchun Zhou

This is asubstantially revised and extended version of the article [5] that appeared in the proceedings of the Sequences and Their Applications – SETA 2020. In particular, the proofs for the Gold and Welch case, and the computational data given in the appendix, are new.

Appendix A: Experimental data on the infinite APN families

Appendix A: Experimental data on the infinite APN families

For functions from each of the infinite APN monomial families over \(\mathbb {F}_{2^{n}}\) with n ≤ 10 (except for the inverse family which is characterized by Theorem 4), we have computed the size of the pAPN-spectrum of \(G_{x_{0} x_{1}}\) for all possible pairs \((x_{0}, x_{1}) \in \mathbb {F}_{2^{n}}^{2}\). The results are given in Tables 2, 3, 4, 5, 6 below.

Table 2 pAPN-spectra of two-point swaps of the Dobbertin function
Table 3 pAPN-spectra of two-point swaps of the Kasami function
Table 4 pAPN-spectra of two-point swaps of the Niho function
Table 5 pAPN-spectra of two-point swaps of the Welch function
Table 6 pAPN-spectra of two-point swaps of the Gold function

In all cases, the results are computed for generalizations of the respective infinite families, with all restrictions on the parameters dropped. This means that we consider the following functions over \(\mathbb {F}_{2^{n}}\), with the parameter i being any positive integer in the range 1 ≤ in − 1:

  • \(x^{2^{4i} + 2^{3i} + 2^{2i} + 2^{i} - 1}\) for Dobbertin,

  • \(x^{2^{2i} - 2^{i} + 1}\) for Kasami,

  • \(x^{2^{i} + 2^{i/2} - 1}\) or \(x^{2^{i} + 2^{(3i+1)/2} - 1}\) for even and odd values of i, respectively, for Niho,

  • \(x^{2^{i}+3}\) for Welch, and

  • \(x^{2^{i}+1}\) for Gold.

The first two columns of each table specify the degree n of the extension field \(\mathbb {F}_{2^{n}}\) and the value of the parameter i. The third column gives the smallest element from the cyclotomic coset of the resulting exponent d. The fourth and fifth columns give the differential uniformity and size of the pAPN-spectrum of xd over \(\mathbb {F}_{2^{n}}\), respectively. Finally, the last column describes how the pAPN-spectrum changes after swapping two output values of the function. More precisely, for every pair \(\{ x_{0}, x_{1} \} \subseteq \mathbb {F}_{2^{n}}\) with x0x1, we compute the size of the pAPN-spectrum of \(G_{x_{0} x_{1}}\); the last column then lists the sizes of all possible spectra obtained in this way. The frequencies with which these sizes occur over all possible pairs {x0, x1} are given as superscripts. For example, the first row of Table 2 contains 045, 260, 815 in the last column. This means that, out of the 120 pairs \(\{ x_{0}, x_{1} \} \subseteq \mathbb {F}_{2^{4}}\), 45 pairs produce a function with an empty pAPN-spectrum, 60 pairs produce a function which is ζ-APN for two values of ζ, and the remaining 15 pairs lead to functions that are ζ-APN for 8 values of ζ.

By Proposition 3, all exponents d such that xd has 2s-to-1 derivatives for some fixed s > 1 are omitted. All such functions and all two-point swaps of these functions have an empty pAPN-spectrum by the proposition, and are therefore of very limited interest. These include all Gold functions with \(\gcd (i,n) > 1\) and all Kasami functions with \(\gcd (i,n) > 1\) and \(n/\gcd (i,n)\) odd. They also include the exponents i = 3, 4 for n = 6 and i = 5 for n = 10 in the Dobbertin case; i = 3 for n = 6 in the Kasami case; i = 1 for even n, i = 4 for n = 6 and i = 8 for n = 10 in the Welch case; i = 1, 2 for n even, i = 3 for n = 5, i = 4 for n = 6, i = 5 for n = 8 and i = 6 for n = 9 in the Niho case.

We note that in some cases, swap operations lead to a full-sized pAPN-spectrum, indicating that the corresponding function is APN. This occurs exclusively in even dimensions for APN functions, and is caused by pairs {x0, x1} with x0x1 but F(x0) = F(x1), where F is the function in question. Consider, for example, F(x) = x3 for n = 6 and i = 2 in Table 2; there are 63 pairs leading to a pAPN-spectrum of size 64. We know that APN power functions over even-degree extensions of \(\mathbb {F}_{2}\) are 3-to-1; in this case, x3 has 21 non-zero images y, for each of which there are three pre-images x1, x2, x3 such that F(x1) = F(x2) = F(x3) = y. Since a pair of elements from among {x1, x2, x3} can be selected in three different ways, each of the 21 images contributes three pairs, leading to these 63 pairs which trivially preserve the APN-ness of the initial function.

The only exceptions to this occur for n = 4; for example, for F(x) = x3 in Table 2, there are 30 pairs giving a full pAPN-spectrum, while the trivial pairs as described above account for only 15 of these. To the best of our knowledge, n = 4 is the highest extension degree for which APN functions at Hamming distance 2 from each other exist; this is reflected in e.g. [12] and agrees with the results presented in the tables.

Conversely, we can observe that the inverse function is the only APN function among the ones considered whose pAPN-spectrum can become empty after a two-point swap. We ran a separate experiment in which we computed the sizes of the pAPN-spectra of all two-points swaps for representatives from all known CCZ-equivalence classes of APN functions, and observed the same phenomenon: the inverse function is the only one for which an empty pAPN-spectrum could be obtained by swapping two points. Based on this, we formulate the following conjecture.

Conjecture 1

Let F be any APN power function over \(\mathbb {F}_{2^{n}}\), CCZ-inequivalent to the inverse power function \(x^{2^{n}-2}\), and let \(G_{x_{0} x_{1}}\) be the (x0, x1)-swapping of F for some \((x_{0}, x_{1}) \in \mathbb {F}_{2^{n}}^{2}\). Then the pAPN-spectrum of \(G_{x_{0}x_{1}}\) is not empty.

According to some limited computational experiments, the same might be true for quadratic APN functions; however, we do not state this as a conjecture in general since we do not have enough data, nor heuristics on why that would happen.

We note that the multiset of the sizes of the pAPN-spectra of all functions obtained by swapping two points in a given function is not CCZ-invariant. Counterexamples can be found easily, for instance by considering the Kim function and its CCZ-equivalent permutation [2] over \(\mathbb {F}_{2^{6}}\): the pAPN-spectra of all functions obtained by swapping two outputs of the former are of even size, while pAPN-spectra of odd size can be obtained from the latter. Hence, our conjecture relates only to power APN functions and does not include the ones CCZ-equivalent to them.

Some of the functions listed in the tables have a singleton pAPN-spectrum, e.g. F(x) = x47 for i = 3 and n = 7 in Table 2. All such functions are 0-APN.

The function F(x) = x15 over \(\mathbb {F}_{2^{8}}\), as given in Table 4, is remarkable due to the fact that all possible pairs {x0, x1} lead to a function with a singleton pAPN-spectrum. When x0 = 0, the resulting function is x1-APN, and when x0 ≠ 0, the resulting function is 0-APN.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Budaghyan, L., Kaleyski, N., Riera, C. et al. On the behavior of some APN permutations under swapping points. Cryptogr. Commun. 14, 319–345 (2022). https://doi.org/10.1007/s12095-021-00520-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-021-00520-z

Keywords

Mathematics Subject Classification (2010)

Navigation