Abstract
A function F:F[unk]?F[unk] is almost perfect nonlinear (APN) if, for every a?0, b in F[unk], the equation F(x)+ F(x+a)=b has at most two solutions [4]. When used as an S-box in a block cipher, it opposes then an optimum resistance to differential cryptanalysis. The function F is almost bent (AB) if the minimum Hamming distance between all its component functions v·F, v ? F[unk]{0}, where · denotes any inner product in F[unk] and all affine Boolean functions on F[unk] takes the maximal value 2n-1 2(n-1)/2. AB functions exist for n odd only and oppose an optimum resistance to the linear cryptanalysis (see [3]). Every AB function is APN [3], and in the n odd case, any quadratic APN function is AB [2]. The APN and AB properties are preserved by affine equivalence: F~F' if F' = A 1[unk] F [unk] A 2 , where A 1 , A 2 are affine permutations. More generally, they are preserved by CCZ-equivalence [2], that is, affine equivalence of the graphs of F:{(x, F(x)) | x?F[unk]} and of F'. Until recently, the only known constructions of APN and AB functions were CCZ-equivalent to power functions F(x)=xd over finite fields (F 2n being identified with F[unk]).
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call