APN Functions Research Articles

Arithmetization-oriented APN permutations

AbstractRecently, many cryptographic primitives such as homomorphic encryption (HE), multi-party computation (MPC) and zero-knowledge (ZK) protocols have been proposed in the literature which operate on the prime field $${\mathbb {F}}_p$$ F p for some large prime p. Primitives that are designed using such operations are called arithmetization-oriented primitives. As the concept of arithmetization-oriented primitives is new, a rigorous cryptanalysis of such primitives is yet to be done. In this paper, we investigate arithmetization-oriented APN functions. More precisely, we investigate APN permutations in the CCZ-classes of known families of APN power functions over the prime field $${\mathbb {F}}_p$$ F p . Moreover, we present a class of binomial permutation having differential uniformity at most 5 defined via the quadratic character over finite fields of odd characteristic. Computationally it is confirmed that the latter family contains new APN permutations for some small parameters. We conjecture it to contain an infinite subfamily of APN permutations.

On a recent extension of a family of biprojective APN functions

APN functions play a big role as primitives in symmetric cryptography as building blocks that yield optimal resistance to differential attacks. In this note, we consider a recent extension, done by Calderini et al. (2023), of a biprojective APN family introduced by Göloğlu (2022) defined on F22m. We show that this generalization yields functions equivalent to Göloğlu's original family if 3∤m. If 3|m we show exactly how many inequivalent APN functions this new family contains. We also show that the family has the minimal image set size for an APN function and determine its Walsh spectrum, hereby settling some open problems. In our proofs, we leverage a group theoretic technique recently developed by Göloğlu and the author in conjunction with a group action on the set of projective polynomials.

On Second-Order Derivatives of Boolean Functions and Cubic APN Permutations in Even Dimension

The big APN problem is one of the most important challenges in the theory of Boolean functions, i.e. finding a new APN permutation in even dimension. Among this class of functions, those with the lowest possible degree are cubic. Yet, none has been found so far. In this paper, we introduce new parameters for Boolean functions and for vectorial Boolean functions, mostly derived from the behavior of their second-order derivatives. These parameters are invariant under extended affine equivalence, and they are particularly relevant for small-degree functions. They allow studying bent, semi-bent and APN functions of degrees two and three. In particular, they allow tackling the big APN problem for cubic permutations. Notably, we focus on the case of dimension 8, providing some computational results.

Two New Infinite Families of APN Functions in Trivariate Form

Two New Infinite Families of APN Functions in Trivariate Form

On the classification of non-exceptional APN functions

On the classification of non-exceptional APN functions

On the exceptionality of rational APN functions

We investigate APN functions which can be represented as rational functions and we provide non-existence results exploiting the connection between these functions and specific algebraic varieties over finite fields. This approach allows to classify families of functions when previous approaches cannot be applied.

Some new techniques and progress towards the resolution of the conjecture of exceptional APN functions and absolutely irreducibility of a class of polynomials

Some new techniques and progress towards the resolution of the conjecture of exceptional APN functions and absolutely irreducibility of a class of polynomials

Extending two families of bivariate APN functions

In this work, we present two families of quadratic APN functions. The first one (F1) is constructed via biprojective polynomials. This family extends one of the two APN families introduced by Göloǧlu in 2022. Then, following a similar approach as in Li et al. (2022) [28], we give another family (F2) obtained by adding certain terms to F1. As a byproduct, this second family extends one of the two families introduced by Li et al. (2022) [28]. Moreover, we show that for n=12, from our constructions, we can obtain APN functions which are CCZ-inequivalent to any other known APN function over F212.

Classification of (q, q)-Biprojective APN Functions

In this paper, we classify <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$(q,q)$ </tex-math></inline-formula> -biprojective almost perfect nonlinear (APN) functions over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {L}\times \mathbb {L}$ </tex-math></inline-formula> under the natural left and right action of <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathop {\mathrm {GL}}\nolimits (2, \mathbb {L})$ </tex-math></inline-formula> where <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {L}$ </tex-math></inline-formula> is a finite field of characteristic 2. This shows in particular that the only quadratic APN functions (up to <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathsf {CCZ}}$ </tex-math></inline-formula> -equivalence) over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {L}\times \mathbb {L}$ </tex-math></inline-formula> that satisfy the so-called subfield property are the Gold functions and the function <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\kappa: \mathbb {F}_{64} \to \mathbb {F}_{64}$ </tex-math></inline-formula> which is the only known APN function that is equivalent to a permutation over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {L}\times \mathbb {L}$ </tex-math></inline-formula> up to <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathsf {CCZ}}$ </tex-math></inline-formula> -equivalence as shown in Browning et al. (2010). Deciding whether there exist other quadratic APN functions <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathsf {CCZ}}$ </tex-math></inline-formula> -equivalent to permutations that satisfy subfield property or equivalently, generalizing <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\kappa $ </tex-math></inline-formula> to higher dimensions was an open problem listed for instance in Carlet (2015) as one of the interesting open problems on cryptographic functions.

New bounds on the nonlinearity of PN and APN functions over finite fields

Нелинейность векторной функции над конечным полем в статье определяется как расстояние Хэмминга от нее до множества аффинных отображений в пространстве значений всех векторных функций. Для произвольного поля из $q$ элементов получены нижние границы нелинейности PN- и APN-функций от $n$ переменных, равные $q^n - \sqrt { q^n - 3 \cdot 2^{-2}} - 2^{-1}$ и $q^n - \sqrt { 2q^n - 7 \cdot 2^{-2}} - 2^{-1}$ соответственно и улучшающие ранее известные границы для булевого случая. Показано, что в качестве верхней границы нелинейности таких функций может быть использована величина $q^n - n - 1$. При $q = 2,3,4$ получены точные значения нелинейности PN- и APN-функций малой размерности.

Constructing New APN Functions Through Relative Trace Functions

Let <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$n=2m$ </tex-math></inline-formula> . In 2020, Budaghyan, Helleseth and Kaleyski [IEEE TIT 66(11): 7081-7087, 2020] considered a family of quadrinomials over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {F}_{2^{n}}$ </tex-math></inline-formula> of the form <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$x^{3}+a(x^{2^{s}+1})^{2^{k}}+bx^{3\cdot 2^{m}}+c(x^{2^{s+m}+2^{m}})^{2^{k}}$ </tex-math></inline-formula> . They showed that two infinite classes of almost perfect nonlinear (APN) functions belong to this family when <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\gcd (6,m)=1$ </tex-math></inline-formula> . We observe that these two infinite classes of APN quadrinomials and the infinite class of APN polynomials from the Budaghyan-Carlet family belong to a more general family of polynomials over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {F}_{2^{n}} $ </tex-math></inline-formula> with the form <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$f(x)=a{\mathrm{ Tr}}^{n}_{m}(F(x))+a^{2^{m}}{\mathrm{ Tr}}^{n}_{m}(G(x))$ </tex-math></inline-formula> , where <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$a \in \mathbb {F}_{2^{n}}\backslash \mathbb {F}_{2^{m}} $ </tex-math></inline-formula> , and both <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$F$ </tex-math></inline-formula> and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$G$ </tex-math></inline-formula> are quadratic functions over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {F}_{2^{n}}$ </tex-math></inline-formula> . We characterize when <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$f(x) $ </tex-math></inline-formula> is APN. With the help of our characterization, letting <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$F(x)=bx^{2^{i}+1} $ </tex-math></inline-formula> and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$G(x)=cx^{2^{s}+1}$ </tex-math></inline-formula> with <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$b, c\in \mathbb {F}_{2^{n}} $ </tex-math></inline-formula> , we obtain an infinite family of APN functions of the form <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$f(x) $ </tex-math></inline-formula> when <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathrm{ gcd}}(2,m)=1 $ </tex-math></inline-formula> and verify that for <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$n=10 $ </tex-math></inline-formula> two APN instances from this infinite family are CCZ-inequivalent to each other, and to any APN function over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\mathbb {F}_{2^{10}} $ </tex-math></inline-formula> from the previously known infinite families.

Gold functions and switched cube functions are not 0-extendable in dimension n > 5

In the independent works by Kalgin and Idrisova and by Beierle, Leander and Perrin, it was observed that the Gold APN functions over mathbb {F}_{2^5} give rise to a quadratic APN function in dimension 6 having maximum possible linearity of 2^5 (that is, minimum possible nonlinearity 2^4). In this article, we show that the case of n le 5 is quite special in the sense that Gold APN functions in dimension n>5 cannot be extended to quadratic APN functions in dimension n+1 having maximum possible linearity. In the second part of this work, we show that this is also the case for APN functions of the form x mapsto x^3 + mu (x) with mu being a quadratic Boolean function.

Exceptional crooked functions

Crooked functions are combinatorial objects of great interest. It is already known that the only monomial and binomial crooked functions are quadratic. In this paper, we investigate conditions on the shape of a polynomial to be crooked. Furthermore, the notion of exceptional crooked is introduced, similarly to those of APN or PN exceptional functions. Via a connection with algebraic varieties over finite fields, we provide non-existence results of exceptional crooked functions.

Linear codes and incidence structures of bent functions and their generalizations

In this paper, we consider further applications of (n,m)-functions for the construction of 2-designs. For instance, we provide a new application of the extended Assmus-Mattson theorem, by showing that linear codes of certain APN functions with the classical Walsh spectrum support 2-designs. With this result, we give several sufficient conditions for an APN function with the classical Walsh spectrum to be CCZ-inequivalent to a quadratic one. On the other hand, we use linear codes and combinatorial designs in order to study important properties of (n,m)-functions. In particular, we provide a characterization of a quadratic Boolean bent function by means of the 2-transitivity of its automorphism group. Finally, we give a new design-theoretic characterization of (n,m)-plateaued and (n,m)-bent functions and provide a coding-theoretic as well as a design-theoretic interpretation of the extendability problem for (n,m)-bent functions.

On the equivalence between a new family of APN quadrinomials and the power APN functions

On the equivalence between a new family of APN quadrinomials and the power APN functions

Two New Families of Quadratic APN Functions

In this paper, we present two new families of APN functions. The first family is in bivariate form <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\big (x^{3}+xy^{2}+ y^{3}+xy, x^{5}+x^{4}y+y^{5}+xy+x^{2}y^{2} \big)\,\,\vphantom {_{\int _{\int }}}$ </tex-math></inline-formula> over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathbb F}_{2^{m}}^{2}$ </tex-math></inline-formula> . It is obtained by adding certain terms of the form <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\sum _{i}(a_{i}x^{2^{i}}y^{2^{i}},b_{i}x^{2^{i}}y^{2^{i}})$ </tex-math></inline-formula> to a family of APN functions recently proposed by Gölo&gcaron;lu. The <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\vphantom {_{\int _{\int }}}$ </tex-math></inline-formula> second family has the form <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$L(z)^{2^{m}+1}+vz^{2^{m}+1}$ </tex-math></inline-formula> over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathbb F}_{{2^{3m}}}$ </tex-math></inline-formula> , which generalizes a family of APN functions by Bracken et al. from 2011. By calculating the <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\Gamma $ </tex-math></inline-formula> -rank of the constructed APN functions over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathbb F}_{2^{8}}$ </tex-math></inline-formula> and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathbb F}_{2^{9}}$ </tex-math></inline-formula> , we demonstrate that the two families are CCZ-inequivalent to all known families. In addition, the two new families cover two known sporadic APN instances over <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathbb F}_{2^{8}}$ </tex-math></inline-formula> and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">${\mathbb F}_{2^{9}}$ </tex-math></inline-formula> , which were found by Edel and Pott in 2009 and by Beierle and Leander in 2021, respectively.

The classification of quadratic APN functions in 7 variables and combinatorial approaches to search for APN functions

The classification of quadratic APN functions in 7 variables and combinatorial approaches to search for APN functions

Constructing more quadratic APN functions with the QAM method

Constructing more quadratic APN functions with the QAM method

Shortened Linear Codes From APN and PN Functions

Linear codes generated by component functions of perfect nonlinear (PN for short) and almost perfect nonlinear (APN for short) functions and the first-order Reed-Muller codes have been an object of intensive study in coding theory. The objective of this paper is to investigate some binary shortened codes of two families of linear codes from APN functions and some <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula> -ary shortened codes associated with PN functions. The weight distributions of these shortened codes and the parameters of their duals are determined. The parameters of these binary codes and <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$p$ </tex-math></inline-formula> -ary codes are flexible. Many of the codes presented in this paper are optimal or almost optimal. The results of this paper show that the shortening technique is very promising for constructing good codes.

Triplicate functions

We define the class of triplicate functions as a generalization of 3-to-1 functions over mathbb {F}_{2^{n}} for even values of n. We investigate the properties and behavior of triplicate functions, and of 3-to-1 among triplicate functions, with particular attention to the conditions under which such functions can be APN. We compute the exact number of distinct differential sets of power APN functions and quadratic 3-to-1 functions; we show that, in this sense, quadratic 3-to-1 functions are a generalization of quadratic power APN functions for even dimensions, in the same way that quadratic APN permutations are generalizations of quadratic power APN functions for odd dimensions. We show that quadratic 3-to-1 APN functions cannot be CCZ-equivalent to permutations in the case of doubly-even dimensions. We compute a lower bound on the Hamming distance between any two quadratic 3-to-1 APN functions, and give an upper bound on the number of such functions over mathbb {F}_{2^{n}} for any even n. We survey all known infinite families of APN functions with respect to the presence of 3-to-1 functions among them, and conclude that for even n almost all of the known infinite families contain functions that are quadratic 3-to-1 or are EA-equivalent to quadratic 3-to-1 functions. We also give a simpler univariate representation in the case of singly-even dimensions of the family recently introduced by Göloglu than the ones currently available in the literature. We conduct a computational search for quadratic 3-to-1 functions in even dimensions n ≤ 12. We find six new APN instances for n = 10, and the first sporadic APN instance for n = 12 since 2006. We provide a list of all known 3-to-1 APN functions for n ≤ 12.