On the EA-classes of known APN functions in small dimensions

PDF / 433,103 Bytes
20 Pages / 439.642 x 666.49 pts Page_size
93 Downloads / 178 Views

On the EA-classes of known APN functions in small dimensions Marco Calderini1 Received: 4 September 2019 / Accepted: 27 February 2020 / © The Author(s) 2020

Abstract Recently Budaghyan et al. (Cryptogr. Commun. 12, 85–100, 2020) introduced a procedure for investigating if CCZ-equivalence can be more general than EA-equivalence together with inverse transformation (when applicable). In this paper, we show that it is possible to use this procedure for classifying, up to EA-equivalence, all known APN functions in dimension 6. We also give some discussion for dimension 7, 8 and 9. In particular, in these cases it is possible to give an upper bound on the EA-classes contained in the CCZ-classes of the known APN functions. Keywords EA-equivalence · CCZ-equivalence · Boolean functions · APN Mathematics Subject Classiﬁcation (2010) 94A60 · 06E30 · 14G50 · 11T71

1 Introduction Symmetric cryptographic primitives and in particular block ciphers use substitution boxes (in brief, S-boxes) to bring “confusion” into the systems. Such confusion is necessary to prevent known attacks. Given n and m two positive integers, the functions from F2n to F2m are called vectorial Boolean functions. Such functions are used as S-boxes in the design of block ciphers. Among the properties that these functions have to satisfy we have a low differential uniformity (see definitions in Section 2) to allow resistance to the differential attack [2] and high nonlinearity to resist the linear attack [18]. The lowest differential uniformity for a vectorial Boolean function is 2. Functions reaching such lower bound are called Almost Perfect Nonlinear (APN). The APN property (in general the differential uniformity) is preserved by different forms of equivalences between (vectorial) Boolean functions, such as EA-equivalence and This article is part of the Topical Collection: Boolean Functions and Their Applications IV Guest Editors: Lilya Budaghyan and Tor Helleseth Marco Calderini

[email protected] 1

Department of Informatics, University of Bergen, PB 7803, Bergen, 5020, Norway

Cryptography and Communications

CCZ-equivalence. Since EA-equivalence is a particular case of CCZ-equivalence, it is possible to partition the space of all functions F2n → F2m into CCZ-equivalence classes and then partition each CCZ-equivalence class into EA-equivalence classes. For brevity, we will refer to these as “EA-class” and “CCZ-class”. It was shown by Budaghyan et al. [3] that for quadratic APN functions CCZ-equivalence is more general than EA-equivalence together with taking inverses of permutations. In [7] the authors investigate further the relation between CCZ-equivalence and EA-equivalence with inverse transformation. While, in [9] the authors give a characterization of CCZ-equivalence in terms of twisting functions. Despite this, CCZ-equivalence is not yet fully well understood and, to the best of our knowledge, partitioning the CCZ-class of a function into its EA-classes is an hard task. Classification of APN functions is, as well, a hard open problem.

Data Loading...

On the EA-classes of known APN functions in small dimensions

Recommend Documents

On the linear structures of balanced functions and quadratic APN functions

Generalized isotopic shift construction for APN functions

Mechanical Properties in Small Dimensions

Application of Holomorphic Functions in Two and Higher Dimensions

Anomalous dimensions from thermal AdS partition functions

Fractal Functions, Dimensions and Signal Analysis

Differentially low uniform permutations from known 4-uniform functions

Elastic and Anelastic Behavior of Materials in Small Dimensions

The well-known and less well-known benefits of vaccines

Mechanical Properties in Small Dimensions: Comments from Industry

Enriching the Known

Counting dimensions of L-harmonic functions with exponential growth