Copy
Claude CARLET, "On Almost Perfect Nonlinear Functions" in IEICE TRANSACTIONS on Fundamentals,
vol. E91-A, no. 12, pp. 3665-3678, December 2008, doi: 10.1093/ietfec/e91-a.12.3665.
Abstract: A function F:F2n F2n is almost perfect nonlinear (APN) if, for every a 0, b in F2n, the equation F(x)+F(x+a)=b has at most two solutions in F2n. When used as an S-box in a block cipher, it contributes optimally to the resistance to differential cryptanalysis. The function F is almost bent (AB) if the minimum Hamming distance between all its component functions v F, v∈F2n {0} (where "" denotes any inner product in F2n ) and all affine Boolean functions on F2n takes the maximal value 2n-1-2. AB functions exist for n odd only and contribute optimally to the resistance to the linear cryptanalysis. Every AB function is APN, and in the n odd case, any quadratic APN function is AB. The APN and AB properties are preserved by affine equivalence: F F' if F'=A1 F A2, where A1,A2 are affine permutations. More generally, they are preserved by CCZ-equivalence, that is, affine equivalence of the graphs of F: {(x,F(xv)) | x∈ F2n} and of F'. Until recently, the only known constructions of APN and AB functions were CCZ-equivalent to power functions F(x)=xd over finite fields (F2n being identified with F2n and an inner product being x y=tr(xy) where tr is the trace function). Several recent infinite classes of APN functions have been proved CCZ-inequivalent to power functions. In this paper, we describe the state of the art in the domain and we also present original results. We indicate what are the most important open problems and make some new observations about them. Many results presented are from joint works with Lilya Budaghyan, Gregor Leander and Alexander Pott.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1093/ietfec/e91-a.12.3665/_p
Copy
@ARTICLE{e91-a_12_3665,
author={Claude CARLET, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={On Almost Perfect Nonlinear Functions},
year={2008},
volume={E91-A},
number={12},
pages={3665-3678},
abstract={A function F:F2n F2n is almost perfect nonlinear (APN) if, for every a 0, b in F2n, the equation F(x)+F(x+a)=b has at most two solutions in F2n. When used as an S-box in a block cipher, it contributes optimally to the resistance to differential cryptanalysis. The function F is almost bent (AB) if the minimum Hamming distance between all its component functions v F, v∈F2n {0} (where "" denotes any inner product in F2n ) and all affine Boolean functions on F2n takes the maximal value 2n-1-2. AB functions exist for n odd only and contribute optimally to the resistance to the linear cryptanalysis. Every AB function is APN, and in the n odd case, any quadratic APN function is AB. The APN and AB properties are preserved by affine equivalence: F F' if F'=A1 F A2, where A1,A2 are affine permutations. More generally, they are preserved by CCZ-equivalence, that is, affine equivalence of the graphs of F: {(x,F(xv)) | x∈ F2n} and of F'. Until recently, the only known constructions of APN and AB functions were CCZ-equivalent to power functions F(x)=xd over finite fields (F2n being identified with F2n and an inner product being x y=tr(xy) where tr is the trace function). Several recent infinite classes of APN functions have been proved CCZ-inequivalent to power functions. In this paper, we describe the state of the art in the domain and we also present original results. We indicate what are the most important open problems and make some new observations about them. Many results presented are from joint works with Lilya Budaghyan, Gregor Leander and Alexander Pott.},
keywords={},
doi={10.1093/ietfec/e91-a.12.3665},
ISSN={1745-1337},
month={December},}
Copy
TY - JOUR
TI - On Almost Perfect Nonlinear Functions
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 3665
EP - 3678
AU - Claude CARLET
PY - 2008
DO - 10.1093/ietfec/e91-a.12.3665
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E91-A
IS - 12
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - December 2008
AB - A function F:F2n F2n is almost perfect nonlinear (APN) if, for every a 0, b in F2n, the equation F(x)+F(x+a)=b has at most two solutions in F2n. When used as an S-box in a block cipher, it contributes optimally to the resistance to differential cryptanalysis. The function F is almost bent (AB) if the minimum Hamming distance between all its component functions v F, v∈F2n {0} (where "" denotes any inner product in F2n ) and all affine Boolean functions on F2n takes the maximal value 2n-1-2. AB functions exist for n odd only and contribute optimally to the resistance to the linear cryptanalysis. Every AB function is APN, and in the n odd case, any quadratic APN function is AB. The APN and AB properties are preserved by affine equivalence: F F' if F'=A1 F A2, where A1,A2 are affine permutations. More generally, they are preserved by CCZ-equivalence, that is, affine equivalence of the graphs of F: {(x,F(xv)) | x∈ F2n} and of F'. Until recently, the only known constructions of APN and AB functions were CCZ-equivalent to power functions F(x)=xd over finite fields (F2n being identified with F2n and an inner product being x y=tr(xy) where tr is the trace function). Several recent infinite classes of APN functions have been proved CCZ-inequivalent to power functions. In this paper, we describe the state of the art in the domain and we also present original results. We indicate what are the most important open problems and make some new observations about them. Many results presented are from joint works with Lilya Budaghyan, Gregor Leander and Alexander Pott.
ER -
English
