On Almost Perfect Nonlinear Functions

  • Claude Carlet
  • Published 2007 in
    2007 3rd International Workshop on Signal Design…

Abstract

A function F:F[unk]¿F[unk] is almost perfect nonlinear (APN) if, for every a¿0, b in F[unk], the equation F(x)+ F(x+a)=b has at most two solutions [4]. When used as an S-box in a block cipher, it opposes then an optimum resistance to differential cryptanalysis. The function F is almost bent (AB) if the minimum Hamming distance between all its component functions v·F, v ¿ F[unk]{0}, where "·" denotes any inner product in F[unk] and all affine Boolean functions on F[unk] takes the maximal value 2<sup>n-1</sup> 2<sup>(n-1)/2</sup>. AB functions exist for n odd only and oppose an optimum resistance to the linear cryptanalysis (see [3]). Every AB function is APN [3], and in the n odd case, any quadratic APN function is AB [2]. The APN and AB properties are preserved by affine equivalence: F~F' if F' = A<inf>1[unk]</inf> F<inf>[unk]</inf> A<inf>2</inf>, where A<inf>1</inf>, A<inf>2</inf> are affine permutations. More generally, they are preserved by CCZ-equivalence [2], that is, affine equivalence of the graphs of F:{(x, F(x)) | x¿F[unk]} and of F'. Until recently, the only known constructions of APN and AB functions were CCZ-equivalent to power functions F(x)=x<sup>d</sup> over finite fields (F<inf>2n</inf> being identified with F[unk]).

DOI: 10.1093/ietfec/e91-a.12.3665

Cite this paper

@article{Carlet2007OnAP, title={On Almost Perfect Nonlinear Functions}, author={Claude Carlet}, journal={2007 3rd International Workshop on Signal Design and Its Applications in Communications}, year={2007}, pages={2-2} }