On Almost Perfect Nonlinear Functions

2007 3rd International Workshop on Signal Design and Its Applications in Communications Pub Date : 2007-12-26 DOI:10.1093/ietfec/e91-a.12.3665

C. Carlet

{"title":"On Almost Perfect Nonlinear Functions","authors":"C. Carlet","doi":"10.1093/ietfec/e91-a.12.3665","DOIUrl":null,"url":null,"abstract":"A function F:F[unk]¿F[unk] is almost perfect nonlinear (APN) if, for every a¿0, b in F[unk], the equation F(x)+ F(x+a)=b has at most two solutions [4]. When used as an S-box in a block cipher, it opposes then an optimum resistance to differential cryptanalysis. The function F is almost bent (AB) if the minimum Hamming distance between all its component functions v·F, v ¿ F[unk]{0}, where \"·\" denotes any inner product in F[unk] and all affine Boolean functions on F[unk] takes the maximal value 2n-1 2(n-1)/2. AB functions exist for n odd only and oppose an optimum resistance to the linear cryptanalysis (see [3]). Every AB function is APN [3], and in the n odd case, any quadratic APN function is AB [2]. The APN and AB properties are preserved by affine equivalence: F~F' if F' = A1[unk] F[unk] A2, where A1, A2 are affine permutations. More generally, they are preserved by CCZ-equivalence [2], that is, affine equivalence of the graphs of F:{(x, F(x)) | x¿F[unk]} and of F'. Until recently, the only known constructions of APN and AB functions were CCZ-equivalent to power functions F(x)=xd over finite fields (F2n being identified with F[unk]).","PeriodicalId":303512,"journal":{"name":"2007 3rd International Workshop on Signal Design and Its Applications in Communications","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 3rd International Workshop on Signal Design and Its Applications in Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/ietfec/e91-a.12.3665","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 22

Abstract

A function F:F[unk]¿F[unk] is almost perfect nonlinear (APN) if, for every a¿0, b in F[unk], the equation F(x)+ F(x+a)=b has at most two solutions [4]. When used as an S-box in a block cipher, it opposes then an optimum resistance to differential cryptanalysis. The function F is almost bent (AB) if the minimum Hamming distance between all its component functions v·F, v ¿ F[unk]{0}, where "·" denotes any inner product in F[unk] and all affine Boolean functions on F[unk] takes the maximal value 2n-1 2(n-1)/2. AB functions exist for n odd only and oppose an optimum resistance to the linear cryptanalysis (see [3]). Every AB function is APN [3], and in the n odd case, any quadratic APN function is AB [2]. The APN and AB properties are preserved by affine equivalence: F~F' if F' = A1[unk] F[unk] A2, where A1, A2 are affine permutations. More generally, they are preserved by CCZ-equivalence [2], that is, affine equivalence of the graphs of F:{(x, F(x)) | x¿F[unk]} and of F'. Until recently, the only known constructions of APN and AB functions were CCZ-equivalent to power functions F(x)=xd over finite fields (F2n being identified with F[unk]).

查看原文本刊更多论文

关于几乎完全非线性函数

函数F:F[unk]¿F[unk]是几乎完美非线性(APN)，如果对于F[unk]中的每个A¿0,b，方程F(x)+ F(x+ A)=b最多有两个解[4]。当在分组密码中用作s盒时，它对差分密码分析具有最佳的抵抗力。如果函数F的所有分量函数v·F, v¿F[unk]{0}之间的最小汉明距离为AB，其中“·”表示F[unk]中的任何内积与F[unk]上的所有仿射布尔函数取最大值2n-1 2(n-1)/2。AB函数仅对n奇数存在，并且反对线性密码分析的最佳阻力(见[3])。每个AB函数都是APN[3]，在n奇情况下，任何二次型APN函数都是AB[2]。APN和AB性质由仿射等价保持:F~F' if F' = A1[unk] F[unk] A2，其中A1, A2为仿射排列。更一般地说，它们被ccz等价[2]所保存，即F:{(x, F(x)) | x¿F[unk]}和F'的图的仿射等价。直到最近，APN和AB函数的唯一已知构造是在有限域上等价于幂函数F(x)=xd的ccz (F2n被识别为F[unk])。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2007 3rd International Workshop on Signal Design and Its Applications in Communications

自引率

0.00%

发文量