Background and definition

Almost perfect nonlinear (APN) functions are the class of ${\displaystyle (n,n)}$ Vectorial Boolean Functions that provide optimum resistance to against differential attack. Intuitively, the differential attack against a given cipher incorporating a vectorial Boolean function ${\displaystyle F}$ is efficient when fixing some difference ${\displaystyle \delta }$ and computing the output of ${\displaystyle F}$ for all pairs of inputs ${\displaystyle (x_{1},x_{2})}$ whose difference is ${\displaystyle \delta }$ produces output pairs with a difference distribution that is far away from uniform.

The formal definition of an APN function ${\displaystyle F:\mathbb {F} _{2^{n}}\rightarrow \mathbb {F} _{2^{n}}}$ is usually given through the values

${\displaystyle \Delta _{F}(a,b)=|\{x\in \mathbb {F} _{2^{n}}:F(x)+F(a+x)=b\}|}$

which, for ${\displaystyle a\neq 0}$, express the number of input pairs with difference ${\displaystyle a}$ that map to a given ${\displaystyle b}$. The existence of a pair ${\displaystyle (a,b)\in \mathbb {F} _{2^{n}}^{*}\times \mathbb {F} _{2^{n}}}$ with a high value of ${\displaystyle \Delta _{F}(a,b)}$ makes the function ${\displaystyle F}$ vulnerable to differential cryptanalysis. This motivates the definition of differential uniformity as

${\displaystyle \Delta _{F}=\max\{\Delta _{F}(a,b):a\in \mathbb {F} _{2^{n}}^{*},b\in \mathbb {F} _{2^{n}}\}}$

which clearly satisfies ${\displaystyle \Delta _{F}\geq 2}$ for any function ${\displaystyle F}$. The functions meeting this lower bound are called almost perfect nonlinear (APN).

Characterizations