Characterization of Permutations

Component Functions

An (𝑛,𝑛)-function 𝐹 is a permutation if and only if all of its components 𝐹_λ for λ ∈ 𝔽*_2^𝑛 are balanced.

Autocorrelation Functions of the Directional Derivatives

The characterization in terms of the component functions given above can be equivalently expressed as

\sum _{a\in \mathbb {F} _{2^{n}}^{*}}{\mathcal {F}}(D_{a}f_{\lambda })=-2^{n}

for any λ ∈ 𝔽*_2^𝑛.

Equivalently ^[1], 𝐹 is a permutation if and only if

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \sum_{\lambda \in \mathbb{F}_{2^n}^*} \mathcal{F}(D_af_\lambda) = -2^n}

for any λ ∈ 𝔽*_2^𝑛.

Characterization of APN Permutations

^[2] Up to CCZ-equivalence, all of the APN permutations known so far belong to a few families, namely:

1. APN monomial functions in odd dimension.

2. One infinite family of quadratic polynomials in dimension Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle 3n} , with Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} odd and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle gcd(n,3)=1} .^[3]

3. Dillon's permutation in dimension 6.^[4]

4. Two sporadic quadratic APN permutations in dimension 9.^[5]

On the component functions

Clearly we have that no component function can be of degree 1. (This result is true for general APN maps)

For 𝑛 even we have also that no component can be partially-bent^[6]. This implies that, in even dimension, no component can be of degree 2.

Autocorrelation Functions of the Directional Derivatives

An (𝑛,𝑛)-function 𝐹 is an APN permutation if and only if ^[1]

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \sum_{\lambda \in \mathbb{F}_{2^n}^*} \mathcal{F}(D_af_\lambda) = -2^n}

and

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \sum_{\lambda \in \mathbb{F}_{2^n}^*} \mathcal{F}^2(D_af_\lambda) = 2^{2n}}

for any 𝑎 ∈ 𝔽*_2^𝑛.

On APN Power Functions

For $n$ odd, all power APN functions and the known APN binomials are permutations. When Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} is even, no APN function exists in a class of permutations including power permutations.

Specifically:

If a power function Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle F(x)=x^d} over Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathbb{F}_{2^n}} is APN, then for every Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle x\in \mathbb{F}_{2^n}} we have Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle x^d=1} if and only if $x^{3}=1$ , that is, Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle F^{-1}(1)=\mathbb{F}_4\cap\mathbb{F}_{2^n}^*.}

If Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} is odd, then Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle gcd(d,2^n-1)=1} and, if Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} is even, then Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle gcd(d,2^n-1)=3} .

Consequently, APN power functions are permutations if Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} is odd, and are three-to-one over $\mathbb {F} _{2^{n}}^{*}$ if Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} is even.^[7]

The Big Open APN Problem

In his paper ^[8], Hou conjectured that APN permutations did not exist in even dimension. He proved the following theorem that covers the case of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n=4} :

Let Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle F\in\mathbb{F}_{2^n}[x]} be a permutation polynomial with Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n=2m} . Then:

1. If Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n=4} , then Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle F} is not APN.

2. If $F\in \mathbb {F} _{2^{m}}[x]$ , then Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle F} is not APN.

The question of whether APN permutations exist in even dimension was a long-standing problem until, in 2009, Dillon presented an APN permutation in dimension 6^[4].

That is the function Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle F(x)=ux^3+ux^{10}+u^2x^{24},} where Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle u} is a primitive element of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathbb{F}_{2^6}} . Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle F} is equivalent to the Kim function $\kappa (x)=x^{3}+x^{10}+ux^{24}$ .

The question of existence of APN permutations in even dimension Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n\geq 8} remains open. There exist nonexistent results within the following classes:

1. Plateaued functions (when APN, they have bent components);

2. A class of functions including power functions;

3. Functions whose univariate representation coefficients lie in Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathbb{F}_{2^{n/2}}} , or in Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathbb{F}_{2^4}} for Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} divisible by 4; ^[8]

4. Functions whose univariate representation coefficients satisfy Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \sum_{i=0}^{(2^n-1)/3}a_{3i}=0} ; ^[9]

5. Functions having at least one partially-bent component^[6].

↑ ^1.0 ^1.1 Thierry Berger, Anne Canteaut, Pascale Charpin, Yann Laigle-Chapuy, On Almost Perfect Nonlinear Functions Over GF(2^n), IEEE Transactions on Information Theory, 2006 Sep,52(9),4160-70
↑ Bartoli, D., Timpanella, M. On a conjecture on APN permutations. Cryptogr. Commun. 14, 925–931 (2022)
↑ Budaghyan, L., Carlet, C., Leander, G.: Two classes of quadratic APN binomials inequivalent to power functions. IEEE Trans. Inf. Theory 54(9), 4218–4229 (2008)
↑ ^4.0 ^4.1 Browning, K., Dillon, J.F., McQuistan, M., Wolfe, A.J.: An APN permutation in dimension six. In: Post-proceedings of the 9-th International conference on Finite Fields and their applications, American Mathematical Society, vol. 518, pp. 33–42 (2010)
↑ Beierle, C., Leander, G.: New instances of quadratic APN functions, arXiv:2009.07204 (2020)
↑ ^6.0 ^6.1 Marco Calderini, Massimiliano Sala, Irene Villa, A note on APN permutations in even dimension, Finite Fields and Their Applications, vol. 46, 1-16, 2017
↑ H. Dobbertin. Private Communication, 1998.
↑ ^8.0 ^8.1 X.-D. Hou. Affinity of Permutations of $\mathbb {F} _{2}^{n}$ . Proceedings of Workshop on Coding and Cryptography WCC 2003, pp. 273-280, 2003. Completed version in Discrete Applied Mathematics 154 (2), pp. 313-325, 2006.
↑ A. Canteaut. Differential cryptanalysis of Feistel ciphers and differentially uniform mappings. Proceedings of Selected Areas on Cryptography, SAC 1997, pp. 172-184, 1997.

[bercanchalai2006-1] 1.0 ^1.1 Thierry Berger, Anne Canteaut, Pascale Charpin, Yann Laigle-Chapuy, On Almost Perfect Nonlinear Functions Over GF(2^n), IEEE Transactions on Information Theory, 2006 Sep,52(9),4160-70

[BT-2] Bartoli, D., Timpanella, M. On a conjecture on APN permutations. Cryptogr. Commun. 14, 925–931 (2022)

[BCL-3] Budaghyan, L., Carlet, C., Leander, G.: Two classes of quadratic APN binomials inequivalent to power functions. IEEE Trans. Inf. Theory 54(9), 4218–4229 (2008)

[Dillon-4] 4.0 ^4.1 Browning, K., Dillon, J.F., McQuistan, M., Wolfe, A.J.: An APN permutation in dimension six. In: Post-proceedings of the 9-th International conference on Finite Fields and their applications, American Mathematical Society, vol. 518, pp. 33–42 (2010)

[BL-5] Beierle, C., Leander, G.: New instances of quadratic APN functions, arXiv:2009.07204 (2020)

[CalSalVil-6] 6.0 ^6.1 Marco Calderini, Massimiliano Sala, Irene Villa, A note on APN permutations in even dimension, Finite Fields and Their Applications, vol. 46, 1-16, 2017

[Dobbertin-7] H. Dobbertin. Private Communication, 1998.

[Hou-8] 8.0 ^8.1 X.-D. Hou. Affinity of Permutations of $\mathbb {F} _{2}^{n}$ . Proceedings of Workshop on Coding and Cryptography WCC 2003, pp. 273-280, 2003. Completed version in Discrete Applied Mathematics 154 (2), pp. 313-325, 2006.

[Canteaut-9] A. Canteaut. Differential cryptanalysis of Feistel ciphers and differentially uniform mappings. Proceedings of Selected Areas on Cryptography, SAC 1997, pp. 172-184, 1997.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

APN Permutations

Contents

Characterization of Permutations

Component Functions

Autocorrelation Functions of the Directional Derivatives

Characterization of APN Permutations

On the component functions

Autocorrelation Functions of the Directional Derivatives

On APN Power Functions

The Big Open APN Problem

Navigation menu

APN Permutations

Characterization of Permutations

Component Functions

Autocorrelation Functions of the Directional Derivatives

Characterization of APN Permutations

On the component functions

Autocorrelation Functions of the Directional Derivatives

On APN Power Functions

The Big Open APN Problem

Navigation menu

Search