Class of Quadratic Almost Bent Functions That Is EA-Inequivalent to ...

Hindawi Discrete Dynamics in Nature and Society Volume 2017, Article ID 9627840, 3 pages https://doi.org/10.1155/2017/9627840

Research Article Class of Quadratic Almost Bent Functions That Is EA-Inequivalent to Permutations Xinyang Zhang and Meng Zhou School of Mathematics and Systems Science, Beihang University, No. 37, Xueyuan Road, Haidian District, Beijing 100191, China Correspondence should be addressed to Xinyang Zhang; [email protected] Received 15 February 2017; Revised 9 April 2017; Accepted 11 April 2017; Published 13 August 2017 Academic Editor: Allan C. Peterson Copyright © 2017 Xinyang Zhang and Meng Zhou. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. The permutation relationship for the almost bent (AB) functions in the finite field is a significant issue. Li and Wang proved that a class of AB functions with algebraic degree 3 is extended affine- (EA-) inequivalent to any permutation. This study proves that another class of AB functions, which was developed in 2009, is EA-inequivalent to any permutation. This particular AB function is the first known quadratic class EA-inequivalent to permutation.

1. Introduction Almost perfect nonlinear (APN) and almost bent (AB) functions and significant theoretical meanings have been extensively applied in finite field theory. The search for new APN (see Definition 1) and AB (which also implies APN property) functions has become an interesting topic. Power functions have six known classes of APN functions, namely, Gold [1], Kasami [2], Welch [3, 4], Niho [4], Inverse, and Dobbertin [5]. Apart from power functions, APN function also has several known classes. Accordingly, [6–11] show that all results are quadratic functions (the meaning of degree is a little different, see Definitions 2 and 3). In the design of a block cipher, permutations over 𝐹2𝑛 with an even 𝑛 are preferred due to hardware and software requirements. No APN permutation over 𝐹2𝑛 with an even 𝑛 was determined until Dillon [12] in 2009. Thus, the Big APN problem emerged: Does such function exist? This problem is still open for 𝑛 ≥ 8. Berger et al. in [13] provided a significant solution for the Big APN problem: if the components of an APN function over 𝐹2𝑛 with an even 𝑛 are plateaued, then a bent component exists, which is not permuted. This result is negative for quadratic functions because quadratic implies reaching a plateau [14]. If 𝐹2𝑛 is changed by an odd 𝑛, then the plateaued APN functions are equal to the AB functions based on the result of [3]. The AB functions are conjectured to be EA-equivalent (see Definition 4) to the permutations.

In 2013, Li and Wang [15] proved that the infinite class in [7] is EA-inequivalent to any permutation. Definition 1. 𝐹(𝑥) is called almost perfect nonlinear (APN) function on 𝐹2𝑛 if 𝐷𝑎 𝐹(𝑥) = 𝐹(𝑥 + 𝑎) − 𝐹(𝑥) are 2−1 on 𝐹2𝑛 (i.e., 𝐷𝑎 𝐹(𝑥) = 𝐷𝑎 𝐹(𝑦) if and only if 𝑥 = 𝑦 or 𝑥 + 𝑎 = 𝑦) for all 𝑎 ∈ 𝐹2𝑛 \ {0}. Almost bent (AB) function is a kind of APN function. Definition 2. Every mapping 𝐹 : 𝐹2𝑛 → 𝐹2𝑛 can be unique 𝑛 represented in the form 𝐹(𝑥) = ∑2𝑖=0−1 𝑎𝑖 𝑥𝑖 , called the algebraic normal form (ANF) of mapping 𝐹. ANF is zero (i.e., 𝑎𝑖 = 0 for any 0 ≤ 𝑖 ≤ 2𝑛 − 1) if and only if mapping is zero (i.e., 𝐹(𝑥) = 0 for any 𝑥). Definition 3. Every 0 ≤ 𝑗 ≤ 2𝑛 − 1 is equal to an 𝑛 tuple 𝑗1 ⋅ ⋅ ⋅ 𝑗𝑛 ∈ 𝑍2𝑛 as 𝑗 = ∑𝑛𝑘=1 𝑗𝑘 2𝑛−𝑘 , called the 𝑛 bits binary representation of 𝑗. Integer 𝑗 and 𝑛 tuple 𝑗1 ⋅ ⋅ ⋅ 𝑗𝑛 will be regarded as the same from here. The degree of monomial 𝑥𝑗 on 𝐹2𝑛 is not 𝑗 itself but the number of support supp(𝑗) = {𝑘 : 𝑗𝑘 ≠ 0}, called the weight of 𝑗 and denoted as 𝑤𝑡(𝑗). The degree of mapping 𝐹 : 𝐹2𝑛 → 𝐹2𝑛 is deg 𝐹 = max{𝑤𝑡(𝑖) : 𝑎𝑖 ≠ 0}, the highest degree of all nonzero monomials in its ANF. For example, linear mappings on 𝐹2𝑛 are in the form 𝑛−1 2𝑖 2𝑖 𝐿(𝑥) = ∑𝑛−1 𝑖=0 𝑙𝑖 𝑥 . Trace mapping tr(𝑥) = ∑𝑖=0 𝑥 is a linear mapping only of values 0 or 1.

2

Discrete Dynamics in Nature and Society

Definition 4. Two mappings 𝐹󸀠 and 𝐹 over 𝐹2𝑛 are called extended affine- (EA-) equivalent if there are affine permutations 𝐴 1 , 𝐴 2 , and 𝐴 over 𝐹2𝑛 such that 𝐹󸀠 = 𝐴 1 ∘ 𝐹 ∘ 𝐴 2 + 𝐴 and affine-equivalent if 𝐴 = 0.

[tr(𝑎3 ) + 1] tr(𝑎3 𝐿(𝑎−1 )) = 0 for any 𝑎. Obviously, 𝐿(𝑥) = 𝑏2 𝑥 + 𝑏𝑥2 and 𝐿(𝑥) = tr(𝑏𝑥) satisfy the identity. Theorem 8 will show that all kinds of 𝐿(𝑥) satisfying the identity are the adding of the two kinds above.

2. Methods and Tools

2 Theorem 8. One assumes that 𝑛 ≥ 9 and 𝐿(𝑥) = ∑𝑛−1 𝑖=0 𝑙𝑖 𝑥 3 3 −1 over 𝐹2𝑛 . If (tr(𝑎 ) + 1) tr(𝑎 𝐿(𝑎 )) ≡ 0, then

𝑖

Lemma 5. 𝐹(𝑥) over 𝐹2𝑛 is EA-equivalent to permutation if and only if there is linear mapping 𝐿(𝑥) such that 𝐹(𝑥) + 𝐿(𝑥) is permuted on 𝐹2𝑛 .

2

𝐿 (𝑥) = (𝑙1 + 𝑏) 𝑥 + (𝑙1 + 𝑏) 𝑥2 + tr (𝑏𝑥) . Proof. Initially,

Proof. If 𝐴 1 ∘ 𝐹 ∘ 𝐴 2 + 𝐴 is permuted, then 𝐴−1 1 ∘ (𝐴 1 ∘ 𝐹 ∘ −1 −1 𝐴 2 + 𝐴) ∘ 𝐴−1 2 = 𝐹 + 𝐴 1 ∘ 𝐴 ∘ 𝐴 2 is also permuted over 𝐹2𝑛 . 𝑛−1 𝑛−1 −1 2𝑖 2𝑖 𝐴−1 1 ∘ 𝐴 ∘ 𝐴 2 = ∑𝑖=0 𝑙𝑖 𝑥 + 𝑐 denotes that 𝐹(𝑥) + ∑𝑖=0 𝑙𝑖 𝑥 , thereby permuted over 𝐹2𝑛 .

(tr (𝑎3 ) + 1) tr (𝑎3 𝐿 (𝑎−1 )) = tr (𝑎3 (tr (𝑎3 ) + 1) 𝐿 (𝑎−1 )) 𝑛−1 𝑖=0

The exponents 3(2𝑖 +1)+(−2𝑗 ) and 3+(−2𝑗 ) (plus negative will be denoted as minus for convenience) can be divided into the following orbits:

Definition 6. Consider the circulation mapping 𝑔 : 𝑍2𝑛 → 𝑍2𝑛 defined as 𝑔(𝑗1 𝑗2 ⋅ ⋅ ⋅ 𝑗𝑛 ) = 𝑗2 ⋅ ⋅ ⋅ 𝑗𝑛 𝑗1 , which means 2𝑗 when 𝑗 ≤ 2𝑛−1 − 1 or 2𝑗 − 2𝑛 + 1 when 𝑗 ≥ 2𝑛−1 . 𝑐(𝑗) = {𝑔𝑖 (𝑗) : 𝑖 ∈ 𝑍} is called the circulation orbit of 𝑗 and its order |𝑐(𝑗)| = min{𝑖 ∈ 𝑁∗ : 𝑔𝑖 (𝑗) = 𝑗} minimal positive period of 𝑗.

1: 3−20 , 3−21 , 3(20 +1)−21 , 3(20 +1)−22 , 3(21 +1)−20 , 3(21 + 1) − 23 , 3(2𝑛−1 + 1) − 22 , 3(2𝑛−1 + 1) − 2𝑛−1 . 101⋅ ⋅ ⋅ 1: 3 − 2𝑗 (2 ≤ 𝑗 ≤ 𝑛 − 1), 3(20 + 1) − 2𝑗 (𝑗 = 0 or 3 ≤ 𝑗 ≤ 𝑛 − 1), 3(2𝑖 + 1) − 2𝑗 (2 ≤ 𝑖 ≤ 𝑛 − 2, 𝑗 = 𝑖 + 2) or 𝑗 = 𝑖 + 2 and 101 of 3(21 + 1) − 22 and 3(2𝑛−1 + 1) − 21 and 1011 of 3(23 + 1) − 24 and 3(2𝑛−3 + 1) − 21 .

The lemma below is obvious since tr(𝑎𝑖 𝑥𝑖 ) and tr(𝑎𝑗 𝑥𝑗 ) have no similar terms when 𝑖 ∉ 𝑐(𝑗). 𝑛

2 −1 Lemma 7. tr(∑𝑖=0 𝑎𝑖 𝑥𝑖 ) = 0 if and only if tr(∑𝑖∈𝑐(𝑗) 𝑎𝑖 𝑥𝑖 ) = 0 𝑛 for every 0 ≤ 𝑗 ≤ 2 − 1.

10⋅ ⋅ ⋅ 011: 3(2𝑖 + 1) − 2𝑗 (2 ≤ 𝑖 ≤ 𝑛 − 2, 𝑗 = 0, 1, 𝑖, 𝑖 + 1), 100011 of 3(21 + 1) − 2𝑛−2 and 3(2𝑛−1 + 1) − 2𝑛−3 , 111 of 3(21 + 1) − 21 and 3(2𝑛−1 + 1) − 20 .

3. Main Result and Proof

101⋅ ⋅ ⋅ 10⋅ ⋅ ⋅ 011: 3(2𝑖 +1)−2𝑗 , 4 ≤ 𝑖 ≤ 𝑛−2, 3 ≤ 𝑗 ≤ 𝑖−1 or 𝑖 + 3 ≤ 𝑗 ≤ 𝑛 − 1.

If 𝐷𝑎 𝐹(𝑥) = 0 has no solution for any 𝑎 ∈ 𝐹2𝑛 \ {0}, then 𝐹(𝑥) is permuted. If 𝑎 exists, such that 𝑎𝑇 (𝐴𝑥 + 𝑏) = 1, then 𝐴𝑥 + 𝑏 = 0 has no solution based on linear algebra. If 𝐷𝑎 𝐹(𝑥) is 2 − 1, then rank 𝐴 = 𝑛 − 1 and 𝑎, which satisfies 𝑎𝑇 𝐴 = 0, is unique. Furthermore, 𝑎 satisfies 𝑎𝑇 𝑏 = 1. If tr(𝑎3 ) = 0, then tr(𝑎3 𝐷𝑎−1 (𝑥3 + tr(𝑥9 ) + 𝐿(𝑥))) = tr(𝑎3 𝐿(𝑎−1 ) + 1). If tr(𝑎3 𝐿(𝑎−1 )) = 0 when tr(𝑎3 ) = 0, then

101 ⋅ ⋅ ⋅ 1: 101:

10001⋅ ⋅ ⋅ 1: 3(21 + 1) − 2𝑗 and 3(2𝑛−1 + 1) − 2𝑗 with 𝑗 unequal to 𝑛 − 2 and 𝑛 − 3. The condition 𝑛 ≥ 9 can distinguish this class from 10100011. The following equations were formulated based on Lemma 7:

1/4 𝑙01/2 + 𝑙1 + 𝑙11/4 + 𝑙21/2 + 𝑙01/8 + 𝑙3 + 𝑙𝑛−1 + 𝑙22 = 0 𝑗

1/2 𝑙𝑗 + 𝑙𝑗+1 + 𝑙𝑗+2 + 𝑙22 = 0

(2 ≤ 𝑗 ≤ 𝑛 − 3)

𝑙𝑛−1 + 𝑙01/2 + 𝑙21/2 + 𝑙1 = 0

1011:

1/2 + 𝑙0 + 𝑙21/4 + 𝑙41/4 + 𝑙12 = 0 𝑙𝑛−2 + 𝑙𝑛−1

100011:

2 + 𝑙41/4 + 𝑙04 + 𝑙61/4 + 𝑙18 = 0 𝑙𝑛−2 + 𝑙𝑛−3

111: 10 ⋅ ⋅ ⋅ 011:

2 =0 𝑙1 + 𝑙02 + 𝑙3 + 𝑙14 + 𝑙01/2 + 𝑙𝑛−2

𝑙3 + 𝑙08 + 𝑙5 + 𝑙116 = 0 𝑖

𝑖+1

𝑙𝑖 + 𝑙02 + 𝑙𝑖+2 + 𝑙12 101 ⋅ ⋅ ⋅ 10 ⋅ ⋅ ⋅ 011:

(2)

𝑖

= tr ((( ∑ 𝑎3(2 +1) ) + 𝑎3 ) 𝐿 (𝑎−1 )) .

Circulation and cycle are introduced to identify and 2𝑛 −1 combine similar terms in tr(∑𝑖=0 𝑎𝑖 𝑥𝑖 ).

1:

(1)

𝑗

2 =0 𝑙𝑖 = 𝑙𝑛+𝑖−𝑗

=0

(5 ≤ 𝑖 ≤ 𝑛 − 3)

(3 ≤ 𝑖 ≤ 𝑛 − 3, 2 ≤ 𝑗 ≤ 𝑛 − 𝑖 − 1) .

(3)

Discrete Dynamics in Nature and Society 𝑖−𝑗

The last equation implies that 𝑙𝑖 = 𝑙𝑗2 2 ; 𝑙𝑛−1

3 for all 3 ≤ 𝑖, 𝑗 ≤

2𝑖

then 𝑙𝑖 = 𝑏 for all 3 ≤ 𝑖 ≤ 𝑛 − 1. 𝑛 − 1. We let 𝑏 = 1/2 + We let 𝑗 = 𝑛 − 3 in the second equation; thus, 𝑙𝑛−3 + 𝑙𝑛−2 2𝑛−3 2𝑛−3 4 𝑙𝑛−1 + 𝑙2 = 𝑙𝑛−1 + 𝑙2 = 0. Therefore, 𝑙2 = 𝑏 . Moreover, 𝑙𝑛−1 = 𝑏1/2 and 𝑙2 = 𝑏4 are substituted into the third equation; thus, (𝑙0 + 𝑏)1/2 = 𝑙1 + 𝑏2 . Therefore, 𝐿(𝑥) = (𝑙1 + 𝑏2 )2 𝑥 + (𝑙1 + 𝑏2 )𝑥2 + tr(𝑏𝑥). 𝑥3 + tr(𝑥9 ) + 𝐿(𝑥) cannot be permuted unless 𝐿(𝑥) is in the form 𝑎𝑥2 + 𝑎2 𝑥 + tr(𝑏𝑥). Thus only 𝑥3 + tr(𝑥9 ) + 𝑎𝑥2 + 𝑎2 𝑥 + tr(𝑏𝑥) should be considered. If 𝑦 = 𝑥 + 𝑎, then it is equal to 𝑦3 + tr(𝑦9 ) + tr(𝑏𝑦 + 𝑎8 𝑦 + 𝑎𝑦8 ) + 𝑎3 + tr(𝑎9 + 𝑎𝑏), only different in a constant with 𝑦3 +tr(𝑦9 )+tr(𝑏󸀠 𝑦), in which 𝑏󸀠 = 𝑏 + 𝑎8 + 𝑎1/8 . Theorem 9. 𝑥3 + tr(𝑥9 ) + tr(𝑏𝑥) with 𝑛 ≥ 5 odd is not permuted. Proof. 𝑥3 is permuted on 𝐹2𝑛 because 𝑛 is odd; its inverse is 𝑥𝑡 in which supp(𝑡) = {1, 3, . . . , 𝑛}. So the theorem is equal to 𝑥 + tr(𝑥3 ) + tr(𝑏𝑥𝑡 ) which is not permuted. There is 𝐷1 (𝑥 + tr(𝑥3 ) + tr(𝑏𝑥𝑡 )) = 𝐷1 tr(𝑏𝑥𝑡 ) = tr(𝑏 ∑𝑗∈Λ 𝑥𝑗 ), in which Λ = {0 ≤ 𝑗 ≤ 2𝑛 − 1 : supp(𝑗) ⊂ supp(𝑡)}. Every 𝑗 with 𝑗1 = 𝑗𝑛 = 1 satisfies 𝑖 ∉ 𝑐(𝑗) if 𝑖 ∈ Λ \ {𝑗}, which means tr(𝑏𝑥𝑗 ) has no similar terms with tr(𝑏𝑥𝑖 ); and |𝑐(𝑗)| = 𝑛, which means the terms in tr(𝑏𝑥𝑗 ) are not similar to each other. Since 𝑗1 and 𝑗𝑛 will be adjacent after circulation, when 𝑗1 = 𝑗𝑛 = 1 there is Λ ∩ 𝑐(𝑗) = {𝑗}, which means 𝑏𝑥𝑗 is not similar to other terms in tr(𝑏 ∑𝑗∈Λ 𝑥𝑗 ). Thus ANF of tr(𝑏 ∑𝑗∈Λ 𝑥𝑗 ) is not 1. According to Definitions 2 and 3, there exists 𝑥 ∈ 𝐹2𝑛 such that tr(𝑏𝑥𝑡 ) = tr(𝑏(𝑥+1)𝑡 ). However, 𝑥+tr(𝑥3 ) is equal to 𝑥+1+tr(𝑥+1)3 .

4. Conclusions The AB class in [11] when 𝑛 ≥ 9 is EA-inequivalent to permutations. However, distinguishing whether the AB class is CCZ-equivalent to permutations is still unknown. Furthermore, the relationship of the permutations of the APN classes in [6, 8–10] and class with tr𝑚/𝑛 in [7] is unknown. The solution to these problems will be a significant topic in algebra and cryptography in the future.

Conflicts of Interest The authors declare that they have no conflicts of interest.

Acknowledgments This work is partly supported by NSFC Project 11271040.

References [1] R. Gold, “Maximal recursive sequences with 3-valued recursive cross-correlation functions (corresp.),” IEEE Transactions on Information Theory, vol. 14, no. 1, pp. 154–156, 1968. [2] T. Kasami, “The weight enumerators for several classes of subcodes of the 2nd order binary Reed-Muller codes,” Information and Control, vol. 18, no. 4, pp. 369–394, 1971.

[3] A. Canteaut, P. Charpin, and H. Dobbertin, “Binary m-sequences with three-valued crosscorrelation: a proof of Welch’s conjecture,” IEEE Transactions on Information Theory, vol. 46, no. 1, pp. 4–8, 2000. [4] Y. Niho, Multi-valued cross-correlation functions between two maximal linear recursive sequences [Ph.D. thesis], 1972. [5] H. Dobbertin, “Almost perfect nonlinear power functions on GF(2𝑛 ): a new case for n Divisible by 5,” in Finite Fields and Applications, pp. 113–121, Springer, Berlin, Germany, 2001. [6] C. Bracken, E. Byrne, N. Markin, and G. McGuire, “New families of quadratic almost perfect nonlinear trinomials and multinomials,” Finite Fields and Their Applications, vol. 14, no. 3, pp. 703–714, 2008. [7] L. Budaghyan, C. Carlet, and A. Pott, “New classes of almost bent and almost perfect nonlinear polynomials,” IEEE Transactions on Information Theory, vol. 52, no. 3, pp. 1141–1152, 2006. [8] L. Budaghyan, C. Carlet, P. Felke, and G. Leander, “An infinite class of quadratic APN functions which are not equivalent to power mappings,” in Proceedings of the IEEE International Symposium on Information Theory (ISIT ’06), pp. 2637–2641, Seattle, Wash, USA, July 2006. [9] L. Budaghyan, C. Carlet, P. Felke, and G. Leander, “Another class of quadratic APN binomials over 𝐹2𝑛 : the case divisible by 4,” in Proceedings of the International Workshop on Coding and Cryptography (WCC ’07), pp. 49–58, Versailles, France, 2007. [10] L. Budaghyan and C. Carlet, “Classes of quadratic APN trinomials and hexanomials and related structures,” IEEE Transactions on Information Theory, vol. 54, no. 5, pp. 2354–2357, 2008. [11] L. Budaghyan, C. Carlet, and G. Leander, “Constructing new APN functions from known ones,” Finite Fields and Their Applications, vol. 15, no. 2, pp. 150–159, 2009. [12] J. Dillon, “APN polynomials: an update,” http://maths.ucd.ie/ ∼gmg/Fq9Talks/Dillon.pdf. [13] T. P. Berger, A. Canteaut, P. Charpin, and Y. Laigle-Chapuy, “On almost perfect nonlinear functions over 𝐹2𝑛 ,” IEEE Transactions on Information Theory, vol. 52, no. 9, pp. 4160–4170, 2006. [14] F. J. MacWilliams and N. J. Sloane, The Theory of ErrorCorrecting Codes, North Holland Publishing, Amsterdam, Netherlands, 1977. [15] Y. Li and M. Wang, “The nonexistence of permutations EAequivalent to certain AB functions,” IEEE Transactions on Information Theory, vol. 59, no. 1, pp. 672–679, 2013.

Advances in

Operations Research Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Advances in

Decision Sciences Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Journal of

Applied Mathematics

Algebra

Hindawi Publishing Corporation http://www.hindawi.com

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Journal of

Probability and Statistics Volume 2014

The Scientific World Journal Hindawi Publishing Corporation http://www.hindawi.com

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

International Journal of

Differential Equations Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Volume 2014

Submit your manuscripts at https://www.hindawi.com International Journal of

Advances in

Combinatorics Hindawi Publishing Corporation http://www.hindawi.com

Mathematical Physics Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Journal of

Complex Analysis Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

International Journal of Mathematics and Mathematical Sciences

Mathematical Problems in Engineering

Journal of

Mathematics Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Volume 2014

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

#HRBQDSDĮ,@SGDL@SHBR

Journal of

Volume 201

Hindawi Publishing Corporation http://www.hindawi.com

Discrete Dynamics in Nature and Society

Journal of

Function Spaces Hindawi Publishing Corporation http://www.hindawi.com

Abstract and Applied Analysis

Volume 2014

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

International Journal of

Journal of

Stochastic Analysis

Optimization

Hindawi Publishing Corporation http://www.hindawi.com

Hindawi Publishing Corporation http://www.hindawi.com

Volume 2014

Volume 2014