Research Article | Open Access
Tao Xie, "Bent and Permutational Properties of Budaghyan-Carlet Hexanomials", Mathematical Problems in Engineering, vol. 2015, Article ID 467020, 5 pages, 2015. https://doi.org/10.1155/2015/467020
Bent and Permutational Properties of Budaghyan-Carlet Hexanomials
The set related to the existence of Budaghyan-Carlet hexanomials is characterized. By investigating the component functions, it is also proved that none of Budaghyan-Carlet hexanomials cannot be turned into a permutation by adding any linearized polynomial. As a byproduct, a class of quadratic bent functions is obtained.
For a positive integer , let be the finite field with elements and let be its multiplicative group. For a positive integer , a function from to itself is called differentially -uniform if, for every , the equation admits at most solutions in . The differentially 2-uniform functions are called almost perfect nonlinear (APN) functions, introduced in  as the class of functions having good resistance to differential cryptanalysis . Recently, many constructions of APN functions were proposed (the reader is referred to the survey on APN polynomials  and references therein), and people also considered their applications in the topics such as finite geometries, cyclic codes, and sequences. Thus, it is interesting to find APN permutations since they are important candidates as cryptographically strong substitution boxes (S-boxes) of block ciphers . However, the existence of APN permutations for even dimension has been a long-standing question. Very recently, the first example of APN permutations over was found in . From the cryptographic point of view, it is also of great interest to study permutations with low differential uniformity. For instance, the inverse function over , a differentially -uniform permutation over , is applied to design the S-box of the Advanced Encryption Standard (AES) .
For two positive integers and , a class of Budaghyan-Carlet hexanomialsover is proposed in . It is proved that if there exists an element such that the quadratic polynomialhas no zero satisfying , then is a differentially -uniform function, where . In particular, the case gives a class of APN functions. DenoteThus, the existence of low differential functions having a form as depends on the nonempty property of . To investigate this, a subsetof is considered . It was checked by a computer that when and . Moreover, at least 140 of the 166 checked cases satisfy when . Later on, it was proved that if is even such that and . This result was further improved by removing the condition in . In , it was demonstrated that if and only if and is not an odd integer. As a result, the existence of low differential functions is completely characterized. In the case that is nonempty, in order to represent the differentially uniform function , it is important to determine what elements constitute the set and the cardinality of it. Under the condition that is even, , and , there is an element of the form in , where has order and the elements satisfy and . When removing the condition , an element of the form in is found, where is noncube and are the solutions of and in , respectively .
To resist differential attack, it is desired to use permutations with low differential uniformity in block ciphers. It is well known that adding a linearized polynomial to a function does not change its differential uniformity. This motivates people to investigate the conditions such that the function of the form is a permutation, where is a function with a low differential uniformity and is a linearized polynomial. The case that is a power function is discussed in [10–12]. When is a quadratic APN function on fields of even extensions, it is known that can never be permutations. A natural question is that are there any linearized polynomials such that are permutations if the set is not empty and is small?
This paper discusses the questions proposed above. The complementary set of in is described, and some properties of the cardinality of are also considered. Moreover, it is proved that the function given by (1) cannot be turned into a permutation by adding any linearized polynomial for any positive integers and . As a byproduct, a class of quadratic bent functions is also obtained.
The remainder of this paper is organized as follows. Section 2 introduces some necessary concepts and results. In Section 3, the set is described and some properties of are studied. Section 4 investigates the permutation behavior of the function for a linearized polynomial .
For two positive integers and , a polynomial of the form with coefficients in is called a linearized polynomial over . We use to denote the trace function from to ; that is,
For a Boolean function from to , its Walsh transform is defined asThe Boolean function is called bent if for all .
Lemma 1. Let be a function defined over . Then the following two statements hold:(i)If for two elements and in , then or .(ii) if and only if .
Proof. (i) If for , that is,thenwhich impliesTherefore, or .
(ii) if and only if , which is equivalent to .
If is a bijection from to itself, then it is called a permutation of . The following is a characterization of permutations.
3. Some Properties of the Set
In this section, for any positive integers and , some properties of the set given by (3) are discussed.
The set is described by characterizing its complementary set as follows.
Proposition 3. For any positive integers and , letfor each integer with , where is a primitive element of . Then, we have
Proof. To prove that (13) holds, it suffices to show that if and only if . By (3), if and only if has a zero satisfying . Since is a primitive element of , the elements with are exactly all solutions of . Denote ; then, if and only if satisfiesfor some integer with .
For any positive integer , denote , where the integer satisfies . Thus, an element belongs to if and only if satisfies Therefore, is equal to or where the integer satisfies . As a consequence, (11) holds. For each integer with , if and only if satisfiesBy a direct verification, the elements and with are exactly all solutions of (15). Thus, (12) holds.
The above analysis shows that if and only if . Consequently, (13) holds.
Proposition 4. For two positive integers and with , the set satisfies the following:(i).(ii) for .
Proof. (i) By (11) and (12), we have and for each integer with . Thus, Claim (i) follows from (13).
(ii) To finish the proof of Claim (ii), by (13), it suffices to prove that, for an integer with ,Equation (11) implies for . In the sequel, we will show that there exists a permutation of the set such that for any and each with .
For any , there is a unique integer satisfyingDefine and then is a bijection from to itself.
Let ; then, by (15) for each ,where is a primitive element of and . By (17), we havewhich gives . Again by (17), the facts and are obtained. As a consequence, we have . By (19), we have . Thus, and then ; that is, . Above analysis shows that for each with . This completes the proof.
Proposition 4 tells us that we only need to study the sets for a positive integer and the integer with and . When is a proper subset of , is nonempty. It is also of great interest to know the cardinality of the nonempty set ; however, for a general case the exact cardinality is difficult to calculate. For the special case of , it can be determined as follows.
Proposition 5. For any integer , .
Proof. By Proposition 3, we have , where for by (11) and (12). To prove , it suffices to prove To this end, we will prove two facts below.
Fact 1. holds for each integer with .
Recall that , where and for a primitive element of . Note that holds for any ; then, if and only if for any . In particular, if and only if for each integer satisfying . Thus, holds for each integer with .
Fact 2. holds for any two distinct integers with .
Otherwise, there exists an element such that for two distinct integers with , . Then, we haveThis impliesBy Lemma 1 and (21), we have . Again by Lemma 1, we have . This implies , which is impossible due to . Thus, .
With the above two facts, we havewhere the first equal sign holds due to Fact 1 and the second equal sign holds due to Fact 2. Hence, . This finishes the proof.
4. Permutation Behavior of the Function
In this section, the permutation behavior of the function is studied. Our investigations show that cannot be turned into a permutation by adding any linearized polynomial.
Proposition 6. Let be any positive integers and let be a function on defined by (1) with and . Then the Boolean function is bent for all .
Proof. For each , to prove that is bent, it suffices to prove that the Walsh transform of takes values in the set . By (6), we haveSquaring it givesAssume that for ; then, for each fixed , runs through when runs through . Therefore, we havewhere . By (1), we haveSince for any , can be simplified aswhere the last equal sign holds due to . Therefore,Note that and implies . Consequently, if and only if . Thus,Hence, and the proof is completed.
By Proposition 6, a class of quadratic bent functions is obtained, which is irrelevant to the case whether is nonempty or not. This fact together with Lemma 2 imply that cannot be turned into a permutation by adding a linearized polynomial, because the functions having bent components cannot be permutations (neither their sum with a linearized polynomial).
Theorem 7. For a positive integer , let be the function defined by (1) with and . Then is not a permutation for any linearized polynomial over .
Conflict of Interests
The author declares that there is no conflict of interests regarding the publication of this paper.
The author is grateful to reviewer’s valuable suggestions.
- K. Nyberg, “Differentially uniform mappings for cryptography,” in Advances in Cryptology—EUROCRYPT '93, vol. 765 of Lecture Notes in Computer Science, pp. 55–64, Springer, Berlin, Germany, 1994.
- E. Biham and A. Shamir, “Differential cryptanalysis of DES-like cryptosystems,” Journal of Cryptology, vol. 4, no. 1, pp. 3–72, 1991.
- L. Budaghyan, Construction and Analysis of Cryptographic Functions, Springer, 2015.
- K. Browning, J. Dillon, M. McQuistan, and A. Wolfe, “An APN permutation in dimension six,” in Proceedings of the 9th Conference on Finite Fields and Their Applications (FQ9 '10), vol. 518 of Contemporary Mathematics, pp. 33–42, 2010.
- J. Daemen and V. Rijmen, The Design of Rijndael: AES-The Advanced Encryption Standard, Springer, Berlin, Germany, 2002.
- L. Budaghyan and C. Carlet, “Classes of quadratic APN trinomials and hexanomials and related structures,” IEEE Transactions on Information Theory, vol. 54, no. 5, pp. 2354–2357, 2008.
- C. Bracken, C. H. Tan, and Y. Tan, “On a class of quadratic polynomials with no zeros and its application to APN functions,” Finite Fields and Their Applications, vol. 25, no. 1, pp. 26–36, 2014.
- L. Qu, Y. Tan, and C. Li, “On the Walsh spectrum of a family of quadratic APN functions with five terms,” Science China Information Sciences, vol. 56, no. 6, pp. 1–7, 2013.
- A. W. Bluher, “On existence of Budaghyan-Carlet APN hexanomials,” Finite Fields and Their Applications, vol. 24, no. 3, pp. 118–123, 2013.
- E. Pasalic and P. Charpin, “Some results concerning cryptographically significant mappings over ,” Designs, Codes and Cryptography, vol. 57, no. 3, pp. 257–269, 2010.
- Y. Li and M. Wang, “On EA-equivalence of certain permutations to power mappings,” Designs, Codes and Cryptography, vol. 58, no. 3, pp. 259–269, 2011.
- Y. Li and M. Wang, “Permutation polynomials EA-equivalent to the inverse function over GF(2n),” Cryptography and Communications, vol. 3, no. 1, pp. 175–186, 2011.
- Z. Tu, X. Zeng, and L. Hu, “Several classes of complete permutation polynomials,” Finite Fields and their Applications, vol. 25, no. 1, pp. 182–193, 2014.
- R. Lidl and H. Niederreiter, “Finite fields,” in Encyclclopedia Mathematics and Its Application, pp. 347–365, Cambridge University Press, Oxford, UK, 1997.
Copyright © 2015 Tao Xie. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.