Abstract
Whether there exist Almost Perfect Non-linear permutations (APN) operating on an even number of bits is the so-called Big APN Problem. It has been solved in the 6-bit case by Dillon et al. in 2009 but, since then, the general case has remained an open problem. In 2016, Perrin et al. discovered the butterfly structure which contains Dillon et al.’s permutation over \(\mathbb {F}_{2^{6}}\). Later, Canteaut et al. generalised this structure and proved that no other butterflies with exponent 3 can be APN. Recently, Yongqiang et al. further generalized the structure with Gold exponent and obtained more differentially 4-uniform permutations with optimal nonlinearity. However, the existence of more APN permutations in their generalization was left as an open problem. In this paper, we adapt the proof technique of Canteaut et al. to handle all Gold exponents and prove that a generalised butterfly with Gold exponents over \(\mathbb {F}_{2^{n}}\) can never be APN when n > 3. More precisely, we prove that such a generalised butterfly being APN implies that the branch size is strictly smaller than 5. Hence, the only APN butterflies operate on 3-bit branches, i.e. on 6 bits in total.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Berger, T.P., Canteaut, A., Charpin, P., Laigle-Chapuy, Y.: On almost perfect nonlinear functions over \(\mathbf {F}_{2}^{n}\). IEEE Trans. Inf. Theory 52(9), 4160–4170 (2006)
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO’90, volume 537 of LNCS, pp 2–21. Springer, Heidelberg (1991)
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991)
Browning, K.A., Dillon, J.F., McQuistan, M.T., Wolfe, A.J.: An APN permutation in dimension six. In: Finite Fields: Theory and Applications - FQ9, volume 518 of Contemporary Mathematics, pp. 33–42. AMS (2010)
Canteaut, A., Duval, S., Perrin, L.: A generalisation of Dillon’s APN permutation with the best known differential and nonlinear properties for all fields of size 24k+ 2. IEEE Trans. Inf. Theory 63(11), 7575–7591 (2017)
Carlet, C., Charpin, P., Zinoviev, V.A.: Codes, bent functions and permutations suitable for DES-like cryptosystems. Des. Codes Cryptogr. 15(2), 125–156 (1998)
Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT’94, volume 950 of LNCS, pp 356–365. Springer, Heidelberg (1995)
Fu, S., Feng, X., Wu, B.: Differentially 4-uniform permutations with the best known nonlinearity from butterflies. IACR Trans. Symm. Cryptol. 2017(2), 228–249 (2017)
Helleseth, T., Kholosha, A.: On the equation \(x^{2^{l}+ 1}+x+a = 0\) over GF(2k). Finite Fields Appl. 14(1), 159–176 (2008)
Hou, X.d.: Affinity of permutations of \(\mathbb {F}_{2^{n}}\). Discret. Appl. Math. 154(2), 313–325 (2006)
Li, Y., Tian, S., Yu, Y., Wang, M.: On the generalization of butterfly structure. IACR Trans. Symm. Cryptol. 2018(1), 160–179 (2018)
Li, Y., Wang, M.: Constructing S-boxes for lightweight cryptography with Feistel structure. In: Batina, L., Robshaw, M. (eds.) CHES 2014, volume 8731 of LNCS, pp 127–146. Springer, Heidelberg (2014)
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT’93, volume 765 of LNCS, pp 386–397. Springer, Heidelberg (1994)
Nyberg, K.: Differentially uniform mappings for cryptography. In: Helleseth, T. (ed.) EUROCRYPT’93, volume 765 of LNCS, pp 55–64. Springer, Heidelberg (1994)
Nyberg, K., Knudsen, L.R.: Provable security against differential cryptanalysis (rump session). In: Brickell, E.F. (ed.) CRYPTO’92, volume 740 of LNCS, pp 566–574. Springer, Heidelberg (1993)
Perrin, L., Udovenko, A., Biryukov, A.: Cryptanalysis of a theorem: Decomposing the only known solution to the big APN problem. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016, Part II, volume 9815 of LNCS, pp 93–122. Springer, Heidelberg (2016)
Yu, Y., Wang, M., Li, Y.: A matrix approach for constructing quadratic APN, functions. Des Codes Cryptogr. 73(2), 587–600 (2014)
Acknowledgments
The work of Léo Perrin was supported by the Fondation Sciences Mathématiques de Paris. The work of Shizhu Tian was supported by the National Science Foundation of China (No. 61772517, 61772516). The authors thank the anonymous reviewers for their careful reading and for their valuable comments.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection on Special Issue on Sequences and Their Applications
Rights and permissions
About this article
Cite this article
Canteaut, A., Perrin, L. & Tian, S. If a generalised butterfly is APN then it operates on 6 bits. Cryptogr. Commun. 11, 1147–1164 (2019). https://doi.org/10.1007/s12095-019-00361-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-019-00361-x