Constructing Functions with Low Differential Uniformity

Abstract

The lower the differential uniformity of a function, the more resilient it is to differential cryptanalysis if used in a substitution box. APN functions and planar functions are specifically those functions which have optimal differential uniformity in even and odd characteristic, respectively. In this article, we provide two methods for constructing functions with low, but not necessarily optimal, differential uniformity. Our first method involves altering the coordinate functions of any known planar function and relies upon the relation between planar functions and orthogonal systems identified by Coulter and Matthews in 1997. As planar functions exist only over fields of odd order, the method works for odd characteristic only. The approach also leads us to a generalization of Dillon’s Switching Technique for constructing APN functions. Our second construction method is motivated by a result of Coulter and Henderson, who showed in 2008 how commutative presemifields of odd order were in one-to-one correspondence with planar Dembowski–Ostrom polynomials via the multiplication of the presemifield. Using this connection as a starting point, we examine the functions arising from the multiplication of other well-structured algebraic objects such as non-commutative presemifields and planar nearfields. In particular, we construct a number of infinite classes of functions which have low, though not optimal, differential uniformity. This class of functions originally stems from the presemifields of Kantor and Williams of characteristic 2. Thus, regardless of the characteristic, between our two methods we are able to construct infinitely many functions which have low, though not optimal, differential uniformity over fields of arbitrarily large order.

Appendix: The Irregular Planar Nearfields

In this appendix, we wish to give a description of the irregular planar nearfields. We follow the outline given by S.D. Groves [18]. To describe them, we need to give a description of both the addition and multiplication of each. For the addition, we have the following theorem which holds for all nearfields.

Theorem 16

Let \({\mathbb {N}}\) be a nearfield of finite dimension n over its prime field \({\mathbb {F}}_{p}\). Then, \({{\,\mathrm{GL}\,}}(n,p)\) has a fixed point free subgroup \(\mathcal {S}^\star \) such that if \(\mathcal {S}=\mathcal {S}^\star \cup \{\mathbf{{0}} \}\), where \(\mathbf{{0}}\) denotes the \(n\times n\) zero matrix, then an addition can be defined on \(\mathcal {S}\) in such a way that, under this addition and matrix multiplication, \(\mathcal {S}\) is a nearfield isomorphic to \({\mathbb {N}}\).

Though this does not give an explicit description of the addition, it does allow for a description of the irregular nearfields in terms of just the generators of the subgroup \(\mathcal {S}^\star \) of the theorem. This is given in the following classification statement due to Zassenhaus [25].

Theorem 17

Let \({\mathbb {N}}\) be a finite irregular nearfield. Then, \({\mathbb {N}}\) has order \(p^2\) and is isomorphic to one of the following nearfields \(\mathcal {S}_i\), where \(\mathcal {S}_i^\star \) is the subgroup of \({{\,\mathrm{GL}\,}}(2,p)\) generated by the matrices given below and where addition is defined as in Theorem 16.

1. I.

   \(|\mathcal {S}_1|=5^2\) and \(\mathcal {S}_1^\star =\langle {\mathbf{{a}},\mathbf{{b}}}\rangle \), where

   $$\begin{aligned} \mathbf{{a}} = \left( \begin{array}{cc} 0 &{}-1\\ 1 &{}0\\ \end{array}\right) , \mathbf{{b}} = \left( \begin{array}{cc} 1 &{}-2\\ -1 &{}-2\\ \end{array}\right) . \end{aligned}$$
2. II.

   \(|\mathcal {S}_2|=11^2\) and \(\mathcal {S}_2^{\star } =\langle {\mathbf{{a}},\mathbf{{b}},\mathbf{{c}}}\rangle \), where

   $$\begin{aligned} \mathbf{{a}} = \left( \begin{array}{cc} 0 &{}-1\\ 1 &{}0\\ \end{array}\right) , \mathbf{{b}} = \left( \begin{array}{cc} 1 &{}5\\ -5 &{}-2\\ \end{array}\right) , \mathbf{{c}} = \left( \begin{array}{cc} 4 &{}0\\ 0 &{}4\\ \end{array}\right) . \end{aligned}$$
3. III.

   \(|\mathcal {S}_3|=7^2\) and \(\mathcal {S}_3^{\star } =\langle {\mathbf{{a}},\mathbf{{b}}}\rangle \), where

   $$\begin{aligned} \mathbf{{a}} = \left( \begin{array}{cc} 0 &{}-1\\ 1 &{}0\\ \end{array}\right) , \mathbf{{b}} = \left( \begin{array}{cc} 1 &{}4\\ -1 &{}-2\\ \end{array}\right) . \end{aligned}$$
4. IV.

   \(|\mathcal {S}_4|=23^2\) and \(\mathcal {S}_4^{\star } =\langle {\mathbf{{a}},\mathbf{{b}},\mathbf{{c}}}\rangle \), where

   $$\begin{aligned} \mathbf{{a}} = \left( \begin{array}{cc} 0 &{}-1\\ 1 &{}0\\ \end{array}\right) , \mathbf{{b}} = \left( \begin{array}{cc} 1 &{}-6\\ 12 &{}-2\\ \end{array}\right) , \mathbf{{c}} = \left( \begin{array}{cc} 2 &{}0\\ 0 &{}2\\ \end{array}\right) . \end{aligned}$$
5. V.

   \(|\mathcal {S}_5|=11^2\) and \(\mathcal {S}_5^\star =\langle {\mathbf{{a}},\mathbf{{b}}}\rangle \), where

   $$\begin{aligned} \mathbf{{a}} = \left( \begin{array}{cc} 0 &{}-1\\ 1 &{}0\\ \end{array}\right) , \mathbf{{b}} = \left( \begin{array}{cc} 2 &{}4\\ 1 &{}-3\\ \end{array}\right) . \end{aligned}$$
6. VI.

   \(|\mathcal {S}_6|=29^2\) and \(\mathcal {S}_6^{\star } =\langle {\mathbf{{a}},\mathbf{{b}},\mathbf{{c}}}\rangle \), where

   $$\begin{aligned} \mathbf{{a}} = \left( \begin{array}{cc} 0 &{}-1\\ 1 &{}0\\ \end{array}\right) , \mathbf{{b}} = \left( \begin{array}{cc} 1 &{}-7\\ -12 &{}-2\\ \end{array}\right) , \mathbf{{c}} = \left( \begin{array}{cc} 16 &{}0\\ 0 &{}16\\ \end{array}\right) . \end{aligned}$$
7. VII.

   \(|\mathcal {S}_7|=59^2\) and \(\mathcal {S}_7^{\star } =\langle {\mathbf{{a}},\mathbf{{b}},\mathbf{{c}}}\rangle \), where

   $$\begin{aligned} \mathbf{{a}} = \left( \begin{array}{cc} 0 &{}-1\\ 1 &{}0\\ \end{array}\right) , \mathbf{{b}} = \left( \begin{array}{cc} 9 &{}15\\ -10 &{}-10\\ \end{array}\right) , \mathbf{{c}} = \left( \begin{array}{cc} 4 &{}0\\ 0 &{}4\\ \end{array}\right) . \end{aligned}$$