If a generalised butterfly is APN then it operates on 6 bits

Whether there exist Almost Perfect Non-linear permutations (APN) operating on an even number of bits is the so-called Big APN Problem. It has been solved in the 6-bit case by Dillon et al. in 2009 but, since then, the general case has remained an open problem. In 2016, Perrin et al. discovered the butterfly structure which contains Dillon et al.’s permutation over F26$\mathbb {F}_{2^{6}}$. Later, Canteaut et al. generalised this structure and proved that no other butterflies with exponent 3 can be APN. Recently, Yongqiang et al. further generalized the structure with Gold exponent and obtained more differentially 4-uniform permutations with optimal nonlinearity. However, the existence of more APN permutations in their generalization was left as an open problem. In this paper, we adapt the proof technique of Canteaut et al. to handle all Gold exponents and prove that a generalised butterfly with Gold exponents over F2n$\mathbb {F}_{2^{n}}$ can never be APN when n > 3. More precisely, we prove that such a generalised butterfly being APN implies that the branch size is strictly smaller than 5. Hence, the only APN butterflies operate on 3-bit branches, i.e. on 6 bits in total.

[1]  Pulak Mishra,et al.  Mergers, Acquisitions and Export Competitive- ness: Experience of Indian Manufacturing Sector , 2012 .

[2]  Lars R. Knudsen,et al.  Provable Security Against Differential Cryptanalysis , 1992, CRYPTO.

[3]  Shihui Fu,et al.  Differentially 4-Uniform Permutations with the Best Known Nonlinearity from Butterflies , 2017, IACR Trans. Symmetric Cryptol..

[4]  Thierry P. Berger,et al.  On Almost Perfect Nonlinear Functions Over$mmb F_2^n$ , 2006, IEEE Transactions on Information Theory.

[5]  Anne Canteaut,et al.  A Generalisation of Dillon's APN Permutation With the Best Known Differential and Nonlinear Properties for All Fields of Size $2^{4k+2}$ , 2017, IEEE Transactions on Information Theory.

[6]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[7]  Yongqiang Li,et al.  Constructing S-boxes for Lightweight Cryptography with Feistel Structure , 2014, CHES.

[8]  Yongqiang Li,et al.  A matrix approach for constructing quadratic APN functions , 2014, Des. Codes Cryptogr..

[9]  Xiang-dong Hou,et al.  Affinity of permutations of P2n , 2006, Discret. Appl. Math..

[10]  Tor Helleseth,et al.  On the equation x2l+1+x+a=0 over GF(2k) , 2008, Finite Fields Their Appl..

[11]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[12]  Alex Biryukov,et al.  Cryptanalysis of a Theorem: Decomposing the Only Known Solution to the Big APN Problem , 2016, CRYPTO.

[13]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[14]  Serge Vaudenay,et al.  Links Between Differential and Linear Cryptanalysis , 1994, EUROCRYPT.

[15]  Yongqiang Li,et al.  On the Generalization of Butterfly Structure , 2018, IACR Trans. Symmetric Cryptol..

[16]  Claude Carlet,et al.  Codes, Bent Functions and Permutations Suitable For DES-like Cryptosystems , 1998, Des. Codes Cryptogr..