Codes in classical association schemes Kai-Uwe Schmidt Department - PowerPoint PPT Presentation

Linear programming and duality Primary LP problem: Choose x ∈ R s × 1 that maximises cx subject to x ≥ 0, Ax ≥ − b . Dual LP problem: Choose y ∈ R 1 × n that minimises yb subject to y ≥ 0, yA ≤ − c . 9

Linear programming and duality Primary LP problem: Choose x ∈ R s × 1 that maximises cx subject to x ≥ 0, Ax ≥ − b . Dual LP problem: Choose y ∈ R 1 × n that minimises yb subject to y ≥ 0, yA ≤ − c . Useful facts. Let x and y be feasible solutions to the primary and dual LP problem, respectively. Then cx ≤ − yAx ≤ yb . In particular, every feasible solution to the dual problem gives an upper bound for the optimum in the primary problem. 9

Linear programming and duality Primary LP problem: Choose x ∈ R s × 1 that maximises cx subject to x ≥ 0, Ax ≥ − b . Dual LP problem: Choose y ∈ R 1 × n that minimises yb subject to y ≥ 0, yA ≤ − c . Useful facts. Let x and y be feasible solutions to the primary and dual LP problem, respectively. Then cx ≤ − yAx ≤ yb . In particular, every feasible solution to the dual problem gives an upper bound for the optimum in the primary problem. Moreover, cx = yb if and only if x and y are both optimal solutions. 9

Translation schemes Now suppose that the ambient space X has the structure of an abelian group ( X , +). 10

Translation schemes Now suppose that the ambient space X has the structure of an abelian group ( X , +). An association scheme on X is a translation scheme if there is a partition X 0 , X 1 , . . . , X n of X such that, for every i , ( D i ) x , y = 1 ⇔ x − y ∈ X i . 10

Translation schemes Now suppose that the ambient space X has the structure of an abelian group ( X , +). An association scheme on X is a translation scheme if there is a partition X 0 , X 1 , . . . , X n of X such that, for every i , ( D i ) x , y = 1 ⇔ x − y ∈ X i . 5 0 A translation scheme on ( Z 6 , +) with the partition X 0 = { 0 } 4 1 X 1 = { 1 , 5 } X 2 = { 2 , 4 } X 3 = { 3 } . 3 2 10

Duality of translation schemes There is a partition X ′ 0 , X ′ 1 , . . . , X ′ n of the character group X ′ of X such that is constant for all x ′ ∈ X ′ � x ′ ( x ) k . x ∈ X i 11

Duality of translation schemes There is a partition X ′ 0 , X ′ 1 , . . . , X ′ n of the character group X ′ of X such that is constant for all x ′ ∈ X ′ � x ′ ( x ) k . x ∈ X i This partition defines an association scheme on X ′ , called the dual translation scheme. 11

Duality of translation schemes There is a partition X ′ 0 , X ′ 1 , . . . , X ′ n of the character group X ′ of X such that is constant for all x ′ ∈ X ′ � x ′ ( x ) k . x ∈ X i This partition defines an association scheme on X ′ , called the dual translation scheme. The P - and Q -numbers are given by the character sums for x ′ ∈ X ′ � x ′ ( x ) P k ( i ) = k , x ∈ X i � x ′ ( x ) Q i ( k ) = for x ∈ X i . x ′ ∈ X ′ k 11

Duality of translation schemes There is a partition X ′ 0 , X ′ 1 , . . . , X ′ n of the character group X ′ of X such that is constant for all x ′ ∈ X ′ � x ′ ( x ) k . x ∈ X i This partition defines an association scheme on X ′ , called the dual translation scheme. The P - and Q -numbers are given by the character sums for x ′ ∈ X ′ � x ′ ( x ) P k ( i ) = k , x ∈ X i � x ′ ( x ) Q i ( k ) = for x ∈ X i . x ′ ∈ X ′ k The role of the P - and the Q -numbers are swapped in the dual translation scheme. 11

Subsets in translation schemes A subset Y in a translation scheme on X is additive if ( Y , +) is a subgroup of ( X , +). 12

Subsets in translation schemes A subset Y in a translation scheme on X is additive if ( Y , +) is a subgroup of ( X , +). The annihilator of an additive subset Y is Y ◦ = { x ′ ∈ X ′ : x ′ ( x ) = 1 for all x ∈ Y } . 12

Subsets in translation schemes A subset Y in a translation scheme on X is additive if ( Y , +) is a subgroup of ( X , +). The annihilator of an additive subset Y is Y ◦ = { x ′ ∈ X ′ : x ′ ( x ) = 1 for all x ∈ Y } . Generalised MacWilliams identities If Y is an additive subset of X with dual distribution ( a ′ k ), then ( a ′ k / | Y | ) is the inner distribution of Y ◦ . 12

Subsets in translation schemes A subset Y in a translation scheme on X is additive if ( Y , +) is a subgroup of ( X , +). The annihilator of an additive subset Y is Y ◦ = { x ′ ∈ X ′ : x ′ ( x ) = 1 for all x ∈ Y } . Generalised MacWilliams identities If Y is an additive subset of X with dual distribution ( a ′ k ), then ( a ′ k / | Y | ) is the inner distribution of Y ◦ . For additive subsets Y , we have the divisibility constraints a ′ a i ∈ Z , k / | Y | ∈ Z . 12

q -Hamming schemes Hamming scheme Ham t ( n ) on the set of n -tuples over a set of size t . Two tuples are i -th associates if their Hamming distance is i . 13

q -Hamming schemes Hamming scheme Ham t ( n ) on the set of n -tuples over a set of size t . Two tuples are i -th associates if their Hamming distance is i . Bilinear forms scheme Mat( m , n , q ) on the set of m × n matrices over F q . 13

q -Hamming schemes Hamming scheme Ham t ( n ) on the set of n -tuples over a set of size t . Two tuples are i -th associates if their Hamming distance is i . Bilinear forms scheme Mat( m , n , q ) on the set of m × n matrices over F q . Hermitian forms scheme Her( n , q ) on the set of n × n Hermitian matrices over F q 2 . 13

q -Hamming schemes Hamming scheme Ham t ( n ) on the set of n -tuples over a set of size t . Two tuples are i -th associates if their Hamming distance is i . Bilinear forms scheme Mat( m , n , q ) on the set of m × n matrices over F q . Hermitian forms scheme Her( n , q ) on the set of n × n Hermitian matrices over F q 2 . Alternating forms scheme Alt( m , q ) on the set of m × m alternating matrices over F q . 13

q -Hamming schemes Hamming scheme Ham t ( n ) on the set of n -tuples over a set of size t . Two tuples are i -th associates if their Hamming distance is i . Bilinear forms scheme Mat( m , n , q ) on the set of m × n matrices over F q . Hermitian forms scheme Her( n , q ) on the set of n × n Hermitian matrices over F q 2 . Alternating forms scheme Alt( m , q ) on the set of m × m alternating matrices over F q . Two matrices are i -th associates if their difference has rank i (or 2 i for Alt( m , q )). 13

q -Hamming schemes Hamming scheme Ham t ( n ) on the set of n -tuples over a set of size t . Two tuples are i -th associates if their Hamming distance is i . Bilinear forms scheme Mat( m , n , q ) on the set of m × n matrices over F q . Hermitian forms scheme Her( n , q ) on the set of n × n Hermitian matrices over F q 2 . Alternating forms scheme Alt( m , q ) on the set of m × m alternating matrices over F q . Two matrices are i -th associates if their difference has rank i (or 2 i for Alt( m , q )). All are self-dual translation schemes. 13

P - and Q -numbers The P - and Q -numbers satisfy a three-term-recurrence, whose solution is determined by generalised Krawtchouk polymials: k � n − j � � n − i � ( − 1) k − j b ( k − j 2 ) � ( cb n ) j , P i ( k ) = Q k ( i ) = n − k j b b j =0 14

P - and Q -numbers The P - and Q -numbers satisfy a three-term-recurrence, whose solution is determined by generalised Krawtchouk polymials: k � n − j � � n − i � ( − 1) k − j b ( k − j 2 ) � ( cb n ) j , P i ( k ) = Q k ( i ) = n − k j b b j =0 where b = 1 and c = t in Ham t ( n ), 14

P - and Q -numbers The P - and Q -numbers satisfy a three-term-recurrence, whose solution is determined by generalised Krawtchouk polymials: k � n − j � � n − i � ( − 1) k − j b ( k − j 2 ) � ( cb n ) j , P i ( k ) = Q k ( i ) = n − k j b b j =0 where b = 1 and c = t in Ham t ( n ), b = q and c = q m − n in Mat( m , n , q ), where m ≥ n (Delsarte 1978), 14

P - and Q -numbers The P - and Q -numbers satisfy a three-term-recurrence, whose solution is determined by generalised Krawtchouk polymials: k � n − j � � n − i � ( − 1) k − j b ( k − j 2 ) � ( cb n ) j , P i ( k ) = Q k ( i ) = n − k j b b j =0 where b = 1 and c = t in Ham t ( n ), b = q and c = q m − n in Mat( m , n , q ), where m ≥ n (Delsarte 1978), b = − q and c = − 1 in Her( n , q ) (Carlitz-Hodges 1955, Stanton 1981, S. 2017), 14

P - and Q -numbers The P - and Q -numbers satisfy a three-term-recurrence, whose solution is determined by generalised Krawtchouk polymials: k � n − j � � n − i � ( − 1) k − j b ( k − j 2 ) � ( cb n ) j , P i ( k ) = Q k ( i ) = n − k j b b j =0 where b = 1 and c = t in Ham t ( n ), b = q and c = q m − n in Mat( m , n , q ), where m ≥ n (Delsarte 1978), b = − q and c = − 1 in Her( n , q ) (Carlitz-Hodges 1955, Stanton 1981, S. 2017), b = q 2 and c = q or c = 1 / q and n = ⌊ m / 2 ⌋ in Alt( m , q ) (Delsarte-Goethals 1975). 14

Bounds for d -codes A subset Y in a q -Hamming scheme is a d -code if all nonzero differences of elements in Y have rank at least d . 15

Bounds for d -codes A subset Y in a q -Hamming scheme is a d -code if all nonzero differences of elements in Y have rank at least d . Theorem (Singleton bound). � k � If b ≥ 0 for all k ≤ n , then every d -code Y satisfies d − 1 | Y | ≤ ( cb n ) n − d +1 , 15

Bounds for d -codes A subset Y in a q -Hamming scheme is a d -code if all nonzero differences of elements in Y have rank at least d . Theorem (Singleton bound). � k � If b ≥ 0 for all k ≤ n , then every d -code Y satisfies d − 1 | Y | ≤ ( cb n ) n − d +1 , and in case of equality, the inner distribution ( a i ) of Y satisfies n − d � j � � n � ( − 1) j − i b ( j − i 2 ) (( cb n ) n + d − j − 1 − 1) . � a n − i = i j b b j = i 15

Bounds for d -codes A subset Y in a q -Hamming scheme is a d -code if all nonzero differences of elements in Y have rank at least d . Theorem (Singleton bound). � k � If b ≥ 0 for all k ≤ n , then every d -code Y satisfies d − 1 | Y | ≤ ( cb n ) n − d +1 , and in case of equality, the inner distribution ( a i ) of Y satisfies n − d � j � � n � ( − 1) j − i b ( j − i 2 ) (( cb n ) n + d − j − 1 − 1) . � a n − i = i j b b j = i If the condition does not hold, then the bound still holds for additive codes. 15

Bounds for d -codes in Her( n , q ) Theorem (S. 2017). For odd d , every d -code Y in Her( n , q ) satisfies | Y | ≤ q n ( n − d +1) . In case of equality, the inner distribution of Y is determined. For even d , the bound still holds for additive codes. 16

Bounds for d -codes in Her( n , q ) Theorem (S. 2017). For odd d , every d -code Y in Her( n , q ) satisfies | Y | ≤ q n ( n − d +1) . In case of equality, the inner distribution of Y is determined. For even d , the bound still holds for additive codes. The bounds are tight, except possibly when n and d are even. 16

Constructions of optimal additive codes Every Hermitian form H : F q 2 n × F q 2 n → F q 2 can be uniquely written as H ( x , y ) = Tr( y q L ( x )) , where n a i x q 2 i ∈ F q 2 n [ x ] , a n − i +1 = a q 2 n − 2 i +1 � L ( x ) = . i i =1 17

Constructions of optimal additive codes Every Hermitian form H : F q 2 n × F q 2 n → F q 2 can be uniquely written as H ( x , y ) = Tr( y q L ( x )) , where n a i x q 2 i ∈ F q 2 n [ x ] , a n − i +1 = a q 2 n − 2 i +1 � L ( x ) = . i i =1 Constructions of additive d -codes of size q n ( n − d +1) : 17

Constructions of optimal additive codes Every Hermitian form H : F q 2 n × F q 2 n → F q 2 can be uniquely written as H ( x , y ) = Tr( y q L ( x )) , where n a i x q 2 i ∈ F q 2 n [ x ] , a n − i +1 = a q 2 n − 2 i +1 � L ( x ) = . i i =1 Constructions of additive d -codes of size q n ( n − d +1) : For odd n and odd d , take a 1 = · · · = a d = 0. 17

Constructions of optimal additive codes Every Hermitian form H : F q 2 n × F q 2 n → F q 2 can be uniquely written as H ( x , y ) = Tr( y q L ( x )) , where n a i x q 2 i ∈ F q 2 n [ x ] , a n − i +1 = a q 2 n − 2 i +1 � L ( x ) = . i i =1 Constructions of additive d -codes of size q n ( n − d +1) : For odd n and odd d , take a 1 = · · · = a d = 0. For odd n and even d , take a ( n − d +3) / 2 = · · · a ( n +1) / 2 = 0. 17

Constructions of optimal additive codes Every Hermitian form H : F q 2 n × F q 2 n → F q 2 can be uniquely written as H ( x , y ) = Tr( y q L ( x )) , where n a i x q 2 i ∈ F q 2 n [ x ] , a n − i +1 = a q 2 n − 2 i +1 � L ( x ) = . i i =1 Constructions of additive d -codes of size q n ( n − d +1) : For odd n and odd d , take a 1 = · · · = a d = 0. For odd n and even d , take a ( n − d +3) / 2 = · · · a ( n +1) / 2 = 0. For even n and odd d , take a ( n − d +3) / 2 = · · · a n / 2 = 0. 17

Constructions of optimal additive codes Every Hermitian form H : F q 2 n × F q 2 n → F q 2 can be uniquely written as H ( x , y ) = Tr( y q L ( x )) , where n a i x q 2 i ∈ F q 2 n [ x ] , a n − i +1 = a q 2 n − 2 i +1 � L ( x ) = . i i =1 Constructions of additive d -codes of size q n ( n − d +1) : For odd n and odd d , take a 1 = · · · = a d = 0. For odd n and even d , take a ( n − d +3) / 2 = · · · a ( n +1) / 2 = 0. For even n and odd d , take a ( n − d +3) / 2 = · · · a n / 2 = 0. For even n and even d , I don’t know, except when d ∈ { 2 , n } . 17

Constructions in the non-additive case Theorem (Gow-Lavrauw-Sheekey-Vanhove 2014, S. 2017). Let n be even and let Z be a set of q n matrices over F q 2 of size n / 2 × n / 2 with the property that A − B is nonsingular for all distinct A , B ∈ Z . Let �� I A ∗ � � �� O �� O Y = : A ∈ Z ∪ , AA ∗ A O I Then Y is an n -code in Her( n , q ) of size q n + 1. 18

LP bounds Theorem (S. 2017). For even d , every d -code Y in Her( n , q ) satisfies | Y | ≤ q n ( n − d +1) q n ( q n − d +1 +( − 1) n ) − ( − 1) n ( q n − d +2 − ( − 1) n ) . q n − d +1 ( q +1) 19

LP bounds Theorem (S. 2017). For even d , every d -code Y in Her( n , q ) satisfies | Y | ≤ q n ( n − d +1) q n ( q n − d +1 +( − 1) n ) − ( − 1) n ( q n − d +2 − ( − 1) n ) . q n − d +1 ( q +1) For d = n , this is | Y | ≤ q 2 n − 1 − q n + q n − 1 (Thas 1992). 19

LP bounds Theorem (S. 2017). For even d , every d -code Y in Her( n , q ) satisfies | Y | ≤ q n ( n − d +1) q n ( q n − d +1 +( − 1) n ) − ( − 1) n ( q n − d +2 − ( − 1) n ) . q n − d +1 ( q +1) For d = n , this is | Y | ≤ q 2 n − 1 − q n + q n − 1 (Thas 1992). Some numbers for 2-codes in Her(2 , q ): q Largest add. code Largest code LP SDP 2 4 5 6 5 3 9 15 21 17 4 16 24 52 43 5 25 47 105 89 19

The unique 2-code in Her(2 , 3) of size 15 For every of the 15 pairs of matrices over F 9 � 1 � 0 � 1 � 0 � 0 � � 1 � θ 3 � θ 2 � θ − 2 � θ − 3 � 0 0 , , , , , θ 2 θ 3 θ − 3 θ − 2 0 0 0 1 0 0 0 0 take the third point on the line (M. Schmidt 2016). 20

The unique 2-code in Her(2 , 3) of size 15 For every of the 15 pairs of matrices over F 9 � 1 � 0 � 1 � 0 � 0 � � 1 � θ 3 � θ 2 � θ − 2 � θ − 3 � 0 0 , , , , , θ 2 θ 3 θ − 3 θ − 2 0 0 0 1 0 0 0 0 take the third point on the line (M. Schmidt 2016). {1,3} {1,2} {3,5} {4,6} {2,6} {2,3} {1,4} {5,6} {2,4} {3,4} {2,5} {4,5} {3,6} {1,6} 20 {1,5}

The unique 2-code in Her(2 , 3) of size 15 For every of the 15 pairs of matrices over F 9 � 1 � 0 � 1 � 0 � 0 � � 1 � θ 3 � θ 2 � θ − 2 � θ − 3 � 0 0 , , , , , θ 2 θ 3 θ − 3 θ − 2 0 0 0 1 0 0 0 0 take the third point on the line (M. Schmidt 2016). {1,3} {1,2} {3,5} {4,6} {2,6} The Cremona-Richmond {2,3} {1,4} {5,6} configuration. {2,4} {3,4} {2,5} {4,5} {3,6} {1,6} 20 {1,5}

Partial spreads in the Hermitian polar space Partial spread in H (2 n − 1 , q 2 ): Collection of n -dimensional subspaces in H (2 n − 1 , q 2 ) with pairwise trivial intersection. 21

Partial spreads in the Hermitian polar space Partial spread in H (2 n − 1 , q 2 ): Collection of n -dimensional subspaces in H (2 n − 1 , q 2 ) with pairwise trivial intersection. There exists a partial spread in H (2 n − 1 , q 2 ) of size N + 1 if and only if there exists an n -code in Her( n , q ) of size N . The correspondence is: Y �→ {� O | I �} ∪ {� I | M � : M ∈ Y } . 21

Partial spreads in the Hermitian polar space Partial spread in H (2 n − 1 , q 2 ): Collection of n -dimensional subspaces in H (2 n − 1 , q 2 ) with pairwise trivial intersection. There exists a partial spread in H (2 n − 1 , q 2 ) of size N + 1 if and only if there exists an n -code in Her( n , q ) of size N . The correspondence is: Y �→ {� O | I �} ∪ {� I | M � : M ∈ Y } . Corollary (Vanhove 2009). For odd n , the size of a partial spread in H (2 n − 1 , q 2 ) is at most q n + 1. 21

Partial spreads in the Hermitian polar space Partial spread in H (2 n − 1 , q 2 ): Collection of n -dimensional subspaces in H (2 n − 1 , q 2 ) with pairwise trivial intersection. There exists a partial spread in H (2 n − 1 , q 2 ) of size N + 1 if and only if there exists an n -code in Her( n , q ) of size N . The correspondence is: Y �→ {� O | I �} ∪ {� I | M � : M ∈ Y } . Corollary (Vanhove 2009). For odd n , the size of a partial spread in H (2 n − 1 , q 2 ) is at most q n + 1. For even n , several bounds have been obtained by (De Beule-Klein-Metsch-Storme 2008, Ihringer 2014, M. Schmidt 2016, Ihringer-Sin-Xiang 2018). 21

Bounds for d -codes in Alt( m , q ) Theorem (Delsarte-Goethals 1975). Every d -code Y in Alt( m , q ) satisfies � q m (( m − 1) / 2 − d +1) for odd m | Y | ≤ q ( m − 1)( m / 2 − d +1) for even m . 22

Bounds for d -codes in Alt( m , q ) Theorem (Delsarte-Goethals 1975). Every d -code Y in Alt( m , q ) satisfies � q m (( m − 1) / 2 − d +1) for odd m | Y | ≤ q ( m − 1)( m / 2 − d +1) for even m . This bound is tight when m is odd. 22

Kerdock sets, spreads and beyond Two equivalent objects: Kerdock set: An n -code of size q 2 n − 1 in Alt(2 n , q ). 23

Kerdock sets, spreads and beyond Two equivalent objects: Kerdock set: An n -code of size q 2 n − 1 in Alt(2 n , q ). Orthogonal spread: Collection of q 2 n − 1 + 1 (2 n )-dimensional subspaces in Q + (4 n − 1 , q ) with pairwise trivial intersection. 23

Kerdock sets, spreads and beyond Two equivalent objects: Kerdock set: An n -code of size q 2 n − 1 in Alt(2 n , q ). Orthogonal spread: Collection of q 2 n − 1 + 1 (2 n )-dimensional subspaces in Q + (4 n − 1 , q ) with pairwise trivial intersection. The correspondence is Y �→ {� O | I �} ∪ {� I | M � : M ∈ Y } . 23

Kerdock sets, spreads and beyond Two equivalent objects: Kerdock set: An n -code of size q 2 n − 1 in Alt(2 n , q ). Orthogonal spread: Collection of q 2 n − 1 + 1 (2 n )-dimensional subspaces in Q + (4 n − 1 , q ) with pairwise trivial intersection. The correspondence is Y �→ {� O | I �} ∪ {� I | M � : M ∈ Y } . For even q , many constructions are known. For odd q , constructions are known only when n = 2 and q �≡ 1 (mod 3) (Kantor 1982) or q prime (Conway-Kleidman-Wilson 1988). 23

Kerdock sets, spreads and beyond Two equivalent objects: Kerdock set: An n -code of size q 2 n − 1 in Alt(2 n , q ). Orthogonal spread: Collection of q 2 n − 1 + 1 (2 n )-dimensional subspaces in Q + (4 n − 1 , q ) with pairwise trivial intersection. The correspondence is Y �→ {� O | I �} ∪ {� I | M � : M ∈ Y } . For even q , many constructions are known. For odd q , constructions are known only when n = 2 and q �≡ 1 (mod 3) (Kantor 1982) or q prime (Conway-Kleidman-Wilson 1988). For odd q and n > 2, no nontrivial d -codes in Alt(2 n , q ) meeting the LP bound are known to exist. 23

Additive codes in Alt( m , q ) For odd m , there are always additive d -codes in Alt( m , q ) that meet the Singleton bound, whereas for even m , all known constructions are not additive. 24

Additive codes in Alt( m , q ) For odd m , there are always additive d -codes in Alt( m , q ) that meet the Singleton bound, whereas for even m , all known constructions are not additive. Conjecture (Cooperstein 1997). Every additive d -code Y in Alt(2 n , q ) satisfies | Y | ≤ q 2 n ( n − d +1 / 2) . 24

Additive codes in Alt( m , q ) For odd m , there are always additive d -codes in Alt( m , q ) that meet the Singleton bound, whereas for even m , all known constructions are not additive. Conjecture (Cooperstein 1997). Every additive d -code Y in Alt(2 n , q ) satisfies | Y | ≤ q 2 n ( n − d +1 / 2) . Proved for d = 2 (Heineken 1977), d = n (Nyberg 1991), and d = n − 1 (Gow 2017). 24

Additive codes in Alt( m , q ) For odd m , there are always additive d -codes in Alt( m , q ) that meet the Singleton bound, whereas for even m , all known constructions are not additive. Conjecture (Cooperstein 1997). Every additive d -code Y in Alt(2 n , q ) satisfies | Y | ≤ q 2 n ( n − d +1 / 2) . Proved for d = 2 (Heineken 1977), d = n (Nyberg 1991), and d = n − 1 (Gow 2017). There are constructions meeting the bound. 24

APN functions An almost perfect nonlinear (APN) function is a function f : F 2 m → F 2 m such that f ( x + a ) − f ( x ) = b has at most two solutions for all a , b ∈ F 2 m with a � = 0. 25

APN functions An almost perfect nonlinear (APN) function is a function f : F 2 m → F 2 m such that f ( x + a ) − f ( x ) = b has at most two solutions for all a , b ∈ F 2 m with a � = 0. The Gold function: f ( x ) = x 3 . 25

APN functions An almost perfect nonlinear (APN) function is a function f : F 2 m → F 2 m such that f ( x + a ) − f ( x ) = b has at most two solutions for all a , b ∈ F 2 m with a � = 0. The Gold function: f ( x ) = x 3 . Observation (Edel 2009). Every quadratic APN function corresponds to a minimal additive 1-design in Alt( m , q ) and vice versa. 25

APN functions An almost perfect nonlinear (APN) function is a function f : F 2 m → F 2 m such that f ( x + a ) − f ( x ) = b has at most two solutions for all a , b ∈ F 2 m with a � = 0. The Gold function: f ( x ) = x 3 . Observation (Edel 2009). Every quadratic APN function corresponds to a minimal additive 1-design in Alt( m , q ) and vice versa. Among all projections onto F 2 of f ( x + a ) − f ( x ) − f ( a ), we see every value of F 2 equally often 25