on ccz equivalence extended affine equivalence and
play

On CCZ-Equivalence, Extended-Affine Equivalence and Function - PowerPoint PPT Presentation

Mar 11, 2024 •118 likes •1.11k views

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, Lo Perrin June 18, 2018 BFA2018 Definition (EA-Equivalence; EA-mapping) F and G are E(xtented) A(ffine) equivalent if G x B F A x C x , where A B C

  1. On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, Léo Perrin June 18, 2018 BFA’2018

  2. Definition (EA-Equivalence; EA-mapping) F and G are E(xtented) A(ffine) equivalent if G x B F A x C x , where A B C are affine and A B are permutations; so that 1 A 0 n n x G x x x F x x 2 1 2 CA B Affine permutations with such linear part are EA-mappings ; their transposes are TEA-mappings What is the relation between functions that are CCZ- but not EA-equivalent? Definition (CCZ-Equivalence) F : F n 2 → F m 2 and G : F n 2 → F m 2 are C(arlet)-C(harpin)-Z(inoviev) equivalent if { } ({ }) ( x , G ( x )) , ∀ x ∈ F n ( x , F ( x )) , ∀ x ∈ F n Γ G = = L = L (Γ F ) , 2 2 where L : F n + m → F n + m is an affine permutation. 2 2

  3. Affine permutations with such linear part are EA-mappings ; their transposes are TEA-mappings What is the relation between functions that are CCZ- but not EA-equivalent? Definition (CCZ-Equivalence) F : F n 2 → F m 2 and G : F n 2 → F m 2 are C(arlet)-C(harpin)-Z(inoviev) equivalent if { } ({ }) ( x , G ( x )) , ∀ x ∈ F n ( x , F ( x )) , ∀ x ∈ F n Γ G = = L = L (Γ F ) , 2 2 where L : F n + m → F n + m is an affine permutation. 2 2 Definition (EA-Equivalence; EA-mapping) F and G are E(xtented) A(ffine) equivalent if G ( x ) = ( B ◦ F ◦ A )( x ) + C ( x ) , where A , B , C are affine and A , B are permutations; so that [ ] ({ A − 1 { } 0 }) ( x , G ( x )) , ∀ x ∈ F n = ( x , F ( x )) , ∀ x ∈ F n . CA − 1 2 2 B

  4. What is the relation between functions that are CCZ- but not EA-equivalent? Definition (CCZ-Equivalence) F : F n 2 → F m 2 and G : F n 2 → F m 2 are C(arlet)-C(harpin)-Z(inoviev) equivalent if { } ({ }) ( x , G ( x )) , ∀ x ∈ F n ( x , F ( x )) , ∀ x ∈ F n Γ G = = L = L (Γ F ) , 2 2 where L : F n + m → F n + m is an affine permutation. 2 2 Definition (EA-Equivalence; EA-mapping) F and G are E(xtented) A(ffine) equivalent if G ( x ) = ( B ◦ F ◦ A )( x ) + C ( x ) , where A , B , C are affine and A , B are permutations; so that [ ] ({ A − 1 { } 0 }) ( x , G ( x )) , ∀ x ∈ F n = ( x , F ( x )) , ∀ x ∈ F n . CA − 1 2 2 B Affine permutations with such linear part are EA-mappings ; their transposes are TEA-mappings

  5. Definition (CCZ-Equivalence) F : F n 2 → F m 2 and G : F n 2 → F m 2 are C(arlet)-C(harpin)-Z(inoviev) equivalent if { } ({ }) ( x , G ( x )) , ∀ x ∈ F n ( x , F ( x )) , ∀ x ∈ F n Γ G = = L = L (Γ F ) , 2 2 where L : F n + m → F n + m is an affine permutation. 2 2 Definition (EA-Equivalence; EA-mapping) F and G are E(xtented) A(ffine) equivalent if G ( x ) = ( B ◦ F ◦ A )( x ) + C ( x ) , where A , B , C are affine and A , B are permutations; so that [ ] ({ A − 1 { } 0 }) ( x , G ( x )) , ∀ x ∈ F n = ( x , F ( x )) , ∀ x ∈ F n . CA − 1 2 2 B Affine permutations with such linear part are EA-mappings ; their transposes are TEA-mappings What is the relation between functions that are CCZ- but not EA-equivalent?

  6. Definition (LAT/Walsh Spectrum) n m The L(inear) A(pproximation) T(able) of F 2 is 2 x F x 1 F n x 2 Admissible Mapping For F : F n 2 → F m 2 , the affine permutation L is admissible for F if ( ) { ( x , F ( x )) , ∀ x ∈ F n = { ( x , G ( x )) , ∀ x ∈ F n 2 } 2 } L for a well defined function G : F n 2 → F m 2 .

  7. Admissible Mapping For F : F n 2 → F m 2 , the affine permutation L is admissible for F if ( ) { ( x , F ( x )) , ∀ x ∈ F n = { ( x , G ( x )) , ∀ x ∈ F n 2 } 2 } L for a well defined function G : F n 2 → F m 2 . Definition (LAT/Walsh Spectrum) The L(inear) A(pproximation) T(able) of F : F n 2 → F m 2 is ∑ ( − 1 ) α · x + β · F ( x ) . W F ( α, β ) = x ∈ F n 2

  8. 1.1 - Vector spaces of zeroes in LAT 2.1 - t -twist 4.1 - CCZ-Equivalence 1.2 - Partition CCZ-class to a permutation into EA-classes 3.3 - Revisiting 4.2 - Application known results to APN functions Structure of this talk 0 - CCZ-Equivalence ; Bijectivity

  9. 2.1 - t -twist 4.1 - CCZ-Equivalence 1.2 - Partition CCZ-class to a permutation into EA-classes 3.3 - Revisiting 4.2 - Application known results to APN functions Structure of this talk 0 - CCZ-Equivalence ; Bijectivity 1.1 - Vector spaces of zeroes in LAT

  10. 2.1 - t -twist 4.1 - CCZ-Equivalence to a permutation 3.3 - Revisiting 4.2 - Application known results to APN functions Structure of this talk 0 - CCZ-Equivalence ; Bijectivity 1.1 - Vector spaces of zeroes in LAT 1.2 - Partition CCZ-class into EA-classes

  11. 4.1 - CCZ-Equivalence to a permutation 3.3 - Revisiting 4.2 - Application known results to APN functions Structure of this talk 0 - CCZ-Equivalence ; Bijectivity 1.1 - Vector spaces of zeroes in LAT 2.1 - t -twist 1.2 - Partition CCZ-class into EA-classes

  12. 4.1 - CCZ-Equivalence to a permutation 3.3 - Revisiting 4.2 - Application known results to APN functions Structure of this talk 0 - CCZ-Equivalence ; Bijectivity 1.1 - Vector spaces of zeroes in LAT 2.1 - t -twist ⊞ 1.2 - Partition CCZ-class into EA-classes

  13. 4.1 - CCZ-Equivalence to a permutation 3.3 - Revisiting 4.2 - Application known results to APN functions Structure of this talk 0 - CCZ-Equivalence ; Bijectivity 1.1 - Vector spaces of zeroes in LAT 2.1 - t -twist ⊞ 3.2 - 1.2 - Partition CCZ-class CCZ = EA + twist into EA-classes

  14. 4.1 - CCZ-Equivalence to a permutation 4.2 - Application to APN functions Structure of this talk 0 - CCZ-Equivalence ; Bijectivity 1.1 - Vector spaces of zeroes in LAT 2.1 - t -twist ⊞ 3.2 - 1.2 - Partition CCZ-class CCZ = EA + twist into EA-classes 3.3 - Revisiting known results

  15. 4.2 - Application to APN functions Structure of this talk 0 - CCZ-Equivalence ; Bijectivity 1.1 - Vector spaces of zeroes in LAT 2.1 - t -twist ⊞ 3.2 - 4.1 - CCZ-Equivalence 1.2 - Partition CCZ-class CCZ = EA + twist to a permutation into EA-classes 3.3 - Revisiting known results

  16. Structure of this talk 0 - CCZ-Equivalence ; Bijectivity 1.1 - Vector spaces of zeroes in LAT 2.1 - t -twist ⊞ 3.2 - 4.1 - CCZ-Equivalence 1.2 - Partition CCZ-class CCZ = EA + twist to a permutation into EA-classes 3.3 - Revisiting 4.2 - Application known results to APN functions

  17. CCZ-Equivalence and Vector Spaces of 0 Function Twisting Vector Spaces of Zeroes Necessary and Efficient Conditions for CCZ-Equivalence to a Permutation Partitioning a CCZ-Class into EA-Classes Conclusion Outline CCZ-Equivalence and Vector Spaces of 0 1 Function Twisting 2 3 Necessary and Efficient Conditions for CCZ-Equivalence to a Permutation 4 Conclusion 3 / 32

  18. CCZ-Equivalence and Vector Spaces of 0 Function Twisting Vector Spaces of Zeroes Necessary and Efficient Conditions for CCZ-Equivalence to a Permutation Partitioning a CCZ-Class into EA-Classes Conclusion Plan of this Section CCZ-Equivalence and Vector Spaces of 0 1 Vector Spaces of Zeroes Partitioning a CCZ-Class into EA-Classes Function Twisting 2 Necessary and Efficient Conditions for CCZ-Equivalence to a Permutation 3 Conclusion 4 3 / 32

  19. Definition (Walsh Zeroes) n m The Walsh zeroes of F 2 is the set 2 n m u F u 0 0 F 2 2 n n m With x 0 x , we have F . 2 2 L T 1 Note that if L F , then F . G G CCZ-Equivalence and Vector Spaces of 0 Function Twisting Vector Spaces of Zeroes Necessary and Efficient Conditions for CCZ-Equivalence to a Permutation Partitioning a CCZ-Class into EA-Classes Conclusion Walsh Zeroes For all F : F n 2 → F m 2 , we have ∑ ( − 1 ) α · x + 0 · F ( x ) = 0 . W F ( α, 0 ) = x ∈ F n 2 4 / 32

  20. L T 1 Note that if L F , then F . G G CCZ-Equivalence and Vector Spaces of 0 Function Twisting Vector Spaces of Zeroes Necessary and Efficient Conditions for CCZ-Equivalence to a Permutation Partitioning a CCZ-Class into EA-Classes Conclusion Walsh Zeroes For all F : F n 2 → F m 2 , we have ∑ ( − 1 ) α · x + 0 · F ( x ) = 0 . W F ( α, 0 ) = x ∈ F n 2 Definition (Walsh Zeroes) The Walsh zeroes of F : F n 2 → F m 2 is the set Z F = { u ∈ F n 2 × F m 2 , W F ( u ) = 0 } ∪ { 0 } . 2 } ⊂ F n + m With V = { ( x , 0 ) , ∀ x ∈ F n , we have V ⊂ Z F . 2 4 / 32

  21. CCZ-Equivalence and Vector Spaces of 0 Function Twisting Vector Spaces of Zeroes Necessary and Efficient Conditions for CCZ-Equivalence to a Permutation Partitioning a CCZ-Class into EA-Classes Conclusion Walsh Zeroes For all F : F n 2 → F m 2 , we have ∑ ( − 1 ) α · x + 0 · F ( x ) = 0 . W F ( α, 0 ) = x ∈ F n 2 Definition (Walsh Zeroes) The Walsh zeroes of F : F n 2 → F m 2 is the set Z F = { u ∈ F n 2 × F m 2 , W F ( u ) = 0 } ∪ { 0 } . 2 } ⊂ F n + m With V = { ( x , 0 ) , ∀ x ∈ F n , we have V ⊂ Z F . 2 Note that if Γ G = L (Γ F ) , then Z G = ( L T ) − 1 ( Z F ) . 4 / 32

  22. CCZ-Equivalence and Vector Spaces of 0 Function Twisting Vector Spaces of Zeroes Necessary and Efficient Conditions for CCZ-Equivalence to a Permutation Partitioning a CCZ-Class into EA-Classes Conclusion Admissibility for F Lemma Let L : F n + m → F n + m be a linear permutation. It is admissible for F : F n 2 → F m 2 2 2 if and only if L T ( V ) ⊆ Z F 5 / 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo

On CCZ-Equivalence, Extended-Affine Equivalence and Function Twisting Anne Canteaut, L eo Perrin June 3, 2019 Fq14, Vancouver Setting up the background Cryptographic properties Equivalence classes CCZ-equivalence Cryptographic

885 views • 63 slides
An Im Improved Affi fine Equivalence Alg lgorithm for Random Permutations Itai Dinur

An Im Improved Affi fine Equivalence Alg lgorithm for Random Permutations Itai Dinur

An Im Improved Affi fine Equivalence Alg lgorithm for Random Permutations Itai Dinur Ben-Gurion University, Israel EUROCRYPT 2018 Affine Equivalence Problem (AEP) F G n n n n Given two functions F,G, are there invertible affine

549 views • 19 slides
Affine Toric Equivalence Relations are Effective Claudiu Raicu University of California, Berkeley

Affine Toric Equivalence Relations are Effective Claudiu Raicu University of California, Berkeley

Affine Toric Equivalence Relations are Effective Claudiu Raicu University of California, Berkeley AMS-SMM Joint Meeting, Berkeley, June 2010 Motivating Question Under what circumstances do quotients by finite equivalence relations exist?

879 views • 39 slides
Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically)

Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically)

Propositional Logic Equivalences 1 Equivalence Definition (Equivalence) Two formulas F and G are (semantically) equivalent if A ( F ) = A ( G ) for every assignment A that is suitable for both F and G . We write F G to denote that F and G

276 views • 12 slides
Polynomial equivalence problem for sums of affine powers ISSAC 2018 Ignacio Garcia-Marco 1 ,

Polynomial equivalence problem for sums of affine powers ISSAC 2018 Ignacio Garcia-Marco 1 ,

Polynomial equivalence problem for sums of affine powers ISSAC 2018 Ignacio Garcia-Marco 1 , Pascal Koiran 2 , Timoth ee Pecatte 2 1 Universidad de la Laguna, 2 LIP, Ecole Normale Sup erieure de Lyon 1 / 21 Models of interest 1 / 21

1.05k views • 83 slides
Algorithms for Extended Alpha-Equivalence and Complexity Manfred Schmidt-Schau, Conrad Rau,

Algorithms for Extended Alpha-Equivalence and Complexity Manfred Schmidt-Schau, Conrad Rau,

Algorithms for Extended Alpha-Equivalence and Complexity Manfred Schmidt-Schau, Conrad Rau, David Sabel Goethe-University, Frankfurt, Germany RTA 2013, Eindhoven, The Netherlands 1 Motivation GI-Completeness GC Applications -Calculus

532 views • 34 slides
Todays Expedition TED highlights Equivalence Relations Equivalence Classes and

Todays Expedition TED highlights Equivalence Relations Equivalence Classes and

Todays Expedition TED highlights Equivalence Relations Equivalence Classes and Partitions Boolean Algebra Boolean functions Sum of Products expansion Logic gates and circuits Sections 8.5, 11.1-11.3 in the text

541 views • 15 slides
Equivalence Relations {( a , b ) | a and b are from the the same state}. Observe that these

Equivalence Relations {( a , b ) | a and b are from the the same state}. Observe that these

Equivalence Relations http://localhost/~senning/courses/ma229/slides/equivalence-relations/slide01.html Equivalence Relations http://localhost/~senning/courses/ma229/slides/equivalence-relations/slide02.html Equivalence Relations prev | slides

235 views • 4 slides
Section 4.2: Equivalence Relations What is equality? What is equivalence? Equality is

Section 4.2: Equivalence Relations What is equality? What is equivalence? Equality is

Section 4.2: Equivalence Relations What is equality? What is equivalence? Equality is more basic, fundamental concept. Every element in a set is equal only to itself. The basic equality relation {(x,x) | x S} We tend to assume

893 views • 61 slides
7.5 EQUIVALENCE RELATIONS def: An equivalence relation is a binary rela- tion that is reflexive,

7.5 EQUIVALENCE RELATIONS def: An equivalence relation is a binary rela- tion that is reflexive,

7.5.1 Section 7.5 Equivalence Relations 7.5 EQUIVALENCE RELATIONS def: An equivalence relation is a binary rela- tion that is reflexive, symmetric, and transitive. Set S = { a, b, c, d, e, f } and Example 7.5.1: R = ( a, a ) , ( b, c )

312 views • 4 slides
Program Equivalence From Trace Equivalence Tim Wood 1 Sophia Drossopoulou 1 1 Imperial College

Program Equivalence From Trace Equivalence Tim Wood 1 Sophia Drossopoulou 1 1 Imperial College

Program Equivalence From Trace Equivalence Tim Wood 1 Sophia Drossopoulou 1 1 Imperial College London Wood, Drossopoulou (Imperial College London) Program Equivalence October 2014 1 / 30 Context Program maintenance is a common and important

1.02k views • 61 slides
A decision procedure for equivalence relations Sbastien Michelland with Pierre Corbineau,

A decision procedure for equivalence relations Sbastien Michelland with Pierre Corbineau,

Congruence closure Equivalence and inclusions Quantified hypotheses Conclusion A decision procedure for equivalence relations Sbastien Michelland with Pierre Corbineau, Lionel Rieg and Karine Altisen July 5, 2020 1 / 14 (CC BY-ND)

660 views • 22 slides
Lecture 4.2: Equivalence relations and equivalence classes Matthew Macauley Department of

Lecture 4.2: Equivalence relations and equivalence classes Matthew Macauley Department of

Lecture 4.2: Equivalence relations and equivalence classes Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4190, Discrete Mathematical Structures M. Macauley (Clemson) Lecture

561 views • 11 slides
Logical equivalence Equivalence proof Multiplexers January 22, 2020 Patrice Belleville /

Logical equivalence Equivalence proof Multiplexers January 22, 2020 Patrice Belleville /

Logical equivalence Equivalence proof Multiplexers January 22, 2020 Patrice Belleville / Geoffrey Tien 1 Announcements Pre-class quiz #4, due Sunday, Jan.26, 19:00 Epp 4e/5e: Chapter 2.3 Pre-class quiz #5, due Sunday, Feb.02, 19:00

212 views • 19 slides
CS137: Today Electronic Design Automation Sequential Verification DFA equivalence

CS137: Today Electronic Design Automation Sequential Verification DFA equivalence

CS137: Today Electronic Design Automation Sequential Verification DFA equivalence Issues Extracting STG Day 9: February 10, 2006 Valid state reduction FSM Equivalence Checking Incomplete Specification

99 views • 5 slides
Stimulus Equivalence Joshua K. Pritchard, PhD In todays workshop Im going to try and

Stimulus Equivalence Joshua K. Pritchard, PhD In todays workshop Im going to try and

Stimulus Equivalence Joshua K. Pritchard, PhD In todays workshop Im going to try and convince you of the richness of humanity and language Im going to try to give you a brief primer on stimulus equivalence Im going to

984 views • 79 slides
Constructive recognition Eamonn OBrien University of Auckland August 2011 logo Eamonn

Constructive recognition Eamonn OBrien University of Auckland August 2011 logo Eamonn

Constructive recognition Eamonn OBrien University of Auckland August 2011 logo Eamonn OBrien Constructive recognition Constructive recognition: the main tasks H = X GL ( d , q ) where H is (quasi)simple. 1 Given h H ,

530 views • 33 slides
Affine Gaudin models Sylvain Lacroix Laboratoire de Physique, ENS de Lyon RAQIS18, Annecy

Affine Gaudin models Sylvain Lacroix Laboratoire de Physique, ENS de Lyon RAQIS18, Annecy

Affine Gaudin models Sylvain Lacroix Laboratoire de Physique, ENS de Lyon RAQIS18, Annecy September 10th, 2018 [SL, Magro, Vicedo, 1703.01951] [SL, Vicedo, Young, 1804.01480, 1804.06751] Introduction Finite Gaudin models: quantum

468 views • 34 slides
Bilinear discretization of integrable systems with quadratic vector fields Yuri B. Suris

Bilinear discretization of integrable systems with quadratic vector fields Yuri B. Suris

Bilinear discretization of integrable systems with quadratic vector fields Yuri B. Suris (Technische Universitt Mnchen) Geometry and Integrability, Obergurgl, 19.12.2008 Yuri B. Suris Hirota-Kimura Discretizations The problem of

988 views • 41 slides
Amenable actions of the infinite permutation group Lecture IV Juris Stepr ans York

Amenable actions of the infinite permutation group Lecture IV Juris Stepr ans York

Amenable actions of the infinite permutation group Lecture IV Juris Stepr ans York University Young Set Theorists Meeting March 2011, Bonn Juris Stepr ans Amenable actions Questions The main question left open is the following

594 views • 21 slides
Bulk-Boundary Correspondence in Disordered Topological Insulators and Superconductors Christopher

Bulk-Boundary Correspondence in Disordered Topological Insulators and Superconductors Christopher

Construction of C -algebra of observables Bulk Classification in Van Daele KR-theory Systematic boundary classification and bulk-boundary correspondence Bulk-Boundary Correspondence in Disordered Topological Insulators and Superconductors

584 views • 45 slides
Some old and new problems with genus 3 curves Christophe Ritzenthaler C.N.R.S. Institut de

Some old and new problems with genus 3 curves Christophe Ritzenthaler C.N.R.S. Institut de

Some old and new problems with genus 3 curves Christophe Ritzenthaler C.N.R.S. Institut de Mathmatiques de Luminy Luminy Case 930, F13288 Marseille CEDEX 9 e-mail : ritzenth@iml.univ-mrs.fr web : http ://iml.univ-mrs.fr/ ritzenth/

1.39k views • 102 slides
Hodge theory lecture 10: Newlander-Nirenberg theorem NRU HSE, Moscow Misha Verbitsky, February

Hodge theory lecture 10: Newlander-Nirenberg theorem NRU HSE, Moscow Misha Verbitsky, February

Hodge theory, lecture 10 M. Verbitsky Hodge theory lecture 10: Newlander-Nirenberg theorem NRU HSE, Moscow Misha Verbitsky, February 24, 2018 1 Hodge theory, lecture 10 M. Verbitsky Almost complex manifolds (reminder) DEFINITION: Let I : TM

432 views • 17 slides
Elliptic Curves II Reinier Br oker Fields Institute & University of Calgary Summer School

Elliptic Curves II Reinier Br oker Fields Institute & University of Calgary Summer School

Elliptic Curves II Reinier Br oker Fields Institute & University of Calgary Summer School before ECC September 2006 Elliptic curves An elliptic curve E over a field K is given by a Weierstra equation Y 2 + h ( X ) Y = f ( X ) with h, f

416 views • 13 slides

More recommend