Vectorial bent functions Alexander Pott March 18, 2015 No. 1 - PowerPoint PPT Presentation

Vectorial bent functions Alexander Pott March 18, 2015 No. 1

Motivation: p = 2, n even Let f : F n 2 = F 2 n → F 2 be bent! ◮ Highly nonlinear: Cryptography. ◮ Interesting constructions (spreads). ◮ Finite Fields. ◮ Covering radius of 1st-order Reed-Muller codes. No. 2

Motivation: p odd, vectorial version Let f : F n p = F p n → F p n be planar! ◮ Semifields. ◮ MUBs. ◮ Finite Fields. ◮ MRD codes, Gabidulin codes. No. 3

Beautiful objects have symmetries ... ◮ Are all objects beautiful? ◮ Planes of prime order ◮ Are most objects beautiful? ◮ Semifields in odd characteristic. ◮ APN functions. ◮ We are sure that most objects are ugly, but we do not know them, yet. ◮ Semifields in even characteristic (K ANTOR 2006) ◮ bent functions: we do not know. No. 4

Oscar S. Rothaus 1976 No. 5

John F. Dillon 1974 No. 6

Outline ◮ Survey some constructions. ◮ Walsh transform. ◮ normality. ◮ regularity. ◮ extendability. No. 7

Definition of bent A function f : F n 2 → F 2 is called bent if f ( x + a ) − f ( x ) = b has 2 n − 1 solutions for all a � = 0 and any b . Example f ( x 1 , x 2 , x 3 , x 4 ) = x 1 x 2 + x 3 x 4 : Compute     x 1 + a 1 x 1 x 2 + a 2 x 2     f  − f  = x 1 a 2 + x 2 a 1 + x 3 a 4 + x 4 a 3 + a 1 a 2 + a 3 a 4     x 3 + a 3 x 3   x 4 + a 4 x 4 is linear. No. 8

Trivial necessary condition/Trivial construction If f : F n 2 → F 2 is bent, then n has to be even: H = (( − 1 ) f ( x − y ) ) x , y ∈ F n 2 which satisfies H 2 = 2 n · I . Theorem (quadratic bent) If A + A T is regular, then x �→ x T · A · x is bent. No. 9

Extension I p odd: A function f : F n p → F p is called bent if f ( x + a ) − f ( x ) = b has p n − 1 solutions for a � = 0 and any b . Example ◮ As before. ◮ Trace ( x 2 ) on F p n for any n , also n odd: Trace (( x + a ) 2 − x 2 ) = Trace ( 2 xa + a 2 ) No. 10

Extension II: Vectorial bent Consider Trace ( x 2 ) without Trace: Example F ( x ) = x 2 on F p n with p odd satisfies F ( x + a ) − F ( x ) = b has exactly one solution for all a � = 0 and all b . Using “projections” ϕ : F n p → F m p , we find functions f = ϕ ◦ F : F n p → F m p such that f ( x + a ) − f ( x ) = b has p n − m solutions for all a � = 0 and all b No. 11

Extension II: Vectorial bent A function f : F n p → F m p is vectorial bent if f ( x + a ) − f ( x ) = b has p n − m solutions for all a � = 0 and all b . m = n planar: projective planes, connection with semifields. No. 12

Extension III Do we have vectorial bent functions f : F n 2 → F m 2 ? Example ( n = 2 m ) F 2 m × F 2 m f : → F 2 m ( x , y ) �→ x · y Theorem (N YBERG 1993; S CHMIDT 1995) If f : F n 2 → F m 2 is vectorial bent, then n is even and m ≤ n / 2 . No. 13

Conclusion The necessary conditions for the existence of vectorial bent functions f : F n p → F m p are also sufficient: ◮ p = 2: n even and m ≤ n / 2 ◮ p odd: m ≤ n . What else can we do? No. 14

Generalizing the differential properties ◮ Other groups: J EDWAB , D AVIS , S CHMIDT , L EUNG , M A , P. ’90. ◮ p = 2 and n = m : Modified planar functions (Z HOU 2013, H ORADAM 2007). ◮ Z 4 bent (many authors ’90). No. 15

The Walsh transform: the Boolean case Given a function f : F n p → F p , then F : F n p → C such that ζ f ( x )+ � a , x � � F ( a ) = p x ∈ F n p is the Walsh transform of f (where ζ p complex p -th root of unity). Theorem f is bent if and only if |F ( a ) | = p n / 2 . for all a. No. 16

The Walsh transform: the vectorial case p , then F : F n + m Given a function f : F n p → F m → C such that p ζ � b , f ( x ) � + � a , x � � F ( a , b ) = p x ∈ F n p is the Walsh transform of f . Theorem f is vectorial bent if and only if |F ( a , b ) | = p n / 2 . for all a , b, b � = 0 If p = 2: 2 n − 1 − 1 2 max |F ( a , b ) | is called the non-linearity of f . No. 17

Generalizing the non-linearity properties Goal: minimize max |F ( a , b ) | , achieved for vectorial bent functions. Generalizations are only of interest if p = 2. ◮ n odd, m = 1: Covering radius problem for Reed-Muller code P ATTERSON , W IEDEMANN 1983; M YKKELTVEIT ( n = 7) 1980; K AVUT , Y ¨ UCEL ( n = 9) 2010. ◮ n = m odd: almost bent functions. ◮ n odd m < n ? ◮ n even and m > n / 2? No. 18

It seems that we miss something ... There are MANY bent functions, but only very few of them can be described by a theorem! Not much is known about equivalence classes: n No. of bent functions n = 4 896 n = 6 5 , 425 , 430 , 528 n = 8 99 , 270 , 589 , 265 , 934 , 370 , 305 , 785 , 861 , 242 , 880 L ANGEVIN , L EANDER 2009 ( n = 8), P RENEEL 1993 ( n = 6) Only a few of the n = 8 examples are explained by a theorem. No. 19

Equivalence f , g : F n p → F m p are equivalent if the graphs G f := { ( x , f ( x )) : x ∈ F n p } ⊆ F n + m p and G g := { ( x , g ( x )) : x ∈ F n p } ⊆ F n + m p are in the same orbit of AGL ( n + m , p ) . One may also use isomorphism of corresponding designs. No. 20

The Maiorana-McFarland construction F : F 2 p m → F p m such that � x � = x · π ( y ) + ρ ( y ) F y is bent if π is a permutation and ρ : F p m → F p m arbitrary: ( x + a ) · π ( y + b ) + ρ ( y + b ) − x · π ( y ) − ρ ( y ) = x ( π ( y + b ) − π ( y ))+ terms depending on y . No. 21

The spread construction into p m + 1 subspaces which meet Decompose V = F 2 m p pairwise in { 0 } , call them U ∞ and U v , v ∈ F p m (spread). Let π be a permutation on F m p . Then F : F 2 m → F m p such that p � if x ∈ U ∞ v 0 F ( x ) = π ( v ) if x ∈ U v \ { 0 } is vectorial bent. For bent functions F 2 m → F 2 p , partial spreads are sufficient! p No. 22

Niho construction Consider U v := { ( x , v · x ) : x ∈ F 2 m } and U ∞ := { ( 0 , x ) : x ∈ F 2 m } Let π : F 2 m → F 2 m be a permutation such that π ( x ) + a · x is 2 − 1 mapping for all a � = 0. Then � 0 if x ∈ U ∞ F ( x ) = π ( v ) · x if x ∈ U v \ { 0 } . is bent. No. 23

Connection to geometry π : F 2 m → F 2 m is a permutation such that π ( x ) + a · x is 2 − 1 mapping for all a � = 0 means π is an o-polynomial (hyperoval!) D ILLON 1974; C ARLET , M ESNAGER ; B UDAGHYAN , H ELLESETH , K HOLOSHA ’10 No. 24

C ¸ es ¸melio˘ glu, Meidl, P . 2015 Theorem A ”mix” of linear and constant functions on the spread is impossible. Theorem Only works for p = 2 . Theorem There are also other spreads that can be used, but the corresponding (known) bent functions are Maiorana-McFarland. Question Is it possible to use other functions on the spread? Cyclotomy? No. 25

Normal bent functions All the constructions above ( p = 2) are normal: There is a subspace of dimension n / 2 on which f is affine. Theorem (C ANTEAUT , D AUM , D OBBERTIN , L EANDER 2006) Trace ( a · x 57 ) is non-normal bent on F 2 14 when a ∈ F 4 \ F 2 (plus recursion). Question Are most bent functions non-normal, and we know only the nice examples? Theorem (C ¸ es ¸melio˘ glu, Meidl, P . 2014) If p is odd and n even, one class of quadratic bent functions on F p n are not normal (elliptic quadrics). No. 26

(weak) regularity (only for p odd interesting) All the constructions of bent functions f presented so far are regular: F ( v ) ∈ { Γ · ζ i p } where Γ is independent from v . Γ � = p n / 2 : weakly regular. Question Are most bent functions not (weakly) regular? Some sporadic examples are known (T AN , Y ANG , Z HANG 2010, H ELLESETH , K HOLOSHA 2010) as well as only one ¸ MELIO ˘ generic construction method (C ¸ ES GLU , M C G UIRE , M EIDL 2012) and a recursive construction. Theorem (C ¸ es ¸melio˘ glu, Meidl, P . 2013) If n is even and f weakly regular, then f is not normal. No. 27

Extendability A bent function f : F n p → F p is extendable if there is a vectorial bent F : F n p → F 2 p such that � f ( x ) � F ( x ) = g ( x ) If p = 2, all constructions (perhaps with the exception of partial spreads) are extendable. If p is odd and n = 2, there are non-extendable bent functions. Question Are most bent functions not extendable? No. 28

Some computational results: q = 3, n = 4 ¨ Ozbudak computed quadratic bent functions f : F 4 3 → F m 3 . quadratic: f ( x + a ) − f ( x ) − f ( a ) + f ( 0 ) is linear! inequivalent quadratic bent m = 1 2 m = 2 7 m = 3 14 m = 4 2 ◮ All quadratic bent functions with m = 2 are extendable. ◮ Only 5 with m = 3 are extendable. ◮ Only one of the m = 3 examples can be extended to both m = 4 examples. ◮ Four of the m = 3 examples extend to the non-Desarguesian commutative semifield ( x 4 + x 10 − x 36 ). No. 29

Extendability of quadratic bent functions If p = 2, quadratic bent functions are x �→ x T · A · x where A + A T is invertible, without loss of generality   U 0 . . . 0 0 U . . . 0   A =  . .  ... . .   . .   0 . . . . . . U � 0 � 1 where U = 0 0 The number of quadratic bent functions and the number of inequivalent functions is known. No. 30