Recovering or Testing Extended-Affine Equivalence

Recovering or Testing Extended-Affine Equivalence

Extended Affine (EA) equivalence is the equivalence relation between two vectorial Boolean functions F and G such that there exist two affine permutations A, B, and an affine function C satisfying G = A ∘ F ∘ B + C. While the problem has a simple formulation, it is very difficu...

Full description

Bibliographic Details
Main Authors: Canteaut, A. (Author), Couvreur, A. (Author), Perrin, L. (Author)
Format: Article
Language:English
Published: Institute of Electrical and Electronics Engineers Inc. 2022
Subjects:
affine equivalence
Affine equivalence
APN Function
Boolean functions
Complexity theory
Computational complexity
Cryptography
Equivalence classes
Equivalence relations
extended-affine equivalence
Extended-affine equivalence
Jacobian matrices
Partitioning algorithms
Quadratic function
quadratic functions
Random access memory
Random access storage
Recovery
Search problem
Search problems
Testing
Vectorial Boolean function
Online Access:View Fulltext in Publisher
LEADER 02918nam a2200421Ia 4500
001 10.1109-TIT.2022.3166692
008 220510s2022 CNT 000 0 und d
020 |a 00189448 (ISSN) 
245 1 0 |a Recovering or Testing Extended-Affine Equivalence 
260 0 |b Institute of Electrical and Electronics Engineers Inc.  |c 2022 
856 |z View Fulltext in Publisher  |u https://doi.org/10.1109/TIT.2022.3166692 
520 3 |a Extended Affine (EA) equivalence is the equivalence relation between two vectorial Boolean functions F and G such that there exist two affine permutations A, B, and an affine function C satisfying G = A ∘ F ∘ B + C. While the problem has a simple formulation, it is very difficult in practice to test whether two functions are EA-equivalent. This problem has two variants: EA-partitioning deals with partitioning a set of functions into disjoint EA-equivalence classes, and EA-recovery is about recovering the tuple (A,B,C) if it exists. In this paper, we present a new algorithm that efficiently solves the EA-recovery problem for quadratic functions. Although its worst-case complexity occurs when dealing with APN functions, it supersedes, in terms of performance, all previously known algorithms for solving this problem for all quadratic functions and in any dimension, even in the case of APN functions. This approach is based on the Jacobian matrix of the functions, a tool whose study in this context can be of independent interest. The best approach for EA-partitioning in practice mainly relies on class invariants. We provide an overview of the known invariants along with a new one based on the ortho-derivative. This new invariant is applicable to quadratic APN functions, a specific type of functions that is of great interest, and of which tens of thousands need to be sorted into distinct EA-classes. Our ortho-derivative-based invariant is very fast to compute, and it practically always distinguishes between EA-inequivalent quadratic APN functions. IEEE 
650 0 4 |a affine equivalence 
650 0 4 |a Affine equivalence 
650 0 4 |a APN Function 
650 0 4 |a Boolean functions 
650 0 4 |a Complexity theory 
650 0 4 |a Computational complexity 
650 0 4 |a Cryptography 
650 0 4 |a Equivalence classes 
650 0 4 |a Equivalence relations 
650 0 4 |a extended-affine equivalence 
650 0 4 |a Extended-affine equivalence 
650 0 4 |a Jacobian matrices 
650 0 4 |a Partitioning algorithms 
650 0 4 |a Quadratic function 
650 0 4 |a quadratic functions 
650 0 4 |a Random access memory 
650 0 4 |a Random access storage 
650 0 4 |a Recovery 
650 0 4 |a Search problem 
650 0 4 |a Search problems 
650 0 4 |a Testing 
650 0 4 |a Vectorial Boolean function 
700 1 |a Canteaut, A.  |e author 
700 1 |a Couvreur, A.  |e author 
700 1 |a Perrin, L.  |e author 
773 |t IEEE Transactions on Information Theory 

Similar Items