A connection between the boomerang uniformity and the extended differential in odd characteristic and applications

Mohit Pal Department of Informatics, University of Bergen, PB 7803, N-5020, Bergen, Norway [email protected] and Pantelimon Stănică Applied Mathematics Department, Naval Postgraduate School, Monterey, CA 93943, USA [email protected]

Abstract.

This paper makes the first bridge between the classical differential/boomerang uniformity and the newly introduced $c$ -differential uniformity. We show that the boomerang uniformity of an odd APN function is given by the maximum of the entries (except for the first row/column) of the function’s $(-1)$ -Difference Distribution Table. In fact, the boomerang uniformity of an odd permutation APN function equals its $(-1)$ -differential uniformity. We then use this connection to easily compute the boomerang uniformity of several odd APN functions. In the second part we give two classes of differentially low-uniform functions obtained by modifying the inverse function. The first class of permutations (CCZ-inequivalent to the inverse) over a finite field $\mathbb{F}_{p^{n}}$ ( $p$ , an odd prime) is obtained from the composition of the inverse function with an order- $3$ cycle permutation, with differential uniformity $3$ if $p=3$ and $n$ is odd; $5$ if $p=13$ and $n$ is even; and $4$ otherwise. The second class is a family of binomials and we show that their differential uniformity equals $4$ . Finally, we extend to odd characteristic a result of Charpin and Kyureghyan (2010) providing an upper bound for the differential uniformity of the function and its switched version via a trace function.

Key words and phrases:

Finite fields, Differential uniformity, Boomerang uniformity.

2020 Mathematics Subject Classification:

12E20, 11T06, 94A60

1. Introduction

Let $\mathbb{F}_{p^{n}}$ be the finite field with $p^{n}$ elements, where $p$ is an odd prime and $n$ is a positive integer. The set of nonzero elements of $\mathbb{F}_{p^{n}}$ forms a cyclic group with respect to multiplication and we shall denote it by $\mathbb{F}_{p^{n}}^{*}$ . We shall denote by $\mathbb{F}_{p^{n}}[X]$ , the ring of polynomials in the indeterminate $X$ and coefficients in $\mathbb{F}_{p^{n}}$ . For any $\alpha\in\mathbb{F}_{p^{n}}$ , we shall denote by $\chi(\alpha)$ the quadratic character of $\alpha$ and so, $\chi(\alpha)=0$ if $\alpha=0$ , $\chi(\alpha)=1$ if $0\neq\alpha$ is a square, $\chi(\alpha)=-1$ if $\alpha$ is not a square. It is well-known, due to Lagrange’s interpolation formula, that any function $f:\mathbb{F}_{p^{n}}\rightarrow\mathbb{F}_{p^{n}}$ can be uniquely expressed as a polynomial $f\in\mathbb{F}_{p^{n}}[X]/(X^{p^{n}}-X)$ . A polynomial $f\in\mathbb{F}_{p^{n}}[X]$ is called a permutation polynomial (PP) if the induced mapping $c\mapsto f(c)$ permutes the elements of $\mathbb{F}_{p^{n}}$ . The inverse map from $\mathbb{F}_{p^{n}}$ to itself, given by $X\mapsto X^{p^{n}-2}$ , is an important class of functions due to its applications in coding theory, cryptography, among others. In fact, the inverse function over binary field $\mathbb{F}_{2^{8}}$ has been used as a substitution box in the block cipher AES, which is one of the most widely used cryptographic primitive.

For any function $f:\mathbb{F}_{p^{n}}\rightarrow\mathbb{F}_{p^{n}}$ and $a,b,c\in\mathbb{F}_{p^{n}}$ , the $c$ -Difference Distribution Table ( $c$ -DDT) entry at point $(a,b)$ , denoted by ${{}_{c}}\Delta_{f}(a,b)$ , is defined as ${{}_{c}}\Delta_{f}(a,b):=\lvert\{X\in\mathbb{F}_{p^{n}}\mid f(X+a)-cf(X)=b\}\rvert.$ The $c$ -differential uniformity ( $c$ -DU) of the function $f$ , denoted by ${{}_{c}}\Delta_{f}$ , is then defined as the maximum of ${{}_{c}}\Delta_{f}(a,b)$ , where $a,b\in\mathbb{F}_{p^{n}}$ and $a\neq 0$ if $c=1$ . When ${{}_{c}}\Delta_{f}=1$ then $f$ is called perfect $c$ -nonlinear (P $c$ N) function (also known as $c$ -planar function [2]) and when ${{}_{c}}\Delta_{f}=2$ then $f$ is called almost perfect $c$ -nonlinear (AP $c$ N) function. If $c=1$ then the notion of the $c$ -differential uniformity coincides with the classical notion of differential uniformity. In the particular case when $f(X)=X^{d}$ for some positive integer $d$ then it is easy to see that ${{}_{c}}\Delta_{f}(a,b)={{}_{c}}\Delta_{f}\left(1,\frac{b}{a^{d}}\right)$ , for all $a\in\mathbb{F}_{p^{n}}^{*}$ and $b\in\mathbb{F}_{p^{n}}$ . Therefore, for determining $c$ -differential properties of a power map $f$ , it is sufficient to consider the $c$ -DDT entries with $a=1$ and $\gcd(d,p^{n}-1)$ . Motivated by the notion of differential spectrum introduced by Blondeau et al. [3], Wang et. al [24] introduced the notion of the $c$ -differential spectrum of power functions. For any power map $f(X)=X^{d}$ and $0\leq i\leq{{}_{c}}\Delta_{f}$ , let ${{}_{c}}\omega_{i}=\lvert\{b\in\mathbb{F}_{p^{n}}\mid{{}_{c}}\Delta_{f}(1,b)=i\}\rvert$ then the $c$ -differential spectrum of $f$ , denoted by ${{}_{c}}DS_{f}$ , is defined as ${{}_{c}}DS_{F}:=\{{{}_{c}}\omega_{i}>0\mid 0\leq i\leq{{}_{c}}\Delta_{f}\}$ . Again, if $c=1$ then the notion of $c$ -differential spectrum coincides with the classical notion of differential spectrum.

To simplify the analysis of the boomerang attack [25], which can be thought of as an extension of the differential attack, Cid et al. [13] introduced the notion of boomerang connectivity table (BCT). In [13], the BCT entries were defined for permutation functions in even characteristic, and their computation required the inverse of the permutation. In 2019, Li et al. [21] gave an equivalent technique to compute BCT, which does not require the compositional inverse of the permutation polynomial $f(X)$ at all. For any $a,b\in\mathbb{F}_{p^{n}}$ , the BCT entry of the function $f$ at point $(a,b)$ , denoted by ${\mathcal{B}}_{f}(a,b)$ , is the number of solutions $(X,Y)\in\mathbb{F}_{p^{n}}\times\mathbb{F}_{p^{n}}$ of the following system of equations

\begin{cases}f(X)-f(Y)=b,\\ f(X+a)-f(Y+a)=b.\end{cases}

To quantify the resistance of a function $f$ against the boomerang attack, Boura and Canteaut [5] coined the term boomerang uniformity, denoted by ${\mathcal{B}}_{f}$ , which is the maximum of ${\mathcal{B}}_{f}(a,b)$ , where $a,b\in\mathbb{F}_{p^{n}}^{*}$ . In the particular case when $f(X)=X^{d}$ for some positive integer $d$ then ${\mathcal{B}}_{f}(a,b)={\mathcal{B}}_{f}\left(1,\frac{b}{a^{d}}\right)$ for all $a,b\in\mathbb{F}_{p^{n}}^{*}$ . Thus, for the power maps it is sufficient to consider the BCT entries with $a=1$ . Analogous to the differential spectrum, the boomerang spectrum of a power map is defined in the following way. For any power map $f(X)=X^{d}$ and $0\leq i\leq{\mathcal{B}}_{f}$ , let $v_{i}=\lvert\{b\in\mathbb{F}_{p^{n}}^{*}\mid{\mathcal{B}}_{f}(1,b)=i\}\rvert$ then the boomerang spectrum of $f$ , denoted by $BS_{f}$ , is defined as $BS_{f}=\{v_{i}>0\mid 0\leq i\leq{\mathcal{B}}_{f}\}$ .

Though, so far, only one application of this new concept of the $c$ -DU has been found in design theory [1] (connecting the P $c$ N property, when ${{}_{c}}\Delta_{f}=1$ , to some quasigroups), we want to point out that in reality, for monomial functions $f(X)=X^{d}$ , the differentials $\{f(\alpha X),f(X)\}$ used by Borissov et al. [9] in their attack, are the same as the $c$ -differentials at $a=0$ , $\{f(X+a),cf(X)\}$ , where $c=\alpha^{d}$ . Further, in this paper, we shall establish a relation between BCT entries for odd APN functions and their $(-1)$ -DDT entries. We then use this relation to derive two identities for the boomerang spectrum of odd APN functions. As an application of this result, we compute the boomerang spectrum of the inverse map from its $(-1)$ -differential spectrum. By using our shown bridge connection between the BCT entries and and the $(-1)$ -DDT entries, in addition to the inverse function, we compute the boomerang uniformity of four more classes of odd APN functions. It is worth mentioning here that the differential properties [17, 18] and boomerang properties [20] of the inverse function over finite fields of odd characteristic are known in the literature. For instance, when $c=0$ then the inverse function being a permutation is P $c$ N. In the case of $c=1$ , Helleseth et al. [18, Theorem 3] showed that $f$ is APN if $\chi(-3)=-1$ , differentially $3$ -uniform if $p=3$ and differentially $4$ -uniform, otherwise. For $c\in\mathbb{F}_{p^{n}}\backslash\{0,1\}$ , the $c$ -differential uniformity $f$ has been considered in [17, Theorem 13], and the authors showed that if $c\in\mathbb{F}_{p^{n}}\backslash\{0,1,4,4^{-1}\}$ then the $c$ -DU of $f$ is $3$ if $\chi(c^{2}-4c)=1$ or $\chi(1-4c)$ ; and $f$ is AP $c$ N in all the remaining cases. Experimental results suggest that for $c\in\{4,4^{-1}\}$ , $f$ is not always AP $c$ N. For instance, when $c=4$ then $f$ is differentially $3$ -uniform over $\mathbb{F}_{17}$ and when $c=4^{-1}$ then $f$ is differentially $3$ -uniform over $\mathbb{F}_{19}$ . Here, we give a very simple proof correcting some conditions for the $c$ -differential uniformity of $f$ for all the values of $c\in\mathbb{F}_{p^{n}}\backslash\{0,1\}$ .

The second part of the paper is devoted to the construction of differentially low-uniform functions by modifying the inverse function. We know that the inverse map over finite fields of odd characteristic is an involution with three fixed points, namely $0$ , $1$ and $-1$ . We composed the inverse map with a $3$ -length cycle $(0~{}1~{}-1)$ and showed that the resulting function $f(X)=X^{p^{n}-2}\circ(0~{}1~{}-1)$ , which again is a permutation, has the differential uniformity

\Delta_{f}=\begin{cases}3~{}&~{}\mbox{if}~{}p=3~{}\mbox{and}~{}n~{}\mbox{is % odd},\\ 5~{}&~{}\mbox{if}~{}p=13~{}\mbox{and}~{}n~{}\mbox{is even},\\ 4~{}&~{}\mbox{otherwise}.\end{cases}

In addition to it, we construct a class of differentially $4$ -uniform binomials by adding the term $uX^{2}$ to the inverse map $X^{p^{n}-2}$ . A well-known technique of constructing functions with low differential uniformity from the known ones is Dillon’s switching method (see [14, 16]). It was extended by Budaghyan, Carlet and Leander [7] (switching the Gold function $X^{3}$ to produce the APN function $X^{3}+{\rm Tr}(X^{9})$ ), as well as Edel and Pott [16]. Carranza [11] further extended the switching method to any differential uniformity, albeit in even characteristic. Here, we show a similar result in odd characteristic, and in particular, we show that if we switch the inverse map with $\alpha{\rm Tr}(h(X))$ , where $\alpha\in\mathbb{F}_{p^{n}}^{*}$ , ${\rm Tr}$ is the absolute trace map and $h(X)\in\mathbb{F}_{p^{n}}[X]$ , then the differential uniformity of the resulting function is bounded above by $2(p+1)$ .

2. Differential and boomerang properties of the inverse function

In this section, we shall first establish a (perhaps, surprising, though not difficult to show) link between classical differential uniformity, generalized differential uniformity and boomerang uniformity. More precisely, we shall show that the BCT entries of odd APN functions and their $(-1)$ -DDT entries have the following relation.

Theorem 2.1.

Let $f$ be an odd APN function over $\mathbb{F}_{p^{n}}$ , where $p$ an odd prime. Then, for any $a,b\in\mathbb{F}_{p^{n}}^{*}$ the BCT and the $(-1)$ -DDT entries have the following relation

{\mathcal{B}}_{f}(a,b)={{}_{-1}}\Delta_{f}(a,-b).

Proof.

Recall that a function $f$ over $\mathbb{F}_{p^{n}}$ is said to be odd if and only if $f(-X)=-f(X)$ for all $X\in\mathbb{F}_{p^{n}}$ . Since $f$ is an odd function, for any fixed $a\in\mathbb{F}_{p^{n}}^{*}$ and $b\in\mathbb{F}_{p^{n}}$ if $X$ is a solution of the equation

D_{f}(X,a):=f\left(X+\frac{a}{2}\right)-f\left(X-\frac{a}{2}\right)=b,

so is $-X$ . Also since $f$ is APN, if solutions of the above equation exist then these two are the only solutions. Equivalently, for odd APN functions $D_{f}(X,a)=D_{f}(Y,a)\iff X=\pm Y$ . Now recall that the boomerang uniformity of the function $f$ is given by the maximum number of solutions of the following system of equations

(2.1)

\begin{cases}f\left(X-\frac{a}{2}\right)-f\left(Y-\frac{a}{2}\right)=b\\ f\left(X+\frac{a}{2}\right)-f\left(Y+\frac{a}{2}\right)=b\end{cases}\iff\begin% {cases}f\left(X-\frac{a}{2}\right)-f\left(Y-\frac{a}{2}\right)=b\\ D_{f}(X,a)=D_{f}(Y,a),\end{cases}

where $a$ and $b$ are running over $\mathbb{F}_{p^{n}}^{*}$ . Since $b\in\mathbb{F}_{p^{n}}^{*}$ , $X=Y$ cannot be a solution of the first equation of the above system. Therefore, the only possibility is $X=-Y$ and in this case the first equation of the above system becomes

f\left(Y+\frac{a}{2}\right)+f\left(Y-\frac{a}{2}\right)=-b.

Thus, ${\mathcal{B}}_{f}(a,b)={{}_{-1}}\Delta_{f}(a,-b)$ for all $a,b\in\mathbb{F}_{p^{n}}^{*}$ . This completes the proof. ∎

Remark 2.2.

A consequence of our previous proof is the fact that the boomerang uniformity of an odd function (non necessarily APN) in odd characteristic is influenced by the $(-1)$ -differential uniformity. Thus, if one needs a low boomerang uniformity odd function, a necessary condition is that its $(-1)$ -differential uniformity must be low.

Remark 2.3.

In Theorem 2.1, if $f$ is also a permutation, then ${{}_{-1}}\Delta_{f}(0,b)=1={{}_{-1}}\Delta_{f}(a,0)$ , for all $a,b\in\mathbb{F}_{p^{n}}$ . Thus, for odd APN permutations, the boomerang uniformity is equal to its $(-1)$ -differential uniformity.

It is well-known that the $c$ -differential spectrum entries of a power map $f(X)=X^{d}$ satisfy the following identities

(2.2)

\sum_{i=0}^{{{}_{c}}\Delta_{f}}{{}_{c}}\omega_{i}=p^{n}~{}\quad\mbox{and}~{}% \quad\sum_{i=0}^{{{}_{c}}\Delta_{f}}i\cdot{{}_{c}}\omega_{i}=p^{n},

which are useful in the computation of the $c$ -differential spectrum. To the best of out knowledge, there are no such identities for the boomerang spectrum entries of a power map. Here, using Theorem 2.1, we give similar identities for the boomerang spectrum of odd APN power functions.

Corollary 2.4.

Let $f$ be an odd APN power function with boomerang uniformity ${\mathcal{B}}_{f}$ and boomerang spectrum $\{v_{i}>0~{}|~{}0\leq i\leq{\mathcal{B}}_{f}\}$ . Then the following identities hold:

(2.3)

\sum_{i=0}^{{\mathcal{B}}_{f}}v_{i}=p^{n}-1~{}\quad\mbox{and}~{}\quad\sum_{i=0% }^{{\mathcal{B}}_{f}}i\cdot v_{i}=p^{n}-{{}_{-1}}\Delta_{f}(1,0).

Proof.

The proof immediately follows from Theorem 2.1. ∎

In the remaining of this section, we shall show that Theorem 2.1 is not only useful in the determination of the boomerang uniformity of odd APN functions but it can also be applied, in part, to determine the BCT entries of other differentially low-uniform odd functions. For instance, the inverse function $f(X)=X^{p^{n}-2}$ over finite fields $\mathbb{F}_{p^{n}}$ is APN if $\chi(-3)=-1$ , differentially $3$ -uniform if $p=3$ and differentially $4$ -uniform, otherwise. We shall use Theorem 2.1 to determine the boomerang spectrum of the inverse map in all these three cases. Before moving forward, we first prove the following theorem which gives a very simple proof correcting some conditions for the $c$ -differential uniformity of $f$ for all the values of $c\in\mathbb{F}_{p^{n}}^{*}$ .

Theorem 2.5.

Let $f(X)=X^{p^{n}-2}$ be a function from $\mathbb{F}_{p^{n}}$ to itself and $c\in\mathbb{F}_{p^{n}}^{*}$ . Then the $c$ -differential uniformity of $f$ is

\begin{cases}3&~{}\mbox{if}~{}c\neq 1,\chi(c^{2}-4c)=1~{}\mbox{or}~{}\chi(1-4c% )=1,\\ 3&~{}\mbox{if}~{}c=1~{}\mbox{and}~{}\chi(-3)=0,\\ 4&~{}\mbox{if}~{}c=1~{}\mbox{and}~{}\chi(-3)=1,\\ 2&~{}\mbox{otherwise}.\end{cases}

Proof.

Recall that the $c$ -differential uniformity of $f(X)=X^{p^{n}-2}$ is given by the maximum number of solutions $X\in\mathbb{F}_{p^{n}}$ of the following equation

(2.4)

\left(X+\frac{1}{2}\right)^{p^{n}-2}-c\left(X-\frac{1}{2}\right)^{p^{n}-2}=b,

where $b$ is running over $\mathbb{F}_{p^{n}}$ . It is easy to see that if $\displaystyle X=\frac{1}{2}$ then $b=1$ and if $\displaystyle X=-\frac{1}{2}$ then $b=c$ . When $\displaystyle X\not\in\left\{-\frac{1}{2},\frac{1}{2}\right\}$ , then Equation (2.4) reduces to

(2.5)

bX^{2}-(1-c)X+\frac{-b+2c+2}{4}=0.

If $b=0$ then we have no solution of Equation (2.5) if $c=1$ and a unique solution, otherwise. In the case when $b\neq 0$ then we have two solutions of Equation (2.5) if and only if

\chi((1-c)^{2}-b(-b+2c+2))=1.

Thus, for all $b\not\in\{1,c\}$ , we have at most two solutions of Equation (2.4). It is easy to see that when $b=1$ then we have two solutions of Equation (2.5) if and only if $\chi(c^{2}-4c)=1.$ Similarly, when $b=c$ then we have two solutions of Equation (2.5) if and only if $\chi(1-4c)=1.$ This completes the proof. ∎

In [20, Theorems 3–6], Jiang et al. determined the boomerang spectrum of the inverse function. In Theorem 2.8, we give a simpler proof for the boomerang spectrum utilizing the connection between BCT entries and $(-1)$ -DDT entries. It is easy to see from Theorem 2.5 that for the inverse function ${{}_{-1}}\Delta_{f}(1,0)=1$ . Thus, for the APN inverse function (i.e., when $\chi(-3)=-1$ ), the boomerang spectrum is the same as the $(-1)$ -differential spectrum with the only change that $v_{1}={{}_{-1}}\omega_{1}-1$ . The next theorem gives the $(-1)$ -differential spectrum of the inverse map.

Theorem 2.6.

Let $f(X)=X^{p^{n}-2}$ be a function from $\mathbb{F}_{p^{n}}$ to itself. Then the $(-1)$ -differential spectrum of $f$ is given by the following:

(1)

If $p=3$ and $n$ is even, then

\left\{{{}_{-1}}\omega_{0}=\frac{p^{n}-1}{2},{{}_{-1}}\omega_{1}=3,{{}_{-1}}% \omega_{2}=\frac{p^{n}-9}{2},{{}_{-1}}\omega_{3}=2\right\}.

(2)

If $p=3$ and $n$ is odd, then

\left\{{{}_{-1}}\omega_{0}=\frac{p^{n}-3}{2},{{}_{-1}}\omega_{1}=3,{{}_{-1}}% \omega_{2}=\frac{p^{n}-3}{2}\right\}.

(3)

If $p^{n}\equiv 3\pmod{4}$ and $\chi(5)=1$ , then

\left\{{{}_{-1}}\omega_{0}=\frac{p^{n}+1}{2},{{}_{-1}}\omega_{1}=1,{{}_{-1}}% \omega_{2}=\frac{p^{n}-7}{2},{{}_{-1}}\omega_{3}=2\right\}.

(4)

If $p^{n}\equiv 3\pmod{4}$ and $\chi(5)=-1$ , then

\left\{{{}_{-1}}\omega_{0}=\frac{p^{n}-3}{2},{{}_{-1}}\omega_{1}=3,{{}_{-1}}% \omega_{2}=\frac{p^{n}-3}{2}\right\}.

(5)

If $p^{n}\equiv 1\pmod{4}$ and $\chi(5)=1$ , then

\left\{{{}_{-1}}\omega_{0}=\frac{p^{n}-1}{2},{{}_{-1}}\omega_{1}=3,{{}_{-1}}% \omega_{2}=\frac{p^{n}-9}{2},{{}_{-1}}\omega_{3}=2\right\}.

(6)

If $p^{n}\equiv 1\pmod{4}$ and $\chi(5)=-1$ , then

\left\{{{}_{-1}}\omega_{0}=\frac{p^{n}-5}{2},{{}_{-1}}\omega_{1}=5,{{}_{-1}}% \omega_{2}=\frac{p^{n}-5}{2}\right\}.

(7)

If $p=5$ , then

\left\{{{}_{-1}}\omega_{0}=\frac{p^{n}-1}{2},{{}_{-1}}\omega_{1}=1,{{}_{-1}}% \omega_{2}=\frac{p^{n}-1}{2}\right\}.

Proof.

We shall consider two cases, namely, $p=3$ and $p>3$ .

Case 1. Let $p=3$ . In this case, from Theorem 2.5, we know that the $(-1)$ -differential uniformity of $f$ is $3$ if $n$ is even and $2$ if $n$ is odd. Now consider the equation

(2.6)

(X+1)^{p^{n}-2}+(X-1)^{p^{n}-2}=b.

It is easy to observe that if $b=0$ then $X=0$ is the only solution of the above equation. Also, notice that, if $X=1$ then $b=-1$ and if $X=-1$ then $b=1$ . When $X\not\in\{-1,1\}$ , then Equation (2.6) reduces to

(2.7)

bX^{2}+X-b=0.

Now, for $b\neq 0$ , Equation (2.7) has a unique solution if $b^{2}=-1$ , which is possible if and only if $n$ is even. Thus, when $n$ is even then ${{}_{-1}}\omega_{1}=3$ and also for both $b=\pm 1$ , Equation (2.7) has two solutions and hence ${{}_{-1}}\omega_{3}=2$ . The remaining two entries of the $(-1)$ -differential spectrum can be obtained using the identities (2.2). Similarly, when $n$ is odd then ${{}_{-1}}\omega_{1}=3$ and the remaining two entries of the $(-1)$ -differential spectrum can be obtained using the identities (2.2).

Case 2. Let $p>3$ . In this case, from Theorem 2.5, we know that the $(-1)$ -differential uniformity of $f$ is $3$ if $\chi(5)=1$ and $2$ , otherwise. Now consider the equation

(2.8)

\left(X+\frac{1}{2}\right)^{p^{n}-2}+\left(X-\frac{1}{2}\right)^{p^{n}-2}=b.

Again, if $b=0$ then $X=0$ is the only solution of Equation (2.8). Also, it is easy to see that, if $\displaystyle X=\frac{1}{2}$ , then $b=1$ , and if $\displaystyle X=-\frac{1}{2}$ , then $b=-1$ . When $\displaystyle X\not\in\left\{-\frac{1}{2},\frac{1}{2}\right\}$ , then Equation (2.8) reduces to

(2.9)

bX^{2}-2X-\frac{b}{4}=0.

For $b\neq 0$ , Equation (2.9) has a unique solution if $\chi(b^{2}+4)=0$ , which is possible if and only if $p^{n}\equiv 1\pmod{4}$ . Now, if $p=5$ , then for $b=\pm 1$ , Equation (2.9) has a unique solution and hence we have ${{}_{-1}}\omega_{1}=1$ . The remaining two entries of the $(-1)$ -differential spectrum can be obtained using the identities (2.2). Similarly, if $\chi(5)=1$ then ${{}_{-1}}\omega_{1}=3$ and ${{}_{-1}}\omega_{3}=2$ . Likewise, if $\chi(5)=-1$ , then ${{}_{-1}}\omega_{1}=5$ .

When $p^{n}\equiv 3\pmod{4}$ , then ${{}_{-1}}\omega_{1}=3$ if $\chi(5)=-1$ . If $\chi(5)=1$ , then ${{}_{-1}}\omega_{1}=1$ and ${{}_{-1}}\omega_{3}=2$ . This completes the proof. ∎

Remark 2.7.

We note that Items $(1)$ and $(2)$ are special cases of Items $(5)$ and $(4)$ , respectively. We prefer to give these cases separately, as they may be of interest.

In the following theorem we consider the boomerang spectrum of the inverse function in the cases when it is not an APN function, i.e., when $\chi(-3)\in\{0,1\}$ . This theorem exhibits how Theorem 2.1 can be used to determine the boomerang spectrum of odd functions (not necessarily APN). Below, we use the notations

Q_{1}=\chi\left(\frac{7-\sqrt{-3}}{2}\right)~{}\quad~{}\mbox{and}~{}\quad~{}Q_% {2}=\chi\left(\frac{7+\sqrt{-3}}{2}\right),

in the understood finite fields.

Theorem 2.8.

Let $f(X)=X^{p^{n}-2}$ be a function from $\mathbb{F}_{p^{n}}$ to itself and $\chi(-3)\in\{0,1\}$ . Then the boomerang spectrum of $f$ is given by:

•

If $p=3$ , then

\begin{split}\left\{v_{0}=\frac{p^{n}-3}{2},v_{2}=\frac{p^{n}-3}{2},v_{3}=2% \right\}~{}\mbox{if}~{}n\equiv 1\pmod{2},\\ \left\{v_{0}=\frac{p^{n}-1}{2},v_{1}=2,v_{2}=\frac{p^{n}-9}{2},v_{5}=2\right\}% ~{}\mbox{if}~{}n\equiv 0\pmod{2}.\\ \end{split}

•

If $p=13$ , then

\begin{split}\left\{v_{0}=\frac{p^{n}-9}{2},v_{1}=2,v_{2}=\frac{p^{n}-1}{2},v_% {3}=2\right\}~{}\mbox{if}~{}n\equiv 1\pmod{2},\\ \left\{v_{0}=\frac{p^{n}-1}{2},v_{2}=\frac{p^{n}-13}{2},v_{3}=4,v_{4}=2\right% \}~{}\mbox{if}~{}n\equiv 0\pmod{2}.\\ \end{split}

•

If $\chi(-3)=1$ , $p\neq 13$ and $\chi(5)=-1$ , then

(1)

If $p^{n}\equiv 1\pmod{4}$ , then

\begin{split}\left\{v_{0}=\frac{p^{n}-5}{2},v_{1}=4,v_{2}=\frac{p^{n}-13}{2},v% _{4}=4\right\}~{}\mbox{if}~{}Q_{1}=1=Q_{2},\\ \left\{v_{0}=\frac{p^{n}-9}{2},v_{1}=4,v_{2}=\frac{p^{n}-5}{2},v_{4}=2\right\}% ~{}\mbox{if}~{}Q_{1}Q_{2}=-1,\\ \left\{v_{0}=\frac{p^{n}-13}{2},v_{1}=4,v_{2}=\frac{p^{n}+3}{2}\right\}~{}% \mbox{if}~{}Q_{1}=-1=Q_{2}.\\ \end{split}

(2)

If $p^{n}\equiv 3\pmod{4}$ , then

\begin{split}\left\{v_{0}=\frac{p^{n}-3}{2},v_{1}=2,v_{2}=\frac{p^{n}-11}{2},v% _{4}=4\right\}~{}\mbox{if}~{}Q_{1}=1=Q_{2},\\ \left\{v_{0}=\frac{p^{n}-7}{2},v_{1}=2,v_{2}=\frac{p^{n}-3}{2},v_{4}=2\right\}% ~{}\mbox{if}~{}Q_{1}Q_{2}=-1,\\ \left\{v_{0}=\frac{p^{n}-11}{2},v_{1}=2,v_{2}=\frac{p^{n}+5}{2}\right\}~{}% \mbox{if}~{}Q_{1}=-1=Q_{2}.\\ \end{split}

•

If $\chi(-3)=1$ , $p\neq 13$ and $\chi(5)=1$ , then

(1)

If $p^{n}\equiv 1\pmod{4}$ , then

\begin{split}\left\{v_{0}=\frac{p^{n}-1}{2},v_{1}=2,v_{2}=\frac{p^{n}-17}{2},v% _{3}=2,v_{4}=4\right\}~{}\mbox{if}~{}Q_{1}=1=Q_{2},\\ \left\{v_{0}=\frac{p^{n}-5}{2},v_{1}=2,v_{2}=\frac{p^{n}-9}{2},v_{3}=2,v_{4}=2% \right\}~{}\mbox{if}~{}Q_{1}Q_{2}=-1,\\ \left\{v_{0}=\frac{p^{n}-9}{2},v_{1}=2,v_{2}=\frac{p^{n}-1}{2},v_{3}=2\right\}% ~{}\mbox{if}~{}Q_{1}=-1=Q_{2}.\\ \end{split}

(2)

If $p^{n}\equiv 3\pmod{4}$ , then

\begin{split}\left\{v_{0}=\frac{p^{n}+1}{2},v_{2}=\frac{p^{n}-15}{2},v_{3}=2,v% _{4}=4\right\}~{}\mbox{if}~{}Q_{1}=1=Q_{2},\\ \left\{v_{0}=\frac{p^{n}-3}{2},v_{2}=\frac{p^{n}-7}{2},v_{3}=2,v_{4}=2\right\}% ~{}\mbox{if}~{}Q_{1}Q_{2}=-1,\\ \left\{v_{0}=\frac{p^{n}-7}{2},v_{2}=\frac{p^{n}+1}{2},v_{3}=2\right\}~{}\mbox% {if}~{}Q_{1}=-1=Q_{2}.\\ \end{split}

•

Let $\chi(-3)=1$ and $p=5$ , which is equivalent to say that $p=5$ and $n$ is even. Then

\begin{split}\left\{v_{0}=\frac{p^{n}-1}{2},v_{2}=\frac{p^{n}-9}{2},v_{4}=4% \right\}~{}\mbox{if}~{}Q_{1}=1=Q_{2},\\ \left\{v_{0}=\frac{p^{n}-9}{2},v_{2}=\frac{p^{n}+7}{2}\right\}~{}\mbox{if}~{}Q% _{1}=-1=Q_{2}.\\ \end{split}

Proof.

Recall that the boomerang uniformity of $f$ is given by the maximum number of solutions $(X,Y)\in\mathbb{F}_{p^{n}}\times\mathbb{F}_{p^{n}}$ of the following equation

(2.10)

\begin{cases}\left(X-\frac{1}{2}\right)^{p^{n}-2}-\left(Y-\frac{1}{2}\right)^{% p^{n}-2}=b,\\ D_{f}(X,1)=D_{f}(Y,1),\end{cases}

where $b$ is running over $\mathbb{F}_{p^{n}}^{*}$ . We shall now consider two cases, namely, $p=3$ and $\chi(-3)=1$ , respectively.

Case 1. Let $p=3$ . In this case System (2.10) reduces to

(2.11)

\begin{cases}(X+1)^{p^{n}-2}-(Y+1)^{p^{n}-2}=b,\\ (X+1)^{p^{n}-2}-(X-1)^{p^{n}-2}=(Y+1)^{p^{n}-2}-(Y-1)^{p^{n}-2}.\end{cases}

When $D_{f}(X,1)=D_{f}(Y,1)=-1$ , then after excluding solutions of the form $X=\pm Y$ , we have a total of $4$ solutions of this equation, namely, $\{(0,1),(0,-1),(1,0),(-1,0)\}$ . Moreover, if $(X,Y)\in\{(0,1),(-1,0)\}$ then $b=-1$ and if $(X,Y)\in\{(0,-1),(1,0)\}$ then $b=1$ . When $D_{f}(X,1)=D_{f}(Y,1)\neq-1$ then its solutions will be of the form $X=\pm Y$ . Thus, for all $b\not\in\{0,1,-1\}$ , we have ${\mathcal{B}}_{f}(1,b)={{}_{-1}}\Delta_{f}(1,-b)$ and when $b=\pm 1$ then ${\mathcal{B}}_{f}(1,b)={{}_{-1}}\Delta_{f}(1,-b)+2$ . Recall that

{{}_{-1}}\Delta_{f}(1,\pm 1)=\begin{cases}1~{}&~{}\mbox{if}~{}n~{}\mbox{is odd% },\\ 3~{}&~{}\mbox{if}~{}n~{}\mbox{is even}.\end{cases}

Thus, if $n$ is odd then $v_{0}={{}_{-1}}\omega_{0}$ , $v_{1}={{}_{-1}}\omega_{1}-3$ , $v_{2}={{}_{-1}}\omega_{2}$ and $v_{3}=2$ . Similarly, when $n$ is even then $v_{0}={{}_{-1}}\omega_{0}$ , $v_{1}={{}_{-1}}\omega_{1}-1$ , $v_{2}={{}_{-1}}\omega_{2}$ , $v_{3}={{}_{-1}}\omega_{3}-2$ and $v_{5}=2$ .

Case 2. Let $\chi(-3)=1$ (which happens if $n$ is even or, $n$ is odd and $p\equiv 1\pmod{3}$ ). In this case, if $D_{f}(X,1)=D_{f}(Y,1)\neq 1$ then from Theorem 2.5, the second equation of System (2.10) has solutions $X=\pm Y$ . When

(2.12)

D_{f}(X,1)=D_{f}(Y,1)=1,

then the solutions $(X,Y)$ of this equation and the corresponding value of $b$ from the first equation of System (2.10), i.e.,

(2.13)

\left(X-\frac{1}{2}\right)^{p^{n}-2}-\left(Y-\frac{1}{2}\right)^{p^{n}-2}=b

are given in Table 1.

	$Y=\frac{1}{2}$	$Y=\frac{-1}{2}$	$Y=\frac{\sqrt{-3}}{2}$	$Y=\frac{-\sqrt{-3}}{2}$
$X=\frac{1}{2}$	$b=0$	$b=1$	$b=\frac{\sqrt{-3}+1}{2}$	$b=\frac{-\sqrt{-3}+1}{2}$
$X=\frac{-1}{2}$	$b=-1$	$b=0$	$b=\frac{\sqrt{-3}-1}{2}$	$b=\frac{-\sqrt{-3}-1}{2}$
$X=\frac{\sqrt{-3}}{2}$	$b=\frac{-\sqrt{-3}-1}{2}$	$b=\frac{-\sqrt{-3}+1}{2}$	$b=0$	$b=-\sqrt{-3}$
$X=\frac{-\sqrt{-3}}{2}$	$b=\frac{\sqrt{-3}-1}{2}$	$b=\frac{\sqrt{-3}+1}{2}$	$b=\sqrt{-3}$	$b=0$

Table 1. Solutions

(X,Y)

of Equation (2.12) and corresponding values of

b

from Equation (2.13).

It is easy to observe, from Table 1, that the solutions $(X,Y)$ corresponding to $b\in\left\{\pm 1,\pm\sqrt{-3}\right\}$ are of the form $X=-Y$ . Thus, for all $b\in\mathbb{F}_{p^{n}}^{*}\backslash{\mathcal{A}}$ , where

{\mathcal{A}}:=\left\{\pm\left(\frac{\sqrt{-3}-1}{2}\right),\pm\left(\frac{% \sqrt{-3}+1}{2}\right)\right\},

the BCT entries ${\mathcal{B}}(1,b)$ are same as the $(-1)$ -DDT entries ${{}_{-1}}\Delta_{f}(1,-b)$ . We shall now consider two subcases, namely, $p=13$ and $p\neq 13$ , respectively.

Subcase 2.1. Let $p=13$ . In this case $\sqrt{-3}=7$ and hence the set ${\mathcal{A}}$ becomes $\{\pm 3,\pm 4\}$ . Now, we shall consider two cases, namely, $\chi(5)=-1$ and $\chi(5)=1$ which correspond to the cases of $n$ odd and $n$ even, respectively. If $n$ is odd, then for $b=\pm 4$ , we have two solutions of Equation (2.10) coming from Table 1 and for $b=\pm 3$ , we have three solutions of Equation (2.10) and two among them are coming from Table 1. Thus, when $p=13$ and $n$ is odd then $v_{0}={{}_{-1}}\omega_{0}-2$ , $v_{1}={{}_{-1}}\omega_{1}-3$ , $v_{2}={{}_{-1}}\omega_{2}+2$ and $v_{3}=2$ . Now, when $n$ is even then we have four solutions of Equation (2.10) for $b=\pm 4$ and two of these are coming from Table 1 and we have three solutions of Equation (2.10) for $b=\pm 3$ and two of these are coming from Table 1. Thus, for $p=13$ and $n$ even, we have $v_{0}={{}_{-1}}\omega_{0}$ , $v_{1}={{}_{-1}}\omega_{1}-3$ , $v_{2}={{}_{-1}}\omega_{2}-2$ , $v_{3}={{}_{-1}}\omega_{3}+2$ and $v_{4}=2$ .

Subcase 2.2. Let $p\neq 13$ . Again, we shall consider three cases, namely, $\chi(5)=-1,\chi(5)=1$ and $\chi(5)=0$ . If $\chi(5)=-1$ , we have four solutions corresponding to $b=\pm\left(\frac{\sqrt{-3}-1}{2}\right)$ if $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=1$ and two solutions, otherwise. Similarly, we have four solutions corresponding to $b=\pm\left(\frac{\sqrt{-3}+1}{2}\right)$ if $\chi\left(\frac{7+\sqrt{-3}}{2}\right)=1$ and two solutions, otherwise. Thus, if $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=1=\chi\left(\frac{7+\sqrt{-3}}{2}\right)$ , then we have $v_{0}={{}_{-1}\omega}_{0}$ , $v_{1}={{}_{-1}\omega}_{1}-1$ , $v_{2}={{}_{-1}\omega}_{2}-4$ and $v_{4}=4$ . If $\chi\left(\frac{7-\sqrt{-3}}{2}\right)\cdot\chi\left(\frac{7+\sqrt{-3}}{2}% \right)=-1$ , then we have $v_{0}={{}_{-1}\omega}_{0}-2$ , $v_{1}={{}_{-1}\omega}_{1}-1$ , $v_{2}={{}_{-1}\omega}_{2}$ and $v_{4}=2$ . If $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=-1=\chi\left(\frac{7+\sqrt{-3}}{2}\right)$ , then we have $v_{0}={{}_{-1}\omega}_{0}-4$ , $v_{1}={{}_{-1}\omega}_{1}-1$ , $v_{2}={{}_{-1}\omega}_{2}+4$ .

If $\chi(5)=1$ , then we have four solutions corresponding to $b=\pm\left(\frac{\sqrt{-3}-1}{2}\right)$ if $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=1$ and two solutions, otherwise. Similarly, we have four solutions corresponding to $b=\pm\left(\frac{\sqrt{-3}+1}{2}\right)$ if $\chi\left(\frac{7+\sqrt{-3}}{2}\right)=1$ and two solutions, otherwise. Thus, if $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=1=\chi\left(\frac{7+\sqrt{-3}}{2}\right)$ , then we have $v_{0}={{}_{-1}\omega}_{0}$ , $v_{1}={{}_{-1}\omega}_{1}-1$ , $v_{2}={{}_{-1}\omega}_{2}-4$ and $v_{4}=4$ . If $\chi\left(\frac{7-\sqrt{-3}}{2}\right)\cdot\chi\left(\frac{7+\sqrt{-3}}{2}% \right)=-1$ , then we have $v_{0}={{}_{-1}\omega}_{0}-2$ , $v_{1}={{}_{-1}\omega}_{1}-1$ , $v_{2}={{}_{-1}\omega}_{2}$ and $v_{4}=2$ . If $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=-1=\chi\left(\frac{7+\sqrt{-3}}{2}\right)$ , then we have $v_{0}={{}_{-1}\omega}_{0}-4$ , $v_{1}={{}_{-1}\omega}_{1}-1$ , $v_{2}={{}_{-1}\omega}_{2}+4$ .

If $\chi(5)=0$ , then this together with the condition $\chi(-3)=1$ implies that $n$ is even. Now similar to the previous cases, we have four solutions corresponding to $b=\pm\left(\frac{\sqrt{-3}-1}{2}\right)$ if $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=1$ and two solutions, otherwise. Similarly, we have four solutions corresponding to $b=\pm\left(\frac{\sqrt{-3}+1}{2}\right)$ if $\chi\left(\frac{7+\sqrt{-3}}{2}\right)=1$ and two solutions, otherwise. It is easy to observe that either both or none of $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=1$ and $\chi\left(\frac{7+\sqrt{-3}}{2}\right)=1$ , since

\chi\left(\frac{7-\sqrt{-3}}{2}\right)\cdot\chi\left(\frac{7+\sqrt{-3}}{2}% \right)=\chi(13)=\chi(3)=1.

Thus, if $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=1=\chi\left(\frac{7+\sqrt{-3}}{2}\right)$ , then we have $v_{0}={{}_{-1}\omega}_{0}$ , $v_{1}={{}_{-1}\omega}_{1}-1$ , $v_{2}={{}_{-1}\omega}_{2}-4$ and $v_{4}=4$ . If $\chi\left(\frac{7-\sqrt{-3}}{2}\right)=-1=\chi\left(\frac{7+\sqrt{-3}}{2}\right)$ , then we have $v_{0}={{}_{-1}\omega}_{0}-4$ , $v_{1}={{}_{-1}\omega}_{1}-1$ , $v_{2}={{}_{-1}\omega}_{2}+4$ . This completes the proof. ∎

In order to exemplify the usefulness of Theorem 2.1, we shall now compute the boomerang uniformity of all the known classes of odd APN power functions over finite fields of odd characteristic. To the best of our knowledge, the following functions are the only known classes of odd APN power maps $X^{d}$ over $\mathbb{F}_{p^{n}}$ , for $p$ odd:

•

$f_{1}(X)=X^{3}$ , $p\neq 3$ [18];
•

$f_{2}(X)=X^{\frac{2p^{n}-1}{3}}$ , $p^{n}\equiv 2\pmod{3}$ [18];
•

$f_{3}(X)=X^{p^{n}-2}$ , $p^{n}\equiv 2\pmod{3}$ [18];
•

$f_{4}(X)=X^{p^{\frac{n}{2}}+2}$ , $n$ even and $p^{\frac{n}{2}}\equiv 1\pmod{3}$ [18];
•

$f_{5}(X)=X^{\frac{5^{k}+1}{2}}$ , $p=5$ , $\gcd(2n,k)=1$ [18];
•

$f_{6}(X)=X^{\frac{5^{n}-1}{4}+\frac{5^{\frac{n+1}{2}}-1}{2}}$ , $n$ odd [15].

It is easy to verify that the boomerang uniformity of $f_{1}$ is $3$ . We know that under the given condition, the compositional inverse of $f_{2}$ is $X^{3}$ and since, in general, a permutation function and its compositional inverse share the same boomerang uniformity (see [5, Proposition 2]), the boomerang uniformity of $f_{2}$ is also $3$ . We already computed the boomerang uniformity of $f_{3}$ . In the following theorem we shall compute the boomerang uniformity of the functions $f_{4},f_{5}$ and $f_{6}$ .

Theorem 2.9.

Let $f_{4},f_{5}$ and $f_{6}$ be the functions on the finite fields $\mathbb{F}_{p^{n}}$ defined as above. Then ${\mathcal{B}}_{f_{4}}\leq 5$ and ${\mathcal{B}}_{f_{5}}={\mathcal{B}}_{f_{6}}=3$ .

Proof.

We know, from Theorem 2.1 that the boomerang uniformity of $f_{4}$ is given by the maximum number of solutions of the following equation

\begin{split}&\left(X+\frac{1}{2}\right)^{p^{m}+2}+\left(X-\frac{1}{2}\right)^% {p^{m}+2}=b\\ \iff&4X^{p^{m}+2}+X^{p^{m}}+2X-2b=0,\end{split}

where $n=2m$ and $b$ is running over $\mathbb{F}_{p^{n}}^{*}$ . To analyze its solutions we will be using Dobbertin’s multivariate method. Let $Y=X^{p^{m}}$ . The previous equation becomes

	$\displaystyle 4X^{2}Y+Y+2X-2b=0,\text{ and raising it to the $p^{m}$ power},$
	$\displaystyle 4Y^{2}X+X+2Y-2b^{p^{m}}=0.$

If $b$ satisfies $4b^{2}+1=0$ , then we get the solution $X=b$ . If $4b^{2}+1\neq 0$ , then we find $\displaystyle Y=\frac{2b-2X}{4X^{2}+1}$ from the first equation and replace it into the second equation arriving to

\displaystyle 16X^{5}-16b^{p^{m}}X^{4}-8X^{3}-16X^{2}(1+b-b^{p^{m}})-X(32b+3)+% (16b^{2}+4b-2b^{m})=0,

which has at most five solutions. Thus ${\mathcal{B}}_{f_{4}}\leq 5$ and experimental results for small values of $p$ and $n$ suggest that this bound is attained.

We now consider the boomerang uniformity of $f_{5}$ . It was proved in [22, Theorem 6] that the $(-1)$ -differential uniformity of the function $X\mapsto X^{\frac{p^{k}+1}{2}}$ on $\mathbb{F}_{p^{n}}$ is $1$ if $\displaystyle\frac{2n}{\gcd(2n,k)}=1$ , otherwise, it is $\displaystyle\frac{p^{\gcd(n,k)}+1}{2}$ . Since $f_{5}$ on $\mathbb{F}_{5^{n}}$ is APN for $\gcd(2n,k)=1$ , we therefore have that its $(-1)$ -differential uniformity is exactly $\displaystyle\frac{5^{\gcd(n,k)}+1}{2}=3$ (since also $\gcd(n,k)=1$ ).

Finally, we shall consider the boomerang uniformity of $f_{6}(X)=X^{\frac{5^{n}-1}{4}+\frac{5^{m}-1}{2}}$ , where $m=\frac{n+1}{2}$ . Note that $f_{6}$ is a permutation since $\gcd(d,5^{n}-1)=1$ , and $\displaystyle\frac{5^{m}+1}{2}d\equiv 1\pmod{5^{n}-1}$ . Thus, the boomerang uniformity of $f_{6}$ is equal to the boomerang uniformity (and hence $(-1)$ -differential uniformity) of $f_{7}(X)=X^{\frac{5^{m}+1}{2}}$ . From [23, Proposition 5], we know that the $(-1)$ -differential uniformity of $f_{7}$ is $3$ . This completes the proof. ∎

3. Differentially low-uniform functions by modifying the inverse function

The differential uniformity of functions over finite fields is preserved under certain transformations. For instance, let $f$ and $g$ are two functions over $\mathbb{F}_{p^{n}}$ such that $g=A_{2}\circ f\circ A_{1}+A$ , for some affine permutations $A_{1},A_{2}$ over $\mathbb{F}_{p^{n}}$ and some affine function $A$ over $\mathbb{F}_{p^{n}}$ . Then, $f$ and $g$ have the same differential uniformity and we say that $f$ and $g$ are extended affine (EA) equivalent. The most general equivalence relation, known so far, which preserves the differential uniformity is the Carlet-Charpin-Zinoviev (CCZ) equivalence [10]. Two functions $f$ and $g$ over $\mathbb{F}_{p^{n}}$ are called CCZ-equivalent if there exists an affine permutation ${\mathcal{A}}:\mathbb{F}_{p^{n}}\times\mathbb{F}_{p^{n}}\rightarrow\mathbb{F}_% {p^{n}}\times\mathbb{F}_{p^{n}}$ which maps the graph ${\mathcal{G}}_{f}:=(X,f(X))$ to the graph ${\mathcal{G}}_{g}:=(X,g(X))$ . Let ${\mathcal{L}}$ be the linear part of the affine permutation ${\mathcal{A}}$ . Then [6, Lemma 3.1] shows that the affine permutation ${\mathcal{A}}$ simply adds constants to input and output of the CCZ-equivalent function obtained by applying ${\mathcal{L}}$ . The CCZ-class of a function $f$ always contains the EA-class of the function $f$ . It is well-known [8] that if $f$ is a permutation then the CCZ-class also contains the EA-class of $f^{-1}$ , the compositional inverse of the function $f$ .

We know that the inverse map over finite fields of odd characteristic is an involution with three fixed points, namely $0,1$ and $-1$ . In [19, Theorem 3.5], the authors swapped the images of the inverse function at $0$ and $1$ and determined the $c$ -differential uniformity of the function for all $c\in\mathbb{F}_{p}^{*}$ . One may note that even after swapping the images of $0$ and $1$ , this map has a fixed point $-1$ . However, if we compose the inverse map by the $3$ -length cycles $(0~{}1~{}-1)$ or $(0~{}-1~{}1)$ , then it still remains a permutation with no fixed point. In the following theorem we shall determine the differential uniformity of the modified inverse function $f(X)=X^{p^{n}-2}\circ(0~{}1~{}-1)$ . Our results directly follow for the other modified map $f(X)=X^{p^{n}-2}\circ(0~{}-1~{}1)$ as it is the compositional inverse of $f$ .

Theorem 3.1.

Let $p>3$ be a prime number, $n$ be a positive integer and $f(X)=X^{p^{n}-2}\circ(0~{}1~{}-1)$ be a map from $\mathbb{F}_{p^{n}}$ to itself. Then

\begin{cases}\Delta_{f}=5~{}&~{}\mbox{if}~{}p=13~{}\mbox{and}~{}n~{}\mbox{is % even},\\ \Delta_{f}\leq 4~{}&~{}\mbox{otherwise}.\end{cases}

Proof.

We know that the differential uniformity of $f$ is given by the maximum number of solutions of the following equation

(3.1)

f\left(X+\frac{a}{2}\right)-f\left(X-\frac{a}{2}\right)=b,

where $a,b\in\mathbb{F}_{p^{n}}$ and $a\neq 0$ . Since $f$ is a permutation, if $b=0$ , the above equation has no solutions, for all $a\in\mathbb{F}_{p^{n}}^{*}$ . Now, we shall consider various cases depending upon the values of $\displaystyle X+\frac{a}{2}$ and $\displaystyle X-\frac{a}{2}$ . More precisely, we shall consider the cases when $\displaystyle X-\frac{a}{2}\in\{0,1,-1\}$ , $\displaystyle X+\frac{a}{2}\in\{0,1,-1\}$ and $\displaystyle X\not\in\left\{\pm\frac{a}{2},1\pm\frac{a}{2},-1\pm\frac{a}{2}\right\}$ , respectively.

Case 1. Let $\displaystyle X=\frac{a}{2}$ . In this case, Equation (3.1) reduces to $f(a)-f(0)=b$ , and so, $f(a)-1=b$ .

Case 2. If $\displaystyle X=1+\frac{a}{2}$ , then from Equation (3.1), $f(1+a)-f(1)=b$ , that is, $f(1+a)+1=b$ .

Case 3. Let $\displaystyle X=-1+\frac{a}{2}$ . In this case, Equation (3.1) reduces to $f(-1+a)-f(-1)=b$ , which is $f(-1+a)=b$ .

Case 4. If $\displaystyle X=-\frac{a}{2}$ , then from Equation (3.1), $f(0)-f(-a)=b$ , and so $1-f(-a)=b$ .

Case 5. Let $\displaystyle X=1-\frac{a}{2}$ . In this case, Equation (3.1) reduces to $f(1)-f(1-a)=b$ , that is, $-1-f(1-a)=b$ .

Case 6. If $\displaystyle X=-1-\frac{a}{2}$ , then from Equation (3.1), $f(-1)-f(-1-a)=b$ , which is $-f(-1-a)=b$ .

Case 7. Let $\displaystyle X\not\in\left\{\pm\frac{a}{2},1\pm\frac{a}{2},-1\pm\frac{a}{2}\right\}$ . Then Equation (3.1) reduces to

(3.2)

\begin{split}\left(X+\frac{a}{2}\right)^{-1}-\left(X-\frac{a}{2}\right)^{-1}=b% \iff X^{2}=\frac{a^{2}}{4}-\frac{a}{b}.\end{split}

One may note, from Cases 1–6, that the values of $b$ are in terms of some functions in the variable $a$ . Now, in order to simplify the solutions $X$ and the corresponding values of $b$ from Cases 1–6, we consider five cases, namely, $a=1$ , $a=-1$ , $a=2$ , $a=-2$ and $a\not\in\{\pm 1,\pm 2\}$ . This discussion is summarized in Table 2.

	$a=1$	$a=-1$	$a=2$	$a=-2$	$a\not\in\{\pm 1,\pm 2\}$
Case 1	$(\frac{1}{2},-2)$	$(-\frac{1}{2},-1)$	$(1,-\frac{1}{2})$	$(-1,-\frac{3}{2})$	$(\frac{a}{2},\frac{1}{a}-1)$
Case 2	$(\frac{3}{2},\frac{3}{2})$	$(\frac{1}{2},2)$	$(2,\frac{4}{3})$	$(0,1)$	$(1+\frac{a}{2},\frac{1}{1+a}+1)$
Case 3	$(-\frac{1}{2},1)$	$(-\frac{3}{2},-\frac{1}{2})$	$(0,-1)$	$(-2,-\frac{1}{3})$	$(-1+\frac{a}{2},\frac{1}{-1+a})$
Case 4	$(-\frac{1}{2},1)$	$(\frac{1}{2},2)$	$(-1,\frac{3}{2})$	$(1,\frac{1}{2})$	$(-\frac{a}{2},\frac{1}{a}+1)$
Case 5	$(\frac{1}{2},-2)$	$(\frac{3}{2},-\frac{3}{2})$	$(0,-1)$	$(2,-\frac{4}{3})$	$(1-\frac{a}{2},\frac{1}{-1+a}-1)$
Case 6	$(-\frac{3}{2},\frac{1}{2})$	$(-\frac{1}{2},-1)$	$(-2,\frac{1}{3})$	$(0,1)$	$(-1-\frac{a}{2},\frac{1}{1+a})$
Case 7	$X^{2}=\frac{1}{4}-\frac{1}{b}$	$X^{2}=\frac{1}{4}+\frac{1}{b}$	$X^{2}=1-\frac{2}{b}$	$X^{2}=1+\frac{2}{b}$	$X^{2}=\frac{a^{2}}{4}-\frac{a}{b}$

Table 2. Pairs

(X,b)

for different choices of

a

Now, we shall use Table 2 to compute DDT entries for different values of $a$ and $b$ . It is easy to observe from the column 2-5 of the Table 2 that $\Delta_{f}(a,b)\leq 4$ for all $b\in\mathbb{F}_{p^{n}}$ and $a\in\{\pm 1,\pm 2\}$ . When $a\not\in\{\pm 1,\pm 2\}$ then we can infer following from the Table 2

(1)

We cannot have solutions from Case 1 and Case 4 simultaneously as in this case $\frac{1}{a}-1=\frac{1}{a}+1\iff-1=1$ , which is not possible as $p$ is odd.
(2)

We cannot have solutions from Case 2 and Case 6 simultaneously, as $\frac{1}{1+a}+1=\frac{1}{1+a}\iff 1=0$ , a contradiction.
(3)

We cannot have solutions from Case 3 and Case 5 simultaneously, as $\frac{1}{-1+a}=-1+\frac{1}{-1+a}\iff 0=-1$ , a contradiction.
(4)

We cannot have solutions from Case 1 and Case 5 simultaneously, as $-1+\frac{1}{a}=-1+\frac{1}{-1+a}\iff 0=-1$ , a contradiction.
(5)

We cannot have solutions from Case 2 and Case 4 simultaneously, as $\frac{1}{1+a}+1=\frac{1}{a}+1\iff 0=1$ , a contradiction.
(6)

We cannot have solutions from Case 3 and Case 6 simultaneously, as $\frac{1}{-1+a}=\frac{1}{1+a}\iff-1=1$ , a contradiction.

Thus, we have the following two possible scenarios in which we can get more than two solutions from Cases 1–6:

•

We now assume that we have solutions from Case 1, Case 2 and Case 3. Then $b=\frac{1}{a}-1=\frac{1}{1+a}+1=\frac{1}{-1+a}$ . The second and third equalities produce the following system of equations

\begin{cases}2a^{2}+2a-1=0,\\ a^{2}=3,\\ a^{2}-a+1=0.\end{cases}

One can easily verify that the above system of equations is consistent if and only if $p=13$ and $a=4$ . Thus, for $p=13$ and $(a,b)=(4,9)$ , we have the solutions $X=2$ , $X=3$ and $X=1$ of Equation (3.1) from Case 1, Case 2 and Case 3, respectively. Now, for these parameters, the equation in the Case 7 becomes $X^{2}=5$ , which has two solutions if $\chi(5)=1$ and no solutions, otherwise. We know that when $p=13$ then $\chi(5)=1$ if and only if $n$ is even. Thus,

\Delta_{f}(4,9)=\begin{cases}3&~{}\mbox{if}~{}n~{}\mbox{is odd},\\ 5&~{}\mbox{if}~{}n~{}\mbox{is even}.\\ \end{cases}

•

We now assume that we have solutions from Cases 4–6. Then $b=\frac{1}{a}+1=\frac{1}{-1+a}-1=\frac{1}{1+a}$ . The second and third equalities gives the following system of equations

\begin{cases}2a^{2}-2a-1=0,\\ a^{2}=3,\\ a^{2}+a+1=0.\end{cases}

One can easily verity that the above system of equations is consistent if and only if $p=13$ and $a=9$ . Thus, for $p=13$ and $(a,b)=(9,4)$ , we have solutions $X=1$ , $X=0$ and $X=-2$ of Equation (3.1) from Case 4, Case 5 and Case 6, respectively. Now, for these parameters, equation in the Case 7 becomes $X^{2}=5$ , which has two solutions if $\chi(5)=1$ and no solutions, otherwise. We know that when $p=13$ then $\chi(5)=1$ if and only if $n$ is even. Thus,

\Delta_{f}(9,4)=\begin{cases}3&~{}\mbox{if}~{}n~{}\mbox{is odd},\\ 5&~{}\mbox{if}~{}n~{}\mbox{is even}.\\ \end{cases}

This completes the proof. ∎

Remark 3.2.

Since the function $f$ in the above theorem is a permutation, it is CCZ-inequivalent to the inverse function, since for $p>3$ there is no permutation function in the CCZ-class of the inverse function.

Computations revealed that for some values of $p,n$ (like, $p=3,n=2,4$ , or $p=5,n=3$ the differential uniformity of the function in our previous theorem is $3$ (we could not find examples of uniformity lower than $3$ , though we have not performed extensive computations). We will show in our next result that if $p=3$ , the differential uniformity of our function is indeed $3$ , for any odd $n$ .

Theorem 3.3.

Let $n\geq 1$ be an integer and $f(X)=X^{3^{n}-2}\circ(0~{}1~{}-1)$ be a map from $\mathbb{F}_{3^{n}}$ to itself. Then

\Delta_{f}=\begin{cases}3~{}&~{}\mbox{if}~{}n~{}\mbox{is odd},\\ 4~{}&~{}\mbox{if}~{}n~{}\mbox{is even}.\end{cases}

Proof.

We know that the differential uniformity of $f$ is given by the maximum number of solutions of the following equation

(3.3)

f(X-a)-f(X+a)=b,

where $a,b\in\mathbb{F}_{p^{n}}$ and $a\neq 0$ . Since $f$ is a permutation, if $b=0$ the above equation has no solutions for all $a\in\mathbb{F}_{p^{n}}^{*}$ . We shall consider various cases depending upon the values of $X+a$ and $X-a$ .

Case 1. Let $X=a$ . In this case, Equation (3.3) reduces to $f(0)-f(2a)=b$ , so $1-f(-a)=b$ .

Case 2. If $X=1+a$ , then from Equation (3.3) $f(1)-f(1+2a)=b$ , thus $-1-f(1-a)=b$ .

Case 3. Let $X=-1+a$ . In this case, Equation (3.3) reduces to $f(-1)-f(-1+2a)=b$ , hence $-f(-1-a)=b$ .

Case 4. Let $X=-a$ . In this case, Equation (3.3) reduces to $f(-2a)-f(0)=b$ , thus $f(a)-1=b$ .

Case 5. If $X=1-a$ , then from Equation (3.3) $f(1-2a)-f(1)=b$ , so $f(1+a)+1=b$ .

Case 6. Let $X=-1-a$ . In this case, Equation (3.3) reduces to $f(-1-2a)-f(-1)=b$ , thus $f(-1+a)=b$ .

Case 7. Let $X\not\in\{\pm a,1\pm a,-1\pm a\}$ . Then Equation (3.3) reduces to

(3.4)

\begin{split}(X-a)^{-1}-(X+a)^{-1}=b\iff X^{2}=a^{2}-\frac{a}{b}.\end{split}

One may note, from Cases 1–6, that the values of $b$ are in terms of some functions in the variable $a$ . Now, in order to simplify the solutions $X$ and corresponding values of $b$ from Cases 1–6, we consider five cases, namely, $a=1$ , $a=-1$ and $a\not\in\{1,-1\}$ . This discussion is summarized in Table 3.

	$a=1$	$a=-1$	$a\not\in\{1,-1\}$
Case 1	$(1,1)$	$(-1,-1)$	$(a,\frac{1+a}{a})$
Case 2	$(-1,1)$	$(0,-1)$	$(1+a,\frac{1+a}{1-a})$
Case 3	$(0,1)$	$(1,-1)$	$(-1+a,\frac{1}{1+a})$
Case 4	$(-1,1)$	$(1,-1)$	$(-a,\frac{1-a}{a})$
Case 5	$(0,1)$	$(-1,-1)$	$(1-a,\frac{-1+a}{1+a})$
Case 6	$(1,1)$	$(0,-1)$	$(-1-a,\frac{1}{-1+a})$
Case 7	$X^{2}=1-\frac{1}{b}$	$X^{2}=1+\frac{1}{b}$	$X^{2}=a^{2}-\frac{a}{b}$

Table 3. Pairs

(X,b)

for different choices of

a

It is easy to observe from Table (3) that the DDT entries

\Delta_{f}(1,b)=\begin{cases}3~{}&~{}\mbox{if}~{}b=1,\\ 2~{}&~{}\mbox{if}~{}b\neq-1~{}\mbox{and}~{}\chi(b(b-1))=1,\\ 0~{}&~{}\mbox{if}~{}b\neq-1~{}\mbox{and}~{}\chi(b(b-1))=-1.\end{cases}

Similarly,

\Delta_{f}(-1,b)=\begin{cases}3~{}&~{}\mbox{if}~{}b=-1,\\ 2~{}&~{}\mbox{if}~{}b\neq 1~{}\mbox{and}~{}\chi(b(b+1))=1,\\ 0~{}&~{}\mbox{if}~{}b\neq 1~{}\mbox{and}~{}\chi(b(b+1))=-1.\end{cases}

For $a\not\in\{0,1,-1\}$ we consider the following scenarios:

(1)

We assume that we have a solution $X=a$ from the Case 1. Now, we cannot have solutions from Case 2 as in this case $b=\frac{1+a}{a}=\frac{1+a}{1-a}$ and the second equality would imply that $a=-1$ , a contradiction. Also, we cannot have solutions from Case 3 as the second equality of $b=\frac{1+a}{a}=\frac{1}{1+a}$ implies that $a=1$ , a contradiction. Similarly, we cannot have solutions from Case 4, as then $b=\frac{1+a}{a}=\frac{1-a}{a}$ and the second equality would imply that $a=0$ , which again is a contradiction. Likewise, we cannot have solutions from Case 5, since then $b=\frac{1+a}{a}=\frac{-1+a}{1+a}$ and the second equality implies that $1=0$ . Let us assume that we have a solution from Case 6, and so, $b=\frac{1+a}{a}=\frac{1}{-1+a}$ , so $b=a$ and $a^{2}=a+1$ , and in this case the equation in Case 7 becomes $X^{2}=a$ . Thus if $b=a$ and $a^{2}=a+1$ , then we have

\Delta(a,b)=\begin{cases}2~{}&~{}\mbox{if}~{}n~{}\mbox{is odd},\\ 2~{}&~{}\mbox{if}~{}n~{}\mbox{is even and}~{}\chi(a)=-1,\\ 4~{}&~{}\mbox{if}~{}n~{}\mbox{is even and}~{}\chi(a)=1.\end{cases}

(2)

We now assume that we have a solution $X=1+a$ from Case 2. We have already seen that we cannot have solutions from Case 1. Now, we cannot have solutions from Case 3, as in this case $b=\frac{1+a}{1-a}=\frac{1}{1+a}$ and the second equality would imply that $a=0$ , a contradiction. Similarly, we cannot have a solution from Case 4, as in this case $b=\frac{1+a}{1-a}=\frac{1-a}{a}$ and the second equality implies that $a=1$ , a contradiction. Likewise, we cannot have a solution from Case 6, as the second equality of $b=\frac{1+a}{1-a}=\frac{1}{-1+a}$ implies that $a=1$ , which is a contradiction. Now, let us assume that we have a solution from Case 5 then $b=\frac{1+a}{1-a}=\frac{-1+a}{1+a}$ , so $b=a$ and $a^{2}=-1$ . Notice that for $b=a$ with $a^{2}=-1$ , the equation in Case 7 reduces to $X^{2}=1$ , which always has two solutions $X=\pm 1$ . Thus if $b=a$ and $a^{2}=-1$ , then we have

\Delta(a,b)=\begin{cases}2~{}&~{}\mbox{if}~{}n~{}\mbox{is odd},\\ 4~{}&~{}\mbox{if}~{}n~{}\mbox{is even}.\end{cases}

(3)

We now assume that we have solutions from Case 3. We have already seen that we cannot have solutions from Case 1 and Case 2. It is easy to verify that if we have a solution from Case 5, the second equality of $b=\frac{1}{1+a}=\frac{-1+a}{1+a}$ implies that $a=-1$ , a contradiction. Similarly, if we have a solution from Case 6, then $b=\frac{1}{1+a}=\frac{1}{-1+a}$ and the second equality implies that $1=-1$ , which again is a contradiction. Now, let us assume that we have a solution from Case 4 then $b=\frac{1}{1+a}=\frac{1-a}{a}$ , so $b=a$ and $a^{2}=1-a$ . It is easy to observe that for $b=a$ and $a^{2}=1-a$ , the equation in Case 7 reduces to $X^{2}=-a$ . Thus, if $b=a$ and $a^{2}=1-a$ , then we have

\Delta(a,b)=\begin{cases}2~{}&~{}\mbox{if}~{}n~{}\mbox{is odd},\\ 2~{}&~{}\mbox{if}~{}n~{}\mbox{is even and}~{}\chi(-a)=-1,\\ 4~{}&~{}\mbox{if}~{}n~{}\mbox{is even and}~{}\chi(-a)=1.\end{cases}

(4)

We now assume that we have a solution from Case 4. We have already seen that in this case we cannot have solution from Case 1 and Case 2. We have also discussed the case when we have solutions from Case 4 and Case 3, simultaneously. One may note that if we have a solution from Case 5, then $b=\frac{1-a}{a}=\frac{-1+a}{1+a}$ and the second equality implies that $a=1$ , which is a contradiction. Similarly, we have solution from Case 6 as the second equality of $b=\frac{1-a}{a}=\frac{1}{-1+a}$ implies that $a=-1$ .
(5)

We now assume that we have a solution from Case 5. We have already shown that in this case we have solutions from Cases 1, 3 and 4. Also, we have already discussed the case when we have solutions from Case 5 and Case 2, simultaneously. One can easily verify that if we have solutions from Case 5 and Case 6 simultaneously, then $\frac{-1+a}{1+a}=\frac{1}{-1+a}$ , so $a=0$ , a contradiction.

This completes the proof. ∎

Constructing low differential uniform functions from known ones is a common theme in many works. In the same research vein, in the following result, we shall show that if we add a monomial term $uX^{2}$ to the inverse mapping then it still remains differentially $4$ -uniform. However by doing so, it is no longer a permutation. Later, we will construct new functions with low differential uniformity, which may remain permutations (and we provide examples of such).

Proposition 3.4.

Let $f(X)=X^{p^{n}-2}+uX^{2}$ , where $u\in\mathbb{F}_{p^{n}}^{*}$ , be a function from $\mathbb{F}_{p^{n}}$ to itself. Then the differential uniformity of $f$ is $\leq 4$ .

Proof.

We know that the differential uniformity of $f$ is given by the maximum number of solutions of the following equation

(3.5)

\left(X+\frac{a}{2}\right)^{p^{n}-2}-\left(X-\frac{a}{2}\right)^{p^{n}-2}+2auX% =b,

where $a,b\in\mathbb{F}_{p^{n}}$ and $a\neq 0$ . It is straightforward to see that if $\displaystyle X=\frac{a}{2}$ then $b=a^{-1}+a^{2}u$ and if $\displaystyle X=-\frac{a}{2}$ then $b=a^{-1}-ua^{2}$ . When $\displaystyle X\not\in\{-\frac{a}{2},\frac{a}{2}\}$ then Equation (3.5) reduces to

(3.6)

2auX^{3}-bX^{2}-\frac{a^{3}u}{2}X+\frac{ba^{2}}{4}-a=0,

which can have at most $3$ solutions in $\mathbb{F}_{p^{n}}$ . This completes the proof. ∎

Charpin-Kyureghyan [12, Proposition 3] showed that the differential uniformity of $G(X)=F(X)+\gamma{\rm Tr}(H(X))$ is upper bounded by twice the differential uniformity of $F$ , that is, $\Delta_{G}\leq 2\Delta_{F}$ , in even characteristic. In the following result, we shall show that a similar result holds for odd characteristic, as well, and in the particular case of switching the inverse function we obtain a stronger result.

Proposition 3.5.

Let $f,g$ be defined on $\mathbb{F}_{p^{n}}$ , and $g(X)=f(X)+\alpha{\rm Tr}(h(X))$ , where $\alpha\in\mathbb{F}_{p^{n}}$ and ${\rm Tr}:\mathbb{F}_{p^{n}}\rightarrow\mathbb{F}_{p}$ is the absolute trace function. Then the differential uniformity of $g$ , $\Delta_{g}\leq p\cdot\Delta_{f}$ . Further, if $f(X)=X^{p^{n}-2}$ , then $\Delta_{g}\leq 2(p+1)$ .

Proof.

We know that the differential uniformity of $g$ is given by the maximum number of solutions, for $a\neq 0,b\in\mathbb{F}_{p^{n}}$ , of the following equation,

(3.7)

\begin{split}g\left(X+a\right)-g\left(X\right)=f(X+a)-f(X)+\alpha{\rm Tr}\left% (h(X+a)-h(X)\right)&=b.\end{split}

Since ${\rm Tr}\left(h(X+a)-h(X)\right)=\epsilon\in\mathbb{F}_{p}$ , an argument similar as the one of [12] shows that

\displaystyle\Delta_{g}(a,b)\leq\sum_{i=0}^{p-1}\Delta_{f}(a,b-i\alpha),

from which we can infer that $\Delta_{g}\leq p\cdot\Delta_{f}$ .

If $f(X)=X^{p^{n}-2}$ then $f$ is APN, if $p^{n}\equiv 2\pmod{3}$ , has differential uniformity $3$ when $p=3$ , and $4$ in all other cases. Our argument below is only better for the inverse than the general one in the case when $f$ is not APN. We write the differential equation slightly differently, namely, $\displaystyle D_{g}(X,a):=g\left(X+\frac{a}{2}\right)-\left(X-\frac{a}{2}% \right)=b$ , more precisely,

(3.8)

\begin{split}\left(X+\frac{a}{2}\right)^{p^{n}-2}-\left(X-\frac{a}{2}\right)^{% p^{n}-2}+{\rm Tr}\left(h\left(x+\frac{a}{2}\right)-h\left(x-\frac{a}{2}\right)% \right)&=b,\text{ that is}\\ \left(X+\frac{a}{2}\right)^{p^{n}-2}-\left(X-\frac{a}{2}\right)^{p^{n}-2}+% \alpha{\rm Tr}\left(D_{h}(X,a)\right)&=b.\end{split}

We shall now consider two cases, namely, $\displaystyle X=\pm\frac{a}{2}$ and $\displaystyle X\not\in\left\{\frac{a}{2},-\frac{a}{2}\right\}$ . Notice that if $\displaystyle X=\pm\frac{a}{2}$ , then Equation (3.8) reduces to $a^{p^{n}-2}+\alpha{\rm Tr}\left(D_{h}\left(\pm\frac{a}{2},a\right)\right)=b.$ When $\displaystyle X\not\in\left\{\frac{a}{2},-\frac{a}{2}\right\}$ , then Equation (3.8) reduces to

(3.9)

\alpha\left(X^{2}-\frac{a^{2}}{4}\right){\rm Tr}\left(D_{h}\left(X,a\right)% \right)=b\left(X^{2}-\frac{a^{2}}{4}\right)+a,

that is,

{\rm Tr}\left(D_{h}\left(X,a\right)\right)=\frac{b}{\alpha}+\frac{a}{\alpha% \left(X^{2}-\frac{a^{2}}{4}\right)}\in\mathbb{F}_{p}.

Now, let $\displaystyle X^{2}-\frac{a^{2}}{4}:=Z^{-1}$ . Then using the properties of the trace function, observe that

\left(\frac{aZ+b}{\alpha}\right)^{p}-\left(\frac{aZ+b}{\alpha}\right)=0.

We conclude that $\displaystyle Z=\frac{\alpha\zeta-b}{a}$ , for any $\zeta\in\mathbb{F}_{p}$ . Surely, we cannot claim that the number of solutions for Equation (3.9) is precisely $p$ , since the above value for $Z$ , rendering $2p$ values of $X$ may not all satisfy the original differential equation (3.7) for $g$ . ∎

Remark 3.6.

In the above proposition, if $f$ is such that the derivative traces ${\rm Tr}\left(D_{f}\left(-\frac{a}{2},a\right)\right)\neq{\rm Tr}\left(D_{f}% \left(\frac{a}{2},a\right)\right)$ , then the bound of the differential uniformity of the switched inverse function becomes $2p+1$ .

While this is not a systematic computation, we can surely do a switching of the inverse function to obtain permutation polynomials that preserve the differential uniformity of the inverse. In particular, we can find permutation APN functions for some small dimensions, easily. We took functions $f$ of the form $f(X,d,s)=X^{p^{n}-2}+{\rm Tr}\left(g^{s}X^{d}\right)$ ( $g$ is a primitive element of the underlying finite field). We tabulate below some computational data for small primes and dimensions (we only list the permutation polynomials, where $d\leq p-1,s\leq p-1$ , which preserve the differential uniformity (DU) of the inverse function, surely, the case of $(d,s)=(0,0)$ ; we also removed the trivial cases of $d=0$ and $s>0$ ).

$(p,n)$	$(d,s)$	DU
$(3,2)$	$(0,0),(5,1),(7,1),(4,2),(5,2),(7,2)$	$3$
$(3,3)$	$(0,0),(13,0),(17,0),(23,0),(25,0),(13,1),(17,1),(23,1),(25,1)$	$3$
$(5,2)$	$(0,0),(19,0),(23,0),(6,3),(18,3),(19,3),(23,3),(19,4),(23,4)$	$4$
$(5,3)$	$(0,0),(99,0),(119,0),(123,0),(31,1),(62,1),(93,1),(99,1)$
	$(119,1),(123,1),(99,3),(119,3),(123,3),(99,4),(119,4),(123,4)$	$2$ (APN)
$(7,2)$	$(0,0),(41,0),(47,0),(41,1),(47,1),(41,2),(47,2),(8,4),(16,4),$
	$(24,4),(32,4),(40,4)(41,4),(47,4),(41,5),(47,5),(41,6),(47,6)$	$4$

4. Conclusions

In this paper we start by correcting some conditions on the $c$ -DU of the inverse function for $c\in\mathbb{F}_{q}\ \{0,1\}$ , and give two identities concerning the boomerang spectrum of a function. We next show that a necessary condition for a low boomerang uniformity of an odd function is for the $(-1)$ -differential uniformity to be low, as well. In fact, in the case of odd APN permutations, they are equal. We apply this result to find the boomerang spectrum of the inverse function and the boomerang uniformity of four other odd APN functions. Moreover, we find a new class of differentially $\leq 4$ -uniform permutations in characteristic $p\neq 13$ (respectively, differentially 5-uniform when $p=13$ ) that is CCZ-inequivalent to the inverse function. Finally, we provide an upper bound for the differential uniformity of a switched function, thus extending a result of Charpin and Kyureghyan [12] to odd characteristic.

Acknowledgements

The research of Mohit Pal is supported by the Research Council of Norway under Grant No. 314395. Pantelimon Stănică thanks the Selmer Center at the University of Bergen for the invitation to visit, and for the excellent working conditions while this paper was started.

Declarations

Conflict of interest The authors declare that they have no conflict of interest regarding the publication of this paper.

References

[1] N. Anbar, T. Kalayci, W. Meidl, C. Riera, P. Stănică, P $\wp$ N functions, complete mappings and quasigroup difference sets, J. Combin. Designs 31 (2023), 667–690.
[2] D. Bartoli, M. Timpanella, On a generalization of planar functions, J. Algebra Comb. 52 (2020), 187–213.
[3] C. Blondeau, A. Canteaut, P. Charpin, Differential properties of power functions, Int. J. Inf. Coding Theory 1(2) (2010), 149–170.
[4] C. Blondeau, A. Canteaut, P. Charpin, Differential properties of $x\mapsto x^{2^{t}-1}$ , IEEE Trans. Inf. Theory 57(12) (2011), 8127–8137.
[5] C. Boura, A. Canteaut, On the boomerang uniformity of cryptographic Sboxes, IACR Trans. Symmetric Cryptol. 2018(3) (2018), 290–310.
[6] L. Budaghyan, M. Calderini, I. Villa, On relations between CCZ- and EA-equivalences, Cryptogr. Commun. 12 (2020), 85–100.
[7] L. Budaghyan, C. Carlet, G. Leander, Constructing new APN functions from known ones, Finite Fields Appl. 15 (2009), 150–159.
[8] L. Budaghyan, C. Carlet, A. Pott, New classes of almost bent and almost perfect nonlinear polynomials, IEEE Trans. Inf. Theory, 52(3) (2006), 1141–1152.
[9] N. Borisov, M. Chew, R. Johnson, D. Wagner, Multiplicative differentials, In: J. Daemen, V. Rijmen (eds) Fast Software Encryption. FSE 2002, LNCS 2365, Springer, Berlin, Heidelberg, 2002.
[10] C. Carlet, P. Charpin, V. Zinoviev, Codes, bent functions and permutations suitable for DES-like cryptosystems, Des. Codes Cryptgr. 15 (1998), 125–156.
[11] R. C. R. Carranza, Construction of new differentially $\delta$ –uniform families, Ph.D. Dissertation, University of Puerto Rico, Rio Piedras, 2020; available at https://repositorio.upr.edu/bitstream/handle/11721/2378/UPRRP_MATE_ReyesCarranza_2020.pdf?sequence=1&isAllowed=y.
[12] P. Charpin, G. Kyureghyan, Monomial functions with linear structure and permutation polynomials, In: Finite Fields: Theory and Applications, Contemp. Math. 518, 3, (16) Amer. Math. Soc., 2010, pp. 99–111.
[13] C. Cid, T. Huang, T. Peyrin, Y. Sasaki, L. Song, Boomerang connectivity table: a new cryptanalysis tool, In: J. Nielsen, V. Rijmen (eds.) Adv. in Crypt.-EUROCRYPT 2018, LNCS 10821, pp. 683–714. Springer, Cham (2018).
[14] J. F. Dillon, APN polynomials: an update, International Conf. on Finite Fields and Applic. – Fq9, 2009.
[15] H. Dobbertin, D. Mills, E. N. Muller, A. Pott, W. Willems, APN functions in odd characteristic, Discr. Math. 267 (2003), 95–112.
[16] Y. Edel, A. Pott, A new almost perfect nonlinear function which is not quadratic, Adv. Math. Commun. 3(1) (2009), 59–81.
[17] P. Ellingsen, P. Felke, C. Riera, P. Stănică, A. Tkachenko, $C$ -differentials, multiplicative uniformity and (almost) perfect $c$ -nonlinearity, IEEE Trans. Inf. Theory 66(9) (2020), 5781–5789.
[18] T. Helleseth, C. Rong, D. Sandberg, New families of almost perfect nonlinear power functions, IEEE Trans. Inf. Theory 45 (1999), 475–485.
[19] J. Jeong, N. Koo, S. Kwon, Low $c$ -differential uniformity of the swapped inverse function in odd characteristic, Discret. Appl. Math. 336 (2023), 195–209.
[20] S. Jiang, K. Li, Y. Li, L. Qu, Differential and boomerang spectrums of some power permutations, Cryptogr. Commun. 14 (2022), 371–393.
[21] K. Li, L. Qu, B. Sun, C. Li, New results about the boomerang uniformity of permutation polynomials, IEEE Trans. Inform. Theory 65(11) (2019), 7542–7553.
[22] S. Mesnager, C. Riera, P. Stănică, H. Yan, Z. Zhou, Investigation on c-(almost) perfect nonlinear functions, IEEE Trans. Inf. Theory 67(10) (2021), 6916–6925.
[23] P. Stănică, Investigations on c-Boomerang Uniformity and Perfect Nonlinearity, Discrete Applied Mathematics 304 (2021), 297–314.
[24] X. Wang, D. Zheng, L. Hu, Several classes of P $c$ N power functions over finite fields, Discret. Appl. Math. 322 (2022), 171–182.
[25] D. Wagner, The boomerang attack, In: Knudsen, L.R. (ed.) Fast Software Encryption-FSE 1999. LNCS 1636, Springer, Berlin, Heidelberg, pp. 156–170 (1999).