On two-to-one mappings over finite fields
Sihem Mesnager, Longjiang Qu

TL;DR
This paper systematically studies two-to-one mappings over finite fields, characterizing them via Walsh transforms, presenting various constructions, and exploring their applications in cryptography and related areas.
Contribution
It provides a comprehensive characterization, new constructions, and applications of two-to-one mappings over finite fields, advancing understanding in cryptographic function design.
Findings
Characterization of 2-to-1 mappings via Walsh transforms
New constructions including AGW-like criterion and polynomial forms
Applications to bent functions, semi-bent functions, and permutation polynomials
Abstract
Two-to-one (-to-) mappings over finite fields play an important role in symmetric cryptography. In particular they allow to design APN functions, bent functions and semi-bent functions. In this paper we provide a systematic study of two-to-one mappings that are defined over finite fields. We characterize such mappings by means of the Walsh transforms. We also present several constructions, including an AGW-like criterion, constructions with the form of , those from permutation polynomials, from linear translators and from APN functions. Then we present -to- polynomial mappings in classical classes of polynomials: linearized polynomials and monomials, low degree polynomials, Dickson polynomials and Muller-Cohen-Matthews polynomials, etc. Lastly, we show applications of -to- mappings over finite fields for constructions of bent Boolean and vectorialβ¦
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCoding theory and cryptography Β· Cryptographic Implementations and Security Β· graph theory and CDMA systems
On two-to-one mappings over finite fields
Sihem Mesnager, Longjiang Qu Department of Mathematics, University of Paris VIII, 93526 Saint-Denis, France, University of Paris XIII, CNRS, LAGA UMR 7539, Sorbonne Paris CitΓ©, 93430 Villetaneuse, France, and Telecom ParisTech 75013 Paris. Email: [email protected] author.
National University of Defense Technology, Department of Mathematics, Changsha, China. E-mail: [email protected]. The research of L.J. Qu is supported by the Nature Science Foundation of China (NSFC) under Grant 61722213, 11531002, 61572026, and the National Key R&D Program of China (No. 2017YFB0802000).
(March 12, 2024)
Abstract
Two-to-one (-to-) mappings over finite fields play an important role in symmetric cryptography. In particular they allow to design APN functions, bent functions and semi-bent functions. In this paper we provide a systematic study of two-to-one mappings that are defined over finite fields. We characterize such mappings by means of the Walsh transforms. We also present several constructions, including an AGW-like criterion, constructions with the form of , those from permutation polynomials, from linear translators and from APN functions. Then we present -to- polynomial mappings in classical classes of polynomials: linearized polynomials and monomials, low degree polynomials, Dickson polynomials and Muller-Cohen-Matthews polynomials, etc. Lastly, we show applications of -to- mappings over finite fields for constructions of bent Boolean and vectorial bent functions, semi-bent functions, planar functions and permutation polynomials. In all those respects, we shall review what is known and provide several new results.
**Keywords: **Two-to-one mappings, permutation polynomials, AGW criterion, linear translators, symmetric cryptography.
1 Introduction
Permutation mappings (or -to- mappings) over finite fields have been extensively studied for their applications in cryptography, coding theory, combinatorial design, etc. For recent advances on permutation polynomials over finite fields, we refer to the excellent survey [17] and the references therein. For a detailed study of involutions over finite fields (in characteristic 2), we send the reader to [9]. Two-to-one (-to-) mappings are involved in several criteria in particular to design special important primitives in symmetric cryptography such as APN functions, bent functions and more general plateaued functions. Despite their importance, they have never been studied in the literature. The objective of this paper is to provide a systematic study of two-to-one mappings over finite fields including characterizations, criteria and methods for handling and designing such functions as well as effective constructions.
The paper is organized as follows. Section 2 gives preliminaries and fixes the notation. In Section 3, we first present the definitions of -to- mappings over finite fields as well as basic properties, and then provide a characterization of -to- mappings by means of the Walsh transforms. Section 4 is devoted to the constructions of -to- mappings. We shall present several constructions. First, an AGW-like criterion for -to- mappings is given. Next, constructions of -to- polynomial mappings with the form of are provided. Furthermore, constructions of -to- mappings from permutation polynomials, from linear translators and from APN functions respectively are given. In Section 5 we present -to- polynomial mappings in classical classes of polynomials: linearized polynomials and monomials, low degree polynomials, Dickson polynomials and Muller-Cohen-Matthews polynomials, etc. In Section 6, we are interested in applications of -to- mappings over finite fields for constructions of bent Boolean and vectorial bent functions, semi-bent functions, planar functions and permutation polynomials. It should be noted that this section is not only an application of the obtained results, but also a motivation to study 2-to-1 mappings. In all those sections, we shall review what is known and provide several new results.
2 Notation and Preliminaries
For a set , will denote the cardinality of . For any field , . Let , and be respectively the set of all natural, real and complex numbers. Let be a prime number and be a positive integer. The finite field with elements is denoted by or , which can be viewed as an -dimensional vector space over , and it is denoted by . Denote by the algebraic closure of . The trace function is defined as
[TABLE]
which is called the absolute trace of . More general, the trace function is defined as
[TABLE]
A linearized polynomial (or additive polynomial), is a polynomial of the shape . A polynomial is called an affine polynomial if it equals to the summation of a linearized polynomial and a constant term.
Let be a function from to . We can give a corresponding complex-valued function from to defined as for all where is a complex primitive -th root of unity. The Walsh transform of is the Fourier transform from to of defined as for all , where denotes an inner product (for instance, the usual inner product) in . We can take if is identified with . Note that if then and a function from to is said to be a Boolean function.
3 Definitions and a characterization of -to- mappings over finite fields
3.1 Definitions of -to- mappings
Firstly, we give the definition of -to- mappings over any finite set.
Definition 1**.**
Let and be two finite sets, and let be a mapping from to . Then is called a -to- mapping if one of the following two cases hold:
is even, and for any , it has either or [math] preimages of ; 2. 2.
is odd, and for all but one , it has either or [math] preimages of , and the exception element has exactly one preimage.
Throughout this paper, we mainly focus on the mappings over finite fields. Let and be two finite fields of order and , respectively. Let be a mapping from to . Then according to the above definition, if , then is a -to- mapping if and only if the equation has either zero or two solutions in for any , or equivalently, for all . While for an odd prime , a mapping is -to- if and only if all but one elements in the image set of have two preimages and the exceptional element has one preimage, or equivalently, there exists a unique such that and , for all . Without loss of generality, we can assume that the exceptional element of is [math]. Moreover, if its unique preimage is also the zero element, then we have the following remark.
Remark 2**.**
Let with if and only if , where is odd. Then is a -to- mapping if and only if, has either zero or two solutions in for any .
In the end of this subsection, we calculate the number of all -to- mappings over . It seems to be a huge number.
Proposition 3**.**
Denote by the number of all -to- mappings . Then
[TABLE]
Proof.
Let be a -to- mapping over . Then the size of its image set is . For the first element of the image set, its preimage have choices, while for the second element, it has choices, so on and so forth, the last element has choices. Hence we have
[TABLE]
Then the result follows from the well-known String formula. β
It is well known that the number of all mappings (resp. bijective mappings) from to itself is (resp. ) . Denote the latter number by . Then we have
[TABLE]
We list the ratio of these two numbers for in the following table. The values are rounded to three significant figures.
[TABLE]
It seems from the above table that the number of all -to- mappings over is much greater than that of all bijective mappings over .
3.2 A characterization of -to- mappings over by means of the Walsh transforms
In this subsection we present a characterization of -to- mappings over by means of the Walsh transforms. The main idea goes back to Carlet [4] who has characterized the differential uniformity of vectorial functions by the Walsh transform. Let be a polynomial over . Recall that is -to- if and only if, for every in , the equation has 0 or 2 solutions. Let be a vectorial Boolean function. The Walsh transform of at equals by definition the Walsh transform of the so-called component function at , that is:
[TABLE]
Let be any polynomial over such that for and for every . Hence for any and , we have
[TABLE]
and is a two-to-one function if and only if this inequality is an equality for any . Furthermore, for any , we have
[TABLE]
and is -to- if and only if this inequality is an equality.
We shall now characterize this condition by means of the Walsh transform. We have:
[TABLE]
and therefore, for :
[TABLE]
Hence we have the following characterization of -to- mappings over by the Walsh transform.
Theorem 4**.**
Let be a vectorial Boolean function. Then
[TABLE]
and is -to- if and only if this inequality is an equality.
Now, let us consider the polynomial over equal to . It takes value 0 when equals 0 or 2 and takes strictly positive value when is in . We have then the following corollary.
Corollary 5**.**
Let be a vectorial Boolean function. Then
[TABLE]
and this inequality is an equality if and only if is -to-.
4 Constructions of -to- mappings
In this section, we present different methods to construct -to- mappings over finite fields.
4.1 AGW-like criterion for -to- mappings
The criterion, discovered by Akbary, Ghioca and Wang [1], is a simple and effective method that establishes the permutation property of a mapping through a commutative diagram. The significance of the AGW criterion resides in the fact that it not only provides a unified interpretation for many previous constructions of permutations polynomials but also facilitates numerous new discoveries. In this subsection we will generalize AGW criterion to construct -to- mappings over finite fields.
We give a brief description of this subsection for the readersβ convenience. First, the AGW criterion is generalized to construct -to- mappings over finite sets (Proposition 6). Second, three general constructions (Theorem 8, Theorem 9, and Proposition 10) are given by applying this generalized AGW criterion. Then several explicit -to- polynomials over finite fields are constructed from Proposition 10, and most of the constructions are divided into two cases.
Proposition 6**.**
Let be a finite set, be two finite sets such that . Let be four mappings defined as the following diagram such that . If is bijective from to , is -to- for any , and there is at most one such that is odd, then is a -to- mapping over .
[TABLE]
Proof.
Let . Assume that there exists an element in such that . Let . Then
[TABLE]
Since is bijective from to , there exists a unique element such that . Hence . If is even, then has exactly two solutions in (one is ) since is -to- for any . If is odd, then with one exception, has exactly two preimages of in . Further, since at most one of is odd for all , we know that is a -to- mapping over . β
Remark 7**.**
If is -to- from to , and is injective for any , then one can only deduce that for any , it has at most two preimages. Similarly, let and assume that there exists an element in such that . Let . Then
[TABLE]
Since is -to-, there exist exactly two elements in such that with at most one exception. Hence or . Then it follows from the assumptions that is -to- for any that there exist at most two elements in such that . It seems not easy to add a condition such that is a -to- mapping over . We leave this problem to interested readers.
By applying Proposition 6, we can give the following two general constructions.
Theorem 8**.**
Consider any polynomial , any additive polynomials , any -linear polynomial satisfying , and any polynomial such that . Let
[TABLE]
and
[TABLE]
If is bijective from to , is -to- for any , and there is at most one such that is odd, then is a -to- mapping over .
Proof.
We have
[TABLE]
the second equality holds since , is -linear and . Hence we get the following commutative diagram:
[TABLE]
Then the result follows directly from Proposition 6. β
Theorem 9**.**
Let be an even prime power, let be a positive integer, and let be -linear polynomials over seen as endomorphisms of the -module . Let be such that . Assume
[TABLE]
and
[TABLE]
For any , let . If , for any , where is a nonzero element of , and is a permutation over , then is -to- over .
[TABLE]
Proof.
We apply Proposition 6 with , , , and . Since , and and are -linear polynomials over , one can easily verified that . For any , is linearized. It is -to- over if and only if . Hence the result follows from Proposition 6. β
The above two constructions are quite general and can be used to construct more explicit -to- polynomials. Due to the space limit, we will only take the first one as an example and give several explicit constructions. The interested readers are cordially invited to apply the second one to construct more -to- polynomials.
The following proposition follows from Theorem 8, and is the foundation of later constructions in this subsection.
Proposition 10**.**
Let , and be two -linear polynomials over seen as endomorphisms of the -module , and let such that If for some , and permutes , then
[TABLE]
is -to- over .
Proof.
In Theorem 8, let , then since both and are -linear polynomials over . Further, is -to- for any since . The result then follows from Theorem 8. β
By applying Proposition 10, we have the following theorem.
Theorem 11**.**
Let , , and let . Let and be -linear polynomials over . Let be such that . Let
[TABLE]
and
[TABLE]
If for some , and permutes , then is -to- over .
**Proof. ** In Proposition 10, we let , , and . For any , since and is a -linear polynomial, we obtain
[TABLE]
and thus
[TABLE]
as in Proposition 10.
Next we study in detail some of the consequences of Proposition 10 (or alternatively of Theorem 8 when ) for two specific choices of -linear polynomials. First we consider the case and next we study the case .
Case 1.
The first result in this case follows directly from Proposition 10.
Proposition 12**.**
Let , be a -linear polynomial over seen as an endomorphism of the -module and be the trace function from to . Let be such that Assume
[TABLE]
and
[TABLE]
If for some , and permutes , then is -to- over .
By applying Proposition 12, we get the following construction.
Theorem 13**.**
Let , be a -linear polynomial over , let , and let such that . Assume . If for some , and permutes , then is -to- over .
**Case 2. **
Similarly, we have the following two results.
Proposition 14**.**
Let , be a -linear polynomials over seen as an endomorphism of the -module . Let be such that for all . Assume
[TABLE]
and
[TABLE]
If is -to- over and permutes over , then is -to- over .
Proof.
In Theorem 8, let . For any , is -to- if and only if is -to- over since . Hence the result follows. β
Theorem 15**.**
Let , be a -linear polynomials over seen as an endomorphism of the -module . Let be such that for all . Assume
[TABLE]
and
[TABLE]
If is -to- over and permutes over , then both and are -to- over .
Proof.
We only prove for as the other case can be proved similarly. In Proposition 14, let . Then
[TABLE]
since . Hence the result follows. β
4.2 -to- polynomial mappings with the form of
In this subsection, we construct two-to-one polynomial mappings with the form of . We need to be even. Hence it is assumed that is odd throughout this subsection.
Proposition 16**.**
*Let be an odd prime power, be positive integers such that . Let , where such that if , and let and . Let . If is -to- from to and , then is a -to- mapping over . *
[TABLE]
Proof.
Since , we know that is -to- for any . Then the result follows directly from the fact that and Proposition 6. β
Then we have the following result.
Corollary 17**.**
Suppose that there exists such that for all . If and , then is -to- over .
Theorem 18**.**
Suppose that , where and , has no roots in , and . Then is -to- over .
Proof.
For any , we have
[TABLE]
Hence it is the case in Corollary 17. Then the result follows. β
4.3 Constructions of -to- mapping from permutation polynomials
Proposition 19**.**
Let be a permutation polynomial, and let be a disjoint decomposition of , where . Define be a bijective mapping from to . Let
[TABLE]
Then is a -to- mapping over .
Conversely, any -to- mapping can be constructed by this method.
The following corollary follows directly from the above proposition.
Corollary 20**.**
Let be a permutation polynomial, and let be a -linear subspace of with dimension , . Define
[TABLE]
and
[TABLE]
Then both and are -to- mappings over .
In the above corollary, let , we have
Proposition 21**.**
Let be a permutation polynomial, and let such that . Define
[TABLE]
and
[TABLE]
Then both and are -to- mappings over .
New -to- mappings can also be constructed from the composition of permutation polynomials and known -to- mappings.
Proposition 22**.**
Let be a permutation polynomial, and let be a -to- mapping. Then both and are -to- mappings over .
Hence one can use any -to- polynomial and any permutation polynomial to produce new -to- polynomials. It should be noted that in the above proposition we can composize many permutation polynomials with one -to- mapping with any order. Particularly, we have the following corollary.
Corollary 23**.**
Let be a permutation polynomial, and let be a linearized polynomial with . Then both and are -to- mappings over .
4.4 Constructions of -to- mappings from linear translators
We recall the definitions of linear translator and linear structure.
Definition 24**.**
Let , . Let be a function from to , and be fixed in . Then is a -linear translator of if for all and . In particular, if then is usually called a -linear structure of the function (where ), that is for all .
Proposition 25**.**
[7]** Let be a polynomial in , be a permutation on and be a -linear structure of . Then is a -to- mapping over .
The following result can be derived from [19]. For making the paper self-contained, we include its proof.
Proposition 26**.**
Let be two distinct elements in , and let be two Boolean functions defined over . The mapping is -to- on if one of the following conditions holds:
, are -linear structures of and is a [math]-linear structure of , 2. 2.
* is a -linear structure of and , are [math]-linear structures of ,* 3. 3.
, are [math]-linear structures of and is a -linear structure of , 4. 4.
* is a [math]-linear structure of and , are -linear structures of ,* 5. 5.
* is a [math]-linear structure of , is a -linear structure of and is a -linear structure of ,* 6. 6.
* is a -linear structure of , is a [math]-linear structure of and is a -linear structure of .*
Proof.
We give the proof for Case 1 only since the proofs for other cases are similar. Now, we need to show that is -to-. Let for some . Then, . As is a -linear structure of and [math]-linear structure of , we have and . Moreover, where we use that is a -linear structure of . We observe that . Indeed, if the equality holds, then \gamma+\delta+\delta\big{(}g(a)+g(a+\delta)\big{)}=0. This is a contradiction as and . This implies that or which shows that is -to-. β
Proposition 27**.**
Let be a -linear permutation of . Let be a Boolean function over and be a non-zero -linear structure of .Then is -to- on .
Proof.
For any , let . Then we have
[TABLE]
or
[TABLE]
It follows from Eq. (5) and is a linear permutation that . Then since is a non-zero -linear structure of . Hence has either zero or two solutions in , which completes the proof. β
4.5 APN functions
Almost perfect nonlinear (APN) functions are important research objects in cryptography and coding theory. Let us recall their definition.
Definition 28**.**
Let be a mapping from to itself ( a positive integer). The function is said to be APN if
[TABLE]
It is clear that a function over is APN if and only if is -to- over for every . Hence one can construct a big family of -to- mappings from an APN function. For the known list of APN functions over , please refer to [27][31] and the references therein. From these APN functions, we can construct plenties of -to- mappings over .
Conversely, two-to-one mappings over finite fields in characteristic can also allow to construct APN functions as follows: let be a mapping such that is -to- over for every . Then is an APN function.
5 -to- polynomial mappings in classical classes of polynomials
5.1 Linearized polynomials and Monomials
Firstly, we have the following general proposition characterizing -to- linear mappings over finite fields in even characteristic.
Proposition 29**.**
Let be an -linear mapping from to . Then is a -to- mapping if and only if .
We have to mention that the simplest example of -to- mapping is the trace function from to .
On the other hand, there are other explicit constructions of -to- mapping.
Proposition 30**.**
[7, Theorem9]** Let be an odd prime number satisfying one of the two following conditions (where denotes the order of 2 modulo , that is the smallest positive integer such that divides )
- β’
;
- β’
, odd and .
Let I be a nonempty set of integers in the range [1, ]. Then, for any such I the mapping is -to- with kernel .
Proposition 31**.**
Let be the mapping from to given by where and . Let . If and , then is -to-.
Proof.
We have , where
[TABLE]
is a linearized polynomial. Then it suffices to prove that has exactly two zeros in if and . Clearly, if , then reduces to . Now we assume that . Then
[TABLE]
Adding the above two equations leads to
[TABLE]
Hence , which further leads to since . Let . Then . Plugging it into , we get , which means . Thus has exactly two zeros and in . β
Now we recall the following trivial characterization of -to- monomial mapping over .
Proposition 32**.**
Let be a monomial polynomial over , where . Then is -to- over if and only if .
Then we recall a result which is closely related to the monomial mapping. In 1998 Maschietti discovered a class of cyclic difference sets with Singer parameters which was called the hyperoval sets [25]. Let be odd. Maschietti showed that
[TABLE]
is a difference set if and only if is a permutation on and the mapping is two-to-one. The following yields difference sets, hence they also yields -to- mappings.
Proposition 33**.**
Let be odd. Then is -to- over if one of the following case holds.
* (the Singer case);* 2. 2.
* (the Segre case);* 3. 3.
* with and (the Glynn I case);* 4. 4.
* with (the Glynn II case).*
5.2 Low degree polynomials
Let , where . In this subsection, we consider -to- mappings of degree over . It is clear that is a -to- mapping over if and only if so is , where with . Hence, W.L.O.G, we consider with normalized form, i.e., is monic (), (), and when , the coefficient of is [math] ().
(A) .
When , can not be a -to- mapping.
When , let , where . If , then is a -to- mapping if and only if . If , then is always a -to- mapping.
When , consider , where . Let . Since is a cubic polynomial, has generally either [math] or or solutions in . And has two solutions in if and only if one of its solutions has multiplicity , while this case only occurs for at most two values of when and are fixed. Hence can not be -to- if . It is shown by an exhaustive search that there exists ten -to- polynomials with such form over : , , , and , .
(B) .
We divide the discussion into three cases according to the characteristic of the field. In more details, for the cases of , and . The following lemma will be needed.
Lemma 34**.**
[2]**[29]** Let , where and . Then the cubic equation has a unique solution in if and only if one of the following holds
* and ;* 2. 2.
, or is a non-square in ; 3. 3.
, is a non-square in .
(B.1) .
Theorem 35**.**
Let and . Then is -to- if and only if one of the following holds:
, ; 2. 2.
* and ;* 3. 3.
* is odd, and .*
Proof.
First assume that . Then is linearized. Hence is -to- if and only if has exactly two solutions, which means that has exactly one solution in .
If , then , or . Hence, .
If , then according to Lemma 34, we know that has exactly one solution in if and only if .
Now assume that . Then is -to- if and only if for any , we have
[TABLE]
has exactly two solutions and , or equivalently,
[TABLE]
has exactly one solution in for any .
If , i.e., , then Eq. (7) reduces to
[TABLE]
Since Eq. (8) has exactly one solution in , we have . Then with , we know that Plugging it into Eq. (7), and letting , we get
[TABLE]
where and
If , i.e., , then or . When , Eq. (7) has exactly one nonzero solution . When , we have . Therefore, is the unique solution of Eq. (9). Moreover, Eq. (7) also has exactly one solution .
Now we assume that . According to Lemma 34, it suffices to prove
[TABLE]
Claim 1: , where , and .
We have
[TABLE]
where
[TABLE]
and
[TABLE]
Let . Then Thus,
[TABLE]
From Claim 1, we know that if and only if is odd. The proof is completed. β
(B.2) .
Theorem 36**.**
Let , where . Then is -to- over if and only if and is odd.
Before proving this theorem, we give two lemmas.
Lemma 37**.**
*([26, Theorem 6.2.2])
Let be a polynomial of degree and a non-trivial multiplicative character of order (extended by zero to ). If is not an -th power in , then*
[TABLE]
Lemma 38**.**
Let , where . Then is a square in if and only if
Proof.
Let , where . Hence, , it follows that . On the other hand, . Therefore, if , then , which is impossible. Thus and . Then it follows that , and . We are done. β
Proof of Theorem 36. Assume that is -to-. If , then is -to- over if and only if , or equivalently, if and only if is odd.
Now we assume that .
Since is -to-, then for all but one in ,
[TABLE]
has exactly two solutions or , which means
[TABLE]
has exactly a unique solution in for all but one in . For convenience, we denote by this exceptional element.
Now let and . Let , and let
[TABLE]
where It is clear that has exactly one solution in if and only if has exactly one solution. Since is affine over , it has exactly one solution in if and only if or if . Therefore, when , Furthermore,
[TABLE]
Let . Then the above discussion leads to
[TABLE]
On the other hand, according to Lemmas 37 and 38, we have is not a square and
[TABLE]
Thus, , where . Hence we have . An exhaustive search over and found that there is no -to- function with the form of , where . The proof is completed.
**(B.3) . **
Theorem 39**.**
Let , where and . Then is -to- if and only if one of the following holds:
, , i.e., ; 2. 2.
, , or or ; 3. 3.
, .
Proof.
Assume that is -to-. If , then is -to- over if and only if , or equivalently, if and only if .
Now we assume that . Then for all but one , has exactly two solutions in , i.e.,
[TABLE]
has exactly one solution in for all but one .
Let . Plugging it into Eq. (11), we get
[TABLE]
where
[TABLE]
and
[TABLE]
Since Eq. (12) has exactly one solution in for all but one , is a nonsquare. In addition, after computing, we obtain
[TABLE]
where Assume , where . Then , , i.e., . Moreover,
[TABLE]
After matching the coefficients of the above equation, we know that and . Hence, is not a square since
Similarly, on one hand, since is a non-square for all but at most one such that , we have
[TABLE]
On the other hand, since is not a square, it follows from Lemma 37 that
[TABLE]
Thus . An exhaustive search finishs the proof. β
5.3 Dickson polynomials
The Dickson polynomials have been extensively investigated in recent years under different contexts.
Definition 40**.**
The Dickson polynomial of the first kind of degree in indeterminate and with parameter is defined by Waringβs formula
[TABLE]
Proposition 41**.**
[15]** Let be the Dickson polynomial of the first kind. Then is -to- over if and only if .
Remark 42**.**
The previous proposition can only provide -to- mappings if is odd.
In 2009 Hou et al. considered a different perspective of the Dickson polynomial [18]. They fixed , and studied the polynomial , which they called reversed Dickson polynomial. The following result characterizes the reversed Dickson polynomial which are permutation in even characteristic in terms of -to- mappings.
Proposition 43**.**
[18, Proposition 4.2]** is permutation polynomials over if and only if the function is a -to- mapping on where .
5.4 Muller-Cohen-Matthews polynomials
Definition 44**.**
Let where is a positive integer. Let . Then (where ) is the so-called Muller-Cohen-Matthews polynomial in .
For every odd , all are exceptional polynomials which induce a permutation on when is relatively prime to . We shall apply Muller-Cohen-Matthews polynomials for the choice and . Then we have:
Proposition 45**.**
[16]** Suppose that and is even. Then is a -to- mapping on .
5.5 Other Polynomials
We recall results on construction of -to- mappings related with the trace functions.
Proposition 46**.**
[8]** Let , and , be such that . If , then defined by is -to-.
Proposition 47**.**
[8]** Let such that . Then the mapping is -to- over , where and are two positive integers.
6 Applications of -to- mappings over finite fields
6.1 Bent functions
Bent functions introduced in 1974 ([14],[28]) are extremal objects in combinatorics and Boolean function theory. They are maximally nonlinear Boolean functions. Recall that the nonlinearity of a Boolean function , denoted by , is defined as the minimum Hamming distance between and all affine functions (that is, of degree at most ). It can be expressed by means of the Walsh transform as follows:
[TABLE]
Because of the well-known Parsevalβs relation , is upper bounded by . This bound is tight for even.
Definition 48**.**
Let be an even integer. A Boolean function on is said to be bent if the upper bound on its nonlinearity is achieved with equality.
Bent functions on exist then only when is even. We have the following main characterization of the bentness for Boolean functions in terms of the Walsh transform.
Proposition 49**.**
Let be an even integer. A Boolean function is bent if and only if its Walsh transform satisfies for all .
A recent survey on bent functions can be found in [6]. A book devoted especially to bent functions and containing a complete survey on bent functions (including its variations and generalizations) is [24].
One of the important classes of bent functions is the so-called class whose elements are defined in bivariate representation over by
[TABLE]
where and .
Two-to-one mappings over finite fields in characteristic allow to construct bent Boolean functions in bivariate representation from the class as follows:
Proposition 50**.**
([5]) Let be a function defined on by (14). Then is bent if and only if
[TABLE]
[TABLE]
The following result shows that one can construct vectorial bent functions from certain two-to-one mappings.
Theorem 51**.**
Let and be two positive integers such that . Assume that is 2-to-1 on , where . Then the vectorial function defined from to by is bent.
Proof.
Recall that is bent if and only if all its components (Boolean) functions () are bent on . Let us compute the Walsh transform of at each element .
We have:
[TABLE]
where denotes if and [math] if .
Set , that is, . Therefore,
[TABLE]
Now, if then the equation has [math] or solutions in since the mapping is 2-to-1 on . Thus, .
If then the equation has only one solution in since . Hence, . This completes the proof. β
6.2 Semi-bent functions
Semi-bent functions (or -plateaued functions) on exist only when is even. Semi-bent functions are defined as follows.
Definition 52**.**
Let be an even integer. A Boolean function on is said to be semi-bent if its Walsh transform satisfies for all .
Recall that the Maiorana-McFarlandβs constructions are the best known primary constructions of bent functions ([23, 14]). The Maiorana-McFarland class is the set of all the Boolean functions on of the form : where is any permutation onΒ and is any Boolean function onΒ . Any such function is bent (the bijectivity ofΒ is a necessary and sufficient condition for being bent). By computing the Walsh transform, we see that is semi-bent on if is a 2-to-1 mapping from to . Therefore two-to-one mappings over finite fields in characteristic allow to construct semi-bent Boolean functions in bivariate representation from the Maiorana-McFarland class as follows:
Theorem 53**.**
Let be a mapping from to and be a Boolean function onΒ . Let be a Boolean function defined over by . If is -to- on , then is semi-bent.
Proof.
For every , we have:
[TABLE]
Since the mapping is 2-to-1 for every , we have , which completes the proof. β
The following statement illustrates an example of constructions of semi-bent functions via -to- mappings in the line of the Maiorana-McFarlandβs method.
Proposition 54**.**
Let be a positive integer. Set . Let be any Boolean function over . Define over a Boolean function by , . Then is semi-bent.
Proof.
The construction comes from Theorem 53 and the fact that the mapping is 2-to-1. ([12]). β
Note that given an APN function, one can derive a construction of semi-bent function in the sprit of Maiorana-McFarlandβs method.
6.3 Planar functions
Let where is prime and is a positive integer. A planar function is a function such that, for every , the function is a bijection on . Planar functions can be used to construct finite projective planes, and they have been studied by finite geometers since 1968.
The following result highlights the importance of -to- mappings for the constructions of planar functions of minimal size of their image set. .
Theorem 55**.**
[22]** Let be a mapping and be its image set. Assume that is planar (which implies ). Then is -to- if and only if .
A class of polynomials was described by Dembowski and Ostrom in [13]: the so-called Dembowski-Ostrom polynomials. For those polynomials, the property of being planar is equivalent to the property of being -to-. We first recall their definition.
Definition 56**.**
The polynomial is called a Dembowski-Ostrom polynomial if has the shape .
Proposition 57**.**
[10]** Let be given by a Dembowski-Ostrom polynomial. Then is planar if and only if is -to-.
6.4 Permutation polynomials
Permutation polynomials can also be constructed from -to- mappings.
Proposition 58**.**
Let be a two-to-one mapping. Denote by the image set of . Let be a bijection, and be a disjoint decomposition of such that . Define
[TABLE]
Then is a permutation polynomial over .
7 Concluding remarks
Many results presented in the literature highlight the importance of two-to-one mappings for designing cryptographic functions. Despite their importance, they have never been studied in detail in a general framework. Because of the gap between the interest of the notion of two-to-one mappings and the knowledge we have on it, our motivation was to bring a systematic study on those mappings by providing several results including new tools, constructions and applications. From our criteria, we expected new constructions of cryptographic functions from two-to-one mappings.
At last, we would like to note that most of the results of this paper can be easily generalized to -to- mappings. -to- mappings may also be useful in design theory, error-correcting codes, cryptography and others. We leave this generalization and the adventure to -to- polynomials to interested readers.
Acknowledgement. The authors deeply thank the Assoc. Edit. Prof. Xiaohu Tang and the anonymous reviewers for their valuable comments and suggestions which have highly improved the manuscript.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] A. Akbary, D. Ghioca and Q. Wang.: On constructing permutations of finite fields. Finite Fields and Their Applications 17, pages 51β67, 2011.
- 2[2] E.R. Berlekamp, H. Rumsey, and G. Solomon. On the solution of algebraic equations over finite fields. Information And Control. 10(67): 553-564, 1967.
- 3[3] C. Carlet.: Boolean Functions for Cryptography and Error Correcting Codes. In Chapter of the monography βBoolean Models and Methods in Mathematics, Computer Science, and Engineering" published by Cambridge University Press, Yves Crama and Peter L. Hammer (eds.), pages 257β397, 2010.
- 4[4] C. Carlet.: Characterizations of the differential uniformity of vectorial functions by the Walsh transform. IEEE Transactions on Information Theory 64(9), pages 6443β6453, 2018.
- 5[5] C. Carlet and S. Mesnager.: On Dillonβs class H of bent functions, Niho bent functions and o-polynomials. J. Comb. Theory, Ser. A 118(8), pages 2392β2410, 2011.
- 6[6] C. Carlet and S. Mesnager.: Four decades of research on bent functions. Journal Designs, Codes and Cryptography, 78(1), pages 5β50, 2016.
- 7[7] P. Charpin and G. Kyureghyan.: When does G β ( x ) + Ξ³ β T β r β ( H β ( x ) ) πΊ π₯ πΎ π π π» π₯ G(x)+\gamma Tr(H(x)) permute π½ p n subscript π½ superscript π π {\mathbb{F}}_{p^{n}} ? Finite Fields and Their Applications 15(5), pages 615β632, 2009.
- 8[8] P. Charpin and G. M. Kyureghyan.: Monomial functions with linear structure and permutation polynomials In Finite Fields: Theory and Applications - Fq 9 - Contemporary Mathematics, AMS, number 518, pages. 99-111, 2010.
