Recovering or Testing Extended-Affine Equivalence

TL;DR

This paper introduces a new efficient algorithm for recovering extended-affine equivalence for quadratic functions, significantly improving over previous methods, and proposes a novel invariant for classifying quadratic APN functions.

Contribution

The paper presents a novel algorithm for EA-recovery of quadratic functions using Jacobian matrices and introduces the ortho-derivative invariant for EA-partitioning of quadratic APN functions.

Findings

The new algorithm outperforms all previous methods in efficiency.

The ortho-derivative invariant effectively distinguishes quadratic APN functions.

The approach is practical for large datasets of quadratic APN functions.

Abstract

Extended Affine (EA) equivalence is the equivalence relation between two vectorial Boolean functions $F$ and $G$ such that there exist two affine permutations $A$, $B$, and an affine function $C$ satisfying $G = A \circ F \circ B + C$. While the problem has a simple formulation, it is very difficult in practice to test whether two functions are EA-equivalent. This problem has two variants: {\em EA-partitioning} deals with partitioning a set of functions into disjoint EA-equivalence classes, and \emph{EA-recovery} is about recovering the tuple $(A,B,C)$ if it exists. In this paper, we present a new algorithm that efficiently solves the EA-recovery problem for quadratic functions. Although its worst-case complexity occurs when dealing with APN functions, it supersedes, in terms of performance, all previously known algorithms for solving this problem for all quadratic functions and in any dimension, even in the case of APN functions. This approach is based on the Jacobian matrix of the functions, a tool whose study in this context can be of independent interest. The best approach for EA-partitioning in practice mainly relies on class invariants. We provide an overview of the known invariants along with a new one based on the \emph{ortho-derivative}. This new invariant is applicable to quadratic APN functions, a specific type of functions that is of great interest, and of which tens of thousands need to be sorted into distinct EA-classes. Our ortho-derivative-based invariant is very fast to compute, and it practically always distinguishes between EA-inequivalent quadratic APN functions.