On CCZ-equivalence of the inverse function
share
The inverse function x ↦ x^-1 on 𝔽_2^n is one of the most studied functions in cryptography due to its widespread use as an S-box in block ciphers like AES. In this paper, we show that, if n≥ 5, every function that is CCZ-equivalent to the inverse function is already EA-equivalent to it. This confirms a conjecture by Budaghyan, Calderini and Villa. We also prove that every permutation that is CCZ-equivalent to the inverse function is already affine equivalent to it. The majority of the paper is devoted to proving that there are no permutation polynomials of the form L_1(x^-1)+L_2(x) over 𝔽_2^n if n≥ 5, where L_1,L_2 are nonzero linear functions. In the proof, we combine Kloosterman sums, quadratic forms and tools from additive combinatorics.
READ FULL TEXT