Constructing more quadratic APN functions with the QAM method

Abstract

If used as S-boxes, APN functions provide optimal resilience against differential attacks. However, the very existence of APN permutations operating on an even number n of bits (with n ≥ 8) has been an open problem for nearly 30 years. A possible method to solve this problem consists in generating APN functions, and then exploring the CCZ-equivalence classes of these functions looking for a permutation. Following this goal, we found 5412 new quadratic APN functions on \(\mathbb {F}_{2^{8}}\) using an approach based on so-called Quadratic APN Matrices (QAM). This brings the number of known CCZ-inequivalent APN functions on \(\mathbb {F}_{2^{8}}\) to 26525. Unfortunately, none of these new functions are CCZ-equivalent to permutations. A complete list (to the best of our knowledge) of known quadratic APN functions, including our new ones, has been added to sboxU for ease of study by others. In this paper, we recall how to construct new QAMs from a known one. Based on these results and on others on smaller fields, we make two conjectures: that the total number of CCZ-inequivalent quadratic APN functions on \(\mathbb {F}_{2^{8}}\) exceeds 50000, and that the full list of quadratic APN functions could be obtained by modifying only a small number of entries of the QAM, though such a search remains computationally infeasible at this stage. Finally, we propose a new model which can handle the last two columns together and avoid some redundant computation.