New Construction of Differentially 4-Uniform Bijections

Block ciphers use Substitution boxes (S-boxes) to create confusion into the cryptosystems. For resisting the known attacks on these cryptosystems, the following criteria for functions are mandatory: low differential uniformity, high nonlinearity and not low algebraic degree. Bijectivity is also necessary if the cipher is a Substitution-Permutation Network, and balancedness makes a Feistel cipher lighter. It is well-known that almost perfect nonlinear (APN) functions have the lowest differential uniformity 2 (the values of differential uniformity being always even) and the existence of APN bijections over F(2)n for even n >= 8 is a big open problem. In real practical applications, differentially 4-uniform bijections can be used as S-boxes when the dimension is even. For example, the AES uses a differentially 4-uniform bijection over F(2)8. In this paper, we first propose a method for constructing a large family of differentially 4-uniform bijections in even dimensions. This method can generate at least (2n(-3) - [2((n-1)/2-1)] -1).2(2n-1) such bijections having maximum algebraic degree n-1. Furthermore, we exhibit a subclass of functions having high nonlinearity and being CCZ-inequivalent to all known differentially 4-uniform power bijections and to quadratic functions.