Involutory differentially 4-uniform permutations from known constructions

Substitution boxes (S-boxes) are important components of block ciphers that can cause confusion in cryptosystems. The functions used as S-boxes should have low differential uniformity, high nonlinearity and high algebraic degree. When k>3, due to the lack of knowledge about the existence of almost perfect nonlinear permutations over F22k, which can offer optimal resistance to the differential cryptanalysis, S-boxes are often constructed from differentially 4-uniform permutations. To date, many infinite families of such functions have been constructed. In addition, the lower hardware implementation cost of S-boxes is an important criterion in the design of block ciphers. If the S-box is an involution, which means that the permutation is its own compositional inverse, then the implementation cost for its inverse can be saved. The same hardware circuit can thus be used for both encryption and decryption, which is an advantage in hardware implementation. In this paper, we investigate all of the differentially 4-uniform permutations that are known in the literature and determine whether they can be involutory. We find that some involutory differentially 4-uniform permutations with high nonlinearity and algebraic degree can be given from these known constructions. We also give some partial results and computer experiments to consider the problem of whether a permutation can be affine equivalent to an involution or it will become an involution upon adding an affine function. Some new families of differentially 4-uniform involutions constructed by composing the inverse function and cycles with length 3 are also given. This family of constructions has a high nonlinearity and a maximum algebraic degree.