A highly nonlinear differentially 4 uniform power mapping that permutes fields of even degree

Functions with low differential uniformity can be used as the s-boxes of symmetric cryptosystems as they have good resistance to differential attacks. The AES (Advanced Encryption Standard) uses a differentially 4 uniform function called the inverse function. Any function used in a symmetric cryptosystem should be a permutation. Also, it is required that the function is highly nonlinear so that it is resistant to Matsui's linear attack. In this article we demonstrate that the highly nonlinear permutation f(x) = x(22k+2k+1) on the field F-24k, discovered by Hans Dobbertin (1998) [1], has differential uniformity of four and hence, with respect to differential and linear cryptanalysis. is just as suitable for use in a symmetric cryptosystem as the inverse function. Its suitability with respect to other attacks remains to be seen. (C) 2010 Elsevier Inc. All rights reserved.