Constructing new APN functions through relative trace functions
11 Constructing new APN functions throughrelative trace functions
Lijing Zheng, Haibin Kan, Yanjun Li, Jie Peng, Deng Tang
Abstract:
In 2020, Budaghyan, Helleseth and Kaleyski [IEEE TIT 66(11): 7081-7087, 2020] considered aninfinite family of quadrinomials over F n of the form x + a ( x s + ) k + bx · m + c ( x s + m + m ) k , where n = m with m odd. They proved that such kind of quadrinomials can provide new almost perfect nonlinear (APN)functions when gcd(3 , m ) = k =
0, and ( s , a , b , c ) = ( m − , ω, ω ,
1) or (( m − − mod n , ω, ω ,
1) in which ω ∈ F \ F . By taking a = ω and b = c = ω , we observe that such kind of quadrinomials can be rewritten as a Tr nm ( bx ) + a q Tr nm ( cx s + ), where q = m and Tr nm ( x ) = x + x m for n = m . Inspired by the quadrinomials andour observation, in this paper we study a class of functions with the form f ( x ) = a Tr nm ( F ( x )) + a q Tr nm ( G ( x ))and determine the APN-ness of this new kind of functions, where a ∈ F n such that a + a q (cid:44)
0, and both F and G are quadratic functions over F n . We first obtain a characterization of the conditions for f ( x ) suchthat f ( x ) is an APN function. With the help of this characterization, we obtain an infinite family of APNfunctions for n = m with m being an odd positive integer: f ( x ) = a Tr nm ( bx ) + a q Tr nm ( b x ), where a ∈ F n such that a + a q (cid:44) b is a non-cube in F n . We verify that the aforementioned APN quadrinomials areCCZ-inequivalent to any other known APN functions over F . We also obtain two infinite families of APNfunctions: a Tr nm ( bx ) + a q Tr nm ( g x + ex q + ), where b , g, e satisfy: i ) b not a cube, g = e = b q − ; or ii ) b not a cube, and g = e = b . We can also find (at least) two new sporadic instances of APN functions over F up to CCZ-equivalence. Keywords:
APN functions; relative trace functions; quadratic functions; CCZ-equivalence1. I ntroduction
Throughout this paper, we often identify the finite field F n with F n which is the n -dimensional vectorspace over F . Any function F : F n → F m is called an ( n , m ) -function or vectorial Boolean functions if the L. Zheng is with the School of Mathematics and Physics, University of South China, Hengyang, Hunan, 421001, China, (E-mail: [email protected]).H. Kan is with the School of Computer Sciences, Fudan University, Shanghai, 200433, China, (E-mail: [email protected]).Y. Li is with the Mathematics and Science College of Shanghai Normal University, Shanghai, 200234, China, ([email protected]).J. Peng is with the Mathematics and Science College of Shanghai Normal University, Shanghai, 200234, China,([email protected]).D. Tang is with the School of Electronic Information and Electrical Engineering, Shanghai Jiao Tong University, Shanghai,200240, China, ([email protected]). a r X i v : . [ c s . I T ] J a n alues n and m are omitted. Vectorial Boolean functions are of critical importance in the field of symmetriccryptography, and the security of encryption algorithms heavily depends on the cryptographic properties ofthe vectorial Boolean functions. Researchers have proposed various properties to measure the resistance of avectorial Boolean function to di ff erent kinds of cryptanalysis, including di ff erential uniformity, nonlinearity,boomerang uniformity, algebraic degree, and so on. The lower the di ff erential uniformity of a vectorialBoolean function, the better its security against di ff erential cryptanalysis. In this paper, we mainly focuson the ( n , n )-functions. The di ff erential uniformity of any such functions is at least 2, and the functionsachieving this bound are called almost perfect nonlinear (APN).It is di ffi cult to find new infinite families of APN functions up to CCZ-equivalence. Up to now, only 6infinite families of APN monomials and 14 infinite families of APN polynomials are known, since the early90’s. On the other hand, in contrast to these facts, there are a lot of APN functions even over “small” field:for example, thousands of CCZ-inequivalent APN functions have been found over F [25]. Constructingnew instances of infinite families is an area of deep heading research. We present Tables I and II includingall currently known infinite families of APN functions. To Table II, we add the new function found withTheorem 3.3 in Section 3 below. We refer the readers to a recent nice work of Budaghyan et al. for moredetails on the classification of the known families of APN functions [7]. TABLE IK nown infinite families of
APN power functions over F n Family Exponent Conditions Algebraic degree SourceGold 2 i + i , n ) = i − i + i , n ) = i + t + n = t + t + t / − t even2 t + (3 t + / − t odd n = t + t / + t + t − n = t + n − i + i + i + i − n = i i + ω ∈ F \{ , } . Very recently, Budaghyan, Helleseth, and Kaleyski introducedan infinite family of quadrinomials over F n of the following form: g s ( x ) = x + a ( x s + ) k + bx · m + c ( x s + m + m ) k , where n = m . They showed that this family can provide new infinite families of APN functions [12].More precisely, they showed that g s ( x ) is a new APN function if k =
0, ( s , a , b , c ) = ( m − , ω, ω , m − − mod n , ω, ω , m is odd with gcd(3 , m ) =
1. They also pointed out that when k ≥ g s ( x )can also be APN, however, CCZ-equivalent to some known ones.Let n = m and q = m . In this paper, our motivation is to find new infinite families of APN functionsover F n . We revisit the above-mentioned two infinite families of APN quadrionomials obtained in [12].Observing that for any odd positive integer s , ω s = ω , the APN functions for s = m −
2, or ( m − − mod n g s ( x ) = a Tr nm ( bx ) + a q Tr nm ( cx s + ), a = ω , b = c = ω . Here Tr nm ( x ) : = x + x m for n = m . Inspired by the quadrinomials and our observation, let a ∈ F n , we study a class of functions withthe following form: f ( x ) = a Tr nm ( F ( x )) + a q Tr nm ( G ( x )) , a + a q (cid:44) , (1)where F and G are quadratic functions with F (0) = G (0) = F and G for finding APN functions.We mainly consider two kinds of functions in (1) by setting F and G as follows. i ) F ( x ) = bx , G ( x ) = cx s + ; ii ) F ( x ) = bx i + + cx i + m + , G ( x ) = g x s + + ex s + m + , where b , c , g, e ∈ F n , and i , s are positive integers.Let n = m with m odd. Let a ∈ F n , and f s ( x ) = a Tr nm ( bx ) + a q Tr nm ( cx s + ) , a + a q (cid:44) . We can find two more exponents s =
3, or m +
2, and the corresponding conditions on the coe ffi cients suchthat f s ( x ) is an APN function over F n . Code isomorphism tests (see Sec. 2 below) indicate that for theexponent s =
3, the APN function found with Theorem 3.3: f ( x ) = a Tr nm ( bx ) + a q Tr nm ( b x ) , where b is a non-cube, is new up to CCZ-equivalence over F . We can also discover more coe ffi cients forthese two exponents s = m −
2, and ( m − − mod n discovered by Budaghyan et al. such that f s ( x ) is APNwithout the assumption that gcd(3 , m ) =
1. In this way, some new instances of APN functions over F and F of the form f s ( x ) can also be found.Let n = m , q = m , a ∈ F n , and h i , s , b , c ,g, e ( x ) = a Tr nm ( bx i + + cx i + m + ) + a q Tr nm ( g x s + + ex s + m + ) , a + a q (cid:44) . We can find two infinite families of APN functions as follows, by letting i = s = c = h , , b , ,g, e ( x ) = a Tr nm ( bx ) + a q Tr nm ( g x + ex q + ) , where a ∈ F n such that a + a q (cid:44) m is odd, and b , g, e satisfy: i ) b not cube, g = e = b q − ; or ii ) b notcube in F ∗ n , and g = e = b . By means of the code isomorphism test, we find that these two classes of APNfunctions are CCZ-inequivalent to each other, however, CCZ-equivalent to some functions in family F12 ofTaniguchi over F . The critical technique needed in the proof is to forge links between the cube-ness ofsome certain elements and the number of solutions to the equation of the following form: Ax + Bx + B q x + A q = . The rest of the paper is organized as follows. Some basic definitions are given in Section 2. We characterizethe condition for f ( x ) with the form (1) such that f ( x ) is an APN function over F n , n = m . In Section 3,3e investigate the APN property of the functions with the form (1) by letting F , G are both Gold functionsor both quadratic binomials. We can find a new infinite family of APN quadrinomials, and generalize thetwo infinite families of APN functions found by Budaghyan et al. in [12]. We can find two infinite familiesof APN hexanomials, which computationally proved that they belong to family F12 over F . We can alsofind (at least) two new APN instances over F . A few concluding remarks are given in Section 4.2. P reliminaries Let F n be the finite field consisting of 2 n elements, then the group of units of F n , denoted by F ∗ n , is acyclic group of order 2 n −
1. Let α ∈ F n . It is called a cube in F n , if α = β for some β ∈ F n ; otherwise,it is called a non-cube . Let m and n be two positive integers satisfying m | n , we use Tr nm ( · ) to denote the trace function form F n to F m , i.e., Tr nm ( x ) = x + x m + x m + · · · + x ( n / m − m . Let f ( x ) be a function over F n . Then it can be uniquely represented as f ( x ) = (cid:80) n − i = a i x i . This is the univariate representation of f . Let 0 ≤ i ≤ n −
1. The binary weight of i is w ( i ) = (cid:80) n − s = i s , where i = (cid:80) n − s = i s s , i s ∈ { , } . The algebraic degree of f , denoted by deg( f ), is the largest binary weight of anexponent i with a i (cid:44) f . Functions of algebraic degree one, and two arecalled a ffi ne , quadratic , respectively.Given an ( n , n )-function F , we denote by ∆ F ( a , b ) the number of solutions to the equation D a F ( x ) = b ,where D a F ( x ) = F ( x ) + F ( x + a ) is the derivative of F in direction a ∈ F n . F is called di ff erentially δ -uniform if the largest value of ∆ F ( a , b ) equals to δ , for every nonzero a and every b . If F is di ff erentially 2-uniform,we say that F is almost perfect nonlinear (APN).Two ( n , m )-functions F and G are called extended a ffi ne equivalent (EA-equivalent) if there exist somea ffi ne permutation L over F n and some a ffi ne permutation L over F m , and some a ffi ne function A suchthat F = L ◦ G ◦ L + A . They are called Carlet-Charpin-Zinoviev equivalent (CCZ-equivalent) if there existssome a ffi ne automorphism L = ( L , L ) of F n × F m , where L : F n × F m → F n and L : F n × F m → F m area ffi ne functions, such that y = G ( x ) if and only if L ( x , y ) = F ◦ L ( x , y ). It is well known that EA-equivalenceis a special kind of CCZ-equivalence, and that CCZ-equivalence preserves the di ff erential uniformity [13].Proving CCZ-inequivalence of functions can be very di ffi cult in general, and this is resolved through codeisomorphism. Let α be the primitive element in F n . Then two ( n , n )-functions functions F and G are CCZ-equivalent if and only if C F , C G are isomorphic [3], where C F is the linear code corresponding to F withthe generating matrix as follows. C F = · · · α · · · α n − F (0) F ( α ) · · · F ( α n − ) Let f be a quadratic function over F n with f (0) =
0. Denote ∆ d , f ( x ) : = f ( dx ) + f ( dx + d ) + f ( d ) . f is APN if and only if for every d (cid:44) ∆ d , f ( x ) = x , i.e., only x ∈ F can be a solution to ∆ d , f ( x ) = Lemma 2.1.
Let n = m, and q = m . Let F, G be quadratic functions over F n satisfying that F (0) = ,and G (0) = . Let f ( x ) = a Tr nm ( F ( x )) + a q Tr nm ( G ( x )) , where a ∈ F n such that a + a q (cid:44) . Then f ( x ) is APNover F n , if and only if the following system ∆ d , F ( x ) ∈ F m ∆ d , G ( x ) ∈ F m (2) only has x = , as its solutions for any d (cid:44) ∈ F n .Proof. Since f ( x ) is quadratic with f (0) =
0, it is equivalent to showing that the following equation onlyhas x = , d (cid:44) ∆ d , f ( x ) = f ( dx ) + f ( dx + d ) + f ( d ) = . (3)We have ∆ d , f ( x ) = a Tr nm ( ∆ d , F ( x )) + a q Tr nm ( ∆ d , G ( x )) = . (4)In the following, we shall show that (4) holds if and only ifTr nm ( ∆ d , F ( x )) = Tr nm ( ∆ d , G ( x )) = . The su ffi ciency is clear. Let us show the necessity.Raising (4) to its q -th power, we have a q Tr nm ( ∆ d , F ( x )) + a Tr nm ( ∆ d , G ( x )) = . (5)Adding (4) and (5), ( a + a q )Tr nm ( ∆ d , F ( x )) + ( a + a q )Tr nm ( ∆ d , G ( x )) = , which infers, since a + a q (cid:44)
0, that Tr nm ( ∆ d , F ( x )) = Tr nm ( ∆ d , G ( x )) . (6)Substituting (6) into (4), we can obtainTr nm ( ∆ d , F ( x )) = Tr nm ( ∆ d , G ( x )) = , which is exactly the system (2). Therefore, f ( x ) is APN, if and only if the system (2) only has trivialsolutions x = ,
1, for any d (cid:44) (cid:3) ABLE IIK nown infinite families of quadratic
APN polynomials over F n ID Functions Conditions SourceF1-F2 x s + + u k − x ik + mk + s n = pk , gcd( k , p ) = gcd( s , pk ) = p ∈ { , } , i = sk mod p , m = p − i , n ≥ u primitive in F ∗ n [9]F3 sx q + + x i + + x q (2 i + + dx i q + + d q x i + q n = m , q = m , gcd( i , m ) = d ∈ F n , s ∈ F n \ F m , X i + + dX i + d q X + x s.t. x q + = x + a − Tr n ( a x ) a (cid:44) x + a − Tr n ( a x + a x ) 3 | n , a (cid:44) x + a − Tr n ( a x + a x ) 3 | n , a (cid:44) ux s + + u k x − k + k + s + v x − k + + ω u k + x s + k + s n = k , gcd( k , = gcd( s , k ) = v , ω ∈ F k , vω (cid:44)
1, 3 | ( k + s ), u primitivein F ∗ n [3, 4]F10 cx q + + dx i + + d q x q (2 i + + (cid:80) m − s = γ s x s ( q + n = m , q = m , gcd( i , m ) = i , m odd, γ s ∈ F q , c (cid:60) F q , d not a cube [3]F11 ( x + x q ) k + + u (cid:48) ( ux + u q x q ) (2 k + i + u ( x + x q )( ux + u q x q ) n = m , m ≥ k , m ) = q = m , and i ≥ u primitive in F ∗ n , u (cid:48) ∈ F m not a cube [26]F12 u ( u q x + ux q )( x + x q ) + ( u q x + ux q ) i + i + α ( u q x + ux q ) i ( x + x q ) i + β ( x + x q ) i + n = m , q = m , gcd( i , m ) = u primitive in F ∗ n , α , β ∈ F m , and X i + + α X + β has no solution in F m [23]F13 L ( x ) i x + L ( x ) x i n = km , m ≥
2, gcd( n , i ) = L ( x ) = (cid:80) k − j = a j x jm satisfies the conditions inTheorem 6.3 of [6] [6]F14 x + ω x s + + ω x q + x (2 s + q n = m , q = m , m odd, 3 (cid:45) m , ω prim-itive in F ∗ , s = m −
2, ( m − − mod n [12]F15 a Tr nm ( bx ) + a q Tr nm ( b x ) n = m , m odd, q = m , a (cid:60) F q , b nota cube new3. T hree infinite families of APN functions
We want to find new APN functions of the form (1). In the following two subsections, the functions F and G were chosen very carefully to satisfy the conditions characterized in Lemma 2.1. This will yield anew infinite family of APN quadrinomails, two infinite families of APN hexanomials, and (at least) twosporadic APN functions CCZ-inequivalent to any other known APN functions over F . A. F, G are both of Gold type
We need the following two lemmas, which will be used in the proof of Theorem 3.3.6 emma 3.1.
Let n = m for m odd, q = m . Suppose that for some c ∈ F n we havec ( c + c + c ) q ∈ F m . Then c is a cube in F n .Proof. Since gcd(3 , m − =
1, any element of F m is a cube. In the following, we assume that c (cid:60) F m .Noting that c ( c + c + c ) q = c ( q + + + c q + + + c q + + q , we have c q + ( c + c q ) + c q + ( c + c q ) + c q + ( c + c q ) = c ( c + c + c ) q ∈ F m . Since c + c q (cid:44)
0, we have c q + ( c + c q ) + c q + + c q + = c + c q = c q + + c q + . Note that any nonzero element c of F n has a unique polar decompositionof the form c = v k , where k q + =
1, and v q − =
1. Substituting c = v k into c + c q = c q + + c q + , we have k + k − = v + v . By assumption that c (cid:60) F m , we have k (cid:44)
1. Then according to [21, Theorem 7], we havethat k is a cube in U : = { x ∈ F n | x q + = } . Therefore, c = v k is a cube in F n . (cid:3) Let s be a positive integer with gcd( s , n ) =
1. Let x ∈ F n . It is clear that x + x s (cid:44)
0, if and only if x (cid:44) ,
1. We have the following lemma.
Lemma 3.2.
Let n = m for m odd with gcd(3 , m ) = . Let s be a positive integer such that s ≡ n.Suppose that for some x ∈ F n \{ , } , we have x + x ( x + x s ) s − s + ∈ F m . Then x + x s is a cube.Proof. Let d = x + x s . Then d (cid:44)
0, since x (cid:44) ,
1, and gcd( s , n ) =
1. We can express x + x = d + d s + d s .Then x + x ( x + x s ) s − s + = d + d s + d s d s − s + = d − s (2 s − + d − (2 s − + d s − = A − s + A − s + + A , where A = d s − . Then the condition of this lemma is equivalent to that A − s + A − s + + A + ∈ F m , whichis exaclty ( A + s + A s ∈ F m . If A =
1, i.e., d s − =
1, then d =
1, and hence x + x s = s − , n − = g ( x ) = x s − is a permutation of F n . Then by g ( d ) = g (1) =
1, we have d =
1. If A (cid:44)
1, then there existssome α ∈ F ∗ m such that A s = ( A + s + α . Since s is odd, 3 | s +
1, we have A s + α is a cube, and hence A s is a cube, that is, A is a cube. However, note that gcd(3 , s − =
1, we have that d is a cube, when A = d s − is. (cid:3) In the following theorem, we investigate the APN property of the functions with the form (1) by letting F ( x ) = bx , and G ( x ) = cx s + . This allows us to find a new infinite family of APN quadrinomials f ( x ) = a Tr nm ( bx ) + a q Tr nm ( b x ), where b is a non-cube in F n .7 heorem 3.3. Let n = m with m ≥ odd, and q = m . Let a ∈ F n , and f s ( x ) = a Tr nm ( bx ) + a q Tr nm ( cx s + ) with a (cid:60) F q , bc (cid:44) , s odd. Then f s ( x ) is APN over F n , if s , b , c satisfy the followingi) s = m − , b not a cube, c b ∈ F m ; orii) s = ( m − − mod n, b not a cube, c s − b s ∈ F m ; oriii) s = , b not a cube, cb ∈ F m ; oriv) gcd(3 , m ) = , s ≡ n, b not a cube, cb s − s + ∈ F m ; orv) s = m, b not a cube, c (cid:60) F m ; orvi) s = m + , b not a cube, bc ∈ F m ; orvii) s = n − , c b (cid:60) F m .Proof. Let F ( x ) = bx , G ( x ) = cx s + . Then ∆ d , F ( x ) = d b ( x + x ) , and ∆ d , G ( x ) = d s + c ( x s + x ) . According to Lemma 2.1, proving f s ( x ) is an APN function over F n is equivalent to showing that thesystem: ∆ d , F ( x ) ∈ F m , and ∆ d , G ( x ) ∈ F m can only has trivial solutions x = , d (cid:44)
0. Assume, to thecontrary, that f s ( x ) is not an APN function, when s , b , c satisfy the conditions of one item in this theorem.Then the following system d b ( x + x ) = α, d s + c ( x s + x ) = β. (7)has a non-trivial solution x (cid:60) F for some d (cid:44)
0, where α, β ∈ F m with α (cid:44) m is odd, gcd(3 , m − =
1, we have that α = e for some e ∈ F ∗ n . Dividing both sides of thefirst equation in (7) by e , we obtain that ( d / e ) b ( x + x ) =
1. Dividing both sides of the second equationin (7) by e s + , we have ( d / e ) s + c ( x s + x ) = β e − (2 s + . Since s is odd, we have 3 | s +
1, and e s + ∈ F m . Therefore, the system (7) has a non-trivial solution x (cid:60) { , } if and only if the system d b ( x + x ) = , d s + c ( x s + x ) = β. (8)has a solution for some d ∈ F ∗ n and β ∈ F m . i ) s = m − b is a non-cube in F n and c b ∈ F ∗ m .Raising the second equation in (8) to its fourth power, we have d q + c ( x q + x ) = β . From the first equation,we have d = b ( x + x ) . Substituting this relation into the previous equation, we have d q + c b x q + x x + x ∈ F m . Since d q + ∈ F ∗ m , and c b ∈ F ∗ m by assumption, we have x q + x x + x ∈ F m . By [12, Lemma 1], we have x + x is a cubein F n , and hence b is a cube by d b ( x + x ) =
1, a contradiction to the assumption that b is a non-cube. ii ) s = ( m − − mod n , b is a non-cube in F ∗ n and c s − b s ∈ F ∗ m .It can be seen from the proof of Theorem 2 in [12] that the critical conditions ensuring the APN-ness ofthis f s ( x ) are exactly that b is a non-cube in F n and c s − b s ∈ F ∗ m . We invite the readers to check it, and we8mit the arguments here. iii ) s = b is a non-cube in F n and cb ∈ F ∗ m . It can be seen that in this case (8) becomes d b ( x + x ) = , d c ( x + x ) = β. Substituting d = b ( x + x ) into the second equation of the above system, we have cb · x + x ( x + x ) = β, which infers that x + x ( x + x ) ∈ F m , since cb ∈ F ∗ m by assumption. It implies that ( x + x ) ( x + x ) q ∈ F m . Denoting e = x + x , we have x + x = e + e + e , and hence e ( e + e + e ) q ∈ F m . Now, according to Lemma 3.1, e = x + x is a cube. Then b is a cube by d b ( x + x ) =
1, which contradicts to the assumption that b is anon-cube. i v ) gcd(3 , m ) =
1, 3 s ≡ n , b is a non-cube in F n and c s − s + b ∈ F ∗ m .Since gcd(2 s − , n − = gcd( s , n ) − =
1, we have that x + x s (cid:44)
0, when x (cid:44) ,
1. Then (8) becomes d s + b ( x + x ) = , d s + c ( x + x s ) = β, where β ∈ F m with β (cid:44)
0, since x + x s (cid:44)
0. By the second equation, we have d s + = β c ( x + x s ) . Substitutingthis relation into the first equation, noting that 2 s + = (2 s + s − s + bc s − s + · x + x ( x + x s ) s − s + ∈ F m , which infers, since bc s − s + ∈ F ∗ m by assumption, that x + x ( x + x s ) s − s + ∈ F ∗ m . (9)Now, by the assumption that b is a non-cube in F n and c s − s + b ∈ F ∗ m , we have that c is a non-cube. On theother hand, by (9) and Lemma 3.2, we have that x + x s is a cube, which infers that c is a cube from thesecond equation d s + c ( x + x s ) = β of the above system, a contradiction. v ) s = m , b is a non-cube in F n , and c (cid:60) F m . It can be seen that (8) becomes d b ( x + x ) = , d m + c ( x + x m ) = β, where β ∈ F m . Since c (cid:60) F m , and d m + ∈ F ∗ m , x + x m ∈ F m for any d (cid:44) x ∈ F n , by the second equation,9e have β must equal to zero, which infers that x ∈ F m . Then by the fact that any element of F m is a cube,we have d ( x + x ) is a cube in F ∗ n , which implies that b is a cube in F ∗ n , a contradiction to the assumptionthat b is a non-cube. v i ) s = m + b is a non-cube in F n and bc ∈ F ∗ m . It can be seen (8) becomes d b ( x + x ) = , d q + − c ( x + x q ) = β, where β ∈ F m with β (cid:44) x + x q (cid:44) x (cid:44) ,
1. Since d b ( x + x ) =
1, we have d = b ( x + x ) .Substituting this relation into the second equation, we have d q + bc ( x + x )( x + x q ) = β. Then by the assumption that bc ∈ F ∗ m , we have ( x + x )( x + x q ) ∈ F m . According to [12, Lemma 1], wehave x + x (cid:44) b is a cube by d b ( x + x ) =
1, a contradiction to the assumptionthat b is a non-cube. v ii ) s = n − c b (cid:60) F m .Since gcd(2 s − , n − = gcd( s , n ) − =
1, we have that x + x s (cid:44)
0, if x (cid:44) ,
1. It can be seen that (8)becomes d b ( x + x ) = , d s + c ( x + x s ) = β, where β ∈ F m with β (cid:44)
0. Squaring the second equation, we have d c ( x + x ) = β . Comparing with thefirst equation, we have c b = β ∈ F m , which contradicts with the assumption that c b (cid:60) F m . (cid:3) Remark 3.4.
Code isomorphism tests described in Section 2 suggest that all the polynomials from the sameitem of Theorem 3.3 are all CCZ-equivalent; the APN function x + ω x s + + ω x q + x (2 s + q discovered in[12] is CCZ-equivalent to all the functions in i), ii), respectively, for s = m − , and s = ( m − − mod n,if gcd(3 , m ) = ; the polynomials f s ( x ) for s = m + in vi) are equivalent to the ones for s = m − in i);the polynomials f s ( x ) for s = m in v) are equivalent to some functions in family F10 from Table II, see alsothe arguments in Remark 3.7 below; the polynomial f s ( x ) for s = n − in vii) is CCZ-equivalent to x .The remaining value of s = in iii) yields APN quadrinomials f ( x ) , which are CCZ-inequivalent toany currently known APN function over F . By the arguments above that all the polynomials in the sameitem are all CCZ-equivalent, we only take a representative of iii). We let f ( x ) = ω Tr nm ( bx ) + ω Tr nm ( b x ) ,where b is a non-cube, ω ∈ F \ F . We use this f ( x ) to compare against representatives from all theknown infinite families including f s ( x ) , s = m − , ( m − − mod n in i), ii) which are essentially due toBudaghyan, Helleseth, and Kaleyski ([12]). Note that, Budaghyan et al. had presented a table listing all therepresentatives, except family F12, of all the known CCZ-inequivalent APN functions over F , see Table IIIof [12]. To complete the work of code isomorphism test, we have to find all the representatives of F12 over . Thanks to the nice work [20], we can obtain these representatives. In fact, let γ be a primitive elementin F ∗ , according to [20, Theorem 4.5], there are exactly 6 of CCZ-inequivalent Taniguchi APN functionsfrom F12: i = , take α = , β = , γ , γ ; i = , take α = , β = , γ , γ . The notations i , α, β usedhere are the same as the ones used in family F12 of Table II. Remark 3.5.
Let n = m with m odd, and gcd( m , = . Let q = m . Let z be a primitive elementin F ∗ n , and ω = z n − . Then ω is a primitive element in F . Let s = m − or ( m − − mod n. Then g s ( x ) = x + ω x s + + ω x q + x (2 s + q is an APN function ([12]). It can be seen that g s ( x ) can be coveredby our theorem. In fact, noting that ω s = ω for any odd s, g s ( x ) = ω Tr nm ( ω x ) + ω Tr nm ( ω x s + ) = a Tr nm ( bx ) + a q Tr nm ( cx s + ) , where a = ω, b = c = ω . It is clear that a + a q = (cid:44) , and b = ω is a non-cubesince gcd( m , = , and c b = = c t − b t , where t = ( m − − mod n. Then by i ) , ii ) of the above theorem, wehave that g s ( x ) is APN over F n , for s = m − , and ( m − − mod n, respectively. Remark 3.6.
Let n = m with m odd. Let us investigate the APN property of f m − ( x ) further. A pair (b , c)is said to satisfy property P m − , if b is a cube in F ∗ n , and c ∈ F ∗ n such that the following assertion holds:For any x ∈ F n with x (cid:44) , , x + x is a non-cube in F n , if c b · x q + x x + x ∈ F m .Then f m − ( x ) is APN over F n for these b, c. In fact, this assertion can be seen from the proof of i ) inthe above theorem. With the help of computer, we find that when m = , , there exist a lot of pairs(b , c) satisfying P m − . More precisely, let m = or , z be a primitive element in F ∗ m , j = (2 m + , andU = { ( z j ) i | gcd(3 , i ) = , ≤ i ≤ n − } . Then any pair (b , c) with b (cid:44) a cube, and c b ∈ U satisfies P m − .However, when m = , , there does not exist such (b , c). We therefore propose the following: Open Problem 1.
Does there exist infinite odd integer m ≥ such that P m − holds? Remark 3.7.
Let n = m with m odd, and q = m . Let us revisit the function f m ( x ) = a Tr nm ( bx ) + a q Tr nm ( cx m + ) investigated in v ) . Replacing bx by bx i + , we let f ( x ) = a Tr nm ( bx i + ) + a q Tr nm ( cx m + ) , where i is an oddpositive integer with gcd( i , m ) = . With similar arguments, by | i + and gcd( i , m ) = , we can obtainthat f ( x ) is APN, if b is a non-cube in F n , and c (cid:60) F m . Note that a f ( x ) = dx m + + Tr nm ( bx i + ) , whered = a q − ( c + c q ) can be chosen as any element in F n \ F m , since a , c (cid:60) F q , we have that f ( x ) in fact areexactly the functions in family F10 up to EA-equivalence. This observation suggests that it is worthy tofinding APN functions with the following form:f i , s ( x ) = a Tr nm ( bx i + ) + a q Tr nm ( cx s + ) , where a ∈ F n such that a + a q (cid:44) , n = m is a positive integer . (10) Remark 3.8.
It is noted that there does not exist elements satisfying the conditions in i v ) . However, wedecide to preserve this item, because we feel that the technique used in the proof may provide some insightsfor the constructions of APN functions. . F, G are both quadratic binomials Let us consider more general case. Let n = m with m a positive integer. Let h i , s , b , c ,g, e ( x ) = a Tr nm ( bx i + + cx i + m + ) + a q Tr nm ( g x s + + ex s + m + ) , (11)where a ∈ F n such that a + a q (cid:44) b , c , g, e ∈ F n .In this subsection, we want to find APN functions of the form (11). We remark first that the APNpolynomials considered in family F3 can be covered by h i , s , b , c ,g, e ( x ). In fact, let i = m , b (cid:60) F m , c = g = a q − ( b + b q ) x q + + x s + + x (2 s + q + ex s q + + e q x s + q , which are exactly the functions inF3, since a q − ( b + b q ) can be choosen as any elements in F n \ F m .We can find two infinite families of APN functions with the above form (11), and computationally provethat they are CCZ-inequivalent to any APN power functions over F , and we can find a new sporadicinstance of APN functions over F . Theorem 3.9. [24] Let n = m, and a ∈ F ∗ n . Let t be one solution in F n of t + at + = (if Tr n (cid:16) a (cid:17) = ).Let f ( x ) = x + x + a, then • f has no zeros in F n if and only if Tr n (cid:16) a (cid:17) = , and t is not a cube in F n . • f has three zeros in F n if and only if Tr n (cid:16) a (cid:17) = , and t is a cube in F n . We need the following theorem, which will be used for generating APN functions (see Corollary 1). Let n = m with m being an odd positive integer, and q = m . Let x ∈ F n with x (cid:44) ,
1. Then fix the followingnotations for this given element x . r : = x q + ; h : = x + x q ; c : = x + x ; D : = A ( A q + + B q + ); H : = A ( A q B + AB q + B + q ) , where A , B are some elements determined by x . By a routine work, we have that h + h = c + c q . The following result can not only give rise to APN functions of the form (11) but can also yield Budaghyan-Carlet APN hexanomials (family F3), and hence it has its own importance and we state it as a theorem.The proof can be seen in the appendix.
Theorem 3.10.
Let n = m with m being an odd positive integer. Let x be any given element in F n \{ , } .Use the notations given as above. Letf ( y ) = A y + B y + B q y + A q = . (12) Then equation (12) has no solutions in F n , if A, B, c satisfy1) A = c − q ( h + c + c ) , B = c + c , and c = x + x is a non-cube in F n ; or2) A = h + c + c c q , B = + c, and c = x + x is a non-cube in F n . emark 3.11. Let n = m, and q = m . Recall first that the condition needed in family F3 is that y i + + d y i + d q y + = has no solutions in U = { x ∈ F n | x q + = } . Here i is a positive integer with gcd( i , m ) = . When i = , thiscondition is exactly that y + d y + d q y + = has no solutions in U.With the same notations as in Theorem 3.10. Let A be the elements given in 1) or 2). Let Γ = { A ∈ F ∗ m | x ∈ F n \ F m , c = x + x not cube } . Numerical experiments suggest that Γ is always nonempty for anyodd m. This can yield Budaghyan-Carlet APN functions in family F3. In fact, let A ∈ Γ , then (12) becomes y + d y + d q y + = , d = BA . According to Theorem 3.10, the above equation has no solutions in F n . Therefore, this theorem can be usedto yield APN functions in family F3. It is noted that the existence of the coe ffi cients d such that the equation(13) has no solutions in U (or F n ) for a given positive integer i had also been studied in [2, 5].We expectthat Γ does indeed empty for any odd positive integer m, and hence propose the following: Open problem 2.
Let n = m with m odd. Show that Γ is always nonempty.It is also interesting and important to consider the following question. Open problem 3.
Let n = m with m a positive integer, q = m . Let i be a positive with gcd( m , i ) = .Find more exponents i, and elements A , B such that the following equation has no solutions in F n .A y i + + B y i + B q y + A q = . In the following, we investigate the APN property of the functions with the form (11) by letting i = , c = ff erent from that ofTaniguchi. Corollary 1.
Let n = m be a positive integer with m odd, and q = m . Let h s ( x ) = a Tr nm ( bx ) + a q Tr nm ( g x s + + ex s + m + ) with a (cid:60) F q , b g e (cid:44) . Then h s ( x ) is APN over F n , if s , b , g, e satisfy s = , b is not a cube , g = , e = b q − ; or2) s = , b is not a cube , g = e = b . Proof. s = b is not a cube, g = e = b q − .Let F ( x ) = bx , G ( x ) = x s + + ex s + m + . Then we have ∆ d , F = d b ( x + x ) , ∆ d , G = d s + ( x + x s ) + d s + m + e ( x + x s + m ) . h s ( x ) is APN if the following system d b ( x + x ) = α d s + ( x + x s ) + d s + m + e ( x + x s + m ) = β only has x = , d (cid:44)
0, where α , β ∈ F m . Assume, to the contrary, that there existssome d (cid:44) x (cid:44) , s = b is a non-cube, e = b q − . Then α (cid:44) b = α d ( x + x ) , e = b − (2 q − = d q − ( x + x ) q − (note that α q − = d ( x + x ) + d q − ( x + x ) q − ( x + x q ) = β, which is equivalent to d ( x + x ) + d q − ( x + x ) q − ( x + x q ) + (cid:16) d ( x + x ) + d q − ( x + x ) q − ( x + x q ) (cid:17) q = . (14)Let u = d . Then the above equation becomes u ( x + x ) + u q − ( x + x ) q − ( x + x q ) + (cid:16) u ( x + x ) + u q − ( x + x ) q − ( x + x q ) (cid:17) q = . (15)Note that any nonzero element u of F n has a unique polar decomposition of the form u = v k , where v q + = k q − =
1. Substituting u = v k into (15), then (15) can be reduced as v ( x + x ) + v q − ( x + x ) q − ( x + x q ) + (cid:16) v ( x + x ) + v q − ( x + x ) q − ( x + x q ) (cid:17) q = . Multiplying both sides by v of the above equation, by the fact that v q = v − , we have A y + B y + B q y + A q = , where y = v ∈ F n , and A , B are given in 1) of Theorem 3.10. Now, according to 1) of Theorem 3.10, weobtian that the element x + x is a cube, and hence b is a cube from the first equation d b ( x + x ) = α ofthe system, since α ∈ F ∗ m is a cube. This derives a contradiction to the assumption that b is a non-cube.2) s = b is not a cube, g = e = b .Let F ( x ) = bx and G ( x ) = bx + bx q + . We have ∆ d , F ( x ) = d b ( x + x ) and ∆ d , G ( x ) = d b ( x + x ) + d q + b ( x + x q ) . By Lemma 2.1, h s ( x ) is APN if and only if the following system d b ( x + x ) = α d b ( x + x ) + d q + b ( x + x q ) = β only has trivial solutions x ∈ F for any d ∈ F ∗ n and α, β ∈ F m . Assume now that there exist some d ∈ F ∗ n , α ∈ F m , β ∈ F m such that the system has non-trivial solutions x ∈ F n \ F . Then α (cid:44)
0. By the first equation,14e have b = α d ( x + x ) . Substituting this relation into the second equation, we have d ( x + x ) x + x + d q − ( x + x q ) x + x = βα , which implies that d ( x + x ) x + x + d q − ( x + x q ) x + x + (cid:18) d ( x + x ) x + x + d q − ( x + x q ) x + x (cid:19) q = , since α, β ∈ F m . Let µ = d . We have µ ( x + x ) x + x + µ q − ( x + x q ) x + x + (cid:18) µ ( x + x ) x + x + µ q − ( x + x q ) x + x (cid:19) q = . (16)To complete the proof, it su ffi ces to show that x + x is a cube of F n , which will derive that b is a cubefrom the first equation of the above system and this will yield a contradiction to the assumption that b is anon-cube. Let µ = ν k , where ν q + = k ∈ F ∗ m , and substitute µ = ν k into (16), we have ν ( x + x ) x + x + ν q − ( x + x q ) x + x + (cid:18) ν ( x + x ) x + x + ν q − ( x + x q ) x + x (cid:19) q = . Multiplying both sides of the above equation by ν , we have A y + B y + B q y + A q = , where y = ν , A = (cid:16) x + x q x + x (cid:17) q and B = x + x x + x = + x + x . According to 2) of Theorem 3.10, x + x is a cube in F n , otherwise, the above equation has no solutions in F n . (cid:3) Example 1 . Besides the two infinite classes of APN functions presented in Corollary 1, we can also finda new instance of APN functions over F CCZ-inequivalent to any other known APN functions. Let z bea primitive element in F ∗ . Then h s ( x ) = a Tr nm ( bx ) + a q Tr nm ( g x + ex q + )is an APN function over F , where b = g = z , e = z .4. C onclusions Let n = m , and q = m . We studied a class of quadratic functions with the form f ( x ) = a Tr nm ( F ( x )) + a q Tr nm ( G ( x )), where F , G are quadratic functions. We found a new infinite family of APN quadrinomialsover F n , a ∈ F n , n = m with m odd as follows. f ( x ) = a Tr nm ( bx ) + a q Tr nm ( b x ) , b not a cube , a (cid:60) F q . We generalized the two infinite families of APN functions obtained in [12] to a broader condition on m ,that is, the assumption that gcd(3 , m ) = ABLE IIIA ll K nown CCZ- inequivalent
APN functions over F , q = Function Conditions Family x i + i = , x − Kasami x − Dobbertin x + x + α x α primitive in F ∗ F3 x + x + α x α primitive in F ∗ F3 x + Tr ( x ) − F4 x + α − Tr ( α x ) α primitive in F ∗ F4 u ( u q x + ux q )( x + x q ) + ( u q x + ux q ) i + i + α ( u q x + ux q ) i ( x + x q ) i + β ( x + x q ) i + u primitive in F ∗ , z primitive in F ∗ , i = α = β = , z , z ; i = α = β = , z , z F12 B ( x ) = x + α x − sporadic,see [17] x + ω x s + + ω x q + x (2 s + q s = , , ω primitive in F ∗ F14 α Tr nm ( α x ) + α q Tr nm ( α x ) α primitive in F ∗ F15 α Tr nm ( x ) + α q Tr nm ( α x ) α primitive in F ∗ sporadic, seeRemark 3.6 α Tr nm ( x ) + α q Tr nm ( α x + α x q + ) α primitive in F ∗ sporadic, seeExample 1found two infinite families of APN functions over F m for odd m , which turned out to be in family F12,that is, the the Taniguchi APN functions when m =
5, as follows. f ( x ) = a Tr nm ( bx ) + a q Tr nm ( x + b q − x q + ) , b not a cube , a ∈ F n \ F m , and f ( x ) = a Tr nm ( bx ) + a q Tr nm ( bx + bx q + ) , b not a cube , a ∈ F n \ F m . Code isomorphism tests showed that f and f are CCZ-inequivalent to each other over F . We found twonew instances of APN functions over F . We also proposed three open problems, and we cordially invitethe readers to attack these open problems. R eferences [1] T. Beth., C. Ding., On almost perfect nonlinear permutations, Workshop on the Theory and Applicationof Cryptographic Techniques , Springer, pp. 65-76, 1993.[2] A. W. Bluher., On existence of Budaghyan-Carlet APN hexanomials,
Finite fields and their applications ,vol. 24, pp. 118-123, 2013. 163] C. Bracken., E. Byrne., N. Markin., G. McGuire., New families of quadratic almost perfect nonlineartrinomials and multinomias,
Finite fields and their applications , vol. 14, no. 3, pp. 703-714, 2008.[4] C. Bracken., E. Byrne., N. Markin., G. McGuire., A few more quadratic APN functions,
Cryptographyand Communications , vol. 3, no. 1, pp. 43-53, 2011.[5] C. Bracken., C. H. Tan., Y. Tan., On a class of quadratic polynomials with no zeros and its applicationto APN functions,
Finite fields and their applications , vol. 24, pp. 26-36, 2014.[6] L. Budaghyan., M. Calderini., C. Carlet., R. Coutter., I. Villa., Constructing APN functions throughisotopic shift,
IEEE Transactions on Information Theory , vol. 66, no. 8, pp. 5299-5309, 2020.[7] L. Budaghyan., M. Calderini., I. Villa., On equivalence between known families of quadratic APNfunctions,
Finite fields and their applications , vol. 66, 101704, 2020.[8] L. Budaghyan., C. Carlet., Classes of quadratic APN trinomials and hexanomials and related structures,
IEEE Transactions on Information Theory , vol. 54, no. 5, pp. 2354-2357, 2008.[9] L. Budaghyan., C. Carlet., G. Leander., Two classes of quadratic APN binomials inequivalent to powerfunctions,
IEEE Transactions on Information Theory , vol. 54, no. 9, pp. 4218-4229, 2008.[10] L. Budaghyan., C. Carlet., G. Leander., Constructing new APN functions from known ones,
Finitefields and their applications , vol. 15, no. 2, pp. 150-159, 2009.[11] L. Budaghyan., C. Carlet., G. Leander., On a construction of quadratic APN functions, in
Proceedingsof IEEE Information Theory Workshop , ITW’09, pp. 374-378, 2009.[12] L. Budaghyan., T. Helleseth., N. Kaleyski., A new family of APN quadrinomials,
IEEE Transactionson Information Theory , vol. 66, no. 11, pp. 7081-7087, 2020.[13] C. Carlet., P. Charpin., V. Zinoviev.,
Codes, bent functions and permutations suitable for DES-likecryptosystems , Designs, Codes and Cryptography, vol. 15, no. 2, pp. 125-156, 1998.[14] H. Dobbertion., Almost perfect nonlinear power functions on GF(2 n ): the Welch case, IEEE Transac-tions on Information Theory , vol. 45, no. 4, pp. 1271-1275, 1999.[15] H. Dobbertion., Almost perfect nonlinear power functions on GF(2 n ): the Niho case, Information andComputation , vol. 151, no. 1, pp. 57-72, 1999.[16] H. Dobbertin., Almost perfect nonlinear power functions on GF(2 n ): A new case for n divisible by 5, International Conference on Finite Fields and Applications , pp. 113-121, 2001.[17] Y, Edel., G. Kyureghyan., A. Pott., A new APN functions which is not equivalent to a power mapping,
IEEE Transactions on Information Theory , vol. 52, no. 2, pp. 744-747, 2006.[18] R. Gold., Maximal recursive sequences with 3-valued recursive cross-correlation functions,
IEEETransactions on Information Theory , vol. 14, no. 1, pp. 154-156, 1968.[19] T. Kasami., The weight enumerators for several classes of subcodes of the 2nd order binary Reed-Mullercodes,
Information and Control , vol. 18, no. 4, pp. 369-394, 1971.[20] C. Kaspers., Y. Zhou., The number of almost perfect nonlinear functions grows exponentially,
Journalof Cryptography , In Press.[21] H. K. Kim., S. Mesnager., Solving x k + + x + a = F n with gcd( n , k ) = Finite fields and their pplications , vol. 63, 101630, 2020.[22] K. Nyberg., Di ff eretially uniform mappings for cryptography, Lecture Notes in Computer Science , vol.765, pp. 55-64, 1994.[23] H. Taniguchi., On some quadratic APN functions,
Designs, codes and cryptography , vol. 87, pp. 1973-1983, 2019.[24] K. S. Williams., Note on Cubics over GF(2 n ) and GF(3 n ) ∗ , Journal of Number Theory , vol. 7, pp.361-365, 1975.[25] Y, Yu., M. Wang., Y. Li., A matrix approach for constructing quadratic APN functions,
Designs, codesand cryptography , vol. 73, no. 2, pp. 587-600, 2014.[26] Y. Zhou., A. Pott., A new family of semifields with 2 parameters,
Advances in Mathematics , vol. 234,pp. 43-60, 2013. 5. A ppendix
A. Proof of 1) in Theorem 3.10Proof.
It can be checked that A q + + B q + = ( x + x q ) = h in this case. In the following, we assume that c is a non-cube in F n . Note that A (cid:44)
0. In fact, if A =
0, then h + c + c = x + x q =
0, which implies that x ∈ F n ∩ F m − = F , since m is odd, and gcd( n , m − =
1, a contradiction to the assumption that x (cid:44) , y : = y + BA . Then equation (12) becomes y + AB q + B A y + A q + + B q + A = . Let y = Ez , where E satisfies that E = AB q + B A . Note that E (cid:44)
0. In fact, this would imply that AB q = B ,and hence A q B = B q , A q + B q + = B q + . However, by the fact that B (cid:44) B =
0, then c = , c is a non-cube), we have A q + + B q + =
0, which implies that( x + x q ) =
0, i.e., x ∈ F q , and then c = x + x ∈ F m is a cube in F n , since every element in F m is a cubeby the fact that gcd(3 , m − = m is odd), a contradiction.Then the above equation becomes z + z + a = , (17)where a (cid:44) a = A q + + B q + A E . It can be checked that 1 a = ( AB q + B ) A ( A q + + B q + ) . (18)18t is clear that equation (12) has no solutions in F n if and only if (17) has no solutions. To complete theproof, according to Theorem 3.9, we have to show that Tr n (cid:16) a (cid:17) =
0, and t is a non-cube in F n , where t is one solution in F n of t + at + = Claim 1. Tr n (cid:16) a (cid:17) = a = ( AB q + B ) A ( A q + + B q + ) = B + MA ( A q + + B q + ) + (cid:32) B + MA ( A q + + B q + ) (cid:33) , (19)where M is one solution of the following equation M + DM + H = . (20)Recall the notations that D = A ( A q + + B q + ), H = A ( A q B + AB q + B + q ), A = c − q ( h + c + c ), B = c + c , c = x + x . We need only to show that the above equation in M has solutions in F n , i.e., Tr n (cid:16) HD (cid:17) =
0. Thiscan be seen from the following fact. HD = A q B + AB q + B + q ( A q + + B q + ) is an element in F m , since A q B + AB q = Tr nm ( A q B ), A q + , B q + ∈ F m .Next, we need to find one solution t in F n of t + at + =
0, and show that t is a non-cube. It is clearthat t can be represented as a v , where v = B + MA ( A q + + B q + ) , since a = v + v according to (19). Note that t = a v satisfies that t = a v = ( B + M ) ( AB q + B ) . Therefore, to show t is a non-cube in F n , we have to show that B + M is a non-cube. Claim 2. B + M is a non-cube in F n .Our strategy is to find the explicit expression of M , and then show that B + M is a non-cube. To thisend, we have to revisit equation (20), and explore more information on the element HD (it is in F m ). Veryfortunately, we find that Tr m (cid:16) HD (cid:17) = . In fact, recall the notations that h = x + x q , and r = x q + , we find (withcomputer assistance) that (a surprise) HD = u + u , (21)where u = h ( r + r ) + r + r + hr h . Then M can be chosen as Du (this is because it su ffi ces to find one solution of M + DM + H = M = Du = A ( A q + + B q + ) u = c − q ( h + c + c ) h · h ( r + r ) + r + r + hr h = c ( h + c + c )( h ( r + r ) + r + r + hr ) c q . Then, recall the notation that B = c + c , we can obtain the expression of B + M as follows. B + M = h ( c q + + c q + + c q + ) + c q + + c q + c q = c (cid:16) h ( c q + + c q + + c q + ) + c q + + c q + (cid:17) c + q . (22)The above expression can be deduced from h + h = c + c q , c q + = r + r + hr . Note that h , c + q ∈ F ∗ m is a cube, it su ffi ces to show that hc (cid:16) h ( c q + + c q + + c q + ) + c q + + c q + (cid:17) is a non-cube. By the fact that h + h = c + c q , we have hc (cid:16) h ( c q + + c q + + c q + ) + c q + + c q + (cid:17) = c c q + (( c + c q ) + h ) . Since c q + , c + c q , h ∈ F ∗ m are all cubes in F n , we have that the above element is a non-cube, when c is anon-cube. (cid:3) B. Proof of 2) in Theorem 3.10Proof.
The proof is similar to that of 1) in Theorem 3.10. Recall the following notations: r = x q + ; h = x + x q ; c = x + x ; A = h + c + c c q ; B = + c , from which we can obtain that h + h = c + c q and A q + + B q + = ( x + x q ) ( x + x ) q + = h c q + . Note that A (cid:44)
0, otherwise, we have x + x q = x ∈ F n ∩ F q = F , sincegcd( m + , n ) =
1. Then setting y : = y + BA , this can transform (12) into y + AB q + B A y + A q + + B q + A = . (23)Observe that B (cid:44) c = AB q + B (cid:44)
0, otherwise, we have A q + + B q + =
0, that is, h =
0, which implies that c ∈ F q contracting to the assumption that c is a non-cube, since gcd(3 , m − = m . Thus we can transform the equation (23) into z + z + a = y = Ez , where a , E ∈ F ∗ n such that E = AB q + B A and a = A ( A q + + B q + ) ( AB q + B ) . We need now to prove that equation (24) has no solutions in F n . According to Theorem 3.9, we have toshow that Tr n (cid:16) a (cid:17) = F n of equation t + at + = F n .Firstly, we prove that Tr n (cid:16) a (cid:17) =
0. Note that a can be written as1 a = B + MA ( A q + + B q + ) + (cid:18) B + MA ( A q + + B q + ) (cid:19) , (25)where M is a solution of M + DM + H = , (26)where D = A ( A q + + B q + ) and H = A ( AB q + A q B + B q + ). Then we transform the problem into showingthat equation (26) has solutions in F n , which is equivalent to Tr n (cid:16) HD (cid:17) =
0. Indeed, it can be seen that HD = AB q + A q B + B q + ( A q + + B q + ) = Tr nm ( AB q ) + B q + ( A q + + B q + ) , which is clearly in F q . Thus, Tr n (cid:16) HD (cid:17) = t + at + = F n . Assume that t is a solution of t + at + =
0. Then by (25), it can be represented by t = a ν , where ν = B + MA ( A q + + B q + ) , and thus t = a ν = ( B + M ) ( AB q + B ) . Therefore, to show t is not a cube, it su ffi ces to show ( B + M ) and thus B + M is not a cube of F n . Inthe following, we show this fact by giving the explicit expression of M by revisiting (26) again.By the above discussion, we have obtained that HD ∈ F q . We further want to show that Tr m (cid:16) HD (cid:17) =
0, whichis equivalent to showing HD = µ + µ (27)for some µ ∈ F m . Recall that A = h + c + c c q , B = + c and A q + + B q + = h c q + , we have A q B + AB q = ( h + c q + c q ) B c + ( h + c + c ) B q c q = c q ( h + c q + c q ) B + c ( h + c + c ) B q c q + = h ( c q B + cB q ) + c q B ( c q + c q ) + cB q ( c + c ) c q + . h ( c q B + cB q ) = h (cid:0) c q (1 + c + c + c ) + c (1 + c q + c q + c q ) (cid:1) = h ( c + c q + c q + ( c + c q ) + c q + ( c + c q ) )and c q B ( c q + c q ) + cB q ( c + c ) = c q (1 + c + c + c )( c q + c q ) + ( c q (1 + c + c + c )( c q + c q )) q = c q + c q + c q + + c q + + c q + + c q + + c q + + c q + + ( c q + c q + c q + + c q + + c q + + c q + + c q + + c q + ) q = ( c + c q ) + c + c q + c q + ( c + c q ) + c q + ( c + c q ) . We have c + c q = x + x q + ( x + x q ) , c q + = x q + + x q + + x q + ( x + x q ) , from which we can obtain that h ( c q B + cB q ) = ( x + x q ) + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x (2 q + ( x + x q ) + x (2 q + ( x + x q ) and c q B ( c q + c q ) + cB q ( c + c ) = ( x + x q ) + ( x + x q ) + ( x + x q ) + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) . Thus we have c q + ( A q B + AB q ) = ( x + x q ) + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) and c q + ( A q B + AB q ) = x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) + x q + ( x + x q ) .
22e further have c q + B q + = c q + (1 + c ) q + = c q + + c q + ( c + c q ) + c q + = x q + + x q + ( x + x q ) + x q + ( x + x q ) + x q + . Recall that h = x + x q , r = x q + . Thus, we have c q + ( A q B + AB q + B q + ) = rh + rh + r + r h + r h + r h + r h + r h + r h + r , and HD = rh + rh + r h + r h + r h + r h + r h + r h + r h + r h = µ + µ where µ = r + r + r h + ( r + r ) h h . The rest of this proof is similar to that of Theorem 3.10, so we omit it here. (cid:3)(cid:3)