Abstracts of invited lectures Extended differential properties of cryptographic functi- ons

s of invited lectures Extended differential properties of cryptographic functions ANNE CANTEAUT (INRIA-Rocquencournt, France) Differential cryptanalysis is one of the very first attack proposed against block ciphers. This attack exploits the fact that some derivatives of the cipher (or of a reduced version of the cipher) have a nonrandom output distribution. Since this distribution highly depends on the behaviour of the derivatives of the nonlinear components of the cipher, Nyberg and Knudsen have introduced the notion of differential uniformity which measures the quality of an Sbox regarding its resistance to differential attacks. This notion is the starting point of many works, including the study and the construction of the so-called APN functions, which are the functions providing the best resistance against differential attacks. However, many new primitives have been proposed in the last five years, including the 64 hash functions submitted to the SHA-3 competition and a lot of lightweight block ciphers. Many of those new proposals have been attacked or evaluated by several sophisticated variants of the original differential attack. Some of them appear to be able to break some primitives which have been proved resistant against differential cryptanalysis. Those attacks include the cube attack, the rebound attack, the linear subspace attack and some meet-in-the-middle attacks. In this talk, we will study some properties of the building-blocks of a cipher and their impacts on these new attacks. In particular, we will investigate their connections with the classical notion of differential uniformity, and we will discuss the different criteria for choosing an appropriate nonlinear function when designing a new block cipher. New permutation binomials and trinomials over finite fields XIANG-DONG HOU (University of South Florida, USA) Among permutation polynomials over finite fields, those in simple algebraic forms are particularly interesting. Such permutation polynomials are sometimes the result of the mysterious interplay between the algebraic and combinatorial structures of the finite field. In this talk we consider binomials of the form tx + x2q−1, where t ∈ Fq , and trinomials of the form −x + tx + x2q−1, where t ∈ Fq . We determine the necessary and sufficient conditions for these polynomials to be permutation polynomials of Fq2: Theorem 1. Let f = tx + x2q−1 ∈ Fq[x], where t ∈ Fq . Then f is a permutation polynomial of Fq2 if and only if one of the following occurs: (i) t = 1, q ≡ 1 (mod 4); (ii) t = −3, q ≡ ±1 (mod 12); (iii) t = 3, q ≡ −1 (mod 6). Theorem 2. Let q > 2 and f = −x+ tx + x2q−1, where t ∈ Fq . Then f is a permutation polynomial of Fq2 if and only if one of the following occurs: