We exhibit an infinite class of almost perfect nonlinear quadratic polynomials from F 2 n to F 2 n (n 12, n divisible by 3 but not by 9). We prove that these functions are EA-inequivalent to any power function. In the forthcoming version of the present paper we will proof that these functions are CCZ-inequivalent to any Gold function and to any Kasami function, in particular for n = 12, they are therefore CCZ-inequivalent to power functions.

We construct infinite classes of almost bent and almost perfect nonlinear polynomials, which are affinely inequivalent to any sum of a power function and an affine function.

We exhibit an infinite class of almost perfect nonlinear quadratic binomials from F2n to F2n (n ≥ 12, n divisible by 3 but not by 9). We prove that these functions are EA-inequivalent to any power function and that they are CCZ-inequivalent to any Gold function and to any Kasami function. It means that for n even they are CCZ-inequivalent to any known APN function, and in particular for n = 12,24, they are therefore CCZ-inequivalent to any power function. It is also proven that, except in particular cases, the Gold mappings are CCZ-inequivalent to the Kasami and Welch functions.

Abstract. To improve the securityof iterated block ciphers, the resistance against linear cryptanalysis has been formulated in terms of provable securitywhich suggests the use of highlynonlinear functions as round functions. Here, we show that some properties of such functions enable to find a new upper bound for the degree of the product of its Boolean components. Such an improvement holds when all values occurring in the Walsh spectrum of the round function are divisible bya high power of 2. This result leads to a higher order differential attack on any 5-round Feistel ciphers using an almost bent substitution function. We also show that the use of such a function is preciselythe origin of the weakness of a reduced version of MISTY1 reported in [23, 1].

We exhibit an infinite class of almost perfect nonlinear quadratic binomials from n to F 2 n with n = 4k and k odd. We prove that these functions are CCZinequivalent to known APN power functions when k != 1. In particular it means that for n = 12, 20, 28, they are CCZ-inequivalent to any power function.

A method for constructing differentially 4-uniform quadratic hexanomials has been recently introduced by J. Dillon. We give various generalizations of this method and we deduce the constructions of new infinite classes of almost perfect nonlinear quadratic trinomials and hexanomials from F 2 2m to F 2 2m. We check for m = 3 that some of these functions are CCZ-inequivalent to power functions.

Abstract. Most last-round attacks on iterated block ciphers provide some design criteria for the round function. Here, we focus on the links between the underlying properties. Most notably, we investigate the relations between the functions which oppose a high resistance to linear cryptanalysis and to differential cryptanalysis. 1