{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T15:35:50Z","timestamp":1774020950534,"version":"3.50.1"},"reference-count":32,"publisher":"Springer Science and Business Media LLC","issue":"8","license":[{"start":{"date-parts":[[2024,4,10]],"date-time":"2024-04-10T00:00:00Z","timestamp":1712707200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,4,10]],"date-time":"2024-04-10T00:00:00Z","timestamp":1712707200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100000781","name":"European Research Council","doi-asserted-by":"publisher","award":["ERC-2017-ADG Nr. 788980"],"award-info":[{"award-number":["ERC-2017-ADG Nr. 788980"]}],"id":[{"id":"10.13039\/501100000781","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Des. Codes Cryptogr."],"published-print":{"date-parts":[[2024,8]]},"abstract":"Abstract<\/jats:title>The Boolean map$$\\chi _n :\\mathbb {F}_2^n \\rightarrow \\mathbb {F}_2^n,\\ x \\mapsto y$$<\/jats:tex-math>\u03c7<\/mml:mi>n<\/mml:mi><\/mml:msub>:<\/mml:mo>F<\/mml:mi>2<\/mml:mn>n<\/mml:mi><\/mml:msubsup>\u2192<\/mml:mo>F<\/mml:mi>2<\/mml:mn>n<\/mml:mi><\/mml:msubsup>,<\/mml:mo>x<\/mml:mi>\u21a6<\/mml:mo>y<\/mml:mi><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>defined by$$y_i = x_i + (x_{i+1}+1)x_{i+2}$$<\/jats:tex-math>y<\/mml:mi>i<\/mml:mi><\/mml:msub>=<\/mml:mo>x<\/mml:mi>i<\/mml:mi><\/mml:msub>+<\/mml:mo>(<\/mml:mo>x<\/mml:mi>i<\/mml:mi>+<\/mml:mo>1<\/mml:mn><\/mml:mrow><\/mml:msub>+<\/mml:mo>1<\/mml:mn>)<\/mml:mo><\/mml:mrow>x<\/mml:mi>i<\/mml:mi>+<\/mml:mo>2<\/mml:mn><\/mml:mrow><\/mml:msub><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>(where$$i\\in \\mathbb {Z}\/n\\mathbb {Z}$$<\/jats:tex-math>i<\/mml:mi>\u2208<\/mml:mo>Z<\/mml:mi>\/<\/mml:mo>n<\/mml:mi>Z<\/mml:mi><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>) is used in various permutations that are part of cryptographic schemes, e.g.,Keccak<\/jats:sc>-f (the SHA-3-permutation), ASCON (the winner of the NIST Lightweight competition), Xoodoo, Rasta and Subterranean (2.0). In this paper, we study various algebraic properties of this map. We consider$$\\chi _n$$<\/jats:tex-math>\u03c7<\/mml:mi>n<\/mml:mi><\/mml:msub><\/mml:math><\/jats:alternatives><\/jats:inline-formula>(through vectorial isomorphism) as a univariate polynomial. We show that it is a power function if and only if$$n=1,3$$<\/jats:tex-math>n<\/mml:mi>=<\/mml:mo>1<\/mml:mn>,<\/mml:mo>3<\/mml:mn><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>. We furthermore compute bounds on the sparsity and degree of these univariate polynomials, and the number of different univariate representations. Secondly, we compute the number of monomials of given degree in the inverse of$$\\chi _n$$<\/jats:tex-math>\u03c7<\/mml:mi>n<\/mml:mi><\/mml:msub><\/mml:math><\/jats:alternatives><\/jats:inline-formula>(if it exists). This number coincides with binomial coefficients. Lastly, we consider$$\\chi _n$$<\/jats:tex-math>\u03c7<\/mml:mi>n<\/mml:mi><\/mml:msub><\/mml:math><\/jats:alternatives><\/jats:inline-formula>as a polynomial map, to study whether the same rule ($$y_i = x_i + (x_{i+1}+1)x_{i+2}$$<\/jats:tex-math>y<\/mml:mi>i<\/mml:mi><\/mml:msub>=<\/mml:mo>x<\/mml:mi>i<\/mml:mi><\/mml:msub>+<\/mml:mo>(<\/mml:mo>x<\/mml:mi>i<\/mml:mi>+<\/mml:mo>1<\/mml:mn><\/mml:mrow><\/mml:msub>+<\/mml:mo>1<\/mml:mn>)<\/mml:mo><\/mml:mrow>x<\/mml:mi>i<\/mml:mi>+<\/mml:mo>2<\/mml:mn><\/mml:mrow><\/mml:msub><\/mml:mrow><\/mml:math><\/jats:alternatives><\/jats:inline-formula>) gives a bijection on field extensions of$$\\mathbb {F}_2$$<\/jats:tex-math>F<\/mml:mi>2<\/mml:mn><\/mml:msub><\/mml:math><\/jats:alternatives><\/jats:inline-formula>. We show that this is not the case for extensions whose degree is divisible by two or three. Based on these results, we conjecture that this rule does not give a bijection on any extension field of$$\\mathbb {F}_2$$<\/jats:tex-math>F<\/mml:mi>2<\/mml:mn><\/mml:msub><\/mml:math><\/jats:alternatives><\/jats:inline-formula>.<\/jats:p>","DOI":"10.1007\/s10623-024-01395-w","type":"journal-article","created":{"date-parts":[[2024,4,10]],"date-time":"2024-04-10T13:01:51Z","timestamp":1712754111000},"page":"2341-2365","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Algebraic properties of the maps $$\\chi _n$$"],"prefix":"10.1007","volume":"92","author":[{"given":"Jan","family":"Schoone","sequence":"first","affiliation":[]},{"given":"Joan","family":"Daemen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,4,10]]},"reference":[{"issue":"4","key":"1395_CR1","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1016\/S0021-9800(69)80032-3","volume":"6","author":"Shair Ahmad","year":"1969","unstructured":"Ahmad Shair: Cycle structure of automorphisms of finite cyclic groups. J. Comb. Theory 6(4), 370\u2013374 (1969).","journal-title":"J. Comb. Theory"},{"key":"1395_CR2","unstructured":"Bertoni G., Daemen J., Peeters M., Van Assche, G.: KECCAK specifications, NIST SHA-3 Submission, (2008)."},{"key":"1395_CR3","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/BF00630563","volume":"4","author":"Eli Biham","year":"1991","unstructured":"Biham Eli, Shamir Adi: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4, 3\u201372 (1991).","journal-title":"J. Cryptol."},{"key":"1395_CR4","doi-asserted-by":"crossref","unstructured":"Blondeau C., Canteaut A., Charpin P.: Differential properties of power functions. In: 2010 IEEE International Symposium on Information Theory, pp. 2478\u20132482 (2010).","DOI":"10.1109\/ISIT.2010.5513437"},{"issue":"2","key":"1395_CR5","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1023\/A:1008344232130","volume":"15","author":"Claude Carlet","year":"1998","unstructured":"Carlet Claude, Charpin Pascale, Zinoviev Victor: Codes, bent functions and permutations suitable For DES-like cryptosystems. Des. Codes Cryptogr. 15(2), 125\u2013156 (1998).","journal-title":"Des. Codes Cryptogr."},{"issue":"1","key":"1395_CR6","doi-asserted-by":"publisher","first-page":"110","DOI":"10.46586\/tosc.v2022.i1.110-137","volume":"2022","author":"Carlos Cid","year":"2022","unstructured":"Cid Carlos, Grassi Lorenzo, Gunsing Aldo, L\u00fcftenegger Reinhard, Rechberger Christian, Schofnegger Markus: Influence of the linear layer on the algebraic degree in SP-networks. IACR Trans. Symmetric Cryptol. 2022(1), 110\u2013137 (2022).","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1395_CR7","doi-asserted-by":"crossref","unstructured":"Claesen L., Daemen J. Genoe M., Peeters G.: Subterranean: a 600 Mbit\/sec cryptographic VLSI chip, pp. 610\u2013613 (1993).","DOI":"10.1109\/ICCD.1993.393304"},{"key":"1395_CR8","unstructured":"Daemen J.: Cipher and Hash Function Design Strategies based on linear and differential cryptanalysis, Ph.D. thesis, Katholieke Universiteit Leuven (1995)."},{"key":"1395_CR9","doi-asserted-by":"crossref","unstructured":"Daemen J., Mehrdad A., Mella S.: Computing the distribution of differentials over the non-linear mapping $$\\chi $$. In: International Conference on Security, Privacy, and Applied Cryptography Engineering, pp. 3\u201321 (2021).","DOI":"10.1007\/978-3-030-95085-9_1"},{"key":"1395_CR10","doi-asserted-by":"crossref","unstructured":"Daemen J., Hoffert S., Van Assche G., Van Keer R.: The design of Xoodoo and Xoofff. IACR Trans. Symmetric Cryptol. (4), 1\u201338 (2018).","DOI":"10.46586\/tosc.v2018.i4.1-38"},{"key":"1395_CR11","doi-asserted-by":"crossref","unstructured":"Daemen J., Massolino P.M.C., Mehrdad A., Rotella Y.: The subterranean 2.0 cipher suite. IACR Trans. Symmetric Cryptol. (S1), 262\u2013294 (2020).","DOI":"10.46586\/tosc.v2020.iS1.262-294"},{"key":"1395_CR12","doi-asserted-by":"publisher","first-page":"289","DOI":"10.46586\/tosc.v2020.i1.289-312","volume":"1","author":"Christoph Dobraunig","year":"2020","unstructured":"Dobraunig Christoph, Rotella Yann, Schoone Jan: Algebraic and higher-order differential cryptanalysis of Pyjamask-96. IACR Trans. Symmetric Cryptol. 1, 289\u2013312 (2020).","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"1395_CR13","doi-asserted-by":"crossref","unstructured":"Dobraunig C., Eichlseder M., Grassi L., Lallemand V., Leander G., List E., Rechberger C.: A cipher with low AND depth and few ANDs per bit. In: Shacham H., Boldyreva A. (eds.) Advances in Cryptology\u2014CRYPTO, pp. 662\u2013692 Springer, New York (2018).","DOI":"10.1007\/978-3-319-96884-1_22"},{"key":"1395_CR14","unstructured":"Dobraunig C., Eichlseder M., Mendel F., Schl\u00e4ffer M.: Ascon v1.2 Submission to NIST (2021)."},{"key":"1395_CR15","doi-asserted-by":"crossref","unstructured":"Eichlseder M., Grassi L., L\u00fcftenegger R., \u00d8ygarden M., Rechberger C., Schofnegger M., Wang Q.: An algebraic attack on ciphers with low-degree round functions: application to full MiMC. In: Shiho M., Huaxiong W., (eds.) Advances in Cryptology\u2014ASIACRYPT 2020, pp.\u00a0477\u2013506. Springer, New York (2020).","DOI":"10.1007\/978-3-030-64837-4_16"},{"key":"1395_CR16","unstructured":"Graner A.M., Kriepke B., Krompholz L., Kyureghyan G.M.: On the bijectivity of the map $$\\chi $$. Cryptology ePrint Archive 2024\/187 (2024)."},{"key":"1395_CR17","doi-asserted-by":"crossref","unstructured":"Hensel K.: \u00dcber die Darstellung der Zahlen eines Gattungsbereiches f\u00fcr einen beliebigen Primdivisor. Journal f\u00fcr die reine und angewandte Mathematik (129), 68\u201385 (1888).","DOI":"10.1515\/crll.1888.103.230"},{"key":"1395_CR18","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1080\/00150517.1996.12429073","volume":"34","author":"CH Jones","year":"1996","unstructured":"Jones C.H.: Generalized hockey stick identities and $$N$$-dimensional blockwalking. Fibonacci Q. 34, 280\u2013288 (1996).","journal-title":"Fibonacci Q."},{"key":"1395_CR19","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511525926","volume-title":"Finite Fields","author":"R Lidl","year":"1996","unstructured":"Lidl R., Niederreiter H.: Finite Fields. Cambridge University Press, Cambridge (1996)."},{"issue":"4","key":"1395_CR20","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1007\/s00145-022-09439-x","volume":"35","author":"F Liu","year":"2022","unstructured":"Liu F., Sarkar S., Meier W., Isobe T.: The inverse of $$\\chi $$ and its applications to rasta-like ciphers. J. Cryptol. 35(4), 28 (2022).","journal-title":"J. Cryptol."},{"key":"1395_CR21","doi-asserted-by":"crossref","unstructured":"Matsui M.: Linear cryptanalysis method for des cipher. In: International Conference on the Theory and Application of Cryptographic Techniques (1994).","DOI":"10.1007\/3-540-48285-7_33"},{"key":"1395_CR22","unstructured":"NIST, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Fucntions, FIPS PUB 202 (2015)."},{"key":"1395_CR23","unstructured":"NIST, Lightweight Cryptography Standardization Process: NIST Selects Ascon (2023)."},{"key":"1395_CR24","unstructured":"National\u00a0Bureau of\u00a0Standards, Data Encryption Standard, FIPS-Pub.46, National Bureau of Standards, U.S. Department of Commerce (1977)."},{"key":"1395_CR25","unstructured":"Otal K.: A Solution to a Conjecture on the Maps $$\\chi _n^{(k)}$$, Cryptology ePrint Archive 2023\/1782 (2023)."},{"issue":"2","key":"1395_CR26","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1090\/S0002-9947-1934-1501740-7","volume":"36","author":"O \u00d6ystein","year":"1934","unstructured":"\u00d6ystein O.: Contributions to the theory of finite fields. Trans. Am. Math. Soc. 36(2), 243\u2013274 (1934).","journal-title":"Trans. Am. Math. Soc."},{"key":"1395_CR27","unstructured":"Pascal B.: Trait\u00e9 du triangle arithm\u00e9tique, Chez Guillaume Desprez (1965)."},{"issue":"6","key":"1395_CR28","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1016\/j.ipl.2007.09.012","volume":"106","author":"V Rijmen","year":"2008","unstructured":"Rijmen V., Barreto P.S., Gazzoni Filho D.L.: Rotation symmetry in algebraically generated cryptographic substitution tables. Inf. Process. Lett. 106(6), 246\u2013250 (2008).","journal-title":"Inf. Process. Lett."},{"key":"1395_CR29","doi-asserted-by":"crossref","unstructured":"Schoone J., Daemen J.: Algebraic properties of the maps $$\\chi _n$$, Cryptology ePrint Archive 2023\/1708 (2023).","DOI":"10.1007\/s10623-024-01395-w"},{"key":"1395_CR30","doi-asserted-by":"crossref","unstructured":"Schoone J., Daemen J.: The state diagram of $$\\chi $$. Des. Codes Cryptogr. (2024).","DOI":"10.1007\/s10623-023-01349-8"},{"key":"1395_CR31","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-0348-8440-2","volume-title":"Polynomial Automorphisms and the Jacobian Conjecture","author":"A van den Essen","year":"2000","unstructured":"van den Essen A.: Polynomial Automorphisms and the Jacobian Conjecture. Birkh\u00e4user, Basel (2000)."},{"key":"1395_CR32","doi-asserted-by":"crossref","unstructured":"Waring E.: VII. Problems concerning interpolations. Philos. Trans. R. Soc. (69), 59\u201367 (1779).","DOI":"10.1098\/rstl.1779.0008"}],"container-title":["Designs, Codes and Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-024-01395-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10623-024-01395-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10623-024-01395-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,16]],"date-time":"2024-11-16T00:58:07Z","timestamp":1731718687000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10623-024-01395-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,10]]},"references-count":32,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2024,8]]}},"alternative-id":["1395"],"URL":"https:\/\/doi.org\/10.1007\/s10623-024-01395-w","relation":{},"ISSN":["0925-1022","1573-7586"],"issn-type":[{"value":"0925-1022","type":"print"},{"value":"1573-7586","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,10]]},"assertion":[{"value":"15 November 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 March 2024","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 March 2024","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 April 2024","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}]}}