Differential uniformity and second order derivatives for generic polynomials (Q1689589)

Immunity against differential cryptanalysis techniques represents an important criterion when analysing the security of symmetric ciphers. In the light of Lai's results regarding higher order derivatives and their applications to differential cryptanalysis, the current paper can be seen as a natural and technically valuable follow-up of [\textit{J. F. Voloch}, in: Algebraic geometry and its applications. Dedicated to Gilles Lachaud on his 60th birthday. Proceedings of the first SAGA conference, Papeete, France, May 7--11, 2007. Hackensack, NJ: World Scientific. 135--141 (2008; Zbl 1151.14319)]. Thus, a density theorem which may be considered an extension of Voloch's main result is stated and proved. More precisely, instead of analysing the differential uniformity of a polynomial \(f \in \mathbb{F}_q[x]\), where \(q=2^n\), the authors explore the ``second order differential uniformity''. The paper is structured in eight sections. The first section discusses introductory aspects, a very short presentation of the article's structure and establishes notations. Sections 2 to 6 cover all the technical details necessary to construct the main theorem of the paper and prove it in section 7. Section 8 provides information about an inversion mapping which is of great importance in the study of (good) S-boxes. A specific instantiation of the previously mentioned inversion mapping is used precisely in the case of AES, a block cipher which is widely adopted nowadays. The mathematical concepts and properties discussed in each section are generally presented in a clear and accessible manner for (graduate) students and more experienced readers (especially if interested in differential cryptanalysis). The lemmas, the propositions and the theorems stated in the paper are accompanied by well written proofs. As a side note regarding the structure of the paper (more like personal opinions rather than shortcomings), a number of things which could have added readability or completion (especially for cryptography enthusiasts) are described next: 1. The \(Introduction\) lacks a reference to section 8 (only for uniformity, as the other sections are briefly tackled). 2. Usually, papers submitted to cryptography conferences of journals include a liaison with real world applications. Nonetheless, the current article was published in the Journal of Pure and Applied Algebra and, thus, it is all right for the writing style to be rather arid (and lacking motivation). The importance of the results is not clearly underlined in real world scenarios (e.g., concepts like S-boxes and block ciphers like AES are vaguely mentioned in section 8). 3. A section including future work would have been interesting. Given the above, we recommend the readers interested in differential cryptanalysis to attentively read this paper and, maybe, extend its results as they are of clear importance to symmetric cryptography. In conclusion, the current article is a valuable research work for both mathematicians and cryptographers.