APN Extendibility Criterion Overview

Updated 23 January 2026

APN-extendibility criterion is a set of algebraic, geometric, and combinatorial conditions ensuring that APN functions retain their low differential uniformity when extended or modified.
The methodology harnesses difference equations, associated algebraic surfaces, and injectivity tests on affine subspaces to classify APN functions and preclude infinite exceptional families.
Practical applications involve algorithmic constructions that produce new, EA-inequivalent APN functions, advancing cryptographic function design.

An APN-extendibility criterion provides necessary and/or sufficient conditions under which a function possessing the almost perfect nonlinear (APN) property on a given vector space (typically a finite field or a vector space over $\mathbb{F}_2$ ) can be extended or modified—either to a larger space or by altering its values on certain subspaces—while retaining the APN property. This criterion underpins several central questions in the theory of cryptographically relevant Boolean functions, especially the classification, structure, and construction of APN functions on vector spaces of differing dimensions. APN-extendibility criteria have been established in multiple technical frameworks: via difference equations, geometric characterizations using associated surfaces, as tractable algebraic constraints in secondary constructions, and by combinatorial tests on flats or affine subspaces. The APN-extendibility criterion is a cornerstone for understanding the non-existence of infinite families of exceptional APN functions and also enables practical algorithms for constructing new, EA-inequivalent APN functions in given dimensions.

1. Definitions and Fundamental Principles

The APN property is defined for a function $F:\mathbb{F}_2^n \to \mathbb{F}_2^m$ as having differential uniformity $\Delta_F=2$ , i.e., for all $\alpha\neq0$ and all $\beta$ , the equation $F(x+\alpha)+F(x)=\beta$ has at most two solutions in $x$ (Beierle et al., 2021, Langevin, 16 Jan 2026). Special attention is paid to $(n,n)$ -functions—vectorial Boolean functions from $n$ bits to $n$ bits—where APN property ensures maximal resistance to differential cryptanalysis.

A function $G:\mathbb{F}_2^{n-k}\to\mathbb{F}_2^{n-k}$ is said to be APN-extendible if there exists an auxiliary function $g:\mathbb{F}_2^{n}\to\mathbb{F}_2^{k}$ such that $F(x) = (G(x'), g(x'))$ for some embedding $x'$ , and $F$ is APN on the larger space. The APN-extendibility criterion formalizes the possibility of such an extension, typically as a system of algebraic or geometric conditions imposed on $G$ and $g$ (Langevin, 16 Jan 2026, Beierle et al., 2021).

Extended-affine equivalence (EA-equivalence) is preserved under the APN-extendibility framework; that is, whether a function is APN-extendible is invariant under EA-transformations (Beierle et al., 2021).

2. Surface and Geometric Characterizations

A powerful approach to APN-extendibility leverages the geometry of associated algebraic surfaces. Rodier’s criterion shows that a function $f: \mathbb{F}_{2^n} \to \mathbb{F}_{2^n}$ is APN if and only if every $\mathbb{F}_{2^n}$ -rational point of the surface

$\Phi_f(x,y,z) = \frac{f(x)+f(y)+f(z)+f(x+y+z)}{(x+y)(x+z)(y+z)} = 0$

lies on the union of the three coordinate planes $(x+y)(x+z)(y+z)=0$ (Delgado et al., 2016, Delgado et al., 2012, Rodier, 2016).

The APN-extendibility criterion arising from this perspective is as follows: if the surface $\Phi_f$ possesses an absolutely irreducible component (other than the three planes), then $f$ cannot be APN on infinitely many extensions. In particular, whenever $\Phi_f$ is absolutely irreducible over $\mathbb{F}_{2^n}$ , APN-extendibility to infinite extensions is obstructed. This mechanism is fundamental in ruling out infinite families of exceptional APN functions, reducing such behavior to the Gold and Kasami-Welch monomial families (Delgado et al., 2016, Delgado et al., 2012).

3. Algebraic Criteria and the Zero-Extension Theorem

For quadratic APN functions, more refined algebraic APN-extendibility criteria are available. For $G: \mathbb{F}_2^n \to \mathbb{F}_2^n$ quadratic APN, and linear $L: \mathbb{F}_2^n \to \mathbb{F}_2^n$ and $\ell: \mathbb{F}_2^n \to \mathbb{F}_2$ , define the candidate extension on $\mathbb{F}_2^{n+1}$ as

$T(x,y) = (G(x),0) + (L(x), \ell(x)) y,\qquad (x,y)\in \mathbb{F}_2^n \times \mathbb{F}_2.$

The APN-extendibility (or zero-extension) theorem states that $T$ is APN if and only if:

$G$ is APN on $\mathbb{F}_2^n$ , and
For every $\alpha\neq0$ with $\ell(\alpha)=0$ ,

$\langle \pi_G(\alpha), L(\alpha) \rangle = 1,$

where $\pi_G$ is the ortho-derivative of $G$ and $B_\alpha(x) = G(x)+G(x+\alpha)+G(\alpha)+G(0)$ is the difference-mapping (Beierle et al., 2021).

This explicit algebraic criterion translates the geometric APN-extendibility obstruction into a tractable system of linear equations for $(L,\ell)$ . The system can be efficiently implemented, supporting algorithmic construction and classification of APN extensions of given quadratic cores.

4. APN-Extendibility on Affine Subspaces and Secondary Constructions

APN-extendibility can also be characterized for modifications on affine subspaces of small codimension, for instance hyperplanes (codimension 1) or their generalizations. For quadratic $F$ and a hyperplane $T_0 = \{x: \text{Tr}(x)=0\}$ , the function $G(x) = F(x) + \text{Tr}(x) L(x)$ is APN if and only if, for each $a\in T_0$ , the map

$\lambda_a(x) = L(x) + B_F(x, a+e_0)$

is injective (where $B_F$ denotes the bilinear part of $F$ and $e_0$ is a fixed vector outside $T_0$ ) (Taniguchi et al., 7 Jan 2025).

For codimension 2, $G$ is constructed by modifying $F$ by coset-dependent constants, and the APN-extendibility criterion requires checking that on every affine 2-flat meeting all cosets, the sum $F(x_1)+F(x_2)+F(x_3)+F(x_4) + (a_1+a_2+a_3+a_4) \neq 0$ . These tests yield necessary and sufficient conditions for APN-extendibility under local affine modifications, and underpin the construction of new, EA-inequivalent APN functions (Taniguchi et al., 7 Jan 2025).

5. Combinatorial and Backtracking Methods

In small dimensions, the APN-extendibility criterion can be sharply formulated as a system of constraints over combinatorial "flats" or two-flats. For $G: \mathbb{F}_2^m \to \mathbb{F}_2^{m-k}$ , the following must hold for an APN extension $F(x) = (G(x), g(x))$ with $g: \mathbb{F}_2^m \to \mathbb{F}_2^k$ :

Differential uniformity $\Delta_G\leq 2^{k+1}$ ,
For every flat $\{x,y,z,t\}$ with $x+y+z+t=0$ and $G(x)+G(y)+G(z)+G(t)=0$ , the "lift" $g(x)+g(y)+g(z)+g(t)\neq 0$ .

When $k>1$ , the last constraint becomes a system of multivariate cubic equations. Efficient backtracking algorithms exploiting these constraints have succeeded in classifying all APN extensions in small dimensions, confirming the absence of unexpected classes in, e.g., the 6-bit case (Langevin, 16 Jan 2026).

6. Generic Non-Extendibility and the Classification of Exceptional APN Functions

The APN-extendibility criterion is central to the proof that almost all polynomial APN functions fail to be APN on infinitely many extensions, except those CCZ-equivalent to Gold or Kasami-Welch monomials. The geometric and algebraic criteria quickly rule out extendibility of any $f$ whose associated difference surface $\Phi_f$ is absolutely irreducible, or whose underlying combinatorial or linearized constraints are unsatisfiable (Delgado et al., 2016, Delgado et al., 2012, Rodier, 2016, Budaghyan et al., 2019).

For polynomials of degree $4e$ ( $e$ odd), the criterion becomes especially rigid: any such function $f$ can only be APN on infinitely many extensions if $\Phi_f$ factors in a highly specific Galois-theoretic manner, essentially reducing $f$ to a function CCZ-equivalent to a Gold power (Rodier, 2016). The absence of new irreducible components on the surface prohibits new infinite exceptional families.

7. Applications, Practical Algorithms, and Open Directions

The explicit APN-extendibility criteria form the basis for efficient construction algorithms for new APN functions. For instance, recursive backtracking and tree-search leveraging zero-extension criteria constructed over 6,368 new quadratic 8-bit APN functions starting from classified quadratics in dimension 7 (Beierle et al., 2021). Similarly, Sage implementations of these criteria serve for the enumeration and non-existence proofs of maximum linearity APN classes.

Open problems include extending precise APN-extendibility criteria to modifications of higher codimension, finding further infinite families of partial-APN functions, and settling the full range of non-classical, non-monomial APN-extendibility in high dimensions (Taniguchi et al., 7 Jan 2025, Budaghyan et al., 2019, Delgado et al., 2016). The consensus arising from these criteria is that only the Gold and Kasami-Welch monomial families are infinitely APN-extendible, consistent with the Aubry–McGuire–Rodier conjecture (Delgado et al., 2012, Delgado et al., 2016).