The Differential and Boomerang Properties of a Class of Binomials

Sihem Mesnager Member, IEEE and Huawei Wu S. Mesnager is with the Department of Mathematics, University of Paris VIII, 93526 Saint-Denis, France, also with the Laboratory Analysis, Geometry and Applications (LAGA), UMR 7539, CNRS, University Sorbonne Paris Cité, 93430 Villetaneuse, France, and also with Telecom Paris, Polytechnic Institute of Paris, 91120 Palaiseau, France (e-mail: [email protected])H. Wu is with the Department of Mathematics, University of Paris VIII, 93526 Saint-Denis, France, and also with the Laboratory Analysis, Geometry and Applications (LAGA), UMR 7539, CNRS, University Sorbonne Paris Cité, 93430 Villetaneuse, France (e-mail: [email protected])

Abstract

Let $q$ be an odd prime power with $q\equiv 3\ ({\rm{mod}}\,4)$ . In this paper, we study the differential and boomerang properties of the function $F_{2,u}(x)=x^{2}\big{(}1+u\eta(x)\big{)}$ over $\mathbb{F}_{q}$ , where $u\in\mathbb{F}_{q}^{*}$ and $\eta$ is the quadratic character of $\mathbb{F}_{q}$ . We determine the differential uniformity of $F_{2,u}$ for any $u\in\mathbb{F}_{q}^{*}$ and determine the differential spectra and boomerang uniformity of the locally-APN functions $F_{2,\pm 1}$ , thereby disproving a conjecture proposed in [5] which states that there exist infinitely many $q$ and $u$ such that $F_{2,u}$ is an APN function.

Index Terms:

Boomerang uniformity, boomerang spectrum, character sums, differential uniformity, differential spectrum, locally-APN functions, Ness-Helleseth functions, Weil bound

I Introduction

Let $\mathbb{F}_{q}$ be the finite field with $q$ elements, where $q=p^{n}$ , $p$ is a prime and $n$ is a positive integer. For any function $f$ over $\mathbb{F}_{q}$ and any element $a\in\mathbb{F}_{q}$ , the derivative of $f$ at $a$ is defined as

D_{a}f(x)=f(x+a)-f(x),\quad x\in\mathbb{F}_{q}.

For any $a,b\in\mathbb{F}_{q}$ , let

\delta_{f}(a,b)=\#\{x\in\mathbb{F}_{q}:\ D_{a}f(x)=b\}.

The differential uniformity of $f$ is defined as

\delta_{f}=\max\limits_{\begin{subarray}{c}a\in\mathbb{F}_{q}^{*}\\ b\in\mathbb{F}_{q}\end{subarray}}\delta(a,b),

which was introduced by Nyberg in [12] to measure the ability of $f$ , when used as an S-box (substitution box) in a cipher, to resist differential attacks. The differential uniformity is desired to be as low as possible, corresponding to a stronger resistance against differential attacks. If $\delta_{f}=1$ , then $f$ is called a perfect nonlinear (PN) function, which exists only in odd characteristics. Whereas, if $\delta_{f}=2$ , then $f$ is called an almost perfect nonlinear (APN) function, which is the minimum possible value for binary fields. When studying the differential properties of a function $f$ , the differential uniformity is the most basic characteristic that needs to be determined. The differential spectrum of $f$ can provide more detailed information on the differential properties of $f$ , which is defined as the following multiset

{\rm{DS}}_{f}=\{\omega_{i}:\ 0\leq i\leq\delta_{f}\},

where

\omega_{i}=\#\{(a,b)\in\mathbb{F}_{q}^{*}\times\mathbb{F}_{q}:\ \delta_{f}(a,b% )=i\}.

We have the following fundamental property of the differential spectrum (see, for instance, [1]):

\sum\limits_{i=0}^{\delta_{f}}\omega_{i}=\sum\limits_{i=0}^{\delta_{f}}i\omega% _{i}=(q-1)q.

(1)

In [2], when working on the differential properties of power functions over binary fields, Blondeau and Nyberg introduced a new concept called locally-APNness. They showed that a locally-APN S-box could achieve lower differential probabilities compared to S-boxes with differential uniformity $4$ , using a cryptographic toy example [3]. Recently, Hu et al. generalized this concept to general functions over arbitrary finite fields [6]. A function $f$ over $\mathbb{F}_{q}$ is said to be locally-APN if

\max\{\delta_{f}(a,b):\ a\in\mathbb{F}_{q}^{*},\ b\in\mathbb{F}_{q}\setminus% \mathbb{F}_{p}\}=2.

The boomerang attack is a variant of the differential attack proposed by Wagner in [14], which combines the differential layers of the upper and lower layers of block ciphers. The quantity measures the resistance of an S-box to boomerang attacks is called the boomerang uniformity, which was introduced by Boura and Canteaut in [4] for permutations over binary fields and was later generalized to general functions over arbitrary finite fields by Li et al. in [7]. The boomerang uniformity of a function $f$ over $\mathbb{F}_{q}$ is defined as

\beta_{f}=\max\limits_{a,b\in\mathbb{F}_{q}^{*}}\beta_{f}(a,b),

where $\beta_{f}(a,b)$ denotes the number of solutions $(x,y)\in\mathbb{F}_{q}^{2}$ to the following system of equations

\begin{cases}f(x)-f(y)=b,\\ f(x+a)-f(y+a)=b.\end{cases}

Similarly, the boomerang spectrum of $f$ is defined as the following multiset

{\rm{BS}}_{f}=\{\nu_{i}:\ 0\leq i\leq\beta_{f}\},

where

\nu_{i}=\#\{(a,b)\in\mathbb{F}_{q}^{*}\times\mathbb{F}_{q}^{*}:\ \beta_{f}(a,b% )=i\}.

From here until the end of this section, we assume that $q\equiv 3\ ({\rm{mod}}\,4)$ . Let $C_{0}$ (resp., $C_{1}$ ) denote the set of non-zero square (resp., non-square) elements in $\mathbb{F}_{q}$ . It is known that there exists a unique quadratic character $\eta$ of $\mathbb{F}_{q}$ which is given by

\displaystyle\eta(x)=\left\{\begin{array}[]{ll}0,&\text{if }x=0,\\ 1,&\text{if }x\in C_{0},\\ -1,&\text{if }x\in C_{1}.\end{array}\right.

Throughout this paper, the symbol $\eta$ always represents this meaning.

Consider the following function over $\mathbb{F}_{q}$ :

F_{u}(x)=ux^{\frac{q-3}{2}}+x^{q-2},

where $u\in\mathbb{F}_{q}$ . It was first studied by Ness and Helleseth in [11] for the ternary case and was later generalized to the general case by Zeng et al. in [17]. They showed that if $\eta(u+1)=\eta(u-1)=-\eta(5u+3)$ or $\eta(u+1)=\eta(u-1)=-\eta(5u-3)$ , then $F_{u}$ is an APN function. Subsequently, several papers have been dedicated to studying the differential properties of $F_{u}$ . Zha proved in his PhD dissertation [18] that the differential uniformity of $F_{u}$ is $3$ if $\eta(u+1)=\eta(u-1)=\eta(5u+3)=\eta(5u-3)$ . Recently, when $p=3$ , Xia et al. [15] determined the differential uniformity of $F_{u}$ for any $u\in\mathbb{F}_{q}$ and expressed the differential spectrum of $F_{u}$ in terms of several quadratic character sums of cubic polynomials for any $u\in\mathbb{F}_{q}$ with $\eta(u+1)=\eta(u-1)$ . Very recently, they generalized in [16] their results to the case of a general odd power $q$ satisfying $q\equiv 3\ ({\rm{mod}}\,{4})$ . It is worth mentioning that when $u=1$ or $-1$ , although $F_{u}$ has a large differential uniformity (equaling $\frac{q+1}{4}$ ), it is locally-APN. This was first observed by Lyu et al. in [9], where they also computed the boomerang spectra of $F_{\pm 1}$ , revealing the first class of non-PN functions whose boomerang uniformity can attain $0$ or $1$ .

Note that $F_{u}$ can be rewritten as $F_{u}(x)=x^{p^{n}-2}\big{(}1+u\eta(x)\big{)}$ . This inspires us to consider the following generalization of $F_{u}$ :

F_{r,u}(x)=x^{r}\big{(}1+u\eta(x)\big{)},

(2)

where $r\in\mathbb{N}_{+}$ and $u\in\mathbb{F}_{q}$ . The numerical results indicate that many of the $F_{r,u}$ ’s exhibit low differential uniformity. In this paper, we study what appears to be the simplest case, $r=2$ . Since $F_{2,0}$ is the square function, which has been extensively studied, we always assume that $u\neq 0$ . In [5], Budaghyan and Pal showed that $\delta_{F_{2,u}}\leq 5$ for any $u\in\mathbb{F}_{q}\setminus\{0,\pm 1\}$ . Moreover, based on their computational results over fields of small orders, they conjectured that there exist infinitely many $q$ and $u$ such that $F_{2,u}$ is an APN function. In this paper, we show that the conjecture does not hold by determining the differential uniformity of the functions $F_{2,u}$ ’s.

We set the following set

\mathcal{U}=\begin{cases}\{0,\pm 1\}&\mbox{if}\ p=3,\\ \{0,\pm 1,\pm\frac{1}{3}\}&\mbox{if}\ p\neq 3.\end{cases}

The remainder of the paper is organized as follows. In Section II, we introduce some basic concepts and several results that will be used later. In Section III, we preliminarily investigate the differential properties of $F_{2,u}$ for $u\in\mathbb{F}_{q}\setminus\{0,\pm 1\}$ . In Section IV, we determine the differential uniformity of $F_{2,u}$ for $u\in\mathbb{F}_{q}\setminus\mathcal{U}$ . In Section V, we determine the differential uniformity of $F_{2,\pm\frac{1}{3}}$ when $p\neq 3$ . In Section VI, we determine the differential spectra and boomerang uniformity of $F_{2,\pm 1}$ . Finally, Section VII serves as a conclusion.

II Preliminaries

If $q$ is an odd prime power, we use $C_{0}$ (resp., $C_{1}$ ) to denote the set of non-zero square (resp., non-square) elements in $\mathbb{F}_{q}$ . If $s\in C_{0}$ , we use $\pm\sqrt{s}$ to denote the two square roots of $s$ in $\mathbb{F}_{q}$ . Put

\begin{cases}C_{00}=\{x\in\mathbb{F}_{q}:\ \eta(x)=\eta(x+1)=1\},\\ C_{01}=\{x\in\mathbb{F}_{q}:\ \eta(x)=1,\ \eta(x+1)=-1\},\\ C_{10}=\{x\in\mathbb{F}_{q}:\ \eta(x)=-1,\ \eta(x+1)=1\},\\ C_{11}=\{x\in\mathbb{F}_{q}:\ \eta(x)=\eta(x+1)=-1\}.\end{cases}

Then $\mathbb{F}_{q}=C_{00}\cup C_{01}\cup C_{10}\cup C_{11}\cup\{0,-1\}$ .

Regarding the sizes of the sets $C_{ij}$ ’s, we have the following conclusion.

Lemma 1 ([13, Lemma 6]).

For any $i,j\in\{0,1\}$ , put $(i,j)=\#C_{ij}$ .

If $q\equiv 1\ ({\rm{mod}}\,4)$ , then

(0,0)=\frac{q-5}{4},\ (0,1)=(1,0)=(1,1)=\frac{q-1}{4};

If $q\equiv 3\ ({\rm{mod}}\,4)$ , then

(0,0)=(1,0)=(1,1)=\frac{q-3}{4},\ (0,1)=\frac{q+1}{4}.

The following helpful lemma will be used repeatedly later.

Lemma 2.

Assume that $q\equiv 3\ ({\rm{mod}}\,{4})$ . Let $a\in\mathbb{F}_{q}$ and $u,u^{\prime}\in C_{0}$ be such that $u+u^{\prime}=a^{2}$ . Suppose that $\epsilon\in\{\pm 1\}$ . Then $\eta(a\pm\sqrt{u})=\epsilon$ if and only if $\eta(a\pm\sqrt{u^{\prime}})=\eta(2)\epsilon$ .

Proof.

By symmetry, it suffices to prove the sufficiency. We assume that $\eta(a\pm\sqrt{u^{\prime}})=\eta(2)\epsilon$ . Since $(a+\sqrt{u})(a-\sqrt{u})=a^{2}-u=u^{\prime}\in C_{0}$ , we have $\eta(a\pm\sqrt{u})=\epsilon$ or $\eta(a\pm\sqrt{u})=-\epsilon$ . For a contradiction, assume that $\eta(a+\sqrt{u})=-\epsilon$ . Then there exists $t\in\mathbb{F}_{q}$ such that $-\epsilon t^{2}=a+\sqrt{u}$ , which implies that

(-\epsilon t^{2}-a)^{2}=u\iff t^{4}+2\epsilon at^{2}+a^{2}-u=0.

(3)

Consider the quadratic polynomial $x^{2}+2\epsilon ax+a^{2}-u$ , whose discriminant is $4u\in C_{0}$ . Hence, it has two distinct roots $x_{1}$ and $x_{2}$ in $\mathbb{F}_{q}$ . Since $x_{1}x_{2}=a^{2}-u\in C_{0}$ , both $x_{1}$ and $x_{2}$ are square or neither is square. It follows that equation (3) has four distinct solutions or no solution in $\mathbb{F}_{q}$ . By assumption, it has at least one solution in $\mathbb{F}_{q}$ , so it has four distinct solutions in $\mathbb{F}_{q}$ , i.e., $\pm\sqrt{x_{1}}$ and $\pm\sqrt{x_{2}}$ . Note that

	$\displaystyle t^{4}+2\epsilon at^{2}+a^{2}-u$
$\displaystyle=\$	$\displaystyle(t+\sqrt{x_{1}})(t-\sqrt{x_{1}})(t+\sqrt{x_{2}})(t-\sqrt{x_{2}})$
$\displaystyle=\$	$\displaystyle(t^{2}+ct+d)(t^{2}-ct+d),$	(4)

where $c=\sqrt{x_{1}}+\sqrt{x_{2}}$ and $d=\sqrt{x_{1}}\sqrt{x_{2}}$ . Comparing the coefficients of $t^{2}$ and $t^{0}$ , we have $-c^{2}+2d=2\epsilon a$ and $d^{2}=a^{2}-u=u^{\prime}$ , which implies that $d=\sqrt{u^{\prime}}$ or $d=-\sqrt{u^{\prime}}$ . Moreover, since polynomial (II) has four distinct roots in $\mathbb{F}_{q}$ , we have $\eta(c^{2}-4d)=1$ . However, we have $c^{2}-4d=2(d-\epsilon a)-4d=-2(d+\epsilon a)=-2\epsilon(a+\epsilon d)$ , which implies that $\eta(a+\epsilon d)=-\eta(2)\epsilon$ (note that $\eta(-1)=-1$ since $q\equiv 3\ ({\rm{mod}}\,4)$ ). This contradicts our assumption that $\eta(a\pm\sqrt{u^{\prime}})=\eta(2)\epsilon$ . Hence $\eta(a\pm\sqrt{u})=\epsilon$ . ∎

An important tool used later in this paper is estimating rational points on algebraic curves over finite fields. Here, we only provide a minimal introduction to the necessary concepts.

Let $q$ be an arbitrary prime power. For any polynomial $f\in\mathbb{F}_{q}[x_{1},\cdots,x_{n}]$ , we use $A_{f}(\mathbb{F}_{q})$ to denote the zero set of $f$ in $\mathbb{F}_{q}^{n}$ , i.e.,

A_{f}(\mathbb{F}_{q})=\{(a_{1},\cdots,a_{n})\in\mathbb{F}_{q}^{n}:\ f(a_{1},% \cdots,a_{n})=0\}.

We need the following definition of absolute irreducibility.

Definition 1.

Let $F$ be a field. A polynomial $f\in F[x_{1},\cdots,x_{n}]$ is said to be absolutely irreducible if it is irreducible over $\overline{F}$ , the algebraic closure of $F$ .

The following is a variation of the well-known Weil estimate.

Theorem 1 ([10, Theorem 7.1.9]).

If $f\in\mathbb{F}_{q}[x_{1},\cdots,x_{n}]$ is an absolutely irreducible polynomial of degree $d>0$ , then

\left|\#A_{f}(\mathbb{F}_{q})-q^{n-1}\right|\leq(d-1)(d-2)q^{n-\frac{3}{2}}+5d% ^{\frac{13}{3}}q^{n-2}.

Let $F$ be a field. Note that a bivariate polynomial $f(x,y)\in F[x,y]$ can be viewed as a univariate polynomial over the ring $F[x]$ . If $f(x,y)$ has the form $f(x,y)=y^{k}+f_{k-1}(x)y^{k-1}+\cdots+f_{0}(x)$ , where $f_{i}(x)\in F[x]$ for $0\leq i\leq k-1$ , then the irreducibility of $f$ in $F[x,y]$ is equivalent to its irreducibility as a polynomial over $F[x]$ . Thus, in this case, we only need to consider the irreducibility of univariate polynomials over rings. The following two simple lemmas will play a crucial role in verifying the absolute irreducibility of bivariate polynomials later.

Lemma 3.

Let $R$ be an integral domain and $A,B\in R$ . If neither $A^{2}-4B$ nor $B$ is a square element in $R$ , then the polynomial $f(x)=x^{4}+Ax^{2}+B$ is irreducible in $R[x]$ .

Proof.

Assume that $f(x)$ can be factored as the product of two quadratic polynomials, i.e.,

f(x)=(x^{2}+A_{1}x+B_{1})(x^{2}+A_{2}x+B_{2}).

Comparing the coefficients of $x^{3}$ and $x$ on both sides, we have

A_{1}+A_{2}=0,\qquad A_{1}B_{2}+A_{2}B_{1}=0.

If $A_{1}=A_{2}=0$ , then we have $B_{1}+B_{2}=A$ and $B_{1}B_{2}=B$ , which implies that $A^{2}-4B=(B_{1}-B_{2})^{2}$ is a square element in $R$ . This contradicts our hypothesis. Hence, both $A_{1}$ and $A_{2}$ are non-zero, which implies that $B_{1}=B_{2}$ . Then, $B=B_{1}^{2}$ is a square element in $R$ , which contradicts our hypothesis. Hence, $f(x)$ cannot be factored as the product of two quadratic polynomials.

Now assume that $f(x)$ can be factored as the product of a linear and cubic polynomial. Then $f(x)$ has a root in $R$ , say $a$ , which implies that $x_{1}=a^{2}$ is a root of the quadratic polynomial $\tilde{f}(x)=x^{2}+Ax+B$ . It follows that $\tilde{f}(x)$ has another root $x_{2}$ in $R$ , with $x_{1}+x_{2}=-A$ and $x_{1}x_{2}=B$ . Then, we again have $A^{2}-4B$ , a square element in $R$ , which contradicts our hypothesis. Hence $f(x)$ is irreducible in $R[x]$ . ∎

Lemma 4.

Let $R$ be an integral domain such as $2\neq 0$ and $A,B\in R$ . If $f(x)=x^{4}+Ax^{2}+B$ is a square element in $R[x]$ , then $A^{2}-4B=0$ .

Proof.

Assume that $f(x)=(x^{2}+A_{1}x+B_{1})^{2}$ . Comparing the coefficients of all terms on both sides, we have

2A_{1}=0,\quad 2B_{1}+A_{1}^{2}=A,\quad 2A_{1}B_{1}=0,\quad B_{1}^{2}=B.

It follows that $A_{1}=0$ , $A=2B_{1}$ and $B=B_{1}^{2}$ , which implies that $A^{2}-4B=0$ . ∎

The character sum is a powerful tool in both theory and application. Below, we recall some facts about character sums of the form $\sum_{a\in\mathbb{F}_{q}}\psi\big{(}f(a)\big{)}$ where $f(x)\in\mathbb{F}_{q}[x]$ and $\psi$ is a multiplicative character of $\mathbb{F}_{q}$ . Such character sums are called Weil sums.

If $f$ is a quadratic polynomial and $\psi=\eta$ , then we can determine the exact value of the associated Weil sum.

Lemma 5 ([8, Theorem 5.48]).

Let $q$ be an odd prime power and let $f(x)=a_{2}x^{2}+a_{1}x+a_{0}\in\mathbb{F}_{q}[x]$ with $a_{2}\neq 0$ . Put $d=a_{1}^{2}-4a_{0}a_{2}$ . Then

\sum\limits_{x\in\mathbb{F}_{q}}\eta\big{(}f(x)\big{)}=\begin{cases}-\eta(a_{2% }),&\mbox{if }d\neq 0,\\ (q-1)\eta(a_{2}),&\mbox{if }d=0.\end{cases}

The counting problem in the following Lemma can be addressed using Lemma 5.

Lemma 6 ([8, Lemma 6.24]).

Let $q$ be an odd prime power, $b\in\mathbb{F}_{q}$ and $a_{1},a_{2}\in\mathbb{F}_{q}^{*}$ . Then

\#\left\{(x_{1},x_{2})\in\mathbb{F}_{q}^{2}:\ a_{1}x_{1}^{2}+a_{2}x_{2}^{2}=b% \right\}=q+\nu(b)\eta(-a_{1}a_{2}),

where the integer-valued function $\nu$ on $\mathbb{F}_{q}$ is defined by $\nu(b)=-1$ for $b\in\mathbb{F}_{q}^{*}$ and $\nu(0)=q-1$ .

We need the following result of the character sum.

Lemma 7.

Let $q$ be an odd prime power such that $q\equiv 3\ ({\rm{mod}}\,4)$ , then

\sum\limits_{x\in\mathbb{F}_{q}}\eta(x^{4}-1)=-1.

Proof.

Let $y\in C_{0}$ . Then $y=z^{2}$ for some $z\in\mathbb{F}_{q}^{*}$ . Since $\eta(z)\eta(-z)=\eta(-y)=-1$ , we have $\eta(z)=-\eta(-z)$ . We may assume that $\eta(z)=1$ , and then $z=x^{2}$ for some $x\in\mathbb{F}_{q}^{*}$ , which implies that $y=x^{4}$ . Hence $C_{0}=\{x^{4}:\ x\in\mathbb{F}_{q}^{*}\}$ . Moreover, for any $y\in C_{0}$ , there exist exactly two elements $x\in\mathbb{F}_{q}^{*}$ such that $y=x^{4}$ . It follows that

	$\displaystyle\sum\limits_{x\in\mathbb{F}_{q}}\eta(x^{4}-1)$	$\displaystyle=\eta(-1)+2\sum\limits_{y\in C_{0}}\eta(y-1)$
		$\displaystyle=\sum\limits_{x\in\mathbb{F}_{q}}\eta(x^{2}-1)=-1$

by Lemma 5. ∎

Jacobsthal sums are also a class of Weil sums that have been extensively studied.

Definition 2.

Let $q$ be an odd prime number, $n\in\mathbb{N}_{+}$ and $a\in\mathbb{F}_{q}^{*}$ . The sum

H_{n}(a)=\sum\limits_{x\in\mathbb{F}_{q}}\eta(x^{n+1}+ax)

is called a Jacobsthal sum.

Lemma 8 ([8, Theorem 5.52]).

Let $q$ be an odd prime number, $n\in\mathbb{N}_{+}$ and $a\in\mathbb{F}_{q}^{*}$ . We have $H_{n}(a)=0$ if the largest power of $2$ dividing $q-1$ also divides $n$ .

Remark.

If $q\equiv 3\ ({\rm{mod}}\,4)$ , then the largest power of $2$ dividing $q-1$ is $2$ , which implies that $H_{n}(a)=0$ for any even $n$ and $a\in\mathbb{F}_{q}^{*}$ .

For a general polynomial $f$ , we have the following estimate for the associated Weil sum.

Theorem 2 ([8, Theorem 5.41]).

Let $q$ be an odd prime power, let $\psi$ be a multiplicative character of $\mathbb{F}_{q}$ of order $m>1$ , and let $f\in\mathbb{F}_{q}[x]$ be a monic polynomial of positive degree that is not an $m$ -th power of a polynomial. Let $d$ be the number of distinct roots of $f$ in its splitting field over $\mathbb{F}_{q}$ . Then for every $a\in\mathbb{F}_{q}$ , we have

\left|\sum\limits_{x\in\mathbb{F}_{q}}\psi\big{(}af(x)\big{)}\right|\leq(d-1)% \sqrt{q}.

The following lemma about quadratic character sums of cubic polynomials will also be used later.

Lemma 9.

Let $q$ be an odd prime power and let $a,b,c,d\in\mathbb{F}_{q}$ with $a,d\neq 0$ . Then

		$\displaystyle\sum\limits_{x\in\mathbb{F}_{q}}\eta(ax^{3}+bx^{2}+cx+d)\eta(x)$
	$\displaystyle=\$	$\displaystyle-\eta(a)+\sum\limits_{x\in\mathbb{F}_{q}}\eta(dx^{3}+cx^{2}+bx+a).$

Proof.

We have

		$\displaystyle\sum\limits_{x\in\mathbb{F}_{q}}\eta(ax^{3}+bx^{2}+cx+d)\eta(x)$
	$\displaystyle=\$	$\displaystyle\sum\limits_{x\in\mathbb{F}_{q}^{*}}\eta(ax^{3}+bx^{2}+cx+d)\eta(x)$
	$\displaystyle=\$	$\displaystyle\sum\limits_{x\in\mathbb{F}_{q}^{*}}\eta(ax^{3}+bx^{2}+cx+d)\eta(% x^{-3})$
	$\displaystyle=\$	$\displaystyle\sum\limits_{x\in\mathbb{F}_{q}^{*}}\eta(a+bx^{-1}+cx^{-2}+dx^{-3})$
	$\displaystyle=\$	$\displaystyle\sum\limits_{y\in\mathbb{F}_{q}^{*}}\eta(a+by+cy^{2}+dy^{3})\quad% (y=x^{-1})$
	$\displaystyle=\$	$\displaystyle-\eta(a)+\sum\limits_{x\in\mathbb{F}_{q}}\eta(dx^{3}+cx^{2}+bx+a).$

∎

From this point until the end of the paper, we assume that $q=p^{n}$ is an odd prime power such that $q\equiv 3\ ({\rm{mod}}\,4)$ , where $p$ is a prime and $n$ is a positive integer. Let $F_{r,u}$ be the function over $\mathbb{F}_{q}$ defined by (2).

Lemma 10.

For any $a\in\mathbb{F}_{q}^{*}$ and $b\in\mathbb{F}_{q}$ , we have $\delta_{F_{r,-u}}(a,b)=\delta_{F_{r,u}}(a,\frac{b}{(-1)^{r+1}})$ and $\beta_{F_{r,-u}}(a,b)=\beta_{F_{r,u}}(a,\frac{b}{(-1)^{r}})$ . In particular, $F_{r,u}$ and $F_{r,-u}$ have the same differential and boomerang spectrum.

Proof.

Let $a\in\mathbb{F}_{q}^{*}$ and $b\in\mathbb{F}_{q}$ . By definition, $\delta_{F_{r,-u}}(a,b)$ equals the number of solutions $x\in\mathbb{F}_{q}$ to the following equation

(x+a)^{r}\big{(}1+u\eta(x+a)\big{)}-x^{r}\big{(}1+u\eta(x)\big{)}=b.

Making the substitution $y=-(x+a)$ , we can see that $\delta_{F_{r,-u}}(a,b)$ equals the number of solutions $y\in\mathbb{F}_{q}$ to the following equation

(y+a)^{r}\big{(}1+u\eta(y+a)\big{)}-y^{r}\big{(}1+u\eta(y)\big{)}=\frac{b}{(-1% )^{r+1}}

Hence $\delta_{F_{r,-u}}(a,b)=\delta_{F_{r,u}}(a,\frac{b}{(-1)^{r+1}})$ . The assertion for boomerang uniformity can be proved similarly. ∎

It is known that if $f(x)=x^{d}$ is a monomial, then $\delta_{f}(a,b)=\delta(1,\frac{b}{a^{d}})$ and $\beta_{f}(a,b)=\beta_{f}(1,\frac{b}{a^{d}})$ for any $a\in\mathbb{F}_{q}^{*}$ and $b\in\mathbb{F}_{q}$ , which implies that $\delta_{f}=\max_{b\in\mathbb{F}_{q}}\delta_{f}(1,b)$ and $\beta_{f}=\max_{b\in\mathbb{F}_{q}^{*}}\beta_{f}(1,b)$ . An interesting point is that $F_{r,u}$ has similar properties.

Lemma 11.

For any $a\in\mathbb{F}_{q}^{*}$ and $b\in\mathbb{F}_{q}$ , we have

\delta_{F_{r,u}}(a,b)=\begin{cases}\delta_{F_{r,u}}(1,\frac{b}{a^{r}})&\mbox{% if}\ \eta(a)=1,\\ \delta_{F_{r,u}}(1,\frac{b}{(-1)^{r+1}a^{r}})&\mbox{if }\eta(a)=-1,\end{cases}

and

\beta_{F_{r,u}}(a,b)=\begin{cases}\beta_{F_{r,u}}(1,\frac{b}{a^{r}})&\mbox{if}% \ \eta(a)=1,\\ \beta_{F_{r,u}}(1,\frac{b}{(-1)^{r}a^{r}})&\mbox{if }\eta(a)=-1.\end{cases}

In particular, we have $\delta_{F_{r,u}}=\max_{b\in\mathbb{F}_{q}}\delta_{F_{r,u}}(1,b)$ and $\beta_{F_{r,u}}=\max_{b\in\mathbb{F}_{q}^{*}}\beta_{F_{r,u}}(1,b)$ .

Proof.

Let $a\in\mathbb{F}_{q}^{*}$ and $b\in\mathbb{F}_{q}$ . By definition, $\delta_{F_{r,u}}(a,b)$ equals the number of solutions $x\in\mathbb{F}_{q}$ to the following equation

(x+a)^{r}\big{(}1+u\eta(x+a)\big{)}-x^{r}\big{(}1+u\eta(x)\big{)}=b,

which becomes

(\frac{x}{a}+1)^{r}\big{(}1+u\eta(a)\eta(\frac{x}{a}+1)\big{)}-(\frac{x}{a})^{% r}\big{(}1+u\eta(a)\eta(\frac{x}{a})\big{)}=\frac{b}{a^{r}}

after dividing both sides by $a^{r}$ . Making the substitution $y=\frac{x}{a}$ , we can see that $\delta_{F_{r,u}}$ equals the number of solutions $y\in\mathbb{F}_{q}$ to the following equation

(y+1)^{r}\big{(}1+u\eta(a)\eta(y+1)\big{)}-y^{r}\big{(}1+u\eta(a)\eta(y)\big{)% }=\frac{b}{a^{r}}.

If $\eta(a)=1$ , it is clear that $\delta_{F_{r,u}}(a,b)=\delta_{F_{r,u}}(1,\frac{b}{a^{r}})$ . If $\eta(a)=-1$ , making the substitution $z=-(y+1)$ , then we can see that $\delta_{F_{r,u}}(a,b)$ equals the number of solutions $z\in\mathbb{F}_{q}$ to the following equation

(z+1)^{r}\big{(}1+u\eta(z+1)\big{)}-z^{r}\big{(}1+u\eta(z)\big{)}=\frac{b}{(-1% )^{r+1}a^{r}}.

Hence $\delta_{F_{r,u}}(a,b)=\delta_{F_{r,u}}(1,\frac{b}{(-1)^{r+1}a^{r}})$ . The assertion for boomerang uniformity can be proved similarly. ∎

III The Differential Properties of $F_{2,u}$ with $u\in\mathbb{F}_{q}\setminus\{\pm 1\}$

In this section, we conduct an initial study of the differential properties of $F_{2,u}$ under the assumption that $u\in\mathbb{F}_{q}\setminus\{\pm 1\}$ .

By Lemma 11, in order to compute the differential uniformity of $F_{2,u}$ , we only need to consider the numbers $\delta_{F_{2,u}}(1,b)$ $(b\in\mathbb{F}_{q})$ . We have

	$\displaystyle D_{1}F_{2,u}(x)$	$\displaystyle=F_{2,u}(x+1)-F_{2,u}(x)$
		$\displaystyle=(x+1)^{2}\big{(}1+u\eta(x+1)\big{)}-x^{2}\big{(}1+u\eta(x)\big{)}.$

Then $D_{1}F_{2,u}(0)=u+1$ and $D_{1}F_{2,u}(-1)=u-1$ .

Let $\tau_{1}=\frac{1+u}{u}$ and $\tau_{2}=\frac{1-u}{u}$ . Then $\tau_{1}+\tau_{2}=\frac{2}{u}$ and $\tau_{1}-\tau_{2}=2$ . Since $u\not\in\{\pm 1\}$ , we have $\tau_{i}\neq 0$ for $i=1,2$ . For any $i,j\in\{0,1\}$ and $b\in\mathbb{F}_{q}$ , we put

A_{ij}(b)=\{x\in C_{ij}:\ D_{1}F_{2,u}(x)=b\}.

Case 1. If $x\in C_{00}$ , then

D_{1}F_{2,u}(x)=(u+1)\big{(}(x+1)^{2}-x^{2}\big{)}=(1+u)(2x+1).

The unique possible solution of $D_{1}F_{2,u}(x)=b$ is $x=\frac{b-(1+u)}{2(1+u)}$ . Moreover, we have

\#A_{00}(b)=\begin{cases}1&\mbox{if}\ \frac{b-(1+u)}{2(1+u)}\in C_{00},\ \mbox% {i.e., }\frac{b\pm(1+u)}{2(1+u)}\in C_{0},\\ 0&\mbox{otherwise}.\end{cases}

(5)

Case 2. If $x\in C_{11}$ , then

D_{1}F_{2,u}(x)=(1-u)\big{(}(x+1)^{2}-x^{2}\big{)}=(1-u)(2x+1).

The unique possible solution of $D_{1}F_{2,u}(x)=b$ is $x=\frac{b-(1-u)}{2(1-u)}$ . Moreover, we have

\#A_{11}(b)=\begin{cases}1&\mbox{if}\ \frac{b-(1-u)}{2(1-u)}\in C_{11},\ \mbox% {i.e.,\ }\frac{b\pm(1-u)}{2(1-u)}\in C_{1},\\ 0&\mbox{otherwise}.\end{cases}

(6)

Case 3. If $x\in C_{01}$ , then

D_{1}F_{2,u}(x)=-2ux^{2}+2(1-u)x+(1-u).

Consider the equation

D_{1}F_{2,u}(x)=b\ \Leftrightarrow\ x^{2}-\tau_{2}x+\frac{1}{2}(\frac{b}{u}-% \tau_{2})=0.

(7)

The discriminant of this quadratic equation is $\Delta_{01}=\tau_{1}\tau_{2}-2\frac{b}{u}$ . Let $x_{1}$ , $x_{2}$ be the two solutions (possibly equal) of this equation in $\overline{\mathbb{F}_{q}}$ . We have $x_{1}x_{2}=\frac{1}{2}(\frac{b}{u}-\tau_{2})$ and $(x_{1}+1)(x_{2}+1)=\frac{1}{2}(\frac{b}{u}+\tau_{1})$ . Moreover, $\#A_{01}(b)=2$ if and only if

		$\displaystyle\begin{cases}\eta(\Delta_{01})=1,\\ \eta(x_{1})=\eta(x_{2})=1,\\ \eta(x_{1}+1)=\eta(x_{2}+1)=-1,\end{cases}$
	$\displaystyle\iff\$	$\displaystyle\begin{cases}\eta(\tau_{1}\tau_{2}-2\frac{b}{u})=1,\\ \eta(\tau_{2}\pm\sqrt{\tau_{1}\tau_{2}-2\frac{b}{u}})=\eta(2),\\ \eta(\tau_{1}\pm\sqrt{\tau_{1}\tau_{2}-2\frac{b}{u}})=-\eta(2).\end{cases}$		(8)

Case 4. If $x\in C_{10}$ , then

D_{1}F_{2,u}(x)=2ux^{2}+2(1+u)x+(1+u).

Consider the equation

D_{1}F_{2,u}(x)=b\ \Leftrightarrow\ x^{2}+\tau_{1}x+\frac{1}{2}(\tau_{1}-\frac% {b}{u})=0.

(9)

The discriminant of this quadratic equation is $\Delta_{10}=\tau_{1}\tau_{2}+2\frac{b}{u}$ . Let $x_{1}$ , $x_{2}$ be the two solutions (possibly equal) of this equation in $\overline{\mathbb{F}_{q}}$ . We have $x_{1}x_{2}=\frac{1}{2}(\tau_{1}-\frac{b}{u})$ and $(x_{1}+1)(x_{2}+1)=-\frac{1}{2}(\tau_{2}+\frac{b}{u})$ . Moreover, $\#A_{10}(b)=2$ if and only if

		$\displaystyle\begin{cases}\eta(\Delta_{10})=1,\\ \eta(x_{1})=\eta(x_{2})=-1,\\ \eta(x_{1}+1)=\eta(x_{2}+1)=1.\end{cases}$
	$\displaystyle\iff\$	$\displaystyle\begin{cases}\eta(\tau_{1}\tau_{2}+2\frac{b}{u})=1,\\ \eta(-\tau_{1}\pm\sqrt{\tau_{1}\tau_{2}+2\frac{b}{u}})=-\eta(2),\\ \eta(-\tau_{2}\pm\sqrt{\tau_{1}\tau_{2}+2\frac{b}{u}})=\eta(2).\end{cases}$		(10)

Lemma 12.

Assume that $\eta(1+u)=\eta(u)$ . If $\#A_{10}(b)=2$ , then $\#A_{00}(b)=0$ .

Proof.

Since $\#A_{10}(b)=2$ , we have $x_{1},x_{2}\in C_{10}$ , which implies that

1=\eta(x_{1})\eta(x_{2})=\eta(x_{1}x_{2})=\eta(\frac{(1+u)-b}{2u}).

Since $\eta(1+u)=\eta(u)$ , we have $\eta(\frac{b-(1+u)}{2(1+u)})=-1$ . By (5), we have $\#A_{00}(b)=0$ . ∎

Lemma 13.

Assume that $\eta(1+u)=-\eta(u)$ . If $\#A_{01}(b)=2$ , then $\#A_{00}(b)=0$ .

Proof.

Since $\#A_{01}(b)=2$ , we have $x_{1},x_{2}\in C_{01}$ , which implies that

	$\displaystyle 1$	$\displaystyle=\eta(x_{1}+1)\eta(x_{2}+1)$
		$\displaystyle=\eta\big{(}(x_{1}+1)(x_{2}+1)\big{)}=\eta(\frac{b+(1+u)}{2u}).$

Since $\eta(1+u)=-\eta(u)$ , we have $\eta(\frac{b+(1+u)}{2(1+u)})=-1$ . By (5), we have $\#A_{00}(b)=0$ . ∎

Lemma 14.

Assume that $\eta(1-u)=\eta(u)$ . If $\#A_{01}(b)=2$ , then $\#A_{11}(b)=0$ .

Proof.

Since $\#A_{01}(b)=2$ , we have $x_{1},x_{2}\in C_{01}$ , which implies that

1=\eta(x_{1})\eta(x_{2})=\eta(x_{1}x_{2})=\eta(\frac{b-(1-u)}{2u}).

Since $\eta(1-u)=\eta(u)$ , we have $\eta(\frac{b-(1-u)}{2(1-u)})=1$ . By (6), we have $\#A_{11}(b)=0$ . ∎

Lemma 15.

Assume that $\eta(1-u)=-\eta(u)$ . If $\#A_{10}(b)=2$ , then $\#A_{11}(b)=0$ .

Proof.

Since $\#A_{10}(b)=2$ , we have $x_{1},x_{2}\in C_{10}$ , which implies that

	$\displaystyle 1$	$\displaystyle=\eta(x_{1}+1)\eta(x_{2}+1)$
		$\displaystyle=\eta\big{(}(x_{1}+1)(x_{2}+1)\big{)}=\eta(-\frac{b+(1-u)}{2u}).$

Since $\eta(1-u)=-\eta(u)$ , we have $\eta(\frac{b+(1-u)}{2(1-u)})=1$ . By (6), we have $\#A_{11}(b)=0$ . ∎

Lemma 16.

For any $u\in\mathbb{F}_{q}\setminus\{0,\pm 1\}$ , we have $\delta_{F_{2,u}}(1,u\pm 1)\leq 4$ .

Proof.

We only prove that $\delta_{F_{2,u}}(1,u+1)\leq 4$ ; the proof for $\delta_{F_{2,u}}(1,u-1)\leq 4$ is similar. We know that $D_{1}F_{2,u}(0)=u+1$ . Since $\frac{u+1-(1+u)}{2(1+u)}=0\not\in C_{0}$ , by (5), we have $\#A_{00}(u+1)=0$ . Since $\frac{u+1+(1-u)}{2(1-u)}=\frac{1}{1-u}$ and $\frac{u+1-(1-u)}{2(1-u)}=\frac{u}{1-u}$ , by (6), we have

\#A_{11}(u+1)=\begin{cases}1&\mbox{if}\ \eta(1-u)=-1,\ \eta(u)=1,\\ 0&\mbox{otherwise}.\end{cases}

Note that $\Delta_{10}=\tau_{1}^{2}$ , which implies that the two solutions of the equation (9) are $0$ and $-\tau_{1}$ . Hence

\#A_{10}(u+1)=\begin{cases}1&\mbox{if}\ \eta(1+u)=\eta(u)=-1,\\ 0&\mbox{otherwise}.\end{cases}

It follows that $\#A_{11}(u+1)+\#A_{10}(u+1)\leq 1$ and thus $\delta_{F_{2,u}}(1,u+1)\leq 4$ . ∎

Corollary 1.

For any $u\in\mathbb{F}_{q}\setminus\{0,\pm 1\}$ , we have $\delta_{F_{2,u}}\leq 5$ . Moreover, we have following conclusions:

1.

if $\eta(1+u)=\eta(1-u)$ , then $\delta_{F_{2,u}}\leq 4$ .
2.

if $\eta(1+u)=\eta(u-1)=\eta(u)$ , then for any $b\in\mathbb{F}_{q}$ , $\delta_{F_{2,u}}(1,b)=5$ if and only if $\#A_{00}(b)=\#A_{11}(b)=\#A_{10}(b)=1$ and $\#A_{01}(b)=2$ .
3.

if $\eta(1+u)=\eta(u-1)=-\eta(u)$ , then for any $b\in\mathbb{F}_{q}$ , $\delta_{F_{2,u}}(1,b)=5$ if and only if $\#A_{00}(b)=\#A_{11}(b)=\#A_{01}(b)=1$ and $\#A_{10}(b)=2$ .

Proof.

The first assertion follows immediately from Lemma 12, Lemma 13 and Lemma 16. It is clear that for any $b\in\mathbb{F}_{q}$ , $\delta_{F_{2,u}}(1,b)=5$ if and only if one of the following conditions holds:

i)

$\#A_{00}(b)=\#A_{11}(b)=\#A_{10}(b)=1$ , $\#A_{01}(b)=2$ ;
ii)

$\#A_{00}(b)=\#A_{11}(b)=\#A_{01}(b)=1$ , $\#A_{10}(b)=2$ ;
iii)

$\#A_{00}(b)=1$ , $\#A_{11}(b)=0$ , $\#A_{01}(b)=\#A_{10}(b)=2$ ;
iv)

$\#A_{00}(b)=0$ , $\#A_{11}(b)=1$ , $\#A_{01}(b)=\#A_{10}(b)=2$ .

1.

Assume that $\eta(1+u)=\eta(1-u)=\eta(u)$ . By Lemma 12, neither of the condition ii) and the condition iii) can hold. By Lemma 14, neither of the condition i) and the condition iv) can hold. Hence none of the conditions i)-iv) can hold, which implies that $\delta_{F_{2,u}}\leq 4$ .
Assume that $\eta(1+u)=\eta(1-u)=-\eta(u)$ . By Lemma,13, neither of the conditions i) and iii) can hold. By Lemma 15, neither of the conditions ii) and iv) can hold. Hence, none of the conditions i)-iv) can hold, which implies that $\delta_{F_{2,u}}\leq 4$ .
2.

By Lemma 12, neither of the conditions ii) and iii) can hold. By Lemma 15, neither of the conditions ii) and iv) can hold. Hence only the condition i) can hold.
3.

By Lemma 13, neither of the conditions i) and iii) can hold. By Lemma 14, neither of the conditions i) and iv) can hold. Hence, only condition ii) can hold.

∎

IV The Differential Uniformity of $F_{2,u}$ with $u\in\mathbb{F}_{q}\setminus\mathcal{U}$

In this section, we determine the differential uniformity of $F_{2,u}$ for any $u\in\mathbb{F}_{q}\setminus\mathcal{U}$ . For the sake of notation simplicity, we use $[m]$ to denote the set $\{1,\cdots,m\}$ for any positive integer $m$ .

Theorem 3.

If $q\geq 27535^{2}$ , then for any $u\in\mathbb{F}_{q}\setminus\mathcal{U}$ with $\eta(1+u)=\eta(u-1)$ , we have $\delta_{F_{2,u}}=5$ .

Proof.

We only prove this theorem for the case where $\eta(1+u)=\eta(u-1)=\eta(u)$ ; the proof for the case where $\eta(1+u)=\eta(u-1)=-\eta(u)$ is similar. By 2) of Corollary 1, $\delta_{F_{2,u}}=5$ if and only if $\#A_{00}(b)=\#A_{11}(b)=\#A_{10}(b)=1$ and $\#A_{01}(b)=2$ .

By (5), we have $\#A_{00}(b)=1$ if and only if $\eta(\frac{b\pm(1+u)}{2(1+u)})=1$ , i.e., $\eta(\frac{b}{u}\pm\tau_{1})=\eta(2)$ noticing that $\eta(1+u)=\eta(u)$ . Similarly, we have $\#A_{11}(b)=1$ if and only if $\eta(\frac{b}{u}\pm\tau_{2})=\eta(2)$ . By (III), we have $\#A_{01}(b)=2$ if and only if

\begin{cases}\eta(\tau_{1}\tau_{2}-2\frac{b}{u})=1,\\ \eta(\tau_{2}\pm\sqrt{\tau_{1}\tau_{2}-2\frac{b}{u}})=\eta(2),\\ \eta(\tau_{1}\pm\sqrt{\tau_{1}\tau_{2}-2\frac{b}{u}})=-\eta(2).\end{cases}

Assume that $\eta(\Delta_{10})=\eta(\tau_{1}\tau_{2}+2\frac{b}{u})=1$ and let $x_{1}$ , $x_{2}$ be the two solutions of equation (9) in $\mathbb{F}_{q}$ . Note that $x_{1}x_{2}=\frac{1}{2}(\tau_{1}-\frac{b}{u})$ . If $\#A_{00}(b)=1$ , then $\eta(x_{1}x_{2})=-1$ , which implies that $\eta(x_{1})=-\eta(x_{2})$ . Hence under the assumption $\#A_{00}(b)=1$ , we have $\#A_{10}(b)=1$ if

\begin{cases}\eta(\Delta_{10})=1\iff\eta(\tau_{1}\tau_{2}+2\frac{b}{u})=1,\\ \eta(-\tau_{2}+y)=\eta(2),\mbox{where }y\ \mbox{is the (only) square root of}% \\ \qquad\qquad\qquad\tau_{1}\tau_{2}+2\frac{b}{u}\mbox{ such that }\eta(-\tau_{1% }+y)=-\eta(2).\end{cases}

Now we prove that if $q$ is sufficiently large, then there exists $b\in\mathbb{F}_{q}$ such that

\begin{cases}\eta(\frac{b}{u}\pm\tau_{1})=\eta(2),\\ \eta(\frac{b}{u}\pm\tau_{2})=\eta(2),\\ \eta(\tau_{1}\tau_{2}\pm 2\frac{b}{u})=1,\\ \eta(\tau_{2}\pm\sqrt{\tau_{1}\tau_{2}-2\frac{b}{u}})=\eta(2),\\ \eta(\tau_{1}\pm\sqrt{\tau_{1}\tau_{2}-2\frac{b}{u}})=-\eta(2),\\ \eta(-\tau_{2}+y)=\eta(2),\mbox{where }y\ \mbox{is the square root of}\\ \qquad\quad\tau_{1}\tau_{2}+2\frac{b}{u}\mbox{ such that }\eta(-\tau_{1}+y)=-% \eta(2).\end{cases}

(11)

We use $N(u)$ to denote the number of all $b\in\mathbb{F}_{q}$ satisfying these conditions. Making the substitutions $y^{2}=\tau_{1}\tau_{2}+2\frac{b}{u}$ and $z^{2}=\tau_{1}\tau_{2}-2\frac{b}{u}$ , we have $y^{2}+z^{2}=2\tau_{1}\tau_{2}$ , $\frac{b}{u}=\frac{y^{2}-\tau_{1}\tau_{2}}{2}$ and $N(u)$ equals

		$\displaystyle\frac{1}{2}\cdot\#\left\{(y,z)\in{\mathbb{F}_{q}^{*}}^{2}:\ % \begin{cases}y^{2}+z^{2}=2\tau_{1}\tau_{2},\\ \eta(\frac{y^{2}-\tau_{1}\tau_{2}}{2}\pm\tau_{1})=\eta(2),\\ \eta(\frac{y^{2}-\tau_{1}\tau_{2}}{2}\pm\tau_{2})=\eta(2),\\ \eta(\tau_{2}\pm z)=\eta(2),\\ \eta(\tau_{1}\pm z)=-\eta(2),\\ \eta(-\tau_{2}+y)=\eta(2),\\ \eta(-\tau_{1}+y)=-\eta(2)\end{cases}\right\}$
	$\displaystyle=\$	$\displaystyle\frac{1}{2}\cdot\#\left\{(y,z)\in{\mathbb{F}_{q}^{*}}^{2}:\ % \begin{cases}y^{2}+z^{2}=2\tau_{1}\tau_{2},\\ \eta(y^{2}-\tau_{1}^{2})=1,\\ \eta(y^{2}-\frac{1-3u}{u}\tau_{1})=1,\\ \eta(y^{2}-\tau_{2}^{2})=1,\\ \eta(y^{2}-\frac{1+3u}{u}\tau_{2})=1,\\ \eta(\tau_{2}\pm z)=\eta(2),\\ \eta(\tau_{1}\pm z)=-\eta(2),\\ \eta(-\tau_{2}+y)=\eta(2),\\ \eta(-\tau_{1}+y)=-\eta(2)\end{cases}\right\}$
	$\displaystyle=\$	$\displaystyle\frac{1}{2}\cdot\#\left\{(y,z)\in{\mathbb{F}_{q}^{*}}^{2}:\ % \begin{cases}y^{2}+z^{2}=2\tau_{1}\tau_{2},\\ \eta(y^{2}-\frac{1-3u}{u}\tau_{1})=1,\\ \eta(y^{2}-\frac{1+3u}{u}\tau_{2})=1,\\ \eta(\tau_{2}\pm z)=\eta(2),\\ \eta(\tau_{1}\pm z)=-\eta(2),\\ \eta(y\pm\tau_{1})=-\eta(2),\\ \eta(y\pm\tau_{2})=\eta(2)\end{cases}\right\}.$

Put

	$\displaystyle p_{1}(y,z)=-2(y+\tau_{1}),$	$\displaystyle p_{2}(y,z)=-2(y-\tau_{1}),$
	$\displaystyle p_{3}(y,z)=2(y+\tau_{2}),$	$\displaystyle p_{4}(y,z)=2(y-\tau_{2}),$
	$\displaystyle p_{5}(y,z)=y^{2}-\frac{1-3u}{u}\tau_{1},$	$\displaystyle p_{6}(y,z)=y^{2}-\frac{1+3u}{u}\tau_{2},$
	$\displaystyle p_{7}(y,z)=-2(z+\tau_{1}),$	$\displaystyle p_{8}(y,z)=-2(\tau_{1}-z),$
	$\displaystyle p_{9}(y,z)=2(z+\tau_{2}),$	$\displaystyle p_{10}(y,z)=2(\tau_{2}-z).$

Note that since $u\neq 0$ , none of $\pm\tau_{1}$ or $\pm\tau_{2}$ is a root of $p_{5}$ or $p_{6}$ (viewed as polynomials of $y$ ). Moreover, since $u\not\in\{\pm\frac{1}{3}\}$ when $p\neq 3$ , neither $p_{5}$ nor $p_{6}$ is the square of some polynomial. Then $N(u)$ equals

		$\displaystyle\frac{1}{2}\cdot\#\left\{(y,z)\in{\mathbb{F}_{q}^{*}}^{2}:\ % \begin{cases}y^{2}+z^{2}=2\tau_{1}\tau_{2},\\ \eta(p_{i}(y,z))=1\ \mbox{for any}\ i\in[10]\end{cases}\right\}$
	$\displaystyle=\$	$\displaystyle\frac{1}{2^{11}}\cdot\Bigg{(}\sum\limits_{\begin{subarray}{c}y,z% \in\mathbb{F}_{q}\\ y^{2}+z^{2}=2\tau_{1}\tau_{2}\end{subarray}}\prod\limits_{i=1}^{10}\Big{(}1+% \eta\big{(}p_{i}(y,z)\big{)}\Big{)}$
		$\displaystyle\qquad\qquad\quad\quad-\sum\limits_{\begin{subarray}{c}(y,z)\in A% \end{subarray}}\prod\limits_{i=1}^{10}\Big{(}1+\eta\big{(}p_{i}(y,z)\big{)}% \Big{)}\Bigg{)}$
	$\displaystyle=\$	$\displaystyle\frac{1}{2^{11}}\Bigg{(}\sum\limits_{I}S_{I}-\sum\limits_{\begin{% subarray}{c}(y,z)\in A\end{subarray}}\prod\limits_{i=1}^{10}\Big{(}1+\eta\big{% (}p_{i}(y,z)\big{)}\Big{)}\Bigg{)},$

where $A=\big{\{}(y,z)\in\mathbb{F}_{q}^{2}:\ y^{2}+z^{2}=2\tau_{1}\tau_{2},\ \mbox{% and\ }yz=0\ \mbox{or}\ p_{i}(y,z)=0\ \mbox{for some}\ i\in[10]\big{\}}$ , $I$ runs over all subsets of $[10]$ , and

S_{I}=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=2\tau_{1}\tau_{2}\end{subarray}}\eta\Big{(}\displaystyle\prod_{i% \in I}p_{i}(y,z)\Big{)}.

It is not difficult to see that

	$\displaystyle A\subset$	$\displaystyle\Bigg{\{}(0,\pm\sqrt{2\tau_{1}\tau_{2}}),\ (\pm\tau_{1},\pm\sqrt{% \frac{1-3u}{u}\tau_{1}}),$
		$\displaystyle\ \ \ (\pm\sqrt{2\tau_{1}\tau_{2}},0),\ (\pm\tau_{2},\pm\sqrt{% \frac{1+3u}{u}\tau_{2}}),$
		$\displaystyle\ \ \ (\pm\sqrt{\frac{1-3u}{u}\tau_{1}},\pm\tau_{1}),\ (\pm\sqrt{% \frac{1+3u}{u}\tau_{2}},\pm\tau_{2})\Bigg{\}},$

which implies that $\#A\leq 20$ . It follows that

N(u)\geq\frac{1}{2^{11}}(\sum\limits_{I}S_{I}-5\cdot 2^{12})

(12)

To prove that $N(u)>0$ , it remains to estimate $S_{I}$ for any $I\subset[10]$ . If $I=\emptyset$ , then by Lemma 6, we have

S_{I}=\#\left\{(y,z)\in\mathbb{F}_{q}^{2}:\ y^{2}+z^{2}=2\tau_{1}\tau_{2}% \right\}=q+1.

(13)

If $I=I^{(1)}:=\{5,7,8\}$ , then

	$\displaystyle S_{I}$	$\displaystyle=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=2\tau_{1}\tau_{2}\end{subarray}}\eta\Big{(}(y^{2}-\frac{1-3u}{u}% \tau_{1})(\tau_{1}^{2}-z^{2})\Big{)}$
		$\displaystyle=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=2\tau_{1}\tau_{2}\end{subarray}}\eta\Big{(}(y^{2}-\frac{1-3u}{u}% \tau_{1})(\tau_{1}^{2}-2\tau_{1}\tau_{2}+y^{2})\Big{)}$
		$\displaystyle=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=2\tau_{1}\tau_{2}\end{subarray}}\eta\Big{(}(y^{2}-\frac{1-3u}{u}% \tau_{1})(y^{2}-\frac{1-3u}{u}\tau_{1})\Big{)}$
		$\displaystyle\geq\#\left\{(y,z)\in\mathbb{F}_{q}^{2}:\ y^{2}+z^{2}=2\tau_{1}% \tau_{2}\right\}-4=q-3.$

Similarly, if $I=I^{(2)}:=\{6,9,10\}$ , then $S_{I}\geq q-3$ ; if $I=I^{(3)}:=\{5,6,7,8,9,10\}$ , then $S_{I}\geq q-7$ .

Now assume that $\#I\geq 1$ and $I\neq I^{(i)}$ for any $1\leq i\leq 3$ . We can divide $I$ into two parts: $I=I_{1}\cup I_{2}$ , where $I_{1}\subset[6]$ and $I_{2}\subset\{7,8,9,10\}$ .

1.

If $\#I_{2}=0$ , then $\prod_{i\in I}p_{i}(y,z)$ is a polynomial of $y$ .
2.

If $\#I_{2}=1$ , then $\prod_{i\in I}p_{i}(y,z)$ has the form $\phi(y)(z+a)$ , where $\phi\in\mathbb{F}_{q}[x]$ and $a\in\{\pm\tau_{1},\pm\tau_{2}\}$ .
3.

If $\#I_{2}=3$ , then using the relation $z^{2}=2\tau_{1}\tau_{2}-y^{2}$ , $\prod_{i\in I}p_{i}(y,z)$ can be transformed into the form $\phi(y)(z+a)$ , where $\phi\in\mathbb{F}_{q}[x]$ and $a\in\{\pm\tau_{1},\pm\tau_{2}\}$ .
4.

If $\#I_{2}=4$ , then using the relation $z^{2}=2\tau_{1}\tau_{2}-y^{2}$ , $\prod_{i\in I}p_{i}(y,z)$ can be transformed into a polynomial of $y$ .

Now assume that $\#I_{2}=2$ .

(a)

If $I_{2}=\{7,8\}$ or $\{9,10\}$ , since $(z+\tau_{1})(z-\tau_{1})=z^{2}-\tau_{1}^{2}=2\tau_{1}\tau_{2}-y^{2}-\tau_{1}^{% 2}=-(y^{2}-\frac{1+3u}{u}\tau_{1})$ and $(z+\tau_{2})(z-\tau_{2})=z^{2}-\tau_{2}^{2}=2\tau_{1}\tau_{2}-y^{2}-\tau_{2}^{% 2}=-(y^{2}-\frac{1-3u}{3}\tau_{2})$ , $\prod_{i\in I}p_{i}(y,z)$ can be transformed into a polynomial of $y$ .

(b)

If $I_{2}\neq\{7,8\}$ and $\{9,10\}$ , then we claim that $\prod_{i\in I}p_{i}(y,z)$ can be transformed into the form $\phi(y)(z+dy^{2}+a)$ , where $\phi\in\mathbb{F}_{q}[x]$ and $d,a\in\mathbb{F}_{q}^{*}$ satisfy that $4ad+8d^{2}\tau_{1}\tau_{2}+1\neq 0$ . We take $I_{2}=\{7,9\}$ as an example. Indeed, if $I_{2}=\{7,9\}$ , since $(z+\tau_{1})(z+\tau_{2})=z^{2}+(\tau_{1}+\tau_{2})z+\tau_{1}\tau_{2}=(\tau_{1}% +\tau_{2})z+3\tau_{1}\tau_{2}-y^{2}$ , $\prod_{i\in I}p_{i}(y,z)$ can be transformed into the form $\phi(y)(z+dy^{2}+a)$ , where $d=-\frac{1}{\tau_{1}+\tau_{2}}$ and $a=\frac{3\tau_{1}\tau_{2}}{\tau_{1}+\tau_{2}}$ . It is easy to verify that

4ad+8d^{2}\tau_{1}\tau_{2}+1=\big{(}\frac{\tau_{1}-\tau_{2}}{\tau_{1}+\tau_{2}% }\big{)}^{2}\neq 0.

In summary, under the condition that $y^{2}+z^{2}=2\tau_{1}\tau_{2}$ , $\prod_{i\in I}p_{i}(y,z)$ can be transformed into one of the following forms:

I)

$\gamma(y)$ , where $\gamma\in\mathbb{F}_{q}[x]$ ;
II)

$\phi(y)(z+a)$ , where $\phi\in\mathbb{F}_{q}[x]$ and $a\in\{\pm\tau_{1},\pm\tau_{2}\}$ ;
III)

$\phi(y)(z+dy^{2}+a)$ , where $\phi\in\mathbb{F}_{q}[x]$ , $d,a\in\mathbb{F}_{q}^{*}$ satisfy that $4ad+8d^{2}\tau_{1}\tau_{2}+1\neq 0$ .

The last two cases are collectively denoted as $\phi(y)\big{(}z+\rho(y)\big{)}$ . Note that

	$\displaystyle\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=2\tau_{1}\tau_{2}\end{subarray}}\Bigg{(}1+\eta\Big{(}\phi(y)\big{(% }z+\rho(y)\big{)}\Big{)}\Bigg{)}$
$\displaystyle=\$	$\displaystyle\#\left\{(y,z,t)\in\mathbb{F}_{q}^{3}:\ \begin{cases}y^{2}+z^{2}=% 2\tau_{1}\tau_{2},\\ \phi(y)\big{(}z+\rho(y)\big{)}=t^{2}\end{cases}\right\}$
$\displaystyle=\$	$\displaystyle\#\left\{(y,z)\in\mathbb{F}_{q}^{2}:\ y^{2}+z^{2}=2\tau_{1}\tau_{% 2},\ \phi(y)=0\right\}$
	$\displaystyle+\#\left\{(y,z,t)\in\mathbb{F}_{q}^{3}:\ \begin{cases}y^{2}+z^{2}% =2\tau_{1}\tau_{2},\\ z=\frac{t^{2}}{\phi(y)}-\rho(y),\\ \phi(y)\neq 0\end{cases}\right\}$
$\displaystyle\geq\$	$\displaystyle\#\left\{(y,z,t)\in\mathbb{F}_{q}^{3}:\ \begin{cases}y^{2}+z^{2}=% 2\tau_{1}\tau_{2},\\ z=\frac{t^{2}}{\phi(y)}-\rho(y),\\ \phi(y)\neq 0\end{cases}\right\}$
$\displaystyle=\$	$\displaystyle\#\left\{(y,t)\in\mathbb{F}_{q}^{2}:\ \begin{cases}y^{2}+\big{(}% \frac{t^{2}}{\phi(y)}-\rho(y)\big{)}^{2}=2\tau_{1}\tau_{2},\\ \phi(y)\neq 0\end{cases}\right\}$
$\displaystyle\geq\$	$\displaystyle\#A_{\Omega}(\mathbb{F}_{q})-\deg(\phi),$	(14)

where

\Omega(t,y)=t^{4}-2\phi(y)\rho(y)t^{2}+\phi(y)^{2}\big{(}\rho(y)^{2}+y^{2}-2% \tau_{1}\tau_{2}\big{)}.

We claim that $\Omega(t,y)$ is absolutely irreducible. Firstly, we have

		$\displaystyle\big{(}2\phi(y)\rho(y)\big{)}^{2}-4\phi(y)^{2}\big{(}\rho(y)^{2}+% y^{2}-2\tau_{1}\tau_{2}\big{)}$
	$\displaystyle=\$	$\displaystyle-4\phi(y)^{2}(y^{2}-2\tau_{1}\tau_{2}),$

which is not a square element in $\overline{\mathbb{F}_{q}}[y]$ since $2\tau_{1}\tau_{2}\neq 0$ . If $\rho(y)=a$ with $a\in\{\pm\tau_{1},\pm\tau_{2}\}$ , then $\rho(y)^{2}-2\tau_{1}\tau_{2}\neq 0$ since $u\not\in\{\pm\frac{1}{3}\}$ when $p\neq 3$ , which implies that $\rho(y)^{2}+y^{2}-2\tau_{1}\tau_{2}$ is not a square element in $\overline{\mathbb{F}_{q}}[y]$ . If $\rho(y)=dy^{2}+a$ with $d,a\in\mathbb{F}_{q}^{*}$ and $4ad+8d^{2}\tau_{1}\tau_{2}+1\neq 0$ , then $\rho(y)^{2}+y^{2}-2\tau_{1}\tau_{2}$ is also not a square element in $\overline{\mathbb{F}_{q}}[y]$ . Indeed, in this case, we have

\rho(y)^{2}+y^{2}-2\tau_{1}\tau_{2}=d^{2}(y^{4}+\frac{2da+1}{d^{2}}y^{2}+\frac% {a^{2}-2\tau_{1}\tau_{2}}{d^{2}}).

By Lemma 4, if it is a square element in $\overline{\mathbb{F}_{q}}[y]$ , then

(\frac{2da+1}{d^{2}})^{2}-4\frac{a^{2}-2\tau_{1}\tau_{2}}{d^{2}}=0\iff 4da+8d^% {2}\tau_{1}\tau_{2}+1=0,

which is a contradiction. Hence $\rho(y)^{2}+y^{2}-2\tau_{1}\tau_{2}$ is also not a square element in $\overline{\mathbb{F}_{q}}[y]$ . By Lemma 3, $\Omega(t,y)$ is absolutely irreducible. By Theorem 1, we have

	$\displaystyle\left\|\#A_{\Omega}(\mathbb{F}_{q})-q\right\|$	$\displaystyle\leq\big{(}\deg(\Omega)-1\big{)}\big{(}\deg(\Omega)-2\big{)}\sqrt% {q}$
		$\displaystyle\qquad\qquad+5\deg(\Omega)^{\frac{13}{3}}.$

Then by (IV), we have

$\displaystyle S_{I}$	$\displaystyle=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=2\tau_{1}\tau_{2}\end{subarray}}\eta\Big{(}\phi(y)\big{(}z+\rho(y)% \big{)}\Big{)}$
	$\displaystyle\geq\#A_{\Omega}(\mathbb{F}_{q})-\deg(\phi)-\sum\limits_{\begin{% subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=2\tau_{1}\tau_{2}\end{subarray}}1$	(15)
	$\displaystyle\geq-\big{(}\deg(\Omega)-1\big{)}\big{(}\deg(\Omega)-2\big{)}% \sqrt{q}$
	$\displaystyle\qquad\qquad\qquad-5\deg(\Omega)^{\frac{13}{3}}-\deg(\phi)-1.$

By definition, it is easy to see that

\deg(\Omega)=\begin{cases}\max\{4,2+2\deg(\phi)\}&\mbox{if }\deg(\rho)=0,\\ 4+2\deg(\phi)&\mbox{if }\deg(\rho)=2.\end{cases}

Finally, we address the case I), i.e., $\prod_{i\in I}p_{i}(y,z)=\gamma(y)$ with $\gamma\in\mathbb{F}_{q}[x]$ . Note that

	$\displaystyle S_{I}$	$\displaystyle=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=2\tau_{1}\tau_{2}\end{subarray}}\eta\Big{(}\gamma(y)\Big{)}$
		$\displaystyle=\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}\gamma(y)\big{)}\Big{% (}1+\eta(2\tau_{1}\tau_{2}-y^{2})\Big{)}$
		$\displaystyle=\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}\gamma(y)\big{)}+\sum% \limits_{y\in\mathbb{F}_{q}}\eta\big{(}\gamma(y)(2\tau_{1}\tau_{2}-y^{2})\big{% )}.$

It is easy to see that since $u\not\in\{\pm\frac{1}{3}\}$ when $p\neq 3$ , none of $\pm\tau_{1}$ , $\pm\tau_{2}$ is a root of $2\tau_{1}\tau_{2}-y^{2}$ . Then from the above discussion, we know that neither $\gamma(y)$ nor $\gamma(y)(2\tau_{1}\tau_{2}-y^{2})$ is a square element in $\overline{\mathbb{F}_{q}}[y]$ (note that $I\neq I^{(i)}$ for any $1\leq i\leq 3$ ). By Theorem 2, we have

	$\displaystyle S_{I}$	$\displaystyle\geq\big{(}1-{\rm{d}}(\gamma)\big{)}\sqrt{q}+\Big{(}1-\big{(}2+{% \rm{d}}(\gamma)\big{)}\Big{)}\sqrt{q}$
		$\displaystyle=-2{\rm{d}}(\gamma)\sqrt{q},$		(16)

where ${\rm{d}}(\gamma)$ is the number of distinct roots of $\gamma$ in the its splitting field over $\mathbb{F}_{q}$ . In summary, for the case II) and the case III), we can use (IV) to estimate $S_{I}$ ; for the case I), we can use (IV) to estimate $S_{I}$ . Eventually, we will obtain a lower bound for $\sum_{I}S_{I}$ of the form $(4q-12)+m_{1}\sqrt{q}+m_{2}$ , where $m_{1}\in\mathbb{Z}$ and $m_{2}\in\mathbb{R}$ . Due to the large number of terms and the complexity of the explanation, we use a Python program to calculate the values of $m_{1}$ and $m_{2}$ , which can be found in the appendix. It turns out that we can take $m_{1}=-98312$ and $m_{2}=-325643353$ . By (12), we have

	$\displaystyle N(u)$	$\displaystyle\geq\frac{1}{2^{11}}(\sum\limits_{I}S_{I}-5\cdot 2^{12})$
		$\displaystyle\geq\frac{1}{2^{11}}(4q-98312\sqrt{q}-325663845).$

It is easy to see that if $q\geq 27535^{2}$ , then $N(u)>0$ . ∎

Remark.

Since the number $27535^{2}$ is very large, it is impossible to exhaustively check all cases for $q<27535^{2}$ in a short time. Numerical results suggest that the theorem is true when $q\geq 4027$ .

Theorem 4.

If $q\geq 27535^{2}$ , then for any $u\in\mathbb{F}_{q}\setminus\mathcal{U}$ with $\eta(1+u)=\eta(1-u)$ , we have $\delta_{F_{2,u}}=4$ .

Proof.

If $\eta(1+u)=\eta(1-u)=-\eta(u)$ , then $u^{\prime}=-u$ satisfies that $\eta(1+u^{\prime})=\eta(1-u^{\prime})=\eta(u^{\prime})$ . Since by Lemma 10, $F_{2,u}$ and $F_{2,u^{\prime}}$ have the same differential spectrum, we only need to prove this theorem for the case where $\eta(1+u)=\eta(1-u)=\eta(u)$ . By 1) of Corollary 1, it suffices to show that there exists $b\in\mathbb{F}_{q}$ such that $\delta_{F_{2,u}}(1,b)=4$ . Now we prove that if $q$ is sufficiently large, then there exists $b\in\mathbb{F}_{q}$ such that $\#A_{01}(b)=2$ and $\#A_{00}(b)=\#A_{10}(b)=1$ .

From the proof of Theorem 3, we can see that it suffices to prove that if $q$ is sufficiently large, then there exists $b\in\mathbb{F}_{q}$ such that

\begin{cases}\eta(\frac{b}{u}\pm\tau_{1})=\eta(2),\\ \eta(\tau_{1}\tau_{2}\pm 2\frac{b}{u})=1,\\ \eta(\tau_{2}\pm\sqrt{\tau_{1}\tau_{2}-2\frac{b}{u}})=\eta(2),\\ \eta(\tau_{1}\pm\sqrt{\tau_{1}\tau_{2}-2\frac{b}{u}})=-\eta(2),\\ \eta(-\tau_{2}+y)=\eta(2),\mbox{where }y\ \mbox{is the square root}\\ \quad\mbox{of }\tau_{1}\tau_{2}+2\frac{b}{u}\mbox{ such that }\eta(-\tau_{1}+y% )=-\eta(2).\end{cases}

(17)

These conditions are obtained by removing the conditions $\eta(\frac{b}{u}\pm\tau_{2})=\eta(2)$ from the conditions (11). Note that in the proof of Theorem 3, after obtaining the conditions (11), we no longer use the condition $\eta(u-1)=\eta(u)$ . Hence by Theorem 3, if $q\geq 27535^{2}$ , then there exists $b\in\mathbb{F}_{q}$ satisfying the conditions (17). ∎

Remark.

Here, for brevity, we directly use the bound $27535^{2}$ obtained in Theorem 3. However, readers can perform similar estimations as in the proof of Theorem 3 to obtain a smaller bound. This will reduce the computational resources required for brute-force verification. Numerical results suggest that the theorem is true when $q\geq 839$ .

V The Differential Uniformity of $F_{2,\pm\frac{1}{3}}$ when $p\neq 3$

In this section, we determine the differential uniformity of $F_{2,\pm\frac{1}{3}}$ when $p\neq 3$ . By Lemma 10, $F_{2,\frac{1}{3}}$ and $F_{2,-\frac{1}{3}}$ have the same differential spectrum. Hence we only need to study $F_{2,\frac{1}{3}}$ . We have $\tau_{1}=4$ , $\tau_{2}=2$ , $D_{1}F_{2,\frac{1}{3}}(0)=\frac{4}{3}$ and $D_{1}F_{2,\frac{1}{3}}(-1)=-\frac{2}{3}$ .

By (5), we have

\#A_{00}(b)=\begin{cases}1&\mbox{if}\ 2(3b\pm 4)\in C_{0},\\ 0&\mbox{otherwise}.\end{cases}

(18)

By (6), we have

\#A_{11}(b)=\begin{cases}1&\mbox{if}\ 3b\pm 2\in C_{1},\\ 0&\mbox{otherwise}.\end{cases}

(19)

The equation (7) becomes

x^{2}-2x+\frac{3b-2}{2}=0,

(20)

with $\Delta_{01}=2(4-3b)$ , $x_{1}x_{2}=\frac{3b-2}{2}$ and $(x_{1}+1)(x_{2}+1)=\frac{3b+4}{2}$ . The equation (9) becomes

x^{2}+4x+\frac{4-3b}{2}=0,

(21)

with $\Delta_{10}=2(3b+4)$ , $x_{1}x_{2}=\frac{4-3b}{2}$ and $(x_{1}+1)(x_{2}+1)=-\frac{3b+2}{2}$ .

Note that $\eta(1-\frac{1}{3})=\eta(1+\frac{1}{3})$ if and only if $\eta(2)=1$ , which is furthermore equivalent to saying that $q\equiv 7\ ({\rm{mod}}\,\ 8)$ .

Lemma 17.

For any $b\in\mathbb{F}_{q}$ , $\#A_{00}(b)$ and $\#A_{01}(b)$ cannot both be non-zero.

Proof.

If $\#A_{01}(b)>0$ , then $\Delta_{01}=2(4-3b)$ is a square element in $\mathbb{F}_{q}$ , which implies that $\eta\big{(}2(3b-4)\big{)}=-1$ or $0$ , which implies that $\#A_{00}(b)=0$ by (18). ∎

Corollary 2.

We have $\delta_{F_{2,\frac{1}{3}}}\leq 4$ .

Proof.

If $\eta(2)=1$ , then $\eta(1+\frac{1}{3})=\eta(1-\frac{1}{3})$ . By 1) of Corollary 1, we have $\delta_{F_{2,\frac{1}{3}}}\leq 4$ . If $\eta(2)=-1$ , then $\eta(1+\frac{1}{3})=\eta(\frac{1}{3}-1)=\eta(\frac{1}{3})$ . By Lemma 17 and 2) of Corollary 1, we have $\delta_{F_{2,\frac{1}{3}}}\leq 4$ . ∎

We first consider the case where $q\equiv 7\ ({\rm{mod}}\,\ 8)$ .

Lemma 18.

If $q\equiv 7\ ({\rm{mod}}\,\ 8)$ , then for any $b\in\mathbb{F}_{q}$ , $\#A_{01}(b)$ and $\#A_{10}(b)$ cannot both be non-zero.

Proof.

Note that $A_{01}(\frac{4}{3})=\{x\in C_{01}:\ x^{2}-2x+1=0\}\subset\{1\}$ . Since $\eta(1+1)=\eta(2)=1$ , we have $A_{01}(\frac{4}{3})=\emptyset$ . Note that $A_{10}(-\frac{4}{3})=\{x\in C_{10}:\ x^{2}+4x+4=0\}\subset\{-2\}$ . Since $\eta(-2+1)=\eta(-1)=-1$ , we have $A_{10}(-\frac{4}{3})=\emptyset$ .

Now assume that $b\not\in\{\pm\frac{4}{3}\}$ . Assume, for a contradiction, that $x_{1}\in A_{01}(b)$ and $x_{2}\in A_{10}(b)$ . Then both $\frac{\Delta_{01}}{4}=\frac{4-3b}{2}$ and $\frac{\Delta_{10}}{4}=\frac{3b+4}{2}$ are non-zero square elements in $\mathbb{F}_{q}$ . Choose $y,z\in\mathbb{F}_{q}^{*}$ such that $y^{2}=\frac{4-3b}{2}$ and $z^{2}=\frac{3b+4}{2}$ . Then we may assume that $x_{1}=1+y$ and $x_{2}=-2+z$ . It is clear that $y^{2}+z^{2}=4$ . Since $x_{1}\in C_{01}$ , we have $\eta(x_{1}+1)=\eta(2+y)=-1$ . Since $x_{2}\in C_{10}$ , we have $\eta(x_{2})=\eta(-2+z)=-1$ , i.e., $\eta(2-z)=1$ . By Lemma 2, this is impossible. Hence $\#A_{01}(b)$ and $\#A_{10}(b)$ cannot both be non-zero. ∎

Using the quadratic reciprocity law, we can see that

i)

if $q\equiv 7\ ({\rm{mod}}\,12)$ , then $3$ is a non-square element in $\mathbb{F}_{q}$ ;
ii)

if $q\equiv 11\ ({\rm{mod}}\,12)$ , then $3$ is a square element in $\mathbb{F}_{q}$ .

Lemma 19.

$\delta_{F_{2,\frac{1}{3}}}(1,\frac{4}{3})=\begin{cases}2&\mbox{if }q\equiv 7\ % ({\rm{mod}}\,24),\\ 1&\mbox{if }q\equiv 23\ ({\rm{mod}}\,24).\end{cases}$

Proof.

We know that $D_{1}F_{2,\frac{1}{3}}(0)=\frac{4}{3}$ . Since $3\cdot\frac{4}{3}-4=0\not\in C_{0}$ , we have $\#A_{00}(\frac{4}{3})=0$ . Since $3\cdot\frac{4}{3}-2=2\not\in C_{1}$ , we have $\#A_{11}(\frac{4}{3})=0$ . Note that $A_{10}(\frac{4}{3})=\{x\in C_{10}:\ x^{2}+4x=0\}\subset\{0,-4\}$ . Since $\eta(0)=0$ and $\eta(-4)=-1$ , we have

\#A_{10}(\frac{4}{3})=\begin{cases}1&\mbox{if }\eta(3)=-1,\\ 0&\mbox{if }\eta(3)=1.\end{cases}

Finally, note that we have shown that $\#A_{01}(\frac{4}{3})=0$ in the proof of Lemma 18. ∎

Lemma 20.

$\delta_{F_{2,\frac{1}{3}}}(1,-\frac{2}{3})=\begin{cases}2&\mbox{if }q\equiv 7% \ ({\rm{mod}}\,24),\\ 1&\mbox{if }q\equiv 23\ ({\rm{mod}}\,24).\end{cases}$

Proof.

We know that $D_{1}F_{2,\frac{1}{3}}(-1)=-\frac{2}{3}$ . Since $3\cdot(-\frac{2}{3})+4=2\in C_{0}$ and $3\cdot(-\frac{2}{3})-4=-6$ , we have

\#A_{00}(-\frac{2}{3})=\begin{cases}1&\mbox{if }\eta(3)=-1,\\ 0&\mbox{if }\eta(3)=1.\end{cases}

Since $3\cdot(-\frac{2}{3})+2=0\not\in C_{1}$ , we have $\#A_{11}(-\frac{2}{3})=0$ . Note that $A_{10}(-\frac{2}{3})=\{x\in C_{10}:\ x^{2}+4x+3=0\}\subset\{-1,-3\}$ . Since $-1+1=0\not\in C_{0}$ , we have $-1\not\in A_{10}(-\frac{2}{3})$ . Since $-3+1=-2\not\in C_{0}$ , we have $-3\not\in A_{10}(-\frac{2}{3})$ . Hence $\#A_{10}(-\frac{2}{3})=0$ .

Note that $A_{01}(-\frac{2}{3})=\{x\in C_{01}:\ x^{2}-2x-2=0\}$ . If $\eta(3)=-1$ , then $\#A_{00}(-\frac{2}{3})>0$ . By Lemma 17, we have $\#A_{01}(-\frac{2}{3})=0$ . Now assume that $\eta(3)=1$ . The two roots of $x^{2}-2x-2$ in $\overline{\mathbb{F}_{q}}$ are $x_{1}=1+\sqrt{3}$ and $x_{2}=1-\sqrt{3}$ . Put $a=2$ , $u=3$ and $u^{\prime}=1$ . Then $u,u^{\prime}\in C_{0}$ and $u+u^{\prime}=a^{2}$ . Moreover, we have $\eta(a+\sqrt{u^{\prime}})=\eta(3)=1$ and $\eta(a-\sqrt{u^{\prime}})=\eta(1)=1$ . By Lemma 2, we have $\eta(a\pm\sqrt{u})=\eta(2\pm\sqrt{3})=1$ , which implies that $x_{i}+1\not\in C_{1}$ for $i=1,2$ . Hence $\#A_{01}(-\frac{2}{3})=0$ . ∎

We can obtain the following corollary from Lemma 12, Lemma 14 and the above lemmas.

Corollary 3.

Assume that $q\equiv 7\ ({\rm{mod}}\,\ 8)$ . Then for any $b\in\mathbb{F}_{q}$ , $\delta_{F_{2,\frac{1}{3}}}(1,b)\leq 3$ . Moreover, $\delta_{F_{2,\frac{1}{3}}}(1,b)=3$ if and only if one of the following two cases occurs:

1.

$\#A_{10}(b)=2$ and $\#A_{11}(b)=1$ (note that $\#A_{00}(b)$ and $\#A_{01}(b)$ are automatically zero);
2.

$\#A_{00}(b)=\#A_{11}(b)=\#A_{10}(b)=1$ (note that $\#A_{01}(b)$ is automatically zero).

Theorem 5.

Assume that $q\equiv 7\ ({\rm{mod}}\,\ 8)$ and $q>7$ . Then $\delta_{F_{2,\frac{1}{3}}}=3$ .

Proof.

Put

\Lambda=\{b\in\mathbb{F}_{q}:\ \#A_{10}(b)=2\ \mbox{and}\ \#A_{11}(b)=1\}.

We claim that if $q$ is sufficiently large, then $\Lambda\neq\emptyset$ . Note that

	$\displaystyle\Lambda$	$\displaystyle=\{b\in\mathbb{F}_{q}:\ \#A_{10}(b)=2\ \mbox{and}\ \#A_{11}(b)=1\}$
		$\displaystyle=\{b\in\mathbb{F}_{q}:\ \eta(3b+4)=1,\ \eta(-2\pm\sqrt{\frac{3b+4% }{2}})=-1,$
		$\displaystyle\qquad\qquad\qquad\eta(-1\pm\sqrt{\frac{3b+4}{2}})=1,\ \eta(3b\pm 2% )=-1\}.$

Making the substitution $y^{2}=\frac{3b+4}{2}$ , we have

	$\displaystyle 2\#\Lambda$	$\displaystyle=\#\left\{y\in\mathbb{F}_{q}^{*}:\ \begin{cases}\eta(-2\pm y)=-1,% \\ \eta(-1\pm y)=1,\\ \eta(y^{2}-3)=-1\end{cases}\right\}$
		$\displaystyle=\#\left\{y\in\mathbb{F}_{q}^{*}:\ \begin{cases}\eta(2\pm y)=1,\\ \eta(-1\pm y)=1,\\ \eta(3-y^{2})=1\end{cases}\right\}$
		$\displaystyle=\frac{1}{32}\sum\limits_{y\in\mathbb{F}_{q}\setminus A}% \displaystyle\prod_{i=1}^{5}\Big{(}1+\eta\big{(}g_{i}(y)\big{)}\Big{)},$

where

A=\begin{cases}\{0,\ \pm 2,\ \pm 1,\ \pm\sqrt{3}\}&\mbox{if }\eta(3)=1,\\ \{0,\ \pm 2,\ \pm 1\}&\mbox{if }\eta(3)=-1,\end{cases}

and

\begin{cases}g_{1}(y)=2+y,&g_{2}(y)=2-y,\\ g_{3}(y)=-1+y,&g_{4}(y)=-1-y,\\ g_{5}(y)=3-y^{2}.\end{cases}

Note that $g_{4}(0)=-1\in C_{1}$ , $g_{5}(2)=g_{5}(-2)=-1\in C_{1}$ and $g_{4}(1)=g_{3}(-1)=-2\in C_{1}$ . Moreover, if $\eta(3)=1$ , since $g_{3}(\sqrt{3})g_{4}(\sqrt{3})=g_{3}(-\sqrt{3})g_{4}(-\sqrt{3})=-2\in C_{1}$ , we have $g_{3}(\sqrt{3})\in C_{1}$ or $g_{4}(\sqrt{3})\in C_{1}$ , and $g_{3}(-\sqrt{3})\in C_{1}$ or $g_{4}(-\sqrt{3})\in C_{1}$ . Hence

\sum\limits_{y\in A}\displaystyle\prod_{i=1}^{5}\Big{(}1+\eta\big{(}g_{i}(y)% \big{)}\Big{)}=0,

which implies that

64\cdot\#\Lambda=\sum\limits_{y\in\mathbb{F}_{q}}\displaystyle\prod_{i=1}^{5}% \Big{(}1+\eta\big{(}g_{i}(y)\big{)}\Big{)}=\sum\limits_{I}S_{I},

where $I$ runs over all subsets of $[5]$ and

S_{I}=\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}\displaystyle\prod_{i\in I}g_% {i}(y)\big{)}.

Note that the $g_{i}$ ’s have no common roots.

1.

If $I=\emptyset$ , then $S_{I}=\sum_{y\in\mathbb{F}_{q}}\eta(1)=q$ .
2.

If $I=\{i\}$ for some $i\in[4]$ , then $S_{I}=\sum_{y\in\mathbb{F}_{q}}\eta(g_{i}(y))=0$ since $g_{i}$ is a linear function. By Lemma 5, we have $S_{\{5\}}=-\eta(-1)=1$ . Hence $\sum_{\#I=1}S_{I}=1$ .

By Lemma 5, it is easy to see that

\sum\limits_{\begin{subarray}{c}I\subset[4],\\ \#I=2\end{subarray}}S_{I}=-2\eta(-1)-\eta(1)-\eta(-1)-\eta(1)-\eta(-1)=2.

By Theorem 2, we have $|S_{\{i,5\}}|\leq 2\sqrt{q}$ for any $i\in[4]$ , which implies that $\sum_{\#I=2}S_{I}\geq 2-8\sqrt{q}$ .

By Theorem 2, we have $|S_{I}|\leq 2\sqrt{q}$ for any $I\subset[4]$ with $\#I=3$ and $|S_{I\cup\{5\}}|\leq 3\sqrt{q}$ for any $I\subset[4]$ with $\#I=2$ . It follows that

\sum\limits_{\#I=3}S_{I}\geq-2\sqrt{q}\cdot\binom{4}{3}-3\sqrt{q}\cdot\binom{4% }{2}=-26\sqrt{q}.

By Theorem 2, we have $|S_{[4]}|\leq 3\sqrt{q}$ and $|S_{I\cup\{5\}}|\leq 4\sqrt{q}$ for any $I\subset[4]$ with $\#I=3$ . It follows that

\sum\limits_{\#I=4}S_{I}\geq-3\sqrt{q}-4\sqrt{q}\cdot\binom{4}{3}=-19\sqrt{q}.

6.

By Theorem 2, we have $|S_{[5]}|\leq 5\sqrt{q}$ .

In conclusion, we have

	$\displaystyle\sum\limits_{I}S_{I}$	$\displaystyle\geq q+1+2-8\sqrt{q}-26\sqrt{q}-19\sqrt{q}-5\sqrt{q}$
		$\displaystyle=q-58\sqrt{q}+3.$

If $q\geq 58^{2}$ , then $\#\Lambda=\frac{1}{64}\cdot\sum_{I}S_{I}>0$ . For the case where $7<q<58^{2}$ , we directly verify the theorem using a Python program, which can be found in the appendix. ∎

Remark.

When $q=7$ , we have $\delta_{F_{2,\frac{1}{3}}}=2$ , i.e., $F_{2,\frac{1}{3}}$ is an APN function.

Theorem 6.

Assume that $q\equiv 3\ ({\rm{mod}}\,\ 8)$ , $p\neq 3$ and $q>43$ . Then $\delta_{F_{2,\frac{1}{3}}}=4$ .

Proof.

We want to show that there exists $b\in\mathbb{F}_{q}$ such that $\#A_{01}(b)=2$ and $\#A_{11}(b)=\#A_{10}(b)=1$ . By (19), (20) and (21), we only need to prove that the following set is non-empty:

\displaystyle\Lambda

\displaystyle=\left\{b\in\mathbb{F}_{q}:\ \begin{cases}\eta(3b\pm 2)=-1,\\ \eta(4\pm 3b)=-1,\\ \eta(1\pm\sqrt{\frac{4-3b}{2}})=1,\\ \eta(2\pm\sqrt{\frac{4-3b}{2}})=-1,\\ \eta(y-2)=-1,\mbox{where }y\ \mbox{is the square}\\ \ \ \mbox{root of }\frac{3b+4}{2}\ \mbox{such that }\eta(y-1)=1\end{cases}% \right\}.

Making the substitution $y^{2}=\frac{3b+4}{2}$ and $z^{2}=\frac{4-3b}{2}$ , we have $y^{2}+z^{2}=4$ and

	$\displaystyle\#\Lambda$	$\displaystyle=\frac{1}{2}\cdot\#\left\{(y,z)\in{\mathbb{F}_{q}^{*}}^{2}:\ % \begin{cases}y^{2}+z^{2}=4,\\ \eta(y-2)=-1,\\ \eta(y-1)=1,\\ \eta(1\pm z)=1,\\ \eta(2\pm z)=-1,\\ \eta(y^{2}-1)=1,\\ \eta(y^{2}-3)=1\end{cases}\right\}$
		$\displaystyle=\frac{1}{2}\cdot\#\left\{(y,z)\in{\mathbb{F}_{q}^{*}}^{2}:\ % \begin{cases}y^{2}+z^{2}=4,\\ \eta(y-2)=-1,\\ \eta(y\pm 1)=1,\\ \eta(1\pm z)=1,\\ \eta(2\pm z)=-1,\\ \eta(y^{2}-3)=1\end{cases}\right\}.$

Since $y^{2}+z^{2}=4$ , by Lemma 2, we have $\eta(2\pm z)=-1$ if and only if $\eta(2\pm y)=1$ . It follows that

	$\displaystyle\#\Lambda$	$\displaystyle=\frac{1}{2}\cdot\#\left\{(y,z)\in{\mathbb{F}_{q}^{*}}^{2}:\ % \begin{cases}y^{2}+z^{2}=4,\\ \eta(2\pm y)=1,\\ \eta(y\pm 1)=1,\\ \eta(1\pm z)=1,\\ \eta(y^{2}-3)=1\end{cases}\right\}$
		$\displaystyle=\frac{1}{2^{8}}\cdot\Bigg{(}\sum\limits_{I}S_{I}-\sum\limits_{(y% ,z)\in A}\displaystyle\prod_{i=1}^{7}\Big{(}1+\eta\big{(}p_{i}(y,z)\big{)}\Big% {)}\Bigg{)}$

where $I$ runs over all subsets of $[7]$ ,

S_{I}=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=4\end{subarray}}\eta\big{(}\displaystyle\prod_{i\in I}p_{i}(y,z)% \big{)},

A=\begin{cases}\big{\{}(\pm 2,0),(0,\pm 2)\big{\}}&\mbox{if }\eta(3)=-1,\\ \big{\{}(\pm 2,0),(\pm\sqrt{3},\pm 1),&\mbox{if }\eta(3)=1,\\ \ \ (0,\pm 2),(\pm 1,\pm\sqrt{3})\big{\}}\end{cases}

and

	$\displaystyle p_{1}(y,z)=2+y,$	$\displaystyle p_{2}(y,z)=2-y,$
	$\displaystyle p_{3}(y,z)=y+1,$	$\displaystyle p_{4}(y,z)=y-1,$
	$\displaystyle p_{5}(y,z)=y^{2}-3,$
	$\displaystyle p_{6}(y,z)=1+z,$	$\displaystyle p_{7}(y,z)=1-z,$

Since $p_{3}(-2,0)=p_{4}(0,-2)=p_{7}(0,2)=-1\in C_{1}$ , we have

\displaystyle\prod_{i=1}^{7}\Big{(}1+\eta\big{(}p_{i}(-2,0)\big{)}\Big{)}=% \displaystyle\prod_{i=1}^{7}\Big{(}1+\eta\big{(}p_{i}(0,\pm 2)\big{)}\Big{)}=0.

Moreover, if $\eta(3)=1$ , since $p_{3}(\sqrt{3},1)\cdot p_{4}(\sqrt{3},1)=2$ and $\eta(2)=-1$ , we have either $p_{3}(\sqrt{3},1)\in C_{1}$ or $p_{4}(\sqrt{3},1)\in C_{1}$ . Hence

\displaystyle\prod_{i=1}^{7}\Big{(}1+\eta\big{(}p_{i}(\sqrt{3},1)\big{)}\Big{)% }=0.

Similarly, we can show that

\displaystyle\prod_{i=1}^{7}\Big{(}1+\eta\big{(}p_{i}(\pm\sqrt{3},\pm 1)\big{)% }\Big{)}=0.

It follows that

\sum\limits_{(y,z)\in A}\displaystyle\prod_{i=1}^{7}\Big{(}1+\eta\big{(}p_{i}(% y,z)\big{)}\Big{)}\leq 5\cdot 2^{6},

which implies that $\#\Lambda\geq\frac{1}{2^{8}}(\sum_{I}S_{I}-320)$ . If $I=\emptyset$ , then by Lemma 6, we have

S_{I}=\#\left\{(y,z)\in\mathbb{F}_{q}^{2}:\ y^{2}+z^{2}=4\right\}=q+1.

If $I=I^{(1)}=\{1,2\}$ , then

	$\displaystyle S_{I}$	$\displaystyle=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=4\end{subarray}}\eta\big{(}4-y^{2}\big{)}=\sum\limits_{\begin{% subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=4\end{subarray}}\eta(z^{2})$
		$\displaystyle=\#\left\{(y,z)\in\mathbb{F}_{q}^{2}:\ y^{2}+z^{2}=4\right\}-2=q-1.$

If $I=I^{(2)}=\{5,6,7\}$ , then

	$\displaystyle S_{I}$	$\displaystyle=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=4\end{subarray}}\eta\big{(}(y^{2}-3)(1-z^{2})\big{)}=\sum\limits_{% \begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=4\end{subarray}}\eta(y^{2}-3)^{2}$
		$\displaystyle\geq\#\left\{(y,z)\in\mathbb{F}_{q}^{2}:\ y^{2}+z^{2}=4\right\}-4% =q-3.$

If $I=I^{(3)}=\{1,2,5,6,7\}$ , then

	$\displaystyle S_{I}$	$\displaystyle=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=4\end{subarray}}\eta(y^{2}-3)^{2}\eta(z)^{2}$
		$\displaystyle\geq\#\left\{(y,z)\in\mathbb{F}_{q}^{2}:\ y^{2}+z^{2}=4\right\}-6% =q-5.$

Now assume that $\#I\geq 1$ and $I\neq I^{(i)}$ for any $1\leq i\leq 3$ . We can divide $I$ into two parts: $I=I_{1}\cup I_{2}$ , where $I_{1}\subset[5]$ and $I_{2}\subset\{6,7\}$ .

If $\#I_{2}=0$ , then $\prod_{i\in I}p_{i}(y,z)$ is a polynomial of $y$ . Denote it by $\gamma(y)$ . Then

	$\displaystyle S_{I}$	$\displaystyle=\sum\limits_{\begin{subarray}{c}y,z\in\mathbb{F}_{q}\\ y^{2}+z^{2}=4\end{subarray}}\eta\big{(}\gamma(y)\big{)}$
		$\displaystyle=\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}\gamma(y)\big{)}\Big{% (}1+\eta(4-y^{2})\Big{)}$
		$\displaystyle=\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}\gamma(y)\big{)}+\sum% \limits_{y\in\mathbb{F}_{q}}\eta\big{(}\gamma(y)(4-y^{2})\big{)}.$

Since $I\neq I^{(1)}$ , neither $\gamma(y)$ nor $\gamma(y)(4-y^{2})$ is the square of a polynomial. By Theorem 2, we have

	$\displaystyle S_{I}$	$\displaystyle\geq\big{(}1-\deg(\gamma)\big{)}\sqrt{q}+\Big{(}1-\big{(}\deg(% \gamma)+2\big{)}\Big{)}\sqrt{q}$
		$\displaystyle=-2\deg(\gamma)\sqrt{q}.$

2.

If $\#I_{2}=2$ , then using the relation $y^{2}+z^{2}=4$ , $\prod_{i\in I}p_{i}(y,z)$ can be transformed into a polynomial of $y$ . Since $I\neq I^{(i)}$ for $i=2,3$ , we can also use Theorem 2 to give a lower bound for $S_{I}$ .

If $\#I_{2}=1$ , then $\prod_{i\in I}p_{i}(y,z)$ has the form $\phi(y)(z+a)$ , where $\phi\in\mathbb{F}_{q}[x]$ and $a\in\{\pm 1\}$ . Similar to the proof of Theorem 3 (see (IV)), we can show that

\displaystyle S_{I}

\displaystyle\geq\big{(}1-r(\phi)\big{)}\big{(}r(\phi)-2\big{)}\sqrt{q}-5r(% \phi)^{\frac{13}{3}}-\deg(\phi)-1,

where $r(\phi):=\max\{4,2+2\deg(\phi)\}$ .

Using a Python program like the one used in the proof of Theorem 3, we can obtain that

	$\displaystyle\sum\limits_{I}S_{I}$	$\displaystyle\geq 4q-8-3644\sqrt{q}-5173713$
		$\displaystyle=4q-3644\sqrt{q}-5173721,$

which implies that

\#\Lambda\geq\frac{1}{2^{8}}(4q-3644\sqrt{q}-5174041).

If $q\geq 1681^{2}$ , then $\#\Lambda>0$ . For the case where $43<q<1681^{2}$ , we directly verify the theorem using a Python program, which can be found in the appendix. ∎

Remark.

When $q\in\{11,19,43\}$ , we have $\delta_{F_{2,\frac{1}{3}}}=3$ .

Remark.

Although $1681^{2}$ is also a relatively large number, it is still within the range that can be verified. To accelerate the computation, we used multiprocessing techniques. We employed a high-performance computer with $112$ cores and completed the verification within $6$ hours.

VI The Differential Spectra and Boomerang Uniformity of $F_{2,\pm 1}$

This section determines the differential spectra and boomerang uniformity of $F_{2,\pm 1}$ . By Lemma 10, it suffices to consider $F_{2,1}$ . We have $D_{1}F_{2,1}(0)=2$ and $D_{1}F_{2,1}(-1)=0$ .

Case 1. If $x\in C_{00}$ , then

D_{1}F_{2,1}(x)=2\big{(}(x+1)^{2}-x^{2}\big{)}=4x+2.

The unique possible solution of $D_{1}F_{2,1}(x)=b$ is $x=\frac{b-2}{4}$ . Moreover, we have

\#A_{00}(b)=\begin{cases}1&\mbox{if}\ \frac{b-2}{4}\in C_{00},\ \mbox{i.e., }b% \pm 2\in C_{0},\\ 0&\mbox{otherwise}.\end{cases}

(22)

It is clear that $\#A_{00}(0)=\#A_{00}(2)=0$ .

Case 2. If $x\in C_{11}$ , then

D_{1}F_{2,1}(x)=(1-1)\big{(}(x+1)^{2}-x^{2}\big{)}=0,

which implies that

\#A_{11}(b)=\begin{cases}\#C_{11}=\frac{q-3}{4}&\mbox{if}\ b=0,\\ 0&\mbox{if }b\neq 0.\end{cases}

(23)

Case 3. If $x\in C_{01}$ , then $D_{1}F_{2,1}(x)=-2x^{2}$ . It is clear that $\#A_{01}(0)=0$ . Since $\eta(-1)=-1$ , we have $\#A_{01}(2)=0$ . Assume that $b\neq 0$ and consider the equation $D_{1}F_{2,1}(x)=b\Leftrightarrow x^{2}=-\frac{b}{2}$ . It is clear that $\#A_{01}(b)\leq 1$ . Moreover, $\#A_{01}(b)=1$ if and only if $\eta(-\frac{b}{2})=1$ and $\eta(y+1)=-1$ , where $y$ is the (only) square root of $-\frac{b}{2}$ such that $\eta(y)=1$ .

Case 4. If $x\in C_{10}$ , then

D_{1}F_{2,1}(x)=2x^{2}+4x+2=2(x+1)^{2}.

It is clear that $\#A_{10}(0)=0$ . The two solutions of $D_{1}F_{2,1}(x)=2$ are $x=0$ and $x=-2$ , neither of which is in $C_{10}$ . Hence $\#A_{10}(2)=0$ . Assume that $b\neq 0$ and consider the equation $D_{1}F_{2,1}(x)=b\ \Leftrightarrow\ (x+1)^{2}=\frac{b}{2}$ . It is clear that $\#A_{10}(b)\leq 1$ . Moreover, $\#A_{10}(b)=1$ if and only if $\eta(\frac{b}{2})=1$ and $\eta(y-1)=-1$ , where $y$ is the (only) square root of $\frac{b}{2}$ such that $\eta(y)=1$ .

In summary, we have $\delta_{F_{2,1}}(1,0)=\#A_{11}(0)+1=\frac{q+1}{4}$ , $\delta_{F_{2,1}}(1,2)=1$ and for any $b\in\mathbb{F}_{q}^{*}$ , $\delta_{F_{2,1}}(1,b)\leq 2$ . If $q>7$ , then $\frac{q+1}{4}>2$ . Put

\Lambda_{1}=\left\{b\in\mathbb{F}_{q}:\ \begin{cases}\eta(b\pm 2)=1,\\ \eta(-\frac{b}{2})=1,\\ \eta(y+1)=-1,\ \mbox{where }y\ \mbox{is the}\\ \mbox{square root of}\ -\frac{b}{2}\ \mbox{with }\eta(y)=1\end{cases}\right\}

and

\Lambda_{2}=\left\{b\in\mathbb{F}_{q}:\ \begin{cases}\eta(b\pm 2)=1,\\ \eta(\frac{b}{2})=1,\\ \eta(y-1)=-1,\ \mbox{where }y\ \mbox{is the}\\ \mbox{square root of}\ \frac{b}{2}\ \mbox{with }\eta(y)=1\end{cases}\right\}.

Then $\Lambda_{1}\cup\Lambda_{2}=\{b\in\mathbb{F}_{q}:\ \delta_{F_{2,1}}(1,b)=2\}$ . We have

	$\displaystyle\#\Lambda_{1}$	$\displaystyle=\#\left\{y\in\mathbb{F}_{q}:\ \begin{cases}\eta(y)=1,\\ \eta(y+1)=-1,\\ \eta(-2y^{2}\pm 2)=1\end{cases}\right\}$
		$\displaystyle=\#\left\{y\in\mathbb{F}_{q}:\ \begin{cases}\eta(y)=1,\\ \eta(y+1)=-1,\\ \eta(y-1)=\eta(2),\\ \eta(y^{2}+1)=-\eta(2)\end{cases}\right\}$
		$\displaystyle=\frac{1}{16}\Bigg{(}\sum\limits_{y\in\mathbb{F}_{q}}% \displaystyle\prod_{i=1}^{4}\Big{(}1+\eta\big{(}p_{i}(y)\big{)}\Big{)}$
		$\displaystyle\qquad\qquad-\sum\limits_{y\in A}\displaystyle\prod_{i=1}^{4}\Big% {(}1+\eta\big{(}p_{i}(y)\big{)}\Big{)}\Bigg{)}$
		$\displaystyle=\frac{1}{16}\left(\sum\limits_{I}S_{I}-\sum\limits_{y\in A}% \displaystyle\prod_{i=1}^{4}\Big{(}1+\eta\big{(}p_{i}(y)\big{)}\Big{)}\right),$

where $A=\{0,\pm 1\}$ , $I$ runs over all subsets of $[4]$ , $S_{I}=\sum_{y\in\mathbb{F}_{q}}\eta\big{(}\prod_{i\in I}p_{i}(y)\big{)}$ and

	$\displaystyle p_{1}(y)=y,$	$\displaystyle p_{2}(y)=-(y+1),$
	$\displaystyle p_{3}(y)=2(y-1),$	$\displaystyle p_{4}(y)=-2(y^{2}+1).$

Since $p_{2}(0)=-1\in C_{1}$ and $p_{4}(1)=p_{4}(-1)=-4\in C_{1}$ , we have

\sum\limits_{y\in A}\displaystyle\prod_{i=1}^{4}\Big{(}1+\eta\big{(}p_{i}(y)% \big{)}\Big{)}=0.

Now we compute each $S_{I}$ .

1.

If $I=\emptyset$ , then $S_{I}=\#\mathbb{F}_{q}=q$ .
2.

If $I=\{i\}$ for some $i\in[3]$ , then $S_{I}=0$ since $p_{i}$ is a linear function. By Lemma 5, we have $S_{\{4\}}=\eta(2)$ . It follows that $\sum_{\#I=1}S_{I}=\eta(2)$ .

By Lemma 5, we have $S_{\{1,2\}}=1$ , $S_{\{1,3\}}=-\eta(2)$ and $S_{\{2,3\}}=\eta(2)$ . By Lemma 8, we have $S_{\{1,4\}}=0$ . Hence

	$\displaystyle\sum\limits_{\#I=2}S_{I}$	$\displaystyle=1+\eta(2)\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}(y+1)(y^{2}+% 1)\big{)}$
		$\displaystyle-\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}(y-1)(y^{2}+1)\big{)}.$

By Lemma 8, we have $S_{\{1,2,3\}}=0$ . By Lemma 9, we have

S_{\{1,2,4\}}=-\eta(2)+\eta(2)\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}(y+1)% (y^{2}+1)\big{)}

and

S_{\{1,3,4\}}=1+\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}(y-1)(y^{2}+1)\big{% )}.

We have

S_{\{2,3,4\}}=\sum\limits_{y\in\mathbb{F}_{q}}\eta(y^{4}-1)=-1

by Lemma 7.

5.

By Lemma 8, we have $S_{\{1,2,3,4\}}=0$ .

In summary, we have

\displaystyle\#\Lambda_{1}

\displaystyle=\frac{1}{16}\Bigg{(}q+1+2\eta(2)\sum\limits_{y\in\mathbb{F}_{q}}% \eta\big{(}(y+1)(y^{2}+1)\big{)}\Bigg{)}.

(24)

Similarly, we can prove that

\displaystyle\#\Lambda_{2}

\displaystyle=\frac{1}{16}\Bigg{(}q+1-2\sum\limits_{y\in\mathbb{F}_{q}}\eta% \big{(}(y+1)(y^{2}+1)\big{)}\Bigg{)}.

(25)

Theorem 7.

Assume that $q>7$ . The differential spectrum of $F_{2,1}$ is given by

\displaystyle\begin{cases}\omega_{0}=\frac{(q-1)\Big{(}3q-5+\big{(}\eta(2)-1% \big{)}T\Big{)}}{8},\\ \omega_{1}=\frac{(q-1)\Big{(}2q-2+\big{(}1-\eta(2)\big{)}T\Big{)}}{4},\\ \omega_{2}=\frac{(q-1)\Big{(}q+1+\big{(}\eta(2)-1\big{)}T\Big{)}}{8},\\ \omega_{\frac{q+1}{4}}=q-1,\end{cases}

where

T=\sum\limits_{y\in\mathbb{F}_{q}}\eta\big{(}(y+1)(y^{2}+1)\big{)}.

In particular, $F_{2,1}$ is a locally-APN function with differential uniformity $\frac{q+1}{4}$ .

Proof.

By Lemma 11, (24) and (25), we have $\omega_{\frac{q+1}{4}}=q-1$ and

\displaystyle\omega_{2}

\displaystyle=\frac{(q-1)\Big{(}q+1+\big{(}\eta(2)-1\big{)}T\Big{)}}{8}.

By (1), we have

\displaystyle\begin{cases}\omega_{0}+\omega_{1}+\omega_{2}+\omega_{4}=(q-1)q,% \\ \omega_{1}+2\omega_{2}+\frac{q+1}{4}\omega_{4}=(q-1)q.\end{cases}

It follows that

\displaystyle\begin{cases}\omega_{0}=\frac{(q-1)\Big{(}3q-5+\big{(}\eta(2)-1% \big{)}T\Big{)}}{8},\\ \omega_{1}=\frac{(q-1)\Big{(}2q-2+\big{(}1-\eta(2)\big{)}T\Big{)}}{4}.\end{cases}

∎

Finally, we compute the boomerang uniformity of $F_{2,1}$ . We need to solve the following system of equations

\displaystyle\begin{cases}x^{2}\big{(}1+\eta(x)\big{)}-y^{2}\big{(}1+\eta(y)% \big{)}=b,\\ (x+1)^{2}\big{(}1+\eta(x+1)\big{)}-(y+1)^{2}\big{(}1+\eta(y+1)\big{)}=b\end{cases}

(26)

for any $b^{*}\in\mathbb{F}_{q}$ . For any $i,j,k,l\in\{0,1\}$ , let $A_{ij,kl}(b)$ be the set of solutions $(x,y)$ of (26) in $C_{ij}\times C_{kl}$ .

Lemma 21.

For any $b\in\mathbb{F}_{q}^{*}$ , there is no solution $(x,y)$ to the system of equations (26) with $x\in\{0,-1\}$ or $y\in\{0,-1\}$ .

Proof.

Assume that $x=0$ . Then (26) becomes

\displaystyle\begin{cases}y^{2}\big{(}1+\eta(y)\big{)}=-b,\\ (y+1)^{2}\big{(}1+\eta(y+1)\big{)}=2-b.\end{cases}

Since $b\neq 0$ , we have $\eta(y)=1$ . If $\eta(y+1)=1$ , then we have

(y+1)^{2}=1-\frac{b}{2}=1+y^{2},

which implies that $y=0$ and thus $b=0$ . This is a contradiction. If $\eta(y+1)=-1$ , then $b=2$ and thus $y^{2}=-1$ . This is also a contradiction. Hence there is no solution $(x,y)$ to (26) with $x=0$ .

Assume that $x=-1$ . Then (26) becomes

\displaystyle\begin{cases}y^{2}\big{(}1+\eta(y)\big{)}=-b,\\ (y+1)^{2}\big{(}1+\eta(y+1)\big{)}=-b.\end{cases}

Since $b\neq 0$ , we have $\eta(y)=1$ and $\eta(y+1)=1$ , which implies that $y^{2}=(y+1)^{2}=-\frac{b}{2}$ . It follows that $y=-\frac{1}{2}$ . But then it is impossible that $\eta(y)=\eta(y+1)=1$ . Hence there is no solution $(x,y)$ to (26) with $x=-1$ . By symmetry, we can prove the assertion on $y$ . ∎

By Lemma 21, we have

\beta_{F_{2,1}}(1,b)=\sum\limits_{i,j,k,l\in\{0,1\}}\#A_{ij,kl}.

Case 1. If $(x,y)\in C_{00}\times C_{00}$ , then (26) becomes

		$\displaystyle\begin{cases}x^{2}-y^{2}=\frac{b}{2},\\ (x+1)^{2}-(y+1)^{2}=\frac{b}{2},\end{cases}$
	$\displaystyle\iff\$	$\displaystyle\begin{cases}(x-y)(x+y)=\frac{b}{2},\\ (x-y)(x+y+2)=\frac{b}{2}.\end{cases}$

Since $b\neq 0$ we have $x\neq y$ , which implies that $x+y=x+y+2$ . This is impossible and thus $\#A_{00,00}(b)=0$ for any $b\in\mathbb{F}_{q}^{*}$ .

Case 2. If $(x,y)\in C_{00}\times C_{01}$ , then (26) becomes

\displaystyle\begin{cases}x^{2}-y^{2}=\frac{b}{2},\\ (x+1)^{2}=\frac{b}{2},\end{cases}\iff\ \ \begin{cases}(x+1)^{2}=\frac{b}{2},\\ y^{2}=-(2x+1).\end{cases}

(27)

It follows that $\#A_{00,01}(b)\leq 1$ and $\#A_{00,01}(b)=1$ if and only if

\displaystyle\begin{cases}\eta(\frac{b}{2})=1,\\ \eta(x-1)=1,\ \mbox{where }x\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\,\frac{b}{2}\ \mbox{such that }\eta(x)=1,\\ \eta(1-2x)=1,\\ \eta(y+1)=-1,\ \mbox{where }y\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\quad 1-2x\ \mbox{such that }\eta(y)=1.\end{cases}

Case 3. If $(x,y)\in C_{00}\times C_{10}$ , then (26) becomes

\displaystyle\begin{cases}x^{2}=\frac{b}{2},\\ (x+1)^{2}-(y+1)^{2}=\frac{b}{2},\end{cases}\iff\ \ \begin{cases}x^{2}=\frac{b}% {2},\\ (y+1)^{2}=2x+1.\end{cases}

It follows that $\#A_{00,10}(b)\leq 1$ and $\#A_{00,10}(b)=1$ if and only if

\displaystyle\begin{cases}\eta(\frac{b}{2})=1,\\ \eta(x+1)=1,\ \mbox{where }x\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\,\frac{b}{2}\ \mbox{such that }\eta(x)=1,\\ \eta(1+2x)=1,\\ \eta(y-1)=-1,\ \mbox{where }y\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\quad 1+2x\ \mbox{such that }\eta(y)=1.\end{cases}

(28)

Case 4. If $(x,y)\in C_{00}\times C_{11}$ , then (26) becomes

\displaystyle\begin{cases}x^{2}=\frac{b}{2},\\ (x+1)^{2}=\frac{b}{2},\end{cases}\Rightarrow\ \ x=-\frac{1}{2}.

Since $\eta(-\frac{1}{2}+1)=\eta(\frac{1}{2})=-\eta(\frac{1}{2})$ , we have $-\frac{1}{2}\not\in C_{00}$ . Hence $\#A_{00,11}(b)=0$ for any $b\in\mathbb{F}_{q}^{*}$ .

Case 5. If $(x,y)\in C_{01}\times C_{00}$ , then (26) becomes

\displaystyle\begin{cases}x^{2}-y^{2}=\frac{b}{2},\\ (y+1)^{2}=-\frac{b}{2},\end{cases}\iff\ \ \begin{cases}(y+1)^{2}=-\frac{b}{2},% \\ x^{2}=-(2y+1).\end{cases}

It follows that $\#A_{00,11}\leq 1$ and $\#A_{00,11}=1$ if and only if

\displaystyle\begin{cases}\eta(-\frac{b}{2})=1,\\ \eta(x-1)=1,\ \mbox{where }x\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\,-\frac{b}{2}\ \mbox{such that }\eta(x)=1,\\ \eta(1-2x)=1,\\ \eta(y+1)=-1,\ \mbox{where }y\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\quad 1-2x\ \mbox{such that }\eta(y)=1.\end{cases}

Case 6. If $(x,y)\in C_{01}\times C_{01}$ , then (26) becomes

\displaystyle\begin{cases}x^{2}-y^{2}=\frac{b}{2},\\ b=0,\end{cases}

which implies that $\#A_{01,01}(b)=0$ for any $b\in\mathbb{F}_{q}^{*}$ .

Case 7. If $(x,y)\in C_{01}\times C_{10}$ , then (26) becomes

\displaystyle\begin{cases}x^{2}=\frac{b}{2},\\ (y+1)^{2}=-\frac{b}{2},\end{cases}

which implies that $\#A_{01,10}(b)=0$ for any $b\in\mathbb{F}_{q}^{*}$ .

Case 8. If $(x,y)\in C_{01}\times C_{11}$ , then (26) becomes

\displaystyle\begin{cases}x^{2}=\frac{b}{2},\\ b=0,\end{cases}

which implies that $\#A_{01,11}(b)=0$ for any $b\in\mathbb{F}_{q}^{*}$ .

Case 9. If $(x,y)\in C_{10}\times C_{00}$ , then (26) becomes

\displaystyle\begin{cases}y^{2}=-\frac{b}{2},\\ (x+1)^{2}-(y+1)^{2}=\frac{b}{2},\end{cases}\Leftrightarrow\ \ \begin{cases}y^{% 2}=-\frac{b}{2},\\ (x+1)^{2}=2y+1.\end{cases}

It follows that $\#A_{10,00}\leq 1$ and $\#A_{10,00}=1$ if and only if

\displaystyle\begin{cases}\eta(-\frac{b}{2})=1,\\ \eta(x+1)=1,\ \mbox{where }x\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\,-\frac{b}{2}\ \mbox{such that }\eta(x)=1,\\ \eta(1+2x)=1,\\ \eta(y-1)=-1,\ \mbox{where }y\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\quad 1+2x\ \mbox{such that }\eta(y)=1.\end{cases}

By following the analysis above, it can be easily proven that $\#A_{10,01}(b)=\#A_{10,10}(b)=\#A_{10,11}(b)=\#A_{11,00}(b)=\#A_{11,01}(b)=\#A% _{11,10}(b)=\#A_{11,11}(b)=0$ for any $b\in\mathbb{F}_{q}^{*}$ . Then we have the following corollary.

Corollary 4.

For any $b\in\mathbb{F}_{q}^{*}$ , we have $\beta_{F_{2,1}}(1,b)=\#A_{00,01}(b)+\#A_{00,10}(b)+\#A_{01,00}(b)+\#A_{10,00}(% b)\leq 2$ . Moreover, $\delta_{F_{2,1}}(1,b)=2$ if and only if $\#A_{00,01}(b)=\#A_{00,10}(b)=1$ or $\#A_{01,00}(b)=\#A_{10,00}(b)=1$ .

Theorem 8.

If $q\geq 9613^{2}$ , then the boomerang uniformity of $F_{2,1}$ is $2$ .

Proof.

Put $\Lambda_{1}=\{b\in\mathbb{F}_{q}:\ \#A_{00,01}(b)=\#A_{00,10}(b)=1\}$ and $\Lambda_{2}=\{b\in\mathbb{F}_{q}:\ \#A_{01,00}(b)=\#A_{10,00}(b)=1\}$ . Then it is clear that $\Lambda_{1}\cup\Lambda_{2}=\{b\in\mathbb{F}_{q}:\ \delta_{F_{2,1}}(1,b)=2\}$ and $\Lambda_{1}=-\Lambda_{2}$ . By (27) and (28), $\Lambda_{1}$ consists of $b\in\mathbb{F}_{q}$ such that

\displaystyle\begin{cases}\eta(\frac{b}{2})=1,\\ \eta(x\pm 1)=1,\ \mbox{where }x\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\,\frac{b}{2}\ \mbox{such that }\eta(x)=1,\\ \eta(1\pm 2x)=1,\\ \eta(y+1)=-1,\ \mbox{where }y\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\quad 1-2x\ \mbox{such that }\eta(y)=1,\\ \eta(z-1)=-1,\ \mbox{where }z\ \mbox{is the (only) square root of}\\ \qquad\qquad\qquad\quad 1+2x\ \mbox{such that }\eta(z)=1.\end{cases}

It follows that

	$\displaystyle\#\Lambda_{1}$	$\displaystyle=\#\left\{(y,z)\in\mathbb{F}_{q}^{2}:\ \begin{cases}y^{2}+z^{2}=2% ,\\ \eta(y)=1,\\ \eta(z)=1,\\ \eta(y+1)=-1,\\ \eta(z-1)=-1,\\ \eta(\frac{z^{2}-1}{2})=1,\\ \eta(\frac{z^{2}+1}{2})=1,\\ \eta(\frac{z^{2}-3}{2})=1\end{cases}\right\}$
		$\displaystyle=\#\left\{(y,z)\in\mathbb{F}_{q}^{2}:\ \begin{cases}y^{2}+z^{2}=2% ,\\ \eta(y)=1,\\ \eta(z)=1,\\ \eta(y+1)=-1,\\ \eta(1-z)=1,\\ \eta(\frac{1+z}{2})=-1,\\ \eta(\frac{z^{2}+1}{2})=1,\\ \eta(\frac{z^{2}-3}{2})=1\end{cases}\right\}.$

Using the previous method, we can obtain that

\#\Lambda\geq\frac{1}{2^{7}}(q-7756\sqrt{q}-17844127).

If $q\geq 9613^{2}$ , then $\#\Lambda>0$ . ∎

Remark.

Numerical results suggest that the theorem is true when $q\geq 307$ .

VII Conclusion

In this paper, we conducted an in-depth study on the differential and boomerang properties of the binomial function $F_{2,u}(x)=x^{2}\big{(}1+u\eta(x)\big{)}$ over $\mathbb{F}_{q}$ , where $q$ is an odd prime power with $q\equiv 3\ ({\rm{mod}}\,4)$ and $u\in\mathbb{F}_{q}^{*}$ . By adopting a methodology that combines algebraic and geometric tools, we determined the differential uniformity of $F_{2,u}$ for any $u\in\mathbb{F}_{q}^{*}$ and specifically proved that

\displaystyle\delta_{F_{2,u}}=\begin{cases}\frac{q+1}{4}&\mbox{if }u\in\{\pm 1% \},\\ 5&\mbox{if }u\in\mathbb{F}_{q}\setminus\mathcal{U}\ \mbox{and }\eta(1+u)=\eta(% u-1),\\ 4&\mbox{if }u\in\mathbb{F}_{q}\setminus\mathcal{U}\ \mbox{and }\eta(1+u)=\eta(% 1-u),\\ 4&\mbox{if }q\equiv 3\ ({\rm{mod}}\,8),\ p\neq 3\ \mbox{and }u\in\{\pm\frac{1}% {3}\},\\ 3&\mbox{if }q\equiv 7\ ({\rm{mod}}\,8)\ \mbox{and }u\in\{\pm\frac{1}{3}\},\end% {cases}

where

\mathcal{U}=\begin{cases}\{0,\pm 1\}&\mbox{if}\ p=3,\\ \{0,\pm 1,\pm\frac{1}{3}\}&\mbox{if}\ p\neq 3.\end{cases}

Note that these equalities hold only when $q$ is sufficiently large. In particular, we disproved the conjecture proposed in [5]. We also determined the differential spectra of the locally-APN functions $F_{2,\pm 1}$ by expressing them in terms of several quadratic character sums of cubic polynomials (when $q\equiv 7\ ({\rm{mod}}\,8)$ , these character sums are actually eliminated). Finally, we showed that the boomerang uniformity of $F_{2,\pm 1}$ is $2$ for sufficiently large $q$ . The proven results show that the function $F_{2,u}$ has favorable differential properties.

The methods used in this paper are both typical and innovative, and we believe they will also help solve other problems.

References

[1] C. Blondeau, A. Canteaut, and P. Charpin, “Differential properties of power functions,” International Journal of Information and Coding Theory, vol. 1, no. 2, pp. 149–170, 2010.
[2] ——, “Differential properties of $x\mapsto x^{2^{t}-1}$ ,” IEEE Transactions on Information Theory, vol. 57, no. 12, pp. 8127–8137, 2011.
[3] C. Blondeau and K. Nyberg, “Perfect nonlinear functions and cryptography,” Finite fields and their applications, vol. 32, pp. 120–147, 2015.
[4] C. Boura and A. Canteaut, “On the boomerang uniformity of cryptographic S-boxes,” IACR Transactions on Symmetric Cryptology, pp. 290–310, 2018.
[5] L. Budaghyan and M. Pal, “Arithmetization-oriented APN permutations,” Designs, Codes and Cryptography, pp. 1–22, 2024.
[6] Z. Hu, N. Li, L. Xu, X. Zeng, and X. Tang, “The differential spectrum and boomerang spectrum of a class of locally-APN functions,” Designs, Codes and Cryptography, vol. 91, no. 5, pp. 1695–1711, 2023.
[7] K. Li, L. Qu, B. Sun, and C. Li, “New results about the boomerang uniformity of permutation polynomials,” IEEE Transactions on Information Theory, vol. 65, no. 11, pp. 7542–7553, 2019.
[8] R. Lidl and H. Niederreiter, Finite fields. Cambridge university press, 1997, no. 20.
[9] C. Lyu, X. Wang, and D. Zheng, “A further study on the Ness-Helleseth function,” Finite Fields and Their Applications, vol. 98, p. 102453, 2024.
[10] G. L. Mullen and D. Panario, Handbook of finite fields. CRC press Boca Raton, 2013, vol. 17.
[11] G. J. Ness and T. Helleseth, “A new family of ternary almost perfect nonlinear mappings,” IEEE Transactions on information theory, vol. 53, no. 7, pp. 2581–2586, 2007.
[12] K. Nyberg, “Differentially uniform mappings for cryptography,” in Workshop on the Theory and Application of Cryptographic Techniques. Springer, 1993, pp. 55–64.
[13] T. Storer, Cyclotomy and Difference Sets. Chicago, IL, USA: Markham Publishing Company, 1967.
[14] D. Wagner, “The boomerang attack,” in International Workshop on Fast Software Encryption. Springer, 1999, pp. 156–170.
[15] Y. Xia, F. Bao, S. Chen, C. Li, and T. Helleseth, “More differential properties of the Ness-Helleseth function,” IEEE Transactions on Information Theory, 2024.
[16] Y. Xia, C. Li, F. Bao, S. Chen, and T. Helleseth, “Further investigation on differential properties of the generalized Ness-Helleseth function,” arXiv preprint arXiv:2408.17272, 2024.
[17] X. Zeng, L. Hu, Y. Yang, and W. Jiang, “On the inequivalence of Ness-Helleseth APN functions,” Cryptology ePrint Archive, 2007.
[18] Z. Zha, “Research on low differential uniformity functions,” Doctoral Dissertation, Hunan University, 2008.

[Auxiliary Programs used in the proofs]

Note that all the Python programs in the appendix need to be run in the SageMath environment. SageMath is a free open-source Python-based mathematics software system, whose official website is https://www.sagemath.org.

1.

The Program Used in the Proof of Theorem 3

⬇

import math

# Store the degrees of p_1~p_6

degrees_of_y_polynomials = [1, 1, 1, 1, 2, 2]

# Obtain all subsets of {1,2,3,4,5,6}

I_1s = Subsets({1, 2, 3, 4, 5, 6})

# Store the final results

m_1, m_2 = 0, 0

def get_deg_omega(deg_phi, deg_rho):

if deg_rho == 0:

return max([4, 2 + 2 * deg_phi])

else:

return 4+2*deg_phi

def lower_bound_1(deg_phi, deg_rho):

deg_omega = get_deg_omega(deg_phi, deg_rho)

return -(deg_omega-1)*(deg_omega-2), -5*pow(deg_omega, 13/3)-deg_phi-1

# If #I_2=0

for I_1 in I_1s:

if I_1 != set(): # I_1 is not empty

# In Python, the index starts from 0

d_gamma = sum([degrees_of_y_polynomials[i-1] for i in I_1])

m_1 += -2 * d_gamma

# If #I_2=1

for I_1 in I_1s:

deg_phi = sum([degrees_of_y_polynomials[i-1] for i in I_1])

differences = lower_bound_1(deg_phi, 0)

for i in range(4): # p_7~p_10

m_1 += differences[0]

m_2 += differences[1]

# If #I_2=3

for I_1 in I_1s:

# Note that we should add 2 to the degree

deg_phi = sum([degrees_of_y_polynomials[i-1] for i in I_1]) + 2

differences = lower_bound_1(deg_phi, 0)

for i in range(4): # 3-sets of {7,8,9,10}

m_1 += differences[0]

m_2 += differences[1]

# If #I_2=4

for I_1 in I_1s:

if I_1 != {5, 6}:

# Note that we should add 4 to the degree

d_gamma = sum([degrees_of_y_polynomials[i-1] for i in I_1]) + 4

# If 5 or 6 is in I_1, no extra roots are added

if 5 in I_1:

d_gamma -= 2

if 6 in I_1:

d_gamma -= 2

m_1 += -2 * d_gamma

# If #I_2=2

# I_2={7,8}

for I_1 in I_1s:

if I_1 != {5}:

# Note that we should add 2 to the degree

d_gamma = sum([degrees_of_y_polynomials[i-1] for i in I_1]) + 2

if 5 in I_1:

d_gamma -= 2

m_1 += -2 * d_gamma

# I_2={9,10}

for I_1 in I_1s:

if I_1 != {6}:

# Note that we should add 2 to the degree

d_gamma = sum([degrees_of_y_polynomials[i-1] for i in I_1]) + 2

if 6 in I_1:

d_gamma -= 2

m_1 += -2 * d_gamma

# Otherwise (4 cases)

for I_1 in I_1s:

deg_phi = sum([degrees_of_y_polynomials[i-1] for i in I_1])

differences = lower_bound_1(deg_phi, 2)

for i in range(4):

m_1 += differences[0]

m_2 += differences[1]

print(f’m_1={m_1}’, ’\n’, f’m_2={math.floor(m_2)}’)
2.

The Program Used in the Proofs of Theorem 5 and Theorem 6

⬇

import multiprocessing

from collections import Counter

from functools import reduce

# Obtain all prime powers < n

def find_prime_powers(n):

result = []

for p in primes(n):

power = p

while power < n:

result.append(power)

power *= p

return sorted(result)

def compute_differential_uniformity(prime_power):

field = GF(prime_power)

square_elements = set()

square_table = {}

for x in field:

square_table[x] = x^2

if x != 0:

square_elements.add(x^2)

def eta(x):

if x == 0: return 0

if x in square_elements: return 1

return -1

def F(x):

return square_table[x] * (1 + field(1)/3 * eta(x))

return max([number for _,number in

Counter([F(x+1)-F(x) for x in field]).items()])

# Proof of Theorem 5

print(”Proof of Theorem 5”)

n_1 = 58**2

prime_powers_1 = [item for item in find_prime_powers(n_1) if item % 8 == 7]

for prime_power in prime_powers_1:

differential_uniformity = compute_differential_uniformity(prime_power)

if differential_uniformity != 3:

print(f”Exception: q={prime_power}, ”

f”differential uniformity={differential_uniformity}”)

# Proof of Theorem 6

print(”Proof of Theorem 6”)

n_2 = 1681**2

prime_powers_2 = [item for item in find_prime_powers(n_2)

if item % 8 == 3 and item % 3 != 0]

# Split a list into several parts as evenly as possible

def split_list(my_list, count):

avg_length = len(my_list) // count

extra = len(my_list) % count

result = []

start = 0

for i in range(count):

end = start + avg_length + (1 if i < extra else 0)

result.append(my_list[start:end])

start = end

return result

# Obtain the number of CPU cores

num_cores = multiprocessing.cpu_count()

prime_powers_2_split = split_list(prime_powers_2, num_cores)

# Use multithreading to speed up the computation

def worker(prime_powers):

result=[]

for prime_power in prime_powers:

differential_uniformity = compute_differential_uniformity(

prime_power)

if differential_uniformity != 4:

result.append((prime_power, differential_uniformity))

return result

with multiprocessing.Pool(processes=num_cores) as pool:

results = pool.map(worker, prime_powers_2_split)

results = reduce(lambda x, y: x + y, results)

For an exception in results:

print(f”Exception: q={exception[0]}, ”

f”differential uniformity={exception[1]}”)

The Differential and Boomerang Properties of a Class of Binomials

Abstract

Index Terms:

I Introduction

II Preliminaries

Lemma 1 ([13, Lemma 6]).

Lemma 2.

Proof.

Definition 1.

Theorem 1 ([10, Theorem 7.1.9]).

Lemma 3.

Proof.

Lemma 4.

Proof.

Lemma 5 ([8, Theorem 5.48]).

Lemma 6 ([8, Lemma 6.24]).

Lemma 7.

Proof.

Definition 2.

Lemma 8 ([8, Theorem 5.52]).

Remark.

Theorem 2 ([8, Theorem 5.41]).

Lemma 9.

Proof.

Lemma 10.

Proof.

Lemma 11.

Proof.

Lemma 12.

Proof.

Lemma 13.

Proof.

Lemma 14.

Proof.

Lemma 15.

Proof.

Lemma 16.

Proof.

Corollary 1.

Proof.

IV The Differential Uniformity of F2,usubscript𝐹2𝑢F_{2,u}italic_F start_POSTSUBSCRIPT 2 , italic_u end_POSTSUBSCRIPT with u∈𝔽q∖𝒰𝑢subscript𝔽𝑞𝒰u\in\mathbb{F}_{q}\setminus\mathcal{U}italic_u ∈ blackboard_F start_POSTSUBSCRIPT italic_q end_POSTSUBSCRIPT ∖ caligraphic_U

Theorem 3.

Proof.

Remark.

Theorem 4.

Proof.

Remark.

V The Differential Uniformity of F2,±13subscript𝐹2plus-or-minus13F_{2,\pm\frac{1}{3}}italic_F start_POSTSUBSCRIPT 2 , ± divide start_ARG 1 end_ARG start_ARG 3 end_ARG end_POSTSUBSCRIPT when p≠3𝑝3p\neq 3italic_p ≠ 3

Lemma 17.

Proof.

Corollary 2.

Proof.

Lemma 18.

Proof.

Lemma 19.

Proof.

Lemma 20.

Proof.

Corollary 3.

Theorem 5.

Proof.

Remark.

Theorem 6.

Proof.

Remark.

Remark.

VI The Differential Spectra and Boomerang Uniformity of F2,±1subscript𝐹2plus-or-minus1F_{2,\pm 1}italic_F start_POSTSUBSCRIPT 2 , ± 1 end_POSTSUBSCRIPT

Theorem 7.

Proof.

Lemma 21.

Proof.

Corollary 4.

Theorem 8.

Proof.

Remark.

VII Conclusion

References

IV The Differential Uniformity of $F_{2,u}$ with $u\in\mathbb{F}_{q}\setminus\mathcal{U}$

V The Differential Uniformity of $F_{2,\pm\frac{1}{3}}$ when $p\neq 3$

VI The Differential Spectra and Boomerang Uniformity of $F_{2,\pm 1}$