Locally-APN Binomials with Low Boomerang Uniformity in Odd Characteristic

Byunguk Kim; Minwoo Ko; Namhun Koo; Soonhak Kwon

arxiv: 2512.17603 · v2 · submitted 2025-12-19 · 💻 cs.IT · math.IT· math.NT

Locally-APN Binomials with Low Boomerang Uniformity in Odd Characteristic

Namhun Koo , Soonhak Kwon , Minwoo Ko , Byunguk Kim This is my paper

Pith reviewed 2026-05-16 20:54 UTC · model grok-4.3

classification 💻 cs.IT math.ITmath.NT

keywords locally-APNboomerang uniformitybinomial functionsfinite fieldsodd characteristicdifferential spectrapower functions

0 comments

The pith

If the power difference equation has at most one suitable solution for each b, the binomial F_r is locally-APN with boomerang uniformity at most 2.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that over finite fields of odd characteristic, whenever gcd(r, q-1) divides 2 and the equation (x+1)^r - x^r = b has at most one solution x where both x and x+1 are quadratic residues, the binomial function F_r(x) = x^r + x^{r + (q-1)/2} is locally-APN and possesses boomerang uniformity bounded by 2. This generalizes earlier results that required q congruent to 3 modulo 4. The authors further determine the differential spectra of F_3 and F_{(2q-1)/3} and the boomerang spectrum of F_2 in characteristic 3. A reader would care because these properties control differential and boomerang attacks in cryptographic constructions over odd-characteristic fields.

Core claim

If there is at most one x in F_q with chi(x) = chi(x+1) = 1 satisfying (x+1)^r - x^r = b for every nonzero b, and if gcd(r, q-1) divides 2, then the function F_r is locally-APN and has boomerang uniformity at most 2. The proof proceeds by bounding the number of solutions to the relevant boomerang and differential equations under the stated hypothesis on the power differences.

What carries the argument

The binomial F_r(x) = x^r + x^{r + (q-1)/2} together with the hypothesis that (x+1)^r - x^r = b has at most one solution x satisfying chi(x) = chi(x+1) = 1 for each nonzero b.

If this is right

F_r satisfies the locally-APN property over F_q.
The boomerang uniformity of F_r is at most 2.
The differential spectra of F_3 and F_{(2q-1)/3} can be explicitly computed when the base field has characteristic 3.
The boomerang spectrum of F_2 is determined in characteristic 3.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same hypothesis may be checkable for additional exponents r by using character-sum estimates or Weil bounds.
Such binomials could serve as building blocks for substitution boxes that resist boomerang attacks in odd-characteristic ciphers.
The technique of reducing boomerang uniformity to a single-solution hypothesis on power differences may apply to other families of polynomials over finite fields.

Load-bearing premise

The assumption that the power-difference equation has at most one quadratic-residue solution x for every nonzero right-hand side b.

What would settle it

A concrete counterexample consisting of a field F_q, exponent r satisfying the gcd condition, and a nonzero b for which the equation (x+1)^r - x^r = b has two or more solutions x with chi(x) = chi(x+1) = 1 would falsify the claim.

read the original abstract

Recently, several studies have shown that when $q\equiv3\pmod{4}$, for certain choices of $r$, the function $F_r(x)=x^r+x^{r+\frac{q-1}{2}}$ defined over $\Fq$ is locally-APN and has boomerang uniformity at most~$2$. In this paper, we extend these results by showing that if there is at most one $x\in \Fq$ with $\chi(x)=\chi(x+1)=1$ satisfying $(x+1)^r - x^r = b$ for all $b\in \Fqmul$ and $\gcd(r,q-1)\mid 2$, then $F_r$ is locally-APN with boomerang uniformity at most $2$. Moreover, we study the differential spectra of $F_3$ and $F_{\frac{2q-1}{3}}$, and the boomerang spectrum of $F_2$ when $p=3$.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a clean sufficient condition on solution counts that implies boomerang uniformity at most 2 for these binomials, plus explicit spectra for three small exponents.

read the letter

The main takeaway is that the authors turn earlier case-by-case choices of the exponent r into a usable sufficient condition: when the equation (x+1)^r - x^r = b has at most one solution x with both x and x+1 quadratic residues, the binomial F_r is locally-APN with boomerang uniformity at most 2, provided gcd(r, q-1) divides 2. They prove this implication directly from character-sum arguments and then verify the condition holds for r=3 and r=(2q-1)/3 by counting solutions explicitly. They also compute the full differential spectrum for those two functions and the boomerang spectrum for r=2 when the characteristic is 3. Those calculations are the concrete part that actually enlarges the list of known examples rather than just restating the hypothesis. The proofs for the specific cases rely on standard finite-field techniques and appear free of circularity or hidden fitting. The limitation is that the general condition is left as an assumption for arbitrary r; the paper does not produce a large parametric family where the solution count is automatically satisfied, so new examples still require separate verification. This keeps the result incremental rather than sweeping. The work sits squarely in the finite-field cryptography literature on APN-like functions and S-box design. Readers who track constructions with low boomerang uniformity or who need explicit spectra for small exponents will find the computations useful and checkable. The combination of a proven implication and fully worked examples is enough to justify sending the manuscript to referees, even though the general case remains conditional.

Referee Report

2 major / 2 minor

Summary. The paper proves that if gcd(r, q-1) divides 2 and the equation (x+1)^r - x^r = b has at most one solution x in F_q with χ(x) = χ(x+1) = 1 for every nonzero b, then the binomial F_r(x) = x^r + x^{r+(q-1)/2} is locally-APN with boomerang uniformity at most 2. It additionally computes the differential spectra of F_3 and F_{(2q-1)/3} and the boomerang spectrum of F_2 when the characteristic p = 3.

Significance. The result supplies an explicit sufficient condition for a family of binomials to achieve optimal boomerang uniformity while remaining locally-APN, extending earlier constructions valid only for q ≡ 3 mod 4. The direct spectrum calculations for the three concrete exponents furnish verifiable instances that do not rely on the general hypothesis and can be used as test cases for cryptographic applications.

major comments (2)

[Proof of the main implication] The proof of the central implication (that the stated solution-count hypothesis implies boomerang uniformity ≤ 2) is presented as building on standard character-sum estimates; the manuscript should explicitly identify the precise bound or lemma (e.g., the Weil-type estimate or the number of solutions to the auxiliary equation) used to control the boomerang count in the relevant section.
[Differential spectra of F_3 and F_{(2q-1)/3}] For the differential-spectrum results on F_3 and F_{(2q-1)/3}, the paper reports the multiplicity of each possible value but does not state the exact formula or table for the number of solutions to F(x+a) - F(x) = b when a ≠ 0; including this explicit count (or the closed-form expression) is necessary to confirm the claimed spectra independently.

minor comments (2)

[Preliminaries] The notation χ for the quadratic character is introduced but its precise definition (Legendre symbol or multiplicative character) should be restated once in the preliminaries for readers outside finite-field cryptography.
[Introduction] A short comparison paragraph or table contrasting the new boomerang-uniformity bound with the values obtained in the cited prior works for the same exponents would clarify the incremental contribution.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the careful reading, positive evaluation, and constructive suggestions. We have revised the manuscript to address both major comments explicitly, improving the clarity and verifiability of the proofs and spectra.

read point-by-point responses

Referee: [Proof of the main implication] The proof of the central implication (that the stated solution-count hypothesis implies boomerang uniformity ≤ 2) is presented as building on standard character-sum estimates; the manuscript should explicitly identify the precise bound or lemma (e.g., the Weil-type estimate or the number of solutions to the auxiliary equation) used to control the boomerang count in the relevant section.

Authors: We agree that the proof benefits from an explicit citation of the bound. In the revised manuscript, we now identify the precise Weil-type estimate (Lemma 2.4, which bounds the number of solutions to the auxiliary character-sum equation) used to control the boomerang count in Section 3. This reference is inserted immediately before the application of the estimate, making the argument fully self-contained. revision: yes
Referee: [Differential spectra of F_3 and F_{(2q-1)/3}] For the differential-spectrum results on F_3 and F_{(2q-1)/3}, the paper reports the multiplicity of each possible value but does not state the exact formula or table for the number of solutions to F(x+a) - F(x) = b when a ≠ 0; including this explicit count (or the closed-form expression) is necessary to confirm the claimed spectra independently.

Authors: We concur that explicit solution counts strengthen the presentation. The revised manuscript now includes closed-form expressions for the number of solutions to F(x+a) − F(x) = b (a ≠ 0) for both F_3 and F_{(2q−1)/3}, presented as Theorems 4.2 and 4.4 respectively, together with the resulting multiplicity tables. revision: yes

Circularity Check

0 steps flagged

No significant circularity; implication from explicit hypothesis with independent verifications

full rationale

The central result is an explicit implication: given the hypothesis that (x+1)^r - x^r = b has at most one solution x with χ(x)=χ(x+1)=1 for all b≠0 (when gcd(r,q-1)|2), then F_r is locally-APN with boomerang uniformity ≤2. The hypothesis is stated as a premise rather than derived from the claimed uniformity bound. Direct computations of the differential spectra for F_3 and F_{(2q-1)/3} and the boomerang spectrum for F_2 (p=3) supply concrete verification for those cases without invoking the general hypothesis. No equations reduce the uniformity bound to a fitted parameter, self-defined quantity, or self-citation chain; the derivation remains self-contained against the stated assumptions.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The work rests on standard background results from finite-field algebra and character theory; no free parameters, ad-hoc axioms, or new postulated entities are introduced in the abstract.

axioms (2)

standard math Finite fields F_q exist for every prime power q and satisfy the usual field axioms and the structure theorem for multiplicative groups.
Invoked implicitly when defining F_q and the exponentiation map.
standard math The quadratic character χ is a homomorphism from F_q^* to {±1} with kernel the squares.
Used to state the solution-count condition.

pith-pipeline@v0.9.0 · 5480 in / 1509 out tokens · 40012 ms · 2026-05-16T20:54:41.411758+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

if there is at most one x∈Fq with χ(x)=χ(x+1)=1 satisfying (x+1)^r - x^r = b ... then F_r is locally-APN with boomerang uniformity at most 2
IndisputableMonolith/Foundation/AlexanderDuality.lean alexander_duality_circle_linking unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

δFr(1,b)≤2 for all b∈Fq∖Fp

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

On APN Exponents and the Differential and Boomerang Properties of Binomials in Characteristic 3
cs.IT 2026-05 unverdicted novelty 6.0

Parametrization of APN exponents in char 3 with proofs that two binomial classes have boomerang uniformity 0 and a third class has uniformity 1 for odd n >= 5.
Walsh Spectrum and Boomerang Properties of Locally-APN Niho Functions
cs.IT 2026-05 unverdicted novelty 5.0

A Niho power function is locally-APN if and only if its Walsh spectrum is four-valued in {-p^m, 0, p^m, 2p^m}.

Reference graph

Works this paper leans on

22 extracted references · 22 canonical work pages · cited by 2 Pith papers

[1]

Bartoli and P

D. Bartoli and P. Stˇ anicˇ a,On APN functions in odd characteristic, the disproof of a conjecture and related problems, a preprint, available at https://arxiv.org/abs/2505.02585

work page arXiv
[2]

Blondeau, A

C. Blondeau, A. Canteaut and P. Charpin,Differential Properties ofx7→x 2t−1, IEEE Trans. Inf. Theory, Vol. 57, No. 12, pp.8127-8137, 2011. DOI : 10.1109/TIT.2011.2169129

work page doi:10.1109/tit.2011.2169129 2011
[3]

Arithmetization-oriented APN permutations,

L. Budaghyan and M. Pal,Arithmetization-oriented APN permutations, Des. Codes Cryptogr., Vol. 93, Issue 4, pp.1067-1088, 2025. DOI : 10.1007/s10623-024-01487-7

work page doi:10.1007/s10623-024-01487-7 2025
[4]

C. Cid , T. Huang, T. Peyrin, Y. Sasaki and L. Song,Boomerang connectivity table: A new cryptanalysis tool, EUROCRYPT 2018, Lect. Notes Comput. Sci. 10821, pp.683–714, 2018. DOI : 10.1007/978-3-319-78375-8 22

work page doi:10.1007/978-3-319-78375-8 2018
[5]

R. S. Coulter and R. W. Matthews,Planar Functions and Planes of Lenz-Barlotti Class II, Des. Codes Cryptogr., Vol. 10, Issue 2, pp.167-184, 1997. DOI : 10.1023/A:1008292303803

work page doi:10.1023/a:1008292303803 1997
[6]

L. E. Dickson,Cyclotomy, Higher Congruences, and Waring’s Problem, Am. J. Math., Vol. 57, No. 2, pp. 391-424, 1935. DOI : 10.2307/2371217

work page doi:10.2307/2371217 1935
[7]

Dobbertin, D

H. Dobbertin, D. Mills, E. N. M¨ uller, A. Pott and W. Willems,APN functions in odd charac- teristic, Dis. Math. Vol. 267, pp.95-112, 2003. DOI : 10.1016/S0012-365X(02)00606-4

work page doi:10.1016/s0012-365x(02)00606-4 2003
[8]

Ellingsen, P

P. Ellingsen, P. Felke, C. Riera, P. Stˇ anicˇ a, and A. Tkachenko,c-Differentials, Multiplicative Uniformity, and (Almost) Perfectc-Nonlinearity, IEEE Trans. Inf. Theory, Vol. 66, No. 9, pp.5781-5789, 2020. DOI : 10.1109/TIT.2020.2971988

work page doi:10.1109/tit.2020.2971988 2020
[9]

Z. Hu, N. Li, L. Xu, X. Zeng and X. Tang,The differential spectrum and boomerang spectrum of a class of locally-APN functions, Des. Codes Cryptogr., Vol. 91, Issue 5, pp.1695-1711, 2023. DOI : 10.1007/s10623-022-01161-w 21

work page doi:10.1007/s10623-022-01161-w 2023
[10]

Koo and S

N. Koo and S. Kwon,On Differential and Boomerang Properties of a Class of Binomials over Finite Fields of Odd Characteristic, a preprint, available at https://arxiv.org/abs/2506.11486

work page arXiv
[11]

K. Li, L. Qu, B. Sun and C. Li,New results about the boomerang uniformity of permu- tation polynomials, IEEE Trans. Inf. Theory, Vol. 65, No.11, pp.7542–7553, 2019. DOI : 10.1109/TIT.2019.2918531

work page doi:10.1109/tit.2019.2918531 2019
[12]

R. Lidl, H. Niederreiter,Finite fields. Cambridge university press, 1997

work page 1997
[13]

C. Lyu, X. Wang and D. Zheng,A further study on the Ness-Helleseth function, Finite Fields Appl. Vol. 98, 102453, 2024. DOI : 10.1016/j.ffa.2024.102453

work page doi:10.1016/j.ffa.2024.102453 2024
[14]

The Differential and Boomerang Properties of a Class of Bi- nomials,

S. Mesnager and H. Wu,The Differential and Boomerang Properties of a Class of Binomials, IEEE Trans. Inf. Theory, Vol. 71, No. 6, pp. 4854-4871, 2025. DOI : 10.1109/TIT.2025.3550851

work page doi:10.1109/tit.2025.3550851 2025
[15]

G. J. Ness and T. Helleseth,A New Family of Ternary Almost Perfect Nonlinear Mappings, IEEE Trans. Inf. Theory, Vol. 53, No. 7, pp.2581-2586, 2007. DOI : 10.1109/TIT.2007.899508

work page doi:10.1109/tit.2007.899508 2007
[16]

Differentially uniform mappings for cryptography,

K. Nyberg,Differentially uniform mappings for cryptography, EUROCRYPT ’93, Lect. Notes Comput. Sci. Vol. 765, pp. 55-64, 1994. DOI : 10.1007/3-540-48285-7 6

work page doi:10.1007/3-540-48285-7 1994
[17]

K. Ren, M. Xiong, and H. Yan,A note on the differential spectrum of the Ness-Helleseth function, Adv. Math. Commun., Early Access. 10.3934/amc.2026002

work page doi:10.3934/amc.2026002
[18]

Y. Xia, F. Bao, S. Chen, C. Li and T. Helleseth,More Differential Properties of the Ness- Helleseth Function, IEEE Trans. Inf. Theory, Vol. 70, No. 8, pp.6076-6090, 2024. DOI : 10.1109/TIT.2024.3408882

work page doi:10.1109/tit.2024.3408882 2024
[19]

Y. Xia, C. Li, F. Bao, S. Chen and T. Helleseth,Further investigation on differential properties of the generalized Ness-Helleseth function, Des. Codes Cryptogr., Vol.93, Issue 6, pp.1549-1573,

work page
[20]

DOI : 10.1007/s10623-024-01525-4

work page doi:10.1007/s10623-024-01525-4
[21]

Yan and K

H. Yan and K. Ren,A note on the differential spectrum of a class of locally APN functions, a preprint, available at https://arxiv.org/abs/2501.04233

work page arXiv
[22]

X. Zeng, L. Hu, Y. Yang and W. Jiang,On the Inequivalence of Ness-Helleseth APN Functions, IACR ePrint Archive 2007/379, 2007. 22

work page 2007

[1] [1]

Bartoli and P

D. Bartoli and P. Stˇ anicˇ a,On APN functions in odd characteristic, the disproof of a conjecture and related problems, a preprint, available at https://arxiv.org/abs/2505.02585

work page arXiv

[2] [2]

Blondeau, A

C. Blondeau, A. Canteaut and P. Charpin,Differential Properties ofx7→x 2t−1, IEEE Trans. Inf. Theory, Vol. 57, No. 12, pp.8127-8137, 2011. DOI : 10.1109/TIT.2011.2169129

work page doi:10.1109/tit.2011.2169129 2011

[3] [3]

Arithmetization-oriented APN permutations,

L. Budaghyan and M. Pal,Arithmetization-oriented APN permutations, Des. Codes Cryptogr., Vol. 93, Issue 4, pp.1067-1088, 2025. DOI : 10.1007/s10623-024-01487-7

work page doi:10.1007/s10623-024-01487-7 2025

[4] [4]

C. Cid , T. Huang, T. Peyrin, Y. Sasaki and L. Song,Boomerang connectivity table: A new cryptanalysis tool, EUROCRYPT 2018, Lect. Notes Comput. Sci. 10821, pp.683–714, 2018. DOI : 10.1007/978-3-319-78375-8 22

work page doi:10.1007/978-3-319-78375-8 2018

[5] [5]

R. S. Coulter and R. W. Matthews,Planar Functions and Planes of Lenz-Barlotti Class II, Des. Codes Cryptogr., Vol. 10, Issue 2, pp.167-184, 1997. DOI : 10.1023/A:1008292303803

work page doi:10.1023/a:1008292303803 1997

[6] [6]

L. E. Dickson,Cyclotomy, Higher Congruences, and Waring’s Problem, Am. J. Math., Vol. 57, No. 2, pp. 391-424, 1935. DOI : 10.2307/2371217

work page doi:10.2307/2371217 1935

[7] [7]

Dobbertin, D

H. Dobbertin, D. Mills, E. N. M¨ uller, A. Pott and W. Willems,APN functions in odd charac- teristic, Dis. Math. Vol. 267, pp.95-112, 2003. DOI : 10.1016/S0012-365X(02)00606-4

work page doi:10.1016/s0012-365x(02)00606-4 2003

[8] [8]

Ellingsen, P

P. Ellingsen, P. Felke, C. Riera, P. Stˇ anicˇ a, and A. Tkachenko,c-Differentials, Multiplicative Uniformity, and (Almost) Perfectc-Nonlinearity, IEEE Trans. Inf. Theory, Vol. 66, No. 9, pp.5781-5789, 2020. DOI : 10.1109/TIT.2020.2971988

work page doi:10.1109/tit.2020.2971988 2020

[9] [9]

Z. Hu, N. Li, L. Xu, X. Zeng and X. Tang,The differential spectrum and boomerang spectrum of a class of locally-APN functions, Des. Codes Cryptogr., Vol. 91, Issue 5, pp.1695-1711, 2023. DOI : 10.1007/s10623-022-01161-w 21

work page doi:10.1007/s10623-022-01161-w 2023

[10] [10]

Koo and S

N. Koo and S. Kwon,On Differential and Boomerang Properties of a Class of Binomials over Finite Fields of Odd Characteristic, a preprint, available at https://arxiv.org/abs/2506.11486

work page arXiv

[11] [11]

K. Li, L. Qu, B. Sun and C. Li,New results about the boomerang uniformity of permu- tation polynomials, IEEE Trans. Inf. Theory, Vol. 65, No.11, pp.7542–7553, 2019. DOI : 10.1109/TIT.2019.2918531

work page doi:10.1109/tit.2019.2918531 2019

[12] [12]

R. Lidl, H. Niederreiter,Finite fields. Cambridge university press, 1997

work page 1997

[13] [13]

C. Lyu, X. Wang and D. Zheng,A further study on the Ness-Helleseth function, Finite Fields Appl. Vol. 98, 102453, 2024. DOI : 10.1016/j.ffa.2024.102453

work page doi:10.1016/j.ffa.2024.102453 2024

[14] [14]

The Differential and Boomerang Properties of a Class of Bi- nomials,

S. Mesnager and H. Wu,The Differential and Boomerang Properties of a Class of Binomials, IEEE Trans. Inf. Theory, Vol. 71, No. 6, pp. 4854-4871, 2025. DOI : 10.1109/TIT.2025.3550851

work page doi:10.1109/tit.2025.3550851 2025

[15] [15]

G. J. Ness and T. Helleseth,A New Family of Ternary Almost Perfect Nonlinear Mappings, IEEE Trans. Inf. Theory, Vol. 53, No. 7, pp.2581-2586, 2007. DOI : 10.1109/TIT.2007.899508

work page doi:10.1109/tit.2007.899508 2007

[16] [16]

Differentially uniform mappings for cryptography,

K. Nyberg,Differentially uniform mappings for cryptography, EUROCRYPT ’93, Lect. Notes Comput. Sci. Vol. 765, pp. 55-64, 1994. DOI : 10.1007/3-540-48285-7 6

work page doi:10.1007/3-540-48285-7 1994

[17] [17]

K. Ren, M. Xiong, and H. Yan,A note on the differential spectrum of the Ness-Helleseth function, Adv. Math. Commun., Early Access. 10.3934/amc.2026002

work page doi:10.3934/amc.2026002

[18] [18]

Y. Xia, F. Bao, S. Chen, C. Li and T. Helleseth,More Differential Properties of the Ness- Helleseth Function, IEEE Trans. Inf. Theory, Vol. 70, No. 8, pp.6076-6090, 2024. DOI : 10.1109/TIT.2024.3408882

work page doi:10.1109/tit.2024.3408882 2024

[19] [19]

Y. Xia, C. Li, F. Bao, S. Chen and T. Helleseth,Further investigation on differential properties of the generalized Ness-Helleseth function, Des. Codes Cryptogr., Vol.93, Issue 6, pp.1549-1573,

work page

[20] [20]

DOI : 10.1007/s10623-024-01525-4

work page doi:10.1007/s10623-024-01525-4

[21] [21]

Yan and K

H. Yan and K. Ren,A note on the differential spectrum of a class of locally APN functions, a preprint, available at https://arxiv.org/abs/2501.04233

work page arXiv

[22] [22]

X. Zeng, L. Hu, Y. Yang and W. Jiang,On the Inequivalence of Ness-Helleseth APN Functions, IACR ePrint Archive 2007/379, 2007. 22

work page 2007