A Generalized n-Function

Abstract

The mapping n from 2n to itself defined by y=n(x) with yi=xi+xi+2(1+xi+1), where the indices are computed modulo n, has been widely studied for its applications in lightweight cryptography. However, n is bijective on 2n only when n is odd, restricting its use to odd-dimensional vector spaces over 2. To address this limitation, we introduce and analyze the generalized mapping n, m defined by y=n,m(x) with yi=xi+xi+m (xi+m-1+1)(xi+m-2+1) ·s (xi+1+1), where m is a fixed integer with m n. To investigate such mappings, we further generalize n,m to θm, k, where θm, k is given by yi=xi+mk Πj=1,\,\, m jmk-1 (xi+j+1), \,\, for \,\, i∈ \0,1,…,n-1\. We prove that these mappings generate an abelian group isomorphic to the group of units in 2[z]/(z n/m +1). This structural insight enables us to construct a broad class of permutations over 2n for any positive integer n, along with their inverses. We rigorously analyze algebraic properties of these mappings, including their iterations, fixed points, and cycle structures. Additionally, we provide a comprehensive database of the cryptographic properties for iterates of n,m for small values of n and m. Finally, we conduct a comparative security and implementation cost analysis among n,m, n, n (EUROCRYPT 2025 belkheyar2025chi) and their variants, and prove Conjecture~1 proposed in~belkheyar2025chi as a by-product of our study. Our results lead to generalizations of n, providing alternatives to n and n.