Almost All Vectorial Functions Have No Extended-Affine Symmetries
Keita Ishizuka
TL;DR
The paper addresses how many EA-equivalence classes exist among vectorial functions and whether random sampling collapses to a small number of EA-classes. By analyzing the action of the EA group and bounding fixed points of affine permutations, it shows that the probability of a nontrivial EA-stabilizer is $q^{-\,\Omega(m q^n)}$, so almost all functions have trivial stabilizers. This yields an asymptotically exact count of EA-classes via the naive size ratio $|\mathcal{F}|/|\Gamma|$ and tight upper bounds on EA- and CCZ-collision probabilities, confirming that independent random samples are EA-inequivalent with super-exponentially small collision probability. The results justify random sampling in cryptographic design and establish that nontrivial EA-symmetries form an exponentially rare subset, with CCZ-stabilizers remaining open for analogous results.
Abstract
We prove that asymptotically almost all vectorial functions over finite fields have trivial extended-affine stabilizers. As a consequence, the number of EA-equivalence classes is asymptotically equal to the naive estimate, namely the total number of functions divided by the size of the EA-group, with vanishing relative error. Furthermore, we derive upper bounds on collision probabilities for both extended-affine and CCZ equivalences. For EA-equivalence, we leverage the trivial-stabilizer result to establish a matching lower bound, yielding a tight asymptotic formula that shows two independently sampled functions are EA-equivalent with super-exponentially small probability. The results validate random sampling strategies for cryptographic primitive design and show that functions with nontrivial EA-symmetries form an exponentially rare subset.