Relating Differential Distribution Tables to Other Properties of of Substitution Boxes

Due to the success of differential and linear attacks on a large number of encryption algorithms, it is important to investigate relationships among various cryptographic, including differential and linear, characteristics of an S-box (substitution box). After discussing a precise relationship among three tables, namely the difference, auto-correlation and correlation immunity distribution tables, of an S-box, we develop a number of results on various properties of S-boxes. More specifically, we show (1) close connections among three indicators of Sboxes, (2) a tight lower bound on the sum of elements in the leftmost column of its differential distribution table, (3) a non-trivial and tight lower bound on the differential uniformity of an S-box, and (4) two upper bounds on the nonlinearity of S-boxes (one for a general, not necessarily regular, S-box and the other for a regular S-box).