Relationships Among Nonlinear Criteria (Extended Abstract)

An important question in designing cryptographic functions including substitution boxes (S-boxes) is the relationships among the various nonlinearity criteria each of which indicates the strength or weakness of a cryptographic function against a particular type of cryptanalytic attacks. In this paper we reveal, for the rst time, interesting connections among the strict avalanche characteristics, diierential characteristics, linear structures and nonlinearity of quadratic S-boxes. In addition, we show that our proof techniques allow us to treat in a uniied fashion all quadratic permutations, regardless of the underlying construction methods. This greatly simpliies the proofs for a number of known results on nonlinearity characteristics of quadratic permutations. As a by-product, we obtain a negative answer to an open problem regarding the existence of diierentially 2-uniform quadratic permutations on an even dimensional vector space. 1 Nonlinearity Criteria We rst introduce basic notions and deenitions of several nonlinearity criteria for cryptographic functions. Denote by V n the vector space of n tuples of elements from GF(2). Let = (a 1 ; : : : ; a n) and = (b 1 ; : : : ; b n) be two vectors in V n. The scalar product of and , denoted by h; i, is deened by h; i = a 1 b 1 a n b n , where multiplication and addition are over GF(2). In this paper we consider functions from V n to GF(2) (or simply functions on V n). We are particularly interested in functions whose algebraic degrees are 2, also called quadratic functions. These functions take the form of a 00