Highly Nonlinear Balanced S-Boxes With Good Differential Properties

Substitution boxes (S-boxes) play a central role in the modern design of iterative block ciphers. While in substitution-permutation networks the S-boxes are bijective, thus ensuring the invertibility of the encryption algorithm, the property of being bijective is not mandatory for Feistel kind of networks. In this paper, two methods of constructing highly nonlinear balanced S-boxes (whose nonlinearity > 2(n-1) - 2(n/2) is better than the nonlinearity of the commonly used inverse S-box) with good algebraic and differential properties are given. The first method employs two vectorial Boolean functions from the Maiorana-McFarland class that need to fulfill certain conditions. In particular, these conditions are shown to be satisfied by maximum length sequences. The second method is based on a suitable modification of a certain class of vectorial bent functions. The differential properties of these boxes, measured as a deviation from an optimal uniform distribution, also appear to be better than those of the inverse S-box. Both methods are susceptible to further optimizations of the relevant cryptographic parameters due to the underlying design ideas.