This paper by Kaisa Nyberg, published in the Institute of Computer Technology at Vienna Technical University, explores the concept of differentially uniform mappings in the context of cryptography. The primary motivation is the observation that in DES-like ciphers, the choice of round functions can significantly impact the security against differential cryptanalysis. A mapping is defined as differentially uniform if the number of possible inputs for any non-zero input difference and output difference is uniformly bounded. The paper provides examples of such mappings that also exhibit desirable cryptographic properties, including high nonlinearity, high nonlinear order, and efficient computability. The introduction highlights the limitations of the original DES algorithm, particularly its small key size, and discusses the importance of nonlinearity in the round functions. The paper then delves into the resistance of DES-like ciphers against differential attacks, defining the concept of s-round characteristics and the probability of successful attacks. A key result is presented, showing that if the round functions are differentially δ-uniform and the round keys are independent and uniformly random, the average probability of obtaining a non-zero output difference at the s-th round is bounded by a function of δ and the group size. The paper also discusses specific mappings, such as power polynomials and inversion mappings, and their properties. For instance, the power polynomial \( F(\mathbf{x}) = \mathbf{x}^{2^k + 1} \) is shown to be differentially 2-uniform under certain conditions, and its inverse is also differentially 2-uniform. The inversion mapping \( F(\mathbf{x}) = \mathbf{x}^{-1} \) is proven to be differentially 4-uniform in finite fields. Finally, the paper explores other security aspects, including the use of multiplicative differentials and the relevance of resistance against xor-differential analysis. The author concludes by noting that the examples of differentially uniform mappings in \( GF(2^n ) \) are multiplicative, which has implications for the design of DES-like ciphers with multiple rounds.This paper by Kaisa Nyberg, published in the Institute of Computer Technology at Vienna Technical University, explores the concept of differentially uniform mappings in the context of cryptography. The primary motivation is the observation that in DES-like ciphers, the choice of round functions can significantly impact the security against differential cryptanalysis. A mapping is defined as differentially uniform if the number of possible inputs for any non-zero input difference and output difference is uniformly bounded. The paper provides examples of such mappings that also exhibit desirable cryptographic properties, including high nonlinearity, high nonlinear order, and efficient computability. The introduction highlights the limitations of the original DES algorithm, particularly its small key size, and discusses the importance of nonlinearity in the round functions. The paper then delves into the resistance of DES-like ciphers against differential attacks, defining the concept of s-round characteristics and the probability of successful attacks. A key result is presented, showing that if the round functions are differentially δ-uniform and the round keys are independent and uniformly random, the average probability of obtaining a non-zero output difference at the s-th round is bounded by a function of δ and the group size. The paper also discusses specific mappings, such as power polynomials and inversion mappings, and their properties. For instance, the power polynomial \( F(\mathbf{x}) = \mathbf{x}^{2^k + 1} \) is shown to be differentially 2-uniform under certain conditions, and its inverse is also differentially 2-uniform. The inversion mapping \( F(\mathbf{x}) = \mathbf{x}^{-1} \) is proven to be differentially 4-uniform in finite fields. Finally, the paper explores other security aspects, including the use of multiplicative differentials and the relevance of resistance against xor-differential analysis. The author concludes by noting that the examples of differentially uniform mappings in \( GF(2^n ) \) are multiplicative, which has implications for the design of DES-like ciphers with multiple rounds.