# Introduction

Let ${\displaystyle \mathbb {F} _{2}^{n}}$ be the vector space of dimension ${\displaystyle n}$ over the finite field ${\displaystyle \mathbb {F} _{2}}$ with two elements. Functions from ${\displaystyle \mathbb {F} _{2}^{m}}$ to ${\displaystyle \mathbb {F} _{2}^{n}}$ are called ${\displaystyle (m,n)}$-functions or simply vectorial Boolean functions when the dimensions of the vector spaces are implicit or irrelevant.

Any ${\displaystyle (m,n)}$-function ${\displaystyle F}$ can be written as a vector ${\displaystyle F=(f_{1},f_{2},\ldots f_{m})}$ of ${\displaystyle n}$-dimensional Boolean functions ${\displaystyle f_{1},f_{2},\ldots f_{m}}$ which are called the coordinate functions of ${\displaystyle F}$.

## Cryptanalytic attacks

Vectorial Boolean functions, also referred to as "S-boxes", or "Substitution boxes", in the context of cryptography, are a fundamental building block of block ciphers and are crucial to their security: more precisely, the resistance of the block cipher to cryptanalytic attacks directly depends on the properties of the S-boxes used in its construction.

The main types of cryptanalytic attacks that result in the definition of design criteria for S-boxes are the following:

• the differential attack introduced by Biham and Shamir; to resist it, an S-box must have low differential uniformity;
• the linear attack introduced by Matsui; to resist it, an S-box must have high nonlinearity;
• the higher order differential attack; to resist it, an S-box must have high algebraic degree;
• the interpolation attack; to resist it, the univariate representation of an S-box must have high degree, and its distance to the set of low univariate degree functions must be large;
• algebraic attacks.