在这篇文章里,良非线性分组函数定义为具有均匀分布的方向导数的(?)一盒。由于因E.Biham和A.Shamir 提出的差分密码分析方法是基于非平衡方向导数的,所以非线性S-盒对这种攻击是免疫的。主要结果是一个良非线性S-盒,其输入变量的数目至少是输出变量数目的两倍,还给出了两种不同的构造方法,第一种方法是基于Maiorana-McFarland 的 bent函数构造法,对实现来说它是容易的和有效的;第二种方法推广了Dillon的差集构造法. In this paper, a good non-linear grouping function is defined as a (?) Box with uniformly distributed directional derivatives. Since the differential cryptanalysis method proposed by E.Biham and A. Shamir is based on non-equilibrium directional derivatives, the nonlinear S-box is immune to this attack. The main result is a good non-linear S-box whose input variables are at least twice the number of output variables and two different construction methods are given. The first method is based on Maiorana-McFarland’s bent function construction method , Which is easy and effective for implementation; the second method generalizes Dillon’s differential set construction.