This is a bit vauge and long winded. Any partial answers or comments/ways to make this more precise would be greatly appreciated.
Fix some general structure for a cipher, for example Sbox then Permutation then add round key iterated n times.
Consider all ciphers obtained by this method where we choose the S-box and permutation randomly from some set. For each such cipher form a tuple consisting of the probabilities of each (n-1)-round differential. Due to compounding randomness going on here, these tuples should have some limiting distribution.
If we can calculate this distribution, we can estimate How likley it is a random cipher of this structure can be broken via differentials.
My two questions:
- Should such a limiting distribution exists?
- What conditions on the cipher structure make this distribution uniform?