I am reading Differential Attack from Stinson-Cryptography: Theory and Practice on a toy example of S-box(block Cipher) with Nr=n=m=4.
I am mainly confused in the following definition
Definition 3.1 : Let $\pi_S:\{0,1\}^m\rightarrow \{0,1\}^n$ be a S-box. Consider an (ordered) pair of bitstrings of length $m$, say $(x,x^*)$. We say that input XOR of the S-box is $x\oplus x^*$ and the output XOR is $\pi_S(x)\oplus\pi_S(x^*)$.
Now, the point of confusion is how can the output of the S-box be separated as $\pi_S(x)\oplus\pi_S(x^*)$ when the input is $x\oplus x^*$?
For eg:
We choose the two plaintexts $x_1$ and $x_2$. Then we have $x_{12}=x_1\oplus x_2$
Now, we have round $1$ key $K^1$, we get $^1u^1=x_1\oplus K^1$ and $^2u^1=x_2\oplus K^1$
Then, we apply $\pi_S$ on the above, we get $^1v^1=\pi_S(^1u^1)=\pi_S(x_1\oplus K^1)$ and $^2v^1=\pi_S(^2v^1)=\pi_S(x_2\oplus K^1)$
Therefore, $^1v^1\oplus\enspace ^2v^1=\pi_S(^1u^1)\oplus \pi_S(^2v^1)=\pi_S(x_1\oplus K^1)\oplus \pi_S(x_2\oplus K^1)$
Now, I don't understand that How, $^1v^1\oplus\text{ }^2v^1=\pi_S(x_1)\oplus\pi_S(x_2)$?
Also, I don't know whether I got the definition or not?
EDIT: Notation Explanation:
$^iu^j$ denotes $i$th plaintext( either plaintext if j=1 or cypertext after $j-1$th round) XOR-ed with $j$th Round Key $K^j$
Also, note that $^iu^j=\pi_P(^iv^{j-1})$ if $j>1$, where $\pi_P$ is the permutation i.e diffusion layer.
