Abstract
We analyze a very general class of algorithms for constructingm-bit invertible S-boxes called bit-by-bit methods. The method builds an S-box one entry at a time, and has been proposed by Adams and Tavares [2] and Forre [11] to construct S-boxes that satisfy certain cryptographic properties such as nonlinearity and the strict avalanche criterion. We prove, both theoretically and empirically, that the bit-by-bit method is infeasible form>6.
Article PDF
Similar content being viewed by others
References
C. M. Adams. A formal and practical design procedure for Substitution-Permutation network cryptosystem. Ph.D. thesis, Department of Electrical Engineering, Queen's University, Kingston, Ontario, 1990.
C. M. Adams and S. E. Tavares. The structured design of cryptographically good S-boxes.Journal of Cryptology,3(1):27–41, 1990.
E. F. Brickell, J. H. Moore, and M. R. Purtill. Structure in the S-boxes of DES.Advances in Cryptology, CRYPTO '86, Lecture Notes in Computer Science, vol. 263, A. M. Odlyzko, ed., Springer-Verlag, Berlin, pp. 3–8, 1987.
L. P. Brown, J. Pieprzyk, and J. Seberry. LOKI—a cryptograhic primitive for authentication and secrecy applications.Advances in Cryptology, AUSCRYPT '90, Lecture Notes in Computer Science, vol. 453, J. Seberry and J. Pieprzyk, eds., Springer-Verlag, Berlin, pp. 229–236, 1990.
K. Chang and P. Erdös. On the application of the Borel-Cantelli Lemma.Transaction of the American Mathematical Society,72:179–186, 1952.
M. Davio and J. M. Goethals. Elements of cryptology. InSecure Digital Communications, G. Longo, ed., pp. 1–57, 1983.
M. H. Dawson. A unified framework for substitution box design based on information theory. Master's thesis, Queen's University, Kingston, Ontario, 1991.
M. H. Dawson and S. E. Tavares. An expanded set of S-box design criteria based on information theory and its relation to differential-like attacks.Advances in Cryptology, EUROCRYPT '91, Lecture Notes in Computer Science, vol. 547, D. W. Davies, ed., Springer-Verlag, Berlin, pp. 352–367, 1991.
H. Feistel, W.A. Notz, and J. Lynn Smith. Some cryptographic techniques for machine-to-machine data communications.Proceedings of the IEEE,63(11):1545–1554, 1975.
W. Feller.An Introduction to Probability Theory with Applications, vol. 1, 3rd edn. Wiley, New York, 1968.
R. Forré. Methods and instruments for designing S-boxes.Journal of Cryptology,2(3):115–130, 1990.
R. Forré. The strict avalanche criterion: spectral properties of boolean functions and an extended definition.Advances in Cryptology, CRYPTO '88, Lecture Notes in Computer Science, vol. 403, S. Goldwasser, ed., Springer-Verlag, Berlin, pp. 450–468, 1990.
M. R. Garey and D. S. Johnson.Computers and Intractability, A Guide to the Theory of NP-Completeness. Freeman, San Francisco, 1979.
J. Gordon and H. Retkin. Are big S-boxes best? InCryptography, Proceedings, Burg Feuerstein, T. Beth, ed., pp. 257–262, 1982.
R. L. Graham, D. E. Knuth, and O. Patshnik.Concrete Mathematics, A Foundation for Computer Science. Addison-Wesley, Reading, MA, 1989.
R. W. Hamming.Coding and Information Theory. Prentice-Hall, Englewood Cliffs, NJ, 1980.
M. Hofri.Probabilistic Analysis of Algorithms. Springer-Verlag, New York, 1987.
J. B. Kam and G. I. Davida. A structured design of substitution-permutation encryption networks.IEEE Transactions on Computers,28(10):747–753, 1979.
R. Kemp.Fundamentals of the Average Case Analysis of Particular Algorithms. Wiley-Teubner Series in Computer Science, Wiley, New York, 1984.
K. Kim, T. Matsumoto, and H. Imai. On generating cryptographically desirable substitutions.Transactions of the IEICE, E73(7):1031–1035, 1990.
A. Konheim.Cryptography: A Primer. Wiley, New York, 1981.
C. H. Meyer and S. M. Matyas.Cryptography: A New Dimension in Computer Security. Wiley, New York, 1982.
D. S. Mitrinović.Analytic Inequalities. Springer-Verlag, New York, 1970.
National Bureau of Standards. Data Encryption Standard. FIPS PUB 46, Washington, DC (January 1977).
K. Nyberg. Perfect nonlinear S-boxes.Advances in Cryptology, EUROCRYPT '91, Lecture Notes in Computer Science, vol. 547, D. W. Davies, ed., Springer-Verlag, Berlin, pp. 378–386, 1991.
J. Pieprzyk and G. Finkelstein. Towards effective nonlinear cryptosystem design.IEE Proceedings, E,135(6):325–335, 1988.
B. Preneel, W. Van Leekwijck, L. Van Linden, R. Govaerts, and J. Vandewalle. Propagation characteristics of boolean functions.Advances in Cryptology, EUROCRYPT '90, Lecture Notes in Computer Science, vol. 473, I. B. Damgård, ed., Springer-Verlag, Berlin, pp. 161–173, 1991.
E. M. Reingold, J. Nievergeld, and N. Deo.Combinatorial Algorithms: Theory and Practice. Prentice-Hall, Englewood Cliffs, NJ, 1976.
O. S. Rothaus. On bent functions.Journal of Combinatorial Theory, Series A,20:300–305, 1976.
R. A. Rueppel.Design and Analysis of Stream Ciphers. Springer-Verlag, New York, 1986.
C. E. Shannon. Communication theory of secrecy systems.Bell System Technical Journal,28:656–175, 1949.
T. Siegenthaler. Correlation-immunity of nonlinear combining functions for cryptographic applications.IEEE Transactions on Information Theory,30(5):776–779, 1984.
A. Sorkin. LUCIFER: a cryptographic algorithm.Cryptologia,8:(1)22–35, 1984.
A. F. Webster. Plaintext/ciphertext bit dependencies in cryptographic algorithms. Master's thesis, Department of Electrical Engineering, Queen's University, Kingston, Ontario, 1985.
A. F. Webster and S. E. Tavares. On the design of S-boxes.Advances in Cryptology, CRYPTO '85, H. C. Williams, ed., Lecture Notes in Computer Science, vol. 218, Springer-Verlag, Berlin, pp. 523–534, 1986.
Author information
Authors and Affiliations
Additional information
Communicated by Gilles Brassard
The author is currently employed by the Distributed System Technology Center (DSTC), Brisbane, Australia. Correspondence should be sent to ISRC, QUT Gardens Point, 2 George Street, GPO Box 2434, Brisbane, Queensland 4001, Australia.
Rights and permissions
About this article
Cite this article
O'Connor, L. An analysis of a class of algorithms for S-box construction. J. Cryptology 7, 133–151 (1994). https://doi.org/10.1007/BF02318546
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF02318546