Abstract
In this paper, we develop an S-box designing method by considering an interplay between an S-box and a linear layer, which enhances security against differential cryptanalysis. The basic idea can be found in bitslice-friendly ciphers such as Serpent and bit-permutation ciphers such as PRESENT. In those designs, S-boxes were chosen so that the branch number is not too small, which rapidly diffuses differences. We apply a similar analysis to other constructions. The first target is extended generalized Feistel networks (EGFN) and its instance Lilliput, which has an XOR layer after the standard GFN. We show that security of EGFN can be enhanced by using an S-box that does not allow any difference \(\varDelta \) to be mapped to the same \(\varDelta \) with a high probability, say \(2^{-2}\) for a 4-bit S-box. The second target is AES-like ciphers that use a binary matrix in MixColumns. We focus on the chain of differences \(\varDelta A \rightarrow \varDelta B \rightarrow \varDelta C \rightarrow \cdots \) over the S-box, where each transition occurs with a high probability. We show that security of such AES-like ciphers can be enhanced if the maximum length of the chains is short. As a proof-of-concept, we evaluate Lilliput, Midori, and SKINNY with the new S-box satisfying the property.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
In this paper, we mainly focus on differential cryptanalysis. The same idea can be applied to linear cryptanalysis, and we will discuss it in Sect. 5.
- 3.
Since the S-box of Midori64 is designed such that its energy consumption is minimized, we do not claim that our S-box is clearly better than the original one.
References
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-38424-3_1
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991). https://doi.org/10.1007/BF00630563
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_33
Matsui, M.: On correlation between the order of S-boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053451
Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222–238. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45325-3_20
Biham, E., Anderson, R., Knudsen, L.: Serpent: a new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998). https://doi.org/10.1007/3-540-69710-1_15
Daemen, J., Peeters, M., Assche, G.V., Rijmen, V.: Nessie proposal: the block cipher NOEKEON. Nessie submission (2000). http://gro.noekeon.org/
Grosso, V., Leurent, G., Standaert, F.-X., Varıcı, K.: LS-designs: bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 18–37. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46706-0_2
Zhang, W.T., Bao, Z.Z., Lin, D.D., Rijmen, V., Yang, B.H., Verbauwhede, I.: Sci. China Inf. Sc. 58(12), 1–15 (2015). https://doi.org/10.1007/s11432-015-5459-7
Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31
Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Yu., Sim, S.M., Todo, Y.: GIFT: a small present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_16
Datta, N., Ghoshal, A., Mukhopadhyay, D., Patranabis, S., Picek, S., Sadhukhan, R.: Trifle. NIST lightweight cryptography submission (2019). https://csrc.nist.gov/CSRC/media/Projects/Lightweight-Cryptography/documents/round-1/spec-doc/trifle-spec.pdf
Liu, F., Isobe, T.: Iterative differential characteristic of TRIFLE-BC. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 85–100. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-38471-5_4
Sarkar, S., Sasaki, Yu., Sim, S.M.: On the design of bit permutation based ciphers. In: Aoki, K., Kanaoka, A. (eds.) IWSEC 2020. LNCS, vol. 12231, pp. 3–22. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58208-1_1
Berger, T.P., Minier, M., Thomas, G.: Extended generalized Feistel networks using matrix representation. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 289–305. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43414-7_15
Banik, S., et al.: Midori: a block cipher for low energy. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 411–436. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_17
Beierle, C., et al.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5
Beierle, C., Leander, G., Moradi, A., Rasoolzadeh, S.: CRAFT: lightweight tweakable block cipher with efficient protection against DFA attacks. IACR Trans. Symmetric Cryptol. 2019(1), 5–45 (2019)
Leander, G., Poschmann, A.: On the classification of 4 bit S-boxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 159–176. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73074-3_13
Cannière, C.D.: Analysis and design of symmetric encryption algorithms. Ph.D. thesis, Katholieke Universiteit Leuven (2007)
Nyberg, K.: On the construction of highly nonlinear permutations. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 92–98. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_8
Browning, K., Dillon, J., McQuistan, M., Wolfe, A.: An APN permutation in dimension six. In: The 9th International Conference on Finite Fields and Their Applications FQ’9. Volume 518 of Contemporary Mathematics, pp. 33–42 (2010)
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. ISC, Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Nyberg, K.: Perfect nonlinear S-boxes. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 378–386. Springer, Heidelberg (1991). https://doi.org/10.1007/3-540-46416-6_32
Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34704-7_5
Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45611-8_9
Sun, S., et al.: Automatic enumeration of (related-key) differential and linear characteristics with predefined properties and its applications. IACR Cryptol. ePrint Arch. 2014, 747 (2014)
Abdelkhalek, A., Sasaki, Y., Todo, Y., Tolba, M., Youssef, A.M.: MILP modeling for (large) s-boxes to optimize probability of differential characteristics. IACR Trans. Symmetric Cryptol. 2017(4), 99–129 (2017)
Suzaki, T., Minematsu, K.: Improving the generalized Feistel. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 19–39. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13858-4_2
Berger, T.P., Francq, J., Minier, M., Thomas, G.: Extended generalized Feistel networks using matrix representation to propose a new lightweight block cipher: Lilliput. IEEE Trans. Comput. 65(7), 2074–2089 (2016)
Sasaki, Y., Todo, Y.: Tight bounds of differentially and linearly active S-boxes and division property of Lilliput. IEEE Trans. Comput. 67(5), 717–732 (2018)
Ankele, R., Kölbl, S.: Mind the gap - a closer look at the security of block ciphers against differential cryptanalysis. In: Cid, C., Jacobson, M., Jr. (eds.) SAC 2018. LNCS, vol. 11349, pp. 163–190. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-10970-7_8
Ganesh, V., Hansen, T., Soos, M., Liew, D., Govostes, R.: Simple Theorem Prover (STP). https://github.com/stp/stp
Kölbl, S.: CryptoSMT: An easy to use tool for cryptanalysis of symmetric primitives https://github.com/kste/cryptosmt
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Todo, Y., Sasaki, Y. (2022). Designing S-Boxes Providing Stronger Security Against Differential Cryptanalysis for Ciphers Using Byte-Wise XOR. In: AlTawy, R., Hülsing, A. (eds) Selected Areas in Cryptography. SAC 2021. Lecture Notes in Computer Science, vol 13203. Springer, Cham. https://doi.org/10.1007/978-3-030-99277-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-99277-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99276-7
Online ISBN: 978-3-030-99277-4
eBook Packages: Computer ScienceComputer Science (R0)