Abstract
Substitution Box (S-Box) is employed in block ciphers to ensure non-linearity. An n-bit bijective S-Box is a member of the Symmetric Group \(\mathbb {S}_{2^{n}}\). Ideally, an S-Box must follow a stringent cryptographic profile. Designing an S-Box is a transparent and justified process. The concerning point for an evaluator is the presence of vulnerabilities in the design of an S-Box, i.e., Kuznyechick. If a malicious designer keeps the non-trivial subspaces secret, it leads to sophisticated cryptanalytic attacks. This article investigates the behaviour of non-trivial subspaces in an S-Box and its Affine, Extended Affine (EA) and Carlet-Charpin-Zinoviev (CCZ) equivalence classes. This paper presents a novel algorithm for finding preservable quotient spaces in an S-Box, thus leveraging a way for shortlisting the potential candidates for an S-Box with backdoors. The proposed work emphasizes checking whether a target S-Box is a potential backdoor candidate. The backdoored designs proposed by KG Paterson, Carlo Harpes and Bannier are being identified and validated with the help of the proposed algorithm. Our findings establish that the additive linear structures responsible for the non-trivial subspace are not invariant under the EA and CCZ. Moreover, the analysis of \(3{-}bit\) permutations reveals that almost 23% population of \(\mathbb {S}_{2^{3}}\) preserve the quotient subspaces. Irrespective of the linear structures in its non-linear layer, the NIST Lightweight competitors do not preserve the quotient spaces in both the input and output space.
Similar content being viewed by others
Data Availability
No data has been generated for this research except for the analysis of \(\mathbb {S}_{2^3}\). The code for the empirical verification and further enhancement is uploaded to Github via https://github.com/dawood254/Detection-of-Non-Trivial-Subspaces-.git.
Notes
Values are in hexadecimal format.
The values in the S-0 table are given in Hexadecimal format, the lookup in S-0 is carried out similarly to DES [39].
Values are in Hexadecimal Format, S-1(0D) = 1C, S-2(28) = 1F.
References
Aoki K, Ichikawa T, Kanda M, Matsui M, Moriai S, Nakajima J, Tokita T (2000) Camellia: A 128-bit block cipher suitable for multiple platforms-design andanalysis. In: International workshop on selected areas in cryptography, pp 39–56. Springer
Banik S, Chakraborti A, Inoue A, Iwata T, Minematsu K, Nandi M, Peyrin T, Sasaki Y, Sim SM, Todo Y (2020) Gift-cofb. Cryptology ePrint Archive
Bannier A (2017) Combinatorial analysis of block ciphers with trapdoors. Ph.D. thesis, École Nationale Supérieure d’Arts et Métiers
Bannier A, Filiol E (2017) Mathematical backdoors in symmetric encryption systems-proposal for a backdoored aes-like block cipher. arXiv preprint arXiv:1702.06475
Bao Z, Chakraborti A, Datta N, Guo J, Nandi M, Peyrin T, Yasuda K (2019) Photon-beetle authenticated encryption and hash family. NIST Lightweight Compet. Round 1, 115
Behera PK, Gangopadhyay S (2021) Evolving bijective s-boxes using hybrid adaptive genetic algorithm with optimal cryptographic properties. J Ambient Intell Human Comput, pp 1–18
Bernstein DJ, Lange T, Niederhagen R (2016) Dual ec: A standardized back door. In: The new codebreakers, pp 256–281. Springer
Bolufé-Röhler A, Tamayo-Vera D (2020) Machine learning based metaheuristic hybrids for s-box optimization. J Ambient Intell Human Comput 11(11):5139–5152
Budaghyan L, Carlet C (2009) Ccz-equivalence and boolean functions. Cryptol ePrint Arch
Canteaut A (2016) Lecture notes on cryptographic boolean functions. Inria, Paris, France 3
Carlet C (2010) Boolean models and methods in mathematics, computer science, and engineering. Vector Boolean Functions Cryptogr
Diffie W, Ledin G (2008) Sms4 encryption algorithm for wireless networks. Cryptol ePrint Arch
Dobraunig C, Eichlseder M, Mendel F, Schläffer M (2016) Ascon v1. 2. Submission to the CAESAR Competition 5(6):7
Dobraunig C, Mennink B (2019) Elephant v1. Submission to NIST lightweight cryptography project
Dolmatov V (2016) Gost r 34.12-2015: Block cipher “kuznyechik’’. Transformation 50:10
Froomkin AM (1994) Metaphor is the key: cryptography, the clipper chip, and the constitution. U Pa L Rev 143:709
Harpes C (1996) Cryptanalysis of iterated block ciphers. Ph.D. thesis, ETH Zurich
Harpes C, Massey JL (1997) Partitioning cryptanalysis. In: International workshop on fast software encryption, pp 13–27. Springer
Hsieh W (1975) Intersection theorems for systems of finite vector spaces. Discrete Math 12(1):1–16
Kaliski BS, Rivest RL, Sherman AT (1988) Is the data encryption standard a group? (results of cycling experiments on des). J Cryptol 1(1):3–36
Khairallah M (2022) Romulus: Lighweight aead from tweakable block ciphers. In: Hardware oriented authenticated encryption based on tweakable block ciphers, pp 115–134. Springer
Lorens CS (1964) Invertible boolean functions. IEEE Trans Electronic Comput 5:529–541
Makarim RH, Tezcan C (2014) Relating undisturbed bits to other properties of substitution boxes. In: International workshop on lightweight cryptography for security and privacy, pp 109–125. Springer
Matsui M (1994) On correlation between the order of s-boxes and the strength of des. In: Workshop on the theory and application of of cryptographic techniques, pp 366–375. Springer
Miller G (2020) The intelligence coup of the century. https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/. [Online; accessed 11-Feb-2020]
Ohkuma K, Muratani H, Sano F, Kawamura S (2000) The block cipher hierocrypt. In: International workshop on selected areas in cryptography, pp 72–88. Springer
Paterson KG (1999) Imprimitive permutation groups and trapdoors in iterated block ciphers. In: International workshop on fast software encryption, pp 201–214. Springer
Perrin L (2019) Partitions in the s-box of streebog and kuznyechik. IACR Trans Symmetric Cryptol, pp 302–329
Perrin L (2019) Streebog and kuznyechik: inconsistencies in the claims of their designers. In: IETF 105
Peyrin T, Wang H (2020) The malicious framework: embedding backdoors into tweakable block ciphers. In: Annual international cryptology conference, pp 249–278. Springer
Posteuca R, Ashur T (2021) How to backdoor a cipher. IACR Cryptol ePrint Arch 2021:442
Ragab AAM, Madani A, Wahdan A, Selim GM (2021) Design, analysis, and implementation of a new lightweight block cipher for protecting iot smart devices. J Ambient Intell Human Comput, pp 1–18
Rijmen V, Daemen J (2001) Advanced encryption standard. In: Proceedings of federal information processing standards publications. National Institute of Standards and Technology 19:22
Rijmen V, Preneel B (1997) A family of trapdoor ciphers. In: International workshop on fast software encryption, pp 139–148. Springer
Roth RL (2001) A history of Lagrange’s theorem on groups. Math Mag 74(2):99–108
Schuster F (2014) Reverse engineering of chiasmus from gstool. In: Presentation at the HGI-Kolloquium, January 2014
Sevin A, Mohammed AAO (2021) A survey on software implementation of lightweight block ciphers for iot devices. J Ambient Intell Human Comput, pp 1–15
Shirai T, Shibutani K, Akishita T, Moriai S, Iwata T (2007) The 128-bit blockcipher clefia. In: International workshop on fast software encryption, pp 181–195. Springer
Standard DE et al. (1999) Data encryption standard. Federal Inf Process Stand Publ, 112
Tezcan C (2014) Improbable differential attacks on present using undisturbed bits. J Comput Appl Math 259:503–511
Torkelson CE (1994) The clipper chip: How key escrow threatens to undermine the fourth amendment. Seton Hall L Rev 25:1142
Turan MS, McKay KA, Çalik Ç, Chang D, Bassham L et al. (2019) Status report on the first round of the nist lightweight cryptography standardization process. National Institute of Standards and Technology, Gaithersburg, MD, NIST Interagency/Internal Rep.(NISTIR)
Zhang XM, Zheng Y, Imai H (2000) Relating differential distribution tables to other properties of of substitution boxes. Des Codes Cryptogr 19(1):45–63
Acknowledgements
We would like to express our sincere gratitude to the anonymous reviewers, who provided invaluable feedback and insightful comments on our manuscript. Their careful attention and constructive criticism helped us improve our work’s quality and clarity. We are grateful for their time and effort in reviewing our paper and for their commitment to maintaining the high standards of this journal. Without their contributions, this paper would not have been possible.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
There is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Fahd, S., Afzal, M., Shah, D. et al. Detection of non-trivial preservable quotient spaces in S-Box(es). Neural Comput & Applic 35, 18343–18355 (2023). https://doi.org/10.1007/s00521-023-08654-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-023-08654-2