Skip to main content
SpringerLink
Log in

The design of composite permutations with applications to DES-like S-boxes

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

This paper presents an iterative construction method for building composite permutations. Its efficiency is based on the concepts of pre-computation and equivalence classes. Equivalence class representatives of permutations on four bits are pre-computed. These class representatives can serve as input to the construction method, however, the results are also of independent interest for applications in cryptography. A well-known example of a cryptosystem using composite permutations for its Substitution boxes (S-boxes) is the Data Encryption Standard (DES). Throughout the paper, DES-like S-boxes are defined as mappings satisfying all design criteria as disclosed by one of the designers of DES. All permutations on four bits with DES-like properties are identified. Starting with pre-computed representatives of classes with such permutations, two iterations of a specialized version of the algorithm are applied to obtain bounds on the minimum differential uniformity and minimum non-linear uniformity of DES-like S-boxes. It is established that the two values cannot be less than eight, and that DES-like S-boxes for which the values are both equal to 12 do exist. In addition, if the non-linear uniformity of each of the four permutations in a DES-like S-box is at most six, as in all DES S-boxes, then its non-linear uniformity cannot be less than ten and its minimum differential uniformity equals 12.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Anderson R, Biham E, Knudsen L (1998) Serpent: a proposal for the Advanced Encryption Standard, AES CD-1: Documentation. National Institute of Standards and Technology, Information Technology Laboratory

  2. ANSI X3.92 (1981) American National Standard—Data Encryption Algorithm. American National Standards Institute

  3. Biham E, Biryukov A (1997) An improvement of Davies’ attack on DES. J Cryptol 10: 195–205

    Article  MATH  Google Scholar 

  4. Biham E, Shamir A (1991) Differential cryptanalysis of DES-like cryptosystems. J Cryptol 4:3–72

    Article  MATH  MathSciNet  Google Scholar 

  5. Biryukov A, De Canniere C, Braeken A, Preneel B (2003). A toolbox for cryptanalysis: linear and affine equivalence algorithms. In: Biham E (eds). Advances in cryptology—proceedings EUROCRYPT ’03, LNCS 2656. Springer-Verlag, Berlin, pp. 33–50

    Google Scholar 

  6. Chow S, Eisen P, Johnson H, van Oorschot PC (2003). White-box cryptography and an AES implementation. In: Nyberg K, Heys H (eds). Selected Areas in Cryptography, 9th Annual International Workshop, SAC 2002. LNCS 2595, Springer-Verlag, Berlin, pp. 250–270

    Google Scholar 

  7. Chow S, Eisen P, Johnson H, van Oorschot PC (2003). A white-box DES implementation for DRM applications. In: Feigenbaum J (eds). Digital Rights Management, ACM CCS-9 Workshop, DRM 2002, LNCS 2696. Springer-Verlag, Berlin, pp. 1–15

    Google Scholar 

  8. Coppersmith D (1994) The Data Encryption Standard (DES) and its strength against attacks. IBM J Res Dev 38(3):243–250

    Article  MATH  MathSciNet  Google Scholar 

  9. Davies DW, Murphy S (1995) Pairs and triplets of DES S-boxes. J Cryptol 8:1–25

    Article  MATH  Google Scholar 

  10. Daemen J, Rijmen V (2002) The design of Rijndael. Springer-Verlag, Berlin

    MATH  Google Scholar 

  11. FIPS 46, Data Encryption Standard, Federal Information Processing Standards, Publication 46, U.S. Department of Commerce, National Bureau of Standards, National Technical Information Service, 1977 (revised versions: FIPS 46-1, 1988; FIPS 46-2, 1993; FIPS 46-3, 1999)

  12. FIPS 197, Advanced Encryption Standard, Federal Information Processing Standards, Publication 197, U.S. Department of Commerce, National Institute for Standards and Technology, Information Technology Laboratory, 2001

  13. Kim K, Lee S, Park S, Lee D (1995) Securing DES S-boxes against three robust cryptanalysis. Workshop record, 2nd Workshop on Selected Areas in Cryptology (SAC ’95), Ottawa, Canada, pp 145–157

  14. Kim K, Park S, Lee S (1993) Reconstruction of S 2DES S-boxes and their immunity to differential cryptanalysis. In: Proceedings of JW-ISC ’93, Oct. 24–26, Seoul, Korea

  15. Lenstra AK, Verheul ER (2001) Selecting cryptographic key sizes. J Cryptol 14:255–293

    MATH  MathSciNet  Google Scholar 

  16. MacWilliams FJ (1963) A theorem on the distribution of weights in a systematic code. Bell Syst Tech J 42:79–94

    MathSciNet  Google Scholar 

  17. Matsui M (1994). Linear cryptanalysis method for DES cipher. In: Helleseth T (eds). Advances in cryptology—Proceedings EUROCRYPT ’93, LNCS 765. Springer-Verlag, Berlin, pp. 386–397

    Google Scholar 

  18. Menezes AJ, van Oorschot PC, Vanstone SA (1996) Handbook of applied cryptography. CRC Press, New York

    Google Scholar 

  19. Nyberg K (1994). Differentially uniform mappings for cryptography. In: Helleseth T. (eds). Advances in cryptology—proceedings EUROCRYPT ’93, LNCS 765. Springer-Verlag, Berlin, pp. 55–64

    Google Scholar 

  20. Nyberg K, Knudsen L (1993). Provable security against differential cryptanalysis. In: Brickell EF (eds). Advances in cryptology—proceedings CRYPTO ’92, LNCS 740. Springer-Verlag, Berlin, pp. 566–574

    Google Scholar 

  21. O’Connor LJ (1994). On the distribution of characteristics in composite permutations. In: DR (eds). Advances in cryptology—Proceedings CRYPTO ’93, LNCS 773. Springer-Verlag, Berlin, pp. 403–412

    Google Scholar 

  22. Pless V (1963) Power moment identities on weight distributions in error-correcting codes. Info Control 6:147–152

    Article  MATH  MathSciNet  Google Scholar 

  23. Roelse P (2002). Differential and linear distributions of substitution boxes for symmetric-key cryptosystems. In: Mullen GL, Stichtenoth H, Tapia-Recillas H (eds). Finite fields with applications to coding theory, cryptography and related areas, Oaxaca, 2001. Springer-Verlag, Berlin, pp. 270–285

    Google Scholar 

  24. Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) block cipher, U.S. Department of Commerce, Technology Administration, National Institute for Standards and Technology, 2004

  25. Yang J-H, Dai Z-D, Zeng K-C (1993). The data base of selected permutations (Extended Abstract). In: Imai H, Rivest RL, Matsumoto T (eds). Advances in cryptology—proceedings LNCS 739. Springer-Verlag, Berlin, pp. 73–81

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Philips Semiconductors, High Tech Campus 45, 5656, AE, Eindhoven, The Netherlands

    Peter Roelse

Authors
  1. Peter Roelse
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peter Roelse.

Additional information

Communicated by J. D. Key.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Roelse, P. The design of composite permutations with applications to DES-like S-boxes. Des Codes Crypt 42, 21–42 (2007). https://doi.org/10.1007/s10623-006-9012-y

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-006-9012-y

Keywords

AMS Classification

Search

Navigation