Abstract
We define affine equivalence of S-boxes with respect to modular addition, and explore its use in cryptanalysis. We have identified classes of small bijective S-boxes with respect to this new equivalence, and experimentally computed their properties.
Similar content being viewed by others
Notes
Note that the attacker can represent integers in \(\mathbb {Z}_{2^n}\) in other ways, e.g. changing the ordering of the bits in the binary expansion, or even choosing some completely different bijection between \(\mathbb {Z}_{2^n}\) and \(\mathbb {F}_{2^n}\). In practice, the representation chosen by the attacker needs to be compatible with other operations in the studied cipher. The effect of the choice of representation has an effect on which concrete S-boxes are identified as good or bad, but does not change the statistical results over the set of all S-boxes.
Similar to EA-equivalence, we can extend MAE by allowing the addition of an affine function in (2).
The S-box 019dae4852637bfc from optimal class G4 (with δF = 4, \(\mathcal {N}{\mathscr{L}}=4\)) has p(2,1) = 1/2. Another example is the S-box from the same class, 01e28abc9d35674f, which has p(10,5) = 11/16. None of the optimal S-boxes with D = 12 has the property pd,d/2 = 12/16.
An example is the optimal S-box 0169cf235be874ad with L = 10.
These results are for S-boxes represented in a standard natural binary expansion. For example, the GOST K8 S-box is given in [24] by the string 1fd057a4923e6b8c, which is represented as a permutation S(0) = 1,S(1) = 15, etc.
References
Biham, E., Anderson, R., Knudsen, L.: Serpent: a new block cipher proposal. In: International workshop on fast software encryption, pp 222–238. Springer (1998)
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J Cryptol 4(1), 3–72 (1991)
Bilgin, B., Nikova, S., Nikov, V., Rijmen, V., Stütz, G.: Threshold implementations of all 3× 3 and 4× 4 S-boxes. In: International workshop on cryptographic hardware and embedded systems, pp 76–91. Springer (2012)
Biryukov, A., Perrin, L., Udovenko, A.: Reverse-engineering the S-box of Streebog, Kuznyechik and STRIBOBr1. In: Annual international conference on the theory and applications of cryptographic techniques, pp 372–402. Springer (2016)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. Springer, Berlin (2007)
Brunetta, C., Calderini, M., Sala, M.: On hidden sums compatible with a given block cipher diffusion layer. Discret. Math. 342(2), 373–386 (2019)
Budaghyan, L., Carlet, C.: CCZ-equivalence of single and multi output Boolean functions. In: Post-proceedings of the 9th international conference on finite fields and their applications Fq, vol. 9, pp 43–54 (2010)
Calderini, M., Sala, M.: Elementary abelian regular subgroups as hidden sums for cryptographic trapdoors. arXiv:1702.00581 (2017)
Carlet, C.: Vectorial boolean functions for cryptography. Boolean Models and Methods in Mathematics, Computer Science, and Engineering 134, 398–469 (2010)
Civino, R., Blondeau, C., Sala, M.: Differential attacks: using alternative operations. Des. Codes Crypt. 87(2-3), 225–247 (2019)
Daemen, J., Rijmen, V.: The design of Rijndael: AES-the advanced encryption standard. Springer, Berlin (2013)
Fontanari, C., Pulice, V., Rimoldi, A., Sala, M.: On weakly APN functions and 4-bit S-boxes. Finite Fields and their Applications 18(3), 522–528 (2012)
Grošek, O., Nemoga, K., Satko, L.: Generalized perfectly nonlinear functions. Tatra Mountains Pub. 20, 121–131 (2000)
Kumar, Y., Mishra, P., Pillai, N.R., Sharma, R.K.: Affine equivalence and non-linearity of permutations over \(\mathbb {Z}_{n}\). Applicable Algebra in Engineering, Communication and Computing 28(3), 257–279 (2017)
Kutzner, S., Nguyen, P.H., Poschmann, A.: Enabling 3-share threshold implementations for all 4-bit S-boxes. In: International Conference on Information Security and Cryptology, pp 91–108. Springer (2013)
Leander, G., Poschmann, A.: On the classification of 4 bit S-boxes. In: International Workshop on the Arithmetic of Finite Fields, pp 159–176. Springer (2007)
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Workshop on the Theory and Application of Cryptographic Techniques, pp 386–397. Springer (1993)
Nyberg, K.: Perfect nonlinear S-boxes. In: Workshop on the Theory and Application of Of Cryptographic Techniques, pp 378–386. Springer (1991)
Nyberg, K.: Differentially uniform mappings for cryptography. In: Workshop on the Theory and Application of Of Cryptographic Techniques, pp 55–64. Springer (1993)
Oliynykov, R., Gorbenko, I., Kazymyrov, O., Ruzhentsev, V., Kuznetsov, O., Gorbenko, Y., Dyrda, O., Dolgov, V., Pushkaryov, A., Mordvinov, R., et al.: A new encryption standard of Ukraine: The Kalyna block cipher. IACR Cryptology ePrint Archive 2015, 650 (2015)
Picek, S., Ege, B., Papagiannopoulos, K., Batina, L., Jakobović, D.: Optimality and beyond: the case of 4× 4 S-boxes. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp 80–83. IEEE (2014)
Pott, A., Zhou, Y.: CCZ and EA equivalence between mappings over finite abelian groups. Designs, Codes and Cryptography 66(1-3), 99–109 (2013)
Rejewski, M.: Mathematical solution of the Enigma cipher. Cryptologia 6(1), 1–18 (1982)
Saarinen, M.J.O.: Cryptographic analysis of all 4× 4-bit S-boxes. In: International Workshop on Selected Areas in Cryptography, pp 118–133. Springer (2011)
Zabotin, I., Glazkov, G., Isaeva, V.: Cryptographic protection for information processing systems. Government Standard of the USSR. GOST, pp. 28, 147–89 (1989)
Zajac, P.: Constructing S-boxes with low multiplicative complexity. Stud. Sci. Math. Hung. 52(2), 135–153 (2015)
Zajac, P., Jókay, M.: Multiplicative complexity of bijective 4 × 4 S-boxes. Cryptogr. Commun. 6(3), 255–277 (2014)
Acknowledgements
We would like to thank the anonymous reviewers for significantly improving the article during the review process.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article belongs to the Topical Collection: Boolean Functions and Their Applications IV
Guest Editors: Lilya Budaghyan and Tor Helleseth
This research was supported by grant VEGA 1/0159/17.
Rights and permissions
About this article
Cite this article
Zajac, P., Jókay, M. Cryptographic properties of small bijective S-boxes with respect to modular addition. Cryptogr. Commun. 12, 947–963 (2020). https://doi.org/10.1007/s12095-020-00447-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-020-00447-x