On Reverse-Engineering S-Boxes with Hidden Design Criteria or Structure

Biryukov, Alex; Perrin, Léo Paul

doi:10.1007/978-3-662-47989-6

Reference : On Reverse-Engineering S-Boxes with Hidden Design Criteria or Structure


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/21989

Title :	On Reverse-Engineering S-Boxes with Hidden Design Criteria or Structure
Language :	English
Author, co-author :	Biryukov, Alex [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
	Perrin, Léo Paul [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Publication date :	Aug-2015
Main document title :	Advances in Cryptology -- CRYPTO 2015,
Editor :	Gennaro, Rosario
	Robshaw, Matthew
Publisher :	Springer-Verlag
Collection and collection volume :	Security and Cryptology, 9251
Pages :	116-140
Peer reviewed :	Yes
Audience :	International
ISBN :	978-3-662-47989-6
City :	Berlin
Country :	Germany
Event name :	35th Annual Cryptology Conference
Event date :	August 16-20, 2015
Event organizer :	International Association for Cryptology Research
Event place (city) :	Santa Barbara
Event country :	USA
Keywords :	[en] S-Box design criteria ; Skipjack ; linearity
Abstract :	[en] S-Boxes are the key components of many cryptographic primitives and designing them to improve resilience to attacks such as linear or differential cryptanalysis is well understood. In this paper, we investigate techniques that can be used to reverse-engineer S-box design and illustrate those by studying the S-Box $F$ of the Skipjack block cipher whose design process so far remained secret. We first show that the linear properties of $F$ are far from random and propose a design criteria, along with an algorithm which generates S-Boxes very similar to that of Skipjack. Then we consider more general S-box decomposition problems and propose new methods for decomposing S-Boxes built from arithmetic operations or as a Feistel Network of up to 5 rounds. Finally, we develop an S-box generating algorithm which can fix a large number of DDT entries to the values chosen by the designer. We demonstrate this algorithm by embedding images into the visual representation of S-box's DDT.
Funders :	Fonds National de la Recherche - FnR
Name of the research project :	ACRYPT
Target :	Researchers
Permalink :	http://hdl.handle.net/10993/21989
DOI :	10.1007/978-3-662-47989-6

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Limited access	article.pdf		Publisher postprint	938.55 kB	Request a copy

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices