A New Classification of 4-bit Optimal S-boxes and Its Application to PRESENT, RECTANGLE and SPONGENT

In this paper, we present a new classification of 4-bit optimal S-boxes. All optimal 4-bit S-boxes can be classified into 183 different categories, among which we specify 3 platinum categories. Under the design criteria of the PRESENT (or SPONGENT) S-box, there are 8064 different S-boxes up to adding constants before and after an S-box. The 8064 S-boxes belong to 3 different categories, we show that the S-box should be chosen from one out of the 3 categories or other categories for better resistance against linear cryptanalysis. Furthermore, we study in detail how the S-boxes in the 3 platinum categories influence the security of PRESENT, RECTANGLE and SPONGENT\(_{88}\) against differential and linear cryptanalysis. Our results show that the S-box selection has a great influence on the security of the schemes. For block ciphers or hash functions with 4-bit S-boxes as confusion layers and bit permutations as diffusion layers, designers can extend the range of S-box selection to the 3 platinum categories and select their S-box very carefully. For PRESENT, RECTANGLE and SPONGENT\(_{88}\) respectively, we get a set of potentially best/better S-box candidates from the 3 platinum categories. These potentially best/better S-boxes can be further investigated to see if they can be used to improve the security-performance tradeoff of the 3 cryptographic algorithms.

[1]  Pulak Mishra,et al.  Mergers, Acquisitions and Export Competitive- ness: Experience of Indian Manufacturing Sector , 2012 .

[2]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[3]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[4]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[5]  Gregor Leander,et al.  On Linear Hulls, Statistical Saturation Attacks, PRESENT and a Cryptanalysis of PUFFIN , 2011, EUROCRYPT.

[6]  Thomas Peyrin,et al.  The PHOTON Family of Lightweight Hash Functions , 2011, IACR Cryptol. ePrint Arch..

[7]  Gregor Leander,et al.  On the Classification of 4 Bit S-Boxes , 2007, WAIFI.

[8]  Joo Yeon Cho,et al.  Linear Cryptanalysis of Reduced-Round PRESENT , 2010, CT-RSA.

[9]  François-Xavier Standaert,et al.  A Statistical Saturation Attack against the Block Cipher PRESENT , 2009, CT-RSA.

[10]  Meiqin Wang,et al.  A Model for Structure Attacks, with Applications to PRESENT and Serpent , 2012, FSE.

[11]  Thomas Siegenthaler,et al.  Correlation-immunity of nonlinear combining functions for cryptographic applications , 1984, IEEE Trans. Inf. Theory.

[12]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[13]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[14]  Kaisa Nyberg,et al.  Links Between Truncated Differential and Multidimensional Linear Properties of Block Ciphers and Underlying Attack Complexities , 2014, IACR Cryptol. ePrint Arch..

[15]  Dongdai Lin,et al.  Speeding Up the Search Algorithm for the Best Differential and Best Linear Trails , 2014, Inscrypt.

[16]  Andrey Bogdanov,et al.  spongent: A Lightweight Hash Function , 2011, CHES.

[17]  Andrey Bogdanov,et al.  SPONGENT: The Design Space of Lightweight Cryptographic Hashing , 2011, IEEE Transactions on Computers.

[18]  Céline Blondeau,et al.  Multiple Differential Cryptanalysis: Theory and Practice , 2011, FSE.

[19]  Tsutomu Matsumoto,et al.  A Strategy for Constructing Fast Round Functions with Practical Security Against Differential and Linear Cryptanalysis , 1998, Selected Areas in Cryptography.

[20]  Claude Carlet,et al.  Codes, Bent Functions and Permutations Suitable For DES-like Cryptosystems , 1998, Des. Codes Cryptogr..

[21]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[22]  James L. Massey,et al.  A spectral characterization of correlation-immune combining functions , 1988, IEEE Trans. Inf. Theory.

[23]  Markku-Juhani O. Saarinen Cryptographic Analysis of All 4 x 4 - Bit S-Boxes , 2011, IACR Cryptol. ePrint Arch..

[24]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[25]  Kazuo Ohta,et al.  Improving the Search Algorithm for the Best Linear Expression , 1995, CRYPTO.

[26]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[27]  Mohamed Ahmed Abdelraheem,et al.  Estimating the Probabilities of Low-Weight Differential and Linear Approximations on PRESENT-Like Ciphers , 2012, ICISC.

[28]  Mitsuru Matsui,et al.  On Correlation Between the Order of S-boxes and the Strength of DES , 1994, EUROCRYPT.

[29]  Kazumaro Aoki,et al.  Best Differential Characteristic Search of FEAL , 1996, FSE.

[30]  Kenji Ohkuma,et al.  Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis , 2009, Selected Areas in Cryptography.

[31]  Dongdai Lin,et al.  RECTANGLE: A Bit-slice Ultra-Lightweight Block Cipher Suitable for Multiple Platforms , 2014, IACR Cryptol. ePrint Arch..