Randomness analysis and generation of key-derived s-boxes

Although many ciphers use fixed, close to ideal, s-boxes (like AES e.g.), random s-boxes offer an interesting alternative since they have no underlying structure that can be exploited in cryptanalysis. For this reason, some cryptosystems generate pseudorandom s-boxes as a function of the key (key-derived). We analyse the randomness properties of key-derived s-boxes generated by some popular cryptosystems like the RC4 stream cipher, and the Blowfish and Twofish block ciphers with the aim of establishing if this kind of s-boxes are indistinguishable from purely random s-boxes. For this purpose we have developed a custom software framework to generate and evaluate random and key-derived s-boxes. We also detail and analyse several mechanisms for the generation of proper key-derived s-boxes, including fixed-point filtering and different sizes based on 8 × 8 s-boxes.

[1]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[2]  C. Adams,et al.  DESIGNING S-BOXES FOR CIPHERS RESISTANT TO DIFFERENTIAL CRYPTANALYSIS ( Extended , 1993 .

[3]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[4]  Tariq Shah,et al.  Construction of Cryptographically Strong 8x8 S-boxes , 2011 .

[5]  Ronald L. Rivest,et al.  The RC4 encryption algorithm , 1992 .

[6]  Baodian Wei,et al.  Cryptanalysis of Rijndael S-box and improvement , 2005, Appl. Math. Comput..

[7]  Goutam Paul,et al.  RC4 Stream Cipher and Its Variants , 2011 .

[8]  Serge Mister,et al.  Practical S-Box Design , 1996 .

[9]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[10]  Matthew J. B. Robshaw,et al.  Key-Dependent S-Boxes and Differential Cryptanalysis , 2002, Des. Codes Cryptogr..

[11]  Bruce Schneier,et al.  The Twofish encryption algorithm: a 128-bit block cipher , 1999 .

[12]  Alan O. Freier,et al.  Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[13]  José-Francisco Vicent,et al.  Improving the Message Expansion of the Tangle Hash Function , 2011, CISIS.

[14]  Ronald L. Rivest,et al.  Spritz - a spongy RC4-like stream cipher and hash function , 2016, IACR Cryptol. ePrint Arch..

[15]  Goutam Paul,et al.  RC4: (Non-)Random Words from (Non-)Random Permutations , 2011, IACR Cryptology ePrint Archive.

[16]  Andreas Klein,et al.  Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..

[17]  Amr M. Youssef,et al.  Resistance of Balanced s-Boxes to Linear and Differential Cryptanalysis , 1995, Inf. Process. Lett..

[18]  Selçuk Kavut,et al.  Results on rotation-symmetric S-boxes , 2012, Inf. Sci..

[19]  Gary McGuire,et al.  S-Boxes, APN Functions and Related Codes , 2009, Enhancing Cryptographic Primitives with Techniques from Error Correcting Codes.

[20]  William Millan,et al.  Multi-objective optimisation of bijective s-boxes , 2004, IEEE Congress on Evolutionary Computation.

[21]  William Millan,et al.  On Linear Redundancy in the AES S-Box , 2002, IACR Cryptol. ePrint Arch..

[22]  Serge Vaudenay,et al.  Discovery and Exploitation of New Biases in RC4 , 2010, Selected Areas in Cryptography.