Design of S-boxes Defined with Cellular Automata Rules

The aim of this paper is to find cellular automata (CA) rules that are used to describe S-boxes with good cryptographic properties and low implementation cost. Up to now, CA rules have been used in several ciphers to define an S-box, but in all those ciphers, the same CA rule is used. This CA rule is best known as the one defining the Keccak χ transformation. Since there exists no straightforward method for constructing CA rules that define S-boxes with good cryptographic/implementation properties, we use a special kind of heuristics for that -- Genetic Programming (GP). Although it is not possible to theoretically prove the efficiency of such a method, our experimental results show that GP is able to find a large number of CA rules that define good S-boxes in a relatively easy way. We focus on the 4 x 4 and 5 x 5 sizes and we implement the S-boxes in hardware to examine implementation properties like latency, area, and power. Particularly interesting is the internal encoding of the solutions in the considered heuristics using combinatorial circuits; this makes it easy to approximate S-box implementation properties like latency and area a priori.

[1]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[2]  Domagoj Jakobovic,et al.  Evolving Algebraic Constructions for Designing Bent Boolean Functions , 2016, GECCO.

[3]  Joan Daemen,et al.  Fast Hashing and Stream Encryption with PANAMA , 1998, FSE.

[4]  Claude Carlet,et al.  Constructing new APN functions from known ones , 2009, Finite Fields Their Appl..

[5]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[6]  Riccardo Poli,et al.  A Field Guide to Genetic Programming , 2008 .

[7]  Claude Carlet,et al.  Boolean Functions for Cryptography and Error-Correcting Codes , 2010, Boolean Models and Methods.

[8]  Howard Gutowitz,et al.  Cryptography with Dynamical Systems , 1993 .

[9]  Joan Boyar,et al.  A Small Depth-16 Circuit for the AES S-Box , 2012, SEC.

[10]  Guido Bertoni,et al.  RadioGatún, a belt-and-mill hash function , 2006, IACR Cryptol. ePrint Arch..

[11]  Kaisa Nyberg,et al.  On the Construction of Highly Nonlinear Permutations , 1992, EUROCRYPT.

[12]  William Millan,et al.  Efficient Methods for Generating MARS-Like S-Boxes , 2000, FSE.

[13]  Riccardo Poli,et al.  Genetic Programming: An Introduction and Tutorial, with a Survey of Techniques and Applications , 2008, Computational Intelligence: A Compendium.

[14]  Joos Vandewalle,et al.  A New Approach to Block Cipher Design , 1993, FSE.

[15]  Joos Vandewalle,et al.  Invertible shift-invariant transformations on binary arrays , 1994 .

[16]  Joan Daemen,et al.  Subterranean: A 600 Mbit/sec cryptographic VLSI chip , 1993, Proceedings of 1993 IEEE International Conference on Computer Design ICCD'93.

[17]  Kaisa Nyberg,et al.  Perfect Nonlinear S-Boxes , 1991, EUROCRYPT.

[18]  Julian Francis Miller,et al.  Cartesian Genetic Programming Approach for Generating Substitution Boxes of Different Sizes , 2015, GECCO.

[19]  Claude Carlet,et al.  Vectorial Boolean Functions for Cryptography , 2006 .

[20]  Susan Stepney,et al.  The design of S-boxes by simulated annealing , 2004, Proceedings of the 2004 Congress on Evolutionary Computation (IEEE Cat. No.04TH8753).

[21]  Kyoji Shibutani,et al.  Midori: A Block Cipher for Low Energy (Extended Version) , 2015, IACR Cryptol. ePrint Arch..

[22]  Guido Bertoni,et al.  The Making of KECCAK , 2014, Cryptologia.

[23]  D. Richardson,et al.  Tessellations with Local Transformations , 1972, J. Comput. Syst. Sci..

[24]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[25]  Andrey Bogdanov,et al.  Exploring Energy Efficiency of Lightweight Block Ciphers , 2015, IACR Cryptol. ePrint Arch..