A Near Optimal S-Box Design

In this work a cryptographically robust S-box based on non-linear Cellular Automata rules has been developed. Properties suggest that the robustness of the proposed construction is better than that proposed by Seberry et al.[1]. Though the proposed S-box

  • PDF / 460,400 Bytes
  • 14 Pages / 430 x 660 pts Page_size
  • 62 Downloads / 180 Views

DOWNLOAD

REPORT


Abstract. In this work a cryptographically robust S-box based on nonlinear Cellular Automata rules has been developed. Properties suggest that the robustness of the proposed construction is better than that proposed by Seberry et al. [1]. Though the proposed S-box is not optimal to the linear and differential attacks like Rijndael S-box, its immunity towards linear cryptanalysis and robustness against differential cryptanalysis is high and it lacks algebraic relations over finite field. Due to the presence of synchronous elements in its architecture, timing constraints can also be fulfilled efficiently if hardware masking is done on the circuit to prevent it against power attack. Also due to Cellular Automata based structure, the S-box can be efficiently implemented in hardware and in software for high speed design. Keywords: Attack.

1

S-box, Cellular Automata, Power Attack, Algebraic

Introduction

The security of symmetric key block ciphers largely depends on the cryptographic robustness of the S-boxes. Thus the construction of good S-boxes are an extremely important component of cipher design. In [2] authors first focused on the statistical properties of random, reversible S-boxes. In literature subsequently several works [3], [4], [5], [6] have been published in defining the desirable properties of S-boxes. However the drawbacks of all these proposals were pointed out in [1]. The main weakness were that the component functions of these Sboxes were quadratic and thus could be vulnerable to many classic as well as recent algebraic attacks. One of the constructions proposed in [7] is based on Maiorana-McFarland method and is built out of Linear Feedback Shift Registers (LFSRs). Apart from the above drawbacks the class of circuits built around LFSRs can be found to have the following inherent disadvantages (i) irregularity of the interconnection structure, (ii) larger delay and (iii) lack of modularity P. McDaniel and S.K. Gupta (Eds.): ICISS 2007, LNCS 4812, pp. 77–90, 2007. c Springer-Verlag Berlin Heidelberg 2007 

78

D. Bhattacharya et al.

and cascadability. Also the resultant S-box was not balanced and had the restriction that the first half of the input that goes to the LFSRs was not zero. This restricts the usage of the generated S-Boxes. In [1] the authors describe various properties of cryptographically robust S-boxes. The various properties listed were : (i) High nonlinearity, (ii) Balanced output, (iii) Immunity against Linear Cryptanalysis, (iv) Robustness against Differential Cryptanalysis, (v) Avalanche Effect and (vi) High algebraic degree of its output boolean functions. In [4] a method was presented for n × n S-box design. However, for the S-box created by this method, its inverse S-box is almost completely linear (it has only one non-linear function) and its diffusion property cannot be ensured. In [8] the authors proposed a design methodology for n × n S-boxes. Since, the method is an exhaustive search method the complexity of the method grows as the value of n increases. In [9] a method has been describe