Abstract
This paper reports the discovery of linear redundancy in the S-boxes of many ciphers recently proposed for standardisation (including Rijndael, the new AES). We introduce a new method to efficiently detect affine equivalence of Boolean functions, and hence we study the variety of equivalence classes existing in random and published S-boxes. This leads us to propose a new randomness criterion for these components. We present experimental data supporting the notion that linear redundancy is very rare in S-boxes with more than 6 inputs. Finally we discuss the impact this property may have on implementations, review the potential for new cryptanalytic attacks, and propose a new tweak for block ciphers that removes the redundancy. We also provide details of a highly nonlinear 8*8 non-redundant bijective S-box, which is suitable as a plug in replacement where required.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Berlekamp, E.R., Welch, L.R.: Weight Distributions of the Cosets of the (32, 6) Reed-Muller Code. IEEE Transactions on Information Theory 18(1), 203–207 (1972)
Coppersmith, D.: Personal communication (September 2002)
Daemen, J., Knudsen, L., Rijmen, V.: The Block Cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)
Daemen, J., Rijmen, V.: AES proposal: Rijndael
Denev, J.D., Tonchev, V.D.: On the Number of Equivalence Classes of Boolean Functions under a Transformation Group. IEEE Transactions on Information Theory 26(5), 625–626 (1980)
Ferguson, N., Schroeppel, R., Whiting, D.: A Simple Algebraic Representation of Rijndael. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, p. 103. Springer, Heidelberg (2001)
Fuller, J., Millan, W.: Linear redundancy in the aes s-box, manuscript 2002/111 on IACR E-print Archive (August 2002)
Garrido, E.: Personal communication (August 2002)
Liskov, M., Rivest, R., Wagner, D.: Tweakable Block Ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 31. Springer, Heidelberg (2002)
Maiorana, J.A.: A Classificationn of the Cosets of the Reed-Muller code r(1, 6). Mathematics of Computation 57(195), 403–414 (1991)
Mister, S.: Analysis of the building blocks of Serpent (2000)
National Bureau of Standards (U.S.). Data Encryption Standard (DES). Federal Information Processing Standards (1977)
Pasalic, E., Johansson, T., Maitra, S., Sarkar, P.: New constructions of resilient and correlation immune boolean functions achieving upper bounds on nonlinearity (2001)
Rijmen, V., Daemen, J., Preneel, B., Bosselaers, A., De Win, E.: The Cipher SHARK. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 99–111. Springer, Heidelberg (1996)
Rijmen, V.: Efficient Implementation of the Rijndael S-box. Presented at an AES conference
Shannon, C.E.: Communication theory of secrecy systems. Bell Systems Technical Journal 28, 656–715 (1949)
Wagner, D.: Personal communication (August 2002)
The New European Schemes for Signatures, Integrity and Encryption (NESSIE) process maintains a web-site via, http://www.cryptonessie.org
The CRYPTREC process has a web-site at http://www.ipa.go.jp/security/enc/CRYPTREC
The South Korean standards process has a web-site with downloads at http://www.kisa.or.kr/seed/algorithm.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fuller, J., Millan, W. (2003). Linear Redundancy in S-Boxes. In: Johansson, T. (eds) Fast Software Encryption. FSE 2003. Lecture Notes in Computer Science, vol 2887. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39887-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-39887-5_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20449-7
Online ISBN: 978-3-540-39887-5
eBook Packages: Springer Book Archive