Abstract
Often the S-boxes are the only nonlinear components in a block cipher and as such play an important role in ensuring its resistance to cryptanalysis. Cryptographic properties and constructions of S-boxes have been studied for many years. The most common techniques for constructing S-boxes are: algebraic constructions, pseudo-random generation and a variety of heuristic approaches. Among the latter are the genetic algorithms. In this paper, a genetic algorithm working in a reversed way is proposed. Using the algorithm we can rapidly and repeatedly generate a large number of strong bijective S-boxes of each dimension from (8 × 8) to (16 × 16), which have sub-optimal properties close to the ones of S-boxes based on finite field inversion, but have more complex algebraic structure and possess no linear redundancy.
Similar content being viewed by others
Notes
“m of 255” in Table 1 means that m out of 255 S-box component Boolean functions belong to distinct extended affine equivalence classes
References
Biham, E.: On Matsui’s linear cryptanalysis. In: Eurocrypt’94, volume 950 of LNCS, pp 341–355. Springer (1994)
Biham, E.: Observations on the relations between bit-functions of many s-boxes. In: The 3rd NESSIE conference (2002)
Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. In: Advances in Cryptology – CRYPTO’90, volume 537 of LNCS, pp 2–21. Springer Verlag (1991)
Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. J. Cryptol. 4, 3–72 (1991)
Browning, K., Dillon, J., McQuistan, M., Wolfe, A.: An apn permutation in dimension six. Finite Fields: Theory Appl. Contemp. Math. 518, 33–42 (2010)
Carlet, C: Boolean Models and Methods in Mathematics, Computer Science, and Engineering, chapter Boolean Functions for Cryptography and Error Correcting Codes, pp 257–397. Cambridge University Press (2010)
Carlet, C: Boolean Models and Methods in Mathematics, Computer Science, and Engineering, chapter Vectorial Boolean Functions for Cryptography, pp 257–397. Cambridge University Press (2010)
Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: Advances in Cryptology – EUROCRYPT’94, volume 950 of LNCS, pp 356–365. Springer Verlag (1995)
Clark, J.A., Jacob, J.L., Stepney, S.: The design of s-boxes by simulated annealing. New Gener. Comput. Arch. 23(3) (2005)
Courtois, N.T., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Advances in Cryptology - ASIACRYPT’02, volume 2501 of LNCS, pp 267–287. Springer Verlag (2002)
Daeman, J., Rijmen, V.: The design of Rijndael: AES – The advanced Encryption Standard. Springer Verlag (2002)
Daemen, J., Govaerts, R., Vandewalle, J.: Correlation matrices. In: FSE’94, volume 1008 of LNCS, pp 275–285. Springer (1995)
Fuller, J., Millan, W.: Linear redundancy in s-boxes. In: FSE’03, volume 2887 of LNCS, pp 74–86. Springer (2003)
Gerard, B., Grosso, V., Naya-Plasencia, M., Standaert, F.-X.: Block ciphers that are easier to mask: How far can we go?. In: CHES’03, volume 8086 of LNCS, pp 383–399. Springer (2003)
Golić, J. Dj.: Fast low order approximation of cryptographic functions. In: Advances in Cryptology – EUROCRYPT’96, volume 1070 of LNCS, pp 268–282. Springer Verlag (1996)
Izbenko, Y., Kovtun, V., Kuznetsov, A.: The design of boolean functions by modified hill climbing method. http://eprint.iacr.org/2008/111.pdf,01.09.2013
Kazymyrov, O., Kazymyrova, V., Oliynykov, R.: A method for generation of high-nonlinear s-boxes based on gradient descent. IACR Cryptology ePrint Archive (2013)
Goubin, L., Martinelli, A., Walle, M.: Impact of s-boxes size upon side channel resistance and block cipher design. In: AFRICACRYPT’13, volume 7918 of LNCS, pp 240–259. Springer (2013)
Matsui, M.: Linear cryptanalysis method for des cipher. In: Advances in Cryptology – EUROCRYPT’93, volume 765 of LNCS, pp 386–397. Springer Verlag (1994)
McWilliams, F. J., NSloane, N.J.A.: The Theory of Error-Correcting Codes, North-Holland (1978)
Meier, W., Staffelbach, O.: Nonlinearity criteria for cryptographic functions. In: Advances in Cryptology – EUROCRYPT’89, volume 434 of LNCS, pp 549–562. Springer Verlag (1990)
Millan, W.: How to improve the nonlinearity of bijective s-boxes. In: Australian Conference on Information Security and Privacy 1998, vol. 1438, pp 181–192. Springer Verlag (1998)
Millan, W., Burnett, L., Carter, G., Clark, A., Dawson, E.: Evolutionary heuristics for finding cryptographically strong s-boxes. In: ICICS’99, volume 1726 of LNCS, pp 263–274. Springer (1999)
Millan, W. L.: Low order approximation of cipher functions. In: Cryptography: Policy and Algorithms Conference, Proceedings, volume 1029 of LNCS, pp 144–155. Springer Verlag (1996)
Nyberg, K.: Perfect nonlinear s-boxes. In: Advances in Cryptology – EUROCRYPT’91, volume 547 of LNCS, pp 378–386. Springer Verlag (1992)
Nyberg, K.: Differentially uniform mappings for cryptography. In: Advances in Cryptology – EUROCRYPT’93, volume 765 of LNCS, pp 55–64. Springer Verlag (1994)
Preneel, B.: Analysis and Design of Cryptographic Hash Functions. PhD thesis, Catholic University of Leuven (1994)
Qu, L., Tan, Y., Li, C., Gong, G.: More constructions of differentially 4-uniform permutations on \(\mathbb {F}_{2^{2k}}\). In: arXiv:http://arXiv.org/abs/arxiv.org/pdf/1309.7423 (2013)
Qu, L., Tan, Y., Tan, C., Li, C.: Constructing differentially 4-uniform permutations over \(\mathbb {F}_{2^{2k}}\) via the switching method. IEEE Trans. Inform. Theory 59(7), 4675–4686 (2013)
Rothaus, O. S.: On bent functions. J. Comb. Theory 20(3), 300–305 (1976)
Seberry, J., Zhang, X.M., Zheng, Y.: Systematic generation of cryptographically robust s-boxes. In: Proceedings of the first ACM Conference on Computer and Communications Security, pp 171–182. The Association for Computing Machinery, Fairfax, VA (1993)
Seberry, J., Zhang, X. M., Zheng, Y.: Relationships among nonlinearity criteria. In: Advances in Cryptology – EUROCRYPT’94, volume 950 of LNCS, pp 376–388. Springer Verlag (1995)
Shannon, C. E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28, 656–715 (1949)
Tesař, P.: A new method for generating high non-linearity s-boxes. Radioengineering 19(1), 23–26 (2010)
Youssef, A.M., Tavares, S.E.: On some algebraic structures in the aes round function. Technical Report 2002/144, Cryptology ePrint Archive (2002)
Yu, Y., Wang, M., Li, Y.: Constructing differential 4-uniform permutations from known ones. IACR Cryptology ePrint Archive (2011), Report 2011/047, http://eprint.iacr.org/2011/047.pdf
Zhang, X., Zheng, Y., Imai, H.: Relating differential distribution tables to other properties of substitution boxes. Des., Codes Crypt. 19, 45–63 (2000)
Author information
Authors and Affiliations
Corresponding author
Additional information
The research is done as a part of the project “Finite geometries, coding theory and cryptography” between the Research Foundation - Flanders (FWO) and the Bulgarian Academy of Sciences. This research has been supported by the ICT COST Action IC1306 “Cryptography for Secure Digital Interaction”.
Appendices
Appendix A:
1.1 A.1 Genetic Algorithm 1 pseudo code
- STEP 1:
-
(Initializing step) - defining the algorithm parameters
-
Define an integer n, representing the dimensions (n × n) of the bijective S-box.
-
Define an integer T, representing the number of S-boxes in the parent pool (P P).
-
Define an even integer N t h r ≤N i n v , representing the nonlinearity threshold value.
-
Generate a number of T S-boxes of dimensions (n × n) and put them into the (P P). Some based on the inversion in the finite field G F(2n), while the other obtained in result of the application of affine transformations to the outputs of the former.
-
Create an empty offspring pool (O P) of size T.
-
Set the parents indexes t and r to be 1.
-
- STEP 2:
-
(Breeding step)
- STEP 3:
-
(Mutation step) C h 1 = m o d e l i n g(C h 1) and C h 2 = m o d e l i n g(C h 2) go to Step 4
- STEP 4:
-
(Fitness step)
- STEP 5:
-
(Solution pool)The number of all T desired S-boxes, having nonlinearity N = N t h r , are disposed in the offspring pool OP.
1.2 A.2 Genetic Algorithm 2 pseudo code
- STEP 1:
-
(Initializing step) - defining the algorithm parameters
-
Define an integer n, representing the dimensions (n × n) of the bijective S-box.
-
Define an integer T, representing the number of S-boxes in the parent pool (P P).
-
Define an even integer N t h r ≤N i n v , representing the nonlinearity threshold value.
-
Generate a number of T S-boxes of dimensions (n × n) and put them into the (P P). Some based on the inversion in the finite field G F(2n), while the other obtained in result of the application of affine transformations to the outputs of the former.
-
Create an empty offspring pool (O P) of size T.
-
Set the counter cnt value to be 0.
-
Set the parents indexes t and r to be 1.
-
- STEP 2:
-
(Breeding step)
- STEP 3:
-
(Mutation step)C h 1 = m o d e l i n g(C h 1) and C h 2 = m o d e l i n g(C h 2) go to Step 4
- STEP 4:
-
(Fitness step)
- STEP 5:
-
(Solution pool)The number of all T desired S-boxes, having nonlinearity N = N t h r , are disposed in the offspring pool OP.
1.3 A.3 Genetic Algorithm 3 pseudo code
- STEP 1:
-
(Initializing step) - defining the algorithm parameters
-
Define an integer n, representing the dimensions (n × n) of the bijective S-box.
-
Define an integer T, representing the number of S-boxes in the parent pool (P P).
-
Define an even integer N t h r ≤N i n v , representing the nonlinearity threshold value.
-
Define an even integer δ t h r ≥δ i n v representing the δ-uniformity threshold value.
-
Generate a number of T S-boxes of dimensions (n × n) and put them into the (P P). Some based on the inversion in the finite field G F(2n), while the other obtained in result of the application of affine transformations to the outputs of the former.
-
Create an empty offspring pool (O P) of size T.
-
Set the counter cnt value to be 0.
-
Set the parents indexes t and r to be 1.
-
- STEP 2:
-
(Breeding step)
- STEP 3:
-
(Mutation step)C h 1 = m o d e l i n g(C h 1) and C h 2 = m o d e l i n g(C h 2) go to Step 4
- STEP 4:
-
(Fitness step)
- STEP 5:
-
(Solution pool)The number of all T desired S-boxes, having N = N t h r and δ = δ t h r (and at least one component Boolean function of nonlinearity greater than N i n v - for the case of the advanced version advGA3 only), are disposed in the offspring pool OP.
Appendix B: S-boxes generated with GA1
1.1 B.1 S-box No 1 (N S =104,d e g(S)=7,A C(S) m a x =64,δ = 6)
1.2 B.2 S-box No 2 (N S =106,d e g(S)=6,A C(S) m a x =56,δ = 6)
1.3 B.3 S-box No 3 (N S =108,d e g(S)=6,A C(S) m a x =48,δ = 6)
Appendix C: S-boxes generated with GA2
1.1 C.1 S-box No 1 (N S =106,d e g(S)=6,A C(S) m a x =48,δ = 6)
1.2 C.2 S-box No 2 (N S =110,d e g(S)=7,A C(S) m a x =40,δ = 6)
1.3 C.3 S-box No 3 (N S =112,d e g(S)=7,A C(S) m a x =32,δ = 6)
Appendix D: S-boxes generated with GA3
1.1 D.1 S-box No 1: N S =104,d e g(S)=6,A C(S) m a x =56,δ = 6
1.2 D.2 S-box No 2: N S =106,d e g(S)=7,A C(S) m a x =48,δ = 4
1.3 D.3 S-box No 3: N S =108,d e g(S)=7,A C(S) m a x =48,δ = 4
1.4 D.4 S-box No 4: N S =110,d e g(S)=7,A C(S) m a x =40,δ = 4
1.5 D.5 S-box No 5: N S =112,d e g(S)=7,A C(S) m a x =32,δ = 6
Rights and permissions
About this article
Cite this article
Ivanov, G., Nikolov, N. & Nikova, S. Reversed genetic algorithms for generation of bijective s-boxes with good cryptographic properties. Cryptogr. Commun. 8, 247–276 (2016). https://doi.org/10.1007/s12095-015-0170-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-015-0170-5