Cellular automata based S-boxes


Cellular Automata (CA) represent an interesting approach to design Substitution Boxes (S-boxes) having good cryptographic properties and low implementation costs. From the cryptographic perspective, up to now there have been only ad-hoc studies about specific kinds of CA, the best known example being the \(\chi \) nonlinear transformation used in Keccak. In this paper, we undertake a systematic investigation of the cryptographic properties of S-boxes defined by CA, proving some upper bounds on their nonlinearity and differential uniformity. Next, we extend some previous published results about the construction of CA-based S-boxes by means of a heuristic technique, namely Genetic Programming (GP). In particular, we propose a “reverse engineering” method based on De Bruijn graphs to determine whether a specific S-box is expressible through a single CA rule. Then, we use GP to assess if some CA-based S-box with optimal cryptographic properties can be described by a smaller CA. The results show that GP is able to find much smaller CA rules defining the same reference S-boxes up to the size \(7\times 7\), suggesting that our method could be used to find more efficient representations of CA-based S-boxes for hardware implementations. Finally, we classify up to affine equivalence all \(3\times 3\) and \(4\times 4\) CA-based S-boxes.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3


  1. 1.

    Augot, D., Finiasz, M.: Direct construction of recursive MDS diffusion layers using shortened BCH codes. In: Fast Software Encryption—21st International Workshop, FSE 2014, London, UK, March 3–5, 2014. Revised Selected Papers, pp. 3–17 (2014)

    Google Scholar 

  2. 2.

    Bäck, T., Fogel, D., Michalewicz, Z (eds.): Evolutionary Computation 1: Basic Algorithms and Operators. Institute of Physics Publishing, Bristol (2000)

    Google Scholar 

  3. 3.

    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Radiogatún, a belt-and-mill hash function. IACR Cryptology ePrint Archive 2006, 369 (2006)

    Google Scholar 

  4. 4.

    Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak reference. http://keccak.noekeon.org/ (2011)

  5. 5.

    Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems, CHES ’07, pp. 450–466. Springer, Berlin (2007)

  6. 6.

    Browning, K.A., Dillon, J.F., McQuistan, M.T., Wolfe, A.J.: An APN permutation in dimension six. Finite Fields: theory and applications, pp. 33–42 (2010)

  7. 7.

    Burnett, L., Carter, G., Dawson, E., Millan, W.: Efficient methods for generating MARS-Like S-boxes. In: Proceedings of the 7th International Workshop on Fast Software Encryption, FSE ’00, pp. 300–314. Springer, London (2001). http://dl.acm.org/citation.cfm?id=647935.740914

    Google Scholar 

  8. 8.

    Canteaut, A., Duval, S., Leurent, G.: Construction of lightweight S-boxes using Feistel and MISTY structures. In: Dunkelman, O., Keliher, L. (eds.) Selected Areas in Cryptography - SAC 2015: 22nd International Conference, Sackville, NB, Canada, August 12–14, 2015, Revised Selected Papers, pp. 373–393. Springer International Publishing, Cham (2016)

    Google Scholar 

  9. 9.

    Carlet, C.: Boolean functions for cryptography and error correcting codes. In: Crama, Y., Hammer, P.L. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, 1st edn, pp. 257–397. Cambridge University Press, New York (2010)

  10. 10.

    Carlet, C.: Vectorial Boolean functions for cryptography. In: Crama, Y., Hammer, P.L. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, 1st edn, pp. 398–469. Cambridge University Press, New York (2010)

  11. 11.

    Chabaud, F., Vaudenay, S.: Links between differential and linear cryptanalysis. In: De Santis, A. (ed.) Advances in Cryptology—EUROCRYPT ’94: Workshop on the Theory and Application of Cryptographic Techniques Perugia, Italy, 1994 Proceedings, pp. 356–365. Springer, Berlin (1995)

    Google Scholar 

  12. 12.

    Claesen, L., Daemen, J., Genoe, M., Peeters, G.: Subterranean: a 600 Mbit/sec cryptographic VLSI chip. In: 1993 IEEE International Conference on Computer Design: VLSI in Computers and Processors, 1993. ICCD ’93. Proceedings, pp. 610–613 (1993)

  13. 13.

    Clark, J.A., Jacob, J.L., Stepney, S.: The design of S-boxes by simulated annealing. N. Gener. Comput. 23(3), 219–231 (2005). https://doi.org/10.1007/BF03037656

    Article  MATH  Google Scholar 

  14. 14.

    Daemen, J., Clapp, C.S.K.: Fast hashing and stream encryption with PANAMA. In: Fast Software Encryption, 5th International Workshop, FSE ’98, Paris, France, March 23–25, 1998, Proceedings, pp. 60–74 (1998)

  15. 15.

    Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, New York, Secaucus (2002)

    Google Scholar 

  16. 16.

    Daemen, J., Govaerts, R., Vandewalle, J.: Invertible shift-invariant transformations on binary arrays. Appl. Math. Comput. 62(2), 259–277 (1994). https://doi.org/10.1016/0096-3003(94)90087-6

    MathSciNet  Article  MATH  Google Scholar 

  17. 17.

    Daemen, J., Govaerts, R., Vandewalle, J.: A new approach to block cipher design. In: Anderson, R. (ed.) Fast Software Encryption: Cambridge Security Workshop Cambridge, U. K.,1993 Proceedings, pp. 18–32. Springer, Berlin (1994)

    Google Scholar 

  18. 18.

    Dobraunig, C., Eichlseder, M., Schläffer, F.M., Ascon, M.: CAESAR submission, http://ascon.iaik.tugraz.at/ (2014)

  19. 19.

    Gutowitz, H.: Cryptography with dynamical systems. In: Cellular Automata and Cooperative Systems, pp. 237–274. Springer (1993)

  20. 20.

    Kavut, S.: Results on rotation-symmetric s-boxes. Inf. Sci. 201, 93–113 (2012). https://doi.org/10.1016/j.ins.2012.02.030

    MathSciNet  Article  MATH  Google Scholar 

  21. 21.

    Knudsen, L.R., Robshaw, M.: The Block Cipher Companion. Information Security and Cryptography. Springer, Berlin (2011)

    Google Scholar 

  22. 22.

    Koza, J.R.: Genetic Programming: On the Programming of Computers by Means of Natural Selection. MIT Press, Cambridge (1992)

    Google Scholar 

  23. 23.

    Leander, G., Poschmann, A.: On the classification of 4 bit s-boxes. In: Carlet, C., Sunar, B. (eds.) Arithmetic of Finite Fields, Lecture Notes in Computer Science, vol. 4547, pp. 159–176. Springer, Berlin (2007)

  24. 24.

    Mariot, L., Leporati, A.: A cryptographic and coding-theoretic perspective on the global rules of cellular automata. Nat. Comput. https://doi.org/10.1007/s11047-017-9635-0 (2017)

    MathSciNet  Article  Google Scholar 

  25. 25.

    McEliece, R.J.: Theory of Information and Coding, 2nd edn. Cambridge University Press, New York (2001)

  26. 26.

    Nyberg, K.: On the construction of highly nonlinear permutations. In: Rueppel, R. (ed.) Advances in Cryptology - EUROCRYPT’ 92, Lecture Notes in Computer Science, vol. 658, pp. 92–98. Springer, Berlin (1993)

  27. 27.

    Nyberg, K.: S-boxes and round functions with controllable linearity and differential uniformity. In: Fast Software Encryption: Second International Workshop. Leuven, Belgium, 14–16 December 1994, Proceedings, pp. 111–130 (1994)

  28. 28.

    Picek, S., Miller, J.F., Jakobovic, D., Batina, L.: Cartesian genetic programming approach for generating substitution boxes of different sizes. In: GECCO Companion ’15, pp. 1457–1458. ACM, New York (2015)

  29. 29.

    Picek, S., Cupic, M., Rotim, L.: A new cost function for evolution of S-boxes. Evol. Comput. 24(4), 695–718 (2016)

    Article  Google Scholar 

  30. 30.

    Picek, S., Mariot, L., Leporati, A., Jakobovic, D.: Evolving S-boxes based on cellular automata with genetic programming. In: Proceedings of the Genetic and Evolutionary Computation Conference Companion, GECCO ’17, pp. 251–252. ACM, New York (2017)

  31. 31.

    Picek, S., Mariot, L., Yang, B., Jakobovic, D., Mentens, N.: Design of S-boxes defined with cellular automata rules. In: Proceedings of the Computing Frontiers Conference, CF’17, pp. 409–414. ACM, New York (2017)

  32. 32.

    Poli, R., Langdon, W.B., McPhee, N.F.: A Field Guide to Genetic Programming. Lulu Enterprises Ltd, UK (2008)

  33. 33.

    Poli, R., Langdon, W.B., McPhee, N.F.: A field guide to genetic programming. Published via http://lulu.com and freely available at http://www.gp-field-guide.org.uk (With contributions by J. R. Koza) (2008)

  34. 34.

    Rijmen, V., Barreto, P.S.L.M., Filho, D.L.G.: Rotation symmetry in algebraically generated cryptographic substitution tables. Inf. Process. Lett. 106(6), 246–250 (2008). https://doi.org/10.1016/j.ipl.2007.09.012

    MathSciNet  Article  MATH  Google Scholar 

  35. 35.

    Seredynski, M., Bouvry, P.: Block encryption using reversible cellular automata. In: Cellular Automata, 6th International Conference on Cellular Automata for Research and Industry, ACRI 2004, Amsterdam, The Netherlands, October 25–28, 2004, Proceedings, pp. 785–792 (2004)

  36. 36.

    Shannon, C.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28 (4), 656–715 (1949)

    MathSciNet  Article  Google Scholar 

  37. 37.

    Sutner, K.: De bruijn graphs and linear cellular automata. Complex Syst. 5(1), 19–30 (1991)

    MathSciNet  MATH  Google Scholar 

Download references


This work has been supported in part by Croatian Science Foundation under the project IP-2014-09-4882.

Author information



Corresponding author

Correspondence to Luca Mariot.

Additional information

This article is part of the Topical Collection on Special Issue on Boolean Functions and Their Applications

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Mariot, L., Picek, S., Leporati, A. et al. Cellular automata based S-boxes. Cryptogr. Commun. 11, 41–62 (2019). https://doi.org/10.1007/s12095-018-0311-8

Download citation


  • Cellular automata
  • S-box
  • Cryptographic properties
  • Heuristics

Mathematics Subject Classification 2010

  • 94A60
  • 68Q80
  • 06E30