On the Design of S-Boxes

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 218)


The ideas of completeness and the avalanche effect were first introduced by Kam and Davida [1] and Feistel [2], respectively. If a cryptographic transformation is complete, then each ciphertext bit must depend on all of the plaintext bits. Thus, if it were possible to find the simplest Boolean expression for each ciphertext bit in terms of the plaintext bits, each of those expressions would have to contain all of the plaintext bits if the function was complete. Alternatively, if there is at least one pair of n-bit plaintext vectors X and Xi that differ only in bit i, and f(X) and f(Xi) differ at least in bit j for all
$$ \{ (i,j)|1 \leqslant i,j \leqslant n\}$$
then the function f must be complete.


Data Encryption Standard Avalanche Effect Strict Avalanche Criterion Cryptographic Transformation Avalanche Vector 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    Kam, J.B., and Davida, G.I.: Structured Design of Substitution-Permutation Encryption Networks. IEEE Transactions on Computers, Vol. 28, No. 10, 747 (1979)zbMATHMathSciNetCrossRefGoogle Scholar
  2. [2]
    Feistel, H.: Cryptography and Computer Privacy. Scientific American, Vol. 228, No. 5, 15 (1973)CrossRefGoogle Scholar
  3. [3]
    Konheim, A.G.: Cryptography: a Primer. John Wiley and Sons, New York (1981)zbMATHGoogle Scholar
  4. [4]
    Webster, A.F.: Plaintext/Ciphertext Bit Dependencies in Cryptographic Algorithms. M.Sc. thesis, Queen’s University at Kingston (1985)Google Scholar
  5. [5]
    National Bureau of Standards: Data Encryption Standard. FIPS Publication 46, Washington, D.C. (1977)Google Scholar
  6. [6]
    Hellman, M.E., Merkle, R., Schroeppel, R., Washington, L., Diffie, W., Pohlig, S., and Schweitzer, P.: Results of an Initial Attempt to Cryptanalyze the NBS Data Encryption Standard. SEL 76-042, Stanford University (1976)Google Scholar
  7. [7]
    Meyer, C.H.: Ciphertext/Plaintext and Ciphertext/Key Dependence vs Number of Rounds for the Data Encryption Standard. 1978 National Computer Conference, p. 1119. AFIPS Press, Montvale, New Jersey (1978)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1986

Authors and Affiliations

  1. 1.Department of Electrical EngineeringQueen’s UniversityKingstonCanada

Personalised recommendations