Relating Undisturbed Bits to Other Properties of Substitution Boxes

  • Rusydi H. MakarimEmail author
  • Cihangir Tezcan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8898)


Recently it was observed that for a particular nonzero input difference to an S-Box, some bits in all the corresponding output differences may remain invariant. These specific invariant bits are called undisturbed bits. Undisturbed bits can also be seen as truncated differentials with probability \(1\) for an S-Box. The existence of undisturbed bits was found in the S-Box of Present and its inverse. A 13-round improbable differential attack on Present was provided by Tezcan and without using the undisturbed bits in the S-Box an attack of this type can only reach 7 rounds. Although the observation and the cryptanalytic application of undisturbed bits are given, their relation with other properties of an S-Box remain unknown. This paper presents some results on mathematical properties of S-Boxes having undisturbed bits. We show that an S-Box has undisturbed bits if any of its coordinate functions has a nontrivial linear structure. The relation of undisturbed bits with other cryptanalytic tools such as difference distribution table (DDT) and linear approximation table (LAT) are also given. We show that autocorrelation table is proven to be a more useful tool, compared to DDT, to obtain all nonzero input differences that yield undisturbed bits. Autocorrelation table can then be viewed as a counterpart of DDT for truncated differential cryptanalysis. Given an \(n \times m\) balanced S-Box, we state that the S-Box has undisturbed bits whenever the degree of any of its coordinate function is quadratic.


Block cipher Substitution box Undisturbed bits Truncated differential 


  1. 1.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  3. 3.
    Carlet, C.: Vectorial Boolean functions for cryptography. In: Crama, Y., Hammer, P.L. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 398–469. Cambridge University Press, Cambridge (2010)CrossRefGoogle Scholar
  4. 4.
    Carlet, C.: Boolean functions for cryptography and error correcting codes. In: Crama, Y., Hammer, P.L. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press, Cambridge (2010)CrossRefGoogle Scholar
  5. 5.
    Chaum, D., Evertse, J.-H.: Cryptanalysis of DES with a reduced number of rounds. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 192–211. Springer, Heidelberg (1986) Google Scholar
  6. 6.
    Evertse, J.-H.: Linear structures in block ciphers. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 249–266. Springer, Heidelberg (1988) CrossRefGoogle Scholar
  7. 7.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel [13], pp. 196–211Google Scholar
  8. 8.
    Lai, X.: Additive and linear structures of cryptographic functions. In: Preneel [13], pp. 75–85Google Scholar
  9. 9.
    Lai, X., Maurer, U.: Higher order derivatives and differential cryptanalysis. In: Blahut, R., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. The Springer International Series in Engineering and Computer Science, vol. 276, pp. 227–233. Springer, New York (1994)CrossRefGoogle Scholar
  10. 10.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  11. 11.
    Meier, W., Staffelbach, O.: Nonlinearity criteria for cryptographic functions. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 549–562. Springer, Heidelberg (1990) CrossRefGoogle Scholar
  12. 12.
    Preneel, B.: Analysis and Design of cryptographic hash functions. Ph.D. thesis, Katholieke Universiteit Leuven (1993), rené Govaerts and Joos Vandewalle (promotors)Google Scholar
  13. 13.
    Preneel, B. (ed.): FSE 1994. LNCS, vol. 1008. Springer, Heidelberg (1995) zbMATHGoogle Scholar
  14. 14.
    Sarkar, P., Maitra, S.: Construction of nonlinear Boolean functions with important cryptographic properties. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 485–506. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  15. 15.
    Sun, S., Hu, L., Wang, P.: Automatic security evaluation for bit-oriented block ciphers in related-key model: application to PRESENT-80, LBlock, and others. IACR Cryptology ePrint Archive 2013, 676 (2013)Google Scholar
  16. 16.
    Tezcan, C.: Improbable differential attacks on PRESENT using undisturbed bits. J. Comput. Appl. Math. 259(Part B(0)), 503–511 (2014)CrossRefGoogle Scholar
  17. 17.
    Zhang, W., Bao, Z., Lin, D., Rijmen, V., Yang, B., Verbauwhede, I.: RECTANGLE: a bit-slice ultra-lightweight block cipher suitable for multiple platforms. IACR Cryptology ePrint Archive 2014, 84 (2014)Google Scholar
  18. 18.
    Zhang, X.M., Zheng, Y., Imai, H.: Relating differential distribution tables to other properties of substitution boxes. Des. Codes Cryptogr. 19(1), 45–63 (2000)CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Mathematical InstituteLeiden UniversityLeidenThe Netherlands
  2. 2.CWI Cryptology GroupAmsterdamThe Netherlands
  3. 3.Institute of Applied MathematicsMiddle East Technical UniversityÇankaya, AnkaraTurkey
  4. 4.Department of MathematicsMiddle East Technical UniversityÇankaya, AnkaraTurkey
  5. 5.Institute of Informatics, CyDeS Cyber Defence and Security LaboratoryMiddle East Technical UniversityÇankaya, AnkaraTurkey

Personalised recommendations