Paper 2013/148

AES-like ciphers: are special S-boxes better then random ones? (Virtual isomorphisms again)

Alexander Rostovtsev

Abstract

In [eprint.iacr.org/2012/663] method of virtual isomorphisms of ciphers was applied for differential/linear cryptanalysis of AES. It was shown that AES seems to be weak against those attacks. That result can be generalized to AES-like ciphers, which diffusion map is a block matrix, and its block size is the same as the S-box size. S-box is possibly weak if it is affine equivalent to a substitution that has the same cycling type as an affine substitution. Class of possibly weak S-boxes is very large; we do not know is there an S-box that is not possibly weak. Strength of AES-like cipher is defined by virtual isomorphism and not by differential/linear properties of the S-box. So we can assume that special S-boxes have little or no advantage comparatively to random nonlinear S-boxes. The conjecture is verified by experiments. If the conjecture is true, then search of the best S-boxes that maximizes the cipher strength against differential and linear attacks joined with virtual isomorphisms has no sense.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. alexander.rostovtsev@ibks.ftk.spbstu.ru
Keywords
AESblock cipherscryptanalysislinear cryptanalysis
Contact author(s)
alexander rostovtsev @ ibks ftk spbstu ru
History
2013-03-15: received
Short URL
https://ia.cr/2013/148
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/148,
      author = {Alexander Rostovtsev},
      title = {{AES}-like ciphers: are special S-boxes better then random ones? (Virtual isomorphisms again)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2013/148},
      year = {2013},
      url = {https://eprint.iacr.org/2013/148}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.