Cryptology ePrint Archive: Report 2014/855

Relating Undisturbed Bits to Other Properties of Substitution Boxes

Rusydi H. Makarim and Cihangir Tezcan

Abstract: Recently it was observed that for a particular nonzero input difference to an S-Box, some bits in all the corresponding output differences may remain invariant. These specific invariant bits are called undisturbed bits. Undisturbed bits can also be seen as truncated differentials with probability 1 for an S-Box. The existence of undisturbed bits was found in the S-Box of PRESENT and its inverse. A 13-round improbable differential attack on PRESENT was provided by Tezcan and without using the undisturbed bits in the S-Box an attack of this type can only reach 7 rounds. Although the observation and the cryptanalytic application of undisturbed bits are given, their relation with other properties of an S-Box remain unknown. This paper presents some results on mathematical properties of S-Boxes having undisturbed bits. We show that an S-Box has undisturbed bits if any of its coordinate functions has a nontrivial linear structure. The relation of undisturbed bits with other cryptanalytic tools such as difference distribution table (DDT) and linear approximation table (LAT) are also given. We show that autocorrelation table is proven to be a more useful tool, compared to DDT, to obtain all nonzero input differences that yield undisturbed bits. Autocorrelation table can then be viewed as a counterpart of DDT for truncated differential cryptanalysis. Given an nxm balanced S-Box, we state that the S-Box has undisturbed bits whenever the degree of any of its coordinate function is quadratic.

Category / Keywords: block cipher, substitution box, undisturbed bits, truncated differential

Original Publication (in the same form): Spriver-Verlag Proceedings, Third International Workshop on Lightweight Cryptography for Security & Privacy (LightSec 2014)

Date: received 18 Oct 2014, last revised 18 Oct 2014

Contact author: rusydi hasan at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20141022:165506 (All versions of this report)

Short URL: ia.cr/2014/855

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]