Cryptology ePrint Archive: Report 2015/433
A New Classification of 4-bit Optimal S-boxes and its Application to PRESENT, RECTANGLE and SPONGENT
Wentao Zhang and. Zhenzhen Bao and. Vincent Rijmen and. Meicheng Liu
Abstract: In this paper, we present a new classification of 4-bit optimal S-boxes. All optimal 4-bit S-boxes can be classified into 183 different categories, among which we specify 3 platinum categories. Under the design criteria of the PRESENT (or SPONGENT) S-box, there are 8064 different S-boxes up to adding constants before and after an S-box. The 8064 S-boxes belong to 3 different categories, we show that the S-box should be chosen from one out of the 3 categories or other categories for better resistance against linear cryptanalysis. Furthermore, we study in detail how the S-boxes in the 3 platinum
categories influence the security of PRESENT, RECTANGLE and SPONGENT88 against differential and linear cryptanalysis. Our results show that the S-box selection has a great influence on the security of the schemes. For block ciphers or hash functions with 4-bit S-boxes as confusion layers and bit permutations as diffusion layers, designers can extend the range of S-box selection to the 3 platinum categories and select their S-box very carefully. For PRESENT, RECTANGLE and SPONGENT88 respectively, we get a set of potentially best/better S-box candidates from the 3 platinum categories. These potentially best/better S-boxes can be further investigated to see if they can be used to improve the security-performance tradeoff of the 3 cryptographic algorithms.
Category / Keywords: secret-key cryptography / 4-bit S-box, classification, block cipher, hash function, differential cryptanalysis, linear cryptanalysis, PRESENT, RECTANGLE, SPONGENT
Original Publication (with minor differences): IACR-FSE-2015
Date: received 6 May 2015, last revised 6 May 2015
Contact author: zhangwentao at iie ac cn, vincent rijmen@esat kuleuven be
Available format(s): PDF | BibTeX Citation
Note: A footnote is added as per the IACR copyright agreement.
Version: 20150507:034618 (All versions of this report)
Short URL: ia.cr/2015/433
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]