Cryptology ePrint Archive: Report 2005/115

Characteristics of Key-Dependent S-Boxes: the Case of Twofish

Marco Macchetti

Abstract: In this paper we analyze and discuss the cryptographic robustness of key-dependent substitution boxes (KDSBs); these can be found in some symmetric-key algorithms such as Khufu, Blowfish, and the AES finalist Twofish. We analyze KDSBs in the framework of composite permutations, completing the theory developed by O'Connor. Under the basic assumption that KDSBs are built choosing permutations randomly from the symmetric group $S_{2^m}$ by means of the key, the expressions of their linear and differential characteristics are derived. These results are used as a statistical tool to show that Twofish KDSBs, although very efficient, can be easily distinguished from truly randomly built KDSBs. We also analyze the motivations that lead to this previously unknown property; it can be concluded that the efficiency of the construction and the small computational complexity of Twofish KDSBs, although very desirable, cannot be easily obtained together with the highest level of security.

Category / Keywords: secret-key cryptography / Block ciphers, key-dependent s-boxes, linear cryptanalysis, Twofish.

Publication Info: not published elsewhere

Date: received 8 Apr 2005

Contact author: macchett at elet polimi it

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20050420:012728 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]