Characteristics of Key-Dependent S-Boxes: the Case of Twofish

Marco Macchetti

Abstract

In this paper we analyze and discuss the cryptographic robustness of key-dependent substitution boxes (KDSBs); these can be found in some symmetric-key algorithms such as Khufu, Blowfish, and the AES finalist Twofish. We analyze KDSBs in the framework of composite permutations, completing the theory developed by O'Connor. Under the basic assumption that KDSBs are built choosing permutations randomly from the symmetric group $S_{2^m}$ by means of the key, the expressions of their linear and differential characteristics are derived. These results are used as a statistical tool to show that Twofish KDSBs, although very efficient, can be easily distinguished from truly randomly built KDSBs. We also analyze the motivations that lead to this previously unknown property; it can be concluded that the efficiency of the construction and the small computational complexity of Twofish KDSBs, although very desirable, cannot be easily obtained together with the highest level of security.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. not published elsewhere
Keywords
Block cipherskey-dependent s-boxeslinear cryptanalysisTwofish.
Contact author(s)
macchett @ elet polimi it
History
Short URL
https://ia.cr/2005/115

CC BY

BibTeX

@misc{cryptoeprint:2005/115,
author = {Marco Macchetti},
title = {Characteristics of Key-Dependent S-Boxes: the Case of Twofish},
howpublished = {Cryptology ePrint Archive, Paper 2005/115},
year = {2005},
note = {\url{https://eprint.iacr.org/2005/115}},
url = {https://eprint.iacr.org/2005/115}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.