Cryptology ePrint Archive: Report 2020/1582

A New Method for Designing Lightweight S-boxes with High Differential and Linear Branch Numbers, and Its Application

Hangi Kim and Yongjin Jeon and Giyoon Kim and Jongsung Kim and Bo-Yeon Sim and Dong-Guk Han and Hwajeong Seo and Seonggyeom Kim and Seokhie Hong and Jaechul Sung and Deukjo Hong

Abstract: Bit permutations are efficient linear functions often used for lightweight cipher designs. However, they have low diffusion effects, compared to word-oriented binary and MDS matrices. Thus, the security of bit permutation-based ciphers is significantly affected by differential and linear branch numbers (DBN and LBN) of nonlinear functions. In this paper, we introduce a widely applicable method for constructing S-boxes with high DBN and LBN. Our method exploits constructions of S-boxes from smaller S-boxes and it derives/proves the required conditions for smaller S-boxes so that the DBN and LBN of the constructed S-boxes are at least 3. These conditions enable us to significantly reduce the search space required to create such S-boxes. In order to make cryptographically good and efficient S-boxes, we propose a unbalanced-Bridge structure that accepts one 3-bit and two 5-bit S-boxes, and produces 8-bit S-boxes. Using the proposed structure, we develop a variety of new lightweight S-boxes that provide not only both DBN and LBN of at least 3 but also efficient bitsliced implementations including at most 11 nonlinear bitwise operations. The new S-boxes are the first that exhibit these characteristics. Moreover, we propose a block cipher PIPO based on one of the new S-boxes, which supports a 64-bit plaintext and a 128 or 256-bit key. Our implementations demonstrate that PIPO outperforms existing block ciphers (for the same block and key lengths) in both side-channel protected and unprotected environments, on an 8-bit AVR. The security of PIPO has been scrutinized with regards to state-of-the-art cryptanalysis.

Category / Keywords: secret-key cryptography / Lightweight S-boxes, Differential and linear branch numbers, PIPO, Higher-order masking

Original Publication (with major differences): 23rd annual International Conference on Information Security and Cryptology (ICISC 2020)

Date: received 18 Dec 2020

Contact author: jskim at kookmin ac kr,tiontta@kookmin ac kr

Available format(s): PDF | BibTeX Citation

Note: This paper is partially based on the paper "PIPO: A Lightweight Block Cipher with Efficient Higher-Order Masking Software Implementations" presented at the 23rd annual International Conference on Information Security and Cryptology (ICISC 2020). But, it is not published yet.

Version: 20201221:074356 (All versions of this report)

Short URL: ia.cr/2020/1582


[ Cryptology ePrint archive ]