Paper 2020/397

Classification of 4-bit S-boxes for BOGI-permutation

Seonggyeom Kim, Deukjo Hong, Jaechul Sung, and Seokhie Hong


In this paper, we present all 4-bit S-boxes which are able to support BOGI logic. We exhaustively show that only 2,413 PXE classes of 4-bit S-box are BOGI-applicable among the 142,090,700 PXE classes. We evaluate the whole BOGI-applicable S-boxes in terms of the security and implementation costs. The security evaluation includes security strength of the S-boxes themselves, and how they affect the resistance of GIFT-64 against differential and linear cryptanalysis (DC and LC). The security evaluation shows that all the BOGI-applicable S-boxes fulfill the security criteria of GIFT designers as long as they have the differential uniformity and linearity as 6 and 8, respectively. It will also be shown that the security of GIFT-64 against DC and LC can be improved only by changing the S-box. Moreover, we evaluate the implementation costs of the BOGI-applicable S-boxes by finding their optimal implementation. The results show that GIFT S-box is well-chosen considering existence of fixed-points, and suggest a set of S-boxes providing the same implementation cost as GIFT S-box. Finally, we suggest a set of potentially better S-boxes for GIFT-64 based on our investigations.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
lightweight implementationBOGIS-boxequivalent class
Contact author(s)
jeffgyeom @ korea ac kr
2020-04-09: received
Short URL
Creative Commons Attribution


      author = {Seonggyeom Kim and Deukjo Hong and Jaechul Sung and Seokhie Hong},
      title = {Classification of 4-bit S-boxes for {BOGI}-permutation},
      howpublished = {Cryptology ePrint Archive, Paper 2020/397},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.