Paper 2020/680

On the Design of Bit Permutation Based Ciphers - The Interplay Among S-box, Bit Permutation and Key-addition

Sumanta Sarkar, Yu Sasaki, and Siang Meng Sim


Bit permutation based block ciphers, like PRESENT and GIFT, are well-known for their extreme lightweightness in hardware implementation. However, designing such ciphers comes with one major challenge - to ensure strong cryptographic properties simply depending on the combination of three components, namely S-box, a bit permutation and a key addition function. Having a wrong combination of components could lead to weaknesses. In this article, we studied the interaction between these components, improved the theoretical security bound of GIFT and highlighted the potential pitfalls associated with a bit permutation based primitive design. We also conducted analysis on TRIFLE, a first-round candidate for the NIST lightweight cryptography competition, where our findings influenced the elimination of TRIFLE from second-round of the NIST competition. In particular, we showed that internal state bits of TRIFLE can be partially decrypted for a few rounds even without any knowledge of the key.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. The 15th International Workshop on Security (IWSEC 2020)
lightweight cryptographyblock cipherbit permutationS-boxdifferential cryptanalysislinear cryptanalysisPRESENTGIFTTRIFLE
Contact author(s)
crypto s m sim @ gmail com
sumanta sarkar1 @ tcs com
yu sasaki sk @ hco ntt co jp
2020-06-14: last of 2 revisions
2020-06-09: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sumanta Sarkar and Yu Sasaki and Siang Meng Sim},
      title = {On the Design of Bit Permutation Based Ciphers - The Interplay Among S-box, Bit Permutation and Key-addition},
      howpublished = {Cryptology ePrint Archive, Paper 2020/680},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.