cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

, an S-box (substitution-box) is a basic component of

symmetric key algorithm Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between th ...

s which performs substitution. In

block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...

s, they are typically used to obscure the relationship between the key and the

ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintext ...

, thus ensuring Shannon's property of

confusion In medicine, confusion is the quality or state of being bewildered or unclear. The term "acute mental confusion"

. Mathematically, an S-box is a vectorial

Boolean function In mathematics, a Boolean function is a function whose arguments and result assume values from a two-element set (usually , or ). Alternative names are switching function, used especially in older computer science literature, and truth function ( ...

. In general, an S-box takes some number of input

bit The bit is the most basic unit of information in computing and digital communications. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represente ...

s, ''m'', and transforms them into some number of output bits, ''n'', where ''n'' is not necessarily equal to ''m''. An ''m''×''n'' S-box can be implemented as a

lookup table In computer science, a lookup table (LUT) is an array that replaces runtime computation with a simpler array indexing operation. The process is termed as "direct addressing" and LUTs differ from hash tables in a way that, to retrieve a value v wi ...

with 2^''m'' words of ''n'' bits each. Fixed tables are normally used, as in the

Data Encryption Standard The Data Encryption Standard (DES ) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cry ...

(DES), but in some

cipher In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is ''encipherment''. To encipher or encode i ...

s the tables are generated dynamically from the

key Key or The Key may refer to: Common meanings * Key (cryptography), a piece of information that controls the operation of a cryptography algorithm * Key (lock), device used to control access to places or facilities restricted by a lock * Key (map ...

(e.g. the

Blowfish Tetraodontidae is a family of primarily marine and estuarine fish of the order Tetraodontiformes. The family includes many familiar species variously called pufferfish, puffers, balloonfish, blowfish, blowies, bubblefish, globefish, swellfis ...

and the

Twofish In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but it was not selected for standardization. Twof ...

encryption algorithms).

Example

One good example of a fixed table is the S-box from DES (S₅), mapping 6-bit input into a 4-bit output: Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits (the first and last bits), and the column using the inner four bits. For example, an input "011011" has outer bits "01" and inner bits "1101"; the corresponding output would be "1001". The eight S-boxes of DES were the subject of intense study for many years out of a concern that a ''

backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so title ...

'' (a

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

known only to its designers) might have been planted in the cipher. The S-box design criteria were eventually published (in ) after the public rediscovery of

differential cryptanalysis Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can aff ...

, showing that they had been carefully tuned to increase resistance against this specific attack. Biham and Shamir found that even small modifications to an S-box could significantly weaken DES.

Analysis and properties

There has been a great deal of research into the design of good S-boxes, and much more is understood about their use in block ciphers than when DES was released. Any S-box where any linear combination of output bits is produced by a

bent function In the mathematics, mathematical field of combinatorics, a bent function is a special type of Boolean function which is maximally non-linear; it is as different as possible from the set of all linear map, linear and affine functions when measure ...

of the input bits is termed a perfect S-box. S-boxes can be analyzed using

linear cryptanalysis In cryptography, linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear cryptanalysis is one of the two mos ...

and

in the form of a ''Linear Approximation Table'' (LAT) or

Walsh transform The Hadamard transform (also known as the Walsh–Hadamard transform, Hadamard–Rademacher–Walsh transform, Walsh transform, or Walsh–Fourier transform) is an example of a generalized class of Fourier transforms. It performs an orthogonal ...

and ''Difference Distribution Table'' (DDT) or autocorrelation table and spectrum. Its strength may be summarized by the ''nonlinearity'' (bent, almost bent) and ''differential uniformity'' (perfectly nonlinear, almost perfectly nonlinear).

References

External links

A literature survey on S-box design

"Substitution Box Design based on Gaussian Distribution"
{{Cryptography navbox , block Cryptographic algorithms

Example

Analysis and properties

See also

References

Further reading

External links