Article

PEIGEN – a Platform for Evaluation, Implementation, and Generation of S-boxes

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In this paper, a platform named PEIGEN is presented to evaluate security, find efficient software/hardware implementations, and generate cryptographic S-boxes. Continuously developed for decades, S-boxes are constantly evolving in terms of the design criteria for both security requirements and software/hardware performances. PEIGEN is aimed to be a platform covering a comprehensive check-list of design criteria of S-boxes appearing in the literature. To do so, the security requirements are first intensively surveyed, existing tools of S-boxes are then comprehensively compared, and finally our platform PEIGEN is presented. The survey part is aimed to be a systematic reference for the theoretical study of S-boxes. The platform is aimed to be an assistant tool for the experimental study and practical use of S-boxes. PEIGEN not only integrates most of the features in existing tools, but also equips with functionalities to evaluate new security-related properties, improves the efficiency of the search algorithms for optimized implementations in several aspects. With the help of this powerful platform, many interesting observations are made in-between the security notations, as well as on the S-boxes used in the existing symmetrickey cryptographic primitives. PEIGEN will become an open platform and welcomes contributions from all parties to help the community to facilitate the research and use of S-boxes.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Chapter
Searching the optimal circuit implementation of a Boolean function is still an open problem. This work proposes a new optimizing scheme, which could find circuit expressions with optimal gate equivalent complexity (GEC) using SAT solvers under a depth-L framework. To obtain a better GEC performance in the optimizing scheme, we first propose the ternary and area profile models for SAT problems. The former introduces multiple efficient 3-input logic gates, and the latter takes the different weights of various gates into account in solving. To demonstrate the validity and usefulness, we use our optimizing methodology to search optimized implementation of a given 4-bit S-box with the forced independent property. For an S-box hardware implementation, its forced independent property can ensure that no gate is shared between every two component-circuits, which is beneficial to prevent Differential Fault Analysis (DFA). Finally, we evaluate the implementation performances of two models (i.e., ternary and binary models) and two implementation approaches (i.e., Table-based and Boolean expression methods) by case studies covering several know S-boxes. The experimental results show that our models and approach have better area performance for the S-boxes with forced independence property in most instances.
Article
Full-text available
Nowadays, ciphers have been widely used in high-end platforms, resource-constrained, and side-channel attacks vulnerable environments. This motivates various S-boxes aimed at providing a good trade-off between security and efficiency. For small S-boxes, the most natural approach of constructing such S-boxes is a comprehensive search in the space of permutations, which inevitably becomes more challenging when the size grows. For large S-boxes (e.g., 8-bit), previous works concentrated on creations from finite fields or smaller ones (e.g., 4-bit). This paper proposes a new algorithm with a layered structure to search for 8-bit SKINNY-like S-boxes. We compare our new S-box with the original 8-bit SKINNY S-box by analyzing its security properties. Besides, due to our searching algorithm’s rules and constraints, SKINNY-like S-boxes have other features of lightweight implementation, low multiplicative complexity, low AND depth, and an effective inverse. Eventually, the searching algorithm outputs 224000 8-bit SKINNY-like S-boxes. The cipher designers can use these new S-boxes to construct lightweight block ciphers with easy-to-mask property and efficient implementation performance.
Article
Full-text available
As a generalized integral property, division property was proposed by Todo at EUROCRYPT 2015. We propose a new security criterion of S‐boxes against division property and prove that it is invariant under permutation‐xor equivalence. Based on the criterion, the division properties of some important 4‐bit S‐boxes are showed. Then, we apply it to improve the resistance of ciphers against division‐property‐based integral attacks while keeping the same security level against other attacks. Specifically, the resistance of the cipher PRESENT against division‐property‐based integral attack is improved by 2 rounds, and the resistance of the cipher LBlock against division‐property‐based integral attack is improved by 1 round.
Article
Full-text available
Bad Output must go to Good Input (BOGI) is the primary design strategy of GIFT, a lightweight block cipher that was presented at CHES 2017. Because this strategy obviates the need to adhere to the required conditions of S-boxes when adopting bit-permutation, cryptographic designers have more S-box choices. In this paper, we classify all 4-bit S-boxes that support BOGI, called “BOGI-applicable S-boxes,”and evaluate them in terms of the cryptographic strength and efficiency. First, we exhaustively show that only 2413 Permutation-XOR-Equivalence (PXE) classes over 4-bit S-boxes are BOGI-applicable. After refining the PXE classes with respect to the differential uniformity (U) and linearity (L), we suggest 20 “Optimal BOGI-applicable”PXE classes that provide the best (U, L). Our security evaluations revealed that all optimal BOGI-applicable S-boxes fulfill the security properties considered by the designers of GIFT and that the differences between them exist in the other properties. Moreover, we explore the resistance of GIFT variants against differential and linear cryptanalysis by replacing the existing S-box with other optimal BOGI-applicable S-boxes. Based on the results, we identify the best attainable resistance with the bitpermutation of GIFT-64. Lastly, we suggest notable S-boxes that support competitive performance, jointly considering the cryptographic strength and efficiency for GIFT-64 and GIFT-128 structures, respectively.
Article
This paper reviews the state of the art of symmetric key block cipher designs and their essential security role in several applications like IoT, low-power devices like motes, etc. Many engineering curricula have one course on network and internetwork security at the undergraduate level. However due to the expanding research on newer and newer primitives and host of published literature in the area of protocols, algorithms for encryption, authentication, message integrity, key exchange, it is of interest to deliver (teach) as much information as possible within one or two semester courses in the undergraduate engineering curriculum. In this paper, our objective is to present a comprehensive review of design approaches including Feistel, SPN, ARX, and other hybrid structures and also highlight various cryptanalysis techniques and attacks. We focus on what topics that need to be covered and to what depth in this paper. Further, this paper also presents the performance metrics that are commonly reported in the literature when comparing block cipher implementations. These are necessary since the students should finally be able to appreciate how to benchmark and know what industry needs.
ResearchGate has not been able to resolve any references for this publication.