Substitution box
In cryptography, a substitution box (or S-box) is a basic component of symmetric key algorithms. In block ciphers, they are typically used to obscure the relationship between the plaintext and the ciphertext — Shannon's property of confusion. In many cases, the S-boxes are carefully chosen to resist cryptanalysis.In general, an S-box takes some number of input bits, m, and transforms them into some number of output bits, n: an m×n S-box, implemented as a lookup table. Fixed tables are normally used, as in the Data Encryption Standard (DES), but in some ciphers the tables are generated dynamically from the key; e.g. the Blowfish and the Twofish encryption algorithms.
As a concrete illustration, consider this 6×4-bit S-box from DES (S_{5}):
S_{5} Middle 4 bits of input 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1100 1011 1100 1101 1110 1111 Outer bits 00 0010 1100 0100 0001 0111 1100 1011 0110 1000 0101 0011 1111 1101 0000 1110 1001 01 1110 1011 0010 1100 0100 0111 1101 0001 0101 0000 1111 1100 0011 1001 1000 0110 10 0100 0010 0001 1011 1100 1101 0111 1000 1111 1001 1100 0101 0110 0011 0000 1110 11 1011 1000 1100 0111 0001 1110 0010 1101 0110 1111 0000 1001 1100 0100 0101 0011
Given a 6-bit input, the 4-bit output is found by selecting the row using the outer two bits, and the column using the inner four bits. For example, an input "011011" has outer bits "01" and inner bits "1101"; the corresponding output would be "1001".
The S-boxes of DES were the subject of intense study for many years out of a concern that a backdoor — a vulnerability known only to its designers — might have been planted in the cipher. The S-box design criteria were eventually published (Coppersmith, 1994) after the public rediscovery of differential cryptanalysis, showing that they had been carefully tuned to increase resistance against this specific attack. Other research had already indicated that even small modifications to an S-box could significantly weaken DES.
There has been a great deal of research into the design of good S-boxes, and much more is understood about their use in block ciphers than when DES was released.
Table of contents |
2 References 3 External links |
See also
References
- Coppersmith, Don. (1994). The data encryption standard (DES) and its strength against attacks. IBM Journal of Research and Development, 38(3), pp243–250.
- S. Mister and C. Adams, "Practical S-Box Design," Workshop on Selected Areas in Cryptography (SAC '96) Workshop Record, Queens University, 1996, pp. 61–76
External links
- A literature survey on S-box design
- John Savard's "Questions of S-Box Design"
- Practical S-Box Design by S. Mister and C. Adams (PDF)
Block ciphers |
Algorithms: 3-Way | AES | Blowfish | Camellia | CAST-128 | CAST-256 | CMEA | DEAL | DES | DES-X | FEAL | G-DES | GOST | IDEA | Iraqi | KASUMI | KHAZAD | Khufu and Khafre; | LOKI89/91 | LOKI97 | Lucifer | MacGuffin | Madryga | MAGENTA | MARS | MISTY1 | MMB | NewDES | RC2 | RC5 | RC6 | Red Pike; | S-1 | SAFER | Serpent | SHARK | Skipjack | Square | TEA | Triple DES; | Twofish | XTEA |
Design: Feistel network; | Key schedule; | Product cipher; | S-box | SPN Attacks: Brute force; | Linear / Differential cryptanalysis | Mod n; | XSL Standardisation: AES process; | CRYPTREC | NESSIE Misc: Avalanche effect | Block size; | IV | Key size; | Modes of operation; | Piling-up lemma; | Weak key; |