9

i am studying about differential cryptanalysis, and found one metric to measure the resistance of a sbox to it, but to use it, it is necessary to build a difference distribution table, like the one in this link, this is is the table of sobox s1 of des, how do I build the table for AES sbox for example?

Yuri Waki
  • 281
  • 2
  • 6

2 Answers2

6

Those tables are fairly easy to build conceptually but require quite some work to actually carry out.

Note that: The columns show the XOR for the in-going pairs and the rows show the number of pairs that had the specified XOR afterwards.

This pseudo-code generates the table:

InLength; // input length of the S-Box in bits
OutLengh; // output length of the S-Box  in bits
Table[In][Out]; // the table, In is the XOR of the in-going pair, Out is the resulting XOR, the table returns the number of occurences

// Initialize the table:
for(in = 0;in<2^InLength;in++) 
{
  for(out = 0;out<2^OutLength;out++)
  {
    Table[in][out] = 0;
  }
}

// this makes us go through all the possible value of p1
for(p1 = 0;p1<2^InLength;p1++) 
{
  // this makes us go through all the possible value of p2
  for(p2 = 0;p2<2^InLength;p2++)
  {
    XOR_IN = p1 XOR p2;
    XOR_OUT = SBOX(p1) XOR SBOX(p2);
    Table[XOR_IN][XOR_OUT]++;
  }
}

What this does is basically build each possible input pair of the S-Box, calculate its XOR, runs both through the S-Box and calculates the XOR of the result and increments the value at this position.

This table would be too complex to show here for AES as it would be a 256x256 table. For the actual AES S-Box refer to the Wikipedia article.

Biv
  • 10,088
  • 2
  • 42
  • 68
SEJPM
  • 46,697
  • 9
  • 103
  • 214
1

I needed a package which can provide me some basic functionality to analyse sboxes and boolean functions, so I started building my own, it maybe able to help you, checkout ZYPTO, the code is written in JULIA, but it's actually quite simple and you can understand the algorithm, I used the following algorithm

function ddt(sbox,n,m)
  range = all_bool(n)
  res = zeros(Int,2^n,2^m)
  for x1 in range
   for x2 in range
    ix1 = bool2int(x1)
    ix2 = bool2int(x2)
    iy1 = sbox[ix1+1]
    iy2 = sbox[ix2+1]
    res[ix1$ix2+1,iy1$iy2+1] += 1
   end
  end
 res
end

for n X m sbox run over all possible combination of two inputs, calculate the corresponding output and increment the frequency corresponding to that input difference-output difference by one.

The github page shows AES-128 example as well.

udion
  • 11
  • 2