Highest Voted 's-boxes' Questions - Cryptography Stack Exchange

33

votes

2 answers

Reason why “XOR” is a linear operation, but ordinary “addition” isn’t?

I'm new in cryptography and try to read some articles in this field. Many of these articles talk about non-linear S-boxes, and nothing more on what they mean by their non-linearity. I have a simple question which I think will guide me through my…

asked Dec 28 '13 at 15:46

Shnd

495
1
4
7

28

votes

2 answers

How were the DES S-box values determined?

It seems like the S-boxes in DES have essentially random values. How were these chosen?

des encryption s-boxes

asked Jul 12 '11 at 19:34

foobarfuzzbizz

3,256
3
24
25

26

votes

3 answers

Why do block ciphers need a non-linear component (like an S-box)?

Why is there a requirement of "Non-Linear functions" as a component of many popular block ciphers (e.g. the S-box in DES or 3DES)? How does it make the cipher more secure? The only intuition I have is a non linear function can have many roots…

cryptanalysis block-cipher algorithm-design s-boxes linear-cryptanalysis

asked Jun 06 '12 at 01:04

David

443
1
4
6

23

votes

5 answers

Desirable S-box properties

What desirable properties should an S-box have? My current standard selection process is to just pick them at random and verify that they fit the following criteria: The probability that any random two bits $S[a]_b$ and $S[c]_d$ are equal (for any…

s-boxes

asked Nov 23 '11 at 14:05

Polynomial

3,577
4
30
45

21

votes

3 answers

Choice of multiplication polynomial in Rijndael s-box affine mapping

The Rijndael specification details the design choices for the s-box in section 7.2. They describe the choice of affine mapping as follows: We have chosen an affine mapping that has a very simple description per se, but a complicated algebraic…

aes finite-field s-boxes rijndael

asked Jun 29 '14 at 12:29

Richie Frame

13,278
1
26
42

20

votes

2 answers

S-box basic question

I'm trying to understand DES and a bunch of other cryptographic systems using S-Boxes. I have now a quite basic question about how Sboxes work in general. For DES, Sboxes are substituting a 6-bits input for 4-bits output. It is clear for me how…

des s-boxes

asked Jul 03 '17 at 18:06

Serge Waechter

201
2
3

18

votes

1 answer

S-box design criteria and random sboxes

What are the disadvantages of using random s-boxes? In AES, the s-boxes had to obey certain mathematical rules, which? And why? What security does using hidden s-boxes (GOST) or generating them from the key (Khufu) add?, and how do these secret and…

aes s-boxes

asked Jul 15 '12 at 15:45

Devros Exrix

203
2
5

18

votes

1 answer

How are the AES S-Boxes calculated?

I'm trying to understand how the AES S-Boxes are calculated. I understand how the multiplicative inverse is calculated over $GF(2^8)$, but I'm confused by the description of the affine transformation. I haven't been able to Google a good explanation…

aes s-boxes

asked Oct 13 '13 at 00:59

ConditionRacer

423
1
4
7

17

votes

1 answer

Replacing the Rijndael S-Box?

The Rijndael S-Box design generates a permutation cycle of type $2+27+59+81+87$. What effect would replacing that permutation with a cycle of type $256$ have on the security of AES?

encryption aes s-boxes permutation block-cipher

asked Jul 13 '11 at 17:42

bzc

545
9
21

17

votes

2 answers

Why do we keep designing new static s boxes?

As I understand s box properties, they primarily need high non linearity and low auto correlation. But most importantly for this question, they're not secret. There are many questions on this site asking for help in generating them. And new…

s-boxes

asked Aug 02 '17 at 14:19

Paul Uszak

15,905
2
32
83

15

votes

4 answers

Generate ANF from SBox

Given an SBox, how can I generate its component equations (in ANF)? For example, let's say I have this SBox: 6, 4, 7, 8, 0, 5, 2, 10, 14, 3, 13, 1, 12, 15, 9, 11 Then, the equations are: $y_0 = x_1 \oplus x_0x_1 \oplus x_0x_2 \oplus x_1x_2 \oplus…

s-boxes algebraic-attack

asked Jun 04 '17 at 04:07

hola

613
6
23

15

votes

3 answers

Security of simple xor and s-box cipher?

What weaknesses (or strengths) do block ciphers based on only key xor and s-box have when operating in CBC mode? A cipher's internal primitive might be a simple as this: $C = S[M \oplus k]$, where $C$ is ciphertext, $M$ is the plaintext message, $k$…

block-cipher s-boxes

asked Nov 23 '11 at 13:14

Polynomial

3,577
4
30
45

13

votes

2 answers

How can an S-Box be reversed?

So, as an exercise to greater understand some things about cryptography, I decided to try and implement GOST 28147-89, which uses eight 4x4 S-Boxes. I can grasp the concept of putting 4 bits through the S-Box and getting four out, but how would one…

s-boxes

asked Feb 16 '13 at 12:20

LMS

233
2
6

11

votes

2 answers

Evaluating Algebraic Complexity of a S-box

While studying the design and the desirable properties of an AES S-box , I came to know that Algebraic Complexity is also an important property of an S-box which is usually considered while evaluating the properties of an S-box. After reading…

aes s-boxes algebraic-attack

asked Feb 14 '15 at 16:58

m2n

111
5

10

votes

4 answers

What is this AES SBOX triplet property?

While playing around with the AES SBOX, I found out that there are 85 unordered triplets (a, b, c) that have the following characteristics: a ^ b ^ c = 0 SBOX[a] ^ SBOX[b] ^ SBOX[c] = SBOX[0] Furthermore, the 85*3 = 255 values from the triplets…

aes collision-resistance s-boxes

asked Apr 29 '21 at 12:47

slv

201
1
3

Questions tagged [s-boxes]