sbox generation

20 views
Skip to first unread message

Colin

unread,
Nov 4, 2021, 4:53:25 PM11/4/21
to

This is something I've been thinking about for a while and was reminded
about with this line from cdx5

* 2) S-box generation now part of initialisation;

Shouldn't a sbox be designed and not randomly generated, as a good one
will have certain properties to thwart linear and differential attacks?


Richard Heathfield

unread,
Nov 4, 2021, 5:48:26 PM11/4/21
to
That would kind of presume knowing how to design them, right? Which I don't.

CDX S-boxes do, however, have one cool property: no cycles shorter than
256 characters.

As for whether generation from the key is a good idea, CDX is in
excellent company, as both Blowfish and Twofish do this; it is,
therefore, at least not ipso facto a completely screwed technique.

--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

Leo

unread,
Nov 4, 2021, 6:24:00 PM11/4/21
to
If you have a really cheap heuristic for good and bad S-boxes, you can
go through a few during the key schedule and eliminate the terrible
ones.

Another idea is to use a KDF with an IV for each message / chunk /
file so that each S-box doesn't get used for too many messages. So
many block ciphers become weaker because they use the IV completely
separately from the key.

--
Leo

David Eather

unread,
Nov 24, 2021, 11:08:21 AM11/24/21
to
if the sbox is large enough (think 8x8 or maybe 7x7 if you test
afterwards) it will have good or at least usable properties.

Richard Heathfield

unread,
Nov 24, 2021, 11:28:38 AM11/24/21
to
The 256 S-boxes in CDX-5 are all 8x8, all with cycle size 256. They've
withstood 20 years of analysis so far. (I remain convinced that GCHQ
spends all its waking hours trying to crack my baby, so far without
success.)
Reply all
Reply to author
Forward
0 new messages