TY - JOUR
T1 - Detection of non-trivial preservable quotient spaces in S-Box(es)
AU - Fahd, Shah
AU - Afzal, Mehreen
AU - Shah, Dawood
AU - Iqbal, Waseem
AU - Abbas, Yawar
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature.
DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.
PY - 2023/9
Y1 - 2023/9
N2 - Substitution Box (S-Box) is employed in block ciphers to ensure non-linearity. An n-bit bijective S-Box is a member of the Symmetric Group S2n . Ideally, an S-Box must follow a stringent cryptographic profile. Designing an S-Box is a transparent and justified process. The concerning point for an evaluator is the presence of vulnerabilities in the design of an S-Box, i.e., Kuznyechick. If a malicious designer keeps the non-trivial subspaces secret, it leads to sophisticated cryptanalytic attacks. This article investigates the behaviour of non-trivial subspaces in an S-Box and its Affine, Extended Affine (EA) and Carlet-Charpin-Zinoviev (CCZ) equivalence classes. This paper presents a novel algorithm for finding preservable quotient spaces in an S-Box, thus leveraging a way for shortlisting the potential candidates for an S-Box with backdoors. The proposed work emphasizes checking whether a target S-Box is a potential backdoor candidate. The backdoored designs proposed by KG Paterson, Carlo Harpes and Bannier are being identified and validated with the help of the proposed algorithm. Our findings establish that the additive linear structures responsible for the non-trivial subspace are not invariant under the EA and CCZ. Moreover, the analysis of 3 - bit permutations reveals that almost 23% population of S23 preserve the quotient subspaces. Irrespective of the linear structures in its non-linear layer, the NIST Lightweight competitors do not preserve the quotient spaces in both the input and output space.
AB - Substitution Box (S-Box) is employed in block ciphers to ensure non-linearity. An n-bit bijective S-Box is a member of the Symmetric Group S2n . Ideally, an S-Box must follow a stringent cryptographic profile. Designing an S-Box is a transparent and justified process. The concerning point for an evaluator is the presence of vulnerabilities in the design of an S-Box, i.e., Kuznyechick. If a malicious designer keeps the non-trivial subspaces secret, it leads to sophisticated cryptanalytic attacks. This article investigates the behaviour of non-trivial subspaces in an S-Box and its Affine, Extended Affine (EA) and Carlet-Charpin-Zinoviev (CCZ) equivalence classes. This paper presents a novel algorithm for finding preservable quotient spaces in an S-Box, thus leveraging a way for shortlisting the potential candidates for an S-Box with backdoors. The proposed work emphasizes checking whether a target S-Box is a potential backdoor candidate. The backdoored designs proposed by KG Paterson, Carlo Harpes and Bannier are being identified and validated with the help of the proposed algorithm. Our findings establish that the additive linear structures responsible for the non-trivial subspace are not invariant under the EA and CCZ. Moreover, the analysis of 3 - bit permutations reveals that almost 23% population of S23 preserve the quotient subspaces. Irrespective of the linear structures in its non-linear layer, the NIST Lightweight competitors do not preserve the quotient spaces in both the input and output space.
KW - Backdoors
KW - Block ciphers
KW - Cryptography
KW - Quotient spaces
KW - S-Box
UR - http://www.scopus.com/inward/record.url?scp=85160846455&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85160846455&partnerID=8YFLogxK
UR - https://www.mendeley.com/catalogue/9235c998-1ea9-3615-80e7-3e05d1e13b4b/
U2 - 10.1007/s00521-023-08654-2
DO - 10.1007/s00521-023-08654-2
M3 - Article
AN - SCOPUS:85160846455
SN - 0941-0643
VL - 35
SP - 18343
EP - 18355
JO - Neural Computing and Applications
JF - Neural Computing and Applications
IS - 25
M1 - 25
ER -