One Software Tool for Testing Square S-Boxes

One software tool for testing square sboxes Dr. Eng. Nikolai Stoianov Member of INDECT WP8 team of Technical University of Sofia (TUS) Technical University of Sofia Sofia, Bulgaria email: nkl_stnv@tusofia.bg o Avalanche effect – Probability, direct and minimal. Abstract. An encryption technique is widely used to keep data confidential. Most of the block symmetric algorithms use • Additional (Side) criteria: substitution functions. Often this functions use so called S-BOX o Independence between the input and output matrix. In this paper author presents one software tool for data; testing and measuring square s-boxes. Based of information theory functions for testing static and dynamic criteria are o Independence between the output and input presented. These criterions are mathematically defined for data; square s-boxes. Two new criteria “private criteria” a proposed and pseudo codes for they creation and testing are presented. o Independence between the output and output data; Keywords: cryptography, s-box, cryptanalysis, software tool, AES • Dynamic criteria: o Dynamic Independence between the input and I. INTRODUCTION output data; The creation, processing, delivering and analysis of o Dynamic Independence between the output and information always have been a key element of any strategy input data; and operation. With the progress of communication and information technologies, during the last decade of XX and o Dynamic Independence between the output and from the beginning of XXI centuries the role of these output data; systems and technologies has increased significantly. One of • Private criteria: main used technology for data confidentiality is encryption. The development of the information technology and in o Completeness – the generated and the input S particular of the multiple increase of the processors’ speed BOX will be complete (there is value for every led to a necessity to revise the encryption algorithms in use. cell of the table): [10],[11],[16]. o Noncontradiction – The SBOX which is tested will have only one non repeated value in each II. SBOX REQUIREMENTS cell of the table. The defined requirements, to which every SBOX shall Author’s team develops a tool via which the statistical, comply are dictated by the need the algorithm to be reliable dynamic and private criteria for each generated and tested S both to differential and linear crypto analysis and to have BOX will be checked as well as inverse SBOXES will be stability of the algebraic transformation like interpolating created and processing of input data (plain text or seed) with attacks e.g. Considering those conditions the following a specific SBOX and record in a file. requirements to the SBOXES are defined [1],[2],[3],[4],[5],[6],[7],[8],[9],[11],[12],[13]: III. FUNCTIONALITIES OF THE SOFTWARE TOOL • General criteria: The Software product „SBOX Tests” is functionally o Invertability; divided into two main fields: o Minimization of the correlation between the • Data processing; linear combination of the input bytes and the • Checks and Tests. linear combination of the output bytes; o Complexity in the algebraic presentation in the A. Data Processing Galois Field GF(28); This functionality of the software tool allows us to o Nonlinearity; conduct the following activities: o Stability and reliability to differential crypto 1. To receive an inverse (reversed) S-BOX and save the analysis; result in a file. As an input data a text file with a prototype of a S_BOX If Array_S-BOX[0..n,0..n]=null then with a size n x n is used, where the values are delimited by Result=False Else Result=True; comma. Based of the created file an inverse SBOX is End. created and this new SBOX is saved into another text file, 2. For non-contradiction where the values are also separated by commas. Via the function „Noncontradiction” every SBOX is Pseudo code of the function “Inv SBOX” is the checked against duplication of values in the cells of the following: matrix. As input data a text file with values delimited by Begin commas is used. The result of this function is Boolean (False Open_Input_S-BOX_File; or True). The pseudo code of this function is: Read_Data_From_Input_S-BOX_File; Empty(Array_InvS-BOX[0..n,0..n]); //fill with Begin null Open_Input_S-BOX_File; Fill(Array_S-BOX[0..n,0..n]); Read_Data_From_Input_S-BOX_File; For i=0 to n do Fill(Array_S-BOX[0..n,0..n]); For j=0 to n do For i=0 to n do Begin For j=0 to n do XY=Array_S-BOX[j,y] Begin Array_InvS-BOX[XY]=ij A= Array_S-BOX[i,j]; End; Check (A, Array_S-BOX]) Show_Result_On_Screen; End; Save_Output_InvS-BOX_File; End. End. Based on the Theory of Information and as per [3],[12],[13],[14],[15] the goal of each good or ideal SBOX 2. Input information flow (file) processing via selected is to minimize the information, which might be received S-BOX and record of the result into a file; about unknown input data transformed via SBOX on the base of other known input and output data, i.e. if accidental As input data selected SBOX in the format of a text file variable X describes some known data and the accidental with values separated by comma is used. The input flow variable Y respectively the unknown data, so: (plain text or seed) is in a file of Byte type. After the data processing the result is saved in input file of Byte Type. I X ;Y = H X + H Y − H X ,Y ( ) ( ) ( ) ( ) The pseudo code of the function „F_to_SBOX” is the following: I(X ;Y ) = H (X ) − H (Y | X ) = 0 for an ideal SBOX, Begin n Open_Input_S-BOX_File; where: H ()X = − ∑ Pi.log(Pi ) , Open_Input_Text_File; i=1 Fill_Array_S-BOX[0..n,0..n]; Read_Byte_From_Text_File(A); H (X | Y ) = H (X ,Y ) − H (Y ) B=Make_Subbstitution(A,Array_S-BOX); , Write_Byte_To_Output_SubText_File(B); Save_Output_SubText_File; H (X ,Y ) = −∑ ∑ Pij .log(Pij ) =∑ ∑ Pij .log(P(y j | xi )) End. B. Checks and Tests When we use binary system Checks n    1  The functions developed in the “Checks” module shall H ()X = ∑ P()xi .log2  identify if the data provided for the SBOX is correct. i=1  P()xi  Having in mind that the statistic and dynamic tests take time, it is reasonable first to check each generated (delivered) S Each SBOX is with the size n x n , i.e. it is square. BOX for correctness. Static tests 1. For completeness. 1. Independence between input and output data; This function is incorporated in the software in order to For the purposes of the software tests we assume the check if the check subject SBOX is complete i.e. if all the following: cells of the matrix have values. As an input data a text file with values delimited by commas. The pseudo code of the Each SBOX meets the requirement for independence “Completeness” function is: between input and output data of the row r, where r n by comma;

• A text prepared in advance (plain text or seed); where X=[x 1,x 2,…x n] and Y=[y 1,y 2,…,y n] • The resultant text after its processing (substitution) For testing the independence between the output and with the tested SBOX; output data the function “Stat O/O” is developed. As an input for this function the following items are used: • The number of the known input bytes (r). • The tested SBOX as a text file with data delimited 2. Independence between output and input data; by comma; For the purpose of the software tests we assume the • A text prepared in advance (plain text or seed); following: • The resultant text after its processing (substitution) Each SBOX meets the requirement for independence with the tested SBOX; between output and input data from the row r, where r

P(xi|a1y1,a2 y2,...,an yn ) = P(xi ) Dynamic tests 1. The Dynamic independence between the input and output data; ∀xi , y j , ak 1| ≤ i, j, k ≤ n;(xi , y j , ak )∈ { 1,0 }; for For the purpose of the software tests we assume the A = a , a ,..., a []1 2 n following: the number of the known input data is r, i.e. Each SBOX meets the requirements for independence Count(A=1)=r and ak=0 which means that yk is unknown between the input and output data of the row r, with r

• A text prepared in advance (plain text or seed); and ak=0 , which means that xk is unknown, and with • A resultant text after its processing (substitution) ak=1- xk is known. with the tested SBOX; For testing the independence between the input and • The number of the known output bytes (r). output data the function “Dynamic I/O” is developed. For the function’s input the following items are used: 3. Independence between the output and output data; • The tested SBOX as a text file with data delimited For the purpose of the software tests we assume the by comma; following: • A text prepared in advance (plain text or seed); Each SBOX meets the requirement for independence between the output and output data of the row r, where r n 2. Dynamic independence between the output and input   data; where X=[ x , x ,…, x ] and Y=[ y , y ,…, y ] For the purpose of the software tests we assume the 1 2 n 1 2 n following: For testing the independence between the input and input data the function ”Dynamic O/O” is developed. As input Each SBOX meets the requirement for independence data for this function the following items are used: between the output and input data of the row r, with rBlock Cipher Rijndael, Lecture Notes in Computer Science, Springer, ISSN 03029743, Volume output data; 1820/2000 pp.277284, 2006 For the purpose of the software tests we assume the [3] Dawson M, S Tavares, An Expanded Set of Sbox Design Criteria Based on Information Theory and its Relation of following: DifferentialLike Attacks; Each SBOX meets the requirement for independence [4] K. Nyberg, "Differentially uniform mappings for cryptography," between the output and output data of the row r, with r