One software tool for testing square s-boxes Dr. Eng. Nikolai Stoianov Member of INDECT WP8 team of Technical University of Sofia (TUS) Technical University of Sofia Sofia, Bulgaria e-mail: [email protected] o Avalanche effect – Probability, direct and minimal. Abstract. An encryption technique is widely used to keep data confidential. Most of the block symmetric algorithms use • Additional (Side) criteria: substitution functions. Often this functions use so called S-BOX o Independence between the input and output matrix. In this paper author presents one software tool for data; testing and measuring square s-boxes. Based of information theory functions for testing static and dynamic criteria are o Independence between the output and input presented. These criterions are mathematically defined for data; square s-boxes. Two new criteria “private criteria” a proposed and pseudo codes for they creation and testing are presented. o Independence between the output and output data; Keywords: cryptography, s-box, cryptanalysis, software tool, AES • Dynamic criteria: o Dynamic Independence between the input and I. INTRODUCTION output data; The creation, processing, delivering and analysis of o Dynamic Independence between the output and information always have been a key element of any strategy input data; and operation. With the progress of communication and information technologies, during the last decade of XX and o Dynamic Independence between the output and from the beginning of XXI centuries the role of these output data; systems and technologies has increased significantly. One of • Private criteria: main used technology for data confidentiality is encryption. The development of the information technology and in o Completeness – the generated and the input S- particular of the multiple increase of the processors’ speed BOX will be complete (there is value for every led to a necessity to revise the encryption algorithms in use. cell of the table): [10],[11],[16]. o Non-contradiction – The S-BOX which is tested will have only one non repeated value in each II. S-BOX REQUIREMENTS cell of the table. The defined requirements, to which every S-BOX shall Author’s team develops a tool via which the statistical, comply are dictated by the need the algorithm to be reliable dynamic and private criteria for each generated and tested S- both to differential and linear crypto analysis and to have BOX will be checked as well as inverse S-BOXES will be stability of the algebraic transformation like interpolating created and processing of input data (plain text or seed) with attacks e.g. Considering those conditions the following a specific S-BOX and record in a file. requirements to the S-BOXES are defined [1],[2],[3],[4],[5],[6],[7],[8],[9],[11],[12],[13]: III. FUNCTIONALITIES OF THE SOFTWARE TOOL • General criteria: The Software product „S-BOX Tests” is functionally o Invertability; divided into two main fields: o Minimization of the correlation between the • Data processing; linear combination of the input bytes and the • Checks and Tests. linear combination of the output bytes; o Complexity in the algebraic presentation in the A. Data Processing Galois Field GF(28); This functionality of the software tool allows us to o Non-linearity; conduct the following activities: o Stability and reliability to differential crypto 1. To receive an inverse (reversed) S-BOX and save the analysis; result in a file. As an input data a text file with a prototype of a S_BOX If Array_S-BOX[0..n,0..n]=null then with a size n x n is used, where the values are delimited by Result=False Else Result=True; comma. Based of the created file an inverse S-BOX is End. created and this new S-BOX is saved into another text file, 2. For non-contradiction where the values are also separated by commas. Via the function „Non-contradiction” every S-BOX is Pseudo code of the function “Inv S-BOX” is the checked against duplication of values in the cells of the following: matrix. As input data a text file with values delimited by Begin commas is used. The result of this function is Boolean (False Open_Input_S-BOX_File; or True). The pseudo code of this function is: Read_Data_From_Input_S-BOX_File; Empty(Array_InvS-BOX[0..n,0..n]); //fill with Begin null Open_Input_S-BOX_File; Fill(Array_S-BOX[0..n,0..n]); Read_Data_From_Input_S-BOX_File; For i=0 to n do Fill(Array_S-BOX[0..n,0..n]); For j=0 to n do For i=0 to n do Begin For j=0 to n do XY=Array_S-BOX[j,y] Begin Array_InvS-BOX[XY]=ij A= Array_S-BOX[i,j]; End; Check (A, Array_S-BOX]) Show_Result_On_Screen; End; Save_Output_InvS-BOX_File; End. End. Based on the Theory of Information and as per [3],[12],[13],[14],[15] the goal of each good or ideal S-BOX 2. Input information flow (file) processing via selected is to minimize the information, which might be received S-BOX and record of the result into a file; about unknown input data transformed via S-BOX on the base of other known input and output data, i.e. if accidental As input data selected S-BOX in the format of a text file variable X describes some known data and the accidental with values separated by comma is used. The input flow variable Y respectively the unknown data, so: (plain text or seed) is in a file of Byte type. After the data processing the result is saved in input file of Byte Type. I X ;Y = H X + H Y − H X ,Y ( ) ( ) ( ) ( ) The pseudo code of the function „F_to_S-BOX” is the following: I(X ;Y ) = H (X ) − H (Y | X ) = 0 for an ideal S-BOX, Begin n Open_Input_S-BOX_File; where: H ()X = − ∑ Pi.log(Pi ) , Open_Input_Text_File; i=1 Fill_Array_S-BOX[0..n,0..n]; Read_Byte_From_Text_File(A); H (X | Y ) = H (X ,Y ) − H (Y ) B=Make_Subbstitution(A,Array_S-BOX); , Write_Byte_To_Output_SubText_File(B); Save_Output_SubText_File; H (X ,Y ) = −∑ ∑ Pij .log(Pij ) =∑ ∑ Pij .log(P(y j | xi )) End. B. Checks and Tests When we use binary system Checks n 1 The functions developed in the “Checks” module shall H ()X = ∑ P()xi .log2 identify if the data provided for the S-BOX is correct. i=1 P()xi Having in mind that the statistic and dynamic tests take time, it is reasonable first to check each generated (delivered) S- Each S-BOX is with the size n x n , i.e. it is square. BOX for correctness. Static tests 1. For completeness. 1. Independence between input and output data; This function is incorporated in the software in order to For the purposes of the software tests we assume the check if the check subJect S-BOX is complete i.e. if all the following: cells of the matrix have values. As an input data a text file with values delimited by commas. The pseudo code of the Each S-BOX meets the requirement for independence “Completeness” function is: between input and output data of the row r, where r<n if: Begin Open_Input_S-BOX_File; P(yi | a1x1,a2x2,...,anxn ) = P(yi ) Read_Data_From_Input_S-BOX_File; Fill(Array_S-BOX[0..n,0..n]); For i=0 to n do For j=0 to n do ∀xi , y j , ak 1| ≤ i, j, k ≤ n;(xi , y j , ak )∈ { 1,0 }; ∀y j , ak 1| ≤ j, k ≤ n;(y j , ak )∈ { 1,0 }; for for A = []a1, a2,..., an A = []a1, a2,..., an The number of known input data is r, i.e. Count(A=1)=r The number of the known input data is r, i.e. and ak=0 which means that xk is unknown, and with ak=1- Count(A=1)=r and with ak=0 which means that xk is xk is known. unknown and with ak=1- xk is known. For testing the independency between the input and Also output data the function ”Stat I/O” is developed. As a function input the following items are used: H (X ), if H (X ) ≤ n H ()Y = • The tested S-BOX as a text file with data delimited n, if H ()X > n by comma; • A text prepared in advance (plain text or seed); where X=[x 1,x 2,…x n] and Y=[y 1,y 2,…,y n] • The resultant text after its processing (substitution) For testing the independence between the output and with the tested S-BOX; output data the function “Stat O/O” is developed. As an input for this function the following items are used: • The number of the known input bytes (r). • The tested S-BOX as a text file with data delimited 2. Independence between output and input data; by comma; For the purpose of the software tests we assume the • A text prepared in advance (plain text or seed); following: • The resultant text after its processing (substitution) Each S-BOX meets the requirement for independence with the tested S-BOX; between output and input data from the row r, where r<n if: • The number of the known bytes (r). P(xi|a1y1,a2 y2,...,an yn ) = P(xi ) Dynamic tests 1. The Dynamic independence between the input and output data; ∀xi , y j , ak 1| ≤ i, j, k ≤ n;(xi , y j , ak )∈ { 1,0 }; for For the purpose of the software tests we assume the A = a , a ,..., a []1 2 n following: the number of the known input data is r, i.e. Each S-BOX meets the requirements for independence Count(A=1)=r and ak=0 which means that yk is unknown between the input and output data of the row r, with r<n if: and with ak=1- yk is known.