 |
|
| Science Forum Index » Cryptography Forum » Noob question: P and S boxes... |
|
Page 1 of 1 |
|
| Author |
Message |
| Anonymous... |
 Posted: Fri Oct 30, 2009 4:05 am |
|
|
|
Guest
|
Are the numbers and their position in P and S boxes in ciphers randomly
chosen or is there a 'logic' behind them?
Thank you for your response! |
|
|
| Back to top |
|
|
|
| aerr0... |
| Posted: Fri Oct 30, 2009 5:29 am |
|
|
|
Guest
|
|
| Back to top |
|
|
|
| robertwessel2 at (no spam) yahoo.com... |
| Posted: Fri Oct 30, 2009 12:03 pm |
|
|
|
Guest
|
On Oct 30, 10:29 am, aerr0 <ad... at (no spam) netnavis.hostoi.com> wrote:
[quote]Numbers positions are not randomly choosen to build sBoxes, their is
a logic. For example, the DES Algorithm: sBoxes have been designed to
withstand the differential cryptanalise.
[/quote]
Probably just a semantic quibble... But AFAIK, IBM generated the
initial sboxs randomly, and then ran them against the test criteria
until a set was found that passed all the requirements. When NSA
changed then (the process being effectively random from IBM's
perspective), IBM simply reran their tests and the (new) sboxes
passed.
As an analogy, consider needing a sequence of ten coin flips with no
more than three heads in a row. Assuming you generate the candidate
sequences randomly and then filter them, is this a random or designed
sequence, or some combination? |
|
|
| Back to top |
|
|
|
| Joseph Ashwood... |
| Posted: Fri Oct 30, 2009 5:47 pm |
|
|
|
Guest
|
"Anonymous" <cripto at (no spam) ecn.org> wrote in message
news:20091030140504.75BA61A7C14 at (no spam) www.ecn.org...
[quote]Are the numbers and their position in P and S boxes in ciphers randomly
chosen or is there a 'logic' behind them?
Thank you for your response!
[/quote]
There are three basic theories. Theory 1 is to deliberately construct the
boxes to provide some gain, you'll find this generally in the recursive
S-Boxes that were in fashion a few years ago, main advantage is
implementation speed, can be parallelized, bit-slicing easier, etc, a
variation of this was used for the AES S-Boxes. Theory 2 choose random
S-Boxes and verify them, delivers optimum S-Boxes, but also the most complex
S-Boxes for hardware implementation, main advantage security, this was used
for DES. Theory 3 is to use the key to generate S-Boxes each time, this is
currently not in favor, nearly every cipher design using this has been
broken.
Joe |
|
|
| Back to top |
|
|
|
| Tom St Denis... |
| Posted: Sat Oct 31, 2009 2:57 am |
|
|
|
Guest
|
On Oct 30, 7:47 pm, "Joseph Ashwood" <ashw... at (no spam) msn.com> wrote:
[quote]There are three basic theories. Theory 1 is to deliberately construct the
boxes to provide some gain, you'll find this generally in the recursive
S-Boxes that were in fashion a few years ago, main advantage is
implementation speed, can be parallelized, bit-slicing easier, etc, a
variation of this was used for the AES S-Boxes. Theory 2 choose random
S-Boxes and verify them, delivers optimum S-Boxes, but also the most complex
S-Boxes for hardware implementation, main advantage security, this was used
for DES. Theory 3 is to use the key to generate S-Boxes each time, this is
currently not in favor, nearly every cipher design using this has been
broken.
[/quote]
Number 3 is often a bit misleading too. Does Twofish have key-
dependent sboxes? Not really. It's just implemented that way for
speed, but in reality it's the mini network that makes the 8x8s.
Generally, I personally favor a mix of #1 and #2, small random boxes
[say 4x4] that mix to form an 8x8. In software, the 8x8 is usually
mixed with the linear elements in an 8x32 or 8x64 table anyways, and
in hardware the 4x4s are not that too much of a burden. Strictly
algebraic boxes like those in AES are asking for trouble, while purely
random 8x8s [or larger] are just a problem for hardware.
The thing that is lost on people is that in designs like AES the
actual nitty gritty details of the sboxes are almost less important
than the structure of the cipher. All of the impossible differential,
integration/summation attacks apply NO MATTER WHAT the sbox [assuming
it's a permutation] is. DC and LC become highly impractical after a
few rounds because of the branch of the round transform. So really
AES isn't "strong" because of the highly immune to DC/LC sboxes it
uses. It's strong because the round transform promotes a high level
of sbox activity that has a very high lower bound.
Tom |
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Sat Nov 28, 2009 9:23 am
|
|