International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 11 August 2015

Stian Fauskanger, Igor Semaev
ePrint Report ePrint Report
D. Davies and S. Murphy found that there are at most 660 different probability distributions on the output from any three adjacent S-boxes after 16 rounds of DES[1]. In this paper it is shown that there are at most 72 different distributions for S-boxes 4, 5 and 6. The distributions from S-box triplets are linearly dependent and the dependencies are described. E.g. there are only 13 linearly independent distributions for S-boxes 4, 5 and 6. A coset representation of DES S-boxes which reveals their hidden linearity is studied. That may be used in algebraic attacks. S-box 4 can be represented by significantly fewer cosets than the other S-boxes and therefore has more linearity. Open cryptanalytic problems are stated.

[1] D. Davies and S. Murphy, \"Pairs and Triplets of DES S-boxes\", Journal of Crypt. vol. 8(1995), pp. 1--25

Expand

Additional news items may be found on the IACR news page.