1. No category

CSM S-Box Evaluation Tool - Malaysian Society for Cryptology

International Journal of Cryptology Research 6(1): 47 - 63 (2016)
Automated Analysis Report Generation Using CSM
S-Box Evaluation Tool (CSET)
Abdul Alif Zakaria*1 , Nik Azura Nik Abdullah1 , Wan Zariman
Omar1 , Nor Azeala Mohd Yusof1 , and Hazlin Abdul Rani1
1
CyberSecurity Malaysia, Level 5, Sapura@Mines, No. 7 Jalan Tasik,
The Mines Resort City, 43300 Seri Kembangan, Selangor Darul
Ehsan, Malaysia.
E-mail: [email protected]
∗
Corresponding author
ABSTRACT
In this research paper, we introduce a cryptographic evaluation tool
to evaluate the strength of an S-Box. This tool evaluates the Nonlinearity, Algebraic Degree and Differential Uniformity properties of an
S-Box. It also analyses the Avalanche Effect, Completeness and Strong
S-Box criteria of the tested S-Box. This tool will finally generates a
complete report which provides a conclusion to indicate whether the
tested S-Box passes or fails each test. It takes about seven seconds to
produce a complete analysis report compared to an hour and a half when
using conventional method. With the presence of this tool, process of
evaluating an S-box will be simplified and automated which resulted in
reducing the evaluation timeframe period significantly.
Keywords: S-Box, S-Box Design Properties, Strict Avalanche Criterion
Abdul Alif, Nik Azura, Wan Zariman, Nor Azeala & Hazlin
1
INTRODUCTION
S-Box is one of the most important components in development of cryptographic algorithm. It is a basic component of symmetric key algorithms which
performs substitution. In block ciphers, they are typically used to obscure the
relationship between the key and the ciphertext which applies Shannon’s property of confusion Preneel (2006). A good S-Box influences the strength of
an algorithm. S-Box has been implemented in most of the frequently used
cryptographic algorithm, such as AES, DES, Blowfish, IDEA, and Skipjack as
displayed in figure 1. There are many types of S-Boxes such as; 4 by 4, 4 by
8, 6 by 8, and 16 by 16. Selection of S-Box depends on the design of cryptographic algorithm. Rijndael S-Box, which the AES cryptographic algorithm
was based on, is considered as one of the best S-Box among these algorithms
Kavut and Yücel (2001). In general, an S-Box takes some number of input
bits, m, and transforms them into some number of output bits, n, where n is
not necessarily equal to m. An m x n S-box can be implemented as a lookup
table with 2m words of n bits each.
Figure 1: Algorithm Using S-Box
48
International Journal of Cryptology Research
Automated Analysis Report Generation Using CSM S-Box Evaluation Tool (CSET)
Two properties must be taken into account when designing an S-Box,
which are the S-Box Design Properties and Strict Avalanche Criterion. S-Box
Design Properties are closely related to the most significant attacks on S-Box
which are linear attack and differential attack Heys (2002). These two attacks
determine the value of Nonlinearity (NL), Algebraic Degree (AD), and Differential Uniformity (DU) which are the properties of S-Box. Meanwhile, Strict
Avalanche Criterion is also crucial in determining the strength of an S-Box
Mar and Latt (2008). Three criteria that should be emphasized are Avalanche
Effect, Completeness, and Strong S-Box. All of these criteria differentiate
between a strong S-Box and a weak S-Box.
There are many tests can be used to evaluate the strength or weaknesses of
S-Boxes. These tests were conducted separately which required long period
of time to evaluate an S-Box. No work has been conducted to produce S-Box
evaluation tool that is able to execute full evaluation process from testing, analyzing to reporting automatically. These scenarios bring us to come out with
this research work. The aim of this research is to improve the process of SBox evaluation. To achieve this aim, three main objectives has been identified;
(1) to run S-Box evaluation tests simultaneously in one platform, (2) to generate evaluation report automatically, and (3) to reduce evaluation timeframe.
To fulfill the said aim and objectives, we have developed an evaluation tool
named CSM S-Box Evaluation Tool (CSET) which will examine six S-Box
tests as explained above. Study on S-box characteristics were conducted before development of this evaluation tool started. The strengths and weaknesses
of S-box were studied in detail so that this tool can accurately evaluate an
S-box. Inaccurate research may lead to inaccurate analysis report produced.
This tool will assist cryptography analyst to evaluate the strength of S-Box
and facilitate them to produce a complete evaluation report. Report templates
for each test module were prepared to help the cryptography analyst or user
in producing a complete analysis report. The report templates contain each
tests module process flowchart, definition, result, conclusion, and reference.
Cryptography analysts simply need to provide an S-Box file, name of the SBox algorithm and length of the S-Box. Within a short period of time, the
S-Box evaluation analysis report is ready to be presented.
The organization of this paper is divided into eight sections. Section 2
International Journal of Cryptology Research
49
Abdul Alif, Nik Azura, Wan Zariman, Nor Azeala & Hazlin
describes S-Box Design Properties. In Section 3, Strict Avalanche Criterion is
discussed. The proposed method named CSM S-Box Evaluation Tool (CSET)
is presented in Section 4. Section 5 shows the experimental setup for CSET.
Section 6 results obtained using CSET. S-Boxes Evaluation Using CSET is
presented in Section 7. Finally, the conclusion of the research work will be
discussed in Section 8.
2
S-BOX DESIGN PROPERTIES
There are three properties in evaluating S-Box that need to be emphasized
namely (a) Nonlinearity, (b) Algebraic Degree, and (c) Differential Uniformity.
The said properties will determine the strength and weakness of an S-Box.
(a)
Nonlinearity (NL)
The nonlinearity of a Boolean function can be defined as the distance between
the function and the set of all affine functions. In other words, we can say that
non-linearity is the number of bits which must be changed in the truth table
of a Boolean function to reach the closest affine function.The upper bound of
nonlinearity is: NL(f )= 2(n−1) − (2−1 ∗ 2(n/2) ), for S-Box in GF(2n ). Note
that n, is denoted as degree. For an S-Box with GF(28 ), the optimal value of
NL is 120 Hussain et al. (2011a). Smallest value of nonlinearity parameter
(NL) must be between 100 < N L ≤ 120 otherwise the S-Box is susceptible
to linear cryptanalysis. Nonlinearity feature makes an S-Box designed to be
resistant to linear cryptanalysis Heys (2002). This was done by minimizing
the correlation between linear transformations of input/output bits, and at the
same time minimizing the difference propagation probability. After applying
all possible input values and examining the corresponding output values, the
number of cases that holds true is finally observed.
50
International Journal of Cryptology Research
Automated Analysis Report Generation Using CSM S-Box Evaluation Tool (CSET)
(b)
Algebraic Degree (AD)
High algebraic degree is a property of good S-Box. Consider a function f {0, 1}r →
{0, 1}r , where r denotes the degree. If f is a permutation, then the algebraic
degree (AD) of any output bit as a function of the input bits is at most r-1. The
higher the algebraic degree value is, the better the S-Box would be. Preferable
measurement of AD ≥ 4 is suggested in (Selcuk and Melek, 2001) in order to
resist higher order differential cryptanalysis.
(c)
Differential Uniformity (DU)
Difference uniformity table of an S-Box gives information about the security
of the block cipher against differential cryptanalysis (Howard, 2011). The
essence of a differential attack is that it exploits particular high-valued entries
in the table. A necessary condition for an S-Box to be immune to differential
cryptanalysis is, it does not have large values entries.
This test examines the difference pairs of input and output of an S-Box. A
complete data for an S-Box is compiled in an XOR table (difference uniformity table). Each element of the table represents the number of occurrences
of output difference value corresponding to input difference value which DU
indicates the highest value. A good S-Box would have DU value in range of
2 ≤ DU ≤ 6 otherwise the S-Box is susceptible to differential cryptanalysis
(Selcuk and Melek, 2001).
3
STRICT AVALANCHE CRITERION
Other testing that has been implemented towards S-Box are based on new techniques for Strict Avalanche Criterion (SAC) that was proposed by Phyu Phyu
Mar and Khin Maung Latt Mar and Latt (2008). The process highlighted three
main properties which are Avalanche Effect, Completeness, and Strong Function. Definitions of each property are described as follows: -
International Journal of Cryptology Research
51
Abdul Alif, Nik Azura, Wan Zariman, Nor Azeala & Hazlin
(a)
Avalanche Effect
A function exhibits the avalanche effect if and only if an average of one half
of the output bits changes whenever a single input bit is complemented. Frequency Analysis of Various Hamming Weight is used to determine if the S-Box
meets the property of Avalanche Effect Mar and Latt (2008).
The objective of this process is to observe total number of bit changes in
each output. Output values of the algorithm which correspond to two inputs
were chosen. Apply XOR function to compute the differential value of these
two outputs and find the hamming weight in the differential value. For necessary count of testing, repeat above steps. The frequency of various differential
values was analyzed by counting the number of ’1’s in each output. If the frequency of testing result graph shows normal distribution shape (bell shape),
the S-Box satisfies the avalanche effect property.
(b)
Completeness
A function is complete if and only if each output bit depends on all of the input
bits. Thus, if it is possible to find the simplest Boolean expression for each
output bit in terms of the input bits, each of these expressions would have to
contain all of the input bits if the function is complete. Frequency Analysis of
Various Differential Value is used to determine if the S-Box meets the property
of Completeness Mar and Latt (2008).
The objective of this process is to observe the value of each output. First,
two inputs with their corresponding output values of the algorithm were chosen. Next, the differential value of these two outputs was computed by applying XOR function. Then, the hamming weight in the differential value of
the outputs was determined. Above steps were repeated for necessary count of
testing. The frequencies of various differential values were analyzed by counting the total number of occurrence for each output values. If the frequency of
testing result graph shows uniform distribution shape, the S-Box satisfies the
completeness property.
52
International Journal of Cryptology Research
Automated Analysis Report Generation Using CSM S-Box Evaluation Tool (CSET)
(c)
Strong S-Box
An S-Box is considered strong if and only if each of its output bits should
change with a probability of one half whenever a single input bit is complemented. Analysis of Various Hamming Weight According to The Bit Position
is used to determine if the S-Box meets the property of Strong S-Box Mar and
Latt (2008).
The objective of this process is to observe total number of bit changes in
each bit position. Two inputs and their corresponding output value of the algorithm were chosen. The differential values of these two outputs were computed
by applying XOR function. The above steps were repeated for necessary count
of testing. Hamming weight was analyzed according to the bit position of resulting differential values by counting total number of ’1’s in each bit position.
If the frequency of testing result graph shows uniform distribution shape, the
S-Box satisfies the strong S-Box property.
4
PROPOSED WORK
In this paper, we present our S-Box evaluation tool named CSET that can be
used to analyze S-Boxes. This tool is a web-based application which was
developed on top of Ubuntu 12.04 LTS; 23.5 Gb RAM; Intel Xeon CPU 5580
@3.20GHz Quad Core as the platform, Apache as the server and Ext-JS as the
framework. The code of this application is written using C++ embedded in Perl
programming language. Programming skill is very crucial where cryptography
analyst needs to construct complicated mathematical formula coding that will
produce desired testing result. Each program has tested repeatedly to make
sure it will consistently produce results as expected.
International Journal of Cryptology Research
53
Abdul Alif, Nik Azura, Wan Zariman, Nor Azeala & Hazlin
Existing method of evaluating cryptographic module as shown in figure 2
requires three processes which are; (i) running S-Box tests, (ii) analysis results,
and (iii) writing report. Meanwhile, CSM S-Box Evaluation Tool perform all
three processes in one go as shown in figure 3.
Figure 2: S-Box Evaluation Process Without CSET
Figure 3: S-Box Evaluation Process With CSET
These three processes require different skill sets. Programming skills was
needed to write the codes for testing purpose. Analytic thinking skills are
necessary for making decisions and conclusions of the result. Meanwhile language and writing skills are important to transform numbers (results) into sentences (conclusions) so that readers understand the report generated.
Without using the S-Box Evaluation Tool that we have developed, analyst
has to go through all three steps separately for each tests module. For example, an analyst requires to run six different test programs to conduct the testing.
Similar to analyze the result and writing the report, they need to be done separately. By using the S-Box Evaluation Tool, all of the testing, analyzing and
reporting will be managed simultaneously and automated.
54
International Journal of Cryptology Research
Automated Analysis Report Generation Using CSM S-Box Evaluation Tool (CSET)
Benefits of each processes in conducting cryptographic module is shown in
table 1. There is no S-Box evaluation tool in market that provide the services
as provided by this tool. With the presence of this tool, cryptography analyst
be able to perform their S-Box evaluation task easily and fast.
Table 1: Benefits of CSET
Without CSET
With CSET
Run Tests
Consume a lot of time
and requires repeated
process. This process
also needs more
resources for certain test.
Reduce significant
process time and requires
limited action from user.
The process can be
carried out by one person
only.
Analyze
Results
Prone to human error
which could lead to
inaccurate result.
All results data are well
managed and
automatically compiled.
Report
Produced
Consume a lot of time
and proper writing skills.
Generate S-Box
evaluation report
automatically.
Process flowchart of the CSET is presented in Figure 4. To run the test
module, users are required to provide three inputs; 1) name of algorithm, 2) SBox file, and 3) length of S-Box tested. There will be two properties options.
The first option which is the S-Box Design Properties option will perform three
tests; Nonlinearity, Algebraic Degree and Differential Uniformity, whereas the
second option which is the Strict Avalanche Criterion option will perform another three tests; Avalanche Effect, Completeness and Strong S-Box. To execute this application, users are able to select either one of the two properties
options or users can also select both to run at once.
Figure 5 shows the S-Box Evaluation Tool page, which contains all six
tests as mention above. To conduct S-Box evaluation, user need to key in
algorithm name and browse the S-Box file to be tested. Next, user may choose
either one or both test option and click “Run Test” to execute the tests.
International Journal of Cryptology Research
55
Abdul Alif, Nik Azura, Wan Zariman, Nor Azeala & Hazlin
Figure 4: Process Flowchart of CSET
Figure 5: S-Box Evaluation Tool Page
56
International Journal of Cryptology Research
Automated Analysis Report Generation Using CSM S-Box Evaluation Tool (CSET)
Upon completion, S-Box Results Archive page will appear as shown in
Figure 6. This page displays all tested S-Boxes with their results that have been
tested. To view the complete report, select the desired result file by clicking
the view button.
Figure 6: S-Box Results Archive Page
A complete S-Box evaluation tests report is ready for user to view as
shown in Figure 7(a) and Figure 7(b). The complete report generated from
this application provides the definitions and process figures of each test modules selected during execution. Analysis graphs are presented for Nonlinearity,
Avalanche Effect, Completeness and Strong S- Box tests. An analysis table is
presented for the Differential Uniformity test. A conclusion which indicates
whether the tested S-Box passes or fails the selected test is presented at the end
of each test section.
5
EXPERIMENTAL SETUP
In order to perform S-Box evaluation, an S-Box file is required to be uploaded
in the tool. At the moment, CSET only able to evaluate 16 by 16 S-Box. It must
be in text file format which contains 256 bytes in hexadecimal representation
separated by comma as shown in Figure 8.
International Journal of Cryptology Research
57
Abdul Alif, Nik Azura, Wan Zariman, Nor Azeala & Hazlin
Figure 7: S-Box Evaluation Report Page
Figure 8: S-Box Evaluation Report Page
58
International Journal of Cryptology Research
Automated Analysis Report Generation Using CSM S-Box Evaluation Tool (CSET)
Figure 9: S-Box File
Information of the S-Box Tests used in S-Box Evaluation Tool is shown
in Table 2. Six tests module from two properties have to be carried out in order to determine the strength of an S-Box which are Nonlinearity, Algebraic
Degree, Differential Uniformity, Avalanche Effect, Completeness, and Strong
S-Box. Description column briefly explained the objective of each tests module. Meanwhile, parameters column indicates the passing value of each tests
module when evaluating an S-Box. A good S-Box should pass all of these tests
otherwise it can be considered vulnerable to attacks.
6
RESULT
Table 3 shows the comparison of execution time for evaluating S-Boxes with
CSET and without CSET. It takes only 7 seconds to produce a complete analysis report compared to 5423 seconds (90.38minutes) without CSET. In general,
to manually produce a complete analysis report takes over an hour and a half.
With the presence of this tool, process of evaluating an S-box is simplified and
automated which resulted in reducing the evaluation period significantly.
International Journal of Cryptology Research
59
Abdul Alif, Nik Azura, Wan Zariman, Nor Azeala & Hazlin
Table 2: S-Box Tests Description
Properties
S-Box
Design
Properties
Strict
Avalanche
Criterion
Tests
Module
A.
Nonlinearity
B. Algebraic
Degree
C.
Differential
Uniformity
D.Avalanche
Effect
E. Completeness
F. Strong
S-Box
Desription
Parameters
To resist linear cryptanalysis
100 ≤
N L ≤ 120
AD ≥ 4
To resist higher order
differential cryptanalysis
To resist differential
cryptanalysis
Average of 1/2 of the output
bits change whenever a
single input bit is
complemented
Each output bit depends on
all of the input bits
Average of 1/2 of the output
bits change whenever a
single input bit is
complemented
2 ≤ DU ≤
6
Normal
Distribution
Uniform
Distribution
Uniform
Distribution
Table 3: Comparison of Execution Time with and without CSET(in
second)
60
International Journal of Cryptology Research
Automated Analysis Report Generation Using CSM S-Box Evaluation Tool (CSET)
7
S-BOXES EVALUATION USING CSET
For testing purposes, eight different S-Boxes have been evaluated using CSET.
These S-Boxes are used in AES, AES-RC4 Abd-ElGhafar et al. (2009), SKIPJACK Hussain et al. (2011b), Whirlpool Stallings (2006), and Camellia Aoki
et al. (2000) algorithms. Results of each evaluated S-Boxes using CSET are
summarized in Table 4. Some of the results have been compared with results
presented in the research papers mentioned above. With these S-Boxes evaluation conducted, it proved that CSET is a reliable tool which produce accurate
results.
Table 4: Example of S-Box Evaluation Tests Using CSET
8
CONCLUSION
Normally, new cryptographic algorithm developers will consider well researched
and widely known S-Boxes in their designs. However, sometimes there is a
need to use new unused S-Boxes to cater for other S-Box sizes. In the process
of designing new S-Box, this CSM S-Box Evaluation Tool will be very useful
for cryptography researches to ensure the strength of the new S-Box is within
International Journal of Cryptology Research
61
Abdul Alif, Nik Azura, Wan Zariman, Nor Azeala & Hazlin
the desired requirement. It tests whether an S-Box has meets the characteristics of S-Box Design Properties and Strict Avalanche Criterion Properties
that determine the strength of an S-Box. Furthermore, S-Box evaluation timeframe is reduced as this application will run all tests simultaneously. Analysis
of tests results with a complete report and conclusion will also be generated
automatically.
For further development of CSET, we are planning to add more relevant
tests which will cover a wider aspect of cryptographic properties. We are
also considering enhancing this tool by including variety of S-Box sizes to
be tested. By adding relevant S-Box tests and including other S-Box sizes,
the evaluation tool will become more valuable to cryptographic analyst and
researchers.
REFERENCES
Abd-ElGhafar, A. R., Diaa, A., and Mohammed, F. (2009). Generation of aes
key dependent s-boxes using rc4 algorithm. In 13th International Conference on Aerospace Sciences & Aviation Technology, pages 26–28.
Aoki, K., Ichikawa, T., Kanda, M., Matsui, M., Moriai, S., Nakajima, J., and
Tokita, T. (2000). Specification of camellia-a 128-bit block cipher.
Heys, H. M. (2002). A tutorial on linear and differential cryptanalysis. Cryptologia, 26(3):189–221.
Hussain, I., Shah, T., Gondal, M. A., and Khan, W. A. (2011a). Construction
of cryptographically strong 8× 8 s-boxes. World Applied Sciences Journal,
13(11):2389–2395.
Hussain, I., Shah, T., Gondal, M. A., and Wang, Y. (2011b). Analyses of
skipjack s-box. World Appl. Sci. J, 13(11):2385–2388.
Kavut, S. and Yücel, M. D. (2001). On some cryptographic properties of
rijndael. In International Workshop on Mathematical Methods, Models, and
Architectures for Network Security, pages 300–311. Springer.
62
International Journal of Cryptology Research
Automated Analysis Report Generation Using CSM S-Box Evaluation Tool (CSET)
Mar, P. P. and Latt, K. M. (2008). New analysis methods on strict avalanche
criterion of s-boxes. World Academy of Science, Engineering and Technology, 48(150-154):25.
Preneel, B. (2006). Cryptographic Properties of Boolean Functions and SBoxes. Technical report, Katholieke Universiteit Leuven.
Stallings, W. (2006).
30(1):55–67.
The whirlpool secure hash function.
International Journal of Cryptology Research
Cryptologia,
63

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz