Confusion

Welcome to Crypto. We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.

Join our community!

If you're already a member please log in to your account to access all of our features:

Confusion; sbox usage
Topic Started: Apr 29 2007, 08:26 PM (261 Views)
loki	Apr 29 2007, 08:26 PM Post #1
Advanced Member Posts: 87 Group: Members Member #48 Joined: April 28, 2006	is one static 8x8 sbox sufficient to provide confusion? my opinion is no. So would 8 8x8 s-boxes be better if; A) the one being used for the current byte is determined by the key? B) the one being used for the current byte is determined by the round? C) the one being used for the current byte is determined by sequence? what would be the better scheme? The current scheme I am thinking of trying is to use a combination of A and B the round xored with the key, it would make the selection both round and key dependant. for instance Code: `current_byte = sbox[key & 0x8][current_byte]; current_byte = sbox[round][current_byte]; current_byte = sbox[0][current_byte]; current_byte = sbox[1][current_byte]; current_byte = sbox[2][current_byte]; ..... current_byte = sbox[8][current_byte]; current_byte = sbox[round ^ (key & 0x8)][current_byte];`
	c(x) = 3x3 + x2 + x + 2; Find the inverse


jdege	Apr 30 2007, 08:05 PM Post #2
Elite member Posts: 263 Group: Admin Member #246 Joined: December 7, 2006	loki Apr 29 2007, 08:26 PM So would 8 8x8 s-boxes be better if; A) the one being used for the current byte is determined by the key? B) the one being used for the current byte is determined by the round? C) the one being used for the current byte is determined by sequence? I've never spent any time evaluating s-boxes, but it was my impression that the most critical design goals had to do with making the result look like the result of a one-time pad: 1. Half the output bits should be 1s 2. Flipping one input bit should flip half the output bits 3. Determining which output bits would flip due to a flip of a given input bit is difficult to determine, without knowing the key. Your question seems to address the 3rd criteria. My answer (or rather, my working from admittedly limited understanding WAG) is first that if, however you're determining the order of s-boxes, you can't guarantee 1 and 2, there's no security. So however you choose your s-boxes, you have to prove that goals 1&2 are met. Which may limit your freedom in selecting s-boxes. But assuming that the s-boxes are designed so that goals 1&2 are met regardless of the order in which you apply the s-boxes, it would seem to me that the less Eve knows about the order of the s-boxes, the better. Which would make A seem like a preferred choice to B. C, OTOH, has me at a loss. What do you mean by "sequence", in this context?
	When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.


1 user reading this topic (1 Guest and 0 Anonymous)


« Previous Topic · General · Next Topic »