Abstract
Bit permutations are efficient linear functions often used for lightweight cipher designs. However, they have low diffusion effects, compared to word-oriented binary and maximum distance separable (MDS) matrices. Thus, the security of bit permutation-based ciphers is significantly affected by differential and linear branch numbers (DBN and LBN) of nonlinear functions. In this paper, we introduce a widely applicable method for constructing S-boxes with high DBN and LBN. Our method exploits constructions of S-boxes from smaller S-boxes and it derives/proves the required conditions for smaller S-boxes so that the DBN and LBN of the constructed S-boxes are at least 3. These conditions enable us to significantly reduce the search space required to create such S-boxes. Using the unbalanced- Bridge and unbalanced- MISTY structures, we develop a variety of new lightweight S-boxes that provide not only both DBN and LBN of at least 3 but also efficient bitsliced implementations including at most 11 nonlinear bitwise operations. The new S-boxes are the first that exhibit these characteristics.
Highlights
T HE fourth industrial revolution encompasses a wide range of advanced technologies
One of its core elements is the Internet of Things (IoT), which binds together people, objects, processes, data, applications, and services
A lightweight cryptography standardization project is ongoing at NIST
Summary
T HE fourth industrial revolution encompasses a wide range of advanced technologies. One of its core elements is the Internet of Things (IoT), which binds together people, objects, processes, data, applications, and services. We introduce a construction method for a different type of lightweight 8-bit S-boxes that are wellsuited to a linear bit permutation layer, based on which we develop many of new S-boxes with both DBN and LBN of at least 3 and with efficient masked software implementations. Our framework eliminates all the input and output differences (or masks) where the sum of their Hamming weights is two, during which some conditions of the employed smaller Sboxes are induced These conditions could accelerate the Sbox search, resulting in more than 10,000 new lightweight 8-bit S-boxes with both DBN and LBN of 3. Some of their bitsliced implementations include 11 nonlinear bitwise operations each. We found 6 and 7-bit new S-boxes with both DBN and LBN of 3 which are more efficient than existing ones
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
