S‐boxes representation and efficiency of algebraic attack

Abstract

Algebraic analysis of block ciphers aims at finding the secret key by solving a collection of polynomial equations that describe the internal structure of a cipher for chosen observations of plaintext/ciphertext pairs. Although algebraic attacks are addressed for cryptanalysis of block and stream ciphers, there is a lack of understanding of the impact of algebraic representation of the cipher on efficiency of solving the resulting collection of equations. The study investigates some different S-box representations and their effect on complexity of algebraic attacks. In particular, the authors observe that a S-box representation defined in the work as forward–backward (FWBW) leads to a collection of equations that can be solved efficiently. They show that the SR(10,2,1,4) cipher can be broken with algebraic cryptanalysis using standard algebra software Singular and FGb. This is the best result achieved so far. The effect of description of S-boxes for some light-weight block ciphers is investigated. A by-product of this result is that some improvements have been achieved on the algebraic cryptanalysis of LBlock, PRESENT and MIBS light-weight block ciphers. The authors’ study and experiments confirm a counter-intuitive conclusion that algebraic attacks work best for the FWBW S-box representation. This contradicts a common belief that algebraic attacks are more efficient with quadratic S-box representation.