Differentially uniform mappings for cryptography
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Codes, Bent Functions and Permutations Suitable For DES-likeCryptosystems
Designs, Codes and Cryptography
Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A toolbox for cryptanalysis: linear and affine equivalence algorithms
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
256 bit standardized crypto for 650 GE: GOST revisited
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Hummingbird: ultra-lightweight cryptography for resource-constrained devices
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
On linear hulls, statistical saturation attacks, PRESENT and a cryptanalysis of PUFFIN
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
On the security of 4-bit involutive S-boxes for lightweight designs
ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
On cross-correlation indicators of an S-box
Frontiers of Computer Science in China
Cryptographic analysis of all 4 × 4-bit s-boxes
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
The hummingbird-2 lightweight authenticated encryption algorithm
RFIDSec'11 Proceedings of the 7th international conference on RFID Security and Privacy
Results on rotation-symmetric S-boxes
Information Sciences: an International Journal
Threshold implementations of all 3×3 and 4×4 s-boxes
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Low-latency encryption: is "Lightweight = light + wait"?
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
PRINCE: a low-latency block cipher for pervasive computing applications
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
On 3-share threshold implementations for 4-bit s-boxes
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
| Hi-index | 0.00 |
In this paper we classify all optimal 4 bit S-boxes. Remarkably, up to affine equivalence, there are only 16 different optimal S-boxes. This observation can be used to efficiently generate optimal S-boxes fulfilling additional criteria. One result is that an S-box which is optimal against differential and linear attacks is always optimal with respect to algebraic attacks as well. We also classify all optimal S-boxes up to the so called CCZ equivalence. We furthermore generated all S-boxes fulfilling the conditions on nonlinearity and uniformity for S-boxes used in the block cipher Serpent. Up to a slightly modified notion of equivalence, there are only 14 different S-boxes. Due to this small number it is not surprising that some of the S-boxes of the Serpent cipher are linear equivalent. Another advantage of our characterization is that it eases the highly non-trivial task of choosing good S-boxes for hardware dedicated ciphers a lot.